Date
July 20, 2025, 11:12 p.m.
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 14.510479] ================================================================== [ 14.511286] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 14.511632] Read of size 1 at addr ffff8881039b7d02 by task kunit_try_catch/267 [ 14.511909] [ 14.512027] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.512072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.512084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.512106] Call Trace: [ 14.512118] <TASK> [ 14.512135] dump_stack_lvl+0x73/0xb0 [ 14.512163] print_report+0xd1/0x610 [ 14.512185] ? __virt_addr_valid+0x1db/0x2d0 [ 14.512207] ? kasan_stack_oob+0x2b5/0x300 [ 14.512227] ? kasan_addr_to_slab+0x11/0xa0 [ 14.512247] ? kasan_stack_oob+0x2b5/0x300 [ 14.512268] kasan_report+0x141/0x180 [ 14.512290] ? kasan_stack_oob+0x2b5/0x300 [ 14.512316] __asan_report_load1_noabort+0x18/0x20 [ 14.512339] kasan_stack_oob+0x2b5/0x300 [ 14.512360] ? __pfx_kasan_stack_oob+0x10/0x10 [ 14.512379] ? finish_task_switch.isra.0+0x153/0x700 [ 14.512414] ? __switch_to+0x47/0xf50 [ 14.512442] ? __schedule+0x10c6/0x2b60 [ 14.512465] ? __pfx_read_tsc+0x10/0x10 [ 14.512486] ? ktime_get_ts64+0x86/0x230 [ 14.512510] kunit_try_run_case+0x1a5/0x480 [ 14.512535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.512560] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.512586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.512611] ? __kthread_parkme+0x82/0x180 [ 14.512633] ? preempt_count_sub+0x50/0x80 [ 14.512657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.512687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.512712] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.512737] kthread+0x337/0x6f0 [ 14.512757] ? trace_preempt_on+0x20/0xc0 [ 14.512781] ? __pfx_kthread+0x10/0x10 [ 14.512802] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.512824] ? calculate_sigpending+0x7b/0xa0 [ 14.512849] ? __pfx_kthread+0x10/0x10 [ 14.512871] ret_from_fork+0x116/0x1d0 [ 14.512890] ? __pfx_kthread+0x10/0x10 [ 14.512911] ret_from_fork_asm+0x1a/0x30 [ 14.512944] </TASK> [ 14.512955] [ 14.521059] The buggy address belongs to stack of task kunit_try_catch/267 [ 14.521663] and is located at offset 138 in frame: [ 14.521894] kasan_stack_oob+0x0/0x300 [ 14.522311] [ 14.522443] This frame has 4 objects: [ 14.522683] [48, 49) '__assertion' [ 14.522710] [64, 72) 'array' [ 14.522885] [96, 112) '__assertion' [ 14.523051] [128, 138) 'stack_array' [ 14.523365] [ 14.523566] The buggy address belongs to the physical page: [ 14.523737] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039b7 [ 14.524070] flags: 0x200000000000000(node=0|zone=2) [ 14.524307] raw: 0200000000000000 ffffea00040e6dc8 ffffea00040e6dc8 0000000000000000 [ 14.524752] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.525153] page dumped because: kasan: bad access detected [ 14.525331] [ 14.525414] Memory state around the buggy address: [ 14.525659] ffff8881039b7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.526014] ffff8881039b7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 14.526388] >ffff8881039b7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.526749] ^ [ 14.526879] ffff8881039b7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 14.527279] ffff8881039b7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.527610] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 51.268039] ================================================================== [ 51.268427] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 51.268427] [ 51.268932] Use-after-free read at 0x(____ptrval____) (in kfence-#152): [ 51.269200] test_krealloc+0x6fc/0xbe0 [ 51.269392] kunit_try_run_case+0x1a5/0x480 [ 51.269656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.269883] kthread+0x337/0x6f0 [ 51.270055] ret_from_fork+0x116/0x1d0 [ 51.270224] ret_from_fork_asm+0x1a/0x30 [ 51.270425] [ 51.270523] kfence-#152: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 51.270523] [ 51.270814] allocated by task 355 on cpu 1 at 51.267355s (0.003457s ago): [ 51.271788] test_alloc+0x364/0x10f0 [ 51.271980] test_krealloc+0xad/0xbe0 [ 51.272195] kunit_try_run_case+0x1a5/0x480 [ 51.272486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.272790] kthread+0x337/0x6f0 [ 51.272917] ret_from_fork+0x116/0x1d0 [ 51.273257] ret_from_fork_asm+0x1a/0x30 [ 51.273442] [ 51.273520] freed by task 355 on cpu 1 at 51.267644s (0.005873s ago): [ 51.273780] krealloc_noprof+0x108/0x340 [ 51.273923] test_krealloc+0x226/0xbe0 [ 51.274061] kunit_try_run_case+0x1a5/0x480 [ 51.274208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.274398] kthread+0x337/0x6f0 [ 51.274534] ret_from_fork+0x116/0x1d0 [ 51.274669] ret_from_fork_asm+0x1a/0x30 [ 51.274915] [ 51.275044] CPU: 1 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 51.275471] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.275784] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 51.276138] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 51.189167] ================================================================== [ 51.189577] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 51.189577] [ 51.189916] Use-after-free read at 0x(____ptrval____) (in kfence-#151): [ 51.190354] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 51.191303] kunit_try_run_case+0x1a5/0x480 [ 51.191754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.192234] kthread+0x337/0x6f0 [ 51.192402] ret_from_fork+0x116/0x1d0 [ 51.192583] ret_from_fork_asm+0x1a/0x30 [ 51.192760] [ 51.192867] kfence-#151: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 51.192867] [ 51.193209] allocated by task 353 on cpu 0 at 51.163281s (0.029926s ago): [ 51.193516] test_alloc+0x2a6/0x10f0 [ 51.193723] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 51.193895] kunit_try_run_case+0x1a5/0x480 [ 51.194260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.194470] kthread+0x337/0x6f0 [ 51.195015] ret_from_fork+0x116/0x1d0 [ 51.195237] ret_from_fork_asm+0x1a/0x30 [ 51.195457] [ 51.195541] freed by task 353 on cpu 0 at 51.163393s (0.032145s ago): [ 51.195879] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 51.196328] kunit_try_run_case+0x1a5/0x480 [ 51.196561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 51.196747] kthread+0x337/0x6f0 [ 51.196873] ret_from_fork+0x116/0x1d0 [ 51.197009] ret_from_fork_asm+0x1a/0x30 [ 51.197153] [ 51.197253] CPU: 0 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 51.198113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 51.198493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 51.199173] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 26.010220] ================================================================== [ 26.010811] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 26.010811] [ 26.011710] Invalid read at 0x(____ptrval____): [ 26.011893] test_invalid_access+0xf0/0x210 [ 26.012126] kunit_try_run_case+0x1a5/0x480 [ 26.012536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.012861] kthread+0x337/0x6f0 [ 26.013156] ret_from_fork+0x116/0x1d0 [ 26.013318] ret_from_fork_asm+0x1a/0x30 [ 26.014265] [ 26.014417] CPU: 1 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 26.014847] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.015073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.015542] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 25.787509] ================================================================== [ 25.787920] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 25.787920] [ 25.788230] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#146): [ 25.789298] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 25.789500] kunit_try_run_case+0x1a5/0x480 [ 25.789768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.790023] kthread+0x337/0x6f0 [ 25.790205] ret_from_fork+0x116/0x1d0 [ 25.790392] ret_from_fork_asm+0x1a/0x30 [ 25.790543] [ 25.790658] kfence-#146: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 25.790658] [ 25.791157] allocated by task 343 on cpu 1 at 25.787246s (0.003909s ago): [ 25.791446] test_alloc+0x364/0x10f0 [ 25.791672] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 25.791887] kunit_try_run_case+0x1a5/0x480 [ 25.792089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.792322] kthread+0x337/0x6f0 [ 25.792492] ret_from_fork+0x116/0x1d0 [ 25.792630] ret_from_fork_asm+0x1a/0x30 [ 25.792782] [ 25.792859] freed by task 343 on cpu 1 at 25.787373s (0.005483s ago): [ 25.793349] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 25.793662] kunit_try_run_case+0x1a5/0x480 [ 25.793887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.794103] kthread+0x337/0x6f0 [ 25.794228] ret_from_fork+0x116/0x1d0 [ 25.794380] ret_from_fork_asm+0x1a/0x30 [ 25.794598] [ 25.794727] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 25.795165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.795373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.795762] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 25.163539] ================================================================== [ 25.163953] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 25.163953] [ 25.164461] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#140): [ 25.164833] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 25.165088] kunit_try_run_case+0x1a5/0x480 [ 25.165321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.165581] kthread+0x337/0x6f0 [ 25.165770] ret_from_fork+0x116/0x1d0 [ 25.166006] ret_from_fork_asm+0x1a/0x30 [ 25.166183] [ 25.166284] kfence-#140: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 25.166284] [ 25.166705] allocated by task 341 on cpu 0 at 25.163313s (0.003390s ago): [ 25.167154] test_alloc+0x364/0x10f0 [ 25.167333] test_kmalloc_aligned_oob_read+0x105/0x560 [ 25.167551] kunit_try_run_case+0x1a5/0x480 [ 25.167752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.168049] kthread+0x337/0x6f0 [ 25.168171] ret_from_fork+0x116/0x1d0 [ 25.168302] ret_from_fork_asm+0x1a/0x30 [ 25.168515] [ 25.168668] CPU: 0 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 25.169301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.169497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.169967] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 19.027533] ================================================================== [ 19.027941] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 19.027941] [ 19.028304] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#81): [ 19.029081] test_corruption+0x2d2/0x3e0 [ 19.029264] kunit_try_run_case+0x1a5/0x480 [ 19.029487] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.029766] kthread+0x337/0x6f0 [ 19.029926] ret_from_fork+0x116/0x1d0 [ 19.030111] ret_from_fork_asm+0x1a/0x30 [ 19.030253] [ 19.030351] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.030351] [ 19.030913] allocated by task 329 on cpu 0 at 19.027283s (0.003628s ago): [ 19.031180] test_alloc+0x364/0x10f0 [ 19.031382] test_corruption+0xe6/0x3e0 [ 19.031586] kunit_try_run_case+0x1a5/0x480 [ 19.031815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.032012] kthread+0x337/0x6f0 [ 19.032154] ret_from_fork+0x116/0x1d0 [ 19.032358] ret_from_fork_asm+0x1a/0x30 [ 19.032600] [ 19.032708] freed by task 329 on cpu 0 at 19.027367s (0.005339s ago): [ 19.033016] test_corruption+0x2d2/0x3e0 [ 19.033188] kunit_try_run_case+0x1a5/0x480 [ 19.033358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.033688] kthread+0x337/0x6f0 [ 19.033841] ret_from_fork+0x116/0x1d0 [ 19.034002] ret_from_fork_asm+0x1a/0x30 [ 19.034228] [ 19.034339] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.034851] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.035026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.035436] ================================================================== [ 19.131639] ================================================================== [ 19.132017] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 19.132017] [ 19.132363] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#82): [ 19.132823] test_corruption+0x2df/0x3e0 [ 19.133499] kunit_try_run_case+0x1a5/0x480 [ 19.133677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.133926] kthread+0x337/0x6f0 [ 19.134089] ret_from_fork+0x116/0x1d0 [ 19.134267] ret_from_fork_asm+0x1a/0x30 [ 19.134463] [ 19.134555] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.134555] [ 19.134922] allocated by task 329 on cpu 0 at 19.131375s (0.003545s ago): [ 19.135209] test_alloc+0x364/0x10f0 [ 19.135374] test_corruption+0x1cb/0x3e0 [ 19.136141] kunit_try_run_case+0x1a5/0x480 [ 19.136306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.136733] kthread+0x337/0x6f0 [ 19.136900] ret_from_fork+0x116/0x1d0 [ 19.137072] ret_from_fork_asm+0x1a/0x30 [ 19.137279] [ 19.137371] freed by task 329 on cpu 0 at 19.131485s (0.005883s ago): [ 19.137676] test_corruption+0x2df/0x3e0 [ 19.137859] kunit_try_run_case+0x1a5/0x480 [ 19.138009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.138268] kthread+0x337/0x6f0 [ 19.138446] ret_from_fork+0x116/0x1d0 [ 19.138670] ret_from_fork_asm+0x1a/0x30 [ 19.138817] [ 19.138942] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.139387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.139572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.139974] ================================================================== [ 19.339518] ================================================================== [ 19.339925] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 19.339925] [ 19.340199] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#84): [ 19.340921] test_corruption+0x131/0x3e0 [ 19.341101] kunit_try_run_case+0x1a5/0x480 [ 19.341321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.341600] kthread+0x337/0x6f0 [ 19.341781] ret_from_fork+0x116/0x1d0 [ 19.341936] ret_from_fork_asm+0x1a/0x30 [ 19.342131] [ 19.342232] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.342232] [ 19.342628] allocated by task 331 on cpu 0 at 19.339405s (0.003221s ago): [ 19.342867] test_alloc+0x2a6/0x10f0 [ 19.343001] test_corruption+0xe6/0x3e0 [ 19.343185] kunit_try_run_case+0x1a5/0x480 [ 19.343407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.343659] kthread+0x337/0x6f0 [ 19.343829] ret_from_fork+0x116/0x1d0 [ 19.343963] ret_from_fork_asm+0x1a/0x30 [ 19.344288] [ 19.344399] freed by task 331 on cpu 0 at 19.339440s (0.004947s ago): [ 19.344737] test_corruption+0x131/0x3e0 [ 19.344914] kunit_try_run_case+0x1a5/0x480 [ 19.345116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.345353] kthread+0x337/0x6f0 [ 19.345541] ret_from_fork+0x116/0x1d0 [ 19.345692] ret_from_fork_asm+0x1a/0x30 [ 19.345893] [ 19.346006] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.346443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.346694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.347043] ================================================================== [ 19.443468] ================================================================== [ 19.443859] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 19.443859] [ 19.444179] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#85): [ 19.444580] test_corruption+0x216/0x3e0 [ 19.444744] kunit_try_run_case+0x1a5/0x480 [ 19.445045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.445282] kthread+0x337/0x6f0 [ 19.445449] ret_from_fork+0x116/0x1d0 [ 19.445592] ret_from_fork_asm+0x1a/0x30 [ 19.445818] [ 19.445918] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.445918] [ 19.446304] allocated by task 331 on cpu 0 at 19.443342s (0.002960s ago): [ 19.446617] test_alloc+0x2a6/0x10f0 [ 19.446808] test_corruption+0x1cb/0x3e0 [ 19.446975] kunit_try_run_case+0x1a5/0x480 [ 19.447148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.447402] kthread+0x337/0x6f0 [ 19.447581] ret_from_fork+0x116/0x1d0 [ 19.447743] ret_from_fork_asm+0x1a/0x30 [ 19.447942] [ 19.448041] freed by task 331 on cpu 0 at 19.443385s (0.004653s ago): [ 19.448311] test_corruption+0x216/0x3e0 [ 19.448503] kunit_try_run_case+0x1a5/0x480 [ 19.448774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.448955] kthread+0x337/0x6f0 [ 19.449079] ret_from_fork+0x116/0x1d0 [ 19.449215] ret_from_fork_asm+0x1a/0x30 [ 19.449424] [ 19.449545] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.450023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.450224] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.450523] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 18.819459] ================================================================== [ 18.819821] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 18.819821] [ 18.820251] Invalid free of 0x(____ptrval____) (in kfence-#79): [ 18.820907] test_invalid_addr_free+0x1e1/0x260 [ 18.821363] kunit_try_run_case+0x1a5/0x480 [ 18.821581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.822043] kthread+0x337/0x6f0 [ 18.822177] ret_from_fork+0x116/0x1d0 [ 18.822361] ret_from_fork_asm+0x1a/0x30 [ 18.822574] [ 18.822668] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.822668] [ 18.823171] allocated by task 325 on cpu 1 at 18.819331s (0.003837s ago): [ 18.823483] test_alloc+0x364/0x10f0 [ 18.823621] test_invalid_addr_free+0xdb/0x260 [ 18.823972] kunit_try_run_case+0x1a5/0x480 [ 18.824377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.824955] kthread+0x337/0x6f0 [ 18.825203] ret_from_fork+0x116/0x1d0 [ 18.825338] ret_from_fork_asm+0x1a/0x30 [ 18.825490] [ 18.825588] CPU: 1 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.825909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.826046] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.826310] ================================================================== [ 18.923495] ================================================================== [ 18.923936] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 18.923936] [ 18.924265] Invalid free of 0x(____ptrval____) (in kfence-#80): [ 18.924670] test_invalid_addr_free+0xfb/0x260 [ 18.924898] kunit_try_run_case+0x1a5/0x480 [ 18.925100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.925299] kthread+0x337/0x6f0 [ 18.925437] ret_from_fork+0x116/0x1d0 [ 18.925643] ret_from_fork_asm+0x1a/0x30 [ 18.925870] [ 18.925993] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.925993] [ 18.926425] allocated by task 327 on cpu 0 at 18.923374s (0.003049s ago): [ 18.926774] test_alloc+0x2a6/0x10f0 [ 18.926951] test_invalid_addr_free+0xdb/0x260 [ 18.927186] kunit_try_run_case+0x1a5/0x480 [ 18.927410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.927654] kthread+0x337/0x6f0 [ 18.927775] ret_from_fork+0x116/0x1d0 [ 18.928410] ret_from_fork_asm+0x1a/0x30 [ 18.928682] [ 18.928799] CPU: 0 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.929245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.929445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.930301] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 18.611613] ================================================================== [ 18.612041] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 18.612041] [ 18.612412] Invalid free of 0x(____ptrval____) (in kfence-#77): [ 18.612900] test_double_free+0x1d3/0x260 [ 18.613110] kunit_try_run_case+0x1a5/0x480 [ 18.613318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.613566] kthread+0x337/0x6f0 [ 18.614474] ret_from_fork+0x116/0x1d0 [ 18.614912] ret_from_fork_asm+0x1a/0x30 [ 18.615075] [ 18.615156] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.615156] [ 18.615467] allocated by task 321 on cpu 1 at 18.611337s (0.004127s ago): [ 18.615755] test_alloc+0x364/0x10f0 [ 18.615939] test_double_free+0xdb/0x260 [ 18.616082] kunit_try_run_case+0x1a5/0x480 [ 18.616320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.616615] kthread+0x337/0x6f0 [ 18.616834] ret_from_fork+0x116/0x1d0 [ 18.616972] ret_from_fork_asm+0x1a/0x30 [ 18.617158] [ 18.617257] freed by task 321 on cpu 1 at 18.611412s (0.005842s ago): [ 18.617754] test_double_free+0x1e0/0x260 [ 18.617959] kunit_try_run_case+0x1a5/0x480 [ 18.618160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.618410] kthread+0x337/0x6f0 [ 18.618586] ret_from_fork+0x116/0x1d0 [ 18.618810] ret_from_fork_asm+0x1a/0x30 [ 18.618955] [ 18.619056] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.619554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.619747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.620138] ================================================================== [ 18.715590] ================================================================== [ 18.716073] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 18.716073] [ 18.716417] Invalid free of 0x(____ptrval____) (in kfence-#78): [ 18.716719] test_double_free+0x112/0x260 [ 18.716993] kunit_try_run_case+0x1a5/0x480 [ 18.717666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.717940] kthread+0x337/0x6f0 [ 18.718122] ret_from_fork+0x116/0x1d0 [ 18.718326] ret_from_fork_asm+0x1a/0x30 [ 18.718513] [ 18.718623] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.718623] [ 18.719361] allocated by task 323 on cpu 0 at 18.715363s (0.003995s ago): [ 18.719890] test_alloc+0x2a6/0x10f0 [ 18.720040] test_double_free+0xdb/0x260 [ 18.720306] kunit_try_run_case+0x1a5/0x480 [ 18.720516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.720934] kthread+0x337/0x6f0 [ 18.721168] ret_from_fork+0x116/0x1d0 [ 18.721440] ret_from_fork_asm+0x1a/0x30 [ 18.721703] [ 18.721869] freed by task 323 on cpu 0 at 18.715425s (0.006440s ago): [ 18.722153] test_double_free+0xfa/0x260 [ 18.722341] kunit_try_run_case+0x1a5/0x480 [ 18.722552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.723012] kthread+0x337/0x6f0 [ 18.723180] ret_from_fork+0x116/0x1d0 [ 18.723454] ret_from_fork_asm+0x1a/0x30 [ 18.723778] [ 18.723965] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.724506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.724852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.725219] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 18.299480] ================================================================== [ 18.299890] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 18.299890] [ 18.300338] Use-after-free read at 0x(____ptrval____) (in kfence-#74): [ 18.300857] test_use_after_free_read+0x129/0x270 [ 18.301078] kunit_try_run_case+0x1a5/0x480 [ 18.301293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.301540] kthread+0x337/0x6f0 [ 18.302246] ret_from_fork+0x116/0x1d0 [ 18.302472] ret_from_fork_asm+0x1a/0x30 [ 18.302882] [ 18.303080] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.303080] [ 18.303490] allocated by task 315 on cpu 1 at 18.299339s (0.004148s ago): [ 18.303999] test_alloc+0x2a6/0x10f0 [ 18.304286] test_use_after_free_read+0xdc/0x270 [ 18.304523] kunit_try_run_case+0x1a5/0x480 [ 18.304950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.305300] kthread+0x337/0x6f0 [ 18.305558] ret_from_fork+0x116/0x1d0 [ 18.305813] ret_from_fork_asm+0x1a/0x30 [ 18.306126] [ 18.306252] freed by task 315 on cpu 1 at 18.299404s (0.006845s ago): [ 18.306732] test_use_after_free_read+0xfb/0x270 [ 18.307064] kunit_try_run_case+0x1a5/0x480 [ 18.307277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.307680] kthread+0x337/0x6f0 [ 18.307935] ret_from_fork+0x116/0x1d0 [ 18.308209] ret_from_fork_asm+0x1a/0x30 [ 18.308434] [ 18.308754] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.309214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.309440] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.309979] ================================================================== [ 18.195610] ================================================================== [ 18.196043] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 18.196043] [ 18.196547] Use-after-free read at 0x(____ptrval____) (in kfence-#73): [ 18.197078] test_use_after_free_read+0x129/0x270 [ 18.197312] kunit_try_run_case+0x1a5/0x480 [ 18.197534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.198035] kthread+0x337/0x6f0 [ 18.198358] ret_from_fork+0x116/0x1d0 [ 18.198668] ret_from_fork_asm+0x1a/0x30 [ 18.199010] [ 18.199117] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.199117] [ 18.199624] allocated by task 313 on cpu 0 at 18.195389s (0.004233s ago): [ 18.200038] test_alloc+0x364/0x10f0 [ 18.200211] test_use_after_free_read+0xdc/0x270 [ 18.200432] kunit_try_run_case+0x1a5/0x480 [ 18.200617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.201108] kthread+0x337/0x6f0 [ 18.201255] ret_from_fork+0x116/0x1d0 [ 18.201583] ret_from_fork_asm+0x1a/0x30 [ 18.201819] [ 18.202181] freed by task 313 on cpu 0 at 18.195456s (0.006632s ago): [ 18.202638] test_use_after_free_read+0x1e7/0x270 [ 18.202962] kunit_try_run_case+0x1a5/0x480 [ 18.203226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.203556] kthread+0x337/0x6f0 [ 18.203827] ret_from_fork+0x116/0x1d0 [ 18.204004] ret_from_fork_asm+0x1a/0x30 [ 18.204218] [ 18.204324] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.205052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.205313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.205806] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 18.091383] ================================================================== [ 18.091839] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 18.091839] [ 18.092308] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#72): [ 18.092740] test_out_of_bounds_write+0x10d/0x260 [ 18.092929] kunit_try_run_case+0x1a5/0x480 [ 18.093102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.093361] kthread+0x337/0x6f0 [ 18.093547] ret_from_fork+0x116/0x1d0 [ 18.093773] ret_from_fork_asm+0x1a/0x30 [ 18.093949] [ 18.094050] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.094050] [ 18.094449] allocated by task 311 on cpu 1 at 18.091321s (0.003126s ago): [ 18.094772] test_alloc+0x2a6/0x10f0 [ 18.094944] test_out_of_bounds_write+0xd4/0x260 [ 18.095138] kunit_try_run_case+0x1a5/0x480 [ 18.095348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.095614] kthread+0x337/0x6f0 [ 18.095742] ret_from_fork+0x116/0x1d0 [ 18.095877] ret_from_fork_asm+0x1a/0x30 [ 18.096021] [ 18.096135] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.096632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.096966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.097352] ================================================================== [ 17.779465] ================================================================== [ 17.779934] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.779934] [ 17.780504] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#69): [ 17.780811] test_out_of_bounds_write+0x10d/0x260 [ 17.781059] kunit_try_run_case+0x1a5/0x480 [ 17.781276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.782029] kthread+0x337/0x6f0 [ 17.782181] ret_from_fork+0x116/0x1d0 [ 17.782323] ret_from_fork_asm+0x1a/0x30 [ 17.782483] [ 17.782565] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.782565] [ 17.782879] allocated by task 309 on cpu 0 at 17.779341s (0.003536s ago): [ 17.783111] test_alloc+0x364/0x10f0 [ 17.783245] test_out_of_bounds_write+0xd4/0x260 [ 17.783414] kunit_try_run_case+0x1a5/0x480 [ 17.783566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.784263] kthread+0x337/0x6f0 [ 17.784619] ret_from_fork+0x116/0x1d0 [ 17.784795] ret_from_fork_asm+0x1a/0x30 [ 17.785034] [ 17.785170] CPU: 0 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.785658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.785812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.786225] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 17.155450] ================================================================== [ 17.155872] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 17.155872] [ 17.156391] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#63): [ 17.156852] test_out_of_bounds_read+0x216/0x4e0 [ 17.157020] kunit_try_run_case+0x1a5/0x480 [ 17.157234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.157524] kthread+0x337/0x6f0 [ 17.157716] ret_from_fork+0x116/0x1d0 [ 17.158071] ret_from_fork_asm+0x1a/0x30 [ 17.158270] [ 17.158359] kfence-#63: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.158359] [ 17.158873] allocated by task 305 on cpu 1 at 17.155342s (0.003528s ago): [ 17.159592] test_alloc+0x364/0x10f0 [ 17.160050] test_out_of_bounds_read+0x1e2/0x4e0 [ 17.160259] kunit_try_run_case+0x1a5/0x480 [ 17.160633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.160880] kthread+0x337/0x6f0 [ 17.161172] ret_from_fork+0x116/0x1d0 [ 17.161458] ret_from_fork_asm+0x1a/0x30 [ 17.161763] [ 17.161908] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.162489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.162733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.163237] ================================================================== [ 17.467462] ================================================================== [ 17.467877] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 17.467877] [ 17.468260] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#66): [ 17.468745] test_out_of_bounds_read+0x126/0x4e0 [ 17.468966] kunit_try_run_case+0x1a5/0x480 [ 17.469136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.469410] kthread+0x337/0x6f0 [ 17.469582] ret_from_fork+0x116/0x1d0 [ 17.469730] ret_from_fork_asm+0x1a/0x30 [ 17.469936] [ 17.470019] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.470019] [ 17.470380] allocated by task 307 on cpu 0 at 17.467313s (0.003065s ago): [ 17.470787] test_alloc+0x2a6/0x10f0 [ 17.470963] test_out_of_bounds_read+0xed/0x4e0 [ 17.471121] kunit_try_run_case+0x1a5/0x480 [ 17.471272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.471514] kthread+0x337/0x6f0 [ 17.471687] ret_from_fork+0x116/0x1d0 [ 17.471887] ret_from_fork_asm+0x1a/0x30 [ 17.472087] [ 17.472200] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.472687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.472858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.473192] ================================================================== [ 16.948678] ================================================================== [ 16.949175] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.949175] [ 16.950168] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#61): [ 16.950872] test_out_of_bounds_read+0x126/0x4e0 [ 16.951231] kunit_try_run_case+0x1a5/0x480 [ 16.951582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.951928] kthread+0x337/0x6f0 [ 16.952196] ret_from_fork+0x116/0x1d0 [ 16.952492] ret_from_fork_asm+0x1a/0x30 [ 16.952812] [ 16.953091] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.953091] [ 16.953906] allocated by task 305 on cpu 1 at 16.947405s (0.006439s ago): [ 16.954644] test_alloc+0x364/0x10f0 [ 16.954865] test_out_of_bounds_read+0xed/0x4e0 [ 16.955093] kunit_try_run_case+0x1a5/0x480 [ 16.955472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.955872] kthread+0x337/0x6f0 [ 16.956035] ret_from_fork+0x116/0x1d0 [ 16.956353] ret_from_fork_asm+0x1a/0x30 [ 16.956788] [ 16.956958] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.957663] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.957894] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.958193] ================================================================== [ 17.571384] ================================================================== [ 17.571805] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 17.571805] [ 17.572316] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#67): [ 17.572632] test_out_of_bounds_read+0x216/0x4e0 [ 17.572866] kunit_try_run_case+0x1a5/0x480 [ 17.573063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.573261] kthread+0x337/0x6f0 [ 17.573452] ret_from_fork+0x116/0x1d0 [ 17.573639] ret_from_fork_asm+0x1a/0x30 [ 17.573877] [ 17.573969] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.573969] [ 17.574263] allocated by task 307 on cpu 0 at 17.571332s (0.002929s ago): [ 17.574551] test_alloc+0x2a6/0x10f0 [ 17.574736] test_out_of_bounds_read+0x1e2/0x4e0 [ 17.575047] kunit_try_run_case+0x1a5/0x480 [ 17.575353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.575543] kthread+0x337/0x6f0 [ 17.575713] ret_from_fork+0x116/0x1d0 [ 17.576037] ret_from_fork_asm+0x1a/0x30 [ 17.576214] [ 17.576336] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.576801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.577000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.577351] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 16.803603] ================================================================== [ 16.803951] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.804555] Write of size 1 at addr ffff88810315a278 by task kunit_try_catch/303 [ 16.804896] [ 16.805032] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.805077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.805090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.805114] Call Trace: [ 16.805128] <TASK> [ 16.805144] dump_stack_lvl+0x73/0xb0 [ 16.805173] print_report+0xd1/0x610 [ 16.805197] ? __virt_addr_valid+0x1db/0x2d0 [ 16.805222] ? strncpy_from_user+0x1a5/0x1d0 [ 16.805246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.805270] ? strncpy_from_user+0x1a5/0x1d0 [ 16.805295] kasan_report+0x141/0x180 [ 16.805318] ? strncpy_from_user+0x1a5/0x1d0 [ 16.805349] __asan_report_store1_noabort+0x1b/0x30 [ 16.805406] strncpy_from_user+0x1a5/0x1d0 [ 16.805435] copy_user_test_oob+0x760/0x10f0 [ 16.805463] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.805486] ? finish_task_switch.isra.0+0x153/0x700 [ 16.805512] ? __switch_to+0x47/0xf50 [ 16.805541] ? __schedule+0x10c6/0x2b60 [ 16.805565] ? __pfx_read_tsc+0x10/0x10 [ 16.805605] ? ktime_get_ts64+0x86/0x230 [ 16.805632] kunit_try_run_case+0x1a5/0x480 [ 16.805658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.805682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.805708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.805732] ? __kthread_parkme+0x82/0x180 [ 16.805754] ? preempt_count_sub+0x50/0x80 [ 16.805779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.805805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.805830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.805854] kthread+0x337/0x6f0 [ 16.805876] ? trace_preempt_on+0x20/0xc0 [ 16.805901] ? __pfx_kthread+0x10/0x10 [ 16.805924] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.805946] ? calculate_sigpending+0x7b/0xa0 [ 16.805971] ? __pfx_kthread+0x10/0x10 [ 16.805996] ret_from_fork+0x116/0x1d0 [ 16.806020] ? __pfx_kthread+0x10/0x10 [ 16.806043] ret_from_fork_asm+0x1a/0x30 [ 16.806078] </TASK> [ 16.806089] [ 16.813698] Allocated by task 303: [ 16.813854] kasan_save_stack+0x45/0x70 [ 16.813999] kasan_save_track+0x18/0x40 [ 16.814137] kasan_save_alloc_info+0x3b/0x50 [ 16.814288] __kasan_kmalloc+0xb7/0xc0 [ 16.814443] __kmalloc_noprof+0x1c9/0x500 [ 16.814643] kunit_kmalloc_array+0x25/0x60 [ 16.814884] copy_user_test_oob+0xab/0x10f0 [ 16.815094] kunit_try_run_case+0x1a5/0x480 [ 16.815291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.815481] kthread+0x337/0x6f0 [ 16.815607] ret_from_fork+0x116/0x1d0 [ 16.815742] ret_from_fork_asm+0x1a/0x30 [ 16.816086] [ 16.816185] The buggy address belongs to the object at ffff88810315a200 [ 16.816185] which belongs to the cache kmalloc-128 of size 128 [ 16.816758] The buggy address is located 0 bytes to the right of [ 16.816758] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.817224] [ 16.817303] The buggy address belongs to the physical page: [ 16.817612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.817975] flags: 0x200000000000000(node=0|zone=2) [ 16.818212] page_type: f5(slab) [ 16.818378] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.818750] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.818983] page dumped because: kasan: bad access detected [ 16.819176] [ 16.819294] Memory state around the buggy address: [ 16.819533] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.820136] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.820453] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.820793] ^ [ 16.821097] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.821412] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.821741] ================================================================== [ 16.785330] ================================================================== [ 16.785760] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.786247] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.786576] [ 16.786697] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.786771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.786786] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.786809] Call Trace: [ 16.786827] <TASK> [ 16.786842] dump_stack_lvl+0x73/0xb0 [ 16.786872] print_report+0xd1/0x610 [ 16.786896] ? __virt_addr_valid+0x1db/0x2d0 [ 16.786919] ? strncpy_from_user+0x2e/0x1d0 [ 16.786944] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.786967] ? strncpy_from_user+0x2e/0x1d0 [ 16.786992] kasan_report+0x141/0x180 [ 16.787015] ? strncpy_from_user+0x2e/0x1d0 [ 16.787045] kasan_check_range+0x10c/0x1c0 [ 16.787070] __kasan_check_write+0x18/0x20 [ 16.787089] strncpy_from_user+0x2e/0x1d0 [ 16.787113] ? __kasan_check_read+0x15/0x20 [ 16.787135] copy_user_test_oob+0x760/0x10f0 [ 16.787163] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.787187] ? finish_task_switch.isra.0+0x153/0x700 [ 16.787211] ? __switch_to+0x47/0xf50 [ 16.787239] ? __schedule+0x10c6/0x2b60 [ 16.787263] ? __pfx_read_tsc+0x10/0x10 [ 16.787285] ? ktime_get_ts64+0x86/0x230 [ 16.787310] kunit_try_run_case+0x1a5/0x480 [ 16.787335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.787359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.787384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.787421] ? __kthread_parkme+0x82/0x180 [ 16.787462] ? preempt_count_sub+0x50/0x80 [ 16.787487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.787512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.787537] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.787562] kthread+0x337/0x6f0 [ 16.787584] ? trace_preempt_on+0x20/0xc0 [ 16.787619] ? __pfx_kthread+0x10/0x10 [ 16.787642] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.787664] ? calculate_sigpending+0x7b/0xa0 [ 16.787688] ? __pfx_kthread+0x10/0x10 [ 16.787711] ret_from_fork+0x116/0x1d0 [ 16.787730] ? __pfx_kthread+0x10/0x10 [ 16.787752] ret_from_fork_asm+0x1a/0x30 [ 16.787786] </TASK> [ 16.787797] [ 16.795317] Allocated by task 303: [ 16.795462] kasan_save_stack+0x45/0x70 [ 16.795656] kasan_save_track+0x18/0x40 [ 16.795861] kasan_save_alloc_info+0x3b/0x50 [ 16.796071] __kasan_kmalloc+0xb7/0xc0 [ 16.796282] __kmalloc_noprof+0x1c9/0x500 [ 16.796492] kunit_kmalloc_array+0x25/0x60 [ 16.796706] copy_user_test_oob+0xab/0x10f0 [ 16.796859] kunit_try_run_case+0x1a5/0x480 [ 16.797009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.797185] kthread+0x337/0x6f0 [ 16.797341] ret_from_fork+0x116/0x1d0 [ 16.797538] ret_from_fork_asm+0x1a/0x30 [ 16.797753] [ 16.797854] The buggy address belongs to the object at ffff88810315a200 [ 16.797854] which belongs to the cache kmalloc-128 of size 128 [ 16.798562] The buggy address is located 0 bytes inside of [ 16.798562] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.798926] [ 16.799002] The buggy address belongs to the physical page: [ 16.799177] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.799706] flags: 0x200000000000000(node=0|zone=2) [ 16.799942] page_type: f5(slab) [ 16.800133] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.800498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.801040] page dumped because: kasan: bad access detected [ 16.801213] [ 16.801284] Memory state around the buggy address: [ 16.801448] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.801674] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.802004] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.802313] ^ [ 16.802674] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.802962] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.803173] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 16.765360] ================================================================== [ 16.765689] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.766165] Read of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.766510] [ 16.766640] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.766687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.766701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.766726] Call Trace: [ 16.766740] <TASK> [ 16.766756] dump_stack_lvl+0x73/0xb0 [ 16.766785] print_report+0xd1/0x610 [ 16.766808] ? __virt_addr_valid+0x1db/0x2d0 [ 16.766832] ? copy_user_test_oob+0x604/0x10f0 [ 16.766856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.766880] ? copy_user_test_oob+0x604/0x10f0 [ 16.766904] kasan_report+0x141/0x180 [ 16.766927] ? copy_user_test_oob+0x604/0x10f0 [ 16.766957] kasan_check_range+0x10c/0x1c0 [ 16.767004] __kasan_check_read+0x15/0x20 [ 16.767026] copy_user_test_oob+0x604/0x10f0 [ 16.767052] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.767078] ? finish_task_switch.isra.0+0x153/0x700 [ 16.767123] ? __switch_to+0x47/0xf50 [ 16.767155] ? __schedule+0x10c6/0x2b60 [ 16.767185] ? __pfx_read_tsc+0x10/0x10 [ 16.767211] ? ktime_get_ts64+0x86/0x230 [ 16.767237] kunit_try_run_case+0x1a5/0x480 [ 16.767263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.767286] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.767313] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.767339] ? __kthread_parkme+0x82/0x180 [ 16.767361] ? preempt_count_sub+0x50/0x80 [ 16.767386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.767422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.767449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.767492] kthread+0x337/0x6f0 [ 16.767514] ? trace_preempt_on+0x20/0xc0 [ 16.767538] ? __pfx_kthread+0x10/0x10 [ 16.767562] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.767599] ? calculate_sigpending+0x7b/0xa0 [ 16.767624] ? __pfx_kthread+0x10/0x10 [ 16.767647] ret_from_fork+0x116/0x1d0 [ 16.767683] ? __pfx_kthread+0x10/0x10 [ 16.767705] ret_from_fork_asm+0x1a/0x30 [ 16.767740] </TASK> [ 16.767751] [ 16.776048] Allocated by task 303: [ 16.776264] kasan_save_stack+0x45/0x70 [ 16.776501] kasan_save_track+0x18/0x40 [ 16.776746] kasan_save_alloc_info+0x3b/0x50 [ 16.776979] __kasan_kmalloc+0xb7/0xc0 [ 16.777158] __kmalloc_noprof+0x1c9/0x500 [ 16.777379] kunit_kmalloc_array+0x25/0x60 [ 16.777585] copy_user_test_oob+0xab/0x10f0 [ 16.777811] kunit_try_run_case+0x1a5/0x480 [ 16.778053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.778305] kthread+0x337/0x6f0 [ 16.778525] ret_from_fork+0x116/0x1d0 [ 16.778758] ret_from_fork_asm+0x1a/0x30 [ 16.778956] [ 16.779035] The buggy address belongs to the object at ffff88810315a200 [ 16.779035] which belongs to the cache kmalloc-128 of size 128 [ 16.779505] The buggy address is located 0 bytes inside of [ 16.779505] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.779928] [ 16.780026] The buggy address belongs to the physical page: [ 16.780279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.780844] flags: 0x200000000000000(node=0|zone=2) [ 16.781018] page_type: f5(slab) [ 16.781142] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.781377] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.781915] page dumped because: kasan: bad access detected [ 16.782208] [ 16.782306] Memory state around the buggy address: [ 16.782579] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.782943] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.783269] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.783615] ^ [ 16.783927] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.784249] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.784578] ================================================================== [ 16.742561] ================================================================== [ 16.742881] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.743249] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.743597] [ 16.743695] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.743759] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.743773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.743796] Call Trace: [ 16.743813] <TASK> [ 16.743829] dump_stack_lvl+0x73/0xb0 [ 16.743859] print_report+0xd1/0x610 [ 16.743883] ? __virt_addr_valid+0x1db/0x2d0 [ 16.743907] ? copy_user_test_oob+0x557/0x10f0 [ 16.743931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.743955] ? copy_user_test_oob+0x557/0x10f0 [ 16.743980] kasan_report+0x141/0x180 [ 16.744003] ? copy_user_test_oob+0x557/0x10f0 [ 16.744033] kasan_check_range+0x10c/0x1c0 [ 16.744058] __kasan_check_write+0x18/0x20 [ 16.744078] copy_user_test_oob+0x557/0x10f0 [ 16.744104] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.744128] ? finish_task_switch.isra.0+0x153/0x700 [ 16.744153] ? __switch_to+0x47/0xf50 [ 16.744181] ? __schedule+0x10c6/0x2b60 [ 16.744205] ? __pfx_read_tsc+0x10/0x10 [ 16.744227] ? ktime_get_ts64+0x86/0x230 [ 16.744252] kunit_try_run_case+0x1a5/0x480 [ 16.744278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.744302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.744327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.744352] ? __kthread_parkme+0x82/0x180 [ 16.744373] ? preempt_count_sub+0x50/0x80 [ 16.744409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.744435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.744460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.744485] kthread+0x337/0x6f0 [ 16.744506] ? trace_preempt_on+0x20/0xc0 [ 16.744530] ? __pfx_kthread+0x10/0x10 [ 16.744552] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.744575] ? calculate_sigpending+0x7b/0xa0 [ 16.744614] ? __pfx_kthread+0x10/0x10 [ 16.744638] ret_from_fork+0x116/0x1d0 [ 16.744657] ? __pfx_kthread+0x10/0x10 [ 16.744682] ret_from_fork_asm+0x1a/0x30 [ 16.744715] </TASK> [ 16.744727] [ 16.753773] Allocated by task 303: [ 16.753982] kasan_save_stack+0x45/0x70 [ 16.754451] kasan_save_track+0x18/0x40 [ 16.754720] kasan_save_alloc_info+0x3b/0x50 [ 16.755067] __kasan_kmalloc+0xb7/0xc0 [ 16.755285] __kmalloc_noprof+0x1c9/0x500 [ 16.755615] kunit_kmalloc_array+0x25/0x60 [ 16.755932] copy_user_test_oob+0xab/0x10f0 [ 16.756218] kunit_try_run_case+0x1a5/0x480 [ 16.756447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.756902] kthread+0x337/0x6f0 [ 16.757078] ret_from_fork+0x116/0x1d0 [ 16.757231] ret_from_fork_asm+0x1a/0x30 [ 16.757614] [ 16.757743] The buggy address belongs to the object at ffff88810315a200 [ 16.757743] which belongs to the cache kmalloc-128 of size 128 [ 16.758475] The buggy address is located 0 bytes inside of [ 16.758475] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.759129] [ 16.759238] The buggy address belongs to the physical page: [ 16.759683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.760071] flags: 0x200000000000000(node=0|zone=2) [ 16.760432] page_type: f5(slab) [ 16.760659] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.761122] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.761472] page dumped because: kasan: bad access detected [ 16.761860] [ 16.761984] Memory state around the buggy address: [ 16.762294] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.762618] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.763137] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.763527] ^ [ 16.763964] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764359] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764836] ================================================================== [ 16.704499] ================================================================== [ 16.705061] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.705383] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.705774] [ 16.705885] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.705932] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.705946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.705970] Call Trace: [ 16.705984] <TASK> [ 16.706001] dump_stack_lvl+0x73/0xb0 [ 16.706032] print_report+0xd1/0x610 [ 16.706056] ? __virt_addr_valid+0x1db/0x2d0 [ 16.706080] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.706105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.706128] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.706154] kasan_report+0x141/0x180 [ 16.706177] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.706208] kasan_check_range+0x10c/0x1c0 [ 16.706233] __kasan_check_write+0x18/0x20 [ 16.706253] copy_user_test_oob+0x3fd/0x10f0 [ 16.706280] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.706304] ? finish_task_switch.isra.0+0x153/0x700 [ 16.706328] ? __switch_to+0x47/0xf50 [ 16.706356] ? __schedule+0x10c6/0x2b60 [ 16.706381] ? __pfx_read_tsc+0x10/0x10 [ 16.706415] ? ktime_get_ts64+0x86/0x230 [ 16.706442] kunit_try_run_case+0x1a5/0x480 [ 16.706468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.706493] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.706518] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.706543] ? __kthread_parkme+0x82/0x180 [ 16.706566] ? preempt_count_sub+0x50/0x80 [ 16.706591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.706617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.706642] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.706668] kthread+0x337/0x6f0 [ 16.706689] ? trace_preempt_on+0x20/0xc0 [ 16.706713] ? __pfx_kthread+0x10/0x10 [ 16.706735] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.706758] ? calculate_sigpending+0x7b/0xa0 [ 16.706784] ? __pfx_kthread+0x10/0x10 [ 16.706808] ret_from_fork+0x116/0x1d0 [ 16.706828] ? __pfx_kthread+0x10/0x10 [ 16.706850] ret_from_fork_asm+0x1a/0x30 [ 16.706883] </TASK> [ 16.706894] [ 16.714027] Allocated by task 303: [ 16.714202] kasan_save_stack+0x45/0x70 [ 16.714376] kasan_save_track+0x18/0x40 [ 16.714549] kasan_save_alloc_info+0x3b/0x50 [ 16.714777] __kasan_kmalloc+0xb7/0xc0 [ 16.714960] __kmalloc_noprof+0x1c9/0x500 [ 16.715137] kunit_kmalloc_array+0x25/0x60 [ 16.715285] copy_user_test_oob+0xab/0x10f0 [ 16.715466] kunit_try_run_case+0x1a5/0x480 [ 16.715672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.715960] kthread+0x337/0x6f0 [ 16.716112] ret_from_fork+0x116/0x1d0 [ 16.716249] ret_from_fork_asm+0x1a/0x30 [ 16.716445] [ 16.716546] The buggy address belongs to the object at ffff88810315a200 [ 16.716546] which belongs to the cache kmalloc-128 of size 128 [ 16.717074] The buggy address is located 0 bytes inside of [ 16.717074] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.717542] [ 16.717683] The buggy address belongs to the physical page: [ 16.717889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.718216] flags: 0x200000000000000(node=0|zone=2) [ 16.718460] page_type: f5(slab) [ 16.718610] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.718914] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.719170] page dumped because: kasan: bad access detected [ 16.719347] [ 16.719429] Memory state around the buggy address: [ 16.719588] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.719809] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.720029] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.720313] ^ [ 16.720958] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.721277] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.721607] ================================================================== [ 16.722160] ================================================================== [ 16.722524] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.722899] Read of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.723429] [ 16.723537] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.723580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.723593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.723617] Call Trace: [ 16.723633] <TASK> [ 16.723651] dump_stack_lvl+0x73/0xb0 [ 16.723679] print_report+0xd1/0x610 [ 16.723703] ? __virt_addr_valid+0x1db/0x2d0 [ 16.723728] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.723753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.723777] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.723802] kasan_report+0x141/0x180 [ 16.723825] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.723855] kasan_check_range+0x10c/0x1c0 [ 16.723880] __kasan_check_read+0x15/0x20 [ 16.723900] copy_user_test_oob+0x4aa/0x10f0 [ 16.723927] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.723951] ? finish_task_switch.isra.0+0x153/0x700 [ 16.723976] ? __switch_to+0x47/0xf50 [ 16.724004] ? __schedule+0x10c6/0x2b60 [ 16.724028] ? __pfx_read_tsc+0x10/0x10 [ 16.724050] ? ktime_get_ts64+0x86/0x230 [ 16.724076] kunit_try_run_case+0x1a5/0x480 [ 16.724102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.724125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.724150] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.724176] ? __kthread_parkme+0x82/0x180 [ 16.724198] ? preempt_count_sub+0x50/0x80 [ 16.724223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.724249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.724274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.724299] kthread+0x337/0x6f0 [ 16.724320] ? trace_preempt_on+0x20/0xc0 [ 16.724345] ? __pfx_kthread+0x10/0x10 [ 16.724367] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.724390] ? calculate_sigpending+0x7b/0xa0 [ 16.724426] ? __pfx_kthread+0x10/0x10 [ 16.724450] ret_from_fork+0x116/0x1d0 [ 16.724470] ? __pfx_kthread+0x10/0x10 [ 16.724491] ret_from_fork_asm+0x1a/0x30 [ 16.724524] </TASK> [ 16.724536] [ 16.731691] Allocated by task 303: [ 16.731822] kasan_save_stack+0x45/0x70 [ 16.731966] kasan_save_track+0x18/0x40 [ 16.732106] kasan_save_alloc_info+0x3b/0x50 [ 16.732318] __kasan_kmalloc+0xb7/0xc0 [ 16.732520] __kmalloc_noprof+0x1c9/0x500 [ 16.732735] kunit_kmalloc_array+0x25/0x60 [ 16.732938] copy_user_test_oob+0xab/0x10f0 [ 16.733118] kunit_try_run_case+0x1a5/0x480 [ 16.733306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.733559] kthread+0x337/0x6f0 [ 16.733754] ret_from_fork+0x116/0x1d0 [ 16.733927] ret_from_fork_asm+0x1a/0x30 [ 16.734104] [ 16.734198] The buggy address belongs to the object at ffff88810315a200 [ 16.734198] which belongs to the cache kmalloc-128 of size 128 [ 16.734694] The buggy address is located 0 bytes inside of [ 16.734694] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.735165] [ 16.735242] The buggy address belongs to the physical page: [ 16.735498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.735809] flags: 0x200000000000000(node=0|zone=2) [ 16.735974] page_type: f5(slab) [ 16.736098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.736336] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.736662] page dumped because: kasan: bad access detected [ 16.736926] [ 16.737021] Memory state around the buggy address: [ 16.737245] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.737583] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.737899] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.738167] ^ [ 16.738384] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.739294] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.739529] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 16.683894] ================================================================== [ 16.684341] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 16.684677] Read of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.685156] [ 16.685259] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.685307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.685322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.685347] Call Trace: [ 16.685362] <TASK> [ 16.685381] dump_stack_lvl+0x73/0xb0 [ 16.685428] print_report+0xd1/0x610 [ 16.685454] ? __virt_addr_valid+0x1db/0x2d0 [ 16.685479] ? _copy_to_user+0x3c/0x70 [ 16.685499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.685523] ? _copy_to_user+0x3c/0x70 [ 16.685544] kasan_report+0x141/0x180 [ 16.685568] ? _copy_to_user+0x3c/0x70 [ 16.685595] kasan_check_range+0x10c/0x1c0 [ 16.685620] __kasan_check_read+0x15/0x20 [ 16.685640] _copy_to_user+0x3c/0x70 [ 16.685661] copy_user_test_oob+0x364/0x10f0 [ 16.685689] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.685713] ? finish_task_switch.isra.0+0x153/0x700 [ 16.685739] ? __switch_to+0x47/0xf50 [ 16.685769] ? __schedule+0x10c6/0x2b60 [ 16.685794] ? __pfx_read_tsc+0x10/0x10 [ 16.685817] ? ktime_get_ts64+0x86/0x230 [ 16.685847] kunit_try_run_case+0x1a5/0x480 [ 16.685872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.685896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.685921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.685946] ? __kthread_parkme+0x82/0x180 [ 16.685968] ? preempt_count_sub+0x50/0x80 [ 16.685994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.686019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.686044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.686069] kthread+0x337/0x6f0 [ 16.686090] ? trace_preempt_on+0x20/0xc0 [ 16.686115] ? __pfx_kthread+0x10/0x10 [ 16.686138] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.686160] ? calculate_sigpending+0x7b/0xa0 [ 16.686186] ? __pfx_kthread+0x10/0x10 [ 16.686209] ret_from_fork+0x116/0x1d0 [ 16.686229] ? __pfx_kthread+0x10/0x10 [ 16.686252] ret_from_fork_asm+0x1a/0x30 [ 16.686285] </TASK> [ 16.686297] [ 16.693195] Allocated by task 303: [ 16.693374] kasan_save_stack+0x45/0x70 [ 16.693578] kasan_save_track+0x18/0x40 [ 16.693738] kasan_save_alloc_info+0x3b/0x50 [ 16.693957] __kasan_kmalloc+0xb7/0xc0 [ 16.694125] __kmalloc_noprof+0x1c9/0x500 [ 16.694272] kunit_kmalloc_array+0x25/0x60 [ 16.694424] copy_user_test_oob+0xab/0x10f0 [ 16.694577] kunit_try_run_case+0x1a5/0x480 [ 16.694802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.695049] kthread+0x337/0x6f0 [ 16.695215] ret_from_fork+0x116/0x1d0 [ 16.695409] ret_from_fork_asm+0x1a/0x30 [ 16.695611] [ 16.695687] The buggy address belongs to the object at ffff88810315a200 [ 16.695687] which belongs to the cache kmalloc-128 of size 128 [ 16.696162] The buggy address is located 0 bytes inside of [ 16.696162] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.696603] [ 16.696704] The buggy address belongs to the physical page: [ 16.696929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.697264] flags: 0x200000000000000(node=0|zone=2) [ 16.697480] page_type: f5(slab) [ 16.697661] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.697964] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.698252] page dumped because: kasan: bad access detected [ 16.698489] [ 16.698574] Memory state around the buggy address: [ 16.698781] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.699018] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.699230] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.699470] ^ [ 16.699794] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.700105] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.700340] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 16.651412] ================================================================== [ 16.652275] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 16.652777] Write of size 121 at addr ffff88810315a200 by task kunit_try_catch/303 [ 16.653672] [ 16.653997] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.654065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.654080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.654105] Call Trace: [ 16.654121] <TASK> [ 16.654142] dump_stack_lvl+0x73/0xb0 [ 16.654177] print_report+0xd1/0x610 [ 16.654203] ? __virt_addr_valid+0x1db/0x2d0 [ 16.654230] ? _copy_from_user+0x32/0x90 [ 16.654251] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.654275] ? _copy_from_user+0x32/0x90 [ 16.654297] kasan_report+0x141/0x180 [ 16.654321] ? _copy_from_user+0x32/0x90 [ 16.654348] kasan_check_range+0x10c/0x1c0 [ 16.654373] __kasan_check_write+0x18/0x20 [ 16.654409] _copy_from_user+0x32/0x90 [ 16.654431] copy_user_test_oob+0x2be/0x10f0 [ 16.654460] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.654484] ? finish_task_switch.isra.0+0x153/0x700 [ 16.654511] ? __switch_to+0x47/0xf50 [ 16.654541] ? __schedule+0x10c6/0x2b60 [ 16.654565] ? __pfx_read_tsc+0x10/0x10 [ 16.654596] ? ktime_get_ts64+0x86/0x230 [ 16.654623] kunit_try_run_case+0x1a5/0x480 [ 16.654649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.654673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.654698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.654722] ? __kthread_parkme+0x82/0x180 [ 16.654745] ? preempt_count_sub+0x50/0x80 [ 16.654771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.654797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.654822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.654847] kthread+0x337/0x6f0 [ 16.654869] ? trace_preempt_on+0x20/0xc0 [ 16.654894] ? __pfx_kthread+0x10/0x10 [ 16.654916] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.654939] ? calculate_sigpending+0x7b/0xa0 [ 16.654965] ? __pfx_kthread+0x10/0x10 [ 16.654989] ret_from_fork+0x116/0x1d0 [ 16.655009] ? __pfx_kthread+0x10/0x10 [ 16.655032] ret_from_fork_asm+0x1a/0x30 [ 16.655066] </TASK> [ 16.655080] [ 16.666830] Allocated by task 303: [ 16.667380] kasan_save_stack+0x45/0x70 [ 16.667797] kasan_save_track+0x18/0x40 [ 16.668086] kasan_save_alloc_info+0x3b/0x50 [ 16.668390] __kasan_kmalloc+0xb7/0xc0 [ 16.668950] __kmalloc_noprof+0x1c9/0x500 [ 16.669326] kunit_kmalloc_array+0x25/0x60 [ 16.669542] copy_user_test_oob+0xab/0x10f0 [ 16.670036] kunit_try_run_case+0x1a5/0x480 [ 16.670469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.670926] kthread+0x337/0x6f0 [ 16.671107] ret_from_fork+0x116/0x1d0 [ 16.671553] ret_from_fork_asm+0x1a/0x30 [ 16.671723] [ 16.672025] The buggy address belongs to the object at ffff88810315a200 [ 16.672025] which belongs to the cache kmalloc-128 of size 128 [ 16.672807] The buggy address is located 0 bytes inside of [ 16.672807] allocated 120-byte region [ffff88810315a200, ffff88810315a278) [ 16.673661] [ 16.673832] The buggy address belongs to the physical page: [ 16.674036] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.674577] flags: 0x200000000000000(node=0|zone=2) [ 16.674916] page_type: f5(slab) [ 16.675098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.675570] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.675978] page dumped because: kasan: bad access detected [ 16.676440] [ 16.676548] Memory state around the buggy address: [ 16.676901] ffff88810315a100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.677388] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.677938] >ffff88810315a200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.678474] ^ [ 16.678917] ffff88810315a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.679371] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.679923] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 16.619529] ================================================================== [ 16.619840] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.620197] Write of size 8 at addr ffff88810315a178 by task kunit_try_catch/299 [ 16.620551] [ 16.620744] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.620792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.620805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.620828] Call Trace: [ 16.620847] <TASK> [ 16.620865] dump_stack_lvl+0x73/0xb0 [ 16.620894] print_report+0xd1/0x610 [ 16.620918] ? __virt_addr_valid+0x1db/0x2d0 [ 16.620942] ? copy_to_kernel_nofault+0x99/0x260 [ 16.620967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.620990] ? copy_to_kernel_nofault+0x99/0x260 [ 16.621015] kasan_report+0x141/0x180 [ 16.621038] ? copy_to_kernel_nofault+0x99/0x260 [ 16.621068] kasan_check_range+0x10c/0x1c0 [ 16.621093] __kasan_check_write+0x18/0x20 [ 16.621114] copy_to_kernel_nofault+0x99/0x260 [ 16.621140] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.621165] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.621189] ? finish_task_switch.isra.0+0x153/0x700 [ 16.621212] ? __schedule+0x10c6/0x2b60 [ 16.621235] ? trace_hardirqs_on+0x37/0xe0 [ 16.621267] ? __pfx_read_tsc+0x10/0x10 [ 16.621289] ? ktime_get_ts64+0x86/0x230 [ 16.621315] kunit_try_run_case+0x1a5/0x480 [ 16.621362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.621385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.621420] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.621444] ? __kthread_parkme+0x82/0x180 [ 16.621467] ? preempt_count_sub+0x50/0x80 [ 16.621493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.621519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.621544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.621586] kthread+0x337/0x6f0 [ 16.621608] ? trace_preempt_on+0x20/0xc0 [ 16.621631] ? __pfx_kthread+0x10/0x10 [ 16.621653] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.621676] ? calculate_sigpending+0x7b/0xa0 [ 16.621700] ? __pfx_kthread+0x10/0x10 [ 16.621724] ret_from_fork+0x116/0x1d0 [ 16.621744] ? __pfx_kthread+0x10/0x10 [ 16.621766] ret_from_fork_asm+0x1a/0x30 [ 16.621799] </TASK> [ 16.621835] [ 16.629894] Allocated by task 299: [ 16.630089] kasan_save_stack+0x45/0x70 [ 16.630342] kasan_save_track+0x18/0x40 [ 16.630588] kasan_save_alloc_info+0x3b/0x50 [ 16.630745] __kasan_kmalloc+0xb7/0xc0 [ 16.631008] __kmalloc_cache_noprof+0x189/0x420 [ 16.631236] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.631504] kunit_try_run_case+0x1a5/0x480 [ 16.631683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.631938] kthread+0x337/0x6f0 [ 16.632134] ret_from_fork+0x116/0x1d0 [ 16.632303] ret_from_fork_asm+0x1a/0x30 [ 16.632457] [ 16.632650] The buggy address belongs to the object at ffff88810315a100 [ 16.632650] which belongs to the cache kmalloc-128 of size 128 [ 16.633122] The buggy address is located 0 bytes to the right of [ 16.633122] allocated 120-byte region [ffff88810315a100, ffff88810315a178) [ 16.633508] [ 16.633583] The buggy address belongs to the physical page: [ 16.633759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.634160] flags: 0x200000000000000(node=0|zone=2) [ 16.634405] page_type: f5(slab) [ 16.634732] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.635165] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.635458] page dumped because: kasan: bad access detected [ 16.635657] [ 16.635730] Memory state around the buggy address: [ 16.635888] ffff88810315a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.636242] ffff88810315a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.636592] >ffff88810315a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.636931] ^ [ 16.637298] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.637692] ffff88810315a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.637945] ================================================================== [ 16.586967] ================================================================== [ 16.588800] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.589492] Read of size 8 at addr ffff88810315a178 by task kunit_try_catch/299 [ 16.590370] [ 16.590618] CPU: 0 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.590671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.590686] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.590710] Call Trace: [ 16.590726] <TASK> [ 16.590744] dump_stack_lvl+0x73/0xb0 [ 16.590780] print_report+0xd1/0x610 [ 16.590806] ? __virt_addr_valid+0x1db/0x2d0 [ 16.590832] ? copy_to_kernel_nofault+0x225/0x260 [ 16.590856] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.590880] ? copy_to_kernel_nofault+0x225/0x260 [ 16.590905] kasan_report+0x141/0x180 [ 16.590928] ? copy_to_kernel_nofault+0x225/0x260 [ 16.590959] __asan_report_load8_noabort+0x18/0x20 [ 16.590984] copy_to_kernel_nofault+0x225/0x260 [ 16.591011] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.591202] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.591228] ? finish_task_switch.isra.0+0x153/0x700 [ 16.591269] ? __schedule+0x10c6/0x2b60 [ 16.591294] ? trace_hardirqs_on+0x37/0xe0 [ 16.591330] ? __pfx_read_tsc+0x10/0x10 [ 16.591355] ? ktime_get_ts64+0x86/0x230 [ 16.591382] kunit_try_run_case+0x1a5/0x480 [ 16.591417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.591441] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.591466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.591491] ? __kthread_parkme+0x82/0x180 [ 16.591513] ? preempt_count_sub+0x50/0x80 [ 16.591538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.591564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.591589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.591614] kthread+0x337/0x6f0 [ 16.591635] ? trace_preempt_on+0x20/0xc0 [ 16.591659] ? __pfx_kthread+0x10/0x10 [ 16.591681] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.591704] ? calculate_sigpending+0x7b/0xa0 [ 16.591730] ? __pfx_kthread+0x10/0x10 [ 16.591753] ret_from_fork+0x116/0x1d0 [ 16.591772] ? __pfx_kthread+0x10/0x10 [ 16.591795] ret_from_fork_asm+0x1a/0x30 [ 16.591830] </TASK> [ 16.591843] [ 16.609198] Allocated by task 299: [ 16.609724] kasan_save_stack+0x45/0x70 [ 16.610089] kasan_save_track+0x18/0x40 [ 16.610591] kasan_save_alloc_info+0x3b/0x50 [ 16.610760] __kasan_kmalloc+0xb7/0xc0 [ 16.610901] __kmalloc_cache_noprof+0x189/0x420 [ 16.611450] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.611968] kunit_try_run_case+0x1a5/0x480 [ 16.612558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.612818] kthread+0x337/0x6f0 [ 16.612948] ret_from_fork+0x116/0x1d0 [ 16.613086] ret_from_fork_asm+0x1a/0x30 [ 16.613233] [ 16.613310] The buggy address belongs to the object at ffff88810315a100 [ 16.613310] which belongs to the cache kmalloc-128 of size 128 [ 16.613699] The buggy address is located 0 bytes to the right of [ 16.613699] allocated 120-byte region [ffff88810315a100, ffff88810315a178) [ 16.614337] [ 16.614487] The buggy address belongs to the physical page: [ 16.614700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 16.615094] flags: 0x200000000000000(node=0|zone=2) [ 16.615351] page_type: f5(slab) [ 16.615537] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.615867] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.616140] page dumped because: kasan: bad access detected [ 16.616602] [ 16.616703] Memory state around the buggy address: [ 16.616893] ffff88810315a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.617128] ffff88810315a080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.617632] >ffff88810315a100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.617966] ^ [ 16.618220] ffff88810315a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.618487] ffff88810315a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.618804] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 16.448141] ================================================================== [ 16.448495] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 16.448846] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.449132] [ 16.449240] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.449282] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.449309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.449334] Call Trace: [ 16.449350] <TASK> [ 16.449367] dump_stack_lvl+0x73/0xb0 [ 16.449408] print_report+0xd1/0x610 [ 16.449432] ? __virt_addr_valid+0x1db/0x2d0 [ 16.449456] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.449478] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.449502] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.449526] kasan_report+0x141/0x180 [ 16.449550] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.449578] kasan_check_range+0x10c/0x1c0 [ 16.449604] __kasan_check_write+0x18/0x20 [ 16.449636] kasan_atomics_helper+0x20c8/0x5450 [ 16.449660] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.449683] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.449710] ? kasan_atomics+0x152/0x310 [ 16.449738] kasan_atomics+0x1dc/0x310 [ 16.449762] ? __pfx_kasan_atomics+0x10/0x10 [ 16.449787] ? __pfx_read_tsc+0x10/0x10 [ 16.449809] ? ktime_get_ts64+0x86/0x230 [ 16.449836] kunit_try_run_case+0x1a5/0x480 [ 16.449862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.449886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.449912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.449938] ? __kthread_parkme+0x82/0x180 [ 16.449960] ? preempt_count_sub+0x50/0x80 [ 16.449985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.450011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.450037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.450062] kthread+0x337/0x6f0 [ 16.450083] ? trace_preempt_on+0x20/0xc0 [ 16.450107] ? __pfx_kthread+0x10/0x10 [ 16.450130] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.450153] ? calculate_sigpending+0x7b/0xa0 [ 16.450178] ? __pfx_kthread+0x10/0x10 [ 16.450202] ret_from_fork+0x116/0x1d0 [ 16.450222] ? __pfx_kthread+0x10/0x10 [ 16.450244] ret_from_fork_asm+0x1a/0x30 [ 16.450278] </TASK> [ 16.450288] [ 16.457478] Allocated by task 283: [ 16.457642] kasan_save_stack+0x45/0x70 [ 16.457843] kasan_save_track+0x18/0x40 [ 16.458038] kasan_save_alloc_info+0x3b/0x50 [ 16.458247] __kasan_kmalloc+0xb7/0xc0 [ 16.458448] __kmalloc_cache_noprof+0x189/0x420 [ 16.458761] kasan_atomics+0x95/0x310 [ 16.458911] kunit_try_run_case+0x1a5/0x480 [ 16.459122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.459346] kthread+0x337/0x6f0 [ 16.459516] ret_from_fork+0x116/0x1d0 [ 16.459681] ret_from_fork_asm+0x1a/0x30 [ 16.459867] [ 16.459966] The buggy address belongs to the object at ffff88810394df80 [ 16.459966] which belongs to the cache kmalloc-64 of size 64 [ 16.460448] The buggy address is located 0 bytes to the right of [ 16.460448] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.460971] [ 16.461060] The buggy address belongs to the physical page: [ 16.461292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.461550] flags: 0x200000000000000(node=0|zone=2) [ 16.461936] page_type: f5(slab) [ 16.462144] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.462437] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.462729] page dumped because: kasan: bad access detected [ 16.462942] [ 16.463036] Memory state around the buggy address: [ 16.463238] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.463532] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.463966] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.464184] ^ [ 16.464342] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.464682] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.464996] ================================================================== [ 15.884768] ================================================================== [ 15.885241] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 15.885585] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.885890] [ 15.885998] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.886044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.886058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.886082] Call Trace: [ 15.886098] <TASK> [ 15.886116] dump_stack_lvl+0x73/0xb0 [ 15.886145] print_report+0xd1/0x610 [ 15.886169] ? __virt_addr_valid+0x1db/0x2d0 [ 15.886194] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.886217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.886240] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.886264] kasan_report+0x141/0x180 [ 15.886287] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.886316] kasan_check_range+0x10c/0x1c0 [ 15.886340] __kasan_check_write+0x18/0x20 [ 15.886361] kasan_atomics_helper+0x12e6/0x5450 [ 15.886385] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.886419] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.886445] ? kasan_atomics+0x152/0x310 [ 15.886474] kasan_atomics+0x1dc/0x310 [ 15.886498] ? __pfx_kasan_atomics+0x10/0x10 [ 15.886524] ? __pfx_read_tsc+0x10/0x10 [ 15.886546] ? ktime_get_ts64+0x86/0x230 [ 15.886572] kunit_try_run_case+0x1a5/0x480 [ 15.886599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.886622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.886648] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.886673] ? __kthread_parkme+0x82/0x180 [ 15.886696] ? preempt_count_sub+0x50/0x80 [ 15.886721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.886748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.886773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.886808] kthread+0x337/0x6f0 [ 15.886830] ? trace_preempt_on+0x20/0xc0 [ 15.886854] ? __pfx_kthread+0x10/0x10 [ 15.886877] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.886899] ? calculate_sigpending+0x7b/0xa0 [ 15.886925] ? __pfx_kthread+0x10/0x10 [ 15.886947] ret_from_fork+0x116/0x1d0 [ 15.886968] ? __pfx_kthread+0x10/0x10 [ 15.886989] ret_from_fork_asm+0x1a/0x30 [ 15.887023] </TASK> [ 15.887034] [ 15.894821] Allocated by task 283: [ 15.894992] kasan_save_stack+0x45/0x70 [ 15.895137] kasan_save_track+0x18/0x40 [ 15.895271] kasan_save_alloc_info+0x3b/0x50 [ 15.895439] __kasan_kmalloc+0xb7/0xc0 [ 15.895622] __kmalloc_cache_noprof+0x189/0x420 [ 15.895865] kasan_atomics+0x95/0x310 [ 15.896052] kunit_try_run_case+0x1a5/0x480 [ 15.896260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.896442] kthread+0x337/0x6f0 [ 15.896562] ret_from_fork+0x116/0x1d0 [ 15.896754] ret_from_fork_asm+0x1a/0x30 [ 15.896953] [ 15.897074] The buggy address belongs to the object at ffff88810394df80 [ 15.897074] which belongs to the cache kmalloc-64 of size 64 [ 15.897613] The buggy address is located 0 bytes to the right of [ 15.897613] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.898083] [ 15.898160] The buggy address belongs to the physical page: [ 15.898427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.898869] flags: 0x200000000000000(node=0|zone=2) [ 15.899071] page_type: f5(slab) [ 15.899245] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.899571] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.899887] page dumped because: kasan: bad access detected [ 15.900102] [ 15.900198] Memory state around the buggy address: [ 15.900436] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.900806] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.901085] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.901414] ^ [ 15.901646] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.901969] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.902280] ================================================================== [ 15.744355] ================================================================== [ 15.744888] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 15.745312] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.745832] [ 15.745934] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.745980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.745994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.746125] Call Trace: [ 15.746145] <TASK> [ 15.746163] dump_stack_lvl+0x73/0xb0 [ 15.746195] print_report+0xd1/0x610 [ 15.746219] ? __virt_addr_valid+0x1db/0x2d0 [ 15.746244] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.746267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.746291] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.746314] kasan_report+0x141/0x180 [ 15.746338] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.746367] __asan_report_load4_noabort+0x18/0x20 [ 15.746405] kasan_atomics_helper+0x4a36/0x5450 [ 15.746430] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.746454] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.746481] ? kasan_atomics+0x152/0x310 [ 15.746510] kasan_atomics+0x1dc/0x310 [ 15.746535] ? __pfx_kasan_atomics+0x10/0x10 [ 15.746561] ? __pfx_read_tsc+0x10/0x10 [ 15.746583] ? ktime_get_ts64+0x86/0x230 [ 15.746610] kunit_try_run_case+0x1a5/0x480 [ 15.746638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.746663] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.746688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.746714] ? __kthread_parkme+0x82/0x180 [ 15.746737] ? preempt_count_sub+0x50/0x80 [ 15.746762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.746789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.746814] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.746840] kthread+0x337/0x6f0 [ 15.746861] ? trace_preempt_on+0x20/0xc0 [ 15.746886] ? __pfx_kthread+0x10/0x10 [ 15.746909] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.746933] ? calculate_sigpending+0x7b/0xa0 [ 15.746959] ? __pfx_kthread+0x10/0x10 [ 15.746983] ret_from_fork+0x116/0x1d0 [ 15.747003] ? __pfx_kthread+0x10/0x10 [ 15.747025] ret_from_fork_asm+0x1a/0x30 [ 15.747059] </TASK> [ 15.747071] [ 15.756513] Allocated by task 283: [ 15.756815] kasan_save_stack+0x45/0x70 [ 15.757192] kasan_save_track+0x18/0x40 [ 15.757347] kasan_save_alloc_info+0x3b/0x50 [ 15.757747] __kasan_kmalloc+0xb7/0xc0 [ 15.757943] __kmalloc_cache_noprof+0x189/0x420 [ 15.758162] kasan_atomics+0x95/0x310 [ 15.758339] kunit_try_run_case+0x1a5/0x480 [ 15.758554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.759005] kthread+0x337/0x6f0 [ 15.759161] ret_from_fork+0x116/0x1d0 [ 15.759478] ret_from_fork_asm+0x1a/0x30 [ 15.759771] [ 15.759867] The buggy address belongs to the object at ffff88810394df80 [ 15.759867] which belongs to the cache kmalloc-64 of size 64 [ 15.760512] The buggy address is located 0 bytes to the right of [ 15.760512] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.761239] [ 15.761342] The buggy address belongs to the physical page: [ 15.761541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.762120] flags: 0x200000000000000(node=0|zone=2) [ 15.762460] page_type: f5(slab) [ 15.762592] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.763040] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.763391] page dumped because: kasan: bad access detected [ 15.763596] [ 15.763769] Memory state around the buggy address: [ 15.764121] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.764413] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.764859] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.765226] ^ [ 15.765439] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.765896] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.766261] ================================================================== [ 16.482823] ================================================================== [ 16.483169] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 16.483620] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.483951] [ 16.484080] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.484123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.484137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.484158] Call Trace: [ 16.484175] <TASK> [ 16.484193] dump_stack_lvl+0x73/0xb0 [ 16.484221] print_report+0xd1/0x610 [ 16.484244] ? __virt_addr_valid+0x1db/0x2d0 [ 16.484268] ? kasan_atomics_helper+0x218a/0x5450 [ 16.484290] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.484314] ? kasan_atomics_helper+0x218a/0x5450 [ 16.484336] kasan_report+0x141/0x180 [ 16.484359] ? kasan_atomics_helper+0x218a/0x5450 [ 16.484389] kasan_check_range+0x10c/0x1c0 [ 16.484426] __kasan_check_write+0x18/0x20 [ 16.484447] kasan_atomics_helper+0x218a/0x5450 [ 16.484471] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.484495] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.484521] ? kasan_atomics+0x152/0x310 [ 16.484549] kasan_atomics+0x1dc/0x310 [ 16.484573] ? __pfx_kasan_atomics+0x10/0x10 [ 16.484600] ? __pfx_read_tsc+0x10/0x10 [ 16.484623] ? ktime_get_ts64+0x86/0x230 [ 16.484649] kunit_try_run_case+0x1a5/0x480 [ 16.484680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.484704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.484730] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.484755] ? __kthread_parkme+0x82/0x180 [ 16.484777] ? preempt_count_sub+0x50/0x80 [ 16.484802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.484829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.484855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.484880] kthread+0x337/0x6f0 [ 16.484901] ? trace_preempt_on+0x20/0xc0 [ 16.484925] ? __pfx_kthread+0x10/0x10 [ 16.484948] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.484971] ? calculate_sigpending+0x7b/0xa0 [ 16.484996] ? __pfx_kthread+0x10/0x10 [ 16.485019] ret_from_fork+0x116/0x1d0 [ 16.485039] ? __pfx_kthread+0x10/0x10 [ 16.485061] ret_from_fork_asm+0x1a/0x30 [ 16.485095] </TASK> [ 16.485106] [ 16.492488] Allocated by task 283: [ 16.492760] kasan_save_stack+0x45/0x70 [ 16.492961] kasan_save_track+0x18/0x40 [ 16.493151] kasan_save_alloc_info+0x3b/0x50 [ 16.493361] __kasan_kmalloc+0xb7/0xc0 [ 16.493558] __kmalloc_cache_noprof+0x189/0x420 [ 16.493782] kasan_atomics+0x95/0x310 [ 16.493970] kunit_try_run_case+0x1a5/0x480 [ 16.494152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.494331] kthread+0x337/0x6f0 [ 16.494465] ret_from_fork+0x116/0x1d0 [ 16.494625] ret_from_fork_asm+0x1a/0x30 [ 16.494831] [ 16.494931] The buggy address belongs to the object at ffff88810394df80 [ 16.494931] which belongs to the cache kmalloc-64 of size 64 [ 16.495477] The buggy address is located 0 bytes to the right of [ 16.495477] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.496100] [ 16.496180] The buggy address belongs to the physical page: [ 16.496421] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.496776] flags: 0x200000000000000(node=0|zone=2) [ 16.496992] page_type: f5(slab) [ 16.497116] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.497351] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.497831] page dumped because: kasan: bad access detected [ 16.498096] [ 16.498193] Memory state around the buggy address: [ 16.498424] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.498763] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.499043] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.499335] ^ [ 16.499536] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.499925] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.500146] ================================================================== [ 15.921289] ================================================================== [ 15.922454] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 15.923091] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.923422] [ 15.923536] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.923582] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.923594] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.923619] Call Trace: [ 15.923634] <TASK> [ 15.923651] dump_stack_lvl+0x73/0xb0 [ 15.923684] print_report+0xd1/0x610 [ 15.923729] ? __virt_addr_valid+0x1db/0x2d0 [ 15.923754] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.923790] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.923828] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.923852] kasan_report+0x141/0x180 [ 15.923877] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.923905] kasan_check_range+0x10c/0x1c0 [ 15.923931] __kasan_check_read+0x15/0x20 [ 15.923951] kasan_atomics_helper+0x13b5/0x5450 [ 15.923975] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.923999] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.924026] ? kasan_atomics+0x152/0x310 [ 15.924055] kasan_atomics+0x1dc/0x310 [ 15.924078] ? __pfx_kasan_atomics+0x10/0x10 [ 15.924104] ? __pfx_read_tsc+0x10/0x10 [ 15.924127] ? ktime_get_ts64+0x86/0x230 [ 15.924153] kunit_try_run_case+0x1a5/0x480 [ 15.924196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.924221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.924260] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.924299] ? __kthread_parkme+0x82/0x180 [ 15.924334] ? preempt_count_sub+0x50/0x80 [ 15.924373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.924409] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.924448] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.924488] kthread+0x337/0x6f0 [ 15.924522] ? trace_preempt_on+0x20/0xc0 [ 15.924559] ? __pfx_kthread+0x10/0x10 [ 15.924595] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.924618] ? calculate_sigpending+0x7b/0xa0 [ 15.924657] ? __pfx_kthread+0x10/0x10 [ 15.924698] ret_from_fork+0x116/0x1d0 [ 15.924732] ? __pfx_kthread+0x10/0x10 [ 15.924767] ret_from_fork_asm+0x1a/0x30 [ 15.924802] </TASK> [ 15.924813] [ 15.932809] Allocated by task 283: [ 15.933010] kasan_save_stack+0x45/0x70 [ 15.933181] kasan_save_track+0x18/0x40 [ 15.933374] kasan_save_alloc_info+0x3b/0x50 [ 15.933612] __kasan_kmalloc+0xb7/0xc0 [ 15.933788] __kmalloc_cache_noprof+0x189/0x420 [ 15.934018] kasan_atomics+0x95/0x310 [ 15.934198] kunit_try_run_case+0x1a5/0x480 [ 15.934440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.934699] kthread+0x337/0x6f0 [ 15.934886] ret_from_fork+0x116/0x1d0 [ 15.935039] ret_from_fork_asm+0x1a/0x30 [ 15.935259] [ 15.935338] The buggy address belongs to the object at ffff88810394df80 [ 15.935338] which belongs to the cache kmalloc-64 of size 64 [ 15.935848] The buggy address is located 0 bytes to the right of [ 15.935848] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.936364] [ 15.936476] The buggy address belongs to the physical page: [ 15.936781] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.937086] flags: 0x200000000000000(node=0|zone=2) [ 15.937338] page_type: f5(slab) [ 15.937536] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.937947] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.938238] page dumped because: kasan: bad access detected [ 15.938520] [ 15.938634] Memory state around the buggy address: [ 15.938851] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.939214] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.939553] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.939808] ^ [ 15.940031] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.940361] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.940710] ================================================================== [ 16.150486] ================================================================== [ 16.151232] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 16.151989] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.152634] [ 16.152812] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.152855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.152868] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.152890] Call Trace: [ 16.152908] <TASK> [ 16.152924] dump_stack_lvl+0x73/0xb0 [ 16.152953] print_report+0xd1/0x610 [ 16.152976] ? __virt_addr_valid+0x1db/0x2d0 [ 16.153001] ? kasan_atomics_helper+0x194a/0x5450 [ 16.153025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.153049] ? kasan_atomics_helper+0x194a/0x5450 [ 16.153074] kasan_report+0x141/0x180 [ 16.153097] ? kasan_atomics_helper+0x194a/0x5450 [ 16.153125] kasan_check_range+0x10c/0x1c0 [ 16.153151] __kasan_check_write+0x18/0x20 [ 16.153171] kasan_atomics_helper+0x194a/0x5450 [ 16.153195] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.153219] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.153247] ? kasan_atomics+0x152/0x310 [ 16.153275] kasan_atomics+0x1dc/0x310 [ 16.153300] ? __pfx_kasan_atomics+0x10/0x10 [ 16.153326] ? __pfx_read_tsc+0x10/0x10 [ 16.153348] ? ktime_get_ts64+0x86/0x230 [ 16.153373] kunit_try_run_case+0x1a5/0x480 [ 16.153411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.153436] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.153460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.153486] ? __kthread_parkme+0x82/0x180 [ 16.153507] ? preempt_count_sub+0x50/0x80 [ 16.153532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.153558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.153583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.153619] kthread+0x337/0x6f0 [ 16.153641] ? trace_preempt_on+0x20/0xc0 [ 16.153665] ? __pfx_kthread+0x10/0x10 [ 16.153687] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.153710] ? calculate_sigpending+0x7b/0xa0 [ 16.153735] ? __pfx_kthread+0x10/0x10 [ 16.153758] ret_from_fork+0x116/0x1d0 [ 16.153778] ? __pfx_kthread+0x10/0x10 [ 16.153799] ret_from_fork_asm+0x1a/0x30 [ 16.153834] </TASK> [ 16.153844] [ 16.164967] Allocated by task 283: [ 16.165144] kasan_save_stack+0x45/0x70 [ 16.165312] kasan_save_track+0x18/0x40 [ 16.165463] kasan_save_alloc_info+0x3b/0x50 [ 16.165616] __kasan_kmalloc+0xb7/0xc0 [ 16.165887] __kmalloc_cache_noprof+0x189/0x420 [ 16.166119] kasan_atomics+0x95/0x310 [ 16.166316] kunit_try_run_case+0x1a5/0x480 [ 16.166541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.166775] kthread+0x337/0x6f0 [ 16.166935] ret_from_fork+0x116/0x1d0 [ 16.167088] ret_from_fork_asm+0x1a/0x30 [ 16.167293] [ 16.167389] The buggy address belongs to the object at ffff88810394df80 [ 16.167389] which belongs to the cache kmalloc-64 of size 64 [ 16.167901] The buggy address is located 0 bytes to the right of [ 16.167901] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.168381] [ 16.168467] The buggy address belongs to the physical page: [ 16.168676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.169042] flags: 0x200000000000000(node=0|zone=2) [ 16.169280] page_type: f5(slab) [ 16.169451] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.169767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.170094] page dumped because: kasan: bad access detected [ 16.170309] [ 16.170382] Memory state around the buggy address: [ 16.170551] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.170771] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.171126] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.171447] ^ [ 16.171667] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.171958] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.172261] ================================================================== [ 15.960560] ================================================================== [ 15.960899] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 15.961437] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.961847] [ 15.961959] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.962003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.962017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.962040] Call Trace: [ 15.962054] <TASK> [ 15.962071] dump_stack_lvl+0x73/0xb0 [ 15.962100] print_report+0xd1/0x610 [ 15.962123] ? __virt_addr_valid+0x1db/0x2d0 [ 15.962150] ? kasan_atomics_helper+0x1467/0x5450 [ 15.962174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.962198] ? kasan_atomics_helper+0x1467/0x5450 [ 15.962222] kasan_report+0x141/0x180 [ 15.962246] ? kasan_atomics_helper+0x1467/0x5450 [ 15.962297] kasan_check_range+0x10c/0x1c0 [ 15.962323] __kasan_check_write+0x18/0x20 [ 15.962345] kasan_atomics_helper+0x1467/0x5450 [ 15.962386] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.962421] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.962447] ? kasan_atomics+0x152/0x310 [ 15.962492] kasan_atomics+0x1dc/0x310 [ 15.962516] ? __pfx_kasan_atomics+0x10/0x10 [ 15.962557] ? __pfx_read_tsc+0x10/0x10 [ 15.962603] ? ktime_get_ts64+0x86/0x230 [ 15.962629] kunit_try_run_case+0x1a5/0x480 [ 15.962656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.962682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.962707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.962733] ? __kthread_parkme+0x82/0x180 [ 15.962756] ? preempt_count_sub+0x50/0x80 [ 15.962782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.962809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.962835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.962861] kthread+0x337/0x6f0 [ 15.962882] ? trace_preempt_on+0x20/0xc0 [ 15.962908] ? __pfx_kthread+0x10/0x10 [ 15.962931] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.962971] ? calculate_sigpending+0x7b/0xa0 [ 15.962997] ? __pfx_kthread+0x10/0x10 [ 15.963021] ret_from_fork+0x116/0x1d0 [ 15.963041] ? __pfx_kthread+0x10/0x10 [ 15.963079] ret_from_fork_asm+0x1a/0x30 [ 15.963127] </TASK> [ 15.963139] [ 15.971085] Allocated by task 283: [ 15.971224] kasan_save_stack+0x45/0x70 [ 15.971431] kasan_save_track+0x18/0x40 [ 15.971621] kasan_save_alloc_info+0x3b/0x50 [ 15.971837] __kasan_kmalloc+0xb7/0xc0 [ 15.972039] __kmalloc_cache_noprof+0x189/0x420 [ 15.972265] kasan_atomics+0x95/0x310 [ 15.972472] kunit_try_run_case+0x1a5/0x480 [ 15.972698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.972992] kthread+0x337/0x6f0 [ 15.973187] ret_from_fork+0x116/0x1d0 [ 15.973417] ret_from_fork_asm+0x1a/0x30 [ 15.973617] [ 15.973717] The buggy address belongs to the object at ffff88810394df80 [ 15.973717] which belongs to the cache kmalloc-64 of size 64 [ 15.974242] The buggy address is located 0 bytes to the right of [ 15.974242] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.974917] [ 15.974993] The buggy address belongs to the physical page: [ 15.975168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.975423] flags: 0x200000000000000(node=0|zone=2) [ 15.975597] page_type: f5(slab) [ 15.975771] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.976122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.976474] page dumped because: kasan: bad access detected [ 15.976925] [ 15.977049] Memory state around the buggy address: [ 15.977275] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.977561] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.977877] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.978099] ^ [ 15.978257] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.978490] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.978719] ================================================================== [ 15.941264] ================================================================== [ 15.941747] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 15.941987] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.942462] [ 15.942674] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.942719] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.942733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.942755] Call Trace: [ 15.942773] <TASK> [ 15.942790] dump_stack_lvl+0x73/0xb0 [ 15.942820] print_report+0xd1/0x610 [ 15.942842] ? __virt_addr_valid+0x1db/0x2d0 [ 15.942866] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.942889] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.942931] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.942955] kasan_report+0x141/0x180 [ 15.942979] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.943008] __asan_report_load8_noabort+0x18/0x20 [ 15.943303] kasan_atomics_helper+0x4eae/0x5450 [ 15.943327] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.943351] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.943377] ? kasan_atomics+0x152/0x310 [ 15.943416] kasan_atomics+0x1dc/0x310 [ 15.943441] ? __pfx_kasan_atomics+0x10/0x10 [ 15.943467] ? __pfx_read_tsc+0x10/0x10 [ 15.943489] ? ktime_get_ts64+0x86/0x230 [ 15.943515] kunit_try_run_case+0x1a5/0x480 [ 15.943542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.943566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.943614] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.943640] ? __kthread_parkme+0x82/0x180 [ 15.943662] ? preempt_count_sub+0x50/0x80 [ 15.943687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.943714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.943739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.943765] kthread+0x337/0x6f0 [ 15.943785] ? trace_preempt_on+0x20/0xc0 [ 15.943810] ? __pfx_kthread+0x10/0x10 [ 15.943832] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.943856] ? calculate_sigpending+0x7b/0xa0 [ 15.943881] ? __pfx_kthread+0x10/0x10 [ 15.943904] ret_from_fork+0x116/0x1d0 [ 15.943925] ? __pfx_kthread+0x10/0x10 [ 15.943947] ret_from_fork_asm+0x1a/0x30 [ 15.944000] </TASK> [ 15.944012] [ 15.951936] Allocated by task 283: [ 15.952103] kasan_save_stack+0x45/0x70 [ 15.952295] kasan_save_track+0x18/0x40 [ 15.952494] kasan_save_alloc_info+0x3b/0x50 [ 15.952722] __kasan_kmalloc+0xb7/0xc0 [ 15.952893] __kmalloc_cache_noprof+0x189/0x420 [ 15.953108] kasan_atomics+0x95/0x310 [ 15.953273] kunit_try_run_case+0x1a5/0x480 [ 15.953432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.953606] kthread+0x337/0x6f0 [ 15.953726] ret_from_fork+0x116/0x1d0 [ 15.953858] ret_from_fork_asm+0x1a/0x30 [ 15.953997] [ 15.954070] The buggy address belongs to the object at ffff88810394df80 [ 15.954070] which belongs to the cache kmalloc-64 of size 64 [ 15.954479] The buggy address is located 0 bytes to the right of [ 15.954479] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.955143] [ 15.955240] The buggy address belongs to the physical page: [ 15.955505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.955856] flags: 0x200000000000000(node=0|zone=2) [ 15.956085] page_type: f5(slab) [ 15.956251] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.956939] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.957267] page dumped because: kasan: bad access detected [ 15.957451] [ 15.957523] Memory state around the buggy address: [ 15.957922] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.958239] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.958495] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.959025] ^ [ 15.959255] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.959533] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.960021] ================================================================== [ 16.302148] ================================================================== [ 16.302730] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 16.303058] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.303348] [ 16.303465] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.303511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.303525] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.303548] Call Trace: [ 16.303565] <TASK> [ 16.303602] dump_stack_lvl+0x73/0xb0 [ 16.303632] print_report+0xd1/0x610 [ 16.303656] ? __virt_addr_valid+0x1db/0x2d0 [ 16.303680] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.303702] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.303726] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.303749] kasan_report+0x141/0x180 [ 16.303773] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.303801] kasan_check_range+0x10c/0x1c0 [ 16.303826] __kasan_check_write+0x18/0x20 [ 16.303847] kasan_atomics_helper+0x1d7a/0x5450 [ 16.303871] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.303895] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.303922] ? kasan_atomics+0x152/0x310 [ 16.303951] kasan_atomics+0x1dc/0x310 [ 16.303976] ? __pfx_kasan_atomics+0x10/0x10 [ 16.304002] ? __pfx_read_tsc+0x10/0x10 [ 16.304024] ? ktime_get_ts64+0x86/0x230 [ 16.304051] kunit_try_run_case+0x1a5/0x480 [ 16.304077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.304101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.304127] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.304153] ? __kthread_parkme+0x82/0x180 [ 16.304174] ? preempt_count_sub+0x50/0x80 [ 16.304200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.304225] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.304250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.304275] kthread+0x337/0x6f0 [ 16.304295] ? trace_preempt_on+0x20/0xc0 [ 16.304321] ? __pfx_kthread+0x10/0x10 [ 16.304343] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.304366] ? calculate_sigpending+0x7b/0xa0 [ 16.304391] ? __pfx_kthread+0x10/0x10 [ 16.304424] ret_from_fork+0x116/0x1d0 [ 16.304444] ? __pfx_kthread+0x10/0x10 [ 16.304466] ret_from_fork_asm+0x1a/0x30 [ 16.304499] </TASK> [ 16.304511] [ 16.311733] Allocated by task 283: [ 16.311921] kasan_save_stack+0x45/0x70 [ 16.312124] kasan_save_track+0x18/0x40 [ 16.312295] kasan_save_alloc_info+0x3b/0x50 [ 16.312509] __kasan_kmalloc+0xb7/0xc0 [ 16.312704] __kmalloc_cache_noprof+0x189/0x420 [ 16.312926] kasan_atomics+0x95/0x310 [ 16.313114] kunit_try_run_case+0x1a5/0x480 [ 16.313293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.313543] kthread+0x337/0x6f0 [ 16.313699] ret_from_fork+0x116/0x1d0 [ 16.313838] ret_from_fork_asm+0x1a/0x30 [ 16.313985] [ 16.314061] The buggy address belongs to the object at ffff88810394df80 [ 16.314061] which belongs to the cache kmalloc-64 of size 64 [ 16.315188] The buggy address is located 0 bytes to the right of [ 16.315188] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.316756] [ 16.316866] The buggy address belongs to the physical page: [ 16.317136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.317458] flags: 0x200000000000000(node=0|zone=2) [ 16.317990] page_type: f5(slab) [ 16.318148] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.318470] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.319002] page dumped because: kasan: bad access detected [ 16.319341] [ 16.319455] Memory state around the buggy address: [ 16.319829] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.320147] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.320609] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.321022] ^ [ 16.321339] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.321780] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.322103] ================================================================== [ 15.242847] ================================================================== [ 15.243277] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 15.243682] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.244145] [ 15.244338] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.244414] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.244429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.244453] Call Trace: [ 15.244469] <TASK> [ 15.244484] dump_stack_lvl+0x73/0xb0 [ 15.244514] print_report+0xd1/0x610 [ 15.244536] ? __virt_addr_valid+0x1db/0x2d0 [ 15.244560] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.244582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.244615] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.244638] kasan_report+0x141/0x180 [ 15.244678] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.244707] __asan_report_load4_noabort+0x18/0x20 [ 15.244744] kasan_atomics_helper+0x4b54/0x5450 [ 15.244768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.244791] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.244817] ? kasan_atomics+0x152/0x310 [ 15.244855] kasan_atomics+0x1dc/0x310 [ 15.244879] ? __pfx_kasan_atomics+0x10/0x10 [ 15.244906] ? __pfx_read_tsc+0x10/0x10 [ 15.244937] ? ktime_get_ts64+0x86/0x230 [ 15.244963] kunit_try_run_case+0x1a5/0x480 [ 15.244990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.245013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.245048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.245073] ? __kthread_parkme+0x82/0x180 [ 15.245095] ? preempt_count_sub+0x50/0x80 [ 15.245145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.245171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.245196] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.245221] kthread+0x337/0x6f0 [ 15.245242] ? trace_preempt_on+0x20/0xc0 [ 15.245266] ? __pfx_kthread+0x10/0x10 [ 15.245288] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.245313] ? calculate_sigpending+0x7b/0xa0 [ 15.245338] ? __pfx_kthread+0x10/0x10 [ 15.245362] ret_from_fork+0x116/0x1d0 [ 15.245381] ? __pfx_kthread+0x10/0x10 [ 15.245413] ret_from_fork_asm+0x1a/0x30 [ 15.245446] </TASK> [ 15.245458] [ 15.254507] Allocated by task 283: [ 15.254711] kasan_save_stack+0x45/0x70 [ 15.254887] kasan_save_track+0x18/0x40 [ 15.255129] kasan_save_alloc_info+0x3b/0x50 [ 15.255377] __kasan_kmalloc+0xb7/0xc0 [ 15.255579] __kmalloc_cache_noprof+0x189/0x420 [ 15.255817] kasan_atomics+0x95/0x310 [ 15.256012] kunit_try_run_case+0x1a5/0x480 [ 15.256275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.256484] kthread+0x337/0x6f0 [ 15.256718] ret_from_fork+0x116/0x1d0 [ 15.256919] ret_from_fork_asm+0x1a/0x30 [ 15.257193] [ 15.257301] The buggy address belongs to the object at ffff88810394df80 [ 15.257301] which belongs to the cache kmalloc-64 of size 64 [ 15.257676] The buggy address is located 0 bytes to the right of [ 15.257676] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.258048] [ 15.258124] The buggy address belongs to the physical page: [ 15.258302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.258646] flags: 0x200000000000000(node=0|zone=2) [ 15.259119] page_type: f5(slab) [ 15.259502] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.259853] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.260190] page dumped because: kasan: bad access detected [ 15.260512] [ 15.260589] Memory state around the buggy address: [ 15.260823] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.261207] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.261553] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.261846] ^ [ 15.262093] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.262431] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.262820] ================================================================== [ 16.131214] ================================================================== [ 16.131571] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 16.131939] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.132406] [ 16.132523] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.132568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.132583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.132606] Call Trace: [ 16.132621] <TASK> [ 16.132637] dump_stack_lvl+0x73/0xb0 [ 16.132672] print_report+0xd1/0x610 [ 16.132696] ? __virt_addr_valid+0x1db/0x2d0 [ 16.132721] ? kasan_atomics_helper+0x18b1/0x5450 [ 16.132744] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.132767] ? kasan_atomics_helper+0x18b1/0x5450 [ 16.132791] kasan_report+0x141/0x180 [ 16.132814] ? kasan_atomics_helper+0x18b1/0x5450 [ 16.132842] kasan_check_range+0x10c/0x1c0 [ 16.132867] __kasan_check_write+0x18/0x20 [ 16.132888] kasan_atomics_helper+0x18b1/0x5450 [ 16.132912] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.132936] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.132962] ? kasan_atomics+0x152/0x310 [ 16.132991] kasan_atomics+0x1dc/0x310 [ 16.133014] ? __pfx_kasan_atomics+0x10/0x10 [ 16.133040] ? __pfx_read_tsc+0x10/0x10 [ 16.133061] ? ktime_get_ts64+0x86/0x230 [ 16.133088] kunit_try_run_case+0x1a5/0x480 [ 16.133114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.133138] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.133164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.133189] ? __kthread_parkme+0x82/0x180 [ 16.133210] ? preempt_count_sub+0x50/0x80 [ 16.133236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.133261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.133286] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.133311] kthread+0x337/0x6f0 [ 16.133332] ? trace_preempt_on+0x20/0xc0 [ 16.133357] ? __pfx_kthread+0x10/0x10 [ 16.133378] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.133412] ? calculate_sigpending+0x7b/0xa0 [ 16.133436] ? __pfx_kthread+0x10/0x10 [ 16.133460] ret_from_fork+0x116/0x1d0 [ 16.133480] ? __pfx_kthread+0x10/0x10 [ 16.133502] ret_from_fork_asm+0x1a/0x30 [ 16.133536] </TASK> [ 16.133547] [ 16.140953] Allocated by task 283: [ 16.141084] kasan_save_stack+0x45/0x70 [ 16.141227] kasan_save_track+0x18/0x40 [ 16.141365] kasan_save_alloc_info+0x3b/0x50 [ 16.141550] __kasan_kmalloc+0xb7/0xc0 [ 16.141757] __kmalloc_cache_noprof+0x189/0x420 [ 16.141984] kasan_atomics+0x95/0x310 [ 16.142174] kunit_try_run_case+0x1a5/0x480 [ 16.142385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.142673] kthread+0x337/0x6f0 [ 16.142799] ret_from_fork+0x116/0x1d0 [ 16.142935] ret_from_fork_asm+0x1a/0x30 [ 16.143078] [ 16.143153] The buggy address belongs to the object at ffff88810394df80 [ 16.143153] which belongs to the cache kmalloc-64 of size 64 [ 16.143574] The buggy address is located 0 bytes to the right of [ 16.143574] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.144564] [ 16.144746] The buggy address belongs to the physical page: [ 16.145210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.145877] flags: 0x200000000000000(node=0|zone=2) [ 16.146295] page_type: f5(slab) [ 16.146618] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.147246] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.147971] page dumped because: kasan: bad access detected [ 16.148340] [ 16.148421] Memory state around the buggy address: [ 16.148582] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.148806] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.149026] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.149242] ^ [ 16.149443] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.149664] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.149883] ================================================================== [ 15.555231] ================================================================== [ 15.555664] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 15.555977] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.556589] [ 15.556732] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.556778] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.556878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.556951] Call Trace: [ 15.556967] <TASK> [ 15.557019] dump_stack_lvl+0x73/0xb0 [ 15.557052] print_report+0xd1/0x610 [ 15.557122] ? __virt_addr_valid+0x1db/0x2d0 [ 15.557147] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.557170] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.557205] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.557229] kasan_report+0x141/0x180 [ 15.557252] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.557280] kasan_check_range+0x10c/0x1c0 [ 15.557305] __kasan_check_write+0x18/0x20 [ 15.557325] kasan_atomics_helper+0xb6a/0x5450 [ 15.557349] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.557373] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.557408] ? kasan_atomics+0x152/0x310 [ 15.557436] kasan_atomics+0x1dc/0x310 [ 15.557508] ? __pfx_kasan_atomics+0x10/0x10 [ 15.557536] ? __pfx_read_tsc+0x10/0x10 [ 15.557569] ? ktime_get_ts64+0x86/0x230 [ 15.557610] kunit_try_run_case+0x1a5/0x480 [ 15.557671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.557695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.557740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.557766] ? __kthread_parkme+0x82/0x180 [ 15.557788] ? preempt_count_sub+0x50/0x80 [ 15.557824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.557851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.557876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.557901] kthread+0x337/0x6f0 [ 15.557922] ? trace_preempt_on+0x20/0xc0 [ 15.557947] ? __pfx_kthread+0x10/0x10 [ 15.557968] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.557991] ? calculate_sigpending+0x7b/0xa0 [ 15.558016] ? __pfx_kthread+0x10/0x10 [ 15.558039] ret_from_fork+0x116/0x1d0 [ 15.558059] ? __pfx_kthread+0x10/0x10 [ 15.558082] ret_from_fork_asm+0x1a/0x30 [ 15.558114] </TASK> [ 15.558125] [ 15.566958] Allocated by task 283: [ 15.567099] kasan_save_stack+0x45/0x70 [ 15.567349] kasan_save_track+0x18/0x40 [ 15.567560] kasan_save_alloc_info+0x3b/0x50 [ 15.568165] __kasan_kmalloc+0xb7/0xc0 [ 15.568418] __kmalloc_cache_noprof+0x189/0x420 [ 15.568584] kasan_atomics+0x95/0x310 [ 15.568769] kunit_try_run_case+0x1a5/0x480 [ 15.569136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.569517] kthread+0x337/0x6f0 [ 15.569794] ret_from_fork+0x116/0x1d0 [ 15.569942] ret_from_fork_asm+0x1a/0x30 [ 15.570104] [ 15.570206] The buggy address belongs to the object at ffff88810394df80 [ 15.570206] which belongs to the cache kmalloc-64 of size 64 [ 15.571158] The buggy address is located 0 bytes to the right of [ 15.571158] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.571767] [ 15.571892] The buggy address belongs to the physical page: [ 15.572101] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.572483] flags: 0x200000000000000(node=0|zone=2) [ 15.572880] page_type: f5(slab) [ 15.573009] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.573365] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.573843] page dumped because: kasan: bad access detected [ 15.574085] [ 15.574178] Memory state around the buggy address: [ 15.574501] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.574875] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.575242] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.575604] ^ [ 15.575827] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.576128] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.576464] ================================================================== [ 16.048060] ================================================================== [ 16.048459] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 16.049026] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.049351] [ 16.049450] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.049495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.049508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.049531] Call Trace: [ 16.049569] <TASK> [ 16.049586] dump_stack_lvl+0x73/0xb0 [ 16.049618] print_report+0xd1/0x610 [ 16.049641] ? __virt_addr_valid+0x1db/0x2d0 [ 16.049666] ? kasan_atomics_helper+0x164f/0x5450 [ 16.049689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.049713] ? kasan_atomics_helper+0x164f/0x5450 [ 16.049736] kasan_report+0x141/0x180 [ 16.049760] ? kasan_atomics_helper+0x164f/0x5450 [ 16.049788] kasan_check_range+0x10c/0x1c0 [ 16.049814] __kasan_check_write+0x18/0x20 [ 16.049835] kasan_atomics_helper+0x164f/0x5450 [ 16.049859] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.049883] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.049909] ? kasan_atomics+0x152/0x310 [ 16.049956] kasan_atomics+0x1dc/0x310 [ 16.049982] ? __pfx_kasan_atomics+0x10/0x10 [ 16.050008] ? __pfx_read_tsc+0x10/0x10 [ 16.050031] ? ktime_get_ts64+0x86/0x230 [ 16.050058] kunit_try_run_case+0x1a5/0x480 [ 16.050086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.050129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.050169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.050196] ? __kthread_parkme+0x82/0x180 [ 16.050231] ? preempt_count_sub+0x50/0x80 [ 16.050271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.050311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.050350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.050376] kthread+0x337/0x6f0 [ 16.050406] ? trace_preempt_on+0x20/0xc0 [ 16.050433] ? __pfx_kthread+0x10/0x10 [ 16.050456] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.050480] ? calculate_sigpending+0x7b/0xa0 [ 16.050506] ? __pfx_kthread+0x10/0x10 [ 16.050530] ret_from_fork+0x116/0x1d0 [ 16.050550] ? __pfx_kthread+0x10/0x10 [ 16.050572] ret_from_fork_asm+0x1a/0x30 [ 16.050607] </TASK> [ 16.050619] [ 16.058715] Allocated by task 283: [ 16.058916] kasan_save_stack+0x45/0x70 [ 16.059137] kasan_save_track+0x18/0x40 [ 16.059295] kasan_save_alloc_info+0x3b/0x50 [ 16.059459] __kasan_kmalloc+0xb7/0xc0 [ 16.059617] __kmalloc_cache_noprof+0x189/0x420 [ 16.059851] kasan_atomics+0x95/0x310 [ 16.060044] kunit_try_run_case+0x1a5/0x480 [ 16.060252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.060515] kthread+0x337/0x6f0 [ 16.060684] ret_from_fork+0x116/0x1d0 [ 16.060895] ret_from_fork_asm+0x1a/0x30 [ 16.061092] [ 16.061183] The buggy address belongs to the object at ffff88810394df80 [ 16.061183] which belongs to the cache kmalloc-64 of size 64 [ 16.061659] The buggy address is located 0 bytes to the right of [ 16.061659] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.062259] [ 16.062361] The buggy address belongs to the physical page: [ 16.062634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.063011] flags: 0x200000000000000(node=0|zone=2) [ 16.063261] page_type: f5(slab) [ 16.063434] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.064019] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.064306] page dumped because: kasan: bad access detected [ 16.064492] [ 16.064565] Memory state around the buggy address: [ 16.064801] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.065124] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.065438] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.065840] ^ [ 16.066077] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.066364] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.066686] ================================================================== [ 16.262820] ================================================================== [ 16.263165] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 16.263781] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.264209] [ 16.264339] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.264386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.264411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.264434] Call Trace: [ 16.264451] <TASK> [ 16.264469] dump_stack_lvl+0x73/0xb0 [ 16.264500] print_report+0xd1/0x610 [ 16.264524] ? __virt_addr_valid+0x1db/0x2d0 [ 16.264548] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.264593] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.264618] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.264642] kasan_report+0x141/0x180 [ 16.264670] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.264701] __asan_report_load8_noabort+0x18/0x20 [ 16.264727] kasan_atomics_helper+0x4f30/0x5450 [ 16.264751] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.264775] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.264802] ? kasan_atomics+0x152/0x310 [ 16.264830] kasan_atomics+0x1dc/0x310 [ 16.264854] ? __pfx_kasan_atomics+0x10/0x10 [ 16.264880] ? __pfx_read_tsc+0x10/0x10 [ 16.264902] ? ktime_get_ts64+0x86/0x230 [ 16.264930] kunit_try_run_case+0x1a5/0x480 [ 16.264957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.264981] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.265007] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.265031] ? __kthread_parkme+0x82/0x180 [ 16.265053] ? preempt_count_sub+0x50/0x80 [ 16.265078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.265104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.265128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.265154] kthread+0x337/0x6f0 [ 16.265175] ? trace_preempt_on+0x20/0xc0 [ 16.265199] ? __pfx_kthread+0x10/0x10 [ 16.265221] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.265243] ? calculate_sigpending+0x7b/0xa0 [ 16.265268] ? __pfx_kthread+0x10/0x10 [ 16.265291] ret_from_fork+0x116/0x1d0 [ 16.265311] ? __pfx_kthread+0x10/0x10 [ 16.265333] ret_from_fork_asm+0x1a/0x30 [ 16.265366] </TASK> [ 16.265377] [ 16.272515] Allocated by task 283: [ 16.272715] kasan_save_stack+0x45/0x70 [ 16.272863] kasan_save_track+0x18/0x40 [ 16.273060] kasan_save_alloc_info+0x3b/0x50 [ 16.273279] __kasan_kmalloc+0xb7/0xc0 [ 16.273473] __kmalloc_cache_noprof+0x189/0x420 [ 16.273709] kasan_atomics+0x95/0x310 [ 16.273880] kunit_try_run_case+0x1a5/0x480 [ 16.274065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.274292] kthread+0x337/0x6f0 [ 16.274479] ret_from_fork+0x116/0x1d0 [ 16.274663] ret_from_fork_asm+0x1a/0x30 [ 16.274849] [ 16.274948] The buggy address belongs to the object at ffff88810394df80 [ 16.274948] which belongs to the cache kmalloc-64 of size 64 [ 16.275421] The buggy address is located 0 bytes to the right of [ 16.275421] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.275952] [ 16.276052] The buggy address belongs to the physical page: [ 16.276272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.276622] flags: 0x200000000000000(node=0|zone=2) [ 16.276835] page_type: f5(slab) [ 16.276981] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.277283] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.277522] page dumped because: kasan: bad access detected [ 16.277723] [ 16.277798] Memory state around the buggy address: [ 16.277955] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.278174] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.278500] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.278839] ^ [ 16.279065] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.279378] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.279724] ================================================================== [ 16.371259] ================================================================== [ 16.371801] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 16.372177] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.372706] [ 16.372802] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.372952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.373023] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.373047] Call Trace: [ 16.373120] <TASK> [ 16.373140] dump_stack_lvl+0x73/0xb0 [ 16.373171] print_report+0xd1/0x610 [ 16.373194] ? __virt_addr_valid+0x1db/0x2d0 [ 16.373219] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.373242] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.373265] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.373288] kasan_report+0x141/0x180 [ 16.373311] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.373340] kasan_check_range+0x10c/0x1c0 [ 16.373365] __kasan_check_write+0x18/0x20 [ 16.373385] kasan_atomics_helper+0x1f43/0x5450 [ 16.373423] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.373447] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.373473] ? kasan_atomics+0x152/0x310 [ 16.373502] kasan_atomics+0x1dc/0x310 [ 16.373526] ? __pfx_kasan_atomics+0x10/0x10 [ 16.373552] ? __pfx_read_tsc+0x10/0x10 [ 16.373574] ? ktime_get_ts64+0x86/0x230 [ 16.373612] kunit_try_run_case+0x1a5/0x480 [ 16.373639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.373664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.373691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.373716] ? __kthread_parkme+0x82/0x180 [ 16.373739] ? preempt_count_sub+0x50/0x80 [ 16.373764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.373790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.373815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.373841] kthread+0x337/0x6f0 [ 16.373863] ? trace_preempt_on+0x20/0xc0 [ 16.373887] ? __pfx_kthread+0x10/0x10 [ 16.373909] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.373932] ? calculate_sigpending+0x7b/0xa0 [ 16.373960] ? __pfx_kthread+0x10/0x10 [ 16.373984] ret_from_fork+0x116/0x1d0 [ 16.374004] ? __pfx_kthread+0x10/0x10 [ 16.374026] ret_from_fork_asm+0x1a/0x30 [ 16.374059] </TASK> [ 16.374070] [ 16.383688] Allocated by task 283: [ 16.383989] kasan_save_stack+0x45/0x70 [ 16.384258] kasan_save_track+0x18/0x40 [ 16.384554] kasan_save_alloc_info+0x3b/0x50 [ 16.384826] __kasan_kmalloc+0xb7/0xc0 [ 16.385142] __kmalloc_cache_noprof+0x189/0x420 [ 16.385429] kasan_atomics+0x95/0x310 [ 16.385641] kunit_try_run_case+0x1a5/0x480 [ 16.385834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.386069] kthread+0x337/0x6f0 [ 16.386229] ret_from_fork+0x116/0x1d0 [ 16.386409] ret_from_fork_asm+0x1a/0x30 [ 16.386595] [ 16.387067] The buggy address belongs to the object at ffff88810394df80 [ 16.387067] which belongs to the cache kmalloc-64 of size 64 [ 16.387546] The buggy address is located 0 bytes to the right of [ 16.387546] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.388213] [ 16.388314] The buggy address belongs to the physical page: [ 16.388629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.389118] flags: 0x200000000000000(node=0|zone=2) [ 16.389432] page_type: f5(slab) [ 16.389568] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.389997] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.390375] page dumped because: kasan: bad access detected [ 16.390736] [ 16.390817] Memory state around the buggy address: [ 16.391041] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.391334] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.391880] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.392190] ^ [ 16.392425] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.392879] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.393238] ================================================================== [ 15.784924] ================================================================== [ 15.785482] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 15.785859] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.786149] [ 15.786249] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.786294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.786307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.786330] Call Trace: [ 15.786345] <TASK> [ 15.786361] dump_stack_lvl+0x73/0xb0 [ 15.786390] print_report+0xd1/0x610 [ 15.786425] ? __virt_addr_valid+0x1db/0x2d0 [ 15.786450] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.786471] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.786495] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.786519] kasan_report+0x141/0x180 [ 15.786542] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.786572] __asan_report_load4_noabort+0x18/0x20 [ 15.786608] kasan_atomics_helper+0x4a1c/0x5450 [ 15.786633] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.786656] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.786683] ? kasan_atomics+0x152/0x310 [ 15.786712] kasan_atomics+0x1dc/0x310 [ 15.786737] ? __pfx_kasan_atomics+0x10/0x10 [ 15.786762] ? __pfx_read_tsc+0x10/0x10 [ 15.786784] ? ktime_get_ts64+0x86/0x230 [ 15.786812] kunit_try_run_case+0x1a5/0x480 [ 15.786840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.786863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.786889] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.786914] ? __kthread_parkme+0x82/0x180 [ 15.786936] ? preempt_count_sub+0x50/0x80 [ 15.786961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.786987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.787013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.787038] kthread+0x337/0x6f0 [ 15.787059] ? trace_preempt_on+0x20/0xc0 [ 15.787084] ? __pfx_kthread+0x10/0x10 [ 15.787106] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.787128] ? calculate_sigpending+0x7b/0xa0 [ 15.787154] ? __pfx_kthread+0x10/0x10 [ 15.787178] ret_from_fork+0x116/0x1d0 [ 15.787198] ? __pfx_kthread+0x10/0x10 [ 15.787220] ret_from_fork_asm+0x1a/0x30 [ 15.787254] </TASK> [ 15.787266] [ 15.794439] Allocated by task 283: [ 15.794622] kasan_save_stack+0x45/0x70 [ 15.794823] kasan_save_track+0x18/0x40 [ 15.795017] kasan_save_alloc_info+0x3b/0x50 [ 15.795211] __kasan_kmalloc+0xb7/0xc0 [ 15.795346] __kmalloc_cache_noprof+0x189/0x420 [ 15.795514] kasan_atomics+0x95/0x310 [ 15.795893] kunit_try_run_case+0x1a5/0x480 [ 15.796111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.796364] kthread+0x337/0x6f0 [ 15.796516] ret_from_fork+0x116/0x1d0 [ 15.796712] ret_from_fork_asm+0x1a/0x30 [ 15.796913] [ 15.796992] The buggy address belongs to the object at ffff88810394df80 [ 15.796992] which belongs to the cache kmalloc-64 of size 64 [ 15.797468] The buggy address is located 0 bytes to the right of [ 15.797468] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.797988] [ 15.798070] The buggy address belongs to the physical page: [ 15.798306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.798673] flags: 0x200000000000000(node=0|zone=2) [ 15.798878] page_type: f5(slab) [ 15.799027] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.799296] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.799548] page dumped because: kasan: bad access detected [ 15.799732] [ 15.799805] Memory state around the buggy address: [ 15.799963] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.800183] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.800411] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.800754] ^ [ 15.800979] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.801293] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.801650] ================================================================== [ 15.577357] ================================================================== [ 15.578184] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 15.578956] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.579666] [ 15.579931] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.579978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.579992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.580017] Call Trace: [ 15.580033] <TASK> [ 15.580051] dump_stack_lvl+0x73/0xb0 [ 15.580081] print_report+0xd1/0x610 [ 15.580105] ? __virt_addr_valid+0x1db/0x2d0 [ 15.580129] ? kasan_atomics_helper+0xc70/0x5450 [ 15.580151] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.580175] ? kasan_atomics_helper+0xc70/0x5450 [ 15.580198] kasan_report+0x141/0x180 [ 15.580222] ? kasan_atomics_helper+0xc70/0x5450 [ 15.580251] kasan_check_range+0x10c/0x1c0 [ 15.580277] __kasan_check_write+0x18/0x20 [ 15.580297] kasan_atomics_helper+0xc70/0x5450 [ 15.580322] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.580346] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.580372] ? kasan_atomics+0x152/0x310 [ 15.580412] kasan_atomics+0x1dc/0x310 [ 15.580453] ? __pfx_kasan_atomics+0x10/0x10 [ 15.580479] ? __pfx_read_tsc+0x10/0x10 [ 15.580501] ? ktime_get_ts64+0x86/0x230 [ 15.580528] kunit_try_run_case+0x1a5/0x480 [ 15.580555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.580579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.580631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.580655] ? __kthread_parkme+0x82/0x180 [ 15.580692] ? preempt_count_sub+0x50/0x80 [ 15.580717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.580746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.580773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.580798] kthread+0x337/0x6f0 [ 15.580820] ? trace_preempt_on+0x20/0xc0 [ 15.580846] ? __pfx_kthread+0x10/0x10 [ 15.580868] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.580891] ? calculate_sigpending+0x7b/0xa0 [ 15.580917] ? __pfx_kthread+0x10/0x10 [ 15.580940] ret_from_fork+0x116/0x1d0 [ 15.580960] ? __pfx_kthread+0x10/0x10 [ 15.580983] ret_from_fork_asm+0x1a/0x30 [ 15.581016] </TASK> [ 15.581027] [ 15.592605] Allocated by task 283: [ 15.592825] kasan_save_stack+0x45/0x70 [ 15.593013] kasan_save_track+0x18/0x40 [ 15.593153] kasan_save_alloc_info+0x3b/0x50 [ 15.593368] __kasan_kmalloc+0xb7/0xc0 [ 15.593604] __kmalloc_cache_noprof+0x189/0x420 [ 15.593854] kasan_atomics+0x95/0x310 [ 15.594020] kunit_try_run_case+0x1a5/0x480 [ 15.594256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.594479] kthread+0x337/0x6f0 [ 15.594732] ret_from_fork+0x116/0x1d0 [ 15.594893] ret_from_fork_asm+0x1a/0x30 [ 15.595100] [ 15.595196] The buggy address belongs to the object at ffff88810394df80 [ 15.595196] which belongs to the cache kmalloc-64 of size 64 [ 15.595594] The buggy address is located 0 bytes to the right of [ 15.595594] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.596041] [ 15.596253] The buggy address belongs to the physical page: [ 15.596530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.596807] flags: 0x200000000000000(node=0|zone=2) [ 15.596981] page_type: f5(slab) [ 15.597209] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.597574] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.597951] page dumped because: kasan: bad access detected [ 15.598231] [ 15.598321] Memory state around the buggy address: [ 15.598533] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.598888] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.599113] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.599415] ^ [ 15.599696] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.600016] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.600267] ================================================================== [ 16.214330] ================================================================== [ 16.214777] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 16.215498] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.216175] [ 16.216357] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.216415] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.216429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.216452] Call Trace: [ 16.216468] <TASK> [ 16.216485] dump_stack_lvl+0x73/0xb0 [ 16.216515] print_report+0xd1/0x610 [ 16.216539] ? __virt_addr_valid+0x1db/0x2d0 [ 16.216565] ? kasan_atomics_helper+0x1b22/0x5450 [ 16.216594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.216617] ? kasan_atomics_helper+0x1b22/0x5450 [ 16.216641] kasan_report+0x141/0x180 [ 16.216670] ? kasan_atomics_helper+0x1b22/0x5450 [ 16.216698] kasan_check_range+0x10c/0x1c0 [ 16.216723] __kasan_check_write+0x18/0x20 [ 16.216744] kasan_atomics_helper+0x1b22/0x5450 [ 16.216768] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.216792] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.216818] ? kasan_atomics+0x152/0x310 [ 16.216847] kasan_atomics+0x1dc/0x310 [ 16.216870] ? __pfx_kasan_atomics+0x10/0x10 [ 16.216895] ? __pfx_read_tsc+0x10/0x10 [ 16.216917] ? ktime_get_ts64+0x86/0x230 [ 16.216945] kunit_try_run_case+0x1a5/0x480 [ 16.216973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.216997] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.217022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.217048] ? __kthread_parkme+0x82/0x180 [ 16.217069] ? preempt_count_sub+0x50/0x80 [ 16.217096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.217122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.217146] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.217172] kthread+0x337/0x6f0 [ 16.217194] ? trace_preempt_on+0x20/0xc0 [ 16.217219] ? __pfx_kthread+0x10/0x10 [ 16.217241] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.217264] ? calculate_sigpending+0x7b/0xa0 [ 16.217289] ? __pfx_kthread+0x10/0x10 [ 16.217312] ret_from_fork+0x116/0x1d0 [ 16.217331] ? __pfx_kthread+0x10/0x10 [ 16.217354] ret_from_fork_asm+0x1a/0x30 [ 16.217388] </TASK> [ 16.217450] [ 16.227238] Allocated by task 283: [ 16.227438] kasan_save_stack+0x45/0x70 [ 16.227656] kasan_save_track+0x18/0x40 [ 16.227901] kasan_save_alloc_info+0x3b/0x50 [ 16.228061] __kasan_kmalloc+0xb7/0xc0 [ 16.228258] __kmalloc_cache_noprof+0x189/0x420 [ 16.228540] kasan_atomics+0x95/0x310 [ 16.228744] kunit_try_run_case+0x1a5/0x480 [ 16.229266] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.229552] kthread+0x337/0x6f0 [ 16.230181] ret_from_fork+0x116/0x1d0 [ 16.230372] ret_from_fork_asm+0x1a/0x30 [ 16.230624] [ 16.230821] The buggy address belongs to the object at ffff88810394df80 [ 16.230821] which belongs to the cache kmalloc-64 of size 64 [ 16.231320] The buggy address is located 0 bytes to the right of [ 16.231320] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.231972] [ 16.232054] The buggy address belongs to the physical page: [ 16.232314] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.232694] flags: 0x200000000000000(node=0|zone=2) [ 16.232988] page_type: f5(slab) [ 16.233183] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.233545] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.233965] page dumped because: kasan: bad access detected [ 16.234167] [ 16.234278] Memory state around the buggy address: [ 16.234509] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.234891] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.235135] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.235493] ^ [ 16.235671] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.236130] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.236784] ================================================================== [ 15.638159] ================================================================== [ 15.638416] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 15.638972] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.639516] [ 15.639644] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.639690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.639702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.639837] Call Trace: [ 15.639855] <TASK> [ 15.639869] dump_stack_lvl+0x73/0xb0 [ 15.639993] print_report+0xd1/0x610 [ 15.640019] ? __virt_addr_valid+0x1db/0x2d0 [ 15.640043] ? kasan_atomics_helper+0xde0/0x5450 [ 15.640065] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.640091] ? kasan_atomics_helper+0xde0/0x5450 [ 15.640114] kasan_report+0x141/0x180 [ 15.640138] ? kasan_atomics_helper+0xde0/0x5450 [ 15.640167] kasan_check_range+0x10c/0x1c0 [ 15.640192] __kasan_check_write+0x18/0x20 [ 15.640213] kasan_atomics_helper+0xde0/0x5450 [ 15.640240] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.640614] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.640658] ? kasan_atomics+0x152/0x310 [ 15.640794] kasan_atomics+0x1dc/0x310 [ 15.640910] ? __pfx_kasan_atomics+0x10/0x10 [ 15.640941] ? __pfx_read_tsc+0x10/0x10 [ 15.640965] ? ktime_get_ts64+0x86/0x230 [ 15.640992] kunit_try_run_case+0x1a5/0x480 [ 15.641019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.641043] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.641068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.641094] ? __kthread_parkme+0x82/0x180 [ 15.641116] ? preempt_count_sub+0x50/0x80 [ 15.641143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.641169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.641195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.641220] kthread+0x337/0x6f0 [ 15.641241] ? trace_preempt_on+0x20/0xc0 [ 15.641266] ? __pfx_kthread+0x10/0x10 [ 15.641289] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.641312] ? calculate_sigpending+0x7b/0xa0 [ 15.641337] ? __pfx_kthread+0x10/0x10 [ 15.641361] ret_from_fork+0x116/0x1d0 [ 15.641381] ? __pfx_kthread+0x10/0x10 [ 15.641411] ret_from_fork_asm+0x1a/0x30 [ 15.641445] </TASK> [ 15.641457] [ 15.658254] Allocated by task 283: [ 15.658900] kasan_save_stack+0x45/0x70 [ 15.659367] kasan_save_track+0x18/0x40 [ 15.659933] kasan_save_alloc_info+0x3b/0x50 [ 15.660385] __kasan_kmalloc+0xb7/0xc0 [ 15.660550] __kmalloc_cache_noprof+0x189/0x420 [ 15.661229] kasan_atomics+0x95/0x310 [ 15.661783] kunit_try_run_case+0x1a5/0x480 [ 15.662204] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.662419] kthread+0x337/0x6f0 [ 15.662550] ret_from_fork+0x116/0x1d0 [ 15.663207] ret_from_fork_asm+0x1a/0x30 [ 15.663780] [ 15.664090] The buggy address belongs to the object at ffff88810394df80 [ 15.664090] which belongs to the cache kmalloc-64 of size 64 [ 15.665281] The buggy address is located 0 bytes to the right of [ 15.665281] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.666105] [ 15.666479] The buggy address belongs to the physical page: [ 15.667280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.668012] flags: 0x200000000000000(node=0|zone=2) [ 15.668199] page_type: f5(slab) [ 15.668327] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.668577] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.668813] page dumped because: kasan: bad access detected [ 15.668990] [ 15.669064] Memory state around the buggy address: [ 15.669223] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.670113] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.670755] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.671106] ^ [ 15.671347] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.671692] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.672026] ================================================================== [ 16.237300] ================================================================== [ 16.237625] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 16.237971] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.238536] [ 16.238631] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.238675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.238688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.238710] Call Trace: [ 16.238727] <TASK> [ 16.238745] dump_stack_lvl+0x73/0xb0 [ 16.238775] print_report+0xd1/0x610 [ 16.238798] ? __virt_addr_valid+0x1db/0x2d0 [ 16.238822] ? kasan_atomics_helper+0x1c18/0x5450 [ 16.238845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.238869] ? kasan_atomics_helper+0x1c18/0x5450 [ 16.238892] kasan_report+0x141/0x180 [ 16.238945] ? kasan_atomics_helper+0x1c18/0x5450 [ 16.238974] kasan_check_range+0x10c/0x1c0 [ 16.239011] __kasan_check_write+0x18/0x20 [ 16.239033] kasan_atomics_helper+0x1c18/0x5450 [ 16.239057] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.239111] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.239138] ? kasan_atomics+0x152/0x310 [ 16.239178] kasan_atomics+0x1dc/0x310 [ 16.239203] ? __pfx_kasan_atomics+0x10/0x10 [ 16.239228] ? __pfx_read_tsc+0x10/0x10 [ 16.239249] ? ktime_get_ts64+0x86/0x230 [ 16.239275] kunit_try_run_case+0x1a5/0x480 [ 16.239302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.239325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.239351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.239376] ? __kthread_parkme+0x82/0x180 [ 16.239406] ? preempt_count_sub+0x50/0x80 [ 16.239431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.239457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.239483] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.239509] kthread+0x337/0x6f0 [ 16.239529] ? trace_preempt_on+0x20/0xc0 [ 16.239554] ? __pfx_kthread+0x10/0x10 [ 16.239576] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.239614] ? calculate_sigpending+0x7b/0xa0 [ 16.239639] ? __pfx_kthread+0x10/0x10 [ 16.239662] ret_from_fork+0x116/0x1d0 [ 16.239683] ? __pfx_kthread+0x10/0x10 [ 16.239704] ret_from_fork_asm+0x1a/0x30 [ 16.239738] </TASK> [ 16.239749] [ 16.252596] Allocated by task 283: [ 16.252744] kasan_save_stack+0x45/0x70 [ 16.252899] kasan_save_track+0x18/0x40 [ 16.253039] kasan_save_alloc_info+0x3b/0x50 [ 16.253193] __kasan_kmalloc+0xb7/0xc0 [ 16.253329] __kmalloc_cache_noprof+0x189/0x420 [ 16.253533] kasan_atomics+0x95/0x310 [ 16.254324] kunit_try_run_case+0x1a5/0x480 [ 16.254719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.254911] kthread+0x337/0x6f0 [ 16.255038] ret_from_fork+0x116/0x1d0 [ 16.255176] ret_from_fork_asm+0x1a/0x30 [ 16.255317] [ 16.255403] The buggy address belongs to the object at ffff88810394df80 [ 16.255403] which belongs to the cache kmalloc-64 of size 64 [ 16.255946] The buggy address is located 0 bytes to the right of [ 16.255946] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.256511] [ 16.257044] The buggy address belongs to the physical page: [ 16.257262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.257814] flags: 0x200000000000000(node=0|zone=2) [ 16.258133] page_type: f5(slab) [ 16.258271] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.258769] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.259182] page dumped because: kasan: bad access detected [ 16.259417] [ 16.259610] Memory state around the buggy address: [ 16.259946] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.260253] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.260763] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.261071] ^ [ 16.261298] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.261759] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.262152] ================================================================== [ 15.362119] ================================================================== [ 15.362982] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 15.363504] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.363993] [ 15.364186] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.364390] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.364469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.364494] Call Trace: [ 15.364512] <TASK> [ 15.364531] dump_stack_lvl+0x73/0xb0 [ 15.364565] print_report+0xd1/0x610 [ 15.364591] ? __virt_addr_valid+0x1db/0x2d0 [ 15.364615] ? kasan_atomics_helper+0x697/0x5450 [ 15.364637] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.364662] ? kasan_atomics_helper+0x697/0x5450 [ 15.364691] kasan_report+0x141/0x180 [ 15.364714] ? kasan_atomics_helper+0x697/0x5450 [ 15.364742] kasan_check_range+0x10c/0x1c0 [ 15.364767] __kasan_check_write+0x18/0x20 [ 15.364788] kasan_atomics_helper+0x697/0x5450 [ 15.364812] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.364836] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.364862] ? kasan_atomics+0x152/0x310 [ 15.364891] kasan_atomics+0x1dc/0x310 [ 15.364915] ? __pfx_kasan_atomics+0x10/0x10 [ 15.364941] ? __pfx_read_tsc+0x10/0x10 [ 15.364964] ? ktime_get_ts64+0x86/0x230 [ 15.364993] kunit_try_run_case+0x1a5/0x480 [ 15.365021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.365045] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.365082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.365109] ? __kthread_parkme+0x82/0x180 [ 15.365130] ? preempt_count_sub+0x50/0x80 [ 15.365156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.365183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.365208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.365234] kthread+0x337/0x6f0 [ 15.365256] ? trace_preempt_on+0x20/0xc0 [ 15.365281] ? __pfx_kthread+0x10/0x10 [ 15.365303] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.365326] ? calculate_sigpending+0x7b/0xa0 [ 15.365351] ? __pfx_kthread+0x10/0x10 [ 15.365374] ret_from_fork+0x116/0x1d0 [ 15.365404] ? __pfx_kthread+0x10/0x10 [ 15.365427] ret_from_fork_asm+0x1a/0x30 [ 15.365461] </TASK> [ 15.365472] [ 15.377603] Allocated by task 283: [ 15.378118] kasan_save_stack+0x45/0x70 [ 15.378390] kasan_save_track+0x18/0x40 [ 15.378602] kasan_save_alloc_info+0x3b/0x50 [ 15.378981] __kasan_kmalloc+0xb7/0xc0 [ 15.379377] __kmalloc_cache_noprof+0x189/0x420 [ 15.379639] kasan_atomics+0x95/0x310 [ 15.379921] kunit_try_run_case+0x1a5/0x480 [ 15.380096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.380600] kthread+0x337/0x6f0 [ 15.380777] ret_from_fork+0x116/0x1d0 [ 15.381136] ret_from_fork_asm+0x1a/0x30 [ 15.381438] [ 15.381550] The buggy address belongs to the object at ffff88810394df80 [ 15.381550] which belongs to the cache kmalloc-64 of size 64 [ 15.382420] The buggy address is located 0 bytes to the right of [ 15.382420] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.383235] [ 15.383445] The buggy address belongs to the physical page: [ 15.383813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.384287] flags: 0x200000000000000(node=0|zone=2) [ 15.384674] page_type: f5(slab) [ 15.384817] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.385469] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.385834] page dumped because: kasan: bad access detected [ 15.386317] [ 15.386427] Memory state around the buggy address: [ 15.386781] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.387100] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.387760] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.388222] ^ [ 15.388597] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.388937] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.389456] ================================================================== [ 15.390297] ================================================================== [ 15.390868] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 15.391383] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.391972] [ 15.392221] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.392271] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.392285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.392309] Call Trace: [ 15.392327] <TASK> [ 15.392482] dump_stack_lvl+0x73/0xb0 [ 15.392517] print_report+0xd1/0x610 [ 15.392541] ? __virt_addr_valid+0x1db/0x2d0 [ 15.392566] ? kasan_atomics_helper+0x72f/0x5450 [ 15.392589] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.392612] ? kasan_atomics_helper+0x72f/0x5450 [ 15.392635] kasan_report+0x141/0x180 [ 15.392660] ? kasan_atomics_helper+0x72f/0x5450 [ 15.392697] kasan_check_range+0x10c/0x1c0 [ 15.392723] __kasan_check_write+0x18/0x20 [ 15.392743] kasan_atomics_helper+0x72f/0x5450 [ 15.392767] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.392791] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.392817] ? kasan_atomics+0x152/0x310 [ 15.392846] kasan_atomics+0x1dc/0x310 [ 15.392870] ? __pfx_kasan_atomics+0x10/0x10 [ 15.392895] ? __pfx_read_tsc+0x10/0x10 [ 15.392918] ? ktime_get_ts64+0x86/0x230 [ 15.392947] kunit_try_run_case+0x1a5/0x480 [ 15.392975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.392999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.393072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.393100] ? __kthread_parkme+0x82/0x180 [ 15.393123] ? preempt_count_sub+0x50/0x80 [ 15.393149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.393176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.393202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.393227] kthread+0x337/0x6f0 [ 15.393248] ? trace_preempt_on+0x20/0xc0 [ 15.393273] ? __pfx_kthread+0x10/0x10 [ 15.393362] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.393385] ? calculate_sigpending+0x7b/0xa0 [ 15.393419] ? __pfx_kthread+0x10/0x10 [ 15.393442] ret_from_fork+0x116/0x1d0 [ 15.393463] ? __pfx_kthread+0x10/0x10 [ 15.393484] ret_from_fork_asm+0x1a/0x30 [ 15.393518] </TASK> [ 15.393529] [ 15.406059] Allocated by task 283: [ 15.406350] kasan_save_stack+0x45/0x70 [ 15.406830] kasan_save_track+0x18/0x40 [ 15.407014] kasan_save_alloc_info+0x3b/0x50 [ 15.407318] __kasan_kmalloc+0xb7/0xc0 [ 15.407721] __kmalloc_cache_noprof+0x189/0x420 [ 15.408091] kasan_atomics+0x95/0x310 [ 15.408368] kunit_try_run_case+0x1a5/0x480 [ 15.408754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.409000] kthread+0x337/0x6f0 [ 15.409306] ret_from_fork+0x116/0x1d0 [ 15.409517] ret_from_fork_asm+0x1a/0x30 [ 15.409887] [ 15.409995] The buggy address belongs to the object at ffff88810394df80 [ 15.409995] which belongs to the cache kmalloc-64 of size 64 [ 15.410861] The buggy address is located 0 bytes to the right of [ 15.410861] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.411747] [ 15.411865] The buggy address belongs to the physical page: [ 15.412138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.412685] flags: 0x200000000000000(node=0|zone=2) [ 15.412915] page_type: f5(slab) [ 15.413076] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.413416] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.414008] page dumped because: kasan: bad access detected [ 15.414207] [ 15.414521] Memory state around the buggy address: [ 15.414787] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.415320] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.415813] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.416291] ^ [ 15.416632] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.416951] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.417583] ================================================================== [ 16.067210] ================================================================== [ 16.067552] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 16.067871] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.068263] [ 16.068355] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.068411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.068425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.068446] Call Trace: [ 16.068464] <TASK> [ 16.068481] dump_stack_lvl+0x73/0xb0 [ 16.068510] print_report+0xd1/0x610 [ 16.068554] ? __virt_addr_valid+0x1db/0x2d0 [ 16.068579] ? kasan_atomics_helper+0x16e7/0x5450 [ 16.068611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.068635] ? kasan_atomics_helper+0x16e7/0x5450 [ 16.068659] kasan_report+0x141/0x180 [ 16.068693] ? kasan_atomics_helper+0x16e7/0x5450 [ 16.068721] kasan_check_range+0x10c/0x1c0 [ 16.068765] __kasan_check_write+0x18/0x20 [ 16.068787] kasan_atomics_helper+0x16e7/0x5450 [ 16.068811] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.068836] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.068879] ? kasan_atomics+0x152/0x310 [ 16.068908] kasan_atomics+0x1dc/0x310 [ 16.068933] ? __pfx_kasan_atomics+0x10/0x10 [ 16.068958] ? __pfx_read_tsc+0x10/0x10 [ 16.068981] ? ktime_get_ts64+0x86/0x230 [ 16.069007] kunit_try_run_case+0x1a5/0x480 [ 16.069050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.069088] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.069116] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.069143] ? __kthread_parkme+0x82/0x180 [ 16.069166] ? preempt_count_sub+0x50/0x80 [ 16.069225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.069255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.069281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.069308] kthread+0x337/0x6f0 [ 16.069329] ? trace_preempt_on+0x20/0xc0 [ 16.069356] ? __pfx_kthread+0x10/0x10 [ 16.069380] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.069414] ? calculate_sigpending+0x7b/0xa0 [ 16.069558] ? __pfx_kthread+0x10/0x10 [ 16.069592] ret_from_fork+0x116/0x1d0 [ 16.069615] ? __pfx_kthread+0x10/0x10 [ 16.069639] ret_from_fork_asm+0x1a/0x30 [ 16.069673] </TASK> [ 16.069685] [ 16.080763] Allocated by task 283: [ 16.081040] kasan_save_stack+0x45/0x70 [ 16.081206] kasan_save_track+0x18/0x40 [ 16.081418] kasan_save_alloc_info+0x3b/0x50 [ 16.081598] __kasan_kmalloc+0xb7/0xc0 [ 16.082076] __kmalloc_cache_noprof+0x189/0x420 [ 16.082250] kasan_atomics+0x95/0x310 [ 16.082582] kunit_try_run_case+0x1a5/0x480 [ 16.082913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.083221] kthread+0x337/0x6f0 [ 16.083359] ret_from_fork+0x116/0x1d0 [ 16.083709] ret_from_fork_asm+0x1a/0x30 [ 16.084007] [ 16.084089] The buggy address belongs to the object at ffff88810394df80 [ 16.084089] which belongs to the cache kmalloc-64 of size 64 [ 16.084762] The buggy address is located 0 bytes to the right of [ 16.084762] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.085275] [ 16.085366] The buggy address belongs to the physical page: [ 16.085993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.086318] flags: 0x200000000000000(node=0|zone=2) [ 16.086671] page_type: f5(slab) [ 16.086967] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.087304] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.087775] page dumped because: kasan: bad access detected [ 16.088098] [ 16.088206] Memory state around the buggy address: [ 16.088623] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.088933] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.089315] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.089720] ^ [ 16.090036] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.090419] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.090819] ================================================================== [ 16.280286] ================================================================== [ 16.280851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 16.281176] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.281419] [ 16.281532] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.281595] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.281609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.281631] Call Trace: [ 16.281649] <TASK> [ 16.281665] dump_stack_lvl+0x73/0xb0 [ 16.281695] print_report+0xd1/0x610 [ 16.281720] ? __virt_addr_valid+0x1db/0x2d0 [ 16.281744] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.281766] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.281790] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.281814] kasan_report+0x141/0x180 [ 16.281838] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.281866] kasan_check_range+0x10c/0x1c0 [ 16.281892] __kasan_check_write+0x18/0x20 [ 16.281912] kasan_atomics_helper+0x1ce1/0x5450 [ 16.281937] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.281960] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.281986] ? kasan_atomics+0x152/0x310 [ 16.282014] kasan_atomics+0x1dc/0x310 [ 16.282038] ? __pfx_kasan_atomics+0x10/0x10 [ 16.282064] ? __pfx_read_tsc+0x10/0x10 [ 16.282086] ? ktime_get_ts64+0x86/0x230 [ 16.282113] kunit_try_run_case+0x1a5/0x480 [ 16.282141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.282165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.282190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.282215] ? __kthread_parkme+0x82/0x180 [ 16.282236] ? preempt_count_sub+0x50/0x80 [ 16.282261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.282286] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.282311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.282336] kthread+0x337/0x6f0 [ 16.282357] ? trace_preempt_on+0x20/0xc0 [ 16.282381] ? __pfx_kthread+0x10/0x10 [ 16.282413] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.282436] ? calculate_sigpending+0x7b/0xa0 [ 16.282461] ? __pfx_kthread+0x10/0x10 [ 16.282484] ret_from_fork+0x116/0x1d0 [ 16.282504] ? __pfx_kthread+0x10/0x10 [ 16.282526] ret_from_fork_asm+0x1a/0x30 [ 16.282560] </TASK> [ 16.282589] [ 16.293966] Allocated by task 283: [ 16.294273] kasan_save_stack+0x45/0x70 [ 16.294695] kasan_save_track+0x18/0x40 [ 16.294896] kasan_save_alloc_info+0x3b/0x50 [ 16.295096] __kasan_kmalloc+0xb7/0xc0 [ 16.295268] __kmalloc_cache_noprof+0x189/0x420 [ 16.295472] kasan_atomics+0x95/0x310 [ 16.295639] kunit_try_run_case+0x1a5/0x480 [ 16.295849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.296111] kthread+0x337/0x6f0 [ 16.296252] ret_from_fork+0x116/0x1d0 [ 16.296416] ret_from_fork_asm+0x1a/0x30 [ 16.296640] [ 16.296747] The buggy address belongs to the object at ffff88810394df80 [ 16.296747] which belongs to the cache kmalloc-64 of size 64 [ 16.297220] The buggy address is located 0 bytes to the right of [ 16.297220] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.297676] [ 16.297759] The buggy address belongs to the physical page: [ 16.298021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.298373] flags: 0x200000000000000(node=0|zone=2) [ 16.298626] page_type: f5(slab) [ 16.298763] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.299113] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.299404] page dumped because: kasan: bad access detected [ 16.299650] [ 16.299748] Memory state around the buggy address: [ 16.299972] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.300254] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.300544] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.300853] ^ [ 16.301040] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.301261] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.301552] ================================================================== [ 16.393890] ================================================================== [ 16.394970] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 16.395458] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.395762] [ 16.395867] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.395914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.395928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.395951] Call Trace: [ 16.395967] <TASK> [ 16.395985] dump_stack_lvl+0x73/0xb0 [ 16.396016] print_report+0xd1/0x610 [ 16.396040] ? __virt_addr_valid+0x1db/0x2d0 [ 16.396065] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.396087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.396111] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.396134] kasan_report+0x141/0x180 [ 16.396158] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.396187] __asan_report_load8_noabort+0x18/0x20 [ 16.396213] kasan_atomics_helper+0x4f71/0x5450 [ 16.396237] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.396261] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.396287] ? kasan_atomics+0x152/0x310 [ 16.396316] kasan_atomics+0x1dc/0x310 [ 16.396340] ? __pfx_kasan_atomics+0x10/0x10 [ 16.396365] ? __pfx_read_tsc+0x10/0x10 [ 16.396387] ? ktime_get_ts64+0x86/0x230 [ 16.396426] kunit_try_run_case+0x1a5/0x480 [ 16.396453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.396477] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.396503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.396528] ? __kthread_parkme+0x82/0x180 [ 16.396550] ? preempt_count_sub+0x50/0x80 [ 16.396575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.396613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.396639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.396669] kthread+0x337/0x6f0 [ 16.396691] ? trace_preempt_on+0x20/0xc0 [ 16.396716] ? __pfx_kthread+0x10/0x10 [ 16.396739] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.396762] ? calculate_sigpending+0x7b/0xa0 [ 16.396787] ? __pfx_kthread+0x10/0x10 [ 16.396810] ret_from_fork+0x116/0x1d0 [ 16.396830] ? __pfx_kthread+0x10/0x10 [ 16.396852] ret_from_fork_asm+0x1a/0x30 [ 16.396886] </TASK> [ 16.396898] [ 16.404273] Allocated by task 283: [ 16.404442] kasan_save_stack+0x45/0x70 [ 16.404589] kasan_save_track+0x18/0x40 [ 16.404741] kasan_save_alloc_info+0x3b/0x50 [ 16.404942] __kasan_kmalloc+0xb7/0xc0 [ 16.405141] __kmalloc_cache_noprof+0x189/0x420 [ 16.405363] kasan_atomics+0x95/0x310 [ 16.405557] kunit_try_run_case+0x1a5/0x480 [ 16.405766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.405970] kthread+0x337/0x6f0 [ 16.406110] ret_from_fork+0x116/0x1d0 [ 16.406300] ret_from_fork_asm+0x1a/0x30 [ 16.406507] [ 16.406618] The buggy address belongs to the object at ffff88810394df80 [ 16.406618] which belongs to the cache kmalloc-64 of size 64 [ 16.407080] The buggy address is located 0 bytes to the right of [ 16.407080] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.407490] [ 16.407566] The buggy address belongs to the physical page: [ 16.407742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.408002] flags: 0x200000000000000(node=0|zone=2) [ 16.408411] page_type: f5(slab) [ 16.408577] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.409117] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.409456] page dumped because: kasan: bad access detected [ 16.409738] [ 16.409811] Memory state around the buggy address: [ 16.409966] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.410185] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.410839] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.411166] ^ [ 16.411407] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.411711] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.411928] ================================================================== [ 15.720933] ================================================================== [ 15.721499] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 15.722043] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.722751] [ 15.722857] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.722977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.722994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.723017] Call Trace: [ 15.723033] <TASK> [ 15.723109] dump_stack_lvl+0x73/0xb0 [ 15.723145] print_report+0xd1/0x610 [ 15.723168] ? __virt_addr_valid+0x1db/0x2d0 [ 15.723193] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.723270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.723296] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.723320] kasan_report+0x141/0x180 [ 15.723406] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.723437] kasan_check_range+0x10c/0x1c0 [ 15.723463] __kasan_check_write+0x18/0x20 [ 15.723484] kasan_atomics_helper+0xfa9/0x5450 [ 15.723508] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.723532] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.723560] ? kasan_atomics+0x152/0x310 [ 15.723588] kasan_atomics+0x1dc/0x310 [ 15.723612] ? __pfx_kasan_atomics+0x10/0x10 [ 15.723639] ? __pfx_read_tsc+0x10/0x10 [ 15.723661] ? ktime_get_ts64+0x86/0x230 [ 15.723690] kunit_try_run_case+0x1a5/0x480 [ 15.723717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.723742] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.723767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.723793] ? __kthread_parkme+0x82/0x180 [ 15.723815] ? preempt_count_sub+0x50/0x80 [ 15.723841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.723867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.723893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.723918] kthread+0x337/0x6f0 [ 15.723940] ? trace_preempt_on+0x20/0xc0 [ 15.723964] ? __pfx_kthread+0x10/0x10 [ 15.723987] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.724010] ? calculate_sigpending+0x7b/0xa0 [ 15.724036] ? __pfx_kthread+0x10/0x10 [ 15.724061] ret_from_fork+0x116/0x1d0 [ 15.724081] ? __pfx_kthread+0x10/0x10 [ 15.724104] ret_from_fork_asm+0x1a/0x30 [ 15.724142] </TASK> [ 15.724155] [ 15.733798] Allocated by task 283: [ 15.734216] kasan_save_stack+0x45/0x70 [ 15.734414] kasan_save_track+0x18/0x40 [ 15.734778] kasan_save_alloc_info+0x3b/0x50 [ 15.734990] __kasan_kmalloc+0xb7/0xc0 [ 15.735168] __kmalloc_cache_noprof+0x189/0x420 [ 15.735378] kasan_atomics+0x95/0x310 [ 15.735565] kunit_try_run_case+0x1a5/0x480 [ 15.736017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.736315] kthread+0x337/0x6f0 [ 15.736540] ret_from_fork+0x116/0x1d0 [ 15.736770] ret_from_fork_asm+0x1a/0x30 [ 15.737067] [ 15.737153] The buggy address belongs to the object at ffff88810394df80 [ 15.737153] which belongs to the cache kmalloc-64 of size 64 [ 15.737854] The buggy address is located 0 bytes to the right of [ 15.737854] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.738364] [ 15.738474] The buggy address belongs to the physical page: [ 15.738703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.739282] flags: 0x200000000000000(node=0|zone=2) [ 15.739599] page_type: f5(slab) [ 15.739743] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.740169] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.740576] page dumped because: kasan: bad access detected [ 15.740927] [ 15.741013] Memory state around the buggy address: [ 15.741311] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.741813] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.742178] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.742556] ^ [ 15.742796] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.743099] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.743410] ================================================================== [ 16.192231] ================================================================== [ 16.192524] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 16.192931] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.193226] [ 16.193342] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.193386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.193410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.193434] Call Trace: [ 16.193452] <TASK> [ 16.193469] dump_stack_lvl+0x73/0xb0 [ 16.193498] print_report+0xd1/0x610 [ 16.193523] ? __virt_addr_valid+0x1db/0x2d0 [ 16.193546] ? kasan_atomics_helper+0x1a7f/0x5450 [ 16.193569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.193604] ? kasan_atomics_helper+0x1a7f/0x5450 [ 16.193627] kasan_report+0x141/0x180 [ 16.193651] ? kasan_atomics_helper+0x1a7f/0x5450 [ 16.193679] kasan_check_range+0x10c/0x1c0 [ 16.193705] __kasan_check_write+0x18/0x20 [ 16.193726] kasan_atomics_helper+0x1a7f/0x5450 [ 16.193750] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.193773] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.193799] ? kasan_atomics+0x152/0x310 [ 16.193827] kasan_atomics+0x1dc/0x310 [ 16.193851] ? __pfx_kasan_atomics+0x10/0x10 [ 16.193877] ? __pfx_read_tsc+0x10/0x10 [ 16.193899] ? ktime_get_ts64+0x86/0x230 [ 16.193925] kunit_try_run_case+0x1a5/0x480 [ 16.193951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.193975] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.194001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.194025] ? __kthread_parkme+0x82/0x180 [ 16.194047] ? preempt_count_sub+0x50/0x80 [ 16.194071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.194098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.194123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.194148] kthread+0x337/0x6f0 [ 16.194168] ? trace_preempt_on+0x20/0xc0 [ 16.194193] ? __pfx_kthread+0x10/0x10 [ 16.194215] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.194238] ? calculate_sigpending+0x7b/0xa0 [ 16.194263] ? __pfx_kthread+0x10/0x10 [ 16.194286] ret_from_fork+0x116/0x1d0 [ 16.194305] ? __pfx_kthread+0x10/0x10 [ 16.194327] ret_from_fork_asm+0x1a/0x30 [ 16.194360] </TASK> [ 16.194371] [ 16.201986] Allocated by task 283: [ 16.202146] kasan_save_stack+0x45/0x70 [ 16.202324] kasan_save_track+0x18/0x40 [ 16.202472] kasan_save_alloc_info+0x3b/0x50 [ 16.202813] __kasan_kmalloc+0xb7/0xc0 [ 16.202978] __kmalloc_cache_noprof+0x189/0x420 [ 16.203193] kasan_atomics+0x95/0x310 [ 16.203366] kunit_try_run_case+0x1a5/0x480 [ 16.203576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.203810] kthread+0x337/0x6f0 [ 16.203946] ret_from_fork+0x116/0x1d0 [ 16.204082] ret_from_fork_asm+0x1a/0x30 [ 16.204236] [ 16.204335] The buggy address belongs to the object at ffff88810394df80 [ 16.204335] which belongs to the cache kmalloc-64 of size 64 [ 16.204779] The buggy address is located 0 bytes to the right of [ 16.204779] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.205583] [ 16.205658] The buggy address belongs to the physical page: [ 16.205914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.206211] flags: 0x200000000000000(node=0|zone=2) [ 16.206375] page_type: f5(slab) [ 16.207147] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.207534] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.208766] page dumped because: kasan: bad access detected [ 16.209446] [ 16.209556] Memory state around the buggy address: [ 16.210528] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.211158] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.211405] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.211758] ^ [ 16.212223] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.212897] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.213543] ================================================================== [ 15.836924] ================================================================== [ 15.837682] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 15.838025] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.838262] [ 15.838354] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.838408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.838421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.838446] Call Trace: [ 15.838462] <TASK> [ 15.838481] dump_stack_lvl+0x73/0xb0 [ 15.838512] print_report+0xd1/0x610 [ 15.838535] ? __virt_addr_valid+0x1db/0x2d0 [ 15.838559] ? kasan_atomics_helper+0x1217/0x5450 [ 15.838582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.838607] ? kasan_atomics_helper+0x1217/0x5450 [ 15.838632] kasan_report+0x141/0x180 [ 15.838656] ? kasan_atomics_helper+0x1217/0x5450 [ 15.838685] kasan_check_range+0x10c/0x1c0 [ 15.838711] __kasan_check_write+0x18/0x20 [ 15.838732] kasan_atomics_helper+0x1217/0x5450 [ 15.838757] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.838782] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.838808] ? kasan_atomics+0x152/0x310 [ 15.838837] kasan_atomics+0x1dc/0x310 [ 15.838861] ? __pfx_kasan_atomics+0x10/0x10 [ 15.838887] ? __pfx_read_tsc+0x10/0x10 [ 15.838910] ? ktime_get_ts64+0x86/0x230 [ 15.838939] kunit_try_run_case+0x1a5/0x480 [ 15.838966] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.839001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.839027] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.839052] ? __kthread_parkme+0x82/0x180 [ 15.839073] ? preempt_count_sub+0x50/0x80 [ 15.839099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.839125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.839150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.839175] kthread+0x337/0x6f0 [ 15.839197] ? trace_preempt_on+0x20/0xc0 [ 15.839222] ? __pfx_kthread+0x10/0x10 [ 15.839245] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.839268] ? calculate_sigpending+0x7b/0xa0 [ 15.839293] ? __pfx_kthread+0x10/0x10 [ 15.839317] ret_from_fork+0x116/0x1d0 [ 15.839336] ? __pfx_kthread+0x10/0x10 [ 15.839358] ret_from_fork_asm+0x1a/0x30 [ 15.839401] </TASK> [ 15.839414] [ 15.847388] Allocated by task 283: [ 15.847530] kasan_save_stack+0x45/0x70 [ 15.847741] kasan_save_track+0x18/0x40 [ 15.847939] kasan_save_alloc_info+0x3b/0x50 [ 15.848162] __kasan_kmalloc+0xb7/0xc0 [ 15.848360] __kmalloc_cache_noprof+0x189/0x420 [ 15.848581] kasan_atomics+0x95/0x310 [ 15.848783] kunit_try_run_case+0x1a5/0x480 [ 15.848964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.849212] kthread+0x337/0x6f0 [ 15.849341] ret_from_fork+0x116/0x1d0 [ 15.849539] ret_from_fork_asm+0x1a/0x30 [ 15.849737] [ 15.849838] The buggy address belongs to the object at ffff88810394df80 [ 15.849838] which belongs to the cache kmalloc-64 of size 64 [ 15.850230] The buggy address is located 0 bytes to the right of [ 15.850230] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.850715] [ 15.850812] The buggy address belongs to the physical page: [ 15.851068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.851405] flags: 0x200000000000000(node=0|zone=2) [ 15.851572] page_type: f5(slab) [ 15.851709] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.852056] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.852413] page dumped because: kasan: bad access detected [ 15.852689] [ 15.852778] Memory state around the buggy address: [ 15.852969] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.853259] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.853560] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.853838] ^ [ 15.854053] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.854321] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.854564] ================================================================== [ 15.263385] ================================================================== [ 15.263720] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 15.263998] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.264466] [ 15.264589] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.264635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.264649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.264676] Call Trace: [ 15.264692] <TASK> [ 15.264709] dump_stack_lvl+0x73/0xb0 [ 15.264738] print_report+0xd1/0x610 [ 15.264762] ? __virt_addr_valid+0x1db/0x2d0 [ 15.264786] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.264808] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.264832] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.264855] kasan_report+0x141/0x180 [ 15.264879] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.264907] kasan_check_range+0x10c/0x1c0 [ 15.264932] __kasan_check_write+0x18/0x20 [ 15.264952] kasan_atomics_helper+0x4a0/0x5450 [ 15.264976] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.264999] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.265026] ? kasan_atomics+0x152/0x310 [ 15.265251] kasan_atomics+0x1dc/0x310 [ 15.265277] ? __pfx_kasan_atomics+0x10/0x10 [ 15.265327] ? __pfx_read_tsc+0x10/0x10 [ 15.265351] ? ktime_get_ts64+0x86/0x230 [ 15.265391] kunit_try_run_case+0x1a5/0x480 [ 15.265427] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.265451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.265477] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.265502] ? __kthread_parkme+0x82/0x180 [ 15.265523] ? preempt_count_sub+0x50/0x80 [ 15.265549] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.265576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.265611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.265636] kthread+0x337/0x6f0 [ 15.265657] ? trace_preempt_on+0x20/0xc0 [ 15.265681] ? __pfx_kthread+0x10/0x10 [ 15.265704] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.265727] ? calculate_sigpending+0x7b/0xa0 [ 15.265753] ? __pfx_kthread+0x10/0x10 [ 15.265776] ret_from_fork+0x116/0x1d0 [ 15.265795] ? __pfx_kthread+0x10/0x10 [ 15.265817] ret_from_fork_asm+0x1a/0x30 [ 15.265851] </TASK> [ 15.265863] [ 15.274617] Allocated by task 283: [ 15.274757] kasan_save_stack+0x45/0x70 [ 15.274908] kasan_save_track+0x18/0x40 [ 15.275047] kasan_save_alloc_info+0x3b/0x50 [ 15.275199] __kasan_kmalloc+0xb7/0xc0 [ 15.275335] __kmalloc_cache_noprof+0x189/0x420 [ 15.275592] kasan_atomics+0x95/0x310 [ 15.275883] kunit_try_run_case+0x1a5/0x480 [ 15.276197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.276464] kthread+0x337/0x6f0 [ 15.276633] ret_from_fork+0x116/0x1d0 [ 15.276825] ret_from_fork_asm+0x1a/0x30 [ 15.277024] [ 15.277122] The buggy address belongs to the object at ffff88810394df80 [ 15.277122] which belongs to the cache kmalloc-64 of size 64 [ 15.277810] The buggy address is located 0 bytes to the right of [ 15.277810] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.278867] [ 15.278959] The buggy address belongs to the physical page: [ 15.279319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.279763] flags: 0x200000000000000(node=0|zone=2) [ 15.279951] page_type: f5(slab) [ 15.280309] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.280783] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.281026] page dumped because: kasan: bad access detected [ 15.281336] [ 15.281467] Memory state around the buggy address: [ 15.281713] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.281976] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.282373] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.282741] ^ [ 15.282968] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.283321] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.283577] ================================================================== [ 15.855104] ================================================================== [ 15.855416] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 15.855808] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.856124] [ 15.856235] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.856280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.856293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.856314] Call Trace: [ 15.856333] <TASK> [ 15.856349] dump_stack_lvl+0x73/0xb0 [ 15.856378] print_report+0xd1/0x610 [ 15.856412] ? __virt_addr_valid+0x1db/0x2d0 [ 15.856437] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.856459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.856483] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.856507] kasan_report+0x141/0x180 [ 15.856531] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.856560] __asan_report_load4_noabort+0x18/0x20 [ 15.856586] kasan_atomics_helper+0x49e8/0x5450 [ 15.856610] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.856633] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.856660] ? kasan_atomics+0x152/0x310 [ 15.856691] kasan_atomics+0x1dc/0x310 [ 15.856716] ? __pfx_kasan_atomics+0x10/0x10 [ 15.856742] ? __pfx_read_tsc+0x10/0x10 [ 15.856763] ? ktime_get_ts64+0x86/0x230 [ 15.856789] kunit_try_run_case+0x1a5/0x480 [ 15.856815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.856839] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.856865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.856889] ? __kthread_parkme+0x82/0x180 [ 15.856911] ? preempt_count_sub+0x50/0x80 [ 15.856935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.856961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.856986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.857012] kthread+0x337/0x6f0 [ 15.857032] ? trace_preempt_on+0x20/0xc0 [ 15.857056] ? __pfx_kthread+0x10/0x10 [ 15.857078] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.857101] ? calculate_sigpending+0x7b/0xa0 [ 15.857126] ? __pfx_kthread+0x10/0x10 [ 15.857149] ret_from_fork+0x116/0x1d0 [ 15.857169] ? __pfx_kthread+0x10/0x10 [ 15.857191] ret_from_fork_asm+0x1a/0x30 [ 15.857224] </TASK> [ 15.857235] [ 15.871325] Allocated by task 283: [ 15.871709] kasan_save_stack+0x45/0x70 [ 15.871927] kasan_save_track+0x18/0x40 [ 15.872112] kasan_save_alloc_info+0x3b/0x50 [ 15.872314] __kasan_kmalloc+0xb7/0xc0 [ 15.872502] __kmalloc_cache_noprof+0x189/0x420 [ 15.873051] kasan_atomics+0x95/0x310 [ 15.873380] kunit_try_run_case+0x1a5/0x480 [ 15.873942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.874309] kthread+0x337/0x6f0 [ 15.874691] ret_from_fork+0x116/0x1d0 [ 15.875009] ret_from_fork_asm+0x1a/0x30 [ 15.875348] [ 15.875462] The buggy address belongs to the object at ffff88810394df80 [ 15.875462] which belongs to the cache kmalloc-64 of size 64 [ 15.876513] The buggy address is located 0 bytes to the right of [ 15.876513] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.877348] [ 15.877589] The buggy address belongs to the physical page: [ 15.877994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.878335] flags: 0x200000000000000(node=0|zone=2) [ 15.878569] page_type: f5(slab) [ 15.878734] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.879048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.879345] page dumped because: kasan: bad access detected [ 15.880049] [ 15.880290] Memory state around the buggy address: [ 15.880815] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.881248] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.881780] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.882275] ^ [ 15.882714] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.883033] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.883334] ================================================================== [ 16.348173] ================================================================== [ 16.348476] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 16.348950] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.349764] [ 16.349868] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.349986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.350002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.350079] Call Trace: [ 16.350097] <TASK> [ 16.350116] dump_stack_lvl+0x73/0xb0 [ 16.350149] print_report+0xd1/0x610 [ 16.350173] ? __virt_addr_valid+0x1db/0x2d0 [ 16.350197] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.350219] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.350243] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.350266] kasan_report+0x141/0x180 [ 16.350289] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.350319] kasan_check_range+0x10c/0x1c0 [ 16.350344] __kasan_check_write+0x18/0x20 [ 16.350365] kasan_atomics_helper+0x1eaa/0x5450 [ 16.350388] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.350425] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.350452] ? kasan_atomics+0x152/0x310 [ 16.350481] kasan_atomics+0x1dc/0x310 [ 16.350505] ? __pfx_kasan_atomics+0x10/0x10 [ 16.350532] ? __pfx_read_tsc+0x10/0x10 [ 16.350554] ? ktime_get_ts64+0x86/0x230 [ 16.350581] kunit_try_run_case+0x1a5/0x480 [ 16.350607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.350633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.350659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.350684] ? __kthread_parkme+0x82/0x180 [ 16.350705] ? preempt_count_sub+0x50/0x80 [ 16.350731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.350757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.350782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.350808] kthread+0x337/0x6f0 [ 16.350830] ? trace_preempt_on+0x20/0xc0 [ 16.350855] ? __pfx_kthread+0x10/0x10 [ 16.350878] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.350901] ? calculate_sigpending+0x7b/0xa0 [ 16.350926] ? __pfx_kthread+0x10/0x10 [ 16.350949] ret_from_fork+0x116/0x1d0 [ 16.350969] ? __pfx_kthread+0x10/0x10 [ 16.350991] ret_from_fork_asm+0x1a/0x30 [ 16.351024] </TASK> [ 16.351036] [ 16.360956] Allocated by task 283: [ 16.361236] kasan_save_stack+0x45/0x70 [ 16.361530] kasan_save_track+0x18/0x40 [ 16.361719] kasan_save_alloc_info+0x3b/0x50 [ 16.362022] __kasan_kmalloc+0xb7/0xc0 [ 16.362188] __kmalloc_cache_noprof+0x189/0x420 [ 16.362426] kasan_atomics+0x95/0x310 [ 16.362775] kunit_try_run_case+0x1a5/0x480 [ 16.363031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.363332] kthread+0x337/0x6f0 [ 16.363477] ret_from_fork+0x116/0x1d0 [ 16.363757] ret_from_fork_asm+0x1a/0x30 [ 16.364116] [ 16.364222] The buggy address belongs to the object at ffff88810394df80 [ 16.364222] which belongs to the cache kmalloc-64 of size 64 [ 16.364911] The buggy address is located 0 bytes to the right of [ 16.364911] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.365542] [ 16.365763] The buggy address belongs to the physical page: [ 16.366082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.366410] flags: 0x200000000000000(node=0|zone=2) [ 16.366760] page_type: f5(slab) [ 16.366900] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.367250] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.367568] page dumped because: kasan: bad access detected [ 16.368093] [ 16.368191] Memory state around the buggy address: [ 16.368461] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.368854] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.369235] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.369541] ^ [ 16.369889] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.370264] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.370596] ================================================================== [ 16.430541] ================================================================== [ 16.431129] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 16.431533] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.431771] [ 16.431923] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.431971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.431985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.432009] Call Trace: [ 16.432023] <TASK> [ 16.432040] dump_stack_lvl+0x73/0xb0 [ 16.432069] print_report+0xd1/0x610 [ 16.432093] ? __virt_addr_valid+0x1db/0x2d0 [ 16.432117] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.432138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.432163] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.432186] kasan_report+0x141/0x180 [ 16.432209] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.432238] __asan_report_load8_noabort+0x18/0x20 [ 16.432263] kasan_atomics_helper+0x4f98/0x5450 [ 16.432287] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.432311] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.432337] ? kasan_atomics+0x152/0x310 [ 16.432365] kasan_atomics+0x1dc/0x310 [ 16.432390] ? __pfx_kasan_atomics+0x10/0x10 [ 16.432427] ? __pfx_read_tsc+0x10/0x10 [ 16.432450] ? ktime_get_ts64+0x86/0x230 [ 16.432475] kunit_try_run_case+0x1a5/0x480 [ 16.432502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.432526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.432552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.432578] ? __kthread_parkme+0x82/0x180 [ 16.432609] ? preempt_count_sub+0x50/0x80 [ 16.432635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.432662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.432693] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.432718] kthread+0x337/0x6f0 [ 16.432739] ? trace_preempt_on+0x20/0xc0 [ 16.432764] ? __pfx_kthread+0x10/0x10 [ 16.432786] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.432810] ? calculate_sigpending+0x7b/0xa0 [ 16.432835] ? __pfx_kthread+0x10/0x10 [ 16.432858] ret_from_fork+0x116/0x1d0 [ 16.432878] ? __pfx_kthread+0x10/0x10 [ 16.432900] ret_from_fork_asm+0x1a/0x30 [ 16.432933] </TASK> [ 16.432945] [ 16.440164] Allocated by task 283: [ 16.440343] kasan_save_stack+0x45/0x70 [ 16.440518] kasan_save_track+0x18/0x40 [ 16.440803] kasan_save_alloc_info+0x3b/0x50 [ 16.440971] __kasan_kmalloc+0xb7/0xc0 [ 16.441110] __kmalloc_cache_noprof+0x189/0x420 [ 16.441269] kasan_atomics+0x95/0x310 [ 16.441416] kunit_try_run_case+0x1a5/0x480 [ 16.441582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.441845] kthread+0x337/0x6f0 [ 16.442019] ret_from_fork+0x116/0x1d0 [ 16.442212] ret_from_fork_asm+0x1a/0x30 [ 16.442420] [ 16.442517] The buggy address belongs to the object at ffff88810394df80 [ 16.442517] which belongs to the cache kmalloc-64 of size 64 [ 16.443161] The buggy address is located 0 bytes to the right of [ 16.443161] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.443649] [ 16.443749] The buggy address belongs to the physical page: [ 16.444003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.444296] flags: 0x200000000000000(node=0|zone=2) [ 16.444515] page_type: f5(slab) [ 16.444792] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.445102] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.445384] page dumped because: kasan: bad access detected [ 16.445654] [ 16.445737] Memory state around the buggy address: [ 16.445947] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.446235] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.446541] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.446820] ^ [ 16.447021] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.447325] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.447613] ================================================================== [ 15.221552] ================================================================== [ 15.221961] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 15.222499] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.222910] [ 15.223002] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.223046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.223060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.223083] Call Trace: [ 15.223099] <TASK> [ 15.223117] dump_stack_lvl+0x73/0xb0 [ 15.223147] print_report+0xd1/0x610 [ 15.223171] ? __virt_addr_valid+0x1db/0x2d0 [ 15.223195] ? kasan_atomics_helper+0x3df/0x5450 [ 15.223217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.223240] ? kasan_atomics_helper+0x3df/0x5450 [ 15.223264] kasan_report+0x141/0x180 [ 15.223288] ? kasan_atomics_helper+0x3df/0x5450 [ 15.223329] kasan_check_range+0x10c/0x1c0 [ 15.223354] __kasan_check_read+0x15/0x20 [ 15.223375] kasan_atomics_helper+0x3df/0x5450 [ 15.223407] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.223431] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.223458] ? kasan_atomics+0x152/0x310 [ 15.223486] kasan_atomics+0x1dc/0x310 [ 15.223511] ? __pfx_kasan_atomics+0x10/0x10 [ 15.223536] ? __pfx_read_tsc+0x10/0x10 [ 15.223558] ? ktime_get_ts64+0x86/0x230 [ 15.223584] kunit_try_run_case+0x1a5/0x480 [ 15.223693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.223721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.223759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.223786] ? __kthread_parkme+0x82/0x180 [ 15.223808] ? preempt_count_sub+0x50/0x80 [ 15.223856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.223882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.223919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.223946] kthread+0x337/0x6f0 [ 15.223968] ? trace_preempt_on+0x20/0xc0 [ 15.223993] ? __pfx_kthread+0x10/0x10 [ 15.224015] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.224038] ? calculate_sigpending+0x7b/0xa0 [ 15.224064] ? __pfx_kthread+0x10/0x10 [ 15.224128] ret_from_fork+0x116/0x1d0 [ 15.224151] ? __pfx_kthread+0x10/0x10 [ 15.224173] ret_from_fork_asm+0x1a/0x30 [ 15.224206] </TASK> [ 15.224218] [ 15.233180] Allocated by task 283: [ 15.233374] kasan_save_stack+0x45/0x70 [ 15.233589] kasan_save_track+0x18/0x40 [ 15.233781] kasan_save_alloc_info+0x3b/0x50 [ 15.233962] __kasan_kmalloc+0xb7/0xc0 [ 15.234219] __kmalloc_cache_noprof+0x189/0x420 [ 15.234385] kasan_atomics+0x95/0x310 [ 15.234534] kunit_try_run_case+0x1a5/0x480 [ 15.234720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.235143] kthread+0x337/0x6f0 [ 15.235313] ret_from_fork+0x116/0x1d0 [ 15.235556] ret_from_fork_asm+0x1a/0x30 [ 15.235698] [ 15.235772] The buggy address belongs to the object at ffff88810394df80 [ 15.235772] which belongs to the cache kmalloc-64 of size 64 [ 15.236605] The buggy address is located 0 bytes to the right of [ 15.236605] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.237173] [ 15.237277] The buggy address belongs to the physical page: [ 15.237760] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.238260] flags: 0x200000000000000(node=0|zone=2) [ 15.238519] page_type: f5(slab) [ 15.238701] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.239038] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.239517] page dumped because: kasan: bad access detected [ 15.239815] [ 15.239891] Memory state around the buggy address: [ 15.240053] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.240276] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.240661] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.241101] ^ [ 15.241409] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.241868] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.242240] ================================================================== [ 15.485056] ================================================================== [ 15.485355] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 15.485643] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.485975] [ 15.486083] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.486159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.486172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.486195] Call Trace: [ 15.486211] <TASK> [ 15.486227] dump_stack_lvl+0x73/0xb0 [ 15.486257] print_report+0xd1/0x610 [ 15.486312] ? __virt_addr_valid+0x1db/0x2d0 [ 15.486338] ? kasan_atomics_helper+0x992/0x5450 [ 15.486361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.486385] ? kasan_atomics_helper+0x992/0x5450 [ 15.486421] kasan_report+0x141/0x180 [ 15.486445] ? kasan_atomics_helper+0x992/0x5450 [ 15.486473] kasan_check_range+0x10c/0x1c0 [ 15.486498] __kasan_check_write+0x18/0x20 [ 15.486519] kasan_atomics_helper+0x992/0x5450 [ 15.486572] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.486620] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.486693] ? kasan_atomics+0x152/0x310 [ 15.486745] kasan_atomics+0x1dc/0x310 [ 15.486814] ? __pfx_kasan_atomics+0x10/0x10 [ 15.486885] ? __pfx_read_tsc+0x10/0x10 [ 15.486952] ? ktime_get_ts64+0x86/0x230 [ 15.487026] kunit_try_run_case+0x1a5/0x480 [ 15.487099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.487169] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.487217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.487261] ? __kthread_parkme+0x82/0x180 [ 15.487283] ? preempt_count_sub+0x50/0x80 [ 15.487308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.487333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.487357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.487382] kthread+0x337/0x6f0 [ 15.487412] ? trace_preempt_on+0x20/0xc0 [ 15.487436] ? __pfx_kthread+0x10/0x10 [ 15.487458] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.487481] ? calculate_sigpending+0x7b/0xa0 [ 15.487506] ? __pfx_kthread+0x10/0x10 [ 15.487530] ret_from_fork+0x116/0x1d0 [ 15.487549] ? __pfx_kthread+0x10/0x10 [ 15.487571] ret_from_fork_asm+0x1a/0x30 [ 15.487604] </TASK> [ 15.487617] [ 15.496384] Allocated by task 283: [ 15.496575] kasan_save_stack+0x45/0x70 [ 15.496775] kasan_save_track+0x18/0x40 [ 15.496919] kasan_save_alloc_info+0x3b/0x50 [ 15.497730] __kasan_kmalloc+0xb7/0xc0 [ 15.498164] __kmalloc_cache_noprof+0x189/0x420 [ 15.498599] kasan_atomics+0x95/0x310 [ 15.498779] kunit_try_run_case+0x1a5/0x480 [ 15.498935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.500963] kthread+0x337/0x6f0 [ 15.501252] ret_from_fork+0x116/0x1d0 [ 15.501867] ret_from_fork_asm+0x1a/0x30 [ 15.502651] [ 15.502921] The buggy address belongs to the object at ffff88810394df80 [ 15.502921] which belongs to the cache kmalloc-64 of size 64 [ 15.504341] The buggy address is located 0 bytes to the right of [ 15.504341] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.505465] [ 15.505760] The buggy address belongs to the physical page: [ 15.506456] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.507133] flags: 0x200000000000000(node=0|zone=2) [ 15.507471] page_type: f5(slab) [ 15.507664] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.507975] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.508911] page dumped because: kasan: bad access detected [ 15.509578] [ 15.509755] Memory state around the buggy address: [ 15.510159] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.510851] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.511524] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.511946] ^ [ 15.512427] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.513069] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.513573] ================================================================== [ 15.902763] ================================================================== [ 15.903167] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 15.903512] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.903893] [ 15.903986] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.904049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.904063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.904086] Call Trace: [ 15.904101] <TASK> [ 15.904119] dump_stack_lvl+0x73/0xb0 [ 15.904148] print_report+0xd1/0x610 [ 15.904171] ? __virt_addr_valid+0x1db/0x2d0 [ 15.904194] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.904217] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.904258] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.904282] kasan_report+0x141/0x180 [ 15.904305] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.904334] __asan_report_load4_noabort+0x18/0x20 [ 15.904359] kasan_atomics_helper+0x49ce/0x5450 [ 15.904385] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.904419] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.904464] ? kasan_atomics+0x152/0x310 [ 15.904492] kasan_atomics+0x1dc/0x310 [ 15.904516] ? __pfx_kasan_atomics+0x10/0x10 [ 15.904543] ? __pfx_read_tsc+0x10/0x10 [ 15.904564] ? ktime_get_ts64+0x86/0x230 [ 15.904591] kunit_try_run_case+0x1a5/0x480 [ 15.904616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.904656] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.904685] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.904710] ? __kthread_parkme+0x82/0x180 [ 15.904732] ? preempt_count_sub+0x50/0x80 [ 15.904756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.904783] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.904808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.904851] kthread+0x337/0x6f0 [ 15.904871] ? trace_preempt_on+0x20/0xc0 [ 15.904896] ? __pfx_kthread+0x10/0x10 [ 15.904919] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.904943] ? calculate_sigpending+0x7b/0xa0 [ 15.904968] ? __pfx_kthread+0x10/0x10 [ 15.904992] ret_from_fork+0x116/0x1d0 [ 15.905027] ? __pfx_kthread+0x10/0x10 [ 15.905050] ret_from_fork_asm+0x1a/0x30 [ 15.905097] </TASK> [ 15.905120] [ 15.912675] Allocated by task 283: [ 15.912873] kasan_save_stack+0x45/0x70 [ 15.913048] kasan_save_track+0x18/0x40 [ 15.913242] kasan_save_alloc_info+0x3b/0x50 [ 15.913477] __kasan_kmalloc+0xb7/0xc0 [ 15.913662] __kmalloc_cache_noprof+0x189/0x420 [ 15.913899] kasan_atomics+0x95/0x310 [ 15.914084] kunit_try_run_case+0x1a5/0x480 [ 15.914253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.914497] kthread+0x337/0x6f0 [ 15.914758] ret_from_fork+0x116/0x1d0 [ 15.914936] ret_from_fork_asm+0x1a/0x30 [ 15.915078] [ 15.915193] The buggy address belongs to the object at ffff88810394df80 [ 15.915193] which belongs to the cache kmalloc-64 of size 64 [ 15.915761] The buggy address is located 0 bytes to the right of [ 15.915761] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.916279] [ 15.916369] The buggy address belongs to the physical page: [ 15.916614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.916973] flags: 0x200000000000000(node=0|zone=2) [ 15.917200] page_type: f5(slab) [ 15.917364] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.917767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.918060] page dumped because: kasan: bad access detected [ 15.918318] [ 15.918409] Memory state around the buggy address: [ 15.918598] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.918922] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.919239] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.919571] ^ [ 15.919794] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.920104] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.920437] ================================================================== [ 16.547638] ================================================================== [ 16.547975] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 16.548449] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.548885] [ 16.549001] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.549058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.549072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.549095] Call Trace: [ 16.549110] <TASK> [ 16.549126] dump_stack_lvl+0x73/0xb0 [ 16.549156] print_report+0xd1/0x610 [ 16.549179] ? __virt_addr_valid+0x1db/0x2d0 [ 16.549205] ? kasan_atomics_helper+0x5115/0x5450 [ 16.549228] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.549251] ? kasan_atomics_helper+0x5115/0x5450 [ 16.549274] kasan_report+0x141/0x180 [ 16.549298] ? kasan_atomics_helper+0x5115/0x5450 [ 16.549327] __asan_report_load8_noabort+0x18/0x20 [ 16.549352] kasan_atomics_helper+0x5115/0x5450 [ 16.549377] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.549412] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.549438] ? kasan_atomics+0x152/0x310 [ 16.549489] kasan_atomics+0x1dc/0x310 [ 16.549516] ? __pfx_kasan_atomics+0x10/0x10 [ 16.549542] ? __pfx_read_tsc+0x10/0x10 [ 16.549565] ? ktime_get_ts64+0x86/0x230 [ 16.549600] kunit_try_run_case+0x1a5/0x480 [ 16.549626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.549694] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.549719] ? __kthread_parkme+0x82/0x180 [ 16.549741] ? preempt_count_sub+0x50/0x80 [ 16.549767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.549818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.549843] kthread+0x337/0x6f0 [ 16.549864] ? trace_preempt_on+0x20/0xc0 [ 16.549907] ? __pfx_kthread+0x10/0x10 [ 16.549929] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.549952] ? calculate_sigpending+0x7b/0xa0 [ 16.549977] ? __pfx_kthread+0x10/0x10 [ 16.550000] ret_from_fork+0x116/0x1d0 [ 16.550020] ? __pfx_kthread+0x10/0x10 [ 16.550059] ret_from_fork_asm+0x1a/0x30 [ 16.550095] </TASK> [ 16.550108] [ 16.557730] Allocated by task 283: [ 16.557933] kasan_save_stack+0x45/0x70 [ 16.558116] kasan_save_track+0x18/0x40 [ 16.558250] kasan_save_alloc_info+0x3b/0x50 [ 16.558408] __kasan_kmalloc+0xb7/0xc0 [ 16.558591] __kmalloc_cache_noprof+0x189/0x420 [ 16.558814] kasan_atomics+0x95/0x310 [ 16.559002] kunit_try_run_case+0x1a5/0x480 [ 16.559210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.559489] kthread+0x337/0x6f0 [ 16.559654] ret_from_fork+0x116/0x1d0 [ 16.559850] ret_from_fork_asm+0x1a/0x30 [ 16.560044] [ 16.560116] The buggy address belongs to the object at ffff88810394df80 [ 16.560116] which belongs to the cache kmalloc-64 of size 64 [ 16.560482] The buggy address is located 0 bytes to the right of [ 16.560482] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.561488] [ 16.561584] The buggy address belongs to the physical page: [ 16.561830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.562157] flags: 0x200000000000000(node=0|zone=2) [ 16.562365] page_type: f5(slab) [ 16.562502] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.562876] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.563208] page dumped because: kasan: bad access detected [ 16.563472] [ 16.563572] Memory state around the buggy address: [ 16.563800] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.564062] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.564385] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.564755] ^ [ 16.564933] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.565270] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.565605] ================================================================== [ 15.191211] ================================================================== [ 15.191995] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 15.192625] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.192999] [ 15.193254] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.193304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.193318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.193341] Call Trace: [ 15.193356] <TASK> [ 15.193373] dump_stack_lvl+0x73/0xb0 [ 15.193415] print_report+0xd1/0x610 [ 15.193439] ? __virt_addr_valid+0x1db/0x2d0 [ 15.193464] ? kasan_atomics_helper+0x4b6e/0x5450 [ 15.193486] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.193509] ? kasan_atomics_helper+0x4b6e/0x5450 [ 15.193533] kasan_report+0x141/0x180 [ 15.193556] ? kasan_atomics_helper+0x4b6e/0x5450 [ 15.193584] __asan_report_store4_noabort+0x1b/0x30 [ 15.193610] kasan_atomics_helper+0x4b6e/0x5450 [ 15.193634] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.193657] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.193684] ? kasan_atomics+0x152/0x310 [ 15.193713] kasan_atomics+0x1dc/0x310 [ 15.193738] ? __pfx_kasan_atomics+0x10/0x10 [ 15.193765] ? __pfx_read_tsc+0x10/0x10 [ 15.193798] ? ktime_get_ts64+0x86/0x230 [ 15.193826] kunit_try_run_case+0x1a5/0x480 [ 15.193865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.193889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.193914] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.193940] ? __kthread_parkme+0x82/0x180 [ 15.193962] ? preempt_count_sub+0x50/0x80 [ 15.193986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.194012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.194037] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.194063] kthread+0x337/0x6f0 [ 15.194084] ? trace_preempt_on+0x20/0xc0 [ 15.194108] ? __pfx_kthread+0x10/0x10 [ 15.194131] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.194153] ? calculate_sigpending+0x7b/0xa0 [ 15.194179] ? __pfx_kthread+0x10/0x10 [ 15.194203] ret_from_fork+0x116/0x1d0 [ 15.194223] ? __pfx_kthread+0x10/0x10 [ 15.194245] ret_from_fork_asm+0x1a/0x30 [ 15.194278] </TASK> [ 15.194290] [ 15.208860] Allocated by task 283: [ 15.209292] kasan_save_stack+0x45/0x70 [ 15.209658] kasan_save_track+0x18/0x40 [ 15.209806] kasan_save_alloc_info+0x3b/0x50 [ 15.209960] __kasan_kmalloc+0xb7/0xc0 [ 15.210264] __kmalloc_cache_noprof+0x189/0x420 [ 15.210702] kasan_atomics+0x95/0x310 [ 15.211060] kunit_try_run_case+0x1a5/0x480 [ 15.211702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.212253] kthread+0x337/0x6f0 [ 15.212676] ret_from_fork+0x116/0x1d0 [ 15.213163] ret_from_fork_asm+0x1a/0x30 [ 15.213313] [ 15.213389] The buggy address belongs to the object at ffff88810394df80 [ 15.213389] which belongs to the cache kmalloc-64 of size 64 [ 15.214123] The buggy address is located 0 bytes to the right of [ 15.214123] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.215347] [ 15.215525] The buggy address belongs to the physical page: [ 15.216107] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.216707] flags: 0x200000000000000(node=0|zone=2) [ 15.217390] page_type: f5(slab) [ 15.217556] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.218240] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.218497] page dumped because: kasan: bad access detected [ 15.218732] [ 15.218857] Memory state around the buggy address: [ 15.219063] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.219449] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.219797] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.220174] ^ [ 15.220392] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.220753] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.221039] ================================================================== [ 15.158541] ================================================================== [ 15.159174] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 15.159521] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.159745] [ 15.159831] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.159874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.159885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.159907] Call Trace: [ 15.159920] <TASK> [ 15.159934] dump_stack_lvl+0x73/0xb0 [ 15.159962] print_report+0xd1/0x610 [ 15.159983] ? __virt_addr_valid+0x1db/0x2d0 [ 15.160005] ? kasan_atomics_helper+0x4b88/0x5450 [ 15.160026] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.160049] ? kasan_atomics_helper+0x4b88/0x5450 [ 15.160070] kasan_report+0x141/0x180 [ 15.160093] ? kasan_atomics_helper+0x4b88/0x5450 [ 15.160120] __asan_report_load4_noabort+0x18/0x20 [ 15.160144] kasan_atomics_helper+0x4b88/0x5450 [ 15.160166] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.160188] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.160213] ? kasan_atomics+0x152/0x310 [ 15.160240] kasan_atomics+0x1dc/0x310 [ 15.160262] ? __pfx_kasan_atomics+0x10/0x10 [ 15.160287] ? __pfx_read_tsc+0x10/0x10 [ 15.160307] ? ktime_get_ts64+0x86/0x230 [ 15.160332] kunit_try_run_case+0x1a5/0x480 [ 15.160357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.160405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.160429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.160453] ? __kthread_parkme+0x82/0x180 [ 15.160474] ? preempt_count_sub+0x50/0x80 [ 15.160499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.160627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.160654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.160734] kthread+0x337/0x6f0 [ 15.160757] ? trace_preempt_on+0x20/0xc0 [ 15.160782] ? __pfx_kthread+0x10/0x10 [ 15.160822] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.160846] ? calculate_sigpending+0x7b/0xa0 [ 15.160871] ? __pfx_kthread+0x10/0x10 [ 15.160909] ret_from_fork+0x116/0x1d0 [ 15.160942] ? __pfx_kthread+0x10/0x10 [ 15.160977] ret_from_fork_asm+0x1a/0x30 [ 15.161024] </TASK> [ 15.161036] [ 15.175182] Allocated by task 283: [ 15.175327] kasan_save_stack+0x45/0x70 [ 15.175492] kasan_save_track+0x18/0x40 [ 15.175635] kasan_save_alloc_info+0x3b/0x50 [ 15.175788] __kasan_kmalloc+0xb7/0xc0 [ 15.175923] __kmalloc_cache_noprof+0x189/0x420 [ 15.176081] kasan_atomics+0x95/0x310 [ 15.176219] kunit_try_run_case+0x1a5/0x480 [ 15.176368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.176845] kthread+0x337/0x6f0 [ 15.177146] ret_from_fork+0x116/0x1d0 [ 15.177563] ret_from_fork_asm+0x1a/0x30 [ 15.177935] [ 15.178096] The buggy address belongs to the object at ffff88810394df80 [ 15.178096] which belongs to the cache kmalloc-64 of size 64 [ 15.179429] The buggy address is located 0 bytes to the right of [ 15.179429] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.180942] [ 15.181221] The buggy address belongs to the physical page: [ 15.181767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.182530] flags: 0x200000000000000(node=0|zone=2) [ 15.183043] page_type: f5(slab) [ 15.183457] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.184368] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.185265] page dumped because: kasan: bad access detected [ 15.185809] [ 15.185988] Memory state around the buggy address: [ 15.186647] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.187485] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.187927] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.188421] ^ [ 15.188892] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.189686] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.190370] ================================================================== [ 15.138691] ================================================================== [ 15.139256] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 15.139519] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.139999] [ 15.140142] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.140186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.140197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.140219] Call Trace: [ 15.140233] <TASK> [ 15.140249] dump_stack_lvl+0x73/0xb0 [ 15.140277] print_report+0xd1/0x610 [ 15.140322] ? __virt_addr_valid+0x1db/0x2d0 [ 15.140345] ? kasan_atomics_helper+0x4ba2/0x5450 [ 15.140366] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.140388] ? kasan_atomics_helper+0x4ba2/0x5450 [ 15.140441] kasan_report+0x141/0x180 [ 15.140464] ? kasan_atomics_helper+0x4ba2/0x5450 [ 15.140491] __asan_report_store4_noabort+0x1b/0x30 [ 15.140515] kasan_atomics_helper+0x4ba2/0x5450 [ 15.140538] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.140560] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.140585] ? kasan_atomics+0x152/0x310 [ 15.140613] kasan_atomics+0x1dc/0x310 [ 15.140635] ? __pfx_kasan_atomics+0x10/0x10 [ 15.140659] ? __pfx_read_tsc+0x10/0x10 [ 15.140683] ? ktime_get_ts64+0x86/0x230 [ 15.140708] kunit_try_run_case+0x1a5/0x480 [ 15.140732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.140773] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.140797] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.140821] ? __kthread_parkme+0x82/0x180 [ 15.140842] ? preempt_count_sub+0x50/0x80 [ 15.140865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.140890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.140915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.140956] kthread+0x337/0x6f0 [ 15.140975] ? trace_preempt_on+0x20/0xc0 [ 15.141000] ? __pfx_kthread+0x10/0x10 [ 15.141021] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.141061] ? calculate_sigpending+0x7b/0xa0 [ 15.141085] ? __pfx_kthread+0x10/0x10 [ 15.141107] ret_from_fork+0x116/0x1d0 [ 15.141125] ? __pfx_kthread+0x10/0x10 [ 15.141146] ret_from_fork_asm+0x1a/0x30 [ 15.141196] </TASK> [ 15.141206] [ 15.149648] Allocated by task 283: [ 15.149848] kasan_save_stack+0x45/0x70 [ 15.150070] kasan_save_track+0x18/0x40 [ 15.150293] kasan_save_alloc_info+0x3b/0x50 [ 15.150535] __kasan_kmalloc+0xb7/0xc0 [ 15.150690] __kmalloc_cache_noprof+0x189/0x420 [ 15.150943] kasan_atomics+0x95/0x310 [ 15.151163] kunit_try_run_case+0x1a5/0x480 [ 15.151426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.151681] kthread+0x337/0x6f0 [ 15.151807] ret_from_fork+0x116/0x1d0 [ 15.151941] ret_from_fork_asm+0x1a/0x30 [ 15.152083] [ 15.152155] The buggy address belongs to the object at ffff88810394df80 [ 15.152155] which belongs to the cache kmalloc-64 of size 64 [ 15.153003] The buggy address is located 0 bytes to the right of [ 15.153003] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.153491] [ 15.153585] The buggy address belongs to the physical page: [ 15.153787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.154031] flags: 0x200000000000000(node=0|zone=2) [ 15.154195] page_type: f5(slab) [ 15.154317] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.154845] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.155878] page dumped because: kasan: bad access detected [ 15.156269] [ 15.156339] Memory state around the buggy address: [ 15.156501] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.156717] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.156926] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.157131] ^ [ 15.157282] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.157751] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.158059] ================================================================== [ 15.999139] ================================================================== [ 15.999502] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 15.999870] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.000180] [ 16.000270] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.000312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.000325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.000348] Call Trace: [ 16.000363] <TASK> [ 16.000380] dump_stack_lvl+0x73/0xb0 [ 16.000420] print_report+0xd1/0x610 [ 16.000444] ? __virt_addr_valid+0x1db/0x2d0 [ 16.000468] ? kasan_atomics_helper+0x151d/0x5450 [ 16.000490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.000515] ? kasan_atomics_helper+0x151d/0x5450 [ 16.000538] kasan_report+0x141/0x180 [ 16.000562] ? kasan_atomics_helper+0x151d/0x5450 [ 16.000591] kasan_check_range+0x10c/0x1c0 [ 16.000615] __kasan_check_write+0x18/0x20 [ 16.000637] kasan_atomics_helper+0x151d/0x5450 [ 16.000661] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.000707] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.000734] ? kasan_atomics+0x152/0x310 [ 16.000784] kasan_atomics+0x1dc/0x310 [ 16.000809] ? __pfx_kasan_atomics+0x10/0x10 [ 16.000835] ? __pfx_read_tsc+0x10/0x10 [ 16.000860] ? ktime_get_ts64+0x86/0x230 [ 16.000903] kunit_try_run_case+0x1a5/0x480 [ 16.000931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.000970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.000997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.001037] ? __kthread_parkme+0x82/0x180 [ 16.001072] ? preempt_count_sub+0x50/0x80 [ 16.001112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.001152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.001190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.001230] kthread+0x337/0x6f0 [ 16.001264] ? trace_preempt_on+0x20/0xc0 [ 16.001302] ? __pfx_kthread+0x10/0x10 [ 16.001338] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.001376] ? calculate_sigpending+0x7b/0xa0 [ 16.001425] ? __pfx_kthread+0x10/0x10 [ 16.001463] ret_from_fork+0x116/0x1d0 [ 16.001497] ? __pfx_kthread+0x10/0x10 [ 16.001532] ret_from_fork_asm+0x1a/0x30 [ 16.001580] </TASK> [ 16.001605] [ 16.009803] Allocated by task 283: [ 16.009981] kasan_save_stack+0x45/0x70 [ 16.010180] kasan_save_track+0x18/0x40 [ 16.010344] kasan_save_alloc_info+0x3b/0x50 [ 16.010502] __kasan_kmalloc+0xb7/0xc0 [ 16.010636] __kmalloc_cache_noprof+0x189/0x420 [ 16.010789] kasan_atomics+0x95/0x310 [ 16.010924] kunit_try_run_case+0x1a5/0x480 [ 16.011068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.011514] kthread+0x337/0x6f0 [ 16.011799] ret_from_fork+0x116/0x1d0 [ 16.011989] ret_from_fork_asm+0x1a/0x30 [ 16.012215] [ 16.012345] The buggy address belongs to the object at ffff88810394df80 [ 16.012345] which belongs to the cache kmalloc-64 of size 64 [ 16.013327] The buggy address is located 0 bytes to the right of [ 16.013327] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.013984] [ 16.014059] The buggy address belongs to the physical page: [ 16.014319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.014879] flags: 0x200000000000000(node=0|zone=2) [ 16.015300] page_type: f5(slab) [ 16.015675] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.016329] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.016578] page dumped because: kasan: bad access detected [ 16.016755] [ 16.016827] Memory state around the buggy address: [ 16.016977] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.017189] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.017412] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.018141] ^ [ 16.018696] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.019590] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.020450] ================================================================== [ 15.766927] ================================================================== [ 15.767293] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 15.767820] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.768288] [ 15.768480] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.768530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.768544] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.768568] Call Trace: [ 15.768584] <TASK> [ 15.768601] dump_stack_lvl+0x73/0xb0 [ 15.768632] print_report+0xd1/0x610 [ 15.768655] ? __virt_addr_valid+0x1db/0x2d0 [ 15.768696] ? kasan_atomics_helper+0x1079/0x5450 [ 15.768719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.768743] ? kasan_atomics_helper+0x1079/0x5450 [ 15.768765] kasan_report+0x141/0x180 [ 15.768789] ? kasan_atomics_helper+0x1079/0x5450 [ 15.768818] kasan_check_range+0x10c/0x1c0 [ 15.768843] __kasan_check_write+0x18/0x20 [ 15.768863] kasan_atomics_helper+0x1079/0x5450 [ 15.768887] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.768911] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.768936] ? kasan_atomics+0x152/0x310 [ 15.768966] kasan_atomics+0x1dc/0x310 [ 15.768990] ? __pfx_kasan_atomics+0x10/0x10 [ 15.769015] ? __pfx_read_tsc+0x10/0x10 [ 15.769038] ? ktime_get_ts64+0x86/0x230 [ 15.769064] kunit_try_run_case+0x1a5/0x480 [ 15.769090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.769113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.769140] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.769165] ? __kthread_parkme+0x82/0x180 [ 15.769187] ? preempt_count_sub+0x50/0x80 [ 15.769213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.769239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.769264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.769290] kthread+0x337/0x6f0 [ 15.769311] ? trace_preempt_on+0x20/0xc0 [ 15.769335] ? __pfx_kthread+0x10/0x10 [ 15.769357] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.769380] ? calculate_sigpending+0x7b/0xa0 [ 15.769418] ? __pfx_kthread+0x10/0x10 [ 15.769441] ret_from_fork+0x116/0x1d0 [ 15.769461] ? __pfx_kthread+0x10/0x10 [ 15.769483] ret_from_fork_asm+0x1a/0x30 [ 15.769517] </TASK> [ 15.769529] [ 15.776602] Allocated by task 283: [ 15.776803] kasan_save_stack+0x45/0x70 [ 15.777007] kasan_save_track+0x18/0x40 [ 15.777203] kasan_save_alloc_info+0x3b/0x50 [ 15.777441] __kasan_kmalloc+0xb7/0xc0 [ 15.777688] __kmalloc_cache_noprof+0x189/0x420 [ 15.777890] kasan_atomics+0x95/0x310 [ 15.778077] kunit_try_run_case+0x1a5/0x480 [ 15.778228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.778494] kthread+0x337/0x6f0 [ 15.778734] ret_from_fork+0x116/0x1d0 [ 15.778890] ret_from_fork_asm+0x1a/0x30 [ 15.779092] [ 15.779169] The buggy address belongs to the object at ffff88810394df80 [ 15.779169] which belongs to the cache kmalloc-64 of size 64 [ 15.779654] The buggy address is located 0 bytes to the right of [ 15.779654] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.780131] [ 15.780230] The buggy address belongs to the physical page: [ 15.780463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.780711] flags: 0x200000000000000(node=0|zone=2) [ 15.780879] page_type: f5(slab) [ 15.781006] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.781242] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.781579] page dumped because: kasan: bad access detected [ 15.782139] [ 15.782234] Memory state around the buggy address: [ 15.782469] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.782785] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.783099] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.783362] ^ [ 15.783531] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.784197] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.784489] ================================================================== [ 15.979152] ================================================================== [ 15.979670] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 15.980019] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.980379] [ 15.980499] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.980542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.980555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.980576] Call Trace: [ 15.980594] <TASK> [ 15.980612] dump_stack_lvl+0x73/0xb0 [ 15.980642] print_report+0xd1/0x610 [ 15.980669] ? __virt_addr_valid+0x1db/0x2d0 [ 15.980694] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.980731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.980757] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.980783] kasan_report+0x141/0x180 [ 15.980807] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.980836] __asan_report_store8_noabort+0x1b/0x30 [ 15.980862] kasan_atomics_helper+0x50d4/0x5450 [ 15.980887] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.980911] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.980938] ? kasan_atomics+0x152/0x310 [ 15.980967] kasan_atomics+0x1dc/0x310 [ 15.980992] ? __pfx_kasan_atomics+0x10/0x10 [ 15.981018] ? __pfx_read_tsc+0x10/0x10 [ 15.981039] ? ktime_get_ts64+0x86/0x230 [ 15.981066] kunit_try_run_case+0x1a5/0x480 [ 15.981093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.981118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.981143] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.981169] ? __kthread_parkme+0x82/0x180 [ 15.981191] ? preempt_count_sub+0x50/0x80 [ 15.981217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.981244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.981269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.981294] kthread+0x337/0x6f0 [ 15.981316] ? trace_preempt_on+0x20/0xc0 [ 15.981340] ? __pfx_kthread+0x10/0x10 [ 15.981363] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.981387] ? calculate_sigpending+0x7b/0xa0 [ 15.981423] ? __pfx_kthread+0x10/0x10 [ 15.981447] ret_from_fork+0x116/0x1d0 [ 15.981467] ? __pfx_kthread+0x10/0x10 [ 15.981489] ret_from_fork_asm+0x1a/0x30 [ 15.981523] </TASK> [ 15.981534] [ 15.989982] Allocated by task 283: [ 15.990198] kasan_save_stack+0x45/0x70 [ 15.990424] kasan_save_track+0x18/0x40 [ 15.990621] kasan_save_alloc_info+0x3b/0x50 [ 15.990833] __kasan_kmalloc+0xb7/0xc0 [ 15.991125] __kmalloc_cache_noprof+0x189/0x420 [ 15.991353] kasan_atomics+0x95/0x310 [ 15.991552] kunit_try_run_case+0x1a5/0x480 [ 15.991719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.991898] kthread+0x337/0x6f0 [ 15.992021] ret_from_fork+0x116/0x1d0 [ 15.992156] ret_from_fork_asm+0x1a/0x30 [ 15.992297] [ 15.992371] The buggy address belongs to the object at ffff88810394df80 [ 15.992371] which belongs to the cache kmalloc-64 of size 64 [ 15.993435] The buggy address is located 0 bytes to the right of [ 15.993435] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.994497] [ 15.994604] The buggy address belongs to the physical page: [ 15.994847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.995185] flags: 0x200000000000000(node=0|zone=2) [ 15.995382] page_type: f5(slab) [ 15.995556] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.995930] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.996272] page dumped because: kasan: bad access detected [ 15.996530] [ 15.996624] Memory state around the buggy address: [ 15.996876] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.997163] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.997415] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.997626] ^ [ 15.997869] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.998207] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.998536] ================================================================== [ 15.698210] ================================================================== [ 15.698512] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 15.699128] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.699662] [ 15.699784] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.699831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.699844] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.699978] Call Trace: [ 15.699997] <TASK> [ 15.700014] dump_stack_lvl+0x73/0xb0 [ 15.700047] print_report+0xd1/0x610 [ 15.700070] ? __virt_addr_valid+0x1db/0x2d0 [ 15.700094] ? kasan_atomics_helper+0xf10/0x5450 [ 15.700116] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.700140] ? kasan_atomics_helper+0xf10/0x5450 [ 15.700163] kasan_report+0x141/0x180 [ 15.700187] ? kasan_atomics_helper+0xf10/0x5450 [ 15.700214] kasan_check_range+0x10c/0x1c0 [ 15.700239] __kasan_check_write+0x18/0x20 [ 15.700260] kasan_atomics_helper+0xf10/0x5450 [ 15.700284] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.700308] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.700334] ? kasan_atomics+0x152/0x310 [ 15.700362] kasan_atomics+0x1dc/0x310 [ 15.700387] ? __pfx_kasan_atomics+0x10/0x10 [ 15.700424] ? __pfx_read_tsc+0x10/0x10 [ 15.700446] ? ktime_get_ts64+0x86/0x230 [ 15.700474] kunit_try_run_case+0x1a5/0x480 [ 15.700502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.700527] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.700553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.700601] ? __kthread_parkme+0x82/0x180 [ 15.700623] ? preempt_count_sub+0x50/0x80 [ 15.700649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.700681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.700707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.700732] kthread+0x337/0x6f0 [ 15.700754] ? trace_preempt_on+0x20/0xc0 [ 15.700779] ? __pfx_kthread+0x10/0x10 [ 15.700801] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.700825] ? calculate_sigpending+0x7b/0xa0 [ 15.700850] ? __pfx_kthread+0x10/0x10 [ 15.700874] ret_from_fork+0x116/0x1d0 [ 15.700894] ? __pfx_kthread+0x10/0x10 [ 15.700919] ret_from_fork_asm+0x1a/0x30 [ 15.700956] </TASK> [ 15.700969] [ 15.710820] Allocated by task 283: [ 15.710995] kasan_save_stack+0x45/0x70 [ 15.711188] kasan_save_track+0x18/0x40 [ 15.711360] kasan_save_alloc_info+0x3b/0x50 [ 15.711806] __kasan_kmalloc+0xb7/0xc0 [ 15.711997] __kmalloc_cache_noprof+0x189/0x420 [ 15.712323] kasan_atomics+0x95/0x310 [ 15.712528] kunit_try_run_case+0x1a5/0x480 [ 15.712913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.713220] kthread+0x337/0x6f0 [ 15.713387] ret_from_fork+0x116/0x1d0 [ 15.713665] ret_from_fork_asm+0x1a/0x30 [ 15.713841] [ 15.713944] The buggy address belongs to the object at ffff88810394df80 [ 15.713944] which belongs to the cache kmalloc-64 of size 64 [ 15.714432] The buggy address is located 0 bytes to the right of [ 15.714432] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.715214] [ 15.715388] The buggy address belongs to the physical page: [ 15.715821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.716227] flags: 0x200000000000000(node=0|zone=2) [ 15.716541] page_type: f5(slab) [ 15.716817] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.717203] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.717541] page dumped because: kasan: bad access detected [ 15.717928] [ 15.718033] Memory state around the buggy address: [ 15.718338] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.718677] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.718975] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.719282] ^ [ 15.719507] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.720008] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.720402] ================================================================== [ 16.091515] ================================================================== [ 16.091781] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 16.092697] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.093150] [ 16.093269] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.093385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.093410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.093434] Call Trace: [ 16.093450] <TASK> [ 16.093467] dump_stack_lvl+0x73/0xb0 [ 16.093500] print_report+0xd1/0x610 [ 16.093524] ? __virt_addr_valid+0x1db/0x2d0 [ 16.093549] ? kasan_atomics_helper+0x177f/0x5450 [ 16.093572] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.093596] ? kasan_atomics_helper+0x177f/0x5450 [ 16.093620] kasan_report+0x141/0x180 [ 16.093643] ? kasan_atomics_helper+0x177f/0x5450 [ 16.093673] kasan_check_range+0x10c/0x1c0 [ 16.093698] __kasan_check_write+0x18/0x20 [ 16.093719] kasan_atomics_helper+0x177f/0x5450 [ 16.093744] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.093768] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.093794] ? kasan_atomics+0x152/0x310 [ 16.093824] kasan_atomics+0x1dc/0x310 [ 16.093848] ? __pfx_kasan_atomics+0x10/0x10 [ 16.093874] ? __pfx_read_tsc+0x10/0x10 [ 16.093898] ? ktime_get_ts64+0x86/0x230 [ 16.093925] kunit_try_run_case+0x1a5/0x480 [ 16.093953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.093977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.094004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.094030] ? __kthread_parkme+0x82/0x180 [ 16.094052] ? preempt_count_sub+0x50/0x80 [ 16.094077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.094105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.094130] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.094156] kthread+0x337/0x6f0 [ 16.094177] ? trace_preempt_on+0x20/0xc0 [ 16.094202] ? __pfx_kthread+0x10/0x10 [ 16.094226] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.094251] ? calculate_sigpending+0x7b/0xa0 [ 16.094277] ? __pfx_kthread+0x10/0x10 [ 16.094301] ret_from_fork+0x116/0x1d0 [ 16.094322] ? __pfx_kthread+0x10/0x10 [ 16.094344] ret_from_fork_asm+0x1a/0x30 [ 16.094379] </TASK> [ 16.094391] [ 16.104420] Allocated by task 283: [ 16.104810] kasan_save_stack+0x45/0x70 [ 16.104982] kasan_save_track+0x18/0x40 [ 16.105289] kasan_save_alloc_info+0x3b/0x50 [ 16.105501] __kasan_kmalloc+0xb7/0xc0 [ 16.105759] __kmalloc_cache_noprof+0x189/0x420 [ 16.106086] kasan_atomics+0x95/0x310 [ 16.106333] kunit_try_run_case+0x1a5/0x480 [ 16.106542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.106914] kthread+0x337/0x6f0 [ 16.107049] ret_from_fork+0x116/0x1d0 [ 16.107313] ret_from_fork_asm+0x1a/0x30 [ 16.107565] [ 16.107650] The buggy address belongs to the object at ffff88810394df80 [ 16.107650] which belongs to the cache kmalloc-64 of size 64 [ 16.108009] The buggy address is located 0 bytes to the right of [ 16.108009] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.108384] [ 16.108476] The buggy address belongs to the physical page: [ 16.108656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.109159] flags: 0x200000000000000(node=0|zone=2) [ 16.109411] page_type: f5(slab) [ 16.109550] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.109822] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.110318] page dumped because: kasan: bad access detected [ 16.110650] [ 16.110725] Memory state around the buggy address: [ 16.110886] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.111173] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.111503] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.111802] ^ [ 16.112009] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.112293] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.112547] ================================================================== [ 15.533268] ================================================================== [ 15.533714] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 15.534295] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.534676] [ 15.534789] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.534836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.534849] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.534871] Call Trace: [ 15.534888] <TASK> [ 15.534904] dump_stack_lvl+0x73/0xb0 [ 15.534934] print_report+0xd1/0x610 [ 15.534957] ? __virt_addr_valid+0x1db/0x2d0 [ 15.534981] ? kasan_atomics_helper+0xac7/0x5450 [ 15.535003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.535028] ? kasan_atomics_helper+0xac7/0x5450 [ 15.535051] kasan_report+0x141/0x180 [ 15.535074] ? kasan_atomics_helper+0xac7/0x5450 [ 15.535101] kasan_check_range+0x10c/0x1c0 [ 15.535127] __kasan_check_write+0x18/0x20 [ 15.535202] kasan_atomics_helper+0xac7/0x5450 [ 15.535265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.535306] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.535333] ? kasan_atomics+0x152/0x310 [ 15.535361] kasan_atomics+0x1dc/0x310 [ 15.535385] ? __pfx_kasan_atomics+0x10/0x10 [ 15.535421] ? __pfx_read_tsc+0x10/0x10 [ 15.535444] ? ktime_get_ts64+0x86/0x230 [ 15.535471] kunit_try_run_case+0x1a5/0x480 [ 15.535498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.535521] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.535546] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.535572] ? __kthread_parkme+0x82/0x180 [ 15.535645] ? preempt_count_sub+0x50/0x80 [ 15.535671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.535709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.535734] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.535800] kthread+0x337/0x6f0 [ 15.535842] ? trace_preempt_on+0x20/0xc0 [ 15.535886] ? __pfx_kthread+0x10/0x10 [ 15.535908] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.535933] ? calculate_sigpending+0x7b/0xa0 [ 15.535960] ? __pfx_kthread+0x10/0x10 [ 15.535985] ret_from_fork+0x116/0x1d0 [ 15.536006] ? __pfx_kthread+0x10/0x10 [ 15.536028] ret_from_fork_asm+0x1a/0x30 [ 15.536063] </TASK> [ 15.536074] [ 15.545048] Allocated by task 283: [ 15.545198] kasan_save_stack+0x45/0x70 [ 15.545391] kasan_save_track+0x18/0x40 [ 15.545601] kasan_save_alloc_info+0x3b/0x50 [ 15.546023] __kasan_kmalloc+0xb7/0xc0 [ 15.546276] __kmalloc_cache_noprof+0x189/0x420 [ 15.546513] kasan_atomics+0x95/0x310 [ 15.546734] kunit_try_run_case+0x1a5/0x480 [ 15.546926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.547111] kthread+0x337/0x6f0 [ 15.547357] ret_from_fork+0x116/0x1d0 [ 15.547569] ret_from_fork_asm+0x1a/0x30 [ 15.547785] [ 15.548005] The buggy address belongs to the object at ffff88810394df80 [ 15.548005] which belongs to the cache kmalloc-64 of size 64 [ 15.548554] The buggy address is located 0 bytes to the right of [ 15.548554] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.549212] [ 15.549313] The buggy address belongs to the physical page: [ 15.549533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.550079] flags: 0x200000000000000(node=0|zone=2) [ 15.550506] page_type: f5(slab) [ 15.550797] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.551045] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.551493] page dumped because: kasan: bad access detected [ 15.551978] [ 15.552068] Memory state around the buggy address: [ 15.552338] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.552603] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.552984] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.553495] ^ [ 15.553783] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.554057] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.554527] ================================================================== [ 15.326925] ================================================================== [ 15.328320] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 15.328805] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.329683] [ 15.329786] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.329834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.329848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.329871] Call Trace: [ 15.329885] <TASK> [ 15.329902] dump_stack_lvl+0x73/0xb0 [ 15.329934] print_report+0xd1/0x610 [ 15.329958] ? __virt_addr_valid+0x1db/0x2d0 [ 15.329982] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.330005] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.330103] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.330127] kasan_report+0x141/0x180 [ 15.330152] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.330333] kasan_check_range+0x10c/0x1c0 [ 15.330368] __kasan_check_write+0x18/0x20 [ 15.330390] kasan_atomics_helper+0x5fe/0x5450 [ 15.330427] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.330452] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.330479] ? kasan_atomics+0x152/0x310 [ 15.330508] kasan_atomics+0x1dc/0x310 [ 15.330532] ? __pfx_kasan_atomics+0x10/0x10 [ 15.330558] ? __pfx_read_tsc+0x10/0x10 [ 15.330603] ? ktime_get_ts64+0x86/0x230 [ 15.330632] kunit_try_run_case+0x1a5/0x480 [ 15.330660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.330685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.330712] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.330738] ? __kthread_parkme+0x82/0x180 [ 15.330760] ? preempt_count_sub+0x50/0x80 [ 15.330786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.330813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.330839] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.330864] kthread+0x337/0x6f0 [ 15.330885] ? trace_preempt_on+0x20/0xc0 [ 15.330911] ? __pfx_kthread+0x10/0x10 [ 15.330933] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.330956] ? calculate_sigpending+0x7b/0xa0 [ 15.330981] ? __pfx_kthread+0x10/0x10 [ 15.331004] ret_from_fork+0x116/0x1d0 [ 15.331084] ? __pfx_kthread+0x10/0x10 [ 15.331107] ret_from_fork_asm+0x1a/0x30 [ 15.331141] </TASK> [ 15.331153] [ 15.348052] Allocated by task 283: [ 15.348656] kasan_save_stack+0x45/0x70 [ 15.348826] kasan_save_track+0x18/0x40 [ 15.348968] kasan_save_alloc_info+0x3b/0x50 [ 15.349163] __kasan_kmalloc+0xb7/0xc0 [ 15.349581] __kmalloc_cache_noprof+0x189/0x420 [ 15.350385] kasan_atomics+0x95/0x310 [ 15.350794] kunit_try_run_case+0x1a5/0x480 [ 15.351406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.352165] kthread+0x337/0x6f0 [ 15.352614] ret_from_fork+0x116/0x1d0 [ 15.352951] ret_from_fork_asm+0x1a/0x30 [ 15.353656] [ 15.353905] The buggy address belongs to the object at ffff88810394df80 [ 15.353905] which belongs to the cache kmalloc-64 of size 64 [ 15.354508] The buggy address is located 0 bytes to the right of [ 15.354508] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.355889] [ 15.355977] The buggy address belongs to the physical page: [ 15.356157] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.356419] flags: 0x200000000000000(node=0|zone=2) [ 15.356594] page_type: f5(slab) [ 15.357015] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.357351] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.357956] page dumped because: kasan: bad access detected [ 15.358157] [ 15.358258] Memory state around the buggy address: [ 15.358677] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.359243] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.359549] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.359930] ^ [ 15.360322] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.360858] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.361354] ================================================================== [ 16.323028] ================================================================== [ 16.323384] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 16.323962] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.324720] [ 16.324833] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.324903] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.324985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.325009] Call Trace: [ 16.325027] <TASK> [ 16.325045] dump_stack_lvl+0x73/0xb0 [ 16.325078] print_report+0xd1/0x610 [ 16.325101] ? __virt_addr_valid+0x1db/0x2d0 [ 16.325125] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.325148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.325173] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.325195] kasan_report+0x141/0x180 [ 16.325219] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.325248] kasan_check_range+0x10c/0x1c0 [ 16.325273] __kasan_check_write+0x18/0x20 [ 16.325293] kasan_atomics_helper+0x1e12/0x5450 [ 16.325318] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.325342] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.325369] ? kasan_atomics+0x152/0x310 [ 16.325410] kasan_atomics+0x1dc/0x310 [ 16.325435] ? __pfx_kasan_atomics+0x10/0x10 [ 16.325462] ? __pfx_read_tsc+0x10/0x10 [ 16.325484] ? ktime_get_ts64+0x86/0x230 [ 16.325512] kunit_try_run_case+0x1a5/0x480 [ 16.325540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.325565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.325615] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.325640] ? __kthread_parkme+0x82/0x180 [ 16.325661] ? preempt_count_sub+0x50/0x80 [ 16.325686] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.325713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.325740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.325766] kthread+0x337/0x6f0 [ 16.325787] ? trace_preempt_on+0x20/0xc0 [ 16.325812] ? __pfx_kthread+0x10/0x10 [ 16.325834] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.325857] ? calculate_sigpending+0x7b/0xa0 [ 16.325883] ? __pfx_kthread+0x10/0x10 [ 16.325907] ret_from_fork+0x116/0x1d0 [ 16.325927] ? __pfx_kthread+0x10/0x10 [ 16.325949] ret_from_fork_asm+0x1a/0x30 [ 16.325983] </TASK> [ 16.325994] [ 16.336443] Allocated by task 283: [ 16.336919] kasan_save_stack+0x45/0x70 [ 16.337185] kasan_save_track+0x18/0x40 [ 16.337544] kasan_save_alloc_info+0x3b/0x50 [ 16.337780] __kasan_kmalloc+0xb7/0xc0 [ 16.337967] __kmalloc_cache_noprof+0x189/0x420 [ 16.338194] kasan_atomics+0x95/0x310 [ 16.338388] kunit_try_run_case+0x1a5/0x480 [ 16.338972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.339222] kthread+0x337/0x6f0 [ 16.339499] ret_from_fork+0x116/0x1d0 [ 16.339710] ret_from_fork_asm+0x1a/0x30 [ 16.340075] [ 16.340185] The buggy address belongs to the object at ffff88810394df80 [ 16.340185] which belongs to the cache kmalloc-64 of size 64 [ 16.341023] The buggy address is located 0 bytes to the right of [ 16.341023] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.341564] [ 16.341894] The buggy address belongs to the physical page: [ 16.342233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.342689] flags: 0x200000000000000(node=0|zone=2) [ 16.342940] page_type: f5(slab) [ 16.343301] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.343677] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.344084] page dumped because: kasan: bad access detected [ 16.344425] [ 16.344553] Memory state around the buggy address: [ 16.345018] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.345355] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.345884] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.346312] ^ [ 16.346630] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.347058] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.347414] ================================================================== [ 15.820087] ================================================================== [ 15.820415] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 15.820777] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.821040] [ 15.821150] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.821192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.821205] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.821227] Call Trace: [ 15.821243] <TASK> [ 15.821260] dump_stack_lvl+0x73/0xb0 [ 15.821288] print_report+0xd1/0x610 [ 15.821311] ? __virt_addr_valid+0x1db/0x2d0 [ 15.821335] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.821357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.821381] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.821416] kasan_report+0x141/0x180 [ 15.821439] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.821468] __asan_report_load4_noabort+0x18/0x20 [ 15.821493] kasan_atomics_helper+0x4a02/0x5450 [ 15.821517] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.821542] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.821568] ? kasan_atomics+0x152/0x310 [ 15.821596] kasan_atomics+0x1dc/0x310 [ 15.821621] ? __pfx_kasan_atomics+0x10/0x10 [ 15.821647] ? __pfx_read_tsc+0x10/0x10 [ 15.821669] ? ktime_get_ts64+0x86/0x230 [ 15.821695] kunit_try_run_case+0x1a5/0x480 [ 15.821721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.821745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.821771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.821797] ? __kthread_parkme+0x82/0x180 [ 15.821819] ? preempt_count_sub+0x50/0x80 [ 15.821843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.821869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.821894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.821919] kthread+0x337/0x6f0 [ 15.821941] ? trace_preempt_on+0x20/0xc0 [ 15.821965] ? __pfx_kthread+0x10/0x10 [ 15.821987] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.822010] ? calculate_sigpending+0x7b/0xa0 [ 15.822035] ? __pfx_kthread+0x10/0x10 [ 15.822058] ret_from_fork+0x116/0x1d0 [ 15.822078] ? __pfx_kthread+0x10/0x10 [ 15.822101] ret_from_fork_asm+0x1a/0x30 [ 15.822136] </TASK> [ 15.822146] [ 15.829305] Allocated by task 283: [ 15.829496] kasan_save_stack+0x45/0x70 [ 15.829692] kasan_save_track+0x18/0x40 [ 15.830015] kasan_save_alloc_info+0x3b/0x50 [ 15.830228] __kasan_kmalloc+0xb7/0xc0 [ 15.830432] __kmalloc_cache_noprof+0x189/0x420 [ 15.830626] kasan_atomics+0x95/0x310 [ 15.830814] kunit_try_run_case+0x1a5/0x480 [ 15.830966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.831182] kthread+0x337/0x6f0 [ 15.831358] ret_from_fork+0x116/0x1d0 [ 15.831551] ret_from_fork_asm+0x1a/0x30 [ 15.831763] [ 15.831861] The buggy address belongs to the object at ffff88810394df80 [ 15.831861] which belongs to the cache kmalloc-64 of size 64 [ 15.832313] The buggy address is located 0 bytes to the right of [ 15.832313] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.832834] [ 15.832935] The buggy address belongs to the physical page: [ 15.833160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.833469] flags: 0x200000000000000(node=0|zone=2) [ 15.833736] page_type: f5(slab) [ 15.833875] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.834182] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.834494] page dumped because: kasan: bad access detected [ 15.834752] [ 15.834829] Memory state around the buggy address: [ 15.835054] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.835300] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.835532] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.835751] ^ [ 15.835909] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.836129] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.836347] ================================================================== [ 15.304336] ================================================================== [ 15.304869] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 15.305521] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.305870] [ 15.306012] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.306060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.306073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.306096] Call Trace: [ 15.306110] <TASK> [ 15.306126] dump_stack_lvl+0x73/0xb0 [ 15.306204] print_report+0xd1/0x610 [ 15.306245] ? __virt_addr_valid+0x1db/0x2d0 [ 15.306270] ? kasan_atomics_helper+0x565/0x5450 [ 15.306292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.306317] ? kasan_atomics_helper+0x565/0x5450 [ 15.306340] kasan_report+0x141/0x180 [ 15.306364] ? kasan_atomics_helper+0x565/0x5450 [ 15.306392] kasan_check_range+0x10c/0x1c0 [ 15.306430] __kasan_check_write+0x18/0x20 [ 15.306450] kasan_atomics_helper+0x565/0x5450 [ 15.306474] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.306498] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.306524] ? kasan_atomics+0x152/0x310 [ 15.306554] kasan_atomics+0x1dc/0x310 [ 15.306578] ? __pfx_kasan_atomics+0x10/0x10 [ 15.306613] ? __pfx_read_tsc+0x10/0x10 [ 15.306636] ? ktime_get_ts64+0x86/0x230 [ 15.306664] kunit_try_run_case+0x1a5/0x480 [ 15.306702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.306727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.306753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.306778] ? __kthread_parkme+0x82/0x180 [ 15.306800] ? preempt_count_sub+0x50/0x80 [ 15.306826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.306852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.306877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.306903] kthread+0x337/0x6f0 [ 15.306923] ? trace_preempt_on+0x20/0xc0 [ 15.306948] ? __pfx_kthread+0x10/0x10 [ 15.306982] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.307005] ? calculate_sigpending+0x7b/0xa0 [ 15.307067] ? __pfx_kthread+0x10/0x10 [ 15.307103] ret_from_fork+0x116/0x1d0 [ 15.307124] ? __pfx_kthread+0x10/0x10 [ 15.307146] ret_from_fork_asm+0x1a/0x30 [ 15.307191] </TASK> [ 15.307204] [ 15.315933] Allocated by task 283: [ 15.316145] kasan_save_stack+0x45/0x70 [ 15.316460] kasan_save_track+0x18/0x40 [ 15.316737] kasan_save_alloc_info+0x3b/0x50 [ 15.316961] __kasan_kmalloc+0xb7/0xc0 [ 15.317201] __kmalloc_cache_noprof+0x189/0x420 [ 15.317456] kasan_atomics+0x95/0x310 [ 15.317607] kunit_try_run_case+0x1a5/0x480 [ 15.317819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.318127] kthread+0x337/0x6f0 [ 15.318278] ret_from_fork+0x116/0x1d0 [ 15.318425] ret_from_fork_asm+0x1a/0x30 [ 15.318568] [ 15.318809] The buggy address belongs to the object at ffff88810394df80 [ 15.318809] which belongs to the cache kmalloc-64 of size 64 [ 15.319447] The buggy address is located 0 bytes to the right of [ 15.319447] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.320248] [ 15.320332] The buggy address belongs to the physical page: [ 15.320525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.320780] flags: 0x200000000000000(node=0|zone=2) [ 15.320946] page_type: f5(slab) [ 15.321070] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.321384] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.321988] page dumped because: kasan: bad access detected [ 15.322622] [ 15.322725] Memory state around the buggy address: [ 15.322953] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.323259] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.323496] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.323885] ^ [ 15.324133] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.324516] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.325345] ================================================================== [ 16.412414] ================================================================== [ 16.412977] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 16.413318] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.413572] [ 16.413684] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.413728] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.413743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.413766] Call Trace: [ 16.413782] <TASK> [ 16.413798] dump_stack_lvl+0x73/0xb0 [ 16.413829] print_report+0xd1/0x610 [ 16.413852] ? __virt_addr_valid+0x1db/0x2d0 [ 16.413875] ? kasan_atomics_helper+0x2006/0x5450 [ 16.413897] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.413921] ? kasan_atomics_helper+0x2006/0x5450 [ 16.413944] kasan_report+0x141/0x180 [ 16.413968] ? kasan_atomics_helper+0x2006/0x5450 [ 16.413996] kasan_check_range+0x10c/0x1c0 [ 16.414022] __kasan_check_write+0x18/0x20 [ 16.414042] kasan_atomics_helper+0x2006/0x5450 [ 16.414067] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.414091] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.414128] ? kasan_atomics+0x152/0x310 [ 16.414156] kasan_atomics+0x1dc/0x310 [ 16.414181] ? __pfx_kasan_atomics+0x10/0x10 [ 16.414207] ? __pfx_read_tsc+0x10/0x10 [ 16.414229] ? ktime_get_ts64+0x86/0x230 [ 16.414255] kunit_try_run_case+0x1a5/0x480 [ 16.414281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.414305] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.414331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.414356] ? __kthread_parkme+0x82/0x180 [ 16.414378] ? preempt_count_sub+0x50/0x80 [ 16.414414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.414440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.414465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.414492] kthread+0x337/0x6f0 [ 16.414513] ? trace_preempt_on+0x20/0xc0 [ 16.414538] ? __pfx_kthread+0x10/0x10 [ 16.414561] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.414585] ? calculate_sigpending+0x7b/0xa0 [ 16.414610] ? __pfx_kthread+0x10/0x10 [ 16.414634] ret_from_fork+0x116/0x1d0 [ 16.414654] ? __pfx_kthread+0x10/0x10 [ 16.414676] ret_from_fork_asm+0x1a/0x30 [ 16.414710] </TASK> [ 16.414721] [ 16.422494] Allocated by task 283: [ 16.422729] kasan_save_stack+0x45/0x70 [ 16.422904] kasan_save_track+0x18/0x40 [ 16.423044] kasan_save_alloc_info+0x3b/0x50 [ 16.423197] __kasan_kmalloc+0xb7/0xc0 [ 16.423337] __kmalloc_cache_noprof+0x189/0x420 [ 16.423568] kasan_atomics+0x95/0x310 [ 16.423758] kunit_try_run_case+0x1a5/0x480 [ 16.423964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.424143] kthread+0x337/0x6f0 [ 16.424267] ret_from_fork+0x116/0x1d0 [ 16.424412] ret_from_fork_asm+0x1a/0x30 [ 16.424661] [ 16.424763] The buggy address belongs to the object at ffff88810394df80 [ 16.424763] which belongs to the cache kmalloc-64 of size 64 [ 16.425292] The buggy address is located 0 bytes to the right of [ 16.425292] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.425788] [ 16.425866] The buggy address belongs to the physical page: [ 16.426046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.426292] flags: 0x200000000000000(node=0|zone=2) [ 16.426471] page_type: f5(slab) [ 16.426622] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.426962] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.427293] page dumped because: kasan: bad access detected [ 16.427556] [ 16.427654] Memory state around the buggy address: [ 16.428094] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.428317] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.428546] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.428767] ^ [ 16.428924] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.429462] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.430042] ================================================================== [ 15.283996] ================================================================== [ 15.284342] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 15.284787] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.285179] [ 15.285315] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.285363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.285377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.285410] Call Trace: [ 15.285426] <TASK> [ 15.285443] dump_stack_lvl+0x73/0xb0 [ 15.285483] print_report+0xd1/0x610 [ 15.285507] ? __virt_addr_valid+0x1db/0x2d0 [ 15.285543] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.285565] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.285590] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.285613] kasan_report+0x141/0x180 [ 15.285637] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.285666] __asan_report_store4_noabort+0x1b/0x30 [ 15.285701] kasan_atomics_helper+0x4b3a/0x5450 [ 15.285725] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.285749] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.285788] ? kasan_atomics+0x152/0x310 [ 15.285817] kasan_atomics+0x1dc/0x310 [ 15.285842] ? __pfx_kasan_atomics+0x10/0x10 [ 15.285868] ? __pfx_read_tsc+0x10/0x10 [ 15.285889] ? ktime_get_ts64+0x86/0x230 [ 15.285916] kunit_try_run_case+0x1a5/0x480 [ 15.285944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.285968] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.285993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.286017] ? __kthread_parkme+0x82/0x180 [ 15.286089] ? preempt_count_sub+0x50/0x80 [ 15.286115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.286160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.286186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.286212] kthread+0x337/0x6f0 [ 15.286233] ? trace_preempt_on+0x20/0xc0 [ 15.286258] ? __pfx_kthread+0x10/0x10 [ 15.286281] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.286304] ? calculate_sigpending+0x7b/0xa0 [ 15.286330] ? __pfx_kthread+0x10/0x10 [ 15.286353] ret_from_fork+0x116/0x1d0 [ 15.286373] ? __pfx_kthread+0x10/0x10 [ 15.286405] ret_from_fork_asm+0x1a/0x30 [ 15.286439] </TASK> [ 15.286450] [ 15.294577] Allocated by task 283: [ 15.294715] kasan_save_stack+0x45/0x70 [ 15.294860] kasan_save_track+0x18/0x40 [ 15.294998] kasan_save_alloc_info+0x3b/0x50 [ 15.295181] __kasan_kmalloc+0xb7/0xc0 [ 15.295370] __kmalloc_cache_noprof+0x189/0x420 [ 15.295892] kasan_atomics+0x95/0x310 [ 15.296096] kunit_try_run_case+0x1a5/0x480 [ 15.296316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.296584] kthread+0x337/0x6f0 [ 15.296760] ret_from_fork+0x116/0x1d0 [ 15.296949] ret_from_fork_asm+0x1a/0x30 [ 15.297438] [ 15.297549] The buggy address belongs to the object at ffff88810394df80 [ 15.297549] which belongs to the cache kmalloc-64 of size 64 [ 15.298172] The buggy address is located 0 bytes to the right of [ 15.298172] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.298749] [ 15.298828] The buggy address belongs to the physical page: [ 15.299005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.299421] flags: 0x200000000000000(node=0|zone=2) [ 15.299817] page_type: f5(slab) [ 15.299977] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.300332] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.300788] page dumped because: kasan: bad access detected [ 15.301177] [ 15.301306] Memory state around the buggy address: [ 15.301521] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.302003] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.302305] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.302758] ^ [ 15.302941] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.303368] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.303709] ================================================================== [ 15.464361] ================================================================== [ 15.464752] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 15.465150] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.465516] [ 15.465608] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.465654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.465668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.465692] Call Trace: [ 15.465707] <TASK> [ 15.465723] dump_stack_lvl+0x73/0xb0 [ 15.465752] print_report+0xd1/0x610 [ 15.465775] ? __virt_addr_valid+0x1db/0x2d0 [ 15.465799] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.465822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.465846] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.465869] kasan_report+0x141/0x180 [ 15.465892] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.465920] kasan_check_range+0x10c/0x1c0 [ 15.465944] __kasan_check_write+0x18/0x20 [ 15.465965] kasan_atomics_helper+0x8f9/0x5450 [ 15.466086] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.466135] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.466208] ? kasan_atomics+0x152/0x310 [ 15.466283] kasan_atomics+0x1dc/0x310 [ 15.466351] ? __pfx_kasan_atomics+0x10/0x10 [ 15.466435] ? __pfx_read_tsc+0x10/0x10 [ 15.466482] ? ktime_get_ts64+0x86/0x230 [ 15.466511] kunit_try_run_case+0x1a5/0x480 [ 15.466539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.466564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.466590] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.466615] ? __kthread_parkme+0x82/0x180 [ 15.466637] ? preempt_count_sub+0x50/0x80 [ 15.466664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.466691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.466716] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.466741] kthread+0x337/0x6f0 [ 15.466763] ? trace_preempt_on+0x20/0xc0 [ 15.466788] ? __pfx_kthread+0x10/0x10 [ 15.466810] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.466833] ? calculate_sigpending+0x7b/0xa0 [ 15.466858] ? __pfx_kthread+0x10/0x10 [ 15.466882] ret_from_fork+0x116/0x1d0 [ 15.466902] ? __pfx_kthread+0x10/0x10 [ 15.466924] ret_from_fork_asm+0x1a/0x30 [ 15.466958] </TASK> [ 15.466970] [ 15.475671] Allocated by task 283: [ 15.475899] kasan_save_stack+0x45/0x70 [ 15.476140] kasan_save_track+0x18/0x40 [ 15.476372] kasan_save_alloc_info+0x3b/0x50 [ 15.476650] __kasan_kmalloc+0xb7/0xc0 [ 15.476886] __kmalloc_cache_noprof+0x189/0x420 [ 15.477078] kasan_atomics+0x95/0x310 [ 15.477304] kunit_try_run_case+0x1a5/0x480 [ 15.477549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.477771] kthread+0x337/0x6f0 [ 15.477934] ret_from_fork+0x116/0x1d0 [ 15.478165] ret_from_fork_asm+0x1a/0x30 [ 15.478420] [ 15.478495] The buggy address belongs to the object at ffff88810394df80 [ 15.478495] which belongs to the cache kmalloc-64 of size 64 [ 15.479119] The buggy address is located 0 bytes to the right of [ 15.479119] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.479712] [ 15.479825] The buggy address belongs to the physical page: [ 15.480064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.480496] flags: 0x200000000000000(node=0|zone=2) [ 15.480786] page_type: f5(slab) [ 15.480945] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.481364] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.481735] page dumped because: kasan: bad access detected [ 15.481988] [ 15.482089] Memory state around the buggy address: [ 15.482360] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.482632] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.483110] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.483424] ^ [ 15.483663] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.484003] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.484417] ================================================================== [ 15.619511] ================================================================== [ 15.619856] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 15.620360] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.620774] [ 15.620864] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.620907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.620920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.620942] Call Trace: [ 15.620957] <TASK> [ 15.620974] dump_stack_lvl+0x73/0xb0 [ 15.621002] print_report+0xd1/0x610 [ 15.621026] ? __virt_addr_valid+0x1db/0x2d0 [ 15.621052] ? kasan_atomics_helper+0xd47/0x5450 [ 15.621074] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.621098] ? kasan_atomics_helper+0xd47/0x5450 [ 15.621121] kasan_report+0x141/0x180 [ 15.621158] ? kasan_atomics_helper+0xd47/0x5450 [ 15.621187] kasan_check_range+0x10c/0x1c0 [ 15.621213] __kasan_check_write+0x18/0x20 [ 15.621245] kasan_atomics_helper+0xd47/0x5450 [ 15.621269] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.621293] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.621328] ? kasan_atomics+0x152/0x310 [ 15.621357] kasan_atomics+0x1dc/0x310 [ 15.621381] ? __pfx_kasan_atomics+0x10/0x10 [ 15.621422] ? __pfx_read_tsc+0x10/0x10 [ 15.621445] ? ktime_get_ts64+0x86/0x230 [ 15.621471] kunit_try_run_case+0x1a5/0x480 [ 15.621498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.621532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.621558] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.621583] ? __kthread_parkme+0x82/0x180 [ 15.621615] ? preempt_count_sub+0x50/0x80 [ 15.621642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.621669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.621694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.621728] kthread+0x337/0x6f0 [ 15.621750] ? trace_preempt_on+0x20/0xc0 [ 15.621774] ? __pfx_kthread+0x10/0x10 [ 15.621807] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.621832] ? calculate_sigpending+0x7b/0xa0 [ 15.621857] ? __pfx_kthread+0x10/0x10 [ 15.621881] ret_from_fork+0x116/0x1d0 [ 15.621910] ? __pfx_kthread+0x10/0x10 [ 15.621932] ret_from_fork_asm+0x1a/0x30 [ 15.621977] </TASK> [ 15.621988] [ 15.629593] Allocated by task 283: [ 15.629796] kasan_save_stack+0x45/0x70 [ 15.630025] kasan_save_track+0x18/0x40 [ 15.630423] kasan_save_alloc_info+0x3b/0x50 [ 15.630696] __kasan_kmalloc+0xb7/0xc0 [ 15.630909] __kmalloc_cache_noprof+0x189/0x420 [ 15.631082] kasan_atomics+0x95/0x310 [ 15.631219] kunit_try_run_case+0x1a5/0x480 [ 15.631440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.631847] kthread+0x337/0x6f0 [ 15.632039] ret_from_fork+0x116/0x1d0 [ 15.632220] ret_from_fork_asm+0x1a/0x30 [ 15.632429] [ 15.632519] The buggy address belongs to the object at ffff88810394df80 [ 15.632519] which belongs to the cache kmalloc-64 of size 64 [ 15.632897] The buggy address is located 0 bytes to the right of [ 15.632897] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.633266] [ 15.633339] The buggy address belongs to the physical page: [ 15.633524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.633767] flags: 0x200000000000000(node=0|zone=2) [ 15.633930] page_type: f5(slab) [ 15.634052] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.634374] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.634981] page dumped because: kasan: bad access detected [ 15.635237] [ 15.635332] Memory state around the buggy address: [ 15.635564] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.636128] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.636450] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.636765] ^ [ 15.637018] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.637336] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.637736] ================================================================== [ 15.802184] ================================================================== [ 15.802617] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 15.802953] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.803223] [ 15.803313] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.803357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.803371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.803404] Call Trace: [ 15.803420] <TASK> [ 15.803436] dump_stack_lvl+0x73/0xb0 [ 15.803465] print_report+0xd1/0x610 [ 15.803488] ? __virt_addr_valid+0x1db/0x2d0 [ 15.803512] ? kasan_atomics_helper+0x1148/0x5450 [ 15.803535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.803558] ? kasan_atomics_helper+0x1148/0x5450 [ 15.803583] kasan_report+0x141/0x180 [ 15.803617] ? kasan_atomics_helper+0x1148/0x5450 [ 15.803646] kasan_check_range+0x10c/0x1c0 [ 15.803671] __kasan_check_write+0x18/0x20 [ 15.803691] kasan_atomics_helper+0x1148/0x5450 [ 15.803715] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.803738] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.803765] ? kasan_atomics+0x152/0x310 [ 15.803794] kasan_atomics+0x1dc/0x310 [ 15.803818] ? __pfx_kasan_atomics+0x10/0x10 [ 15.803844] ? __pfx_read_tsc+0x10/0x10 [ 15.803866] ? ktime_get_ts64+0x86/0x230 [ 15.803892] kunit_try_run_case+0x1a5/0x480 [ 15.803920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.803943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.803969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.803994] ? __kthread_parkme+0x82/0x180 [ 15.804017] ? preempt_count_sub+0x50/0x80 [ 15.804043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.804069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.804094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.804119] kthread+0x337/0x6f0 [ 15.804140] ? trace_preempt_on+0x20/0xc0 [ 15.804164] ? __pfx_kthread+0x10/0x10 [ 15.804187] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.804210] ? calculate_sigpending+0x7b/0xa0 [ 15.804235] ? __pfx_kthread+0x10/0x10 [ 15.804258] ret_from_fork+0x116/0x1d0 [ 15.804278] ? __pfx_kthread+0x10/0x10 [ 15.804300] ret_from_fork_asm+0x1a/0x30 [ 15.804333] </TASK> [ 15.804345] [ 15.812124] Allocated by task 283: [ 15.812295] kasan_save_stack+0x45/0x70 [ 15.812503] kasan_save_track+0x18/0x40 [ 15.812697] kasan_save_alloc_info+0x3b/0x50 [ 15.812850] __kasan_kmalloc+0xb7/0xc0 [ 15.812987] __kmalloc_cache_noprof+0x189/0x420 [ 15.813146] kasan_atomics+0x95/0x310 [ 15.813282] kunit_try_run_case+0x1a5/0x480 [ 15.813500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.813958] kthread+0x337/0x6f0 [ 15.814133] ret_from_fork+0x116/0x1d0 [ 15.814322] ret_from_fork_asm+0x1a/0x30 [ 15.814544] [ 15.814708] The buggy address belongs to the object at ffff88810394df80 [ 15.814708] which belongs to the cache kmalloc-64 of size 64 [ 15.815188] The buggy address is located 0 bytes to the right of [ 15.815188] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.815569] [ 15.815683] The buggy address belongs to the physical page: [ 15.815934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.816284] flags: 0x200000000000000(node=0|zone=2) [ 15.816525] page_type: f5(slab) [ 15.816725] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.816964] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.817310] page dumped because: kasan: bad access detected [ 15.817579] [ 15.817675] Memory state around the buggy address: [ 15.817884] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.818176] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.818474] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.818775] ^ [ 15.818991] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.819251] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.819535] ================================================================== [ 16.172869] ================================================================== [ 16.173225] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 16.173479] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.173709] [ 16.173797] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.173841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.173855] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.173879] Call Trace: [ 16.173893] <TASK> [ 16.173910] dump_stack_lvl+0x73/0xb0 [ 16.173941] print_report+0xd1/0x610 [ 16.173967] ? __virt_addr_valid+0x1db/0x2d0 [ 16.173993] ? kasan_atomics_helper+0x19e3/0x5450 [ 16.174018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.174042] ? kasan_atomics_helper+0x19e3/0x5450 [ 16.174066] kasan_report+0x141/0x180 [ 16.174089] ? kasan_atomics_helper+0x19e3/0x5450 [ 16.174133] kasan_check_range+0x10c/0x1c0 [ 16.174157] __kasan_check_write+0x18/0x20 [ 16.174178] kasan_atomics_helper+0x19e3/0x5450 [ 16.174203] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.174226] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.174253] ? kasan_atomics+0x152/0x310 [ 16.174282] kasan_atomics+0x1dc/0x310 [ 16.174307] ? __pfx_kasan_atomics+0x10/0x10 [ 16.174332] ? __pfx_read_tsc+0x10/0x10 [ 16.174355] ? ktime_get_ts64+0x86/0x230 [ 16.174381] kunit_try_run_case+0x1a5/0x480 [ 16.174419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.174442] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.174468] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.174493] ? __kthread_parkme+0x82/0x180 [ 16.174514] ? preempt_count_sub+0x50/0x80 [ 16.174541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.174566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.174590] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.174616] kthread+0x337/0x6f0 [ 16.174637] ? trace_preempt_on+0x20/0xc0 [ 16.174661] ? __pfx_kthread+0x10/0x10 [ 16.174683] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.174706] ? calculate_sigpending+0x7b/0xa0 [ 16.174732] ? __pfx_kthread+0x10/0x10 [ 16.174754] ret_from_fork+0x116/0x1d0 [ 16.174775] ? __pfx_kthread+0x10/0x10 [ 16.174796] ret_from_fork_asm+0x1a/0x30 [ 16.174830] </TASK> [ 16.174841] [ 16.184066] Allocated by task 283: [ 16.184229] kasan_save_stack+0x45/0x70 [ 16.184379] kasan_save_track+0x18/0x40 [ 16.184531] kasan_save_alloc_info+0x3b/0x50 [ 16.184687] __kasan_kmalloc+0xb7/0xc0 [ 16.184822] __kmalloc_cache_noprof+0x189/0x420 [ 16.185013] kasan_atomics+0x95/0x310 [ 16.185207] kunit_try_run_case+0x1a5/0x480 [ 16.185438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.185844] kthread+0x337/0x6f0 [ 16.186013] ret_from_fork+0x116/0x1d0 [ 16.186199] ret_from_fork_asm+0x1a/0x30 [ 16.186403] [ 16.186505] The buggy address belongs to the object at ffff88810394df80 [ 16.186505] which belongs to the cache kmalloc-64 of size 64 [ 16.186949] The buggy address is located 0 bytes to the right of [ 16.186949] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.187440] [ 16.187540] The buggy address belongs to the physical page: [ 16.187859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.188155] flags: 0x200000000000000(node=0|zone=2) [ 16.188404] page_type: f5(slab) [ 16.188566] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.188869] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.189155] page dumped because: kasan: bad access detected [ 16.189330] [ 16.189412] Memory state around the buggy address: [ 16.189571] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.189791] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.190336] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.190757] ^ [ 16.190985] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.191308] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.191668] ================================================================== [ 16.500741] ================================================================== [ 16.501299] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 16.502863] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.503104] [ 16.503223] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.503269] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.503282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.503305] Call Trace: [ 16.503319] <TASK> [ 16.503335] dump_stack_lvl+0x73/0xb0 [ 16.503368] print_report+0xd1/0x610 [ 16.503403] ? __virt_addr_valid+0x1db/0x2d0 [ 16.503427] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.503450] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.503474] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.503497] kasan_report+0x141/0x180 [ 16.503522] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.503551] __asan_report_load8_noabort+0x18/0x20 [ 16.503577] kasan_atomics_helper+0x4fa5/0x5450 [ 16.503602] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.503627] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.503654] ? kasan_atomics+0x152/0x310 [ 16.503683] kasan_atomics+0x1dc/0x310 [ 16.503707] ? __pfx_kasan_atomics+0x10/0x10 [ 16.503734] ? __pfx_read_tsc+0x10/0x10 [ 16.503757] ? ktime_get_ts64+0x86/0x230 [ 16.503783] kunit_try_run_case+0x1a5/0x480 [ 16.503809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.503833] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.503859] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.503885] ? __kthread_parkme+0x82/0x180 [ 16.503907] ? preempt_count_sub+0x50/0x80 [ 16.503933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.503960] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.503985] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.504010] kthread+0x337/0x6f0 [ 16.504031] ? trace_preempt_on+0x20/0xc0 [ 16.504056] ? __pfx_kthread+0x10/0x10 [ 16.504079] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.504103] ? calculate_sigpending+0x7b/0xa0 [ 16.504128] ? __pfx_kthread+0x10/0x10 [ 16.504151] ret_from_fork+0x116/0x1d0 [ 16.504171] ? __pfx_kthread+0x10/0x10 [ 16.504193] ret_from_fork_asm+0x1a/0x30 [ 16.504228] </TASK> [ 16.504240] [ 16.517076] Allocated by task 283: [ 16.517402] kasan_save_stack+0x45/0x70 [ 16.517781] kasan_save_track+0x18/0x40 [ 16.518006] kasan_save_alloc_info+0x3b/0x50 [ 16.518159] __kasan_kmalloc+0xb7/0xc0 [ 16.518295] __kmalloc_cache_noprof+0x189/0x420 [ 16.518465] kasan_atomics+0x95/0x310 [ 16.518638] kunit_try_run_case+0x1a5/0x480 [ 16.519017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.519605] kthread+0x337/0x6f0 [ 16.519909] ret_from_fork+0x116/0x1d0 [ 16.520258] ret_from_fork_asm+0x1a/0x30 [ 16.520634] [ 16.520800] The buggy address belongs to the object at ffff88810394df80 [ 16.520800] which belongs to the cache kmalloc-64 of size 64 [ 16.521835] The buggy address is located 0 bytes to the right of [ 16.521835] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.522973] [ 16.523135] The buggy address belongs to the physical page: [ 16.523629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.524505] flags: 0x200000000000000(node=0|zone=2) [ 16.524755] page_type: f5(slab) [ 16.525047] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.525528] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.526061] page dumped because: kasan: bad access detected [ 16.526322] [ 16.526431] Memory state around the buggy address: [ 16.526667] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.526902] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.527387] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.527674] ^ [ 16.527874] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.528129] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.528458] ================================================================== [ 16.528951] ================================================================== [ 16.529475] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 16.529899] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.530281] [ 16.530415] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.530460] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.530473] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.530496] Call Trace: [ 16.530513] <TASK> [ 16.530531] dump_stack_lvl+0x73/0xb0 [ 16.530562] print_report+0xd1/0x610 [ 16.530585] ? __virt_addr_valid+0x1db/0x2d0 [ 16.530608] ? kasan_atomics_helper+0x224c/0x5450 [ 16.530641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.530666] ? kasan_atomics_helper+0x224c/0x5450 [ 16.530690] kasan_report+0x141/0x180 [ 16.530714] ? kasan_atomics_helper+0x224c/0x5450 [ 16.530744] kasan_check_range+0x10c/0x1c0 [ 16.530769] __kasan_check_write+0x18/0x20 [ 16.530790] kasan_atomics_helper+0x224c/0x5450 [ 16.530815] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.530838] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.530864] ? kasan_atomics+0x152/0x310 [ 16.530893] kasan_atomics+0x1dc/0x310 [ 16.530917] ? __pfx_kasan_atomics+0x10/0x10 [ 16.530943] ? __pfx_read_tsc+0x10/0x10 [ 16.530966] ? ktime_get_ts64+0x86/0x230 [ 16.530992] kunit_try_run_case+0x1a5/0x480 [ 16.531017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.531041] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.531068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.531093] ? __kthread_parkme+0x82/0x180 [ 16.531115] ? preempt_count_sub+0x50/0x80 [ 16.531140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.531166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.531192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.531217] kthread+0x337/0x6f0 [ 16.531239] ? trace_preempt_on+0x20/0xc0 [ 16.531263] ? __pfx_kthread+0x10/0x10 [ 16.531285] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.531309] ? calculate_sigpending+0x7b/0xa0 [ 16.531335] ? __pfx_kthread+0x10/0x10 [ 16.531359] ret_from_fork+0x116/0x1d0 [ 16.531378] ? __pfx_kthread+0x10/0x10 [ 16.531410] ret_from_fork_asm+0x1a/0x30 [ 16.531444] </TASK> [ 16.531456] [ 16.539185] Allocated by task 283: [ 16.539372] kasan_save_stack+0x45/0x70 [ 16.539565] kasan_save_track+0x18/0x40 [ 16.539775] kasan_save_alloc_info+0x3b/0x50 [ 16.539964] __kasan_kmalloc+0xb7/0xc0 [ 16.540179] __kmalloc_cache_noprof+0x189/0x420 [ 16.540377] kasan_atomics+0x95/0x310 [ 16.540599] kunit_try_run_case+0x1a5/0x480 [ 16.540781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.541055] kthread+0x337/0x6f0 [ 16.541240] ret_from_fork+0x116/0x1d0 [ 16.541439] ret_from_fork_asm+0x1a/0x30 [ 16.541686] [ 16.541785] The buggy address belongs to the object at ffff88810394df80 [ 16.541785] which belongs to the cache kmalloc-64 of size 64 [ 16.542300] The buggy address is located 0 bytes to the right of [ 16.542300] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.542979] [ 16.543088] The buggy address belongs to the physical page: [ 16.543338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.543715] flags: 0x200000000000000(node=0|zone=2) [ 16.543926] page_type: f5(slab) [ 16.544098] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.544421] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.544784] page dumped because: kasan: bad access detected [ 16.545050] [ 16.545142] Memory state around the buggy address: [ 16.545376] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.545684] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.545954] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.546245] ^ [ 16.546481] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.546794] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.547097] ================================================================== [ 15.418389] ================================================================== [ 15.418783] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 15.419607] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.419997] [ 15.420441] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.420500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.420522] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.420547] Call Trace: [ 15.420564] <TASK> [ 15.420630] dump_stack_lvl+0x73/0xb0 [ 15.420672] print_report+0xd1/0x610 [ 15.420696] ? __virt_addr_valid+0x1db/0x2d0 [ 15.420722] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.420745] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.420769] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.420791] kasan_report+0x141/0x180 [ 15.420815] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.420844] kasan_check_range+0x10c/0x1c0 [ 15.420869] __kasan_check_write+0x18/0x20 [ 15.420890] kasan_atomics_helper+0x7c7/0x5450 [ 15.420914] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.420938] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.420964] ? kasan_atomics+0x152/0x310 [ 15.420993] kasan_atomics+0x1dc/0x310 [ 15.421024] ? __pfx_kasan_atomics+0x10/0x10 [ 15.421051] ? __pfx_read_tsc+0x10/0x10 [ 15.421074] ? ktime_get_ts64+0x86/0x230 [ 15.421103] kunit_try_run_case+0x1a5/0x480 [ 15.421130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.421155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.421181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.421206] ? __kthread_parkme+0x82/0x180 [ 15.421228] ? preempt_count_sub+0x50/0x80 [ 15.421254] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.421280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.421306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.421331] kthread+0x337/0x6f0 [ 15.421352] ? trace_preempt_on+0x20/0xc0 [ 15.421377] ? __pfx_kthread+0x10/0x10 [ 15.421408] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.421445] ? calculate_sigpending+0x7b/0xa0 [ 15.421471] ? __pfx_kthread+0x10/0x10 [ 15.421494] ret_from_fork+0x116/0x1d0 [ 15.421514] ? __pfx_kthread+0x10/0x10 [ 15.421536] ret_from_fork_asm+0x1a/0x30 [ 15.421570] </TASK> [ 15.421583] [ 15.433789] Allocated by task 283: [ 15.434102] kasan_save_stack+0x45/0x70 [ 15.434307] kasan_save_track+0x18/0x40 [ 15.434512] kasan_save_alloc_info+0x3b/0x50 [ 15.434840] __kasan_kmalloc+0xb7/0xc0 [ 15.435123] __kmalloc_cache_noprof+0x189/0x420 [ 15.435302] kasan_atomics+0x95/0x310 [ 15.435517] kunit_try_run_case+0x1a5/0x480 [ 15.435678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.435994] kthread+0x337/0x6f0 [ 15.436222] ret_from_fork+0x116/0x1d0 [ 15.436509] ret_from_fork_asm+0x1a/0x30 [ 15.436739] [ 15.436841] The buggy address belongs to the object at ffff88810394df80 [ 15.436841] which belongs to the cache kmalloc-64 of size 64 [ 15.437496] The buggy address is located 0 bytes to the right of [ 15.437496] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.438332] [ 15.438431] The buggy address belongs to the physical page: [ 15.438745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.439099] flags: 0x200000000000000(node=0|zone=2) [ 15.439345] page_type: f5(slab) [ 15.439542] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.439896] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.440278] page dumped because: kasan: bad access detected [ 15.440527] [ 15.440650] Memory state around the buggy address: [ 15.440895] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.441238] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.441554] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.441942] ^ [ 15.442240] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.442656] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.442976] ================================================================== [ 15.673354] ================================================================== [ 15.673831] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 15.674473] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.674928] [ 15.675228] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.675280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.675294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.675318] Call Trace: [ 15.675337] <TASK> [ 15.675355] dump_stack_lvl+0x73/0xb0 [ 15.675387] print_report+0xd1/0x610 [ 15.675420] ? __virt_addr_valid+0x1db/0x2d0 [ 15.675444] ? kasan_atomics_helper+0xe78/0x5450 [ 15.675467] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.675490] ? kasan_atomics_helper+0xe78/0x5450 [ 15.675514] kasan_report+0x141/0x180 [ 15.675536] ? kasan_atomics_helper+0xe78/0x5450 [ 15.675564] kasan_check_range+0x10c/0x1c0 [ 15.675613] __kasan_check_write+0x18/0x20 [ 15.675634] kasan_atomics_helper+0xe78/0x5450 [ 15.675657] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.675681] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.675708] ? kasan_atomics+0x152/0x310 [ 15.675737] kasan_atomics+0x1dc/0x310 [ 15.675761] ? __pfx_kasan_atomics+0x10/0x10 [ 15.675786] ? __pfx_read_tsc+0x10/0x10 [ 15.675809] ? ktime_get_ts64+0x86/0x230 [ 15.675838] kunit_try_run_case+0x1a5/0x480 [ 15.675865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.675890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.675917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.675944] ? __kthread_parkme+0x82/0x180 [ 15.675966] ? preempt_count_sub+0x50/0x80 [ 15.675992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.676018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.676044] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.676069] kthread+0x337/0x6f0 [ 15.676090] ? trace_preempt_on+0x20/0xc0 [ 15.676117] ? __pfx_kthread+0x10/0x10 [ 15.676140] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.676163] ? calculate_sigpending+0x7b/0xa0 [ 15.676190] ? __pfx_kthread+0x10/0x10 [ 15.676213] ret_from_fork+0x116/0x1d0 [ 15.676233] ? __pfx_kthread+0x10/0x10 [ 15.676256] ret_from_fork_asm+0x1a/0x30 [ 15.676290] </TASK> [ 15.676302] [ 15.687485] Allocated by task 283: [ 15.687848] kasan_save_stack+0x45/0x70 [ 15.688031] kasan_save_track+0x18/0x40 [ 15.688232] kasan_save_alloc_info+0x3b/0x50 [ 15.688457] __kasan_kmalloc+0xb7/0xc0 [ 15.688919] __kmalloc_cache_noprof+0x189/0x420 [ 15.689115] kasan_atomics+0x95/0x310 [ 15.689540] kunit_try_run_case+0x1a5/0x480 [ 15.689775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.690185] kthread+0x337/0x6f0 [ 15.690449] ret_from_fork+0x116/0x1d0 [ 15.690757] ret_from_fork_asm+0x1a/0x30 [ 15.690936] [ 15.691215] The buggy address belongs to the object at ffff88810394df80 [ 15.691215] which belongs to the cache kmalloc-64 of size 64 [ 15.691844] The buggy address is located 0 bytes to the right of [ 15.691844] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.692477] [ 15.692616] The buggy address belongs to the physical page: [ 15.692862] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.693212] flags: 0x200000000000000(node=0|zone=2) [ 15.693655] page_type: f5(slab) [ 15.693837] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.694246] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.694681] page dumped because: kasan: bad access detected [ 15.694996] [ 15.695075] Memory state around the buggy address: [ 15.695297] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.695777] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.696081] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.696378] ^ [ 15.696780] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.697156] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.697426] ================================================================== [ 16.021470] ================================================================== [ 16.022347] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 16.023295] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.024110] [ 16.024290] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.024338] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.024351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.024374] Call Trace: [ 16.024404] <TASK> [ 16.024423] dump_stack_lvl+0x73/0xb0 [ 16.024455] print_report+0xd1/0x610 [ 16.024478] ? __virt_addr_valid+0x1db/0x2d0 [ 16.024502] ? kasan_atomics_helper+0x15b6/0x5450 [ 16.024525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.024549] ? kasan_atomics_helper+0x15b6/0x5450 [ 16.024573] kasan_report+0x141/0x180 [ 16.024605] ? kasan_atomics_helper+0x15b6/0x5450 [ 16.024635] kasan_check_range+0x10c/0x1c0 [ 16.024660] __kasan_check_write+0x18/0x20 [ 16.024684] kasan_atomics_helper+0x15b6/0x5450 [ 16.024730] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.024755] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.024796] ? kasan_atomics+0x152/0x310 [ 16.024840] kasan_atomics+0x1dc/0x310 [ 16.024877] ? __pfx_kasan_atomics+0x10/0x10 [ 16.024904] ? __pfx_read_tsc+0x10/0x10 [ 16.024927] ? ktime_get_ts64+0x86/0x230 [ 16.024968] kunit_try_run_case+0x1a5/0x480 [ 16.025008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.025033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.025073] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.025113] ? __kthread_parkme+0x82/0x180 [ 16.025136] ? preempt_count_sub+0x50/0x80 [ 16.025162] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.025189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.025214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.025240] kthread+0x337/0x6f0 [ 16.025261] ? trace_preempt_on+0x20/0xc0 [ 16.025286] ? __pfx_kthread+0x10/0x10 [ 16.025309] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.025332] ? calculate_sigpending+0x7b/0xa0 [ 16.025358] ? __pfx_kthread+0x10/0x10 [ 16.025382] ret_from_fork+0x116/0x1d0 [ 16.025413] ? __pfx_kthread+0x10/0x10 [ 16.025436] ret_from_fork_asm+0x1a/0x30 [ 16.025470] </TASK> [ 16.025481] [ 16.040016] Allocated by task 283: [ 16.040152] kasan_save_stack+0x45/0x70 [ 16.040300] kasan_save_track+0x18/0x40 [ 16.040446] kasan_save_alloc_info+0x3b/0x50 [ 16.040597] __kasan_kmalloc+0xb7/0xc0 [ 16.040814] __kmalloc_cache_noprof+0x189/0x420 [ 16.040972] kasan_atomics+0x95/0x310 [ 16.041165] kunit_try_run_case+0x1a5/0x480 [ 16.041381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.041623] kthread+0x337/0x6f0 [ 16.041842] ret_from_fork+0x116/0x1d0 [ 16.042011] ret_from_fork_asm+0x1a/0x30 [ 16.042213] [ 16.042309] The buggy address belongs to the object at ffff88810394df80 [ 16.042309] which belongs to the cache kmalloc-64 of size 64 [ 16.042794] The buggy address is located 0 bytes to the right of [ 16.042794] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.043193] [ 16.043289] The buggy address belongs to the physical page: [ 16.043576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.043944] flags: 0x200000000000000(node=0|zone=2) [ 16.044185] page_type: f5(slab) [ 16.044358] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.044752] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.044978] page dumped because: kasan: bad access detected [ 16.045234] [ 16.045332] Memory state around the buggy address: [ 16.045606] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.045943] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.046207] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.046537] ^ [ 16.046805] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.047122] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.047362] ================================================================== [ 16.465413] ================================================================== [ 16.465797] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 16.466146] Read of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.466372] [ 16.466471] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.466516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.466529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.466551] Call Trace: [ 16.466566] <TASK> [ 16.466581] dump_stack_lvl+0x73/0xb0 [ 16.466610] print_report+0xd1/0x610 [ 16.466634] ? __virt_addr_valid+0x1db/0x2d0 [ 16.466659] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.466682] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.466707] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.466731] kasan_report+0x141/0x180 [ 16.466755] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.466784] __asan_report_load8_noabort+0x18/0x20 [ 16.466810] kasan_atomics_helper+0x4fb2/0x5450 [ 16.466834] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.466858] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.466884] ? kasan_atomics+0x152/0x310 [ 16.466913] kasan_atomics+0x1dc/0x310 [ 16.466937] ? __pfx_kasan_atomics+0x10/0x10 [ 16.466962] ? __pfx_read_tsc+0x10/0x10 [ 16.466985] ? ktime_get_ts64+0x86/0x230 [ 16.467011] kunit_try_run_case+0x1a5/0x480 [ 16.467039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.467064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.467089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.467114] ? __kthread_parkme+0x82/0x180 [ 16.467137] ? preempt_count_sub+0x50/0x80 [ 16.467163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.467189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.467214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.467241] kthread+0x337/0x6f0 [ 16.467261] ? trace_preempt_on+0x20/0xc0 [ 16.467286] ? __pfx_kthread+0x10/0x10 [ 16.467308] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.467332] ? calculate_sigpending+0x7b/0xa0 [ 16.467357] ? __pfx_kthread+0x10/0x10 [ 16.467380] ret_from_fork+0x116/0x1d0 [ 16.467410] ? __pfx_kthread+0x10/0x10 [ 16.467433] ret_from_fork_asm+0x1a/0x30 [ 16.467468] </TASK> [ 16.467480] [ 16.474953] Allocated by task 283: [ 16.475131] kasan_save_stack+0x45/0x70 [ 16.475330] kasan_save_track+0x18/0x40 [ 16.475534] kasan_save_alloc_info+0x3b/0x50 [ 16.475957] __kasan_kmalloc+0xb7/0xc0 [ 16.476146] __kmalloc_cache_noprof+0x189/0x420 [ 16.476311] kasan_atomics+0x95/0x310 [ 16.476483] kunit_try_run_case+0x1a5/0x480 [ 16.476816] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.477049] kthread+0x337/0x6f0 [ 16.477174] ret_from_fork+0x116/0x1d0 [ 16.477312] ret_from_fork_asm+0x1a/0x30 [ 16.477466] [ 16.477540] The buggy address belongs to the object at ffff88810394df80 [ 16.477540] which belongs to the cache kmalloc-64 of size 64 [ 16.478150] The buggy address is located 0 bytes to the right of [ 16.478150] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.478711] [ 16.478811] The buggy address belongs to the physical page: [ 16.479070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.479486] flags: 0x200000000000000(node=0|zone=2) [ 16.479655] page_type: f5(slab) [ 16.479776] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.480011] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.480238] page dumped because: kasan: bad access detected [ 16.480422] [ 16.480495] Memory state around the buggy address: [ 16.480650] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.480878] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.481095] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.481375] ^ [ 16.481620] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.481937] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.482263] ================================================================== [ 16.113168] ================================================================== [ 16.113712] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 16.113962] Write of size 8 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 16.114316] [ 16.114446] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.114490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.114504] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.114527] Call Trace: [ 16.114546] <TASK> [ 16.114565] dump_stack_lvl+0x73/0xb0 [ 16.114595] print_report+0xd1/0x610 [ 16.114618] ? __virt_addr_valid+0x1db/0x2d0 [ 16.114643] ? kasan_atomics_helper+0x1818/0x5450 [ 16.114665] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.114689] ? kasan_atomics_helper+0x1818/0x5450 [ 16.114713] kasan_report+0x141/0x180 [ 16.114736] ? kasan_atomics_helper+0x1818/0x5450 [ 16.114764] kasan_check_range+0x10c/0x1c0 [ 16.114790] __kasan_check_write+0x18/0x20 [ 16.114811] kasan_atomics_helper+0x1818/0x5450 [ 16.114836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.114860] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.114886] ? kasan_atomics+0x152/0x310 [ 16.114915] kasan_atomics+0x1dc/0x310 [ 16.114939] ? __pfx_kasan_atomics+0x10/0x10 [ 16.114965] ? __pfx_read_tsc+0x10/0x10 [ 16.114988] ? ktime_get_ts64+0x86/0x230 [ 16.115014] kunit_try_run_case+0x1a5/0x480 [ 16.115041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.115065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.115091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.115116] ? __kthread_parkme+0x82/0x180 [ 16.115139] ? preempt_count_sub+0x50/0x80 [ 16.115164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.115191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.115216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.115242] kthread+0x337/0x6f0 [ 16.115262] ? trace_preempt_on+0x20/0xc0 [ 16.115287] ? __pfx_kthread+0x10/0x10 [ 16.115310] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.115332] ? calculate_sigpending+0x7b/0xa0 [ 16.115358] ? __pfx_kthread+0x10/0x10 [ 16.115381] ret_from_fork+0x116/0x1d0 [ 16.115413] ? __pfx_kthread+0x10/0x10 [ 16.115435] ret_from_fork_asm+0x1a/0x30 [ 16.115469] </TASK> [ 16.115481] [ 16.122937] Allocated by task 283: [ 16.123069] kasan_save_stack+0x45/0x70 [ 16.123222] kasan_save_track+0x18/0x40 [ 16.123449] kasan_save_alloc_info+0x3b/0x50 [ 16.123662] __kasan_kmalloc+0xb7/0xc0 [ 16.123986] __kmalloc_cache_noprof+0x189/0x420 [ 16.124208] kasan_atomics+0x95/0x310 [ 16.124405] kunit_try_run_case+0x1a5/0x480 [ 16.124612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.124866] kthread+0x337/0x6f0 [ 16.124991] ret_from_fork+0x116/0x1d0 [ 16.125126] ret_from_fork_asm+0x1a/0x30 [ 16.125269] [ 16.125374] The buggy address belongs to the object at ffff88810394df80 [ 16.125374] which belongs to the cache kmalloc-64 of size 64 [ 16.126353] The buggy address is located 0 bytes to the right of [ 16.126353] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 16.126866] [ 16.126972] The buggy address belongs to the physical page: [ 16.127200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 16.127474] flags: 0x200000000000000(node=0|zone=2) [ 16.127642] page_type: f5(slab) [ 16.127764] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.127999] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.128261] page dumped because: kasan: bad access detected [ 16.128522] [ 16.128618] Memory state around the buggy address: [ 16.128853] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.129169] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.129494] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.130017] ^ [ 16.130177] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.130406] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.130732] ================================================================== [ 15.600899] ================================================================== [ 15.601789] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 15.602064] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.602410] [ 15.602522] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.602566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.602579] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.602602] Call Trace: [ 15.602619] <TASK> [ 15.602635] dump_stack_lvl+0x73/0xb0 [ 15.602665] print_report+0xd1/0x610 [ 15.602688] ? __virt_addr_valid+0x1db/0x2d0 [ 15.602712] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.602736] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.602759] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.602782] kasan_report+0x141/0x180 [ 15.602806] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.602835] __asan_report_load4_noabort+0x18/0x20 [ 15.602860] kasan_atomics_helper+0x4a84/0x5450 [ 15.602885] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.602909] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.602935] ? kasan_atomics+0x152/0x310 [ 15.602964] kasan_atomics+0x1dc/0x310 [ 15.602988] ? __pfx_kasan_atomics+0x10/0x10 [ 15.603013] ? __pfx_read_tsc+0x10/0x10 [ 15.603036] ? ktime_get_ts64+0x86/0x230 [ 15.603063] kunit_try_run_case+0x1a5/0x480 [ 15.603089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.603116] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.603141] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.603168] ? __kthread_parkme+0x82/0x180 [ 15.603190] ? preempt_count_sub+0x50/0x80 [ 15.603215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.603242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.603279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.603305] kthread+0x337/0x6f0 [ 15.603326] ? trace_preempt_on+0x20/0xc0 [ 15.603363] ? __pfx_kthread+0x10/0x10 [ 15.603385] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.603417] ? calculate_sigpending+0x7b/0xa0 [ 15.603442] ? __pfx_kthread+0x10/0x10 [ 15.603466] ret_from_fork+0x116/0x1d0 [ 15.603486] ? __pfx_kthread+0x10/0x10 [ 15.603508] ret_from_fork_asm+0x1a/0x30 [ 15.603541] </TASK> [ 15.603553] [ 15.611132] Allocated by task 283: [ 15.611313] kasan_save_stack+0x45/0x70 [ 15.611525] kasan_save_track+0x18/0x40 [ 15.611740] kasan_save_alloc_info+0x3b/0x50 [ 15.611945] __kasan_kmalloc+0xb7/0xc0 [ 15.612154] __kmalloc_cache_noprof+0x189/0x420 [ 15.612313] kasan_atomics+0x95/0x310 [ 15.612459] kunit_try_run_case+0x1a5/0x480 [ 15.612609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.612843] kthread+0x337/0x6f0 [ 15.613017] ret_from_fork+0x116/0x1d0 [ 15.613234] ret_from_fork_asm+0x1a/0x30 [ 15.613468] [ 15.613583] The buggy address belongs to the object at ffff88810394df80 [ 15.613583] which belongs to the cache kmalloc-64 of size 64 [ 15.614254] The buggy address is located 0 bytes to the right of [ 15.614254] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.614873] [ 15.614996] The buggy address belongs to the physical page: [ 15.615195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.615522] flags: 0x200000000000000(node=0|zone=2) [ 15.615929] page_type: f5(slab) [ 15.616094] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.616433] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.616783] page dumped because: kasan: bad access detected [ 15.617026] [ 15.617120] Memory state around the buggy address: [ 15.617341] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.617714] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.618006] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.618291] ^ [ 15.618539] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.618839] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.619055] ================================================================== [ 15.514188] ================================================================== [ 15.514567] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 15.514917] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.515328] [ 15.515466] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.515526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.515540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.515563] Call Trace: [ 15.515577] <TASK> [ 15.515595] dump_stack_lvl+0x73/0xb0 [ 15.515625] print_report+0xd1/0x610 [ 15.515662] ? __virt_addr_valid+0x1db/0x2d0 [ 15.515686] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.515708] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.515731] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.515755] kasan_report+0x141/0x180 [ 15.515778] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.515806] kasan_check_range+0x10c/0x1c0 [ 15.515830] __kasan_check_write+0x18/0x20 [ 15.515850] kasan_atomics_helper+0xa2b/0x5450 [ 15.515874] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.515898] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.515925] ? kasan_atomics+0x152/0x310 [ 15.515985] kasan_atomics+0x1dc/0x310 [ 15.516010] ? __pfx_kasan_atomics+0x10/0x10 [ 15.516061] ? __pfx_read_tsc+0x10/0x10 [ 15.516085] ? ktime_get_ts64+0x86/0x230 [ 15.516113] kunit_try_run_case+0x1a5/0x480 [ 15.516151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.516176] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.516201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.516226] ? __kthread_parkme+0x82/0x180 [ 15.516248] ? preempt_count_sub+0x50/0x80 [ 15.516275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.516300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.516325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.516378] kthread+0x337/0x6f0 [ 15.516415] ? trace_preempt_on+0x20/0xc0 [ 15.516467] ? __pfx_kthread+0x10/0x10 [ 15.516490] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.516514] ? calculate_sigpending+0x7b/0xa0 [ 15.516550] ? __pfx_kthread+0x10/0x10 [ 15.516573] ret_from_fork+0x116/0x1d0 [ 15.516603] ? __pfx_kthread+0x10/0x10 [ 15.516625] ret_from_fork_asm+0x1a/0x30 [ 15.516659] </TASK> [ 15.516675] [ 15.524843] Allocated by task 283: [ 15.525056] kasan_save_stack+0x45/0x70 [ 15.525240] kasan_save_track+0x18/0x40 [ 15.525380] kasan_save_alloc_info+0x3b/0x50 [ 15.525628] __kasan_kmalloc+0xb7/0xc0 [ 15.525847] __kmalloc_cache_noprof+0x189/0x420 [ 15.526036] kasan_atomics+0x95/0x310 [ 15.526175] kunit_try_run_case+0x1a5/0x480 [ 15.526431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.526718] kthread+0x337/0x6f0 [ 15.526872] ret_from_fork+0x116/0x1d0 [ 15.527057] ret_from_fork_asm+0x1a/0x30 [ 15.527240] [ 15.527330] The buggy address belongs to the object at ffff88810394df80 [ 15.527330] which belongs to the cache kmalloc-64 of size 64 [ 15.527863] The buggy address is located 0 bytes to the right of [ 15.527863] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.528413] [ 15.528528] The buggy address belongs to the physical page: [ 15.528813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.529151] flags: 0x200000000000000(node=0|zone=2) [ 15.529442] page_type: f5(slab) [ 15.529727] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.529991] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.530315] page dumped because: kasan: bad access detected [ 15.530550] [ 15.530715] Memory state around the buggy address: [ 15.530946] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.531171] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.531489] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.531819] ^ [ 15.532045] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.532283] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.532510] ================================================================== [ 15.117011] ================================================================== [ 15.117981] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 15.118529] Read of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.119129] [ 15.119410] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.119463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.119477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.119498] Call Trace: [ 15.119512] <TASK> [ 15.119530] dump_stack_lvl+0x73/0xb0 [ 15.119562] print_report+0xd1/0x610 [ 15.119586] ? __virt_addr_valid+0x1db/0x2d0 [ 15.119610] ? kasan_atomics_helper+0x4bbc/0x5450 [ 15.119632] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.119654] ? kasan_atomics_helper+0x4bbc/0x5450 [ 15.119676] kasan_report+0x141/0x180 [ 15.119698] ? kasan_atomics_helper+0x4bbc/0x5450 [ 15.119726] __asan_report_load4_noabort+0x18/0x20 [ 15.119749] kasan_atomics_helper+0x4bbc/0x5450 [ 15.119772] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.119795] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.119820] ? kasan_atomics+0x152/0x310 [ 15.119847] kasan_atomics+0x1dc/0x310 [ 15.119871] ? __pfx_kasan_atomics+0x10/0x10 [ 15.119894] ? __pfx_read_tsc+0x10/0x10 [ 15.119915] ? ktime_get_ts64+0x86/0x230 [ 15.119941] kunit_try_run_case+0x1a5/0x480 [ 15.119968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.119992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.120016] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.120040] ? __kthread_parkme+0x82/0x180 [ 15.120061] ? preempt_count_sub+0x50/0x80 [ 15.120086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.120111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.120137] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.120162] kthread+0x337/0x6f0 [ 15.120206] ? trace_preempt_on+0x20/0xc0 [ 15.120230] ? __pfx_kthread+0x10/0x10 [ 15.120252] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.120273] ? calculate_sigpending+0x7b/0xa0 [ 15.120298] ? __pfx_kthread+0x10/0x10 [ 15.120320] ret_from_fork+0x116/0x1d0 [ 15.120339] ? __pfx_kthread+0x10/0x10 [ 15.120360] ret_from_fork_asm+0x1a/0x30 [ 15.120403] </TASK> [ 15.120415] [ 15.129205] Allocated by task 283: [ 15.129340] kasan_save_stack+0x45/0x70 [ 15.129496] kasan_save_track+0x18/0x40 [ 15.129749] kasan_save_alloc_info+0x3b/0x50 [ 15.129960] __kasan_kmalloc+0xb7/0xc0 [ 15.130284] __kmalloc_cache_noprof+0x189/0x420 [ 15.130526] kasan_atomics+0x95/0x310 [ 15.130673] kunit_try_run_case+0x1a5/0x480 [ 15.130823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.131154] kthread+0x337/0x6f0 [ 15.131325] ret_from_fork+0x116/0x1d0 [ 15.131524] ret_from_fork_asm+0x1a/0x30 [ 15.131803] [ 15.131915] The buggy address belongs to the object at ffff88810394df80 [ 15.131915] which belongs to the cache kmalloc-64 of size 64 [ 15.132600] The buggy address is located 0 bytes to the right of [ 15.132600] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.133139] [ 15.133243] The buggy address belongs to the physical page: [ 15.133722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.134003] flags: 0x200000000000000(node=0|zone=2) [ 15.134251] page_type: f5(slab) [ 15.134415] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.134657] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.135085] page dumped because: kasan: bad access detected [ 15.135355] [ 15.135475] Memory state around the buggy address: [ 15.135830] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.136060] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.136572] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.136876] ^ [ 15.137137] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.137519] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.137839] ================================================================== [ 15.443569] ================================================================== [ 15.443905] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 15.444339] Write of size 4 at addr ffff88810394dfb0 by task kunit_try_catch/283 [ 15.444750] [ 15.444906] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.444951] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.444964] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.444987] Call Trace: [ 15.445004] <TASK> [ 15.445022] dump_stack_lvl+0x73/0xb0 [ 15.445088] print_report+0xd1/0x610 [ 15.445113] ? __virt_addr_valid+0x1db/0x2d0 [ 15.445137] ? kasan_atomics_helper+0x860/0x5450 [ 15.445159] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.445183] ? kasan_atomics_helper+0x860/0x5450 [ 15.445234] kasan_report+0x141/0x180 [ 15.445259] ? kasan_atomics_helper+0x860/0x5450 [ 15.445287] kasan_check_range+0x10c/0x1c0 [ 15.445312] __kasan_check_write+0x18/0x20 [ 15.445333] kasan_atomics_helper+0x860/0x5450 [ 15.445357] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.445380] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.445421] ? kasan_atomics+0x152/0x310 [ 15.445481] kasan_atomics+0x1dc/0x310 [ 15.445507] ? __pfx_kasan_atomics+0x10/0x10 [ 15.445532] ? __pfx_read_tsc+0x10/0x10 [ 15.445555] ? ktime_get_ts64+0x86/0x230 [ 15.445582] kunit_try_run_case+0x1a5/0x480 [ 15.445610] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.445676] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.445702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.445727] ? __kthread_parkme+0x82/0x180 [ 15.445749] ? preempt_count_sub+0x50/0x80 [ 15.445805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.445832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.445857] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.445883] kthread+0x337/0x6f0 [ 15.445904] ? trace_preempt_on+0x20/0xc0 [ 15.445956] ? __pfx_kthread+0x10/0x10 [ 15.445980] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.446003] ? calculate_sigpending+0x7b/0xa0 [ 15.446029] ? __pfx_kthread+0x10/0x10 [ 15.446052] ret_from_fork+0x116/0x1d0 [ 15.446072] ? __pfx_kthread+0x10/0x10 [ 15.446094] ret_from_fork_asm+0x1a/0x30 [ 15.446176] </TASK> [ 15.446188] [ 15.454872] Allocated by task 283: [ 15.455002] kasan_save_stack+0x45/0x70 [ 15.455146] kasan_save_track+0x18/0x40 [ 15.455543] kasan_save_alloc_info+0x3b/0x50 [ 15.455760] __kasan_kmalloc+0xb7/0xc0 [ 15.456004] __kmalloc_cache_noprof+0x189/0x420 [ 15.456232] kasan_atomics+0x95/0x310 [ 15.456377] kunit_try_run_case+0x1a5/0x480 [ 15.456598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.456868] kthread+0x337/0x6f0 [ 15.456991] ret_from_fork+0x116/0x1d0 [ 15.457123] ret_from_fork_asm+0x1a/0x30 [ 15.457421] [ 15.457576] The buggy address belongs to the object at ffff88810394df80 [ 15.457576] which belongs to the cache kmalloc-64 of size 64 [ 15.458224] The buggy address is located 0 bytes to the right of [ 15.458224] allocated 48-byte region [ffff88810394df80, ffff88810394dfb0) [ 15.458878] [ 15.458980] The buggy address belongs to the physical page: [ 15.459286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394d [ 15.459674] flags: 0x200000000000000(node=0|zone=2) [ 15.459840] page_type: f5(slab) [ 15.460014] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.460508] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.460904] page dumped because: kasan: bad access detected [ 15.461157] [ 15.461282] Memory state around the buggy address: [ 15.461464] ffff88810394de80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.461813] ffff88810394df00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.462190] >ffff88810394df80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.462689] ^ [ 15.462947] ffff88810394e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.463388] ffff88810394e080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.463734] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 15.060037] ================================================================== [ 15.060503] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.061171] Read of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 15.061531] [ 15.061654] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.061698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.061711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.061730] Call Trace: [ 15.061746] <TASK> [ 15.061761] dump_stack_lvl+0x73/0xb0 [ 15.061788] print_report+0xd1/0x610 [ 15.061809] ? __virt_addr_valid+0x1db/0x2d0 [ 15.061833] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.061860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.061882] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.061942] kasan_report+0x141/0x180 [ 15.061965] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.062026] kasan_check_range+0x10c/0x1c0 [ 15.062049] __kasan_check_read+0x15/0x20 [ 15.062069] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 15.062097] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.062125] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.062150] ? trace_hardirqs_on+0x37/0xe0 [ 15.062172] ? kasan_bitops_generic+0x92/0x1c0 [ 15.062261] kasan_bitops_generic+0x121/0x1c0 [ 15.062289] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.062314] ? __pfx_read_tsc+0x10/0x10 [ 15.062348] ? ktime_get_ts64+0x86/0x230 [ 15.062372] kunit_try_run_case+0x1a5/0x480 [ 15.062405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.062429] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.062453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.062479] ? __kthread_parkme+0x82/0x180 [ 15.062501] ? preempt_count_sub+0x50/0x80 [ 15.062557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.062582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.062605] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.062640] kthread+0x337/0x6f0 [ 15.062660] ? trace_preempt_on+0x20/0xc0 [ 15.062682] ? __pfx_kthread+0x10/0x10 [ 15.062703] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.062752] ? calculate_sigpending+0x7b/0xa0 [ 15.062777] ? __pfx_kthread+0x10/0x10 [ 15.062823] ret_from_fork+0x116/0x1d0 [ 15.062843] ? __pfx_kthread+0x10/0x10 [ 15.062865] ret_from_fork_asm+0x1a/0x30 [ 15.062897] </TASK> [ 15.062906] [ 15.076428] Allocated by task 279: [ 15.076679] kasan_save_stack+0x45/0x70 [ 15.077105] kasan_save_track+0x18/0x40 [ 15.077323] kasan_save_alloc_info+0x3b/0x50 [ 15.077807] __kasan_kmalloc+0xb7/0xc0 [ 15.078024] __kmalloc_cache_noprof+0x189/0x420 [ 15.078459] kasan_bitops_generic+0x92/0x1c0 [ 15.078889] kunit_try_run_case+0x1a5/0x480 [ 15.079232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.079519] kthread+0x337/0x6f0 [ 15.079948] ret_from_fork+0x116/0x1d0 [ 15.080345] ret_from_fork_asm+0x1a/0x30 [ 15.080774] [ 15.080897] The buggy address belongs to the object at ffff888101b1cc00 [ 15.080897] which belongs to the cache kmalloc-16 of size 16 [ 15.081981] The buggy address is located 8 bytes inside of [ 15.081981] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 15.082683] [ 15.082776] The buggy address belongs to the physical page: [ 15.083412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 15.083931] flags: 0x200000000000000(node=0|zone=2) [ 15.084413] page_type: f5(slab) [ 15.084594] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.085122] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.085607] page dumped because: kasan: bad access detected [ 15.085940] [ 15.086020] Memory state around the buggy address: [ 15.086529] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 15.087016] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.087544] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.088057] ^ [ 15.088248] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.088878] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.089279] ================================================================== [ 14.988996] ================================================================== [ 14.989257] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.989794] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.990279] [ 14.990408] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.990452] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.990465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.990487] Call Trace: [ 14.990501] <TASK> [ 14.990517] dump_stack_lvl+0x73/0xb0 [ 14.990546] print_report+0xd1/0x610 [ 14.990567] ? __virt_addr_valid+0x1db/0x2d0 [ 14.990612] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.990639] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.990661] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.990689] kasan_report+0x141/0x180 [ 14.990711] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.990744] kasan_check_range+0x10c/0x1c0 [ 14.990767] __kasan_check_write+0x18/0x20 [ 14.990787] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.990814] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.990843] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.990867] ? trace_hardirqs_on+0x37/0xe0 [ 14.990889] ? kasan_bitops_generic+0x92/0x1c0 [ 14.990916] kasan_bitops_generic+0x121/0x1c0 [ 14.990940] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.990967] ? __pfx_read_tsc+0x10/0x10 [ 14.990987] ? ktime_get_ts64+0x86/0x230 [ 14.991065] kunit_try_run_case+0x1a5/0x480 [ 14.991097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.991120] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.991144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.991168] ? __kthread_parkme+0x82/0x180 [ 14.991188] ? preempt_count_sub+0x50/0x80 [ 14.991213] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.991238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.991260] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.991320] kthread+0x337/0x6f0 [ 14.991341] ? trace_preempt_on+0x20/0xc0 [ 14.991363] ? __pfx_kthread+0x10/0x10 [ 14.991421] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.991457] ? calculate_sigpending+0x7b/0xa0 [ 14.991495] ? __pfx_kthread+0x10/0x10 [ 14.991516] ret_from_fork+0x116/0x1d0 [ 14.991549] ? __pfx_kthread+0x10/0x10 [ 14.991601] ret_from_fork_asm+0x1a/0x30 [ 14.991657] </TASK> [ 14.991667] [ 15.001871] Allocated by task 279: [ 15.002121] kasan_save_stack+0x45/0x70 [ 15.002327] kasan_save_track+0x18/0x40 [ 15.002532] kasan_save_alloc_info+0x3b/0x50 [ 15.002769] __kasan_kmalloc+0xb7/0xc0 [ 15.002956] __kmalloc_cache_noprof+0x189/0x420 [ 15.003287] kasan_bitops_generic+0x92/0x1c0 [ 15.003531] kunit_try_run_case+0x1a5/0x480 [ 15.003806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.004349] kthread+0x337/0x6f0 [ 15.004535] ret_from_fork+0x116/0x1d0 [ 15.004736] ret_from_fork_asm+0x1a/0x30 [ 15.004887] [ 15.004962] The buggy address belongs to the object at ffff888101b1cc00 [ 15.004962] which belongs to the cache kmalloc-16 of size 16 [ 15.005324] The buggy address is located 8 bytes inside of [ 15.005324] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 15.005862] [ 15.005968] The buggy address belongs to the physical page: [ 15.006229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 15.006704] flags: 0x200000000000000(node=0|zone=2) [ 15.006915] page_type: f5(slab) [ 15.007134] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.007424] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.007841] page dumped because: kasan: bad access detected [ 15.008243] [ 15.008372] Memory state around the buggy address: [ 15.008695] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 15.009113] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.009612] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.009994] ^ [ 15.010534] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.010937] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.011367] ================================================================== [ 15.036582] ================================================================== [ 15.036971] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.037457] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 15.037831] [ 15.037943] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.037989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.038001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.038024] Call Trace: [ 15.038037] <TASK> [ 15.038054] dump_stack_lvl+0x73/0xb0 [ 15.038157] print_report+0xd1/0x610 [ 15.038198] ? __virt_addr_valid+0x1db/0x2d0 [ 15.038222] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.038250] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.038301] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.038329] kasan_report+0x141/0x180 [ 15.038379] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.038428] kasan_check_range+0x10c/0x1c0 [ 15.038452] __kasan_check_write+0x18/0x20 [ 15.038471] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 15.038499] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.038527] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.038579] ? trace_hardirqs_on+0x37/0xe0 [ 15.038612] ? kasan_bitops_generic+0x92/0x1c0 [ 15.038652] kasan_bitops_generic+0x121/0x1c0 [ 15.038677] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.038730] ? __pfx_read_tsc+0x10/0x10 [ 15.038751] ? ktime_get_ts64+0x86/0x230 [ 15.038777] kunit_try_run_case+0x1a5/0x480 [ 15.038813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.038836] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.038860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.038884] ? __kthread_parkme+0x82/0x180 [ 15.038930] ? preempt_count_sub+0x50/0x80 [ 15.038955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.038979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.039030] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.039064] kthread+0x337/0x6f0 [ 15.039084] ? trace_preempt_on+0x20/0xc0 [ 15.039106] ? __pfx_kthread+0x10/0x10 [ 15.039174] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.039195] ? calculate_sigpending+0x7b/0xa0 [ 15.039221] ? __pfx_kthread+0x10/0x10 [ 15.039266] ret_from_fork+0x116/0x1d0 [ 15.039295] ? __pfx_kthread+0x10/0x10 [ 15.039316] ret_from_fork_asm+0x1a/0x30 [ 15.039359] </TASK> [ 15.039370] [ 15.049622] Allocated by task 279: [ 15.049844] kasan_save_stack+0x45/0x70 [ 15.050063] kasan_save_track+0x18/0x40 [ 15.050331] kasan_save_alloc_info+0x3b/0x50 [ 15.050652] __kasan_kmalloc+0xb7/0xc0 [ 15.050828] __kmalloc_cache_noprof+0x189/0x420 [ 15.051082] kasan_bitops_generic+0x92/0x1c0 [ 15.051295] kunit_try_run_case+0x1a5/0x480 [ 15.051583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.051828] kthread+0x337/0x6f0 [ 15.052025] ret_from_fork+0x116/0x1d0 [ 15.052200] ret_from_fork_asm+0x1a/0x30 [ 15.052360] [ 15.052467] The buggy address belongs to the object at ffff888101b1cc00 [ 15.052467] which belongs to the cache kmalloc-16 of size 16 [ 15.053089] The buggy address is located 8 bytes inside of [ 15.053089] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 15.053513] [ 15.053590] The buggy address belongs to the physical page: [ 15.054227] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 15.054956] flags: 0x200000000000000(node=0|zone=2) [ 15.055301] page_type: f5(slab) [ 15.055493] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.055877] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.056307] page dumped because: kasan: bad access detected [ 15.056662] [ 15.056807] Memory state around the buggy address: [ 15.057056] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 15.057522] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.058021] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.058485] ^ [ 15.058686] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.059282] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.059564] ================================================================== [ 14.968640] ================================================================== [ 14.968983] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.969519] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.969781] [ 14.969871] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.969913] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.969925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.969947] Call Trace: [ 14.969960] <TASK> [ 14.969976] dump_stack_lvl+0x73/0xb0 [ 14.970003] print_report+0xd1/0x610 [ 14.970025] ? __virt_addr_valid+0x1db/0x2d0 [ 14.970048] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.970075] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.970121] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.970148] kasan_report+0x141/0x180 [ 14.970172] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.970215] kasan_check_range+0x10c/0x1c0 [ 14.970238] __kasan_check_write+0x18/0x20 [ 14.970269] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.970296] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.970325] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.970349] ? trace_hardirqs_on+0x37/0xe0 [ 14.970370] ? kasan_bitops_generic+0x92/0x1c0 [ 14.970407] kasan_bitops_generic+0x121/0x1c0 [ 14.970431] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.970456] ? __pfx_read_tsc+0x10/0x10 [ 14.970477] ? ktime_get_ts64+0x86/0x230 [ 14.970501] kunit_try_run_case+0x1a5/0x480 [ 14.970525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.970548] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.970588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.970612] ? __kthread_parkme+0x82/0x180 [ 14.970632] ? preempt_count_sub+0x50/0x80 [ 14.970657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.970682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.970705] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.970728] kthread+0x337/0x6f0 [ 14.970748] ? trace_preempt_on+0x20/0xc0 [ 14.970770] ? __pfx_kthread+0x10/0x10 [ 14.970792] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.970813] ? calculate_sigpending+0x7b/0xa0 [ 14.970837] ? __pfx_kthread+0x10/0x10 [ 14.970858] ret_from_fork+0x116/0x1d0 [ 14.970877] ? __pfx_kthread+0x10/0x10 [ 14.970897] ret_from_fork_asm+0x1a/0x30 [ 14.970929] </TASK> [ 14.970940] [ 14.980308] Allocated by task 279: [ 14.980524] kasan_save_stack+0x45/0x70 [ 14.980756] kasan_save_track+0x18/0x40 [ 14.980947] kasan_save_alloc_info+0x3b/0x50 [ 14.981165] __kasan_kmalloc+0xb7/0xc0 [ 14.981350] __kmalloc_cache_noprof+0x189/0x420 [ 14.981566] kasan_bitops_generic+0x92/0x1c0 [ 14.981719] kunit_try_run_case+0x1a5/0x480 [ 14.981866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.982043] kthread+0x337/0x6f0 [ 14.982213] ret_from_fork+0x116/0x1d0 [ 14.982430] ret_from_fork_asm+0x1a/0x30 [ 14.982651] [ 14.982750] The buggy address belongs to the object at ffff888101b1cc00 [ 14.982750] which belongs to the cache kmalloc-16 of size 16 [ 14.983608] The buggy address is located 8 bytes inside of [ 14.983608] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.984181] [ 14.984291] The buggy address belongs to the physical page: [ 14.984557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.984912] flags: 0x200000000000000(node=0|zone=2) [ 14.985248] page_type: f5(slab) [ 14.985425] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.985780] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.986130] page dumped because: kasan: bad access detected [ 14.986405] [ 14.986500] Memory state around the buggy address: [ 14.986734] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.987040] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.987340] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.987679] ^ [ 14.987883] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.988246] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.988610] ================================================================== [ 14.929254] ================================================================== [ 14.929608] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.930065] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.930421] [ 14.930545] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.930612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.930625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.930647] Call Trace: [ 14.930663] <TASK> [ 14.930680] dump_stack_lvl+0x73/0xb0 [ 14.930708] print_report+0xd1/0x610 [ 14.930740] ? __virt_addr_valid+0x1db/0x2d0 [ 14.930763] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.930791] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.930823] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.930851] kasan_report+0x141/0x180 [ 14.930874] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.930915] kasan_check_range+0x10c/0x1c0 [ 14.930938] __kasan_check_write+0x18/0x20 [ 14.930957] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.930995] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.931051] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.931075] ? trace_hardirqs_on+0x37/0xe0 [ 14.931098] ? kasan_bitops_generic+0x92/0x1c0 [ 14.931125] kasan_bitops_generic+0x121/0x1c0 [ 14.931159] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.931184] ? __pfx_read_tsc+0x10/0x10 [ 14.931204] ? ktime_get_ts64+0x86/0x230 [ 14.931241] kunit_try_run_case+0x1a5/0x480 [ 14.931266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.931288] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.931312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.931344] ? __kthread_parkme+0x82/0x180 [ 14.931365] ? preempt_count_sub+0x50/0x80 [ 14.931389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.931432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.931455] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.931490] kthread+0x337/0x6f0 [ 14.931509] ? trace_preempt_on+0x20/0xc0 [ 14.931540] ? __pfx_kthread+0x10/0x10 [ 14.931560] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.931605] ? calculate_sigpending+0x7b/0xa0 [ 14.931630] ? __pfx_kthread+0x10/0x10 [ 14.931652] ret_from_fork+0x116/0x1d0 [ 14.931690] ? __pfx_kthread+0x10/0x10 [ 14.931711] ret_from_fork_asm+0x1a/0x30 [ 14.931744] </TASK> [ 14.931764] [ 14.940384] Allocated by task 279: [ 14.940536] kasan_save_stack+0x45/0x70 [ 14.940737] kasan_save_track+0x18/0x40 [ 14.940922] kasan_save_alloc_info+0x3b/0x50 [ 14.941149] __kasan_kmalloc+0xb7/0xc0 [ 14.941353] __kmalloc_cache_noprof+0x189/0x420 [ 14.941561] kasan_bitops_generic+0x92/0x1c0 [ 14.941802] kunit_try_run_case+0x1a5/0x480 [ 14.942029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.942328] kthread+0x337/0x6f0 [ 14.942512] ret_from_fork+0x116/0x1d0 [ 14.942739] ret_from_fork_asm+0x1a/0x30 [ 14.942934] [ 14.943008] The buggy address belongs to the object at ffff888101b1cc00 [ 14.943008] which belongs to the cache kmalloc-16 of size 16 [ 14.943629] The buggy address is located 8 bytes inside of [ 14.943629] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.943987] [ 14.944060] The buggy address belongs to the physical page: [ 14.944237] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.944538] flags: 0x200000000000000(node=0|zone=2) [ 14.944834] page_type: f5(slab) [ 14.945030] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.945439] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.945878] page dumped because: kasan: bad access detected [ 14.946131] [ 14.946223] Memory state around the buggy address: [ 14.946384] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.946675] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.947043] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.947364] ^ [ 14.947537] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.947871] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.948325] ================================================================== [ 14.908968] ================================================================== [ 14.909576] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.909964] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.910842] [ 14.911091] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.911147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.911160] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.911182] Call Trace: [ 14.911199] <TASK> [ 14.911215] dump_stack_lvl+0x73/0xb0 [ 14.911245] print_report+0xd1/0x610 [ 14.911268] ? __virt_addr_valid+0x1db/0x2d0 [ 14.911291] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.911319] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.911341] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.911369] kasan_report+0x141/0x180 [ 14.911391] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.911433] kasan_check_range+0x10c/0x1c0 [ 14.911457] __kasan_check_write+0x18/0x20 [ 14.911476] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.911504] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.911532] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.911556] ? trace_hardirqs_on+0x37/0xe0 [ 14.911579] ? kasan_bitops_generic+0x92/0x1c0 [ 14.911607] kasan_bitops_generic+0x121/0x1c0 [ 14.911630] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.911655] ? __pfx_read_tsc+0x10/0x10 [ 14.911677] ? ktime_get_ts64+0x86/0x230 [ 14.911704] kunit_try_run_case+0x1a5/0x480 [ 14.911729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.911762] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.911787] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.911810] ? __kthread_parkme+0x82/0x180 [ 14.911842] ? preempt_count_sub+0x50/0x80 [ 14.911866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.911891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.911914] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.911937] kthread+0x337/0x6f0 [ 14.911957] ? trace_preempt_on+0x20/0xc0 [ 14.911980] ? __pfx_kthread+0x10/0x10 [ 14.912001] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.912022] ? calculate_sigpending+0x7b/0xa0 [ 14.912047] ? __pfx_kthread+0x10/0x10 [ 14.912069] ret_from_fork+0x116/0x1d0 [ 14.912087] ? __pfx_kthread+0x10/0x10 [ 14.912109] ret_from_fork_asm+0x1a/0x30 [ 14.912142] </TASK> [ 14.912152] [ 14.920970] Allocated by task 279: [ 14.921257] kasan_save_stack+0x45/0x70 [ 14.921413] kasan_save_track+0x18/0x40 [ 14.921554] kasan_save_alloc_info+0x3b/0x50 [ 14.921716] __kasan_kmalloc+0xb7/0xc0 [ 14.921860] __kmalloc_cache_noprof+0x189/0x420 [ 14.922346] kasan_bitops_generic+0x92/0x1c0 [ 14.922779] kunit_try_run_case+0x1a5/0x480 [ 14.922990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.923354] kthread+0x337/0x6f0 [ 14.923513] ret_from_fork+0x116/0x1d0 [ 14.923711] ret_from_fork_asm+0x1a/0x30 [ 14.923927] [ 14.924007] The buggy address belongs to the object at ffff888101b1cc00 [ 14.924007] which belongs to the cache kmalloc-16 of size 16 [ 14.924487] The buggy address is located 8 bytes inside of [ 14.924487] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.925032] [ 14.925106] The buggy address belongs to the physical page: [ 14.925280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.925552] flags: 0x200000000000000(node=0|zone=2) [ 14.925725] page_type: f5(slab) [ 14.925849] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.926329] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.926671] page dumped because: kasan: bad access detected [ 14.926921] [ 14.927014] Memory state around the buggy address: [ 14.927234] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.927576] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.927888] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.928101] ^ [ 14.928224] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.928475] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.928756] ================================================================== [ 14.948874] ================================================================== [ 14.949278] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.949737] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.950126] [ 14.950235] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.950291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.950302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.950324] Call Trace: [ 14.950349] <TASK> [ 14.950365] dump_stack_lvl+0x73/0xb0 [ 14.950402] print_report+0xd1/0x610 [ 14.950424] ? __virt_addr_valid+0x1db/0x2d0 [ 14.950449] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.950476] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.950498] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.950526] kasan_report+0x141/0x180 [ 14.950548] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.950599] kasan_check_range+0x10c/0x1c0 [ 14.950624] __kasan_check_write+0x18/0x20 [ 14.950642] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.950670] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.950698] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.950723] ? trace_hardirqs_on+0x37/0xe0 [ 14.950747] ? kasan_bitops_generic+0x92/0x1c0 [ 14.950774] kasan_bitops_generic+0x121/0x1c0 [ 14.950799] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.950824] ? __pfx_read_tsc+0x10/0x10 [ 14.950854] ? ktime_get_ts64+0x86/0x230 [ 14.950881] kunit_try_run_case+0x1a5/0x480 [ 14.950906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.950939] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.950964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.950987] ? __kthread_parkme+0x82/0x180 [ 14.951024] ? preempt_count_sub+0x50/0x80 [ 14.951049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.951073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.951097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.951119] kthread+0x337/0x6f0 [ 14.951140] ? trace_preempt_on+0x20/0xc0 [ 14.951162] ? __pfx_kthread+0x10/0x10 [ 14.951183] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.951204] ? calculate_sigpending+0x7b/0xa0 [ 14.951228] ? __pfx_kthread+0x10/0x10 [ 14.951250] ret_from_fork+0x116/0x1d0 [ 14.951269] ? __pfx_kthread+0x10/0x10 [ 14.951290] ret_from_fork_asm+0x1a/0x30 [ 14.951323] </TASK> [ 14.951335] [ 14.959733] Allocated by task 279: [ 14.959861] kasan_save_stack+0x45/0x70 [ 14.960003] kasan_save_track+0x18/0x40 [ 14.960140] kasan_save_alloc_info+0x3b/0x50 [ 14.960303] __kasan_kmalloc+0xb7/0xc0 [ 14.960706] __kmalloc_cache_noprof+0x189/0x420 [ 14.960937] kasan_bitops_generic+0x92/0x1c0 [ 14.961155] kunit_try_run_case+0x1a5/0x480 [ 14.961361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.961620] kthread+0x337/0x6f0 [ 14.961792] ret_from_fork+0x116/0x1d0 [ 14.961977] ret_from_fork_asm+0x1a/0x30 [ 14.962170] [ 14.962265] The buggy address belongs to the object at ffff888101b1cc00 [ 14.962265] which belongs to the cache kmalloc-16 of size 16 [ 14.962858] The buggy address is located 8 bytes inside of [ 14.962858] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.963215] [ 14.963289] The buggy address belongs to the physical page: [ 14.963649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.964017] flags: 0x200000000000000(node=0|zone=2) [ 14.964491] page_type: f5(slab) [ 14.964691] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.965055] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.965371] page dumped because: kasan: bad access detected [ 14.965781] [ 14.965921] Memory state around the buggy address: [ 14.966220] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.966509] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.966820] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.967230] ^ [ 14.967458] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.967787] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.968171] ================================================================== [ 15.011806] ================================================================== [ 15.012377] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.012859] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 15.013300] [ 15.013429] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.013505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.013518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.013551] Call Trace: [ 15.013566] <TASK> [ 15.013599] dump_stack_lvl+0x73/0xb0 [ 15.013629] print_report+0xd1/0x610 [ 15.013651] ? __virt_addr_valid+0x1db/0x2d0 [ 15.013673] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.013700] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.013751] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.013780] kasan_report+0x141/0x180 [ 15.013802] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.013845] kasan_check_range+0x10c/0x1c0 [ 15.013870] __kasan_check_write+0x18/0x20 [ 15.013888] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 15.013917] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.013945] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.013968] ? trace_hardirqs_on+0x37/0xe0 [ 15.013990] ? kasan_bitops_generic+0x92/0x1c0 [ 15.014096] kasan_bitops_generic+0x121/0x1c0 [ 15.014137] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.014163] ? __pfx_read_tsc+0x10/0x10 [ 15.014205] ? ktime_get_ts64+0x86/0x230 [ 15.014241] kunit_try_run_case+0x1a5/0x480 [ 15.014266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.014300] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.014325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.014373] ? __kthread_parkme+0x82/0x180 [ 15.014409] ? preempt_count_sub+0x50/0x80 [ 15.014436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.014460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.014484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.014507] kthread+0x337/0x6f0 [ 15.014552] ? trace_preempt_on+0x20/0xc0 [ 15.014622] ? __pfx_kthread+0x10/0x10 [ 15.014645] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.014667] ? calculate_sigpending+0x7b/0xa0 [ 15.014703] ? __pfx_kthread+0x10/0x10 [ 15.014725] ret_from_fork+0x116/0x1d0 [ 15.014744] ? __pfx_kthread+0x10/0x10 [ 15.014764] ret_from_fork_asm+0x1a/0x30 [ 15.014815] </TASK> [ 15.014834] [ 15.025315] Allocated by task 279: [ 15.025562] kasan_save_stack+0x45/0x70 [ 15.025777] kasan_save_track+0x18/0x40 [ 15.026003] kasan_save_alloc_info+0x3b/0x50 [ 15.026293] __kasan_kmalloc+0xb7/0xc0 [ 15.026569] __kmalloc_cache_noprof+0x189/0x420 [ 15.026751] kasan_bitops_generic+0x92/0x1c0 [ 15.027084] kunit_try_run_case+0x1a5/0x480 [ 15.027309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.027834] kthread+0x337/0x6f0 [ 15.028015] ret_from_fork+0x116/0x1d0 [ 15.028714] ret_from_fork_asm+0x1a/0x30 [ 15.029036] [ 15.029140] The buggy address belongs to the object at ffff888101b1cc00 [ 15.029140] which belongs to the cache kmalloc-16 of size 16 [ 15.030157] The buggy address is located 8 bytes inside of [ 15.030157] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 15.030822] [ 15.030956] The buggy address belongs to the physical page: [ 15.031352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 15.031777] flags: 0x200000000000000(node=0|zone=2) [ 15.032019] page_type: f5(slab) [ 15.032272] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.032749] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.033090] page dumped because: kasan: bad access detected [ 15.033539] [ 15.033661] Memory state around the buggy address: [ 15.033927] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 15.034367] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.034734] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.035018] ^ [ 15.035242] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.035607] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.035972] ================================================================== [ 15.090260] ================================================================== [ 15.091210] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.091574] Read of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 15.091946] [ 15.092046] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.092092] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.092106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.092159] Call Trace: [ 15.092198] <TASK> [ 15.092216] dump_stack_lvl+0x73/0xb0 [ 15.092271] print_report+0xd1/0x610 [ 15.092295] ? __virt_addr_valid+0x1db/0x2d0 [ 15.092318] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.092345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.092367] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.092406] kasan_report+0x141/0x180 [ 15.092429] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.092462] __asan_report_load8_noabort+0x18/0x20 [ 15.092487] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 15.092514] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 15.092544] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.092567] ? trace_hardirqs_on+0x37/0xe0 [ 15.092589] ? kasan_bitops_generic+0x92/0x1c0 [ 15.092618] kasan_bitops_generic+0x121/0x1c0 [ 15.092641] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 15.092670] ? __pfx_read_tsc+0x10/0x10 [ 15.092691] ? ktime_get_ts64+0x86/0x230 [ 15.092717] kunit_try_run_case+0x1a5/0x480 [ 15.092743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.092765] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 15.092789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.092813] ? __kthread_parkme+0x82/0x180 [ 15.092833] ? preempt_count_sub+0x50/0x80 [ 15.092858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.092882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.092905] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.092928] kthread+0x337/0x6f0 [ 15.092948] ? trace_preempt_on+0x20/0xc0 [ 15.092971] ? __pfx_kthread+0x10/0x10 [ 15.092992] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.093013] ? calculate_sigpending+0x7b/0xa0 [ 15.093061] ? __pfx_kthread+0x10/0x10 [ 15.093083] ret_from_fork+0x116/0x1d0 [ 15.093102] ? __pfx_kthread+0x10/0x10 [ 15.093123] ret_from_fork_asm+0x1a/0x30 [ 15.093155] </TASK> [ 15.093166] [ 15.102270] Allocated by task 279: [ 15.102421] kasan_save_stack+0x45/0x70 [ 15.102567] kasan_save_track+0x18/0x40 [ 15.102757] kasan_save_alloc_info+0x3b/0x50 [ 15.103018] __kasan_kmalloc+0xb7/0xc0 [ 15.103208] __kmalloc_cache_noprof+0x189/0x420 [ 15.103439] kasan_bitops_generic+0x92/0x1c0 [ 15.103893] kunit_try_run_case+0x1a5/0x480 [ 15.104160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.104456] kthread+0x337/0x6f0 [ 15.104642] ret_from_fork+0x116/0x1d0 [ 15.104784] ret_from_fork_asm+0x1a/0x30 [ 15.104926] [ 15.104998] The buggy address belongs to the object at ffff888101b1cc00 [ 15.104998] which belongs to the cache kmalloc-16 of size 16 [ 15.105547] The buggy address is located 8 bytes inside of [ 15.105547] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 15.106246] [ 15.106351] The buggy address belongs to the physical page: [ 15.106618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 15.107012] flags: 0x200000000000000(node=0|zone=2) [ 15.107261] page_type: f5(slab) [ 15.107436] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 15.107773] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 15.108147] page dumped because: kasan: bad access detected [ 15.108470] [ 15.108564] Memory state around the buggy address: [ 15.108780] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 15.109000] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 15.109216] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.109442] ^ [ 15.109565] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.109893] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.110232] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 14.881997] ================================================================== [ 14.882233] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.882548] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.882906] [ 14.883044] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.883087] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.883099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.883120] Call Trace: [ 14.883135] <TASK> [ 14.883150] dump_stack_lvl+0x73/0xb0 [ 14.883178] print_report+0xd1/0x610 [ 14.883244] ? __virt_addr_valid+0x1db/0x2d0 [ 14.883281] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.883308] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.883330] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.883357] kasan_report+0x141/0x180 [ 14.883379] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.883421] kasan_check_range+0x10c/0x1c0 [ 14.883445] __kasan_check_write+0x18/0x20 [ 14.883464] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.883489] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.883515] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.883540] ? trace_hardirqs_on+0x37/0xe0 [ 14.883561] ? kasan_bitops_generic+0x92/0x1c0 [ 14.883590] kasan_bitops_generic+0x116/0x1c0 [ 14.883613] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.883638] ? __pfx_read_tsc+0x10/0x10 [ 14.883660] ? ktime_get_ts64+0x86/0x230 [ 14.883683] kunit_try_run_case+0x1a5/0x480 [ 14.883709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.883731] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.883766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.883790] ? __kthread_parkme+0x82/0x180 [ 14.883810] ? preempt_count_sub+0x50/0x80 [ 14.883846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.883870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.883894] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.883918] kthread+0x337/0x6f0 [ 14.883937] ? trace_preempt_on+0x20/0xc0 [ 14.883959] ? __pfx_kthread+0x10/0x10 [ 14.883989] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.884010] ? calculate_sigpending+0x7b/0xa0 [ 14.884034] ? __pfx_kthread+0x10/0x10 [ 14.884067] ret_from_fork+0x116/0x1d0 [ 14.884118] ? __pfx_kthread+0x10/0x10 [ 14.884140] ret_from_fork_asm+0x1a/0x30 [ 14.884172] </TASK> [ 14.884192] [ 14.893939] Allocated by task 279: [ 14.894076] kasan_save_stack+0x45/0x70 [ 14.894228] kasan_save_track+0x18/0x40 [ 14.894431] kasan_save_alloc_info+0x3b/0x50 [ 14.894639] __kasan_kmalloc+0xb7/0xc0 [ 14.894828] __kmalloc_cache_noprof+0x189/0x420 [ 14.895335] kasan_bitops_generic+0x92/0x1c0 [ 14.895564] kunit_try_run_case+0x1a5/0x480 [ 14.895865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.896318] kthread+0x337/0x6f0 [ 14.896505] ret_from_fork+0x116/0x1d0 [ 14.897432] ret_from_fork_asm+0x1a/0x30 [ 14.898050] [ 14.898169] The buggy address belongs to the object at ffff888101b1cc00 [ 14.898169] which belongs to the cache kmalloc-16 of size 16 [ 14.899388] The buggy address is located 8 bytes inside of [ 14.899388] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.899988] [ 14.900134] The buggy address belongs to the physical page: [ 14.900370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.901210] flags: 0x200000000000000(node=0|zone=2) [ 14.901453] page_type: f5(slab) [ 14.901858] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.902730] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.903619] page dumped because: kasan: bad access detected [ 14.903944] [ 14.904049] Memory state around the buggy address: [ 14.904540] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.905187] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.905854] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.906389] ^ [ 14.906815] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.907436] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.907950] ================================================================== [ 14.818894] ================================================================== [ 14.819250] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.819625] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.819994] [ 14.820184] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.820229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.820241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.820263] Call Trace: [ 14.820275] <TASK> [ 14.820292] dump_stack_lvl+0x73/0xb0 [ 14.820321] print_report+0xd1/0x610 [ 14.820344] ? __virt_addr_valid+0x1db/0x2d0 [ 14.820375] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.820419] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.820443] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.820469] kasan_report+0x141/0x180 [ 14.820492] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.820523] kasan_check_range+0x10c/0x1c0 [ 14.820547] __kasan_check_write+0x18/0x20 [ 14.820576] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.820602] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.820629] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.820664] ? trace_hardirqs_on+0x37/0xe0 [ 14.820692] ? kasan_bitops_generic+0x92/0x1c0 [ 14.820722] kasan_bitops_generic+0x116/0x1c0 [ 14.820745] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.820771] ? __pfx_read_tsc+0x10/0x10 [ 14.820791] ? ktime_get_ts64+0x86/0x230 [ 14.820816] kunit_try_run_case+0x1a5/0x480 [ 14.820841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.820863] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.820888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.820911] ? __kthread_parkme+0x82/0x180 [ 14.820933] ? preempt_count_sub+0x50/0x80 [ 14.820957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.820982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.821014] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.821099] kthread+0x337/0x6f0 [ 14.821120] ? trace_preempt_on+0x20/0xc0 [ 14.821143] ? __pfx_kthread+0x10/0x10 [ 14.821165] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.821187] ? calculate_sigpending+0x7b/0xa0 [ 14.821212] ? __pfx_kthread+0x10/0x10 [ 14.821234] ret_from_fork+0x116/0x1d0 [ 14.821253] ? __pfx_kthread+0x10/0x10 [ 14.821274] ret_from_fork_asm+0x1a/0x30 [ 14.821306] </TASK> [ 14.821316] [ 14.831010] Allocated by task 279: [ 14.831143] kasan_save_stack+0x45/0x70 [ 14.831290] kasan_save_track+0x18/0x40 [ 14.831514] kasan_save_alloc_info+0x3b/0x50 [ 14.831729] __kasan_kmalloc+0xb7/0xc0 [ 14.831954] __kmalloc_cache_noprof+0x189/0x420 [ 14.832487] kasan_bitops_generic+0x92/0x1c0 [ 14.832700] kunit_try_run_case+0x1a5/0x480 [ 14.832853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.833031] kthread+0x337/0x6f0 [ 14.833154] ret_from_fork+0x116/0x1d0 [ 14.833288] ret_from_fork_asm+0x1a/0x30 [ 14.833494] [ 14.833591] The buggy address belongs to the object at ffff888101b1cc00 [ 14.833591] which belongs to the cache kmalloc-16 of size 16 [ 14.834341] The buggy address is located 8 bytes inside of [ 14.834341] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.835979] [ 14.836312] The buggy address belongs to the physical page: [ 14.836574] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.836945] flags: 0x200000000000000(node=0|zone=2) [ 14.837328] page_type: f5(slab) [ 14.837518] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.837870] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.838143] page dumped because: kasan: bad access detected [ 14.838481] [ 14.838578] Memory state around the buggy address: [ 14.838756] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.839148] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.839419] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.839767] ^ [ 14.839962] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.840390] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.840701] ================================================================== [ 14.861959] ================================================================== [ 14.862472] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.862949] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.863365] [ 14.863488] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.863535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.863547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.863568] Call Trace: [ 14.863582] <TASK> [ 14.863598] dump_stack_lvl+0x73/0xb0 [ 14.863626] print_report+0xd1/0x610 [ 14.863648] ? __virt_addr_valid+0x1db/0x2d0 [ 14.863671] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.863696] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.863718] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.863744] kasan_report+0x141/0x180 [ 14.863767] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.863798] kasan_check_range+0x10c/0x1c0 [ 14.863822] __kasan_check_write+0x18/0x20 [ 14.863841] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.863869] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.863896] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.863921] ? trace_hardirqs_on+0x37/0xe0 [ 14.863943] ? kasan_bitops_generic+0x92/0x1c0 [ 14.863971] kasan_bitops_generic+0x116/0x1c0 [ 14.863994] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.864020] ? __pfx_read_tsc+0x10/0x10 [ 14.864041] ? ktime_get_ts64+0x86/0x230 [ 14.864094] kunit_try_run_case+0x1a5/0x480 [ 14.864120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.864144] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.864174] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.864198] ? __kthread_parkme+0x82/0x180 [ 14.864219] ? preempt_count_sub+0x50/0x80 [ 14.864243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.864267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.864291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.864314] kthread+0x337/0x6f0 [ 14.864333] ? trace_preempt_on+0x20/0xc0 [ 14.864355] ? __pfx_kthread+0x10/0x10 [ 14.864377] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.864407] ? calculate_sigpending+0x7b/0xa0 [ 14.864430] ? __pfx_kthread+0x10/0x10 [ 14.864453] ret_from_fork+0x116/0x1d0 [ 14.864471] ? __pfx_kthread+0x10/0x10 [ 14.864493] ret_from_fork_asm+0x1a/0x30 [ 14.864524] </TASK> [ 14.864535] [ 14.873495] Allocated by task 279: [ 14.873692] kasan_save_stack+0x45/0x70 [ 14.873908] kasan_save_track+0x18/0x40 [ 14.874161] kasan_save_alloc_info+0x3b/0x50 [ 14.874386] __kasan_kmalloc+0xb7/0xc0 [ 14.874586] __kmalloc_cache_noprof+0x189/0x420 [ 14.874794] kasan_bitops_generic+0x92/0x1c0 [ 14.875005] kunit_try_run_case+0x1a5/0x480 [ 14.875279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.875522] kthread+0x337/0x6f0 [ 14.875711] ret_from_fork+0x116/0x1d0 [ 14.875846] ret_from_fork_asm+0x1a/0x30 [ 14.876013] [ 14.876178] The buggy address belongs to the object at ffff888101b1cc00 [ 14.876178] which belongs to the cache kmalloc-16 of size 16 [ 14.876767] The buggy address is located 8 bytes inside of [ 14.876767] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.877341] [ 14.877456] The buggy address belongs to the physical page: [ 14.877722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.878177] flags: 0x200000000000000(node=0|zone=2) [ 14.878408] page_type: f5(slab) [ 14.878537] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.879001] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.879345] page dumped because: kasan: bad access detected [ 14.879538] [ 14.879611] Memory state around the buggy address: [ 14.879769] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.879988] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.880217] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.880537] ^ [ 14.880993] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.881328] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.881652] ================================================================== [ 14.723825] ================================================================== [ 14.724469] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.725234] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.725545] [ 14.725636] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.725682] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.725694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.725715] Call Trace: [ 14.725730] <TASK> [ 14.725747] dump_stack_lvl+0x73/0xb0 [ 14.725778] print_report+0xd1/0x610 [ 14.725801] ? __virt_addr_valid+0x1db/0x2d0 [ 14.725825] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.725850] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.725873] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.725899] kasan_report+0x141/0x180 [ 14.725922] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.725953] kasan_check_range+0x10c/0x1c0 [ 14.725977] __kasan_check_write+0x18/0x20 [ 14.725996] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.726022] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.726101] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.726128] ? trace_hardirqs_on+0x37/0xe0 [ 14.726151] ? kasan_bitops_generic+0x92/0x1c0 [ 14.726181] kasan_bitops_generic+0x116/0x1c0 [ 14.726205] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.726231] ? __pfx_read_tsc+0x10/0x10 [ 14.726252] ? ktime_get_ts64+0x86/0x230 [ 14.726278] kunit_try_run_case+0x1a5/0x480 [ 14.726304] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.726327] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.726351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.726375] ? __kthread_parkme+0x82/0x180 [ 14.726410] ? preempt_count_sub+0x50/0x80 [ 14.726438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.726463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.726487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.726511] kthread+0x337/0x6f0 [ 14.726532] ? trace_preempt_on+0x20/0xc0 [ 14.726554] ? __pfx_kthread+0x10/0x10 [ 14.726576] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.726598] ? calculate_sigpending+0x7b/0xa0 [ 14.726622] ? __pfx_kthread+0x10/0x10 [ 14.726645] ret_from_fork+0x116/0x1d0 [ 14.726664] ? __pfx_kthread+0x10/0x10 [ 14.726686] ret_from_fork_asm+0x1a/0x30 [ 14.726718] </TASK> [ 14.726728] [ 14.735995] Allocated by task 279: [ 14.736188] kasan_save_stack+0x45/0x70 [ 14.736382] kasan_save_track+0x18/0x40 [ 14.736547] kasan_save_alloc_info+0x3b/0x50 [ 14.736914] __kasan_kmalloc+0xb7/0xc0 [ 14.737154] __kmalloc_cache_noprof+0x189/0x420 [ 14.737318] kasan_bitops_generic+0x92/0x1c0 [ 14.737485] kunit_try_run_case+0x1a5/0x480 [ 14.737644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.737896] kthread+0x337/0x6f0 [ 14.738114] ret_from_fork+0x116/0x1d0 [ 14.738300] ret_from_fork_asm+0x1a/0x30 [ 14.738458] [ 14.738534] The buggy address belongs to the object at ffff888101b1cc00 [ 14.738534] which belongs to the cache kmalloc-16 of size 16 [ 14.739506] The buggy address is located 8 bytes inside of [ 14.739506] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.740000] [ 14.740211] The buggy address belongs to the physical page: [ 14.740441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.740898] flags: 0x200000000000000(node=0|zone=2) [ 14.741140] page_type: f5(slab) [ 14.741308] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.741772] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.742183] page dumped because: kasan: bad access detected [ 14.742415] [ 14.742514] Memory state around the buggy address: [ 14.742797] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.743167] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.743442] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.743751] ^ [ 14.743922] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.744362] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.744677] ================================================================== [ 14.769764] ================================================================== [ 14.770021] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.770763] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.771185] [ 14.771380] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.771439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.771451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.771473] Call Trace: [ 14.771490] <TASK> [ 14.771505] dump_stack_lvl+0x73/0xb0 [ 14.771697] print_report+0xd1/0x610 [ 14.771722] ? __virt_addr_valid+0x1db/0x2d0 [ 14.771746] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.771772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.771794] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.771820] kasan_report+0x141/0x180 [ 14.771843] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.771874] kasan_check_range+0x10c/0x1c0 [ 14.771898] __kasan_check_write+0x18/0x20 [ 14.771917] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.771943] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.771969] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.771993] ? trace_hardirqs_on+0x37/0xe0 [ 14.772016] ? kasan_bitops_generic+0x92/0x1c0 [ 14.772097] kasan_bitops_generic+0x116/0x1c0 [ 14.772122] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.772147] ? __pfx_read_tsc+0x10/0x10 [ 14.772169] ? ktime_get_ts64+0x86/0x230 [ 14.772195] kunit_try_run_case+0x1a5/0x480 [ 14.772219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.772242] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.772266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.772289] ? __kthread_parkme+0x82/0x180 [ 14.772309] ? preempt_count_sub+0x50/0x80 [ 14.772334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.772359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.772383] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.772418] kthread+0x337/0x6f0 [ 14.772438] ? trace_preempt_on+0x20/0xc0 [ 14.772461] ? __pfx_kthread+0x10/0x10 [ 14.772482] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.772504] ? calculate_sigpending+0x7b/0xa0 [ 14.772528] ? __pfx_kthread+0x10/0x10 [ 14.772551] ret_from_fork+0x116/0x1d0 [ 14.772570] ? __pfx_kthread+0x10/0x10 [ 14.772591] ret_from_fork_asm+0x1a/0x30 [ 14.772623] </TASK> [ 14.772634] [ 14.781514] Allocated by task 279: [ 14.781970] kasan_save_stack+0x45/0x70 [ 14.782302] kasan_save_track+0x18/0x40 [ 14.782520] kasan_save_alloc_info+0x3b/0x50 [ 14.782708] __kasan_kmalloc+0xb7/0xc0 [ 14.782843] __kmalloc_cache_noprof+0x189/0x420 [ 14.783129] kasan_bitops_generic+0x92/0x1c0 [ 14.783357] kunit_try_run_case+0x1a5/0x480 [ 14.783581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.783806] kthread+0x337/0x6f0 [ 14.783983] ret_from_fork+0x116/0x1d0 [ 14.784204] ret_from_fork_asm+0x1a/0x30 [ 14.784419] [ 14.784512] The buggy address belongs to the object at ffff888101b1cc00 [ 14.784512] which belongs to the cache kmalloc-16 of size 16 [ 14.784987] The buggy address is located 8 bytes inside of [ 14.784987] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.785546] [ 14.785667] The buggy address belongs to the physical page: [ 14.785880] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.786380] flags: 0x200000000000000(node=0|zone=2) [ 14.786614] page_type: f5(slab) [ 14.786773] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.787179] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.787485] page dumped because: kasan: bad access detected [ 14.787746] [ 14.787821] Memory state around the buggy address: [ 14.787978] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.788197] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.788424] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.788726] ^ [ 14.789042] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.789363] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.789714] ================================================================== [ 14.790166] ================================================================== [ 14.790524] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.791821] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.792992] [ 14.793413] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.793465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.793478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.793501] Call Trace: [ 14.793514] <TASK> [ 14.793530] dump_stack_lvl+0x73/0xb0 [ 14.793561] print_report+0xd1/0x610 [ 14.793584] ? __virt_addr_valid+0x1db/0x2d0 [ 14.793607] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.793631] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.793654] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.793955] kasan_report+0x141/0x180 [ 14.793988] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.794023] kasan_check_range+0x10c/0x1c0 [ 14.794100] __kasan_check_write+0x18/0x20 [ 14.794124] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.794150] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.794178] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.794203] ? trace_hardirqs_on+0x37/0xe0 [ 14.794227] ? kasan_bitops_generic+0x92/0x1c0 [ 14.794256] kasan_bitops_generic+0x116/0x1c0 [ 14.794280] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.794306] ? __pfx_read_tsc+0x10/0x10 [ 14.794327] ? ktime_get_ts64+0x86/0x230 [ 14.794352] kunit_try_run_case+0x1a5/0x480 [ 14.794378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.794413] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.794437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.794461] ? __kthread_parkme+0x82/0x180 [ 14.794482] ? preempt_count_sub+0x50/0x80 [ 14.794508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.794533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.794557] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.794581] kthread+0x337/0x6f0 [ 14.794601] ? trace_preempt_on+0x20/0xc0 [ 14.794624] ? __pfx_kthread+0x10/0x10 [ 14.794645] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.794666] ? calculate_sigpending+0x7b/0xa0 [ 14.794690] ? __pfx_kthread+0x10/0x10 [ 14.794712] ret_from_fork+0x116/0x1d0 [ 14.794731] ? __pfx_kthread+0x10/0x10 [ 14.794752] ret_from_fork_asm+0x1a/0x30 [ 14.794785] </TASK> [ 14.794796] [ 14.809818] Allocated by task 279: [ 14.810006] kasan_save_stack+0x45/0x70 [ 14.810199] kasan_save_track+0x18/0x40 [ 14.810382] kasan_save_alloc_info+0x3b/0x50 [ 14.810546] __kasan_kmalloc+0xb7/0xc0 [ 14.810830] __kmalloc_cache_noprof+0x189/0x420 [ 14.811070] kasan_bitops_generic+0x92/0x1c0 [ 14.811225] kunit_try_run_case+0x1a5/0x480 [ 14.811524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.811869] kthread+0x337/0x6f0 [ 14.812227] ret_from_fork+0x116/0x1d0 [ 14.812385] ret_from_fork_asm+0x1a/0x30 [ 14.812562] [ 14.812722] The buggy address belongs to the object at ffff888101b1cc00 [ 14.812722] which belongs to the cache kmalloc-16 of size 16 [ 14.813347] The buggy address is located 8 bytes inside of [ 14.813347] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.813828] [ 14.813931] The buggy address belongs to the physical page: [ 14.814193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.814585] flags: 0x200000000000000(node=0|zone=2) [ 14.814832] page_type: f5(slab) [ 14.815003] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.815446] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.815728] page dumped because: kasan: bad access detected [ 14.815921] [ 14.816018] Memory state around the buggy address: [ 14.816323] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.816583] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.816908] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.817413] ^ [ 14.817563] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.817920] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.818243] ================================================================== [ 14.841238] ================================================================== [ 14.841882] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.842332] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.842717] [ 14.842855] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.842902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.842914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.842936] Call Trace: [ 14.842952] <TASK> [ 14.842968] dump_stack_lvl+0x73/0xb0 [ 14.842997] print_report+0xd1/0x610 [ 14.843019] ? __virt_addr_valid+0x1db/0x2d0 [ 14.843042] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.843068] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.843117] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.843144] kasan_report+0x141/0x180 [ 14.843215] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.843247] kasan_check_range+0x10c/0x1c0 [ 14.843271] __kasan_check_write+0x18/0x20 [ 14.843290] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.843316] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.843342] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.843367] ? trace_hardirqs_on+0x37/0xe0 [ 14.843389] ? kasan_bitops_generic+0x92/0x1c0 [ 14.843427] kasan_bitops_generic+0x116/0x1c0 [ 14.843451] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.843476] ? __pfx_read_tsc+0x10/0x10 [ 14.843498] ? ktime_get_ts64+0x86/0x230 [ 14.843522] kunit_try_run_case+0x1a5/0x480 [ 14.843547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.843570] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.843594] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.843617] ? __kthread_parkme+0x82/0x180 [ 14.843639] ? preempt_count_sub+0x50/0x80 [ 14.843663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.843687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.843720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.843744] kthread+0x337/0x6f0 [ 14.843763] ? trace_preempt_on+0x20/0xc0 [ 14.843796] ? __pfx_kthread+0x10/0x10 [ 14.843818] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.843838] ? calculate_sigpending+0x7b/0xa0 [ 14.843862] ? __pfx_kthread+0x10/0x10 [ 14.843884] ret_from_fork+0x116/0x1d0 [ 14.843903] ? __pfx_kthread+0x10/0x10 [ 14.843923] ret_from_fork_asm+0x1a/0x30 [ 14.843955] </TASK> [ 14.843966] [ 14.852907] Allocated by task 279: [ 14.853150] kasan_save_stack+0x45/0x70 [ 14.853357] kasan_save_track+0x18/0x40 [ 14.853558] kasan_save_alloc_info+0x3b/0x50 [ 14.853771] __kasan_kmalloc+0xb7/0xc0 [ 14.853939] __kmalloc_cache_noprof+0x189/0x420 [ 14.854169] kasan_bitops_generic+0x92/0x1c0 [ 14.854392] kunit_try_run_case+0x1a5/0x480 [ 14.854637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.854862] kthread+0x337/0x6f0 [ 14.855105] ret_from_fork+0x116/0x1d0 [ 14.855286] ret_from_fork_asm+0x1a/0x30 [ 14.855453] [ 14.855528] The buggy address belongs to the object at ffff888101b1cc00 [ 14.855528] which belongs to the cache kmalloc-16 of size 16 [ 14.856090] The buggy address is located 8 bytes inside of [ 14.856090] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.856785] [ 14.856866] The buggy address belongs to the physical page: [ 14.857042] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.857284] flags: 0x200000000000000(node=0|zone=2) [ 14.857527] page_type: f5(slab) [ 14.857694] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.858036] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.858466] page dumped because: kasan: bad access detected [ 14.858727] [ 14.858800] Memory state around the buggy address: [ 14.858958] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.859742] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.860076] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.860389] ^ [ 14.860525] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.861014] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.861348] ================================================================== [ 14.745226] ================================================================== [ 14.745594] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.745922] Write of size 8 at addr ffff888101b1cc08 by task kunit_try_catch/279 [ 14.746265] [ 14.746387] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.746442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.746455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.746477] Call Trace: [ 14.746489] <TASK> [ 14.746504] dump_stack_lvl+0x73/0xb0 [ 14.746534] print_report+0xd1/0x610 [ 14.746556] ? __virt_addr_valid+0x1db/0x2d0 [ 14.746579] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.746604] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.746626] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.746653] kasan_report+0x141/0x180 [ 14.746675] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.746708] kasan_check_range+0x10c/0x1c0 [ 14.746732] __kasan_check_write+0x18/0x20 [ 14.746751] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.746777] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.746804] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.746828] ? trace_hardirqs_on+0x37/0xe0 [ 14.746850] ? kasan_bitops_generic+0x92/0x1c0 [ 14.746878] kasan_bitops_generic+0x116/0x1c0 [ 14.746901] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.746927] ? __pfx_read_tsc+0x10/0x10 [ 14.746949] ? ktime_get_ts64+0x86/0x230 [ 14.746973] kunit_try_run_case+0x1a5/0x480 [ 14.747000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.747023] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.747047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.747071] ? __kthread_parkme+0x82/0x180 [ 14.747092] ? preempt_count_sub+0x50/0x80 [ 14.747157] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.747186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.747209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.747234] kthread+0x337/0x6f0 [ 14.747254] ? trace_preempt_on+0x20/0xc0 [ 14.747277] ? __pfx_kthread+0x10/0x10 [ 14.747298] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.747320] ? calculate_sigpending+0x7b/0xa0 [ 14.747344] ? __pfx_kthread+0x10/0x10 [ 14.747367] ret_from_fork+0x116/0x1d0 [ 14.747386] ? __pfx_kthread+0x10/0x10 [ 14.747418] ret_from_fork_asm+0x1a/0x30 [ 14.747451] </TASK> [ 14.747462] [ 14.756456] Allocated by task 279: [ 14.756618] kasan_save_stack+0x45/0x70 [ 14.756827] kasan_save_track+0x18/0x40 [ 14.756990] kasan_save_alloc_info+0x3b/0x50 [ 14.757234] __kasan_kmalloc+0xb7/0xc0 [ 14.757463] __kmalloc_cache_noprof+0x189/0x420 [ 14.757627] kasan_bitops_generic+0x92/0x1c0 [ 14.757786] kunit_try_run_case+0x1a5/0x480 [ 14.757939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.758118] kthread+0x337/0x6f0 [ 14.758241] ret_from_fork+0x116/0x1d0 [ 14.758375] ret_from_fork_asm+0x1a/0x30 [ 14.759537] [ 14.760161] The buggy address belongs to the object at ffff888101b1cc00 [ 14.760161] which belongs to the cache kmalloc-16 of size 16 [ 14.762014] The buggy address is located 8 bytes inside of [ 14.762014] allocated 9-byte region [ffff888101b1cc00, ffff888101b1cc09) [ 14.762964] [ 14.763074] The buggy address belongs to the physical page: [ 14.763339] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 14.763725] flags: 0x200000000000000(node=0|zone=2) [ 14.763973] page_type: f5(slab) [ 14.764141] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.764595] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.764840] page dumped because: kasan: bad access detected [ 14.765457] [ 14.765601] Memory state around the buggy address: [ 14.765948] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 14.766479] ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.766948] >ffff888101b1cc00: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.767469] ^ [ 14.767810] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.768535] ffff888101b1cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.769094] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 14.698232] ================================================================== [ 14.698560] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 14.699139] Read of size 1 at addr ffff8881039514d0 by task kunit_try_catch/277 [ 14.699760] [ 14.699878] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.699924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.699936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.699958] Call Trace: [ 14.699973] <TASK> [ 14.699989] dump_stack_lvl+0x73/0xb0 [ 14.700019] print_report+0xd1/0x610 [ 14.700043] ? __virt_addr_valid+0x1db/0x2d0 [ 14.700067] ? strnlen+0x73/0x80 [ 14.700086] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.700109] ? strnlen+0x73/0x80 [ 14.700127] kasan_report+0x141/0x180 [ 14.700149] ? strnlen+0x73/0x80 [ 14.700174] __asan_report_load1_noabort+0x18/0x20 [ 14.700198] strnlen+0x73/0x80 [ 14.700218] kasan_strings+0x615/0xe80 [ 14.700239] ? trace_hardirqs_on+0x37/0xe0 [ 14.700263] ? __pfx_kasan_strings+0x10/0x10 [ 14.700284] ? finish_task_switch.isra.0+0x153/0x700 [ 14.700306] ? __switch_to+0x47/0xf50 [ 14.700332] ? __schedule+0x10c6/0x2b60 [ 14.700354] ? __pfx_read_tsc+0x10/0x10 [ 14.700375] ? ktime_get_ts64+0x86/0x230 [ 14.700414] kunit_try_run_case+0x1a5/0x480 [ 14.700440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.700462] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.700485] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.700510] ? __kthread_parkme+0x82/0x180 [ 14.700531] ? preempt_count_sub+0x50/0x80 [ 14.700555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.700580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.700614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.700638] kthread+0x337/0x6f0 [ 14.700659] ? trace_preempt_on+0x20/0xc0 [ 14.700689] ? __pfx_kthread+0x10/0x10 [ 14.700710] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.700732] ? calculate_sigpending+0x7b/0xa0 [ 14.700757] ? __pfx_kthread+0x10/0x10 [ 14.700779] ret_from_fork+0x116/0x1d0 [ 14.700798] ? __pfx_kthread+0x10/0x10 [ 14.700819] ret_from_fork_asm+0x1a/0x30 [ 14.700852] </TASK> [ 14.700863] [ 14.708270] Allocated by task 277: [ 14.708455] kasan_save_stack+0x45/0x70 [ 14.708720] kasan_save_track+0x18/0x40 [ 14.708928] kasan_save_alloc_info+0x3b/0x50 [ 14.709147] __kasan_kmalloc+0xb7/0xc0 [ 14.709320] __kmalloc_cache_noprof+0x189/0x420 [ 14.709549] kasan_strings+0xc0/0xe80 [ 14.709781] kunit_try_run_case+0x1a5/0x480 [ 14.709983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.710199] kthread+0x337/0x6f0 [ 14.710371] ret_from_fork+0x116/0x1d0 [ 14.710550] ret_from_fork_asm+0x1a/0x30 [ 14.710749] [ 14.710846] Freed by task 277: [ 14.710996] kasan_save_stack+0x45/0x70 [ 14.711142] kasan_save_track+0x18/0x40 [ 14.711333] kasan_save_free_info+0x3f/0x60 [ 14.711499] __kasan_slab_free+0x56/0x70 [ 14.711755] kfree+0x222/0x3f0 [ 14.711925] kasan_strings+0x2aa/0xe80 [ 14.712078] kunit_try_run_case+0x1a5/0x480 [ 14.712284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.712494] kthread+0x337/0x6f0 [ 14.712686] ret_from_fork+0x116/0x1d0 [ 14.712876] ret_from_fork_asm+0x1a/0x30 [ 14.713069] [ 14.713159] The buggy address belongs to the object at ffff8881039514c0 [ 14.713159] which belongs to the cache kmalloc-32 of size 32 [ 14.713588] The buggy address is located 16 bytes inside of [ 14.713588] freed 32-byte region [ffff8881039514c0, ffff8881039514e0) [ 14.714084] [ 14.714167] The buggy address belongs to the physical page: [ 14.714404] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103951 [ 14.714689] flags: 0x200000000000000(node=0|zone=2) [ 14.714936] page_type: f5(slab) [ 14.715139] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.715434] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.715782] page dumped because: kasan: bad access detected [ 14.716007] [ 14.716084] Memory state around the buggy address: [ 14.716299] ffff888103951380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.716603] ffff888103951400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.716891] >ffff888103951480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.717161] ^ [ 14.717383] ffff888103951500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.717730] ffff888103951580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.717951] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 14.678286] ================================================================== [ 14.678940] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 14.679440] Read of size 1 at addr ffff8881039514d0 by task kunit_try_catch/277 [ 14.679716] [ 14.679805] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.679850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.679862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.679884] Call Trace: [ 14.679901] <TASK> [ 14.679919] dump_stack_lvl+0x73/0xb0 [ 14.679948] print_report+0xd1/0x610 [ 14.679971] ? __virt_addr_valid+0x1db/0x2d0 [ 14.679995] ? strlen+0x8f/0xb0 [ 14.680013] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.680036] ? strlen+0x8f/0xb0 [ 14.680054] kasan_report+0x141/0x180 [ 14.680077] ? strlen+0x8f/0xb0 [ 14.680100] __asan_report_load1_noabort+0x18/0x20 [ 14.680124] strlen+0x8f/0xb0 [ 14.680144] kasan_strings+0x57b/0xe80 [ 14.680164] ? trace_hardirqs_on+0x37/0xe0 [ 14.680187] ? __pfx_kasan_strings+0x10/0x10 [ 14.680208] ? finish_task_switch.isra.0+0x153/0x700 [ 14.680230] ? __switch_to+0x47/0xf50 [ 14.680257] ? __schedule+0x10c6/0x2b60 [ 14.680280] ? __pfx_read_tsc+0x10/0x10 [ 14.680302] ? ktime_get_ts64+0x86/0x230 [ 14.680327] kunit_try_run_case+0x1a5/0x480 [ 14.680356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.680381] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.680419] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.680442] ? __kthread_parkme+0x82/0x180 [ 14.680465] ? preempt_count_sub+0x50/0x80 [ 14.680490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.680515] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.680538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.680563] kthread+0x337/0x6f0 [ 14.680585] ? trace_preempt_on+0x20/0xc0 [ 14.680618] ? __pfx_kthread+0x10/0x10 [ 14.680640] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.680662] ? calculate_sigpending+0x7b/0xa0 [ 14.680692] ? __pfx_kthread+0x10/0x10 [ 14.680714] ret_from_fork+0x116/0x1d0 [ 14.680733] ? __pfx_kthread+0x10/0x10 [ 14.680755] ret_from_fork_asm+0x1a/0x30 [ 14.680787] </TASK> [ 14.680798] [ 14.688024] Allocated by task 277: [ 14.688189] kasan_save_stack+0x45/0x70 [ 14.688336] kasan_save_track+0x18/0x40 [ 14.688484] kasan_save_alloc_info+0x3b/0x50 [ 14.688634] __kasan_kmalloc+0xb7/0xc0 [ 14.688829] __kmalloc_cache_noprof+0x189/0x420 [ 14.689053] kasan_strings+0xc0/0xe80 [ 14.689238] kunit_try_run_case+0x1a5/0x480 [ 14.689453] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.689861] kthread+0x337/0x6f0 [ 14.689985] ret_from_fork+0x116/0x1d0 [ 14.690118] ret_from_fork_asm+0x1a/0x30 [ 14.690318] [ 14.690427] Freed by task 277: [ 14.690589] kasan_save_stack+0x45/0x70 [ 14.690789] kasan_save_track+0x18/0x40 [ 14.690977] kasan_save_free_info+0x3f/0x60 [ 14.691153] __kasan_slab_free+0x56/0x70 [ 14.691332] kfree+0x222/0x3f0 [ 14.691496] kasan_strings+0x2aa/0xe80 [ 14.691693] kunit_try_run_case+0x1a5/0x480 [ 14.691876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.692095] kthread+0x337/0x6f0 [ 14.692255] ret_from_fork+0x116/0x1d0 [ 14.692410] ret_from_fork_asm+0x1a/0x30 [ 14.692617] [ 14.692700] The buggy address belongs to the object at ffff8881039514c0 [ 14.692700] which belongs to the cache kmalloc-32 of size 32 [ 14.693183] The buggy address is located 16 bytes inside of [ 14.693183] freed 32-byte region [ffff8881039514c0, ffff8881039514e0) [ 14.693541] [ 14.693661] The buggy address belongs to the physical page: [ 14.693920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103951 [ 14.694207] flags: 0x200000000000000(node=0|zone=2) [ 14.694372] page_type: f5(slab) [ 14.694504] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.695196] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.695548] page dumped because: kasan: bad access detected [ 14.695769] [ 14.695867] Memory state around the buggy address: [ 14.696058] ffff888103951380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.696358] ffff888103951400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.696682] >ffff888103951480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.696946] ^ [ 14.697202] ffff888103951500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.697493] ffff888103951580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.697783] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 14.650788] ================================================================== [ 14.651844] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 14.652091] Read of size 1 at addr ffff8881039514d0 by task kunit_try_catch/277 [ 14.652452] [ 14.652645] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.652697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.652722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.652742] Call Trace: [ 14.652759] <TASK> [ 14.652775] dump_stack_lvl+0x73/0xb0 [ 14.652805] print_report+0xd1/0x610 [ 14.652828] ? __virt_addr_valid+0x1db/0x2d0 [ 14.652852] ? kasan_strings+0xcbc/0xe80 [ 14.652873] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.652896] ? kasan_strings+0xcbc/0xe80 [ 14.652918] kasan_report+0x141/0x180 [ 14.652941] ? kasan_strings+0xcbc/0xe80 [ 14.652968] __asan_report_load1_noabort+0x18/0x20 [ 14.653003] kasan_strings+0xcbc/0xe80 [ 14.653023] ? trace_hardirqs_on+0x37/0xe0 [ 14.653048] ? __pfx_kasan_strings+0x10/0x10 [ 14.653080] ? finish_task_switch.isra.0+0x153/0x700 [ 14.653103] ? __switch_to+0x47/0xf50 [ 14.653129] ? __schedule+0x10c6/0x2b60 [ 14.653152] ? __pfx_read_tsc+0x10/0x10 [ 14.653173] ? ktime_get_ts64+0x86/0x230 [ 14.653198] kunit_try_run_case+0x1a5/0x480 [ 14.653223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.653246] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.653270] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.653294] ? __kthread_parkme+0x82/0x180 [ 14.653317] ? preempt_count_sub+0x50/0x80 [ 14.653342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.653366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.653390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.653424] kthread+0x337/0x6f0 [ 14.653445] ? trace_preempt_on+0x20/0xc0 [ 14.653468] ? __pfx_kthread+0x10/0x10 [ 14.653490] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.653512] ? calculate_sigpending+0x7b/0xa0 [ 14.653538] ? __pfx_kthread+0x10/0x10 [ 14.653560] ret_from_fork+0x116/0x1d0 [ 14.653579] ? __pfx_kthread+0x10/0x10 [ 14.653600] ret_from_fork_asm+0x1a/0x30 [ 14.653633] </TASK> [ 14.653644] [ 14.661589] Allocated by task 277: [ 14.661747] kasan_save_stack+0x45/0x70 [ 14.661962] kasan_save_track+0x18/0x40 [ 14.662159] kasan_save_alloc_info+0x3b/0x50 [ 14.662411] __kasan_kmalloc+0xb7/0xc0 [ 14.662618] __kmalloc_cache_noprof+0x189/0x420 [ 14.662822] kasan_strings+0xc0/0xe80 [ 14.662993] kunit_try_run_case+0x1a5/0x480 [ 14.663171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.663417] kthread+0x337/0x6f0 [ 14.663543] ret_from_fork+0x116/0x1d0 [ 14.663875] ret_from_fork_asm+0x1a/0x30 [ 14.665307] [ 14.665404] Freed by task 277: [ 14.665524] kasan_save_stack+0x45/0x70 [ 14.665898] kasan_save_track+0x18/0x40 [ 14.666288] kasan_save_free_info+0x3f/0x60 [ 14.666713] __kasan_slab_free+0x56/0x70 [ 14.667017] kfree+0x222/0x3f0 [ 14.667138] kasan_strings+0x2aa/0xe80 [ 14.667271] kunit_try_run_case+0x1a5/0x480 [ 14.667424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.667657] kthread+0x337/0x6f0 [ 14.668015] ret_from_fork+0x116/0x1d0 [ 14.668371] ret_from_fork_asm+0x1a/0x30 [ 14.668782] [ 14.668943] The buggy address belongs to the object at ffff8881039514c0 [ 14.668943] which belongs to the cache kmalloc-32 of size 32 [ 14.670024] The buggy address is located 16 bytes inside of [ 14.670024] freed 32-byte region [ffff8881039514c0, ffff8881039514e0) [ 14.670844] [ 14.670922] The buggy address belongs to the physical page: [ 14.671094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103951 [ 14.671334] flags: 0x200000000000000(node=0|zone=2) [ 14.671799] page_type: f5(slab) [ 14.672106] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.672803] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.673451] page dumped because: kasan: bad access detected [ 14.673964] [ 14.674130] Memory state around the buggy address: [ 14.674563] ffff888103951380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.675104] ffff888103951400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.675320] >ffff888103951480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.675543] ^ [ 14.676050] ffff888103951500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.676691] ffff888103951580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.677279] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 14.622716] ================================================================== [ 14.624218] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 14.624859] Read of size 1 at addr ffff8881039514d0 by task kunit_try_catch/277 [ 14.625534] [ 14.625736] CPU: 1 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.625784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.625797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.625819] Call Trace: [ 14.625834] <TASK> [ 14.625866] dump_stack_lvl+0x73/0xb0 [ 14.625897] print_report+0xd1/0x610 [ 14.625924] ? __virt_addr_valid+0x1db/0x2d0 [ 14.625963] ? strcmp+0xb0/0xc0 [ 14.625981] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.626005] ? strcmp+0xb0/0xc0 [ 14.626024] kasan_report+0x141/0x180 [ 14.626047] ? strcmp+0xb0/0xc0 [ 14.626070] __asan_report_load1_noabort+0x18/0x20 [ 14.626096] strcmp+0xb0/0xc0 [ 14.626116] kasan_strings+0x431/0xe80 [ 14.626136] ? trace_hardirqs_on+0x37/0xe0 [ 14.626162] ? __pfx_kasan_strings+0x10/0x10 [ 14.626183] ? finish_task_switch.isra.0+0x153/0x700 [ 14.626207] ? __switch_to+0x47/0xf50 [ 14.626236] ? __schedule+0x10c6/0x2b60 [ 14.626260] ? __pfx_read_tsc+0x10/0x10 [ 14.626282] ? ktime_get_ts64+0x86/0x230 [ 14.626308] kunit_try_run_case+0x1a5/0x480 [ 14.626335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.626358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.626384] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.626417] ? __kthread_parkme+0x82/0x180 [ 14.626439] ? preempt_count_sub+0x50/0x80 [ 14.626464] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.626489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.626513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.626538] kthread+0x337/0x6f0 [ 14.626558] ? trace_preempt_on+0x20/0xc0 [ 14.626581] ? __pfx_kthread+0x10/0x10 [ 14.626613] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.626635] ? calculate_sigpending+0x7b/0xa0 [ 14.626661] ? __pfx_kthread+0x10/0x10 [ 14.626684] ret_from_fork+0x116/0x1d0 [ 14.626703] ? __pfx_kthread+0x10/0x10 [ 14.626724] ret_from_fork_asm+0x1a/0x30 [ 14.626757] </TASK> [ 14.626769] [ 14.638596] Allocated by task 277: [ 14.638855] kasan_save_stack+0x45/0x70 [ 14.639162] kasan_save_track+0x18/0x40 [ 14.639542] kasan_save_alloc_info+0x3b/0x50 [ 14.639740] __kasan_kmalloc+0xb7/0xc0 [ 14.640005] __kmalloc_cache_noprof+0x189/0x420 [ 14.640364] kasan_strings+0xc0/0xe80 [ 14.640683] kunit_try_run_case+0x1a5/0x480 [ 14.640997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.641377] kthread+0x337/0x6f0 [ 14.641510] ret_from_fork+0x116/0x1d0 [ 14.641784] ret_from_fork_asm+0x1a/0x30 [ 14.642163] [ 14.642337] Freed by task 277: [ 14.642669] kasan_save_stack+0x45/0x70 [ 14.642958] kasan_save_track+0x18/0x40 [ 14.643241] kasan_save_free_info+0x3f/0x60 [ 14.643403] __kasan_slab_free+0x56/0x70 [ 14.643576] kfree+0x222/0x3f0 [ 14.643768] kasan_strings+0x2aa/0xe80 [ 14.643955] kunit_try_run_case+0x1a5/0x480 [ 14.644131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.644371] kthread+0x337/0x6f0 [ 14.644555] ret_from_fork+0x116/0x1d0 [ 14.644730] ret_from_fork_asm+0x1a/0x30 [ 14.644932] [ 14.645041] The buggy address belongs to the object at ffff8881039514c0 [ 14.645041] which belongs to the cache kmalloc-32 of size 32 [ 14.645507] The buggy address is located 16 bytes inside of [ 14.645507] freed 32-byte region [ffff8881039514c0, ffff8881039514e0) [ 14.645970] [ 14.646055] The buggy address belongs to the physical page: [ 14.646333] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103951 [ 14.646700] flags: 0x200000000000000(node=0|zone=2) [ 14.646913] page_type: f5(slab) [ 14.647086] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.647463] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.647818] page dumped because: kasan: bad access detected [ 14.648062] [ 14.648161] Memory state around the buggy address: [ 14.648384] ffff888103951380: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.648734] ffff888103951400: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.649032] >ffff888103951480: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.649341] ^ [ 14.649620] ffff888103951500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.649925] ffff888103951580: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.650213] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 14.587547] ================================================================== [ 14.588133] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.588829] Read of size 1 at addr ffff888103951458 by task kunit_try_catch/275 [ 14.589609] [ 14.589851] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.589968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.589982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.590003] Call Trace: [ 14.590017] <TASK> [ 14.590037] dump_stack_lvl+0x73/0xb0 [ 14.590070] print_report+0xd1/0x610 [ 14.590096] ? __virt_addr_valid+0x1db/0x2d0 [ 14.590121] ? memcmp+0x1b4/0x1d0 [ 14.590141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.590164] ? memcmp+0x1b4/0x1d0 [ 14.590184] kasan_report+0x141/0x180 [ 14.590206] ? memcmp+0x1b4/0x1d0 [ 14.590232] __asan_report_load1_noabort+0x18/0x20 [ 14.590256] memcmp+0x1b4/0x1d0 [ 14.590278] kasan_memcmp+0x18f/0x390 [ 14.590298] ? trace_hardirqs_on+0x37/0xe0 [ 14.590324] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.590345] ? finish_task_switch.isra.0+0x153/0x700 [ 14.590368] ? __switch_to+0x47/0xf50 [ 14.590412] ? __pfx_read_tsc+0x10/0x10 [ 14.590434] ? ktime_get_ts64+0x86/0x230 [ 14.590459] kunit_try_run_case+0x1a5/0x480 [ 14.590486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.590509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.590533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.590558] ? __kthread_parkme+0x82/0x180 [ 14.590580] ? preempt_count_sub+0x50/0x80 [ 14.590607] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.590632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.590656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.590680] kthread+0x337/0x6f0 [ 14.590700] ? trace_preempt_on+0x20/0xc0 [ 14.590722] ? __pfx_kthread+0x10/0x10 [ 14.590744] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.590766] ? calculate_sigpending+0x7b/0xa0 [ 14.590792] ? __pfx_kthread+0x10/0x10 [ 14.590814] ret_from_fork+0x116/0x1d0 [ 14.590834] ? __pfx_kthread+0x10/0x10 [ 14.590855] ret_from_fork_asm+0x1a/0x30 [ 14.590889] </TASK> [ 14.590900] [ 14.604218] Allocated by task 275: [ 14.604497] kasan_save_stack+0x45/0x70 [ 14.604694] kasan_save_track+0x18/0x40 [ 14.604935] kasan_save_alloc_info+0x3b/0x50 [ 14.605304] __kasan_kmalloc+0xb7/0xc0 [ 14.605582] __kmalloc_cache_noprof+0x189/0x420 [ 14.605846] kasan_memcmp+0xb7/0x390 [ 14.606006] kunit_try_run_case+0x1a5/0x480 [ 14.606326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.606665] kthread+0x337/0x6f0 [ 14.606804] ret_from_fork+0x116/0x1d0 [ 14.606939] ret_from_fork_asm+0x1a/0x30 [ 14.607191] [ 14.607574] The buggy address belongs to the object at ffff888103951440 [ 14.607574] which belongs to the cache kmalloc-32 of size 32 [ 14.608084] The buggy address is located 0 bytes to the right of [ 14.608084] allocated 24-byte region [ffff888103951440, ffff888103951458) [ 14.608554] [ 14.608801] The buggy address belongs to the physical page: [ 14.609136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103951 [ 14.609799] flags: 0x200000000000000(node=0|zone=2) [ 14.610057] page_type: f5(slab) [ 14.610332] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.610728] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.611008] page dumped because: kasan: bad access detected [ 14.611268] [ 14.611475] Memory state around the buggy address: [ 14.611806] ffff888103951300: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.612074] ffff888103951380: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.612577] >ffff888103951400: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.613150] ^ [ 14.613606] ffff888103951480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.613956] ffff888103951500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.614379] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 14.551804] ================================================================== [ 14.552347] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 14.552781] Read of size 1 at addr ffff8881038e7c4a by task kunit_try_catch/271 [ 14.554147] [ 14.554250] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.554298] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.554310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.554332] Call Trace: [ 14.554347] <TASK> [ 14.554366] dump_stack_lvl+0x73/0xb0 [ 14.554414] print_report+0xd1/0x610 [ 14.554438] ? __virt_addr_valid+0x1db/0x2d0 [ 14.554463] ? kasan_alloca_oob_right+0x329/0x390 [ 14.554486] ? kasan_addr_to_slab+0x11/0xa0 [ 14.554507] ? kasan_alloca_oob_right+0x329/0x390 [ 14.554530] kasan_report+0x141/0x180 [ 14.554552] ? kasan_alloca_oob_right+0x329/0x390 [ 14.554581] __asan_report_load1_noabort+0x18/0x20 [ 14.554605] kasan_alloca_oob_right+0x329/0x390 [ 14.554628] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.554652] ? finish_task_switch.isra.0+0x153/0x700 [ 14.554676] ? rt_mutex_adjust_prio_chain+0x195e/0x20e0 [ 14.554699] ? trace_hardirqs_on+0x37/0xe0 [ 14.554725] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 14.554751] ? __schedule+0x10c6/0x2b60 [ 14.554773] ? __pfx_read_tsc+0x10/0x10 [ 14.554794] ? ktime_get_ts64+0x86/0x230 [ 14.554819] kunit_try_run_case+0x1a5/0x480 [ 14.554847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.554870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.554894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.554918] ? __kthread_parkme+0x82/0x180 [ 14.554939] ? preempt_count_sub+0x50/0x80 [ 14.554964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.554989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.555012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.555049] kthread+0x337/0x6f0 [ 14.555069] ? trace_preempt_on+0x20/0xc0 [ 14.555091] ? __pfx_kthread+0x10/0x10 [ 14.555112] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.555210] ? calculate_sigpending+0x7b/0xa0 [ 14.555237] ? __pfx_kthread+0x10/0x10 [ 14.555299] ret_from_fork+0x116/0x1d0 [ 14.555321] ? __pfx_kthread+0x10/0x10 [ 14.555343] ret_from_fork_asm+0x1a/0x30 [ 14.555387] </TASK> [ 14.555408] [ 14.570881] The buggy address belongs to stack of task kunit_try_catch/271 [ 14.571496] [ 14.571577] The buggy address belongs to the physical page: [ 14.571756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e7 [ 14.572003] flags: 0x200000000000000(node=0|zone=2) [ 14.572646] raw: 0200000000000000 ffffea00040e39c8 ffffea00040e39c8 0000000000000000 [ 14.573440] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.574182] page dumped because: kasan: bad access detected [ 14.574886] [ 14.575131] Memory state around the buggy address: [ 14.575602] ffff8881038e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.575827] ffff8881038e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.576046] >ffff8881038e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 14.576261] ^ [ 14.576580] ffff8881038e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 14.577331] ffff8881038e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.578102] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 14.532305] ================================================================== [ 14.532859] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 14.533171] Read of size 1 at addr ffff888103a07c3f by task kunit_try_catch/269 [ 14.533571] [ 14.533723] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.533767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.533779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.533801] Call Trace: [ 14.533813] <TASK> [ 14.533829] dump_stack_lvl+0x73/0xb0 [ 14.533858] print_report+0xd1/0x610 [ 14.533881] ? __virt_addr_valid+0x1db/0x2d0 [ 14.533904] ? kasan_alloca_oob_left+0x320/0x380 [ 14.533926] ? kasan_addr_to_slab+0x11/0xa0 [ 14.533967] ? kasan_alloca_oob_left+0x320/0x380 [ 14.533990] kasan_report+0x141/0x180 [ 14.534012] ? kasan_alloca_oob_left+0x320/0x380 [ 14.534040] __asan_report_load1_noabort+0x18/0x20 [ 14.534064] kasan_alloca_oob_left+0x320/0x380 [ 14.534171] ? pick_task_fair+0xc9/0x340 [ 14.534205] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 14.534229] ? trace_hardirqs_on+0x37/0xe0 [ 14.534254] ? __schedule+0x2079/0x2b60 [ 14.534277] ? __pfx_read_tsc+0x10/0x10 [ 14.534321] ? ktime_get_ts64+0x86/0x230 [ 14.534346] kunit_try_run_case+0x1a5/0x480 [ 14.534372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.534405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.534430] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.534453] ? __kthread_parkme+0x82/0x180 [ 14.534474] ? preempt_count_sub+0x50/0x80 [ 14.534498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.534522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.534546] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.534571] kthread+0x337/0x6f0 [ 14.534589] ? trace_preempt_on+0x20/0xc0 [ 14.534612] ? __pfx_kthread+0x10/0x10 [ 14.534633] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.534655] ? calculate_sigpending+0x7b/0xa0 [ 14.534678] ? __pfx_kthread+0x10/0x10 [ 14.534701] ret_from_fork+0x116/0x1d0 [ 14.534719] ? __pfx_kthread+0x10/0x10 [ 14.534740] ret_from_fork_asm+0x1a/0x30 [ 14.534773] </TASK> [ 14.534783] [ 14.543526] The buggy address belongs to stack of task kunit_try_catch/269 [ 14.543993] [ 14.544114] The buggy address belongs to the physical page: [ 14.544352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a07 [ 14.544622] flags: 0x200000000000000(node=0|zone=2) [ 14.544897] raw: 0200000000000000 ffffea00040e81c8 ffffea00040e81c8 0000000000000000 [ 14.545590] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.545951] page dumped because: kasan: bad access detected [ 14.546247] [ 14.546344] Memory state around the buggy address: [ 14.546566] ffff888103a07b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.546902] ffff888103a07b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.547113] >ffff888103a07c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 14.547322] ^ [ 14.547801] ffff888103a07c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 14.548277] ffff888103a07d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.548674] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 14.488638] ================================================================== [ 14.489177] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 14.489729] Read of size 1 at addr ffffffff97e63e8d by task kunit_try_catch/263 [ 14.490015] [ 14.490164] CPU: 1 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.490214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.490226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.490248] Call Trace: [ 14.490262] <TASK> [ 14.490280] dump_stack_lvl+0x73/0xb0 [ 14.490316] print_report+0xd1/0x610 [ 14.490340] ? __virt_addr_valid+0x1db/0x2d0 [ 14.490365] ? kasan_global_oob_right+0x286/0x2d0 [ 14.490387] ? kasan_addr_to_slab+0x11/0xa0 [ 14.490422] ? kasan_global_oob_right+0x286/0x2d0 [ 14.490444] kasan_report+0x141/0x180 [ 14.490466] ? kasan_global_oob_right+0x286/0x2d0 [ 14.490494] __asan_report_load1_noabort+0x18/0x20 [ 14.490518] kasan_global_oob_right+0x286/0x2d0 [ 14.490540] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 14.490565] ? __schedule+0x10c6/0x2b60 [ 14.490589] ? __pfx_read_tsc+0x10/0x10 [ 14.490623] ? ktime_get_ts64+0x86/0x230 [ 14.490651] kunit_try_run_case+0x1a5/0x480 [ 14.490677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.490699] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.490724] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.490748] ? __kthread_parkme+0x82/0x180 [ 14.490770] ? preempt_count_sub+0x50/0x80 [ 14.490796] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.490820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.490844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.490868] kthread+0x337/0x6f0 [ 14.490888] ? trace_preempt_on+0x20/0xc0 [ 14.490912] ? __pfx_kthread+0x10/0x10 [ 14.490934] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.490955] ? calculate_sigpending+0x7b/0xa0 [ 14.490981] ? __pfx_kthread+0x10/0x10 [ 14.491003] ret_from_fork+0x116/0x1d0 [ 14.491022] ? __pfx_kthread+0x10/0x10 [ 14.491043] ret_from_fork_asm+0x1a/0x30 [ 14.491076] </TASK> [ 14.491087] [ 14.497989] The buggy address belongs to the variable: [ 14.498248] global_array+0xd/0x40 [ 14.498455] [ 14.498575] The buggy address belongs to the physical page: [ 14.498807] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x23c63 [ 14.499140] flags: 0x100000000002000(reserved|node=0|zone=1) [ 14.499383] raw: 0100000000002000 ffffea00008f18c8 ffffea00008f18c8 0000000000000000 [ 14.499779] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.500089] page dumped because: kasan: bad access detected [ 14.500326] [ 14.500409] Memory state around the buggy address: [ 14.500643] ffffffff97e63d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.500910] ffffffff97e63e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.501127] >ffffffff97e63e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 14.501403] ^ [ 14.501576] ffffffff97e63f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 14.501893] ffffffff97e63f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 14.502120] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 14.427626] ================================================================== [ 14.428546] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.429508] Free of addr ffff888101bc1d01 by task kunit_try_catch/259 [ 14.430025] [ 14.430231] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.430279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.430292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.430314] Call Trace: [ 14.430330] <TASK> [ 14.430348] dump_stack_lvl+0x73/0xb0 [ 14.430413] print_report+0xd1/0x610 [ 14.430437] ? __virt_addr_valid+0x1db/0x2d0 [ 14.430463] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.430485] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430511] kasan_report_invalid_free+0x10a/0x130 [ 14.430536] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430563] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430594] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430619] check_slab_allocation+0x11f/0x130 [ 14.430642] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.430667] mempool_free+0x2ec/0x380 [ 14.430695] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.430721] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.430750] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.430774] ? finish_task_switch.isra.0+0x153/0x700 [ 14.430801] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.430825] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.430852] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.430875] ? __pfx_mempool_kfree+0x10/0x10 [ 14.430901] ? __pfx_read_tsc+0x10/0x10 [ 14.430924] ? ktime_get_ts64+0x86/0x230 [ 14.430949] kunit_try_run_case+0x1a5/0x480 [ 14.430974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.430998] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.431022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.431046] ? __kthread_parkme+0x82/0x180 [ 14.431068] ? preempt_count_sub+0x50/0x80 [ 14.431092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.431117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.431140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.431164] kthread+0x337/0x6f0 [ 14.431184] ? trace_preempt_on+0x20/0xc0 [ 14.431208] ? __pfx_kthread+0x10/0x10 [ 14.431229] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.431253] ? calculate_sigpending+0x7b/0xa0 [ 14.431278] ? __pfx_kthread+0x10/0x10 [ 14.431301] ret_from_fork+0x116/0x1d0 [ 14.431319] ? __pfx_kthread+0x10/0x10 [ 14.431340] ret_from_fork_asm+0x1a/0x30 [ 14.431373] </TASK> [ 14.431385] [ 14.445589] Allocated by task 259: [ 14.445733] kasan_save_stack+0x45/0x70 [ 14.445887] kasan_save_track+0x18/0x40 [ 14.446122] kasan_save_alloc_info+0x3b/0x50 [ 14.446519] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.447054] remove_element+0x11e/0x190 [ 14.447422] mempool_alloc_preallocated+0x4d/0x90 [ 14.447870] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.448502] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.449189] kunit_try_run_case+0x1a5/0x480 [ 14.449594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.449988] kthread+0x337/0x6f0 [ 14.450257] ret_from_fork+0x116/0x1d0 [ 14.450622] ret_from_fork_asm+0x1a/0x30 [ 14.450935] [ 14.451012] The buggy address belongs to the object at ffff888101bc1d00 [ 14.451012] which belongs to the cache kmalloc-128 of size 128 [ 14.451877] The buggy address is located 1 bytes inside of [ 14.451877] 128-byte region [ffff888101bc1d00, ffff888101bc1d80) [ 14.452615] [ 14.452790] The buggy address belongs to the physical page: [ 14.453436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 14.454205] flags: 0x200000000000000(node=0|zone=2) [ 14.454382] page_type: f5(slab) [ 14.454520] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.455031] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.455760] page dumped because: kasan: bad access detected [ 14.456316] [ 14.456488] Memory state around the buggy address: [ 14.456939] ffff888101bc1c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.457384] ffff888101bc1c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.457884] >ffff888101bc1d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.458368] ^ [ 14.458696] ffff888101bc1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.459473] ffff888101bc1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.459985] ================================================================== [ 14.465650] ================================================================== [ 14.466166] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.466451] Free of addr ffff888103920001 by task kunit_try_catch/261 [ 14.466700] [ 14.466793] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.466841] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.466853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.466876] Call Trace: [ 14.466890] <TASK> [ 14.466911] dump_stack_lvl+0x73/0xb0 [ 14.466945] print_report+0xd1/0x610 [ 14.466969] ? __virt_addr_valid+0x1db/0x2d0 [ 14.466995] ? kasan_addr_to_slab+0x11/0xa0 [ 14.467016] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467044] kasan_report_invalid_free+0x10a/0x130 [ 14.467069] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467098] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467123] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.467148] mempool_free+0x2ec/0x380 [ 14.467176] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.467202] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.467227] ? update_load_avg+0x1be/0x21b0 [ 14.467252] ? dequeue_entities+0x27e/0x1740 [ 14.467279] ? finish_task_switch.isra.0+0x153/0x700 [ 14.467305] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.467331] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.467359] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.467382] ? __pfx_mempool_kfree+0x10/0x10 [ 14.467421] ? __pfx_read_tsc+0x10/0x10 [ 14.467444] ? ktime_get_ts64+0x86/0x230 [ 14.467470] kunit_try_run_case+0x1a5/0x480 [ 14.467496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.467546] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.467569] ? __kthread_parkme+0x82/0x180 [ 14.467591] ? preempt_count_sub+0x50/0x80 [ 14.467616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.467666] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.467690] kthread+0x337/0x6f0 [ 14.467711] ? trace_preempt_on+0x20/0xc0 [ 14.467737] ? __pfx_kthread+0x10/0x10 [ 14.467759] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.467780] ? calculate_sigpending+0x7b/0xa0 [ 14.467805] ? __pfx_kthread+0x10/0x10 [ 14.467828] ret_from_fork+0x116/0x1d0 [ 14.467847] ? __pfx_kthread+0x10/0x10 [ 14.467868] ret_from_fork_asm+0x1a/0x30 [ 14.467900] </TASK> [ 14.467912] [ 14.477087] The buggy address belongs to the physical page: [ 14.477366] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 14.477775] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.478176] flags: 0x200000000000040(head|node=0|zone=2) [ 14.478367] page_type: f8(unknown) [ 14.478509] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.478744] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.479050] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.479392] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.479995] head: 0200000000000002 ffffea00040e4801 00000000ffffffff 00000000ffffffff [ 14.480301] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.480545] page dumped because: kasan: bad access detected [ 14.480940] [ 14.481040] Memory state around the buggy address: [ 14.481499] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.481872] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.482142] >ffff888103920000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.482548] ^ [ 14.482670] ffff888103920080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.482885] ffff888103920100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.483364] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 14.362762] ================================================================== [ 14.363486] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.364384] Free of addr ffff8881038b4000 by task kunit_try_catch/255 [ 14.364871] [ 14.364998] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.365049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.365062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.365085] Call Trace: [ 14.365099] <TASK> [ 14.365117] dump_stack_lvl+0x73/0xb0 [ 14.365150] print_report+0xd1/0x610 [ 14.365344] ? __virt_addr_valid+0x1db/0x2d0 [ 14.365373] ? kasan_addr_to_slab+0x11/0xa0 [ 14.365408] ? mempool_double_free_helper+0x184/0x370 [ 14.365433] kasan_report_invalid_free+0x10a/0x130 [ 14.365458] ? mempool_double_free_helper+0x184/0x370 [ 14.365519] ? mempool_double_free_helper+0x184/0x370 [ 14.365542] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.365567] mempool_free+0x2ec/0x380 [ 14.365612] mempool_double_free_helper+0x184/0x370 [ 14.365638] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.365663] ? __kasan_check_write+0x18/0x20 [ 14.365683] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.365706] ? finish_task_switch.isra.0+0x153/0x700 [ 14.365733] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.365757] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.365785] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.365807] ? __pfx_mempool_kfree+0x10/0x10 [ 14.365833] ? __pfx_read_tsc+0x10/0x10 [ 14.365854] ? ktime_get_ts64+0x86/0x230 [ 14.365880] kunit_try_run_case+0x1a5/0x480 [ 14.365906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.365929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.365953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.365977] ? __kthread_parkme+0x82/0x180 [ 14.365997] ? preempt_count_sub+0x50/0x80 [ 14.366021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.366045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.366068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.366092] kthread+0x337/0x6f0 [ 14.366112] ? trace_preempt_on+0x20/0xc0 [ 14.366136] ? __pfx_kthread+0x10/0x10 [ 14.366156] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.366178] ? calculate_sigpending+0x7b/0xa0 [ 14.366203] ? __pfx_kthread+0x10/0x10 [ 14.366224] ret_from_fork+0x116/0x1d0 [ 14.366243] ? __pfx_kthread+0x10/0x10 [ 14.366263] ret_from_fork_asm+0x1a/0x30 [ 14.366296] </TASK> [ 14.366306] [ 14.380789] The buggy address belongs to the physical page: [ 14.381329] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038b4 [ 14.381811] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.382531] flags: 0x200000000000040(head|node=0|zone=2) [ 14.382829] page_type: f8(unknown) [ 14.383006] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.383311] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.384015] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.384557] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.385200] head: 0200000000000002 ffffea00040e2d01 00000000ffffffff 00000000ffffffff [ 14.385884] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.386404] page dumped because: kasan: bad access detected [ 14.386938] [ 14.387186] Memory state around the buggy address: [ 14.387625] ffff8881038b3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.388331] ffff8881038b3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.388861] >ffff8881038b4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.389474] ^ [ 14.389802] ffff8881038b4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.390325] ffff8881038b4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.390792] ================================================================== [ 14.318586] ================================================================== [ 14.319818] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.320562] Free of addr ffff888101bc1900 by task kunit_try_catch/253 [ 14.321237] [ 14.321337] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.321384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.321411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.321434] Call Trace: [ 14.321447] <TASK> [ 14.321464] dump_stack_lvl+0x73/0xb0 [ 14.321495] print_report+0xd1/0x610 [ 14.321517] ? __virt_addr_valid+0x1db/0x2d0 [ 14.321544] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.321566] ? mempool_double_free_helper+0x184/0x370 [ 14.321602] kasan_report_invalid_free+0x10a/0x130 [ 14.321627] ? mempool_double_free_helper+0x184/0x370 [ 14.321653] ? mempool_double_free_helper+0x184/0x370 [ 14.321676] ? mempool_double_free_helper+0x184/0x370 [ 14.321722] check_slab_allocation+0x101/0x130 [ 14.321769] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.321794] mempool_free+0x2ec/0x380 [ 14.321823] mempool_double_free_helper+0x184/0x370 [ 14.321860] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.321889] ? finish_task_switch.isra.0+0x153/0x700 [ 14.321928] mempool_kmalloc_double_free+0xed/0x140 [ 14.321953] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.321981] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.322004] ? __pfx_mempool_kfree+0x10/0x10 [ 14.322030] ? __pfx_read_tsc+0x10/0x10 [ 14.322052] ? ktime_get_ts64+0x86/0x230 [ 14.322077] kunit_try_run_case+0x1a5/0x480 [ 14.322104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.322126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.322151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.322175] ? __kthread_parkme+0x82/0x180 [ 14.322196] ? preempt_count_sub+0x50/0x80 [ 14.322221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.322245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.322269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.322292] kthread+0x337/0x6f0 [ 14.322312] ? trace_preempt_on+0x20/0xc0 [ 14.322336] ? __pfx_kthread+0x10/0x10 [ 14.322356] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.322378] ? calculate_sigpending+0x7b/0xa0 [ 14.322412] ? __pfx_kthread+0x10/0x10 [ 14.322434] ret_from_fork+0x116/0x1d0 [ 14.322454] ? __pfx_kthread+0x10/0x10 [ 14.322475] ret_from_fork_asm+0x1a/0x30 [ 14.322507] </TASK> [ 14.322518] [ 14.338866] Allocated by task 253: [ 14.339012] kasan_save_stack+0x45/0x70 [ 14.339520] kasan_save_track+0x18/0x40 [ 14.340002] kasan_save_alloc_info+0x3b/0x50 [ 14.340578] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.340940] remove_element+0x11e/0x190 [ 14.341306] mempool_alloc_preallocated+0x4d/0x90 [ 14.341790] mempool_double_free_helper+0x8a/0x370 [ 14.341955] mempool_kmalloc_double_free+0xed/0x140 [ 14.342501] kunit_try_run_case+0x1a5/0x480 [ 14.342945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.343501] kthread+0x337/0x6f0 [ 14.343849] ret_from_fork+0x116/0x1d0 [ 14.343988] ret_from_fork_asm+0x1a/0x30 [ 14.344365] [ 14.344580] Freed by task 253: [ 14.344977] kasan_save_stack+0x45/0x70 [ 14.345388] kasan_save_track+0x18/0x40 [ 14.345717] kasan_save_free_info+0x3f/0x60 [ 14.345873] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.346213] mempool_free+0x2ec/0x380 [ 14.346626] mempool_double_free_helper+0x109/0x370 [ 14.347156] mempool_kmalloc_double_free+0xed/0x140 [ 14.347633] kunit_try_run_case+0x1a5/0x480 [ 14.348011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.348187] kthread+0x337/0x6f0 [ 14.348306] ret_from_fork+0x116/0x1d0 [ 14.348461] ret_from_fork_asm+0x1a/0x30 [ 14.348915] [ 14.349080] The buggy address belongs to the object at ffff888101bc1900 [ 14.349080] which belongs to the cache kmalloc-128 of size 128 [ 14.350456] The buggy address is located 0 bytes inside of [ 14.350456] 128-byte region [ffff888101bc1900, ffff888101bc1980) [ 14.351278] [ 14.351510] The buggy address belongs to the physical page: [ 14.352143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 14.352880] flags: 0x200000000000000(node=0|zone=2) [ 14.353316] page_type: f5(slab) [ 14.353470] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.353985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.354791] page dumped because: kasan: bad access detected [ 14.355414] [ 14.355574] Memory state around the buggy address: [ 14.355928] ffff888101bc1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.356466] ffff888101bc1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.357140] >ffff888101bc1900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.357795] ^ [ 14.358143] ffff888101bc1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.358515] ffff888101bc1a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.359199] ================================================================== [ 14.394558] ================================================================== [ 14.395004] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.395908] Free of addr ffff888103920000 by task kunit_try_catch/257 [ 14.396897] [ 14.397089] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.397139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.397152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.397175] Call Trace: [ 14.397190] <TASK> [ 14.397208] dump_stack_lvl+0x73/0xb0 [ 14.397243] print_report+0xd1/0x610 [ 14.397266] ? __virt_addr_valid+0x1db/0x2d0 [ 14.397293] ? kasan_addr_to_slab+0x11/0xa0 [ 14.397313] ? mempool_double_free_helper+0x184/0x370 [ 14.397338] kasan_report_invalid_free+0x10a/0x130 [ 14.397363] ? mempool_double_free_helper+0x184/0x370 [ 14.397391] ? mempool_double_free_helper+0x184/0x370 [ 14.397429] __kasan_mempool_poison_pages+0x115/0x130 [ 14.397496] mempool_free+0x290/0x380 [ 14.397527] mempool_double_free_helper+0x184/0x370 [ 14.397558] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.397583] ? __kasan_check_write+0x18/0x20 [ 14.397603] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.397627] ? finish_task_switch.isra.0+0x153/0x700 [ 14.397653] mempool_page_alloc_double_free+0xe8/0x140 [ 14.397679] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.397708] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.397733] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.397760] ? __pfx_read_tsc+0x10/0x10 [ 14.397782] ? ktime_get_ts64+0x86/0x230 [ 14.397808] kunit_try_run_case+0x1a5/0x480 [ 14.397835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.397858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.397882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.397907] ? __kthread_parkme+0x82/0x180 [ 14.397929] ? preempt_count_sub+0x50/0x80 [ 14.397953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.397977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.398001] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.398025] kthread+0x337/0x6f0 [ 14.398045] ? trace_preempt_on+0x20/0xc0 [ 14.398070] ? __pfx_kthread+0x10/0x10 [ 14.398091] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.398113] ? calculate_sigpending+0x7b/0xa0 [ 14.398139] ? __pfx_kthread+0x10/0x10 [ 14.398161] ret_from_fork+0x116/0x1d0 [ 14.398179] ? __pfx_kthread+0x10/0x10 [ 14.398200] ret_from_fork_asm+0x1a/0x30 [ 14.398233] </TASK> [ 14.398244] [ 14.415646] The buggy address belongs to the physical page: [ 14.416218] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 14.416485] flags: 0x200000000000000(node=0|zone=2) [ 14.416692] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.417813] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.418869] page dumped because: kasan: bad access detected [ 14.419505] [ 14.419588] Memory state around the buggy address: [ 14.419747] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.419964] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.420611] >ffff888103920000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.421125] ^ [ 14.421544] ffff888103920080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.422058] ffff888103920100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.422807] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 14.208645] ================================================================== [ 14.209320] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.209566] Read of size 1 at addr ffff888103920000 by task kunit_try_catch/247 [ 14.209795] [ 14.209888] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.209936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.209948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.209971] Call Trace: [ 14.209983] <TASK> [ 14.210001] dump_stack_lvl+0x73/0xb0 [ 14.210032] print_report+0xd1/0x610 [ 14.210055] ? __virt_addr_valid+0x1db/0x2d0 [ 14.210089] ? mempool_uaf_helper+0x392/0x400 [ 14.210111] ? kasan_addr_to_slab+0x11/0xa0 [ 14.210132] ? mempool_uaf_helper+0x392/0x400 [ 14.210155] kasan_report+0x141/0x180 [ 14.210178] ? mempool_uaf_helper+0x392/0x400 [ 14.210206] __asan_report_load1_noabort+0x18/0x20 [ 14.210231] mempool_uaf_helper+0x392/0x400 [ 14.210255] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.210277] ? update_load_avg+0x1be/0x21b0 [ 14.210307] ? finish_task_switch.isra.0+0x153/0x700 [ 14.210333] mempool_kmalloc_large_uaf+0xef/0x140 [ 14.210357] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 14.211051] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.211088] ? __pfx_mempool_kfree+0x10/0x10 [ 14.211115] ? __pfx_read_tsc+0x10/0x10 [ 14.211136] ? ktime_get_ts64+0x86/0x230 [ 14.211164] kunit_try_run_case+0x1a5/0x480 [ 14.211190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.211213] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.211237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.211261] ? __kthread_parkme+0x82/0x180 [ 14.211282] ? preempt_count_sub+0x50/0x80 [ 14.211305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.211329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.211353] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.211377] kthread+0x337/0x6f0 [ 14.211406] ? trace_preempt_on+0x20/0xc0 [ 14.211430] ? __pfx_kthread+0x10/0x10 [ 14.211451] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.211472] ? calculate_sigpending+0x7b/0xa0 [ 14.211496] ? __pfx_kthread+0x10/0x10 [ 14.211519] ret_from_fork+0x116/0x1d0 [ 14.211538] ? __pfx_kthread+0x10/0x10 [ 14.211560] ret_from_fork_asm+0x1a/0x30 [ 14.211592] </TASK> [ 14.211603] [ 14.231482] The buggy address belongs to the physical page: [ 14.232268] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 14.232901] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.233503] flags: 0x200000000000040(head|node=0|zone=2) [ 14.234178] page_type: f8(unknown) [ 14.234554] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.234893] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.235204] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.235525] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.235843] head: 0200000000000002 ffffea00040e4801 00000000ffffffff 00000000ffffffff [ 14.236168] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.236897] page dumped because: kasan: bad access detected [ 14.237598] [ 14.237833] Memory state around the buggy address: [ 14.238311] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.238779] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.239377] >ffff888103920000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.239849] ^ [ 14.240327] ffff888103920080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.240909] ffff888103920100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.241654] ================================================================== [ 14.288866] ================================================================== [ 14.289550] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.290688] Read of size 1 at addr ffff888103920000 by task kunit_try_catch/251 [ 14.291813] [ 14.292087] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.292140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.292153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.292176] Call Trace: [ 14.292190] <TASK> [ 14.292208] dump_stack_lvl+0x73/0xb0 [ 14.292240] print_report+0xd1/0x610 [ 14.292263] ? __virt_addr_valid+0x1db/0x2d0 [ 14.292288] ? mempool_uaf_helper+0x392/0x400 [ 14.292310] ? kasan_addr_to_slab+0x11/0xa0 [ 14.292330] ? mempool_uaf_helper+0x392/0x400 [ 14.292353] kasan_report+0x141/0x180 [ 14.292375] ? mempool_uaf_helper+0x392/0x400 [ 14.292414] __asan_report_load1_noabort+0x18/0x20 [ 14.292439] mempool_uaf_helper+0x392/0x400 [ 14.292462] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.292486] ? __kasan_check_write+0x18/0x20 [ 14.292506] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.292575] ? finish_task_switch.isra.0+0x153/0x700 [ 14.292604] mempool_page_alloc_uaf+0xed/0x140 [ 14.292641] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 14.292694] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.292721] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.292748] ? __pfx_read_tsc+0x10/0x10 [ 14.292769] ? ktime_get_ts64+0x86/0x230 [ 14.292796] kunit_try_run_case+0x1a5/0x480 [ 14.292821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.292843] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.292867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.292890] ? __kthread_parkme+0x82/0x180 [ 14.292911] ? preempt_count_sub+0x50/0x80 [ 14.292934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.292959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.292982] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.293005] kthread+0x337/0x6f0 [ 14.293038] ? trace_preempt_on+0x20/0xc0 [ 14.293062] ? __pfx_kthread+0x10/0x10 [ 14.293083] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.293103] ? calculate_sigpending+0x7b/0xa0 [ 14.293128] ? __pfx_kthread+0x10/0x10 [ 14.293150] ret_from_fork+0x116/0x1d0 [ 14.293169] ? __pfx_kthread+0x10/0x10 [ 14.293190] ret_from_fork_asm+0x1a/0x30 [ 14.293222] </TASK> [ 14.293233] [ 14.307796] The buggy address belongs to the physical page: [ 14.307986] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103920 [ 14.308952] flags: 0x200000000000000(node=0|zone=2) [ 14.309543] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.310001] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.310728] page dumped because: kasan: bad access detected [ 14.310902] [ 14.310973] Memory state around the buggy address: [ 14.311425] ffff88810391ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.312166] ffff88810391ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.312893] >ffff888103920000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.313374] ^ [ 14.313780] ffff888103920080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.314254] ffff888103920100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.314482] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 14.245650] ================================================================== [ 14.246131] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.247103] Read of size 1 at addr ffff88810315c240 by task kunit_try_catch/249 [ 14.247926] [ 14.248109] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.248158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.248170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.248195] Call Trace: [ 14.248208] <TASK> [ 14.248227] dump_stack_lvl+0x73/0xb0 [ 14.248258] print_report+0xd1/0x610 [ 14.248281] ? __virt_addr_valid+0x1db/0x2d0 [ 14.248306] ? mempool_uaf_helper+0x392/0x400 [ 14.248328] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.248351] ? mempool_uaf_helper+0x392/0x400 [ 14.248374] kasan_report+0x141/0x180 [ 14.248409] ? mempool_uaf_helper+0x392/0x400 [ 14.248438] __asan_report_load1_noabort+0x18/0x20 [ 14.248462] mempool_uaf_helper+0x392/0x400 [ 14.248485] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.248511] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.248535] ? finish_task_switch.isra.0+0x153/0x700 [ 14.248562] mempool_slab_uaf+0xea/0x140 [ 14.248585] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 14.248611] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.248637] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.248663] ? __pfx_read_tsc+0x10/0x10 [ 14.248691] ? ktime_get_ts64+0x86/0x230 [ 14.248717] kunit_try_run_case+0x1a5/0x480 [ 14.248744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.248767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.248793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.248817] ? __kthread_parkme+0x82/0x180 [ 14.248838] ? preempt_count_sub+0x50/0x80 [ 14.248862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.248887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.248911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.248936] kthread+0x337/0x6f0 [ 14.248956] ? trace_preempt_on+0x20/0xc0 [ 14.248982] ? __pfx_kthread+0x10/0x10 [ 14.249003] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.249067] ? calculate_sigpending+0x7b/0xa0 [ 14.249094] ? __pfx_kthread+0x10/0x10 [ 14.249116] ret_from_fork+0x116/0x1d0 [ 14.249147] ? __pfx_kthread+0x10/0x10 [ 14.249169] ret_from_fork_asm+0x1a/0x30 [ 14.249203] </TASK> [ 14.249214] [ 14.261728] Allocated by task 249: [ 14.261918] kasan_save_stack+0x45/0x70 [ 14.262454] kasan_save_track+0x18/0x40 [ 14.262658] kasan_save_alloc_info+0x3b/0x50 [ 14.262815] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.262993] remove_element+0x11e/0x190 [ 14.263136] mempool_alloc_preallocated+0x4d/0x90 [ 14.263297] mempool_uaf_helper+0x96/0x400 [ 14.263958] mempool_slab_uaf+0xea/0x140 [ 14.264374] kunit_try_run_case+0x1a5/0x480 [ 14.264884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.265315] kthread+0x337/0x6f0 [ 14.265515] ret_from_fork+0x116/0x1d0 [ 14.265697] ret_from_fork_asm+0x1a/0x30 [ 14.265876] [ 14.265968] Freed by task 249: [ 14.266119] kasan_save_stack+0x45/0x70 [ 14.266300] kasan_save_track+0x18/0x40 [ 14.267014] kasan_save_free_info+0x3f/0x60 [ 14.267618] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.268137] mempool_free+0x2ec/0x380 [ 14.268324] mempool_uaf_helper+0x11a/0x400 [ 14.268534] mempool_slab_uaf+0xea/0x140 [ 14.268963] kunit_try_run_case+0x1a5/0x480 [ 14.269379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.269801] kthread+0x337/0x6f0 [ 14.269973] ret_from_fork+0x116/0x1d0 [ 14.270336] ret_from_fork_asm+0x1a/0x30 [ 14.270700] [ 14.270797] The buggy address belongs to the object at ffff88810315c240 [ 14.270797] which belongs to the cache test_cache of size 123 [ 14.271597] The buggy address is located 0 bytes inside of [ 14.271597] freed 123-byte region [ffff88810315c240, ffff88810315c2bb) [ 14.272274] [ 14.272543] The buggy address belongs to the physical page: [ 14.272946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315c [ 14.273422] flags: 0x200000000000000(node=0|zone=2) [ 14.273906] page_type: f5(slab) [ 14.274151] raw: 0200000000000000 ffff8881031533c0 dead000000000122 0000000000000000 [ 14.274755] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.275526] page dumped because: kasan: bad access detected [ 14.276018] [ 14.276304] Memory state around the buggy address: [ 14.276546] ffff88810315c100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.277431] ffff88810315c180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.278292] >ffff88810315c200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 14.278773] ^ [ 14.279013] ffff88810315c280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.279974] ffff88810315c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.280423] ================================================================== [ 14.182344] ================================================================== [ 14.182832] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.183243] Read of size 1 at addr ffff88810313af00 by task kunit_try_catch/245 [ 14.183564] [ 14.183700] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.183748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.183761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.183784] Call Trace: [ 14.183798] <TASK> [ 14.183816] dump_stack_lvl+0x73/0xb0 [ 14.183849] print_report+0xd1/0x610 [ 14.183873] ? __virt_addr_valid+0x1db/0x2d0 [ 14.183897] ? mempool_uaf_helper+0x392/0x400 [ 14.183919] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.183942] ? mempool_uaf_helper+0x392/0x400 [ 14.183964] kasan_report+0x141/0x180 [ 14.183986] ? mempool_uaf_helper+0x392/0x400 [ 14.184073] __asan_report_load1_noabort+0x18/0x20 [ 14.184104] mempool_uaf_helper+0x392/0x400 [ 14.184128] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.184151] ? kasan_save_track+0x18/0x40 [ 14.184171] ? kasan_save_alloc_info+0x3b/0x50 [ 14.184194] ? kasan_save_stack+0x45/0x70 [ 14.184218] mempool_kmalloc_uaf+0xef/0x140 [ 14.184240] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 14.184266] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.184291] ? __pfx_mempool_kfree+0x10/0x10 [ 14.184316] ? __pfx_read_tsc+0x10/0x10 [ 14.184338] ? ktime_get_ts64+0x86/0x230 [ 14.184366] kunit_try_run_case+0x1a5/0x480 [ 14.184404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.184428] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.184452] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.184476] ? __kthread_parkme+0x82/0x180 [ 14.184497] ? preempt_count_sub+0x50/0x80 [ 14.184523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.184547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.184589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.184613] kthread+0x337/0x6f0 [ 14.184634] ? trace_preempt_on+0x20/0xc0 [ 14.184658] ? __pfx_kthread+0x10/0x10 [ 14.184683] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.184704] ? calculate_sigpending+0x7b/0xa0 [ 14.184729] ? __pfx_kthread+0x10/0x10 [ 14.184751] ret_from_fork+0x116/0x1d0 [ 14.184771] ? __pfx_kthread+0x10/0x10 [ 14.184791] ret_from_fork_asm+0x1a/0x30 [ 14.184824] </TASK> [ 14.184835] [ 14.192907] Allocated by task 245: [ 14.193192] kasan_save_stack+0x45/0x70 [ 14.193414] kasan_save_track+0x18/0x40 [ 14.193609] kasan_save_alloc_info+0x3b/0x50 [ 14.193857] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.194188] remove_element+0x11e/0x190 [ 14.194389] mempool_alloc_preallocated+0x4d/0x90 [ 14.194636] mempool_uaf_helper+0x96/0x400 [ 14.194825] mempool_kmalloc_uaf+0xef/0x140 [ 14.195072] kunit_try_run_case+0x1a5/0x480 [ 14.195255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.195495] kthread+0x337/0x6f0 [ 14.195684] ret_from_fork+0x116/0x1d0 [ 14.195852] ret_from_fork_asm+0x1a/0x30 [ 14.195996] [ 14.196128] Freed by task 245: [ 14.196244] kasan_save_stack+0x45/0x70 [ 14.196383] kasan_save_track+0x18/0x40 [ 14.196588] kasan_save_free_info+0x3f/0x60 [ 14.196824] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.197131] mempool_free+0x2ec/0x380 [ 14.197322] mempool_uaf_helper+0x11a/0x400 [ 14.197536] mempool_kmalloc_uaf+0xef/0x140 [ 14.197766] kunit_try_run_case+0x1a5/0x480 [ 14.197973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.198278] kthread+0x337/0x6f0 [ 14.198474] ret_from_fork+0x116/0x1d0 [ 14.198651] ret_from_fork_asm+0x1a/0x30 [ 14.198854] [ 14.198936] The buggy address belongs to the object at ffff88810313af00 [ 14.198936] which belongs to the cache kmalloc-128 of size 128 [ 14.199494] The buggy address is located 0 bytes inside of [ 14.199494] freed 128-byte region [ffff88810313af00, ffff88810313af80) [ 14.199976] [ 14.200143] The buggy address belongs to the physical page: [ 14.200385] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 14.200753] flags: 0x200000000000000(node=0|zone=2) [ 14.200959] page_type: f5(slab) [ 14.201121] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.201490] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 14.201810] page dumped because: kasan: bad access detected [ 14.202123] [ 14.202203] Memory state around the buggy address: [ 14.202363] ffff88810313ae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.202619] ffff88810313ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.202943] >ffff88810313af00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.203346] ^ [ 14.203533] ffff88810313af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.203813] ffff88810313b000: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.204160] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 14.090244] ================================================================== [ 14.090729] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.091531] Read of size 1 at addr ffff88810313ab73 by task kunit_try_catch/239 [ 14.092335] [ 14.092497] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.092551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.092564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.092587] Call Trace: [ 14.092602] <TASK> [ 14.092623] dump_stack_lvl+0x73/0xb0 [ 14.092659] print_report+0xd1/0x610 [ 14.092847] ? __virt_addr_valid+0x1db/0x2d0 [ 14.092878] ? mempool_oob_right_helper+0x318/0x380 [ 14.092902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.092925] ? mempool_oob_right_helper+0x318/0x380 [ 14.092949] kasan_report+0x141/0x180 [ 14.092971] ? mempool_oob_right_helper+0x318/0x380 [ 14.093000] __asan_report_load1_noabort+0x18/0x20 [ 14.093024] mempool_oob_right_helper+0x318/0x380 [ 14.093049] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.093076] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.093100] ? finish_task_switch.isra.0+0x153/0x700 [ 14.093128] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.093155] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.093183] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.093209] ? __pfx_mempool_kfree+0x10/0x10 [ 14.093234] ? __pfx_read_tsc+0x10/0x10 [ 14.093257] ? ktime_get_ts64+0x86/0x230 [ 14.093285] kunit_try_run_case+0x1a5/0x480 [ 14.093311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.093334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.093359] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.093383] ? __kthread_parkme+0x82/0x180 [ 14.093475] ? preempt_count_sub+0x50/0x80 [ 14.093500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.093524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.093549] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.093571] kthread+0x337/0x6f0 [ 14.093604] ? trace_preempt_on+0x20/0xc0 [ 14.093629] ? __pfx_kthread+0x10/0x10 [ 14.093650] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.093671] ? calculate_sigpending+0x7b/0xa0 [ 14.093696] ? __pfx_kthread+0x10/0x10 [ 14.093717] ret_from_fork+0x116/0x1d0 [ 14.093737] ? __pfx_kthread+0x10/0x10 [ 14.093757] ret_from_fork_asm+0x1a/0x30 [ 14.093792] </TASK> [ 14.093803] [ 14.106723] Allocated by task 239: [ 14.106871] kasan_save_stack+0x45/0x70 [ 14.107061] kasan_save_track+0x18/0x40 [ 14.107589] kasan_save_alloc_info+0x3b/0x50 [ 14.107892] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.108295] remove_element+0x11e/0x190 [ 14.108508] mempool_alloc_preallocated+0x4d/0x90 [ 14.108935] mempool_oob_right_helper+0x8a/0x380 [ 14.109357] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.109740] kunit_try_run_case+0x1a5/0x480 [ 14.109986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.110617] kthread+0x337/0x6f0 [ 14.110777] ret_from_fork+0x116/0x1d0 [ 14.110981] ret_from_fork_asm+0x1a/0x30 [ 14.111477] [ 14.111560] The buggy address belongs to the object at ffff88810313ab00 [ 14.111560] which belongs to the cache kmalloc-128 of size 128 [ 14.112466] The buggy address is located 0 bytes to the right of [ 14.112466] allocated 115-byte region [ffff88810313ab00, ffff88810313ab73) [ 14.113288] [ 14.113390] The buggy address belongs to the physical page: [ 14.113635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 14.114370] flags: 0x200000000000000(node=0|zone=2) [ 14.114682] page_type: f5(slab) [ 14.114870] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.115530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.115960] page dumped because: kasan: bad access detected [ 14.116355] [ 14.116622] Memory state around the buggy address: [ 14.116963] ffff88810313aa00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.117394] ffff88810313aa80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.117949] >ffff88810313ab00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.118521] ^ [ 14.118980] ffff88810313ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.119539] ffff88810313ac00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.120001] ================================================================== [ 14.123898] ================================================================== [ 14.124585] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.125219] Read of size 1 at addr ffff88810391e001 by task kunit_try_catch/241 [ 14.125514] [ 14.125633] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.125683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.125696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.125719] Call Trace: [ 14.125733] <TASK> [ 14.125750] dump_stack_lvl+0x73/0xb0 [ 14.125782] print_report+0xd1/0x610 [ 14.125805] ? __virt_addr_valid+0x1db/0x2d0 [ 14.125829] ? mempool_oob_right_helper+0x318/0x380 [ 14.125853] ? kasan_addr_to_slab+0x11/0xa0 [ 14.125874] ? mempool_oob_right_helper+0x318/0x380 [ 14.125898] kasan_report+0x141/0x180 [ 14.125919] ? mempool_oob_right_helper+0x318/0x380 [ 14.125948] __asan_report_load1_noabort+0x18/0x20 [ 14.125972] mempool_oob_right_helper+0x318/0x380 [ 14.125997] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.126022] ? __kasan_check_write+0x18/0x20 [ 14.126041] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.126131] ? finish_task_switch.isra.0+0x153/0x700 [ 14.126170] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.126195] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.126224] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.126249] ? __pfx_mempool_kfree+0x10/0x10 [ 14.126274] ? __pfx_read_tsc+0x10/0x10 [ 14.126296] ? ktime_get_ts64+0x86/0x230 [ 14.126322] kunit_try_run_case+0x1a5/0x480 [ 14.126348] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.126370] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.126404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.126428] ? __kthread_parkme+0x82/0x180 [ 14.126450] ? preempt_count_sub+0x50/0x80 [ 14.126473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.126497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.126520] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.126544] kthread+0x337/0x6f0 [ 14.126563] ? trace_preempt_on+0x20/0xc0 [ 14.126588] ? __pfx_kthread+0x10/0x10 [ 14.126609] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.126630] ? calculate_sigpending+0x7b/0xa0 [ 14.126656] ? __pfx_kthread+0x10/0x10 [ 14.126678] ret_from_fork+0x116/0x1d0 [ 14.126696] ? __pfx_kthread+0x10/0x10 [ 14.126717] ret_from_fork_asm+0x1a/0x30 [ 14.126751] </TASK> [ 14.126762] [ 14.136295] The buggy address belongs to the physical page: [ 14.136570] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10391c [ 14.136917] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.137148] flags: 0x200000000000040(head|node=0|zone=2) [ 14.137446] page_type: f8(unknown) [ 14.137678] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.138136] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.138478] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.138742] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.138979] head: 0200000000000002 ffffea00040e4701 00000000ffffffff 00000000ffffffff [ 14.139391] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.139748] page dumped because: kasan: bad access detected [ 14.140010] [ 14.140302] Memory state around the buggy address: [ 14.140493] ffff88810391df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.140902] ffff88810391df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.141123] >ffff88810391e000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.142176] ^ [ 14.142363] ffff88810391e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.142664] ffff88810391e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.142944] ================================================================== [ 14.147064] ================================================================== [ 14.148420] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.149261] Read of size 1 at addr ffff88810315a2bb by task kunit_try_catch/243 [ 14.149768] [ 14.149869] CPU: 0 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.149916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.149930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.149952] Call Trace: [ 14.149965] <TASK> [ 14.149981] dump_stack_lvl+0x73/0xb0 [ 14.150094] print_report+0xd1/0x610 [ 14.150133] ? __virt_addr_valid+0x1db/0x2d0 [ 14.150157] ? mempool_oob_right_helper+0x318/0x380 [ 14.150182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.150205] ? mempool_oob_right_helper+0x318/0x380 [ 14.150229] kasan_report+0x141/0x180 [ 14.150251] ? mempool_oob_right_helper+0x318/0x380 [ 14.150280] __asan_report_load1_noabort+0x18/0x20 [ 14.150304] mempool_oob_right_helper+0x318/0x380 [ 14.150331] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.150360] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.150382] ? finish_task_switch.isra.0+0x153/0x700 [ 14.150419] mempool_slab_oob_right+0xed/0x140 [ 14.150738] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.150769] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.150795] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.150820] ? __pfx_read_tsc+0x10/0x10 [ 14.150842] ? ktime_get_ts64+0x86/0x230 [ 14.150866] kunit_try_run_case+0x1a5/0x480 [ 14.150892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.150914] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.150938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.150962] ? __kthread_parkme+0x82/0x180 [ 14.150982] ? preempt_count_sub+0x50/0x80 [ 14.151006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.151078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.151103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.151127] kthread+0x337/0x6f0 [ 14.151147] ? trace_preempt_on+0x20/0xc0 [ 14.151171] ? __pfx_kthread+0x10/0x10 [ 14.151192] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.151213] ? calculate_sigpending+0x7b/0xa0 [ 14.151237] ? __pfx_kthread+0x10/0x10 [ 14.151258] ret_from_fork+0x116/0x1d0 [ 14.151277] ? __pfx_kthread+0x10/0x10 [ 14.151298] ret_from_fork_asm+0x1a/0x30 [ 14.151330] </TASK> [ 14.151341] [ 14.163752] Allocated by task 243: [ 14.164073] kasan_save_stack+0x45/0x70 [ 14.164493] kasan_save_track+0x18/0x40 [ 14.164859] kasan_save_alloc_info+0x3b/0x50 [ 14.165288] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.165497] remove_element+0x11e/0x190 [ 14.165794] mempool_alloc_preallocated+0x4d/0x90 [ 14.166306] mempool_oob_right_helper+0x8a/0x380 [ 14.166774] mempool_slab_oob_right+0xed/0x140 [ 14.167421] kunit_try_run_case+0x1a5/0x480 [ 14.167618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.168103] kthread+0x337/0x6f0 [ 14.168466] ret_from_fork+0x116/0x1d0 [ 14.168735] ret_from_fork_asm+0x1a/0x30 [ 14.169082] [ 14.169201] The buggy address belongs to the object at ffff88810315a240 [ 14.169201] which belongs to the cache test_cache of size 123 [ 14.169799] The buggy address is located 0 bytes to the right of [ 14.169799] allocated 123-byte region [ffff88810315a240, ffff88810315a2bb) [ 14.170220] [ 14.170296] The buggy address belongs to the physical page: [ 14.170692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315a [ 14.170996] flags: 0x200000000000000(node=0|zone=2) [ 14.171257] page_type: f5(slab) [ 14.171421] raw: 0200000000000000 ffff888103153280 dead000000000122 0000000000000000 [ 14.171658] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.172061] page dumped because: kasan: bad access detected [ 14.172284] [ 14.172356] Memory state around the buggy address: [ 14.172604] ffff88810315a180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.172911] ffff88810315a200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 14.173434] >ffff88810315a280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 14.173712] ^ [ 14.174101] ffff88810315a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.174378] ffff88810315a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.174712] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 13.519995] ================================================================== [ 13.520584] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 13.521420] Read of size 1 at addr ffff888101a54dc0 by task kunit_try_catch/233 [ 13.521821] [ 13.522083] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.522137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.522149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.522172] Call Trace: [ 13.522187] <TASK> [ 13.522207] dump_stack_lvl+0x73/0xb0 [ 13.522304] print_report+0xd1/0x610 [ 13.522330] ? __virt_addr_valid+0x1db/0x2d0 [ 13.522355] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.522380] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.522415] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.522440] kasan_report+0x141/0x180 [ 13.522463] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.522491] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.522516] __kasan_check_byte+0x3d/0x50 [ 13.522538] kmem_cache_destroy+0x25/0x1d0 [ 13.522563] kmem_cache_double_destroy+0x1bf/0x380 [ 13.522587] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 13.522611] ? finish_task_switch.isra.0+0x153/0x700 [ 13.522634] ? __switch_to+0x47/0xf50 [ 13.522667] ? __pfx_read_tsc+0x10/0x10 [ 13.522689] ? ktime_get_ts64+0x86/0x230 [ 13.522715] kunit_try_run_case+0x1a5/0x480 [ 13.522740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.522763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.522789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.522813] ? __kthread_parkme+0x82/0x180 [ 13.522836] ? preempt_count_sub+0x50/0x80 [ 13.522860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.522884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.522909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.522933] kthread+0x337/0x6f0 [ 13.522952] ? trace_preempt_on+0x20/0xc0 [ 13.522977] ? __pfx_kthread+0x10/0x10 [ 13.522997] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.523018] ? calculate_sigpending+0x7b/0xa0 [ 13.523042] ? __pfx_kthread+0x10/0x10 [ 13.523065] ret_from_fork+0x116/0x1d0 [ 13.523085] ? __pfx_kthread+0x10/0x10 [ 13.523106] ret_from_fork_asm+0x1a/0x30 [ 13.523139] </TASK> [ 13.523150] [ 13.534247] Allocated by task 233: [ 13.534393] kasan_save_stack+0x45/0x70 [ 13.534789] kasan_save_track+0x18/0x40 [ 13.535309] kasan_save_alloc_info+0x3b/0x50 [ 13.535532] __kasan_slab_alloc+0x91/0xa0 [ 13.535745] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.535937] __kmem_cache_create_args+0x169/0x240 [ 13.536152] kmem_cache_double_destroy+0xd5/0x380 [ 13.536540] kunit_try_run_case+0x1a5/0x480 [ 13.536735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.536978] kthread+0x337/0x6f0 [ 13.537144] ret_from_fork+0x116/0x1d0 [ 13.537350] ret_from_fork_asm+0x1a/0x30 [ 13.537518] [ 13.537611] Freed by task 233: [ 13.537783] kasan_save_stack+0x45/0x70 [ 13.537948] kasan_save_track+0x18/0x40 [ 13.538143] kasan_save_free_info+0x3f/0x60 [ 13.538430] __kasan_slab_free+0x56/0x70 [ 13.538728] kmem_cache_free+0x249/0x420 [ 13.538898] slab_kmem_cache_release+0x2e/0x40 [ 13.539158] kmem_cache_release+0x16/0x20 [ 13.539361] kobject_put+0x181/0x450 [ 13.539536] sysfs_slab_release+0x16/0x20 [ 13.539749] kmem_cache_destroy+0xf0/0x1d0 [ 13.539965] kmem_cache_double_destroy+0x14e/0x380 [ 13.540150] kunit_try_run_case+0x1a5/0x480 [ 13.540546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.540811] kthread+0x337/0x6f0 [ 13.540970] ret_from_fork+0x116/0x1d0 [ 13.541106] ret_from_fork_asm+0x1a/0x30 [ 13.541247] [ 13.541320] The buggy address belongs to the object at ffff888101a54dc0 [ 13.541320] which belongs to the cache kmem_cache of size 208 [ 13.541812] The buggy address is located 0 bytes inside of [ 13.541812] freed 208-byte region [ffff888101a54dc0, ffff888101a54e90) [ 13.542306] [ 13.542384] The buggy address belongs to the physical page: [ 13.542685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a54 [ 13.543064] flags: 0x200000000000000(node=0|zone=2) [ 13.543314] page_type: f5(slab) [ 13.543506] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 13.543902] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 13.544233] page dumped because: kasan: bad access detected [ 13.544487] [ 13.544582] Memory state around the buggy address: [ 13.544778] ffff888101a54c80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.545308] ffff888101a54d00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 13.545663] >ffff888101a54d80: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.545907] ^ [ 13.546194] ffff888101a54e00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.546555] ffff888101a54e80: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.546888] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 13.465446] ================================================================== [ 13.465981] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.466836] Read of size 1 at addr ffff888103156000 by task kunit_try_catch/231 [ 13.467170] [ 13.467294] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.467364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.467377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.467410] Call Trace: [ 13.467424] <TASK> [ 13.467444] dump_stack_lvl+0x73/0xb0 [ 13.467734] print_report+0xd1/0x610 [ 13.467760] ? __virt_addr_valid+0x1db/0x2d0 [ 13.467785] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.467807] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.467830] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.467853] kasan_report+0x141/0x180 [ 13.467874] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.467903] __asan_report_load1_noabort+0x18/0x20 [ 13.467927] kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.467950] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 13.467973] ? finish_task_switch.isra.0+0x153/0x700 [ 13.467996] ? __switch_to+0x47/0xf50 [ 13.468028] ? __pfx_read_tsc+0x10/0x10 [ 13.468049] ? ktime_get_ts64+0x86/0x230 [ 13.468075] kunit_try_run_case+0x1a5/0x480 [ 13.468100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.468123] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.468148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.468171] ? __kthread_parkme+0x82/0x180 [ 13.468192] ? preempt_count_sub+0x50/0x80 [ 13.468216] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.468239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.468262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.468286] kthread+0x337/0x6f0 [ 13.468306] ? trace_preempt_on+0x20/0xc0 [ 13.468330] ? __pfx_kthread+0x10/0x10 [ 13.468351] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.468371] ? calculate_sigpending+0x7b/0xa0 [ 13.468409] ? __pfx_kthread+0x10/0x10 [ 13.468432] ret_from_fork+0x116/0x1d0 [ 13.468451] ? __pfx_kthread+0x10/0x10 [ 13.468471] ret_from_fork_asm+0x1a/0x30 [ 13.468504] </TASK> [ 13.468515] [ 13.477930] Allocated by task 231: [ 13.478073] kasan_save_stack+0x45/0x70 [ 13.478287] kasan_save_track+0x18/0x40 [ 13.478493] kasan_save_alloc_info+0x3b/0x50 [ 13.478761] __kasan_slab_alloc+0x91/0xa0 [ 13.478960] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.479157] kmem_cache_rcu_uaf+0x155/0x510 [ 13.479305] kunit_try_run_case+0x1a5/0x480 [ 13.479602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.479960] kthread+0x337/0x6f0 [ 13.480189] ret_from_fork+0x116/0x1d0 [ 13.480385] ret_from_fork_asm+0x1a/0x30 [ 13.480558] [ 13.480649] Freed by task 0: [ 13.480934] kasan_save_stack+0x45/0x70 [ 13.481219] kasan_save_track+0x18/0x40 [ 13.481420] kasan_save_free_info+0x3f/0x60 [ 13.481640] __kasan_slab_free+0x56/0x70 [ 13.481904] slab_free_after_rcu_debug+0xe4/0x310 [ 13.482471] rcu_core+0x66f/0x1c40 [ 13.482739] rcu_core_si+0x12/0x20 [ 13.482968] handle_softirqs+0x209/0x730 [ 13.483167] __irq_exit_rcu+0xc9/0x110 [ 13.483462] irq_exit_rcu+0x12/0x20 [ 13.483650] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.483893] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.484249] [ 13.484340] Last potentially related work creation: [ 13.484586] kasan_save_stack+0x45/0x70 [ 13.484743] kasan_record_aux_stack+0xb2/0xc0 [ 13.485138] kmem_cache_free+0x131/0x420 [ 13.485320] kmem_cache_rcu_uaf+0x194/0x510 [ 13.485616] kunit_try_run_case+0x1a5/0x480 [ 13.485845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.486088] kthread+0x337/0x6f0 [ 13.486224] ret_from_fork+0x116/0x1d0 [ 13.486420] ret_from_fork_asm+0x1a/0x30 [ 13.486691] [ 13.486780] The buggy address belongs to the object at ffff888103156000 [ 13.486780] which belongs to the cache test_cache of size 200 [ 13.487473] The buggy address is located 0 bytes inside of [ 13.487473] freed 200-byte region [ffff888103156000, ffff8881031560c8) [ 13.488092] [ 13.488255] The buggy address belongs to the physical page: [ 13.488491] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103156 [ 13.489059] flags: 0x200000000000000(node=0|zone=2) [ 13.489407] page_type: f5(slab) [ 13.489584] raw: 0200000000000000 ffff888103153000 dead000000000122 0000000000000000 [ 13.489985] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.490434] page dumped because: kasan: bad access detected [ 13.490781] [ 13.490949] Memory state around the buggy address: [ 13.491185] ffff888103155f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.491474] ffff888103155f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.491869] >ffff888103156000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.492212] ^ [ 13.492388] ffff888103156080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.492795] ffff888103156100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.493213] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 13.392751] ================================================================== [ 13.393241] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.394200] Free of addr ffff888103949001 by task kunit_try_catch/229 [ 13.394501] [ 13.394741] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.394790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.394803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.394824] Call Trace: [ 13.394838] <TASK> [ 13.394856] dump_stack_lvl+0x73/0xb0 [ 13.394888] print_report+0xd1/0x610 [ 13.394910] ? __virt_addr_valid+0x1db/0x2d0 [ 13.394934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.394956] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.394981] kasan_report_invalid_free+0x10a/0x130 [ 13.395005] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.395040] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.395064] check_slab_allocation+0x11f/0x130 [ 13.395085] __kasan_slab_pre_free+0x28/0x40 [ 13.395105] kmem_cache_free+0xed/0x420 [ 13.395124] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.395144] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.395172] kmem_cache_invalid_free+0x1d8/0x460 [ 13.395196] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.395219] ? finish_task_switch.isra.0+0x153/0x700 [ 13.395241] ? __switch_to+0x47/0xf50 [ 13.395270] ? __pfx_read_tsc+0x10/0x10 [ 13.395291] ? ktime_get_ts64+0x86/0x230 [ 13.395316] kunit_try_run_case+0x1a5/0x480 [ 13.395340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.395362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.395385] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.395419] ? __kthread_parkme+0x82/0x180 [ 13.395439] ? preempt_count_sub+0x50/0x80 [ 13.395462] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.395486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.395509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.395531] kthread+0x337/0x6f0 [ 13.395551] ? trace_preempt_on+0x20/0xc0 [ 13.395575] ? __pfx_kthread+0x10/0x10 [ 13.395596] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.395617] ? calculate_sigpending+0x7b/0xa0 [ 13.395641] ? __pfx_kthread+0x10/0x10 [ 13.395662] ret_from_fork+0x116/0x1d0 [ 13.395680] ? __pfx_kthread+0x10/0x10 [ 13.395701] ret_from_fork_asm+0x1a/0x30 [ 13.395733] </TASK> [ 13.395743] [ 13.409910] Allocated by task 229: [ 13.410357] kasan_save_stack+0x45/0x70 [ 13.410748] kasan_save_track+0x18/0x40 [ 13.410892] kasan_save_alloc_info+0x3b/0x50 [ 13.411205] __kasan_slab_alloc+0x91/0xa0 [ 13.411687] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.412257] kmem_cache_invalid_free+0x157/0x460 [ 13.412714] kunit_try_run_case+0x1a5/0x480 [ 13.413101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.413544] kthread+0x337/0x6f0 [ 13.413906] ret_from_fork+0x116/0x1d0 [ 13.414286] ret_from_fork_asm+0x1a/0x30 [ 13.414449] [ 13.414525] The buggy address belongs to the object at ffff888103949000 [ 13.414525] which belongs to the cache test_cache of size 200 [ 13.414896] The buggy address is located 1 bytes inside of [ 13.414896] 200-byte region [ffff888103949000, ffff8881039490c8) [ 13.415235] [ 13.415310] The buggy address belongs to the physical page: [ 13.415752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103949 [ 13.416567] flags: 0x200000000000000(node=0|zone=2) [ 13.417139] page_type: f5(slab) [ 13.417496] raw: 0200000000000000 ffff888101a54c80 dead000000000122 0000000000000000 [ 13.418257] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.418969] page dumped because: kasan: bad access detected [ 13.419572] [ 13.419797] Memory state around the buggy address: [ 13.420332] ffff888103948f00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 13.420924] ffff888103948f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.421529] >ffff888103949000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.421944] ^ [ 13.422287] ffff888103949080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.422967] ffff888103949100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.423298] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 13.349902] ================================================================== [ 13.350438] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.350873] Free of addr ffff888103152000 by task kunit_try_catch/227 [ 13.351413] [ 13.351514] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.351561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.351573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.351595] Call Trace: [ 13.351608] <TASK> [ 13.351626] dump_stack_lvl+0x73/0xb0 [ 13.351659] print_report+0xd1/0x610 [ 13.351681] ? __virt_addr_valid+0x1db/0x2d0 [ 13.351706] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.351727] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351753] kasan_report_invalid_free+0x10a/0x130 [ 13.351777] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351803] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351827] check_slab_allocation+0x101/0x130 [ 13.351849] __kasan_slab_pre_free+0x28/0x40 [ 13.351869] kmem_cache_free+0xed/0x420 [ 13.351889] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.351909] ? kmem_cache_double_free+0x1e5/0x480 [ 13.351936] kmem_cache_double_free+0x1e5/0x480 [ 13.351960] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.351982] ? finish_task_switch.isra.0+0x153/0x700 [ 13.352005] ? __switch_to+0x47/0xf50 [ 13.352098] ? __pfx_read_tsc+0x10/0x10 [ 13.352122] ? ktime_get_ts64+0x86/0x230 [ 13.352148] kunit_try_run_case+0x1a5/0x480 [ 13.352173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.352220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.352243] ? __kthread_parkme+0x82/0x180 [ 13.352264] ? preempt_count_sub+0x50/0x80 [ 13.352287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.352334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.352356] kthread+0x337/0x6f0 [ 13.352376] ? trace_preempt_on+0x20/0xc0 [ 13.352411] ? __pfx_kthread+0x10/0x10 [ 13.352433] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.352454] ? calculate_sigpending+0x7b/0xa0 [ 13.352479] ? __pfx_kthread+0x10/0x10 [ 13.352500] ret_from_fork+0x116/0x1d0 [ 13.352518] ? __pfx_kthread+0x10/0x10 [ 13.352539] ret_from_fork_asm+0x1a/0x30 [ 13.352571] </TASK> [ 13.352582] [ 13.366893] Allocated by task 227: [ 13.367077] kasan_save_stack+0x45/0x70 [ 13.367441] kasan_save_track+0x18/0x40 [ 13.367792] kasan_save_alloc_info+0x3b/0x50 [ 13.368276] __kasan_slab_alloc+0x91/0xa0 [ 13.368643] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.369135] kmem_cache_double_free+0x14f/0x480 [ 13.369600] kunit_try_run_case+0x1a5/0x480 [ 13.369760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.369939] kthread+0x337/0x6f0 [ 13.370180] ret_from_fork+0x116/0x1d0 [ 13.370528] ret_from_fork_asm+0x1a/0x30 [ 13.370922] [ 13.371079] Freed by task 227: [ 13.371408] kasan_save_stack+0x45/0x70 [ 13.371790] kasan_save_track+0x18/0x40 [ 13.372211] kasan_save_free_info+0x3f/0x60 [ 13.372693] __kasan_slab_free+0x56/0x70 [ 13.373044] kmem_cache_free+0x249/0x420 [ 13.373416] kmem_cache_double_free+0x16a/0x480 [ 13.373580] kunit_try_run_case+0x1a5/0x480 [ 13.373969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.374648] kthread+0x337/0x6f0 [ 13.374961] ret_from_fork+0x116/0x1d0 [ 13.375096] ret_from_fork_asm+0x1a/0x30 [ 13.375447] [ 13.375624] The buggy address belongs to the object at ffff888103152000 [ 13.375624] which belongs to the cache test_cache of size 200 [ 13.376444] The buggy address is located 0 bytes inside of [ 13.376444] 200-byte region [ffff888103152000, ffff8881031520c8) [ 13.377340] [ 13.377522] The buggy address belongs to the physical page: [ 13.378072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103152 [ 13.378614] flags: 0x200000000000000(node=0|zone=2) [ 13.379094] page_type: f5(slab) [ 13.379255] raw: 0200000000000000 ffff888100eebdc0 dead000000000122 0000000000000000 [ 13.380280] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.380616] page dumped because: kasan: bad access detected [ 13.380802] [ 13.380874] Memory state around the buggy address: [ 13.381072] ffff888103151f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.381679] ffff888103151f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.382372] >ffff888103152000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.383137] ^ [ 13.383455] ffff888103152080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.384231] ffff888103152100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.384898] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 13.314429] ================================================================== [ 13.314863] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 13.315241] Read of size 1 at addr ffff8881031500c8 by task kunit_try_catch/225 [ 13.315539] [ 13.315686] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.315733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.315745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.315766] Call Trace: [ 13.315780] <TASK> [ 13.315798] dump_stack_lvl+0x73/0xb0 [ 13.315830] print_report+0xd1/0x610 [ 13.315852] ? __virt_addr_valid+0x1db/0x2d0 [ 13.315877] ? kmem_cache_oob+0x402/0x530 [ 13.315900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.315922] ? kmem_cache_oob+0x402/0x530 [ 13.315945] kasan_report+0x141/0x180 [ 13.315967] ? kmem_cache_oob+0x402/0x530 [ 13.315995] __asan_report_load1_noabort+0x18/0x20 [ 13.316019] kmem_cache_oob+0x402/0x530 [ 13.316039] ? trace_hardirqs_on+0x37/0xe0 [ 13.316064] ? __pfx_kmem_cache_oob+0x10/0x10 [ 13.316085] ? finish_task_switch.isra.0+0x153/0x700 [ 13.316108] ? __switch_to+0x47/0xf50 [ 13.316139] ? __pfx_read_tsc+0x10/0x10 [ 13.316161] ? ktime_get_ts64+0x86/0x230 [ 13.316186] kunit_try_run_case+0x1a5/0x480 [ 13.316212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.316234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.316258] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.316281] ? __kthread_parkme+0x82/0x180 [ 13.316302] ? preempt_count_sub+0x50/0x80 [ 13.316325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.316348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.316371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.316406] kthread+0x337/0x6f0 [ 13.316426] ? trace_preempt_on+0x20/0xc0 [ 13.316448] ? __pfx_kthread+0x10/0x10 [ 13.316469] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.316489] ? calculate_sigpending+0x7b/0xa0 [ 13.316514] ? __pfx_kthread+0x10/0x10 [ 13.316535] ret_from_fork+0x116/0x1d0 [ 13.316554] ? __pfx_kthread+0x10/0x10 [ 13.316575] ret_from_fork_asm+0x1a/0x30 [ 13.316786] </TASK> [ 13.316799] [ 13.324463] Allocated by task 225: [ 13.324599] kasan_save_stack+0x45/0x70 [ 13.324819] kasan_save_track+0x18/0x40 [ 13.325011] kasan_save_alloc_info+0x3b/0x50 [ 13.325219] __kasan_slab_alloc+0x91/0xa0 [ 13.325426] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.325646] kmem_cache_oob+0x157/0x530 [ 13.325839] kunit_try_run_case+0x1a5/0x480 [ 13.326013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.326189] kthread+0x337/0x6f0 [ 13.326533] ret_from_fork+0x116/0x1d0 [ 13.326866] ret_from_fork_asm+0x1a/0x30 [ 13.327161] [ 13.327241] The buggy address belongs to the object at ffff888103150000 [ 13.327241] which belongs to the cache test_cache of size 200 [ 13.327775] The buggy address is located 0 bytes to the right of [ 13.327775] allocated 200-byte region [ffff888103150000, ffff8881031500c8) [ 13.328284] [ 13.328446] The buggy address belongs to the physical page: [ 13.328626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103150 [ 13.328877] flags: 0x200000000000000(node=0|zone=2) [ 13.329046] page_type: f5(slab) [ 13.329239] raw: 0200000000000000 ffff888100eebc80 dead000000000122 0000000000000000 [ 13.329612] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.329946] page dumped because: kasan: bad access detected [ 13.330448] [ 13.330542] Memory state around the buggy address: [ 13.331144] ffff88810314ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.331429] ffff888103150000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.331743] >ffff888103150080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.331965] ^ [ 13.332144] ffff888103150100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.332562] ffff888103150180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.333148] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 13.270049] ================================================================== [ 13.271667] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 13.272295] Read of size 8 at addr ffff888103944100 by task kunit_try_catch/218 [ 13.272545] [ 13.272651] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.272704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.272717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.272739] Call Trace: [ 13.272754] <TASK> [ 13.272772] dump_stack_lvl+0x73/0xb0 [ 13.272803] print_report+0xd1/0x610 [ 13.272826] ? __virt_addr_valid+0x1db/0x2d0 [ 13.272848] ? workqueue_uaf+0x4d6/0x560 [ 13.272869] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.272890] ? workqueue_uaf+0x4d6/0x560 [ 13.272911] kasan_report+0x141/0x180 [ 13.272933] ? workqueue_uaf+0x4d6/0x560 [ 13.272959] __asan_report_load8_noabort+0x18/0x20 [ 13.272983] workqueue_uaf+0x4d6/0x560 [ 13.273006] ? __pfx_workqueue_uaf+0x10/0x10 [ 13.273027] ? __schedule+0x10c6/0x2b60 [ 13.273050] ? __pfx_read_tsc+0x10/0x10 [ 13.273071] ? ktime_get_ts64+0x86/0x230 [ 13.273096] kunit_try_run_case+0x1a5/0x480 [ 13.273120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.273141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.273165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.273188] ? __kthread_parkme+0x82/0x180 [ 13.273207] ? preempt_count_sub+0x50/0x80 [ 13.273231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.273255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.273277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.273300] kthread+0x337/0x6f0 [ 13.273319] ? trace_preempt_on+0x20/0xc0 [ 13.273343] ? __pfx_kthread+0x10/0x10 [ 13.273364] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.273385] ? calculate_sigpending+0x7b/0xa0 [ 13.273747] ? __pfx_kthread+0x10/0x10 [ 13.273773] ret_from_fork+0x116/0x1d0 [ 13.274057] ? __pfx_kthread+0x10/0x10 [ 13.274082] ret_from_fork_asm+0x1a/0x30 [ 13.274116] </TASK> [ 13.274127] [ 13.288450] Allocated by task 218: [ 13.288771] kasan_save_stack+0x45/0x70 [ 13.288927] kasan_save_track+0x18/0x40 [ 13.289177] kasan_save_alloc_info+0x3b/0x50 [ 13.289417] __kasan_kmalloc+0xb7/0xc0 [ 13.289590] __kmalloc_cache_noprof+0x189/0x420 [ 13.289760] workqueue_uaf+0x152/0x560 [ 13.289967] kunit_try_run_case+0x1a5/0x480 [ 13.290170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.290369] kthread+0x337/0x6f0 [ 13.290556] ret_from_fork+0x116/0x1d0 [ 13.290853] ret_from_fork_asm+0x1a/0x30 [ 13.291204] [ 13.291315] Freed by task 44: [ 13.291502] kasan_save_stack+0x45/0x70 [ 13.291698] kasan_save_track+0x18/0x40 [ 13.291836] kasan_save_free_info+0x3f/0x60 [ 13.292041] __kasan_slab_free+0x56/0x70 [ 13.292378] kfree+0x222/0x3f0 [ 13.292536] workqueue_uaf_work+0x12/0x20 [ 13.292684] process_one_work+0x5ee/0xf60 [ 13.292876] worker_thread+0x758/0x1220 [ 13.293085] kthread+0x337/0x6f0 [ 13.293304] ret_from_fork+0x116/0x1d0 [ 13.293507] ret_from_fork_asm+0x1a/0x30 [ 13.293782] [ 13.293872] Last potentially related work creation: [ 13.294144] kasan_save_stack+0x45/0x70 [ 13.294325] kasan_record_aux_stack+0xb2/0xc0 [ 13.294548] __queue_work+0x626/0xeb0 [ 13.294778] queue_work_on+0xb6/0xc0 [ 13.295018] workqueue_uaf+0x26d/0x560 [ 13.295225] kunit_try_run_case+0x1a5/0x480 [ 13.295374] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.295562] kthread+0x337/0x6f0 [ 13.295731] ret_from_fork+0x116/0x1d0 [ 13.295916] ret_from_fork_asm+0x1a/0x30 [ 13.296106] [ 13.296201] The buggy address belongs to the object at ffff888103944100 [ 13.296201] which belongs to the cache kmalloc-32 of size 32 [ 13.296650] The buggy address is located 0 bytes inside of [ 13.296650] freed 32-byte region [ffff888103944100, ffff888103944120) [ 13.297712] [ 13.297802] The buggy address belongs to the physical page: [ 13.298024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103944 [ 13.298413] flags: 0x200000000000000(node=0|zone=2) [ 13.298692] page_type: f5(slab) [ 13.298852] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.299187] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.299559] page dumped because: kasan: bad access detected [ 13.299813] [ 13.299895] Memory state around the buggy address: [ 13.300161] ffff888103944000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.300478] ffff888103944080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.300784] >ffff888103944100: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 13.301124] ^ [ 13.301296] ffff888103944180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.301584] ffff888103944200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.301819] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 13.218244] ================================================================== [ 13.218717] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 13.219270] Read of size 4 at addr ffff888103944040 by task swapper/1/0 [ 13.219650] [ 13.219784] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.219830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.219841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.219862] Call Trace: [ 13.219889] <IRQ> [ 13.219908] dump_stack_lvl+0x73/0xb0 [ 13.219955] print_report+0xd1/0x610 [ 13.219978] ? __virt_addr_valid+0x1db/0x2d0 [ 13.220015] ? rcu_uaf_reclaim+0x50/0x60 [ 13.220034] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.220056] ? rcu_uaf_reclaim+0x50/0x60 [ 13.220092] kasan_report+0x141/0x180 [ 13.220115] ? rcu_uaf_reclaim+0x50/0x60 [ 13.220141] __asan_report_load4_noabort+0x18/0x20 [ 13.220165] rcu_uaf_reclaim+0x50/0x60 [ 13.220185] rcu_core+0x66f/0x1c40 [ 13.220286] ? __pfx_rcu_core+0x10/0x10 [ 13.220309] ? ktime_get+0x6b/0x150 [ 13.220332] ? handle_softirqs+0x18e/0x730 [ 13.220358] rcu_core_si+0x12/0x20 [ 13.220385] handle_softirqs+0x209/0x730 [ 13.220421] ? hrtimer_interrupt+0x2fe/0x780 [ 13.220445] ? __pfx_handle_softirqs+0x10/0x10 [ 13.220470] __irq_exit_rcu+0xc9/0x110 [ 13.220491] irq_exit_rcu+0x12/0x20 [ 13.220511] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.220536] </IRQ> [ 13.220565] <TASK> [ 13.220576] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.220689] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 13.220906] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 23 52 21 00 fb f4 <e9> 3c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 13.220988] RSP: 0000:ffff888100877dc8 EFLAGS: 00010206 [ 13.221246] RAX: ffff8881c3372000 RBX: ffff888100853000 RCX: ffffffff95877125 [ 13.221302] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 0000000000020754 [ 13.221347] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 13.221391] R10: ffff88815b130c53 R11: ffffffff97dc36c0 R12: 0000000000000001 [ 13.221452] R13: ffffed102010a600 R14: ffffffff975b1a90 R15: 0000000000000000 [ 13.221516] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 13.221573] ? default_idle+0xd/0x20 [ 13.221593] arch_cpu_idle+0xd/0x20 [ 13.221612] default_idle_call+0x48/0x80 [ 13.221630] do_idle+0x379/0x4f0 [ 13.221656] ? __pfx_do_idle+0x10/0x10 [ 13.221686] cpu_startup_entry+0x5c/0x70 [ 13.221705] start_secondary+0x211/0x290 [ 13.221727] ? __pfx_start_secondary+0x10/0x10 [ 13.221754] common_startup_64+0x13e/0x148 [ 13.221788] </TASK> [ 13.221799] [ 13.240322] Allocated by task 216: [ 13.240854] kasan_save_stack+0x45/0x70 [ 13.241216] kasan_save_track+0x18/0x40 [ 13.241365] kasan_save_alloc_info+0x3b/0x50 [ 13.241530] __kasan_kmalloc+0xb7/0xc0 [ 13.242251] __kmalloc_cache_noprof+0x189/0x420 [ 13.242948] rcu_uaf+0xb0/0x330 [ 13.243438] kunit_try_run_case+0x1a5/0x480 [ 13.243985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.244729] kthread+0x337/0x6f0 [ 13.245312] ret_from_fork+0x116/0x1d0 [ 13.245536] ret_from_fork_asm+0x1a/0x30 [ 13.246103] [ 13.246299] Freed by task 0: [ 13.246771] kasan_save_stack+0x45/0x70 [ 13.247269] kasan_save_track+0x18/0x40 [ 13.247666] kasan_save_free_info+0x3f/0x60 [ 13.247939] __kasan_slab_free+0x56/0x70 [ 13.248432] kfree+0x222/0x3f0 [ 13.248891] rcu_uaf_reclaim+0x1f/0x60 [ 13.249571] rcu_core+0x66f/0x1c40 [ 13.249860] rcu_core_si+0x12/0x20 [ 13.249994] handle_softirqs+0x209/0x730 [ 13.250387] __irq_exit_rcu+0xc9/0x110 [ 13.251128] irq_exit_rcu+0x12/0x20 [ 13.251608] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.251788] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.252698] [ 13.252947] Last potentially related work creation: [ 13.253497] kasan_save_stack+0x45/0x70 [ 13.253830] kasan_record_aux_stack+0xb2/0xc0 [ 13.254473] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 13.255169] call_rcu+0x12/0x20 [ 13.255311] rcu_uaf+0x168/0x330 [ 13.255453] kunit_try_run_case+0x1a5/0x480 [ 13.255636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.256411] kthread+0x337/0x6f0 [ 13.256944] ret_from_fork+0x116/0x1d0 [ 13.257726] ret_from_fork_asm+0x1a/0x30 [ 13.258297] [ 13.258561] The buggy address belongs to the object at ffff888103944040 [ 13.258561] which belongs to the cache kmalloc-32 of size 32 [ 13.259765] The buggy address is located 0 bytes inside of [ 13.259765] freed 32-byte region [ffff888103944040, ffff888103944060) [ 13.260133] [ 13.260214] The buggy address belongs to the physical page: [ 13.260390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103944 [ 13.260767] flags: 0x200000000000000(node=0|zone=2) [ 13.261009] page_type: f5(slab) [ 13.261183] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.261772] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.262203] page dumped because: kasan: bad access detected [ 13.262450] [ 13.262546] Memory state around the buggy address: [ 13.262769] ffff888103943f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.263156] ffff888103943f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.263475] >ffff888103944000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.263782] ^ [ 13.264004] ffff888103944080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.264338] ffff888103944100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.264678] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 13.119737] ================================================================== [ 13.120776] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 13.121003] Read of size 1 at addr ffff88810313a800 by task kunit_try_catch/214 [ 13.121240] [ 13.121331] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.121374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.121386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.121448] Call Trace: [ 13.121462] <TASK> [ 13.121478] dump_stack_lvl+0x73/0xb0 [ 13.121507] print_report+0xd1/0x610 [ 13.121529] ? __virt_addr_valid+0x1db/0x2d0 [ 13.121552] ? ksize_uaf+0x19d/0x6c0 [ 13.121579] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.121600] ? ksize_uaf+0x19d/0x6c0 [ 13.121621] kasan_report+0x141/0x180 [ 13.121642] ? ksize_uaf+0x19d/0x6c0 [ 13.121666] ? ksize_uaf+0x19d/0x6c0 [ 13.121686] __kasan_check_byte+0x3d/0x50 [ 13.121707] ksize+0x20/0x60 [ 13.121727] ksize_uaf+0x19d/0x6c0 [ 13.121747] ? __pfx_ksize_uaf+0x10/0x10 [ 13.121768] ? __schedule+0x2079/0x2b60 [ 13.121790] ? __pfx_read_tsc+0x10/0x10 [ 13.121830] ? ktime_get_ts64+0x86/0x230 [ 13.121855] kunit_try_run_case+0x1a5/0x480 [ 13.121890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.121912] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.121935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.121958] ? __kthread_parkme+0x82/0x180 [ 13.121978] ? preempt_count_sub+0x50/0x80 [ 13.122002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.122042] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.122064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.122087] kthread+0x337/0x6f0 [ 13.122106] ? trace_preempt_on+0x20/0xc0 [ 13.122129] ? __pfx_kthread+0x10/0x10 [ 13.122149] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.122169] ? calculate_sigpending+0x7b/0xa0 [ 13.122192] ? __pfx_kthread+0x10/0x10 [ 13.122213] ret_from_fork+0x116/0x1d0 [ 13.122230] ? __pfx_kthread+0x10/0x10 [ 13.122251] ret_from_fork_asm+0x1a/0x30 [ 13.122292] </TASK> [ 13.122302] [ 13.136466] Allocated by task 214: [ 13.136932] kasan_save_stack+0x45/0x70 [ 13.137438] kasan_save_track+0x18/0x40 [ 13.137923] kasan_save_alloc_info+0x3b/0x50 [ 13.138515] __kasan_kmalloc+0xb7/0xc0 [ 13.138915] __kmalloc_cache_noprof+0x189/0x420 [ 13.139621] ksize_uaf+0xaa/0x6c0 [ 13.139995] kunit_try_run_case+0x1a5/0x480 [ 13.140458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.140773] kthread+0x337/0x6f0 [ 13.141179] ret_from_fork+0x116/0x1d0 [ 13.141576] ret_from_fork_asm+0x1a/0x30 [ 13.141729] [ 13.141801] Freed by task 214: [ 13.141912] kasan_save_stack+0x45/0x70 [ 13.142147] kasan_save_track+0x18/0x40 [ 13.142622] kasan_save_free_info+0x3f/0x60 [ 13.143058] __kasan_slab_free+0x56/0x70 [ 13.143552] kfree+0x222/0x3f0 [ 13.143899] ksize_uaf+0x12c/0x6c0 [ 13.144439] kunit_try_run_case+0x1a5/0x480 [ 13.144885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.145063] kthread+0x337/0x6f0 [ 13.145477] ret_from_fork+0x116/0x1d0 [ 13.145894] ret_from_fork_asm+0x1a/0x30 [ 13.146362] [ 13.146526] The buggy address belongs to the object at ffff88810313a800 [ 13.146526] which belongs to the cache kmalloc-128 of size 128 [ 13.147471] The buggy address is located 0 bytes inside of [ 13.147471] freed 128-byte region [ffff88810313a800, ffff88810313a880) [ 13.148328] [ 13.148417] The buggy address belongs to the physical page: [ 13.148587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 13.148830] flags: 0x200000000000000(node=0|zone=2) [ 13.148992] page_type: f5(slab) [ 13.149497] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.150293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.151080] page dumped because: kasan: bad access detected [ 13.151627] [ 13.151823] Memory state around the buggy address: [ 13.152337] ffff88810313a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.153115] ffff88810313a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.153724] >ffff88810313a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.153941] ^ [ 13.154264] ffff88810313a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.154954] ffff88810313a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.155809] ================================================================== [ 13.156767] ================================================================== [ 13.157010] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 13.157225] Read of size 1 at addr ffff88810313a800 by task kunit_try_catch/214 [ 13.157634] [ 13.157858] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.157909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.157921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.157942] Call Trace: [ 13.157958] <TASK> [ 13.157976] dump_stack_lvl+0x73/0xb0 [ 13.158004] print_report+0xd1/0x610 [ 13.158077] ? __virt_addr_valid+0x1db/0x2d0 [ 13.158110] ? ksize_uaf+0x5fe/0x6c0 [ 13.158131] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.158152] ? ksize_uaf+0x5fe/0x6c0 [ 13.158174] kasan_report+0x141/0x180 [ 13.158195] ? ksize_uaf+0x5fe/0x6c0 [ 13.158221] __asan_report_load1_noabort+0x18/0x20 [ 13.158245] ksize_uaf+0x5fe/0x6c0 [ 13.158265] ? __pfx_ksize_uaf+0x10/0x10 [ 13.158286] ? __schedule+0x2079/0x2b60 [ 13.158308] ? __pfx_read_tsc+0x10/0x10 [ 13.158329] ? ktime_get_ts64+0x86/0x230 [ 13.158355] kunit_try_run_case+0x1a5/0x480 [ 13.158379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.158410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.158434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.158457] ? __kthread_parkme+0x82/0x180 [ 13.158477] ? preempt_count_sub+0x50/0x80 [ 13.158501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.158524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.158546] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.158569] kthread+0x337/0x6f0 [ 13.158588] ? trace_preempt_on+0x20/0xc0 [ 13.158627] ? __pfx_kthread+0x10/0x10 [ 13.158648] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.158668] ? calculate_sigpending+0x7b/0xa0 [ 13.158703] ? __pfx_kthread+0x10/0x10 [ 13.158724] ret_from_fork+0x116/0x1d0 [ 13.158742] ? __pfx_kthread+0x10/0x10 [ 13.158762] ret_from_fork_asm+0x1a/0x30 [ 13.158793] </TASK> [ 13.158803] [ 13.171366] Allocated by task 214: [ 13.171723] kasan_save_stack+0x45/0x70 [ 13.171875] kasan_save_track+0x18/0x40 [ 13.172021] kasan_save_alloc_info+0x3b/0x50 [ 13.172172] __kasan_kmalloc+0xb7/0xc0 [ 13.172306] __kmalloc_cache_noprof+0x189/0x420 [ 13.172482] ksize_uaf+0xaa/0x6c0 [ 13.172642] kunit_try_run_case+0x1a5/0x480 [ 13.172900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.173436] kthread+0x337/0x6f0 [ 13.173581] ret_from_fork+0x116/0x1d0 [ 13.173839] ret_from_fork_asm+0x1a/0x30 [ 13.173985] [ 13.174057] Freed by task 214: [ 13.174168] kasan_save_stack+0x45/0x70 [ 13.174304] kasan_save_track+0x18/0x40 [ 13.174451] kasan_save_free_info+0x3f/0x60 [ 13.174599] __kasan_slab_free+0x56/0x70 [ 13.174736] kfree+0x222/0x3f0 [ 13.174852] ksize_uaf+0x12c/0x6c0 [ 13.174977] kunit_try_run_case+0x1a5/0x480 [ 13.175217] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.175415] kthread+0x337/0x6f0 [ 13.175538] ret_from_fork+0x116/0x1d0 [ 13.175671] ret_from_fork_asm+0x1a/0x30 [ 13.175811] [ 13.175883] The buggy address belongs to the object at ffff88810313a800 [ 13.175883] which belongs to the cache kmalloc-128 of size 128 [ 13.176390] The buggy address is located 0 bytes inside of [ 13.176390] freed 128-byte region [ffff88810313a800, ffff88810313a880) [ 13.177084] [ 13.177183] The buggy address belongs to the physical page: [ 13.177632] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 13.177989] flags: 0x200000000000000(node=0|zone=2) [ 13.178229] page_type: f5(slab) [ 13.178353] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.178778] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.179554] page dumped because: kasan: bad access detected [ 13.179877] [ 13.179967] Memory state around the buggy address: [ 13.180209] ffff88810313a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.180445] ffff88810313a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.180836] >ffff88810313a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.181249] ^ [ 13.181447] ffff88810313a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.181672] ffff88810313a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.182057] ================================================================== [ 13.182490] ================================================================== [ 13.183154] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 13.183544] Read of size 1 at addr ffff88810313a878 by task kunit_try_catch/214 [ 13.183999] [ 13.184252] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.184297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.184309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.184341] Call Trace: [ 13.184358] <TASK> [ 13.184373] dump_stack_lvl+0x73/0xb0 [ 13.184411] print_report+0xd1/0x610 [ 13.184432] ? __virt_addr_valid+0x1db/0x2d0 [ 13.184463] ? ksize_uaf+0x5e4/0x6c0 [ 13.184484] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.184505] ? ksize_uaf+0x5e4/0x6c0 [ 13.184536] kasan_report+0x141/0x180 [ 13.184558] ? ksize_uaf+0x5e4/0x6c0 [ 13.184584] __asan_report_load1_noabort+0x18/0x20 [ 13.184607] ksize_uaf+0x5e4/0x6c0 [ 13.184628] ? __pfx_ksize_uaf+0x10/0x10 [ 13.184658] ? __schedule+0x2079/0x2b60 [ 13.184684] ? __pfx_read_tsc+0x10/0x10 [ 13.184704] ? ktime_get_ts64+0x86/0x230 [ 13.184741] kunit_try_run_case+0x1a5/0x480 [ 13.184777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.184799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.184822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.184844] ? __kthread_parkme+0x82/0x180 [ 13.184873] ? preempt_count_sub+0x50/0x80 [ 13.184896] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.184920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.184952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.184975] kthread+0x337/0x6f0 [ 13.184994] ? trace_preempt_on+0x20/0xc0 [ 13.185017] ? __pfx_kthread+0x10/0x10 [ 13.185037] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.185058] ? calculate_sigpending+0x7b/0xa0 [ 13.185081] ? __pfx_kthread+0x10/0x10 [ 13.185102] ret_from_fork+0x116/0x1d0 [ 13.185120] ? __pfx_kthread+0x10/0x10 [ 13.185140] ret_from_fork_asm+0x1a/0x30 [ 13.185171] </TASK> [ 13.185181] [ 13.193392] Allocated by task 214: [ 13.193542] kasan_save_stack+0x45/0x70 [ 13.193784] kasan_save_track+0x18/0x40 [ 13.194005] kasan_save_alloc_info+0x3b/0x50 [ 13.194165] __kasan_kmalloc+0xb7/0xc0 [ 13.194299] __kmalloc_cache_noprof+0x189/0x420 [ 13.194468] ksize_uaf+0xaa/0x6c0 [ 13.194593] kunit_try_run_case+0x1a5/0x480 [ 13.194741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.194916] kthread+0x337/0x6f0 [ 13.195037] ret_from_fork+0x116/0x1d0 [ 13.195170] ret_from_fork_asm+0x1a/0x30 [ 13.195309] [ 13.195414] Freed by task 214: [ 13.195737] kasan_save_stack+0x45/0x70 [ 13.195937] kasan_save_track+0x18/0x40 [ 13.196298] kasan_save_free_info+0x3f/0x60 [ 13.196521] __kasan_slab_free+0x56/0x70 [ 13.196724] kfree+0x222/0x3f0 [ 13.196908] ksize_uaf+0x12c/0x6c0 [ 13.197188] kunit_try_run_case+0x1a5/0x480 [ 13.197421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.197775] kthread+0x337/0x6f0 [ 13.197915] ret_from_fork+0x116/0x1d0 [ 13.198101] ret_from_fork_asm+0x1a/0x30 [ 13.198301] [ 13.198408] The buggy address belongs to the object at ffff88810313a800 [ 13.198408] which belongs to the cache kmalloc-128 of size 128 [ 13.199192] The buggy address is located 120 bytes inside of [ 13.199192] freed 128-byte region [ffff88810313a800, ffff88810313a880) [ 13.199578] [ 13.199738] The buggy address belongs to the physical page: [ 13.199994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 13.200553] flags: 0x200000000000000(node=0|zone=2) [ 13.200825] page_type: f5(slab) [ 13.200971] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.201466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.201780] page dumped because: kasan: bad access detected [ 13.201960] [ 13.202072] Memory state around the buggy address: [ 13.202308] ffff88810313a700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.202693] ffff88810313a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.202984] >ffff88810313a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.203389] ^ [ 13.203747] ffff88810313a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.204185] ffff88810313a900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.204492] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 13.076545] ================================================================== [ 13.076897] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.077200] Read of size 1 at addr ffff888101bc1678 by task kunit_try_catch/212 [ 13.077505] [ 13.077604] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.077647] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.077659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.077680] Call Trace: [ 13.077695] <TASK> [ 13.077710] dump_stack_lvl+0x73/0xb0 [ 13.077739] print_report+0xd1/0x610 [ 13.077760] ? __virt_addr_valid+0x1db/0x2d0 [ 13.077781] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.077804] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.077826] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.077849] kasan_report+0x141/0x180 [ 13.077871] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.077899] __asan_report_load1_noabort+0x18/0x20 [ 13.077922] ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.077946] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.077967] ? finish_task_switch.isra.0+0x153/0x700 [ 13.077988] ? __switch_to+0x47/0xf50 [ 13.078015] ? __schedule+0x10c6/0x2b60 [ 13.078037] ? __pfx_read_tsc+0x10/0x10 [ 13.078057] ? ktime_get_ts64+0x86/0x230 [ 13.078083] kunit_try_run_case+0x1a5/0x480 [ 13.078107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.078129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.078152] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.078175] ? __kthread_parkme+0x82/0x180 [ 13.078194] ? preempt_count_sub+0x50/0x80 [ 13.078217] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.078240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.078263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.078286] kthread+0x337/0x6f0 [ 13.078305] ? trace_preempt_on+0x20/0xc0 [ 13.078327] ? __pfx_kthread+0x10/0x10 [ 13.078348] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.078368] ? calculate_sigpending+0x7b/0xa0 [ 13.078391] ? __pfx_kthread+0x10/0x10 [ 13.078569] ret_from_fork+0x116/0x1d0 [ 13.078589] ? __pfx_kthread+0x10/0x10 [ 13.078609] ret_from_fork_asm+0x1a/0x30 [ 13.078641] </TASK> [ 13.078651] [ 13.086559] Allocated by task 212: [ 13.086877] kasan_save_stack+0x45/0x70 [ 13.087198] kasan_save_track+0x18/0x40 [ 13.087422] kasan_save_alloc_info+0x3b/0x50 [ 13.087656] __kasan_kmalloc+0xb7/0xc0 [ 13.087800] __kmalloc_cache_noprof+0x189/0x420 [ 13.087968] ksize_unpoisons_memory+0xc7/0x9b0 [ 13.088432] kunit_try_run_case+0x1a5/0x480 [ 13.088687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.088865] kthread+0x337/0x6f0 [ 13.089091] ret_from_fork+0x116/0x1d0 [ 13.089292] ret_from_fork_asm+0x1a/0x30 [ 13.089498] [ 13.089571] The buggy address belongs to the object at ffff888101bc1600 [ 13.089571] which belongs to the cache kmalloc-128 of size 128 [ 13.089930] The buggy address is located 5 bytes to the right of [ 13.089930] allocated 115-byte region [ffff888101bc1600, ffff888101bc1673) [ 13.090367] [ 13.090471] The buggy address belongs to the physical page: [ 13.090721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 13.091461] flags: 0x200000000000000(node=0|zone=2) [ 13.091871] page_type: f5(slab) [ 13.092019] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.092293] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.092533] page dumped because: kasan: bad access detected [ 13.093096] [ 13.093197] Memory state around the buggy address: [ 13.093413] ffff888101bc1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.093709] ffff888101bc1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.093983] >ffff888101bc1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.094361] ^ [ 13.094687] ffff888101bc1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.094972] ffff888101bc1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.095461] ================================================================== [ 13.054270] ================================================================== [ 13.054924] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 13.055602] Read of size 1 at addr ffff888101bc1673 by task kunit_try_catch/212 [ 13.056367] [ 13.056568] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.056643] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.056655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.056682] Call Trace: [ 13.056695] <TASK> [ 13.056714] dump_stack_lvl+0x73/0xb0 [ 13.056746] print_report+0xd1/0x610 [ 13.056769] ? __virt_addr_valid+0x1db/0x2d0 [ 13.056793] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 13.056815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.056836] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 13.056860] kasan_report+0x141/0x180 [ 13.056881] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 13.056910] __asan_report_load1_noabort+0x18/0x20 [ 13.056933] ksize_unpoisons_memory+0x81c/0x9b0 [ 13.056956] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.056978] ? finish_task_switch.isra.0+0x153/0x700 [ 13.057000] ? __switch_to+0x47/0xf50 [ 13.057098] ? __schedule+0x10c6/0x2b60 [ 13.057122] ? __pfx_read_tsc+0x10/0x10 [ 13.057143] ? ktime_get_ts64+0x86/0x230 [ 13.057168] kunit_try_run_case+0x1a5/0x480 [ 13.057194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.057215] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.057238] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.057261] ? __kthread_parkme+0x82/0x180 [ 13.057283] ? preempt_count_sub+0x50/0x80 [ 13.057306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.057329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.057352] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.057375] kthread+0x337/0x6f0 [ 13.057394] ? trace_preempt_on+0x20/0xc0 [ 13.057430] ? __pfx_kthread+0x10/0x10 [ 13.057450] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.057471] ? calculate_sigpending+0x7b/0xa0 [ 13.057495] ? __pfx_kthread+0x10/0x10 [ 13.057516] ret_from_fork+0x116/0x1d0 [ 13.057535] ? __pfx_kthread+0x10/0x10 [ 13.057555] ret_from_fork_asm+0x1a/0x30 [ 13.057606] </TASK> [ 13.057618] [ 13.065321] Allocated by task 212: [ 13.065501] kasan_save_stack+0x45/0x70 [ 13.065665] kasan_save_track+0x18/0x40 [ 13.065880] kasan_save_alloc_info+0x3b/0x50 [ 13.066188] __kasan_kmalloc+0xb7/0xc0 [ 13.066374] __kmalloc_cache_noprof+0x189/0x420 [ 13.066580] ksize_unpoisons_memory+0xc7/0x9b0 [ 13.066824] kunit_try_run_case+0x1a5/0x480 [ 13.066988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.067292] kthread+0x337/0x6f0 [ 13.067483] ret_from_fork+0x116/0x1d0 [ 13.067681] ret_from_fork_asm+0x1a/0x30 [ 13.067864] [ 13.067962] The buggy address belongs to the object at ffff888101bc1600 [ 13.067962] which belongs to the cache kmalloc-128 of size 128 [ 13.068518] The buggy address is located 0 bytes to the right of [ 13.068518] allocated 115-byte region [ffff888101bc1600, ffff888101bc1673) [ 13.068926] [ 13.069003] The buggy address belongs to the physical page: [ 13.069418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 13.069800] flags: 0x200000000000000(node=0|zone=2) [ 13.070135] page_type: f5(slab) [ 13.070316] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.070694] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.070966] page dumped because: kasan: bad access detected [ 13.071282] [ 13.071382] Memory state around the buggy address: [ 13.071640] ffff888101bc1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.071957] ffff888101bc1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.072322] >ffff888101bc1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.072657] ^ [ 13.072950] ffff888101bc1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.073415] ffff888101bc1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.073720] ================================================================== [ 13.095987] ================================================================== [ 13.096585] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.096900] Read of size 1 at addr ffff888101bc167f by task kunit_try_catch/212 [ 13.097333] [ 13.097442] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.097485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.097497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.097517] Call Trace: [ 13.097531] <TASK> [ 13.097545] dump_stack_lvl+0x73/0xb0 [ 13.097572] print_report+0xd1/0x610 [ 13.097609] ? __virt_addr_valid+0x1db/0x2d0 [ 13.097630] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.097652] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.097674] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.097697] kasan_report+0x141/0x180 [ 13.097718] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.097747] __asan_report_load1_noabort+0x18/0x20 [ 13.097770] ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.097793] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.097815] ? finish_task_switch.isra.0+0x153/0x700 [ 13.097836] ? __switch_to+0x47/0xf50 [ 13.097862] ? __schedule+0x10c6/0x2b60 [ 13.097884] ? __pfx_read_tsc+0x10/0x10 [ 13.097903] ? ktime_get_ts64+0x86/0x230 [ 13.097929] kunit_try_run_case+0x1a5/0x480 [ 13.097953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097975] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.097998] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.098021] ? __kthread_parkme+0x82/0x180 [ 13.098092] ? preempt_count_sub+0x50/0x80 [ 13.098115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.098139] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.098162] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.098185] kthread+0x337/0x6f0 [ 13.098204] ? trace_preempt_on+0x20/0xc0 [ 13.098226] ? __pfx_kthread+0x10/0x10 [ 13.098247] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.098267] ? calculate_sigpending+0x7b/0xa0 [ 13.098291] ? __pfx_kthread+0x10/0x10 [ 13.098312] ret_from_fork+0x116/0x1d0 [ 13.098330] ? __pfx_kthread+0x10/0x10 [ 13.098350] ret_from_fork_asm+0x1a/0x30 [ 13.098382] </TASK> [ 13.098391] [ 13.106474] Allocated by task 212: [ 13.106684] kasan_save_stack+0x45/0x70 [ 13.106886] kasan_save_track+0x18/0x40 [ 13.107081] kasan_save_alloc_info+0x3b/0x50 [ 13.107444] __kasan_kmalloc+0xb7/0xc0 [ 13.107663] __kmalloc_cache_noprof+0x189/0x420 [ 13.107861] ksize_unpoisons_memory+0xc7/0x9b0 [ 13.108042] kunit_try_run_case+0x1a5/0x480 [ 13.108192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.108456] kthread+0x337/0x6f0 [ 13.108757] ret_from_fork+0x116/0x1d0 [ 13.108942] ret_from_fork_asm+0x1a/0x30 [ 13.109168] [ 13.109240] The buggy address belongs to the object at ffff888101bc1600 [ 13.109240] which belongs to the cache kmalloc-128 of size 128 [ 13.109605] The buggy address is located 12 bytes to the right of [ 13.109605] allocated 115-byte region [ffff888101bc1600, ffff888101bc1673) [ 13.109976] [ 13.110050] The buggy address belongs to the physical page: [ 13.110223] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 13.110775] flags: 0x200000000000000(node=0|zone=2) [ 13.111008] page_type: f5(slab) [ 13.111216] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.111558] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.112197] page dumped because: kasan: bad access detected [ 13.112378] [ 13.112462] Memory state around the buggy address: [ 13.112684] ffff888101bc1500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.113002] ffff888101bc1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.113336] >ffff888101bc1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.113676] ^ [ 13.113948] ffff888101bc1680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.114225] ffff888101bc1700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.114536] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 13.015150] ================================================================== [ 13.015508] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 13.016071] Free of addr ffff8881017e0440 by task kunit_try_catch/210 [ 13.016940] [ 13.017146] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.017206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.017219] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.017239] Call Trace: [ 13.017388] <TASK> [ 13.017418] dump_stack_lvl+0x73/0xb0 [ 13.017449] print_report+0xd1/0x610 [ 13.017472] ? __virt_addr_valid+0x1db/0x2d0 [ 13.017495] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.017516] ? kfree_sensitive+0x2e/0x90 [ 13.017537] kasan_report_invalid_free+0x10a/0x130 [ 13.017561] ? kfree_sensitive+0x2e/0x90 [ 13.017582] ? kfree_sensitive+0x2e/0x90 [ 13.017613] check_slab_allocation+0x101/0x130 [ 13.017634] __kasan_slab_pre_free+0x28/0x40 [ 13.017654] kfree+0xf0/0x3f0 [ 13.017675] ? kfree_sensitive+0x2e/0x90 [ 13.017697] kfree_sensitive+0x2e/0x90 [ 13.017717] kmalloc_double_kzfree+0x19c/0x350 [ 13.017739] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 13.017763] ? __schedule+0x10c6/0x2b60 [ 13.017785] ? __pfx_read_tsc+0x10/0x10 [ 13.017805] ? ktime_get_ts64+0x86/0x230 [ 13.017831] kunit_try_run_case+0x1a5/0x480 [ 13.017856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.017878] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.017902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.017925] ? __kthread_parkme+0x82/0x180 [ 13.017945] ? preempt_count_sub+0x50/0x80 [ 13.017968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.017992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.018014] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.018048] kthread+0x337/0x6f0 [ 13.018067] ? trace_preempt_on+0x20/0xc0 [ 13.018089] ? __pfx_kthread+0x10/0x10 [ 13.018109] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.018130] ? calculate_sigpending+0x7b/0xa0 [ 13.018153] ? __pfx_kthread+0x10/0x10 [ 13.018175] ret_from_fork+0x116/0x1d0 [ 13.018192] ? __pfx_kthread+0x10/0x10 [ 13.018212] ret_from_fork_asm+0x1a/0x30 [ 13.018244] </TASK> [ 13.018254] [ 13.031876] Allocated by task 210: [ 13.032176] kasan_save_stack+0x45/0x70 [ 13.032376] kasan_save_track+0x18/0x40 [ 13.032922] kasan_save_alloc_info+0x3b/0x50 [ 13.033515] __kasan_kmalloc+0xb7/0xc0 [ 13.033905] __kmalloc_cache_noprof+0x189/0x420 [ 13.034158] kmalloc_double_kzfree+0xa9/0x350 [ 13.034420] kunit_try_run_case+0x1a5/0x480 [ 13.034961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.035386] kthread+0x337/0x6f0 [ 13.035575] ret_from_fork+0x116/0x1d0 [ 13.035755] ret_from_fork_asm+0x1a/0x30 [ 13.035956] [ 13.036429] Freed by task 210: [ 13.036916] kasan_save_stack+0x45/0x70 [ 13.037306] kasan_save_track+0x18/0x40 [ 13.037503] kasan_save_free_info+0x3f/0x60 [ 13.037699] __kasan_slab_free+0x56/0x70 [ 13.037998] kfree+0x222/0x3f0 [ 13.038157] kfree_sensitive+0x67/0x90 [ 13.038632] kmalloc_double_kzfree+0x12b/0x350 [ 13.039086] kunit_try_run_case+0x1a5/0x480 [ 13.039591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.040150] kthread+0x337/0x6f0 [ 13.040745] ret_from_fork+0x116/0x1d0 [ 13.040914] ret_from_fork_asm+0x1a/0x30 [ 13.041232] [ 13.041443] The buggy address belongs to the object at ffff8881017e0440 [ 13.041443] which belongs to the cache kmalloc-16 of size 16 [ 13.042547] The buggy address is located 0 bytes inside of [ 13.042547] 16-byte region [ffff8881017e0440, ffff8881017e0450) [ 13.043281] [ 13.043487] The buggy address belongs to the physical page: [ 13.044072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017e0 [ 13.044568] flags: 0x200000000000000(node=0|zone=2) [ 13.045254] page_type: f5(slab) [ 13.045542] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.046163] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.046554] page dumped because: kasan: bad access detected [ 13.046992] [ 13.047206] Memory state around the buggy address: [ 13.047689] ffff8881017e0300: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc [ 13.048224] ffff8881017e0380: 00 04 fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 13.048643] >ffff8881017e0400: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 13.048871] ^ [ 13.049102] ffff8881017e0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.049858] ffff8881017e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.050675] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 12.988921] ================================================================== [ 12.989807] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 12.990169] Read of size 1 at addr ffff8881017e0440 by task kunit_try_catch/210 [ 12.990777] [ 12.990887] CPU: 0 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.990934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.990946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.990968] Call Trace: [ 12.990981] <TASK> [ 12.990998] dump_stack_lvl+0x73/0xb0 [ 12.991039] print_report+0xd1/0x610 [ 12.991060] ? __virt_addr_valid+0x1db/0x2d0 [ 12.991082] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.991104] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.991125] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.991148] kasan_report+0x141/0x180 [ 12.991170] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.991196] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.991219] __kasan_check_byte+0x3d/0x50 [ 12.991240] kfree_sensitive+0x22/0x90 [ 12.991262] kmalloc_double_kzfree+0x19c/0x350 [ 12.991284] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.991307] ? __schedule+0x10c6/0x2b60 [ 12.991330] ? __pfx_read_tsc+0x10/0x10 [ 12.991351] ? ktime_get_ts64+0x86/0x230 [ 12.991378] kunit_try_run_case+0x1a5/0x480 [ 12.991411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.991433] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.991457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.991479] ? __kthread_parkme+0x82/0x180 [ 12.991499] ? preempt_count_sub+0x50/0x80 [ 12.991523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.991547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.991569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.991592] kthread+0x337/0x6f0 [ 12.991611] ? trace_preempt_on+0x20/0xc0 [ 12.991634] ? __pfx_kthread+0x10/0x10 [ 12.991654] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.991675] ? calculate_sigpending+0x7b/0xa0 [ 12.991698] ? __pfx_kthread+0x10/0x10 [ 12.991721] ret_from_fork+0x116/0x1d0 [ 12.991739] ? __pfx_kthread+0x10/0x10 [ 12.991759] ret_from_fork_asm+0x1a/0x30 [ 12.991791] </TASK> [ 12.991801] [ 13.000660] Allocated by task 210: [ 13.000870] kasan_save_stack+0x45/0x70 [ 13.001235] kasan_save_track+0x18/0x40 [ 13.001425] kasan_save_alloc_info+0x3b/0x50 [ 13.001577] __kasan_kmalloc+0xb7/0xc0 [ 13.001833] __kmalloc_cache_noprof+0x189/0x420 [ 13.002173] kmalloc_double_kzfree+0xa9/0x350 [ 13.002428] kunit_try_run_case+0x1a5/0x480 [ 13.002725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.002999] kthread+0x337/0x6f0 [ 13.003275] ret_from_fork+0x116/0x1d0 [ 13.003424] ret_from_fork_asm+0x1a/0x30 [ 13.003646] [ 13.003746] Freed by task 210: [ 13.003904] kasan_save_stack+0x45/0x70 [ 13.004255] kasan_save_track+0x18/0x40 [ 13.004413] kasan_save_free_info+0x3f/0x60 [ 13.004616] __kasan_slab_free+0x56/0x70 [ 13.004891] kfree+0x222/0x3f0 [ 13.005161] kfree_sensitive+0x67/0x90 [ 13.005408] kmalloc_double_kzfree+0x12b/0x350 [ 13.005613] kunit_try_run_case+0x1a5/0x480 [ 13.005793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.006213] kthread+0x337/0x6f0 [ 13.006433] ret_from_fork+0x116/0x1d0 [ 13.006609] ret_from_fork_asm+0x1a/0x30 [ 13.006807] [ 13.006905] The buggy address belongs to the object at ffff8881017e0440 [ 13.006905] which belongs to the cache kmalloc-16 of size 16 [ 13.007425] The buggy address is located 0 bytes inside of [ 13.007425] freed 16-byte region [ffff8881017e0440, ffff8881017e0450) [ 13.007906] [ 13.008005] The buggy address belongs to the physical page: [ 13.008216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017e0 [ 13.008739] flags: 0x200000000000000(node=0|zone=2) [ 13.008935] page_type: f5(slab) [ 13.009118] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.009355] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.009765] page dumped because: kasan: bad access detected [ 13.010126] [ 13.010227] Memory state around the buggy address: [ 13.010518] ffff8881017e0300: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc [ 13.010793] ffff8881017e0380: 00 04 fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 13.011149] >ffff8881017e0400: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 13.011528] ^ [ 13.011851] ffff8881017e0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.012559] ffff8881017e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.013105] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 12.952036] ================================================================== [ 12.952945] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 12.954113] Read of size 1 at addr ffff888103144fa8 by task kunit_try_catch/206 [ 12.954906] [ 12.955022] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.955074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.955087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.955111] Call Trace: [ 12.955124] <TASK> [ 12.955143] dump_stack_lvl+0x73/0xb0 [ 12.955177] print_report+0xd1/0x610 [ 12.955199] ? __virt_addr_valid+0x1db/0x2d0 [ 12.955224] ? kmalloc_uaf2+0x4a8/0x520 [ 12.955244] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.955265] ? kmalloc_uaf2+0x4a8/0x520 [ 12.955286] kasan_report+0x141/0x180 [ 12.955308] ? kmalloc_uaf2+0x4a8/0x520 [ 12.955333] __asan_report_load1_noabort+0x18/0x20 [ 12.955357] kmalloc_uaf2+0x4a8/0x520 [ 12.955376] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 12.955405] ? finish_task_switch.isra.0+0x153/0x700 [ 12.955428] ? __switch_to+0x47/0xf50 [ 12.955456] ? __schedule+0x10c6/0x2b60 [ 12.955478] ? __pfx_read_tsc+0x10/0x10 [ 12.955499] ? ktime_get_ts64+0x86/0x230 [ 12.955526] kunit_try_run_case+0x1a5/0x480 [ 12.955552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.955598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.955621] ? __kthread_parkme+0x82/0x180 [ 12.955641] ? preempt_count_sub+0x50/0x80 [ 12.955665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.955711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.955734] kthread+0x337/0x6f0 [ 12.955753] ? trace_preempt_on+0x20/0xc0 [ 12.955778] ? __pfx_kthread+0x10/0x10 [ 12.956136] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.956165] ? calculate_sigpending+0x7b/0xa0 [ 12.956192] ? __pfx_kthread+0x10/0x10 [ 12.956214] ret_from_fork+0x116/0x1d0 [ 12.956233] ? __pfx_kthread+0x10/0x10 [ 12.956254] ret_from_fork_asm+0x1a/0x30 [ 12.956287] </TASK> [ 12.956300] [ 12.969032] Allocated by task 206: [ 12.969175] kasan_save_stack+0x45/0x70 [ 12.969325] kasan_save_track+0x18/0x40 [ 12.969497] kasan_save_alloc_info+0x3b/0x50 [ 12.969677] __kasan_kmalloc+0xb7/0xc0 [ 12.969813] __kmalloc_cache_noprof+0x189/0x420 [ 12.969974] kmalloc_uaf2+0xc6/0x520 [ 12.970104] kunit_try_run_case+0x1a5/0x480 [ 12.970321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.970823] kthread+0x337/0x6f0 [ 12.971249] ret_from_fork+0x116/0x1d0 [ 12.971413] ret_from_fork_asm+0x1a/0x30 [ 12.972287] [ 12.972369] Freed by task 206: [ 12.973018] kasan_save_stack+0x45/0x70 [ 12.973260] kasan_save_track+0x18/0x40 [ 12.973638] kasan_save_free_info+0x3f/0x60 [ 12.973834] __kasan_slab_free+0x56/0x70 [ 12.974216] kfree+0x222/0x3f0 [ 12.974414] kmalloc_uaf2+0x14c/0x520 [ 12.974817] kunit_try_run_case+0x1a5/0x480 [ 12.975136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.975383] kthread+0x337/0x6f0 [ 12.975731] ret_from_fork+0x116/0x1d0 [ 12.975931] ret_from_fork_asm+0x1a/0x30 [ 12.976228] [ 12.976337] The buggy address belongs to the object at ffff888103144f80 [ 12.976337] which belongs to the cache kmalloc-64 of size 64 [ 12.977027] The buggy address is located 40 bytes inside of [ 12.977027] freed 64-byte region [ffff888103144f80, ffff888103144fc0) [ 12.977738] [ 12.977997] The buggy address belongs to the physical page: [ 12.978229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103144 [ 12.978721] flags: 0x200000000000000(node=0|zone=2) [ 12.979020] page_type: f5(slab) [ 12.979220] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.979755] raw: 0000000000000000 0000000000200020 00000000f5000000 0000000000000000 [ 12.980222] page dumped because: kasan: bad access detected [ 12.980468] [ 12.980568] Memory state around the buggy address: [ 12.980993] ffff888103144e80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.981468] ffff888103144f00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.982033] >ffff888103144f80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.982617] ^ [ 12.982832] ffff888103145000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.983433] ffff888103145080: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.983874] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 12.908856] ================================================================== [ 12.909619] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 12.910109] Write of size 33 at addr ffff88810315f680 by task kunit_try_catch/204 [ 12.910555] [ 12.910652] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.910746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.910758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.910780] Call Trace: [ 12.910793] <TASK> [ 12.910824] dump_stack_lvl+0x73/0xb0 [ 12.910869] print_report+0xd1/0x610 [ 12.910904] ? __virt_addr_valid+0x1db/0x2d0 [ 12.910926] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.910947] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.910969] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.910990] kasan_report+0x141/0x180 [ 12.911012] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.911039] kasan_check_range+0x10c/0x1c0 [ 12.911062] __asan_memset+0x27/0x50 [ 12.911081] kmalloc_uaf_memset+0x1a3/0x360 [ 12.911101] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 12.911330] ? __schedule+0x10c6/0x2b60 [ 12.911365] ? __pfx_read_tsc+0x10/0x10 [ 12.911388] ? ktime_get_ts64+0x86/0x230 [ 12.911448] kunit_try_run_case+0x1a5/0x480 [ 12.911473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.911495] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.911519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.911543] ? __kthread_parkme+0x82/0x180 [ 12.911563] ? preempt_count_sub+0x50/0x80 [ 12.911588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.911622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.911645] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.911668] kthread+0x337/0x6f0 [ 12.911688] ? trace_preempt_on+0x20/0xc0 [ 12.911712] ? __pfx_kthread+0x10/0x10 [ 12.911733] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.911754] ? calculate_sigpending+0x7b/0xa0 [ 12.911777] ? __pfx_kthread+0x10/0x10 [ 12.911799] ret_from_fork+0x116/0x1d0 [ 12.911817] ? __pfx_kthread+0x10/0x10 [ 12.911837] ret_from_fork_asm+0x1a/0x30 [ 12.911870] </TASK> [ 12.911880] [ 12.923069] Allocated by task 204: [ 12.923829] kasan_save_stack+0x45/0x70 [ 12.925040] kasan_save_track+0x18/0x40 [ 12.925224] kasan_save_alloc_info+0x3b/0x50 [ 12.925383] __kasan_kmalloc+0xb7/0xc0 [ 12.925601] __kmalloc_cache_noprof+0x189/0x420 [ 12.925834] kmalloc_uaf_memset+0xa9/0x360 [ 12.927115] kunit_try_run_case+0x1a5/0x480 [ 12.927725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.927925] kthread+0x337/0x6f0 [ 12.928303] ret_from_fork+0x116/0x1d0 [ 12.928504] ret_from_fork_asm+0x1a/0x30 [ 12.928651] [ 12.929835] Freed by task 204: [ 12.930648] kasan_save_stack+0x45/0x70 [ 12.931177] kasan_save_track+0x18/0x40 [ 12.931366] kasan_save_free_info+0x3f/0x60 [ 12.932508] __kasan_slab_free+0x56/0x70 [ 12.933325] kfree+0x222/0x3f0 [ 12.934054] kmalloc_uaf_memset+0x12b/0x360 [ 12.934473] kunit_try_run_case+0x1a5/0x480 [ 12.934682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.934909] kthread+0x337/0x6f0 [ 12.935062] ret_from_fork+0x116/0x1d0 [ 12.935235] ret_from_fork_asm+0x1a/0x30 [ 12.936298] [ 12.936894] The buggy address belongs to the object at ffff88810315f680 [ 12.936894] which belongs to the cache kmalloc-64 of size 64 [ 12.939445] The buggy address is located 0 bytes inside of [ 12.939445] freed 64-byte region [ffff88810315f680, ffff88810315f6c0) [ 12.939890] [ 12.939997] The buggy address belongs to the physical page: [ 12.940249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315f [ 12.940584] flags: 0x200000000000000(node=0|zone=2) [ 12.941768] page_type: f5(slab) [ 12.941905] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.942745] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.943044] page dumped because: kasan: bad access detected [ 12.943695] [ 12.943797] Memory state around the buggy address: [ 12.944243] ffff88810315f580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.944822] ffff88810315f600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.945098] >ffff88810315f680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.946294] ^ [ 12.946478] ffff88810315f700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.946953] ffff88810315f780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.947472] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 12.882669] ================================================================== [ 12.883205] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 12.883601] Read of size 1 at addr ffff888101b1cbe8 by task kunit_try_catch/202 [ 12.883935] [ 12.884033] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.884077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.884089] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.884110] Call Trace: [ 12.884123] <TASK> [ 12.884138] dump_stack_lvl+0x73/0xb0 [ 12.884227] print_report+0xd1/0x610 [ 12.884252] ? __virt_addr_valid+0x1db/0x2d0 [ 12.884274] ? kmalloc_uaf+0x320/0x380 [ 12.884293] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.884315] ? kmalloc_uaf+0x320/0x380 [ 12.884335] kasan_report+0x141/0x180 [ 12.884357] ? kmalloc_uaf+0x320/0x380 [ 12.884382] __asan_report_load1_noabort+0x18/0x20 [ 12.884418] kmalloc_uaf+0x320/0x380 [ 12.884437] ? __pfx_kmalloc_uaf+0x10/0x10 [ 12.884458] ? __schedule+0x10c6/0x2b60 [ 12.884480] ? __pfx_read_tsc+0x10/0x10 [ 12.884501] ? ktime_get_ts64+0x86/0x230 [ 12.884528] kunit_try_run_case+0x1a5/0x480 [ 12.884552] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.884574] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.884598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.884621] ? __kthread_parkme+0x82/0x180 [ 12.884641] ? preempt_count_sub+0x50/0x80 [ 12.884665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.884698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.884721] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.884745] kthread+0x337/0x6f0 [ 12.884764] ? trace_preempt_on+0x20/0xc0 [ 12.884787] ? __pfx_kthread+0x10/0x10 [ 12.884808] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.884829] ? calculate_sigpending+0x7b/0xa0 [ 12.884852] ? __pfx_kthread+0x10/0x10 [ 12.884874] ret_from_fork+0x116/0x1d0 [ 12.884892] ? __pfx_kthread+0x10/0x10 [ 12.884912] ret_from_fork_asm+0x1a/0x30 [ 12.884944] </TASK> [ 12.884954] [ 12.892948] Allocated by task 202: [ 12.893128] kasan_save_stack+0x45/0x70 [ 12.893319] kasan_save_track+0x18/0x40 [ 12.893543] kasan_save_alloc_info+0x3b/0x50 [ 12.893748] __kasan_kmalloc+0xb7/0xc0 [ 12.893906] __kmalloc_cache_noprof+0x189/0x420 [ 12.894061] kmalloc_uaf+0xaa/0x380 [ 12.894183] kunit_try_run_case+0x1a5/0x480 [ 12.894553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.894861] kthread+0x337/0x6f0 [ 12.895069] ret_from_fork+0x116/0x1d0 [ 12.895280] ret_from_fork_asm+0x1a/0x30 [ 12.895580] [ 12.895676] Freed by task 202: [ 12.895825] kasan_save_stack+0x45/0x70 [ 12.896093] kasan_save_track+0x18/0x40 [ 12.896264] kasan_save_free_info+0x3f/0x60 [ 12.896420] __kasan_slab_free+0x56/0x70 [ 12.896557] kfree+0x222/0x3f0 [ 12.896690] kmalloc_uaf+0x12c/0x380 [ 12.896868] kunit_try_run_case+0x1a5/0x480 [ 12.897070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.897612] kthread+0x337/0x6f0 [ 12.897788] ret_from_fork+0x116/0x1d0 [ 12.897943] ret_from_fork_asm+0x1a/0x30 [ 12.898243] [ 12.898358] The buggy address belongs to the object at ffff888101b1cbe0 [ 12.898358] which belongs to the cache kmalloc-16 of size 16 [ 12.899002] The buggy address is located 8 bytes inside of [ 12.899002] freed 16-byte region [ffff888101b1cbe0, ffff888101b1cbf0) [ 12.899607] [ 12.899712] The buggy address belongs to the physical page: [ 12.899965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 12.900370] flags: 0x200000000000000(node=0|zone=2) [ 12.900625] page_type: f5(slab) [ 12.900820] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.901153] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.901502] page dumped because: kasan: bad access detected [ 12.901956] [ 12.902206] Memory state around the buggy address: [ 12.902379] ffff888101b1ca80: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 12.902632] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 12.902958] >ffff888101b1cb80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.903483] ^ [ 12.903929] ffff888101b1cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.904322] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.904738] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 12.852498] ================================================================== [ 12.853880] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.854135] Read of size 64 at addr ffff88810315f584 by task kunit_try_catch/200 [ 12.854368] [ 12.854499] CPU: 1 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.854631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.854644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.854665] Call Trace: [ 12.854914] <TASK> [ 12.854932] dump_stack_lvl+0x73/0xb0 [ 12.854965] print_report+0xd1/0x610 [ 12.854988] ? __virt_addr_valid+0x1db/0x2d0 [ 12.855203] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.855235] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.855308] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.855335] kasan_report+0x141/0x180 [ 12.855357] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.855513] kasan_check_range+0x10c/0x1c0 [ 12.855538] __asan_memmove+0x27/0x70 [ 12.855557] kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.855601] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 12.855626] ? __schedule+0x10c6/0x2b60 [ 12.855649] ? __pfx_read_tsc+0x10/0x10 [ 12.855671] ? ktime_get_ts64+0x86/0x230 [ 12.855698] kunit_try_run_case+0x1a5/0x480 [ 12.855723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.855745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.855768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.855790] ? __kthread_parkme+0x82/0x180 [ 12.855810] ? preempt_count_sub+0x50/0x80 [ 12.855834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.855858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.855880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.855917] kthread+0x337/0x6f0 [ 12.855937] ? trace_preempt_on+0x20/0xc0 [ 12.855960] ? __pfx_kthread+0x10/0x10 [ 12.855990] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.856034] ? calculate_sigpending+0x7b/0xa0 [ 12.856060] ? __pfx_kthread+0x10/0x10 [ 12.856081] ret_from_fork+0x116/0x1d0 [ 12.856111] ? __pfx_kthread+0x10/0x10 [ 12.856131] ret_from_fork_asm+0x1a/0x30 [ 12.856164] </TASK> [ 12.856185] [ 12.869630] Allocated by task 200: [ 12.869810] kasan_save_stack+0x45/0x70 [ 12.869983] kasan_save_track+0x18/0x40 [ 12.870498] kasan_save_alloc_info+0x3b/0x50 [ 12.870834] __kasan_kmalloc+0xb7/0xc0 [ 12.871347] __kmalloc_cache_noprof+0x189/0x420 [ 12.871588] kmalloc_memmove_invalid_size+0xac/0x330 [ 12.871803] kunit_try_run_case+0x1a5/0x480 [ 12.872000] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.872240] kthread+0x337/0x6f0 [ 12.872409] ret_from_fork+0x116/0x1d0 [ 12.872546] ret_from_fork_asm+0x1a/0x30 [ 12.872819] [ 12.872907] The buggy address belongs to the object at ffff88810315f580 [ 12.872907] which belongs to the cache kmalloc-64 of size 64 [ 12.873458] The buggy address is located 4 bytes inside of [ 12.873458] allocated 64-byte region [ffff88810315f580, ffff88810315f5c0) [ 12.873962] [ 12.874176] The buggy address belongs to the physical page: [ 12.874380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315f [ 12.874943] flags: 0x200000000000000(node=0|zone=2) [ 12.875327] page_type: f5(slab) [ 12.875508] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.875745] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.876078] page dumped because: kasan: bad access detected [ 12.876386] [ 12.876494] Memory state around the buggy address: [ 12.876771] ffff88810315f480: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 12.877064] ffff88810315f500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.877333] >ffff88810315f580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.877714] ^ [ 12.877929] ffff88810315f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.878379] ffff88810315f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.878610] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 12.828259] ================================================================== [ 12.828770] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 12.829077] Read of size 18446744073709551614 at addr ffff88810315f404 by task kunit_try_catch/198 [ 12.829740] [ 12.829861] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.829905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.829916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.829937] Call Trace: [ 12.829950] <TASK> [ 12.829967] dump_stack_lvl+0x73/0xb0 [ 12.829997] print_report+0xd1/0x610 [ 12.830019] ? __virt_addr_valid+0x1db/0x2d0 [ 12.830053] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.830077] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.830099] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.830146] kasan_report+0x141/0x180 [ 12.830169] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.830199] kasan_check_range+0x10c/0x1c0 [ 12.830223] __asan_memmove+0x27/0x70 [ 12.830242] kmalloc_memmove_negative_size+0x171/0x330 [ 12.830265] ? __kasan_check_write+0x18/0x20 [ 12.830284] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 12.830309] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.830334] ? trace_hardirqs_on+0x37/0xe0 [ 12.830356] ? __pfx_read_tsc+0x10/0x10 [ 12.830377] ? ktime_get_ts64+0x86/0x230 [ 12.830414] kunit_try_run_case+0x1a5/0x480 [ 12.830439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.830463] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.830488] ? __kthread_parkme+0x82/0x180 [ 12.830508] ? preempt_count_sub+0x50/0x80 [ 12.830532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.830556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.830578] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.830668] kthread+0x337/0x6f0 [ 12.830690] ? trace_preempt_on+0x20/0xc0 [ 12.830713] ? __pfx_kthread+0x10/0x10 [ 12.830733] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.830754] ? calculate_sigpending+0x7b/0xa0 [ 12.830778] ? __pfx_kthread+0x10/0x10 [ 12.830800] ret_from_fork+0x116/0x1d0 [ 12.830818] ? __pfx_kthread+0x10/0x10 [ 12.830838] ret_from_fork_asm+0x1a/0x30 [ 12.830871] </TASK> [ 12.830882] [ 12.839350] Allocated by task 198: [ 12.839537] kasan_save_stack+0x45/0x70 [ 12.839950] kasan_save_track+0x18/0x40 [ 12.840139] kasan_save_alloc_info+0x3b/0x50 [ 12.840349] __kasan_kmalloc+0xb7/0xc0 [ 12.840504] __kmalloc_cache_noprof+0x189/0x420 [ 12.840662] kmalloc_memmove_negative_size+0xac/0x330 [ 12.840982] kunit_try_run_case+0x1a5/0x480 [ 12.841586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.841865] kthread+0x337/0x6f0 [ 12.842015] ret_from_fork+0x116/0x1d0 [ 12.842204] ret_from_fork_asm+0x1a/0x30 [ 12.842381] [ 12.842467] The buggy address belongs to the object at ffff88810315f400 [ 12.842467] which belongs to the cache kmalloc-64 of size 64 [ 12.843020] The buggy address is located 4 bytes inside of [ 12.843020] 64-byte region [ffff88810315f400, ffff88810315f440) [ 12.843357] [ 12.843442] The buggy address belongs to the physical page: [ 12.843653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10315f [ 12.844016] flags: 0x200000000000000(node=0|zone=2) [ 12.844247] page_type: f5(slab) [ 12.844424] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.845138] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.845475] page dumped because: kasan: bad access detected [ 12.845770] [ 12.845867] Memory state around the buggy address: [ 12.846136] ffff88810315f300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.846442] ffff88810315f380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.846797] >ffff88810315f400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.847148] ^ [ 12.847293] ffff88810315f480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.847552] ffff88810315f500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.847768] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 12.805693] ================================================================== [ 12.806299] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.806787] Write of size 16 at addr ffff88810313a769 by task kunit_try_catch/196 [ 12.807121] [ 12.807243] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.807287] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.807299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.807319] Call Trace: [ 12.807332] <TASK> [ 12.807347] dump_stack_lvl+0x73/0xb0 [ 12.807377] print_report+0xd1/0x610 [ 12.807410] ? __virt_addr_valid+0x1db/0x2d0 [ 12.807432] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.807454] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.807476] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.807498] kasan_report+0x141/0x180 [ 12.807519] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.807547] kasan_check_range+0x10c/0x1c0 [ 12.807570] __asan_memset+0x27/0x50 [ 12.807813] kmalloc_oob_memset_16+0x166/0x330 [ 12.807840] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.807863] ? __schedule+0x10c6/0x2b60 [ 12.807885] ? __pfx_read_tsc+0x10/0x10 [ 12.807907] ? ktime_get_ts64+0x86/0x230 [ 12.807932] kunit_try_run_case+0x1a5/0x480 [ 12.807956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.807995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.808019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.808053] ? __kthread_parkme+0x82/0x180 [ 12.808074] ? preempt_count_sub+0x50/0x80 [ 12.808097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.808121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.808144] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.808167] kthread+0x337/0x6f0 [ 12.808250] ? trace_preempt_on+0x20/0xc0 [ 12.808274] ? __pfx_kthread+0x10/0x10 [ 12.808295] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.808317] ? calculate_sigpending+0x7b/0xa0 [ 12.808340] ? __pfx_kthread+0x10/0x10 [ 12.808362] ret_from_fork+0x116/0x1d0 [ 12.808380] ? __pfx_kthread+0x10/0x10 [ 12.808412] ret_from_fork_asm+0x1a/0x30 [ 12.808444] </TASK> [ 12.808455] [ 12.816522] Allocated by task 196: [ 12.816843] kasan_save_stack+0x45/0x70 [ 12.817049] kasan_save_track+0x18/0x40 [ 12.817227] kasan_save_alloc_info+0x3b/0x50 [ 12.817378] __kasan_kmalloc+0xb7/0xc0 [ 12.817582] __kmalloc_cache_noprof+0x189/0x420 [ 12.817900] kmalloc_oob_memset_16+0xac/0x330 [ 12.818236] kunit_try_run_case+0x1a5/0x480 [ 12.818419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.818678] kthread+0x337/0x6f0 [ 12.818857] ret_from_fork+0x116/0x1d0 [ 12.819098] ret_from_fork_asm+0x1a/0x30 [ 12.819309] [ 12.819411] The buggy address belongs to the object at ffff88810313a700 [ 12.819411] which belongs to the cache kmalloc-128 of size 128 [ 12.819920] The buggy address is located 105 bytes inside of [ 12.819920] allocated 120-byte region [ffff88810313a700, ffff88810313a778) [ 12.820284] [ 12.820358] The buggy address belongs to the physical page: [ 12.820584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.820937] flags: 0x200000000000000(node=0|zone=2) [ 12.821171] page_type: f5(slab) [ 12.821450] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.821828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.822117] page dumped because: kasan: bad access detected [ 12.822373] [ 12.822476] Memory state around the buggy address: [ 12.822778] ffff88810313a600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.823090] ffff88810313a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.823410] >ffff88810313a700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.823731] ^ [ 12.823951] ffff88810313a780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.824517] ffff88810313a800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.824853] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 12.782095] ================================================================== [ 12.782593] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 12.782901] Write of size 8 at addr ffff888101bc1571 by task kunit_try_catch/194 [ 12.783416] [ 12.783516] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.783560] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.783572] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.783593] Call Trace: [ 12.783605] <TASK> [ 12.783622] dump_stack_lvl+0x73/0xb0 [ 12.783652] print_report+0xd1/0x610 [ 12.783675] ? __virt_addr_valid+0x1db/0x2d0 [ 12.783699] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.783720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.783742] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.783764] kasan_report+0x141/0x180 [ 12.783786] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.783814] kasan_check_range+0x10c/0x1c0 [ 12.783837] __asan_memset+0x27/0x50 [ 12.783856] kmalloc_oob_memset_8+0x166/0x330 [ 12.783879] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 12.783901] ? __schedule+0x10c6/0x2b60 [ 12.783924] ? __pfx_read_tsc+0x10/0x10 [ 12.783944] ? ktime_get_ts64+0x86/0x230 [ 12.783971] kunit_try_run_case+0x1a5/0x480 [ 12.783995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.784017] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.784040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.784063] ? __kthread_parkme+0x82/0x180 [ 12.784258] ? preempt_count_sub+0x50/0x80 [ 12.784284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.784308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.784332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.784356] kthread+0x337/0x6f0 [ 12.784375] ? trace_preempt_on+0x20/0xc0 [ 12.784413] ? __pfx_kthread+0x10/0x10 [ 12.784434] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.784456] ? calculate_sigpending+0x7b/0xa0 [ 12.784480] ? __pfx_kthread+0x10/0x10 [ 12.784501] ret_from_fork+0x116/0x1d0 [ 12.784520] ? __pfx_kthread+0x10/0x10 [ 12.784540] ret_from_fork_asm+0x1a/0x30 [ 12.784574] </TASK> [ 12.784584] [ 12.792271] Allocated by task 194: [ 12.792466] kasan_save_stack+0x45/0x70 [ 12.792752] kasan_save_track+0x18/0x40 [ 12.792923] kasan_save_alloc_info+0x3b/0x50 [ 12.793074] __kasan_kmalloc+0xb7/0xc0 [ 12.793213] __kmalloc_cache_noprof+0x189/0x420 [ 12.793448] kmalloc_oob_memset_8+0xac/0x330 [ 12.793795] kunit_try_run_case+0x1a5/0x480 [ 12.794307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.794566] kthread+0x337/0x6f0 [ 12.794742] ret_from_fork+0x116/0x1d0 [ 12.794907] ret_from_fork_asm+0x1a/0x30 [ 12.795158] [ 12.795253] The buggy address belongs to the object at ffff888101bc1500 [ 12.795253] which belongs to the cache kmalloc-128 of size 128 [ 12.795821] The buggy address is located 113 bytes inside of [ 12.795821] allocated 120-byte region [ffff888101bc1500, ffff888101bc1578) [ 12.796430] [ 12.796541] The buggy address belongs to the physical page: [ 12.796759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 12.796996] flags: 0x200000000000000(node=0|zone=2) [ 12.797189] page_type: f5(slab) [ 12.797361] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.797710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.798041] page dumped because: kasan: bad access detected [ 12.798282] [ 12.798587] Memory state around the buggy address: [ 12.798773] ffff888101bc1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.798986] ffff888101bc1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.799749] >ffff888101bc1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.800013] ^ [ 12.800390] ffff888101bc1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.800745] ffff888101bc1600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.801058] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 12.758820] ================================================================== [ 12.759366] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.759717] Write of size 4 at addr ffff88810313a675 by task kunit_try_catch/192 [ 12.760027] [ 12.760160] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.760244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.760258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.760278] Call Trace: [ 12.760291] <TASK> [ 12.760307] dump_stack_lvl+0x73/0xb0 [ 12.760350] print_report+0xd1/0x610 [ 12.760373] ? __virt_addr_valid+0x1db/0x2d0 [ 12.760426] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.760447] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.760468] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.760490] kasan_report+0x141/0x180 [ 12.760522] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.760549] kasan_check_range+0x10c/0x1c0 [ 12.760573] __asan_memset+0x27/0x50 [ 12.760593] kmalloc_oob_memset_4+0x166/0x330 [ 12.760616] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.760638] ? __schedule+0x2079/0x2b60 [ 12.760662] ? __pfx_read_tsc+0x10/0x10 [ 12.760688] ? ktime_get_ts64+0x86/0x230 [ 12.760713] kunit_try_run_case+0x1a5/0x480 [ 12.760738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.760770] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.760804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.760828] ? __kthread_parkme+0x82/0x180 [ 12.760849] ? preempt_count_sub+0x50/0x80 [ 12.760883] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.760907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.760930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.760953] kthread+0x337/0x6f0 [ 12.760972] ? trace_preempt_on+0x20/0xc0 [ 12.760995] ? __pfx_kthread+0x10/0x10 [ 12.761016] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.761052] ? calculate_sigpending+0x7b/0xa0 [ 12.761076] ? __pfx_kthread+0x10/0x10 [ 12.761097] ret_from_fork+0x116/0x1d0 [ 12.761115] ? __pfx_kthread+0x10/0x10 [ 12.761136] ret_from_fork_asm+0x1a/0x30 [ 12.761168] </TASK> [ 12.761178] [ 12.769321] Allocated by task 192: [ 12.769510] kasan_save_stack+0x45/0x70 [ 12.769686] kasan_save_track+0x18/0x40 [ 12.769824] kasan_save_alloc_info+0x3b/0x50 [ 12.769974] __kasan_kmalloc+0xb7/0xc0 [ 12.770302] __kmalloc_cache_noprof+0x189/0x420 [ 12.770758] kmalloc_oob_memset_4+0xac/0x330 [ 12.770983] kunit_try_run_case+0x1a5/0x480 [ 12.771485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.771685] kthread+0x337/0x6f0 [ 12.771868] ret_from_fork+0x116/0x1d0 [ 12.772051] ret_from_fork_asm+0x1a/0x30 [ 12.772314] [ 12.772428] The buggy address belongs to the object at ffff88810313a600 [ 12.772428] which belongs to the cache kmalloc-128 of size 128 [ 12.772946] The buggy address is located 117 bytes inside of [ 12.772946] allocated 120-byte region [ffff88810313a600, ffff88810313a678) [ 12.773533] [ 12.773648] The buggy address belongs to the physical page: [ 12.773833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.774078] flags: 0x200000000000000(node=0|zone=2) [ 12.774244] page_type: f5(slab) [ 12.774368] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.774755] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.775085] page dumped because: kasan: bad access detected [ 12.775334] [ 12.775477] Memory state around the buggy address: [ 12.775633] ffff88810313a500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.775848] ffff88810313a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.776500] >ffff88810313a600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.777142] ^ [ 12.777706] ffff88810313a680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.777987] ffff88810313a700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.778488] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 12.734731] ================================================================== [ 12.735361] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.735753] Write of size 2 at addr ffff88810313a577 by task kunit_try_catch/190 [ 12.736204] [ 12.736483] CPU: 0 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.736530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.736556] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.736577] Call Trace: [ 12.736589] <TASK> [ 12.736603] dump_stack_lvl+0x73/0xb0 [ 12.736657] print_report+0xd1/0x610 [ 12.736683] ? __virt_addr_valid+0x1db/0x2d0 [ 12.736704] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.736725] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.736747] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.736768] kasan_report+0x141/0x180 [ 12.736790] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.736817] kasan_check_range+0x10c/0x1c0 [ 12.736840] __asan_memset+0x27/0x50 [ 12.736869] kmalloc_oob_memset_2+0x166/0x330 [ 12.736890] ? __kasan_check_write+0x18/0x20 [ 12.736909] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.736941] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.736966] ? trace_hardirqs_on+0x37/0xe0 [ 12.736989] ? __pfx_read_tsc+0x10/0x10 [ 12.737011] ? ktime_get_ts64+0x86/0x230 [ 12.737085] kunit_try_run_case+0x1a5/0x480 [ 12.737110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737134] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.737158] ? __kthread_parkme+0x82/0x180 [ 12.737179] ? preempt_count_sub+0x50/0x80 [ 12.737203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.737249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.737272] kthread+0x337/0x6f0 [ 12.737292] ? trace_preempt_on+0x20/0xc0 [ 12.737313] ? __pfx_kthread+0x10/0x10 [ 12.737334] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.737355] ? calculate_sigpending+0x7b/0xa0 [ 12.737378] ? __pfx_kthread+0x10/0x10 [ 12.737411] ret_from_fork+0x116/0x1d0 [ 12.737429] ? __pfx_kthread+0x10/0x10 [ 12.737449] ret_from_fork_asm+0x1a/0x30 [ 12.737481] </TASK> [ 12.737491] [ 12.745709] Allocated by task 190: [ 12.745900] kasan_save_stack+0x45/0x70 [ 12.746095] kasan_save_track+0x18/0x40 [ 12.746234] kasan_save_alloc_info+0x3b/0x50 [ 12.746383] __kasan_kmalloc+0xb7/0xc0 [ 12.746779] __kmalloc_cache_noprof+0x189/0x420 [ 12.747161] kmalloc_oob_memset_2+0xac/0x330 [ 12.747413] kunit_try_run_case+0x1a5/0x480 [ 12.747662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.747922] kthread+0x337/0x6f0 [ 12.748142] ret_from_fork+0x116/0x1d0 [ 12.748314] ret_from_fork_asm+0x1a/0x30 [ 12.748532] [ 12.748640] The buggy address belongs to the object at ffff88810313a500 [ 12.748640] which belongs to the cache kmalloc-128 of size 128 [ 12.749148] The buggy address is located 119 bytes inside of [ 12.749148] allocated 120-byte region [ffff88810313a500, ffff88810313a578) [ 12.749770] [ 12.749863] The buggy address belongs to the physical page: [ 12.750084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.750330] flags: 0x200000000000000(node=0|zone=2) [ 12.750556] page_type: f5(slab) [ 12.750816] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.751423] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.751801] page dumped because: kasan: bad access detected [ 12.752133] [ 12.752243] Memory state around the buggy address: [ 12.752463] ffff88810313a400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.752952] ffff88810313a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.753346] >ffff88810313a500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.753612] ^ [ 12.753830] ffff88810313a580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.754049] ffff88810313a600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.754341] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 12.708300] ================================================================== [ 12.709136] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 12.709511] Write of size 128 at addr ffff88810313a400 by task kunit_try_catch/188 [ 12.710264] [ 12.710388] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.710443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.710455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.710476] Call Trace: [ 12.710489] <TASK> [ 12.710505] dump_stack_lvl+0x73/0xb0 [ 12.710535] print_report+0xd1/0x610 [ 12.710557] ? __virt_addr_valid+0x1db/0x2d0 [ 12.710579] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.710602] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.710624] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.710646] kasan_report+0x141/0x180 [ 12.710668] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.710696] kasan_check_range+0x10c/0x1c0 [ 12.710719] __asan_memset+0x27/0x50 [ 12.710739] kmalloc_oob_in_memset+0x15f/0x320 [ 12.710761] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 12.710783] ? __schedule+0x10c6/0x2b60 [ 12.710805] ? __pfx_read_tsc+0x10/0x10 [ 12.710826] ? ktime_get_ts64+0x86/0x230 [ 12.710851] kunit_try_run_case+0x1a5/0x480 [ 12.710875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.710897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.710920] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.710943] ? __kthread_parkme+0x82/0x180 [ 12.710963] ? preempt_count_sub+0x50/0x80 [ 12.710987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.711010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.711033] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.711056] kthread+0x337/0x6f0 [ 12.711075] ? trace_preempt_on+0x20/0xc0 [ 12.711099] ? __pfx_kthread+0x10/0x10 [ 12.711120] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.711141] ? calculate_sigpending+0x7b/0xa0 [ 12.711164] ? __pfx_kthread+0x10/0x10 [ 12.711186] ret_from_fork+0x116/0x1d0 [ 12.711204] ? __pfx_kthread+0x10/0x10 [ 12.711224] ret_from_fork_asm+0x1a/0x30 [ 12.711328] </TASK> [ 12.711339] [ 12.719559] Allocated by task 188: [ 12.719783] kasan_save_stack+0x45/0x70 [ 12.719988] kasan_save_track+0x18/0x40 [ 12.720367] kasan_save_alloc_info+0x3b/0x50 [ 12.720578] __kasan_kmalloc+0xb7/0xc0 [ 12.720757] __kmalloc_cache_noprof+0x189/0x420 [ 12.721000] kmalloc_oob_in_memset+0xac/0x320 [ 12.721409] kunit_try_run_case+0x1a5/0x480 [ 12.721612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.721841] kthread+0x337/0x6f0 [ 12.722020] ret_from_fork+0x116/0x1d0 [ 12.722214] ret_from_fork_asm+0x1a/0x30 [ 12.722470] [ 12.722586] The buggy address belongs to the object at ffff88810313a400 [ 12.722586] which belongs to the cache kmalloc-128 of size 128 [ 12.723119] The buggy address is located 0 bytes inside of [ 12.723119] allocated 120-byte region [ffff88810313a400, ffff88810313a478) [ 12.723532] [ 12.723610] The buggy address belongs to the physical page: [ 12.723786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.724113] flags: 0x200000000000000(node=0|zone=2) [ 12.724430] page_type: f5(slab) [ 12.724603] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.724925] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.725450] page dumped because: kasan: bad access detected [ 12.725734] [ 12.725830] Memory state around the buggy address: [ 12.726197] ffff88810313a300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.726827] ffff88810313a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.727324] >ffff88810313a400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.727686] ^ [ 12.727995] ffff88810313a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.728371] ffff88810313a500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.728762] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 12.682842] ================================================================== [ 12.683427] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 12.683718] Read of size 16 at addr ffff8881017e0420 by task kunit_try_catch/186 [ 12.684161] [ 12.684271] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.684316] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.684328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.684349] Call Trace: [ 12.684363] <TASK> [ 12.684379] dump_stack_lvl+0x73/0xb0 [ 12.684422] print_report+0xd1/0x610 [ 12.684446] ? __virt_addr_valid+0x1db/0x2d0 [ 12.684468] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.684489] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.684511] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.684531] kasan_report+0x141/0x180 [ 12.684553] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.684578] __asan_report_load16_noabort+0x18/0x20 [ 12.684603] kmalloc_uaf_16+0x47b/0x4c0 [ 12.684624] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 12.684647] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 12.684678] ? __pfx_read_tsc+0x10/0x10 [ 12.684698] ? ktime_get_ts64+0x86/0x230 [ 12.684724] kunit_try_run_case+0x1a5/0x480 [ 12.684748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.684769] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 12.684791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.684814] ? __kthread_parkme+0x82/0x180 [ 12.684834] ? preempt_count_sub+0x50/0x80 [ 12.684858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.684881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.684904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.684927] kthread+0x337/0x6f0 [ 12.684946] ? trace_preempt_on+0x20/0xc0 [ 12.684969] ? __pfx_kthread+0x10/0x10 [ 12.685001] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.685022] ? calculate_sigpending+0x7b/0xa0 [ 12.685061] ? __pfx_kthread+0x10/0x10 [ 12.685082] ret_from_fork+0x116/0x1d0 [ 12.685100] ? __pfx_kthread+0x10/0x10 [ 12.685120] ret_from_fork_asm+0x1a/0x30 [ 12.685152] </TASK> [ 12.685162] [ 12.692565] Allocated by task 186: [ 12.692736] kasan_save_stack+0x45/0x70 [ 12.692925] kasan_save_track+0x18/0x40 [ 12.693259] kasan_save_alloc_info+0x3b/0x50 [ 12.693498] __kasan_kmalloc+0xb7/0xc0 [ 12.693634] __kmalloc_cache_noprof+0x189/0x420 [ 12.693870] kmalloc_uaf_16+0x15b/0x4c0 [ 12.694129] kunit_try_run_case+0x1a5/0x480 [ 12.694337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.694583] kthread+0x337/0x6f0 [ 12.694739] ret_from_fork+0x116/0x1d0 [ 12.694906] ret_from_fork_asm+0x1a/0x30 [ 12.695174] [ 12.695251] Freed by task 186: [ 12.695364] kasan_save_stack+0x45/0x70 [ 12.695577] kasan_save_track+0x18/0x40 [ 12.695795] kasan_save_free_info+0x3f/0x60 [ 12.695988] __kasan_slab_free+0x56/0x70 [ 12.696209] kfree+0x222/0x3f0 [ 12.696374] kmalloc_uaf_16+0x1d6/0x4c0 [ 12.696571] kunit_try_run_case+0x1a5/0x480 [ 12.696759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.697001] kthread+0x337/0x6f0 [ 12.697217] ret_from_fork+0x116/0x1d0 [ 12.697389] ret_from_fork_asm+0x1a/0x30 [ 12.697585] [ 12.697673] The buggy address belongs to the object at ffff8881017e0420 [ 12.697673] which belongs to the cache kmalloc-16 of size 16 [ 12.698195] The buggy address is located 0 bytes inside of [ 12.698195] freed 16-byte region [ffff8881017e0420, ffff8881017e0430) [ 12.698853] [ 12.698939] The buggy address belongs to the physical page: [ 12.699249] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017e0 [ 12.699645] flags: 0x200000000000000(node=0|zone=2) [ 12.699815] page_type: f5(slab) [ 12.699938] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.700172] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.700411] page dumped because: kasan: bad access detected [ 12.700584] [ 12.700654] Memory state around the buggy address: [ 12.700832] ffff8881017e0300: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc [ 12.701218] ffff8881017e0380: 00 04 fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 12.701566] >ffff8881017e0400: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 12.701896] ^ [ 12.702391] ffff8881017e0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.702933] ffff8881017e0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.703820] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 12.661657] ================================================================== [ 12.662335] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.662689] Write of size 16 at addr ffff8881017e03c0 by task kunit_try_catch/184 [ 12.662976] [ 12.663175] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.663221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.663233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.663255] Call Trace: [ 12.663268] <TASK> [ 12.663285] dump_stack_lvl+0x73/0xb0 [ 12.663316] print_report+0xd1/0x610 [ 12.663339] ? __virt_addr_valid+0x1db/0x2d0 [ 12.663362] ? kmalloc_oob_16+0x452/0x4a0 [ 12.663382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.663416] ? kmalloc_oob_16+0x452/0x4a0 [ 12.663437] kasan_report+0x141/0x180 [ 12.663459] ? kmalloc_oob_16+0x452/0x4a0 [ 12.663485] __asan_report_store16_noabort+0x1b/0x30 [ 12.663509] kmalloc_oob_16+0x452/0x4a0 [ 12.663529] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.663551] ? __schedule+0x10c6/0x2b60 [ 12.663574] ? __pfx_read_tsc+0x10/0x10 [ 12.663595] ? ktime_get_ts64+0x86/0x230 [ 12.663621] kunit_try_run_case+0x1a5/0x480 [ 12.663646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.663667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.663691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.663713] ? __kthread_parkme+0x82/0x180 [ 12.663733] ? preempt_count_sub+0x50/0x80 [ 12.663757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.663781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.663803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.663826] kthread+0x337/0x6f0 [ 12.663845] ? trace_preempt_on+0x20/0xc0 [ 12.663868] ? __pfx_kthread+0x10/0x10 [ 12.663888] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.663909] ? calculate_sigpending+0x7b/0xa0 [ 12.663933] ? __pfx_kthread+0x10/0x10 [ 12.663954] ret_from_fork+0x116/0x1d0 [ 12.663973] ? __pfx_kthread+0x10/0x10 [ 12.663993] ret_from_fork_asm+0x1a/0x30 [ 12.664026] </TASK> [ 12.664036] [ 12.671380] Allocated by task 184: [ 12.671528] kasan_save_stack+0x45/0x70 [ 12.671672] kasan_save_track+0x18/0x40 [ 12.671919] kasan_save_alloc_info+0x3b/0x50 [ 12.672428] __kasan_kmalloc+0xb7/0xc0 [ 12.672640] __kmalloc_cache_noprof+0x189/0x420 [ 12.672878] kmalloc_oob_16+0xa8/0x4a0 [ 12.673068] kunit_try_run_case+0x1a5/0x480 [ 12.673450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.673690] kthread+0x337/0x6f0 [ 12.673853] ret_from_fork+0x116/0x1d0 [ 12.673987] ret_from_fork_asm+0x1a/0x30 [ 12.674129] [ 12.674305] The buggy address belongs to the object at ffff8881017e03c0 [ 12.674305] which belongs to the cache kmalloc-16 of size 16 [ 12.674861] The buggy address is located 0 bytes inside of [ 12.674861] allocated 13-byte region [ffff8881017e03c0, ffff8881017e03cd) [ 12.675409] [ 12.675506] The buggy address belongs to the physical page: [ 12.675748] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017e0 [ 12.676068] flags: 0x200000000000000(node=0|zone=2) [ 12.676309] page_type: f5(slab) [ 12.676484] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.676886] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.677390] page dumped because: kasan: bad access detected [ 12.677630] [ 12.677706] Memory state around the buggy address: [ 12.677910] ffff8881017e0280: 00 00 fc fc fa fb fc fc fa fb fc fc 00 04 fc fc [ 12.678204] ffff8881017e0300: 00 04 fc fc 00 01 fc fc 00 01 fc fc 00 04 fc fc [ 12.678554] >ffff8881017e0380: 00 04 fc fc 00 05 fc fc 00 05 fc fc 00 00 fc fc [ 12.678862] ^ [ 12.679093] ffff8881017e0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.679309] ffff8881017e0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.679531] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 12.634268] ================================================================== [ 12.634605] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 12.634974] Read of size 1 at addr ffff888100ab0a00 by task kunit_try_catch/182 [ 12.635197] [ 12.635279] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.635320] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.635332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.635352] Call Trace: [ 12.635368] <TASK> [ 12.635383] dump_stack_lvl+0x73/0xb0 [ 12.635697] print_report+0xd1/0x610 [ 12.635722] ? __virt_addr_valid+0x1db/0x2d0 [ 12.635744] ? krealloc_uaf+0x53c/0x5e0 [ 12.635765] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.635787] ? krealloc_uaf+0x53c/0x5e0 [ 12.635808] kasan_report+0x141/0x180 [ 12.635830] ? krealloc_uaf+0x53c/0x5e0 [ 12.635857] __asan_report_load1_noabort+0x18/0x20 [ 12.635881] krealloc_uaf+0x53c/0x5e0 [ 12.635902] ? __pfx_krealloc_uaf+0x10/0x10 [ 12.635923] ? finish_task_switch.isra.0+0x153/0x700 [ 12.635944] ? __switch_to+0x47/0xf50 [ 12.635970] ? __schedule+0x10c6/0x2b60 [ 12.635992] ? __pfx_read_tsc+0x10/0x10 [ 12.636012] ? ktime_get_ts64+0x86/0x230 [ 12.636101] kunit_try_run_case+0x1a5/0x480 [ 12.636128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.636151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.636175] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.636198] ? __kthread_parkme+0x82/0x180 [ 12.636218] ? preempt_count_sub+0x50/0x80 [ 12.636241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.636264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.636287] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.636310] kthread+0x337/0x6f0 [ 12.636329] ? trace_preempt_on+0x20/0xc0 [ 12.636352] ? __pfx_kthread+0x10/0x10 [ 12.636372] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.636393] ? calculate_sigpending+0x7b/0xa0 [ 12.636429] ? __pfx_kthread+0x10/0x10 [ 12.636451] ret_from_fork+0x116/0x1d0 [ 12.636469] ? __pfx_kthread+0x10/0x10 [ 12.636490] ret_from_fork_asm+0x1a/0x30 [ 12.636523] </TASK> [ 12.636533] [ 12.644685] Allocated by task 182: [ 12.644868] kasan_save_stack+0x45/0x70 [ 12.645152] kasan_save_track+0x18/0x40 [ 12.645352] kasan_save_alloc_info+0x3b/0x50 [ 12.645575] __kasan_kmalloc+0xb7/0xc0 [ 12.645723] __kmalloc_cache_noprof+0x189/0x420 [ 12.645882] krealloc_uaf+0xbb/0x5e0 [ 12.646015] kunit_try_run_case+0x1a5/0x480 [ 12.646270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.646535] kthread+0x337/0x6f0 [ 12.646845] ret_from_fork+0x116/0x1d0 [ 12.647175] ret_from_fork_asm+0x1a/0x30 [ 12.647375] [ 12.647475] Freed by task 182: [ 12.647590] kasan_save_stack+0x45/0x70 [ 12.647792] kasan_save_track+0x18/0x40 [ 12.647984] kasan_save_free_info+0x3f/0x60 [ 12.648266] __kasan_slab_free+0x56/0x70 [ 12.648429] kfree+0x222/0x3f0 [ 12.648550] krealloc_uaf+0x13d/0x5e0 [ 12.648740] kunit_try_run_case+0x1a5/0x480 [ 12.648951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.649349] kthread+0x337/0x6f0 [ 12.649520] ret_from_fork+0x116/0x1d0 [ 12.649806] ret_from_fork_asm+0x1a/0x30 [ 12.649985] [ 12.650141] The buggy address belongs to the object at ffff888100ab0a00 [ 12.650141] which belongs to the cache kmalloc-256 of size 256 [ 12.650646] The buggy address is located 0 bytes inside of [ 12.650646] freed 256-byte region [ffff888100ab0a00, ffff888100ab0b00) [ 12.651313] [ 12.651412] The buggy address belongs to the physical page: [ 12.651683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.651945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.652177] flags: 0x200000000000040(head|node=0|zone=2) [ 12.652356] page_type: f5(slab) [ 12.652521] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.653193] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.653547] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.653883] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.654121] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.654355] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.654879] page dumped because: kasan: bad access detected [ 12.655140] [ 12.655235] Memory state around the buggy address: [ 12.655802] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.656192] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.656447] >ffff888100ab0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.656863] ^ [ 12.657035] ffff888100ab0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.657252] ffff888100ab0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.657475] ================================================================== [ 12.609199] ================================================================== [ 12.610383] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 12.610855] Read of size 1 at addr ffff888100ab0a00 by task kunit_try_catch/182 [ 12.611495] [ 12.611612] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.611662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.611676] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.611699] Call Trace: [ 12.611712] <TASK> [ 12.611730] dump_stack_lvl+0x73/0xb0 [ 12.611765] print_report+0xd1/0x610 [ 12.611788] ? __virt_addr_valid+0x1db/0x2d0 [ 12.611812] ? krealloc_uaf+0x1b8/0x5e0 [ 12.611833] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.611856] ? krealloc_uaf+0x1b8/0x5e0 [ 12.611878] kasan_report+0x141/0x180 [ 12.611900] ? krealloc_uaf+0x1b8/0x5e0 [ 12.611926] ? krealloc_uaf+0x1b8/0x5e0 [ 12.611947] __kasan_check_byte+0x3d/0x50 [ 12.611969] krealloc_noprof+0x3f/0x340 [ 12.611993] krealloc_uaf+0x1b8/0x5e0 [ 12.612014] ? __pfx_krealloc_uaf+0x10/0x10 [ 12.612049] ? finish_task_switch.isra.0+0x153/0x700 [ 12.612071] ? __switch_to+0x47/0xf50 [ 12.612098] ? __schedule+0x10c6/0x2b60 [ 12.612121] ? __pfx_read_tsc+0x10/0x10 [ 12.612141] ? ktime_get_ts64+0x86/0x230 [ 12.612168] kunit_try_run_case+0x1a5/0x480 [ 12.612194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.612215] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.612239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.612262] ? __kthread_parkme+0x82/0x180 [ 12.612282] ? preempt_count_sub+0x50/0x80 [ 12.612305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.612329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.612351] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.612375] kthread+0x337/0x6f0 [ 12.612394] ? trace_preempt_on+0x20/0xc0 [ 12.612428] ? __pfx_kthread+0x10/0x10 [ 12.612448] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.612469] ? calculate_sigpending+0x7b/0xa0 [ 12.612493] ? __pfx_kthread+0x10/0x10 [ 12.612515] ret_from_fork+0x116/0x1d0 [ 12.612533] ? __pfx_kthread+0x10/0x10 [ 12.612553] ret_from_fork_asm+0x1a/0x30 [ 12.612586] </TASK> [ 12.612597] [ 12.620855] Allocated by task 182: [ 12.620992] kasan_save_stack+0x45/0x70 [ 12.621148] kasan_save_track+0x18/0x40 [ 12.621345] kasan_save_alloc_info+0x3b/0x50 [ 12.621577] __kasan_kmalloc+0xb7/0xc0 [ 12.621771] __kmalloc_cache_noprof+0x189/0x420 [ 12.621997] krealloc_uaf+0xbb/0x5e0 [ 12.622242] kunit_try_run_case+0x1a5/0x480 [ 12.622439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.622887] kthread+0x337/0x6f0 [ 12.623022] ret_from_fork+0x116/0x1d0 [ 12.623212] ret_from_fork_asm+0x1a/0x30 [ 12.623445] [ 12.623545] Freed by task 182: [ 12.623708] kasan_save_stack+0x45/0x70 [ 12.623933] kasan_save_track+0x18/0x40 [ 12.624245] kasan_save_free_info+0x3f/0x60 [ 12.624465] __kasan_slab_free+0x56/0x70 [ 12.624607] kfree+0x222/0x3f0 [ 12.624733] krealloc_uaf+0x13d/0x5e0 [ 12.624867] kunit_try_run_case+0x1a5/0x480 [ 12.625015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.625222] kthread+0x337/0x6f0 [ 12.625388] ret_from_fork+0x116/0x1d0 [ 12.625701] ret_from_fork_asm+0x1a/0x30 [ 12.625902] [ 12.625998] The buggy address belongs to the object at ffff888100ab0a00 [ 12.625998] which belongs to the cache kmalloc-256 of size 256 [ 12.626989] The buggy address is located 0 bytes inside of [ 12.626989] freed 256-byte region [ffff888100ab0a00, ffff888100ab0b00) [ 12.627483] [ 12.627586] The buggy address belongs to the physical page: [ 12.627869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.628153] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.628411] flags: 0x200000000000040(head|node=0|zone=2) [ 12.628811] page_type: f5(slab) [ 12.628991] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.629366] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.629774] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.630272] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.630575] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.630910] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.631305] page dumped because: kasan: bad access detected [ 12.631556] [ 12.631653] Memory state around the buggy address: [ 12.631955] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.632258] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.632522] >ffff888100ab0a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.632846] ^ [ 12.633009] ffff888100ab0a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.633267] ffff888100ab0b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.633545] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 12.425164] ================================================================== [ 12.425483] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.426377] Write of size 1 at addr ffff888100ab08eb by task kunit_try_catch/176 [ 12.426720] [ 12.426808] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.426850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.426861] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.426883] Call Trace: [ 12.426895] <TASK> [ 12.426909] dump_stack_lvl+0x73/0xb0 [ 12.426935] print_report+0xd1/0x610 [ 12.426957] ? __virt_addr_valid+0x1db/0x2d0 [ 12.426978] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.427022] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427046] kasan_report+0x141/0x180 [ 12.427067] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427096] __asan_report_store1_noabort+0x1b/0x30 [ 12.427120] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.427146] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.427168] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.427198] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.427226] krealloc_less_oob+0x1c/0x30 [ 12.427247] kunit_try_run_case+0x1a5/0x480 [ 12.427270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.427292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.427315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.427338] ? __kthread_parkme+0x82/0x180 [ 12.427357] ? preempt_count_sub+0x50/0x80 [ 12.427381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.427417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.427439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.427462] kthread+0x337/0x6f0 [ 12.427481] ? trace_preempt_on+0x20/0xc0 [ 12.427503] ? __pfx_kthread+0x10/0x10 [ 12.427524] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.427544] ? calculate_sigpending+0x7b/0xa0 [ 12.427568] ? __pfx_kthread+0x10/0x10 [ 12.427590] ret_from_fork+0x116/0x1d0 [ 12.427608] ? __pfx_kthread+0x10/0x10 [ 12.427628] ret_from_fork_asm+0x1a/0x30 [ 12.427659] </TASK> [ 12.427669] [ 12.435267] Allocated by task 176: [ 12.435412] kasan_save_stack+0x45/0x70 [ 12.435724] kasan_save_track+0x18/0x40 [ 12.435919] kasan_save_alloc_info+0x3b/0x50 [ 12.436244] __kasan_krealloc+0x190/0x1f0 [ 12.436412] krealloc_noprof+0xf3/0x340 [ 12.436613] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.436849] krealloc_less_oob+0x1c/0x30 [ 12.437016] kunit_try_run_case+0x1a5/0x480 [ 12.437211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.437389] kthread+0x337/0x6f0 [ 12.437522] ret_from_fork+0x116/0x1d0 [ 12.437656] ret_from_fork_asm+0x1a/0x30 [ 12.437796] [ 12.437870] The buggy address belongs to the object at ffff888100ab0800 [ 12.437870] which belongs to the cache kmalloc-256 of size 256 [ 12.438227] The buggy address is located 34 bytes to the right of [ 12.438227] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.439101] [ 12.439335] The buggy address belongs to the physical page: [ 12.439621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.439975] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.440755] flags: 0x200000000000040(head|node=0|zone=2) [ 12.440940] page_type: f5(slab) [ 12.441145] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.441497] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.441858] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.442221] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.442495] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.442729] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.443142] page dumped because: kasan: bad access detected [ 12.443410] [ 12.443506] Memory state around the buggy address: [ 12.443730] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.443991] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.444644] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.444925] ^ [ 12.445237] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.445473] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.445690] ================================================================== [ 12.585061] ================================================================== [ 12.585338] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.585642] Write of size 1 at addr ffff8881038a20eb by task kunit_try_catch/180 [ 12.586708] [ 12.586953] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.587000] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.587153] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.587176] Call Trace: [ 12.587192] <TASK> [ 12.587208] dump_stack_lvl+0x73/0xb0 [ 12.587237] print_report+0xd1/0x610 [ 12.587260] ? __virt_addr_valid+0x1db/0x2d0 [ 12.587281] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587304] ? kasan_addr_to_slab+0x11/0xa0 [ 12.587324] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587347] kasan_report+0x141/0x180 [ 12.587369] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587409] __asan_report_store1_noabort+0x1b/0x30 [ 12.587434] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.587460] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.587484] ? finish_task_switch.isra.0+0x153/0x700 [ 12.587505] ? __switch_to+0x47/0xf50 [ 12.587530] ? __schedule+0x10c6/0x2b60 [ 12.587552] ? __pfx_read_tsc+0x10/0x10 [ 12.587576] krealloc_large_less_oob+0x1c/0x30 [ 12.587607] kunit_try_run_case+0x1a5/0x480 [ 12.587630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.587652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.587675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.587698] ? __kthread_parkme+0x82/0x180 [ 12.587718] ? preempt_count_sub+0x50/0x80 [ 12.587740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.587764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.587786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.587809] kthread+0x337/0x6f0 [ 12.587828] ? trace_preempt_on+0x20/0xc0 [ 12.587850] ? __pfx_kthread+0x10/0x10 [ 12.587871] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.587891] ? calculate_sigpending+0x7b/0xa0 [ 12.587914] ? __pfx_kthread+0x10/0x10 [ 12.587936] ret_from_fork+0x116/0x1d0 [ 12.587954] ? __pfx_kthread+0x10/0x10 [ 12.587974] ret_from_fork_asm+0x1a/0x30 [ 12.588008] </TASK> [ 12.588017] [ 12.598107] The buggy address belongs to the physical page: [ 12.598426] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.598937] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.599329] flags: 0x200000000000040(head|node=0|zone=2) [ 12.599586] page_type: f8(unknown) [ 12.599744] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.600084] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.600693] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.601007] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.601412] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.601885] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.602297] page dumped because: kasan: bad access detected [ 12.602627] [ 12.602730] Memory state around the buggy address: [ 12.603047] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.603420] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.603827] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.604185] ^ [ 12.604539] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.605023] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.605305] ================================================================== [ 12.564273] ================================================================== [ 12.564606] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.565427] Write of size 1 at addr ffff8881038a20ea by task kunit_try_catch/180 [ 12.566052] [ 12.566193] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.566322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.566337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.566359] Call Trace: [ 12.566371] <TASK> [ 12.566387] dump_stack_lvl+0x73/0xb0 [ 12.566433] print_report+0xd1/0x610 [ 12.566456] ? __virt_addr_valid+0x1db/0x2d0 [ 12.566477] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566501] ? kasan_addr_to_slab+0x11/0xa0 [ 12.566521] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566544] kasan_report+0x141/0x180 [ 12.566566] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566595] __asan_report_store1_noabort+0x1b/0x30 [ 12.566619] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.566645] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.566669] ? finish_task_switch.isra.0+0x153/0x700 [ 12.566690] ? __switch_to+0x47/0xf50 [ 12.566716] ? __schedule+0x10c6/0x2b60 [ 12.566739] ? __pfx_read_tsc+0x10/0x10 [ 12.566764] krealloc_large_less_oob+0x1c/0x30 [ 12.566787] kunit_try_run_case+0x1a5/0x480 [ 12.566811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.566834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.566857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.566882] ? __kthread_parkme+0x82/0x180 [ 12.566903] ? preempt_count_sub+0x50/0x80 [ 12.566927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.566950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.566973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.566998] kthread+0x337/0x6f0 [ 12.567018] ? trace_preempt_on+0x20/0xc0 [ 12.567041] ? __pfx_kthread+0x10/0x10 [ 12.567062] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.567083] ? calculate_sigpending+0x7b/0xa0 [ 12.567107] ? __pfx_kthread+0x10/0x10 [ 12.567129] ret_from_fork+0x116/0x1d0 [ 12.567147] ? __pfx_kthread+0x10/0x10 [ 12.567168] ret_from_fork_asm+0x1a/0x30 [ 12.567201] </TASK> [ 12.567212] [ 12.577096] The buggy address belongs to the physical page: [ 12.577502] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.577966] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.578314] flags: 0x200000000000040(head|node=0|zone=2) [ 12.578573] page_type: f8(unknown) [ 12.578727] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.579056] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.579378] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.580026] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.580449] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.580887] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.581313] page dumped because: kasan: bad access detected [ 12.581622] [ 12.581785] Memory state around the buggy address: [ 12.581995] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.582294] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.582599] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.583138] ^ [ 12.583503] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.583960] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.584342] ================================================================== [ 12.349185] ================================================================== [ 12.349458] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.349738] Write of size 1 at addr ffff888100ab08d0 by task kunit_try_catch/176 [ 12.350331] [ 12.350452] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.350537] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.350551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.350572] Call Trace: [ 12.350583] <TASK> [ 12.350597] dump_stack_lvl+0x73/0xb0 [ 12.350624] print_report+0xd1/0x610 [ 12.350647] ? __virt_addr_valid+0x1db/0x2d0 [ 12.350670] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350693] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.350715] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350739] kasan_report+0x141/0x180 [ 12.350761] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350790] __asan_report_store1_noabort+0x1b/0x30 [ 12.350814] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.350839] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.350862] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.350891] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.350918] krealloc_less_oob+0x1c/0x30 [ 12.350939] kunit_try_run_case+0x1a5/0x480 [ 12.350963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.350985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.351008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.351076] ? __kthread_parkme+0x82/0x180 [ 12.351098] ? preempt_count_sub+0x50/0x80 [ 12.351123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.351146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.351169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.351192] kthread+0x337/0x6f0 [ 12.351211] ? trace_preempt_on+0x20/0xc0 [ 12.351233] ? __pfx_kthread+0x10/0x10 [ 12.351254] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.351275] ? calculate_sigpending+0x7b/0xa0 [ 12.351297] ? __pfx_kthread+0x10/0x10 [ 12.351319] ret_from_fork+0x116/0x1d0 [ 12.351337] ? __pfx_kthread+0x10/0x10 [ 12.351357] ret_from_fork_asm+0x1a/0x30 [ 12.351389] </TASK> [ 12.351410] [ 12.358924] Allocated by task 176: [ 12.359213] kasan_save_stack+0x45/0x70 [ 12.359426] kasan_save_track+0x18/0x40 [ 12.359623] kasan_save_alloc_info+0x3b/0x50 [ 12.359838] __kasan_krealloc+0x190/0x1f0 [ 12.360011] krealloc_noprof+0xf3/0x340 [ 12.360154] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.360319] krealloc_less_oob+0x1c/0x30 [ 12.360508] kunit_try_run_case+0x1a5/0x480 [ 12.360770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.361022] kthread+0x337/0x6f0 [ 12.361190] ret_from_fork+0x116/0x1d0 [ 12.361379] ret_from_fork_asm+0x1a/0x30 [ 12.361584] [ 12.361919] The buggy address belongs to the object at ffff888100ab0800 [ 12.361919] which belongs to the cache kmalloc-256 of size 256 [ 12.362474] The buggy address is located 7 bytes to the right of [ 12.362474] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.362973] [ 12.363118] The buggy address belongs to the physical page: [ 12.363386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.363747] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.364022] flags: 0x200000000000040(head|node=0|zone=2) [ 12.364285] page_type: f5(slab) [ 12.364464] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.364784] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.365168] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.365486] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.365792] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.366025] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.366526] page dumped because: kasan: bad access detected [ 12.366776] [ 12.366869] Memory state around the buggy address: [ 12.367040] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.368557] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.369377] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.369784] ^ [ 12.370113] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.370423] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.370862] ================================================================== [ 12.519647] ================================================================== [ 12.519924] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520175] Write of size 1 at addr ffff8881038a20d0 by task kunit_try_catch/180 [ 12.520415] [ 12.520597] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.520640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.520651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.520676] Call Trace: [ 12.520687] <TASK> [ 12.520703] dump_stack_lvl+0x73/0xb0 [ 12.520732] print_report+0xd1/0x610 [ 12.520755] ? __virt_addr_valid+0x1db/0x2d0 [ 12.520779] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520802] ? kasan_addr_to_slab+0x11/0xa0 [ 12.520823] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520847] kasan_report+0x141/0x180 [ 12.520868] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520900] __asan_report_store1_noabort+0x1b/0x30 [ 12.520924] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.520949] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.520973] ? finish_task_switch.isra.0+0x153/0x700 [ 12.520995] ? __switch_to+0x47/0xf50 [ 12.521020] ? __schedule+0x10c6/0x2b60 [ 12.521042] ? __pfx_read_tsc+0x10/0x10 [ 12.521067] krealloc_large_less_oob+0x1c/0x30 [ 12.521089] kunit_try_run_case+0x1a5/0x480 [ 12.521113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.521135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.521158] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.521181] ? __kthread_parkme+0x82/0x180 [ 12.521200] ? preempt_count_sub+0x50/0x80 [ 12.521223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.521247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.521269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.521292] kthread+0x337/0x6f0 [ 12.521311] ? trace_preempt_on+0x20/0xc0 [ 12.521334] ? __pfx_kthread+0x10/0x10 [ 12.521354] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.521375] ? calculate_sigpending+0x7b/0xa0 [ 12.521408] ? __pfx_kthread+0x10/0x10 [ 12.521430] ret_from_fork+0x116/0x1d0 [ 12.521448] ? __pfx_kthread+0x10/0x10 [ 12.521468] ret_from_fork_asm+0x1a/0x30 [ 12.521500] </TASK> [ 12.521511] [ 12.532930] The buggy address belongs to the physical page: [ 12.533423] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.534186] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.534843] flags: 0x200000000000040(head|node=0|zone=2) [ 12.535054] page_type: f8(unknown) [ 12.535183] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.535425] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.535790] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.536434] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.537202] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.537902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.538546] page dumped because: kasan: bad access detected [ 12.539065] [ 12.539223] Memory state around the buggy address: [ 12.539696] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.540058] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.540277] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.540501] ^ [ 12.540876] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.541485] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.542155] ================================================================== [ 12.403442] ================================================================== [ 12.404200] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.404542] Write of size 1 at addr ffff888100ab08ea by task kunit_try_catch/176 [ 12.404879] [ 12.404997] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.405044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.405058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.405082] Call Trace: [ 12.405098] <TASK> [ 12.405115] dump_stack_lvl+0x73/0xb0 [ 12.405143] print_report+0xd1/0x610 [ 12.405165] ? __virt_addr_valid+0x1db/0x2d0 [ 12.405189] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.405300] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405324] kasan_report+0x141/0x180 [ 12.405346] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405375] __asan_report_store1_noabort+0x1b/0x30 [ 12.405411] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.405437] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.405459] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.405489] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.405516] krealloc_less_oob+0x1c/0x30 [ 12.405537] kunit_try_run_case+0x1a5/0x480 [ 12.405560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.405583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.405616] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.405639] ? __kthread_parkme+0x82/0x180 [ 12.405660] ? preempt_count_sub+0x50/0x80 [ 12.405684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.405707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.405730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.405753] kthread+0x337/0x6f0 [ 12.405772] ? trace_preempt_on+0x20/0xc0 [ 12.405794] ? __pfx_kthread+0x10/0x10 [ 12.405814] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.405835] ? calculate_sigpending+0x7b/0xa0 [ 12.405858] ? __pfx_kthread+0x10/0x10 [ 12.405880] ret_from_fork+0x116/0x1d0 [ 12.405898] ? __pfx_kthread+0x10/0x10 [ 12.405918] ret_from_fork_asm+0x1a/0x30 [ 12.405950] </TASK> [ 12.405960] [ 12.413667] Allocated by task 176: [ 12.413802] kasan_save_stack+0x45/0x70 [ 12.413949] kasan_save_track+0x18/0x40 [ 12.414120] kasan_save_alloc_info+0x3b/0x50 [ 12.414334] __kasan_krealloc+0x190/0x1f0 [ 12.414554] krealloc_noprof+0xf3/0x340 [ 12.414805] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.415069] krealloc_less_oob+0x1c/0x30 [ 12.415240] kunit_try_run_case+0x1a5/0x480 [ 12.415446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.415652] kthread+0x337/0x6f0 [ 12.415975] ret_from_fork+0x116/0x1d0 [ 12.416177] ret_from_fork_asm+0x1a/0x30 [ 12.416323] [ 12.416408] The buggy address belongs to the object at ffff888100ab0800 [ 12.416408] which belongs to the cache kmalloc-256 of size 256 [ 12.417425] The buggy address is located 33 bytes to the right of [ 12.417425] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.417969] [ 12.418125] The buggy address belongs to the physical page: [ 12.418352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.418731] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.418963] flags: 0x200000000000040(head|node=0|zone=2) [ 12.419141] page_type: f5(slab) [ 12.419263] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.419555] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.419946] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.420615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.420862] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.421096] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.421728] page dumped because: kasan: bad access detected [ 12.421991] [ 12.422082] Memory state around the buggy address: [ 12.422550] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.423155] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.423434] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.423685] ^ [ 12.423978] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.424368] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.424605] ================================================================== [ 12.372363] ================================================================== [ 12.372887] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.373715] Write of size 1 at addr ffff888100ab08da by task kunit_try_catch/176 [ 12.374604] [ 12.374903] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.374948] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.374960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.375066] Call Trace: [ 12.375083] <TASK> [ 12.375099] dump_stack_lvl+0x73/0xb0 [ 12.375127] print_report+0xd1/0x610 [ 12.375149] ? __virt_addr_valid+0x1db/0x2d0 [ 12.375171] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375195] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.375217] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375240] kasan_report+0x141/0x180 [ 12.375262] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375291] __asan_report_store1_noabort+0x1b/0x30 [ 12.375315] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.375340] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.375362] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.375392] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.375432] krealloc_less_oob+0x1c/0x30 [ 12.375453] kunit_try_run_case+0x1a5/0x480 [ 12.375477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.375499] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.375521] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.375544] ? __kthread_parkme+0x82/0x180 [ 12.375564] ? preempt_count_sub+0x50/0x80 [ 12.375588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.375613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.375635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.375658] kthread+0x337/0x6f0 [ 12.375677] ? trace_preempt_on+0x20/0xc0 [ 12.375699] ? __pfx_kthread+0x10/0x10 [ 12.375719] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.375740] ? calculate_sigpending+0x7b/0xa0 [ 12.375763] ? __pfx_kthread+0x10/0x10 [ 12.375784] ret_from_fork+0x116/0x1d0 [ 12.375802] ? __pfx_kthread+0x10/0x10 [ 12.375822] ret_from_fork_asm+0x1a/0x30 [ 12.375854] </TASK> [ 12.375865] [ 12.388967] Allocated by task 176: [ 12.389392] kasan_save_stack+0x45/0x70 [ 12.389799] kasan_save_track+0x18/0x40 [ 12.390182] kasan_save_alloc_info+0x3b/0x50 [ 12.390725] __kasan_krealloc+0x190/0x1f0 [ 12.391179] krealloc_noprof+0xf3/0x340 [ 12.391456] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.391640] krealloc_less_oob+0x1c/0x30 [ 12.391988] kunit_try_run_case+0x1a5/0x480 [ 12.392417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.392910] kthread+0x337/0x6f0 [ 12.393254] ret_from_fork+0x116/0x1d0 [ 12.393610] ret_from_fork_asm+0x1a/0x30 [ 12.393981] [ 12.394151] The buggy address belongs to the object at ffff888100ab0800 [ 12.394151] which belongs to the cache kmalloc-256 of size 256 [ 12.394538] The buggy address is located 17 bytes to the right of [ 12.394538] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.395702] [ 12.395866] The buggy address belongs to the physical page: [ 12.396417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.397269] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.397762] flags: 0x200000000000040(head|node=0|zone=2) [ 12.398356] page_type: f5(slab) [ 12.398575] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.398810] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.399104] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.399406] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.399693] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.400033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.400307] page dumped because: kasan: bad access detected [ 12.400568] [ 12.400699] Memory state around the buggy address: [ 12.400886] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.401180] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.401498] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.401914] ^ [ 12.402159] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.402419] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.402829] ================================================================== [ 12.327318] ================================================================== [ 12.327884] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.328315] Write of size 1 at addr ffff888100ab08c9 by task kunit_try_catch/176 [ 12.328867] [ 12.328987] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.329095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.329110] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.329131] Call Trace: [ 12.329143] <TASK> [ 12.329158] dump_stack_lvl+0x73/0xb0 [ 12.329187] print_report+0xd1/0x610 [ 12.329209] ? __virt_addr_valid+0x1db/0x2d0 [ 12.329231] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329253] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.329275] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329299] kasan_report+0x141/0x180 [ 12.329320] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329349] __asan_report_store1_noabort+0x1b/0x30 [ 12.329373] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.329411] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.329434] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.329464] ? __pfx_krealloc_less_oob+0x10/0x10 [ 12.329491] krealloc_less_oob+0x1c/0x30 [ 12.329512] kunit_try_run_case+0x1a5/0x480 [ 12.329536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.329558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.329581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.329616] ? __kthread_parkme+0x82/0x180 [ 12.329636] ? preempt_count_sub+0x50/0x80 [ 12.329660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.329683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.329706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.329728] kthread+0x337/0x6f0 [ 12.329747] ? trace_preempt_on+0x20/0xc0 [ 12.329770] ? __pfx_kthread+0x10/0x10 [ 12.329791] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.329813] ? calculate_sigpending+0x7b/0xa0 [ 12.329836] ? __pfx_kthread+0x10/0x10 [ 12.329858] ret_from_fork+0x116/0x1d0 [ 12.329877] ? __pfx_kthread+0x10/0x10 [ 12.329898] ret_from_fork_asm+0x1a/0x30 [ 12.329930] </TASK> [ 12.329940] [ 12.337861] Allocated by task 176: [ 12.338221] kasan_save_stack+0x45/0x70 [ 12.338451] kasan_save_track+0x18/0x40 [ 12.338698] kasan_save_alloc_info+0x3b/0x50 [ 12.338891] __kasan_krealloc+0x190/0x1f0 [ 12.339110] krealloc_noprof+0xf3/0x340 [ 12.339292] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.339524] krealloc_less_oob+0x1c/0x30 [ 12.339809] kunit_try_run_case+0x1a5/0x480 [ 12.339970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.340206] kthread+0x337/0x6f0 [ 12.340357] ret_from_fork+0x116/0x1d0 [ 12.340501] ret_from_fork_asm+0x1a/0x30 [ 12.340671] [ 12.340767] The buggy address belongs to the object at ffff888100ab0800 [ 12.340767] which belongs to the cache kmalloc-256 of size 256 [ 12.341364] The buggy address is located 0 bytes to the right of [ 12.341364] allocated 201-byte region [ffff888100ab0800, ffff888100ab08c9) [ 12.342110] [ 12.342214] The buggy address belongs to the physical page: [ 12.342434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 12.342779] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.343134] flags: 0x200000000000040(head|node=0|zone=2) [ 12.343330] page_type: f5(slab) [ 12.343466] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.343703] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.343936] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.344171] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.344977] head: 0200000000000001 ffffea000402ac01 00000000ffffffff 00000000ffffffff [ 12.345343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.345626] page dumped because: kasan: bad access detected [ 12.345798] [ 12.345868] Memory state around the buggy address: [ 12.346023] ffff888100ab0780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.346237] ffff888100ab0800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.347049] >ffff888100ab0880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.347381] ^ [ 12.347745] ffff888100ab0900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.348141] ffff888100ab0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.348443] ================================================================== [ 12.492297] ================================================================== [ 12.493319] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.493632] Write of size 1 at addr ffff8881038a20c9 by task kunit_try_catch/180 [ 12.494741] [ 12.494980] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.495155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.495168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.495189] Call Trace: [ 12.495202] <TASK> [ 12.495219] dump_stack_lvl+0x73/0xb0 [ 12.495251] print_report+0xd1/0x610 [ 12.495272] ? __virt_addr_valid+0x1db/0x2d0 [ 12.495294] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495316] ? kasan_addr_to_slab+0x11/0xa0 [ 12.495336] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495361] kasan_report+0x141/0x180 [ 12.495382] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495422] __asan_report_store1_noabort+0x1b/0x30 [ 12.495446] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.495471] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.495495] ? finish_task_switch.isra.0+0x153/0x700 [ 12.495516] ? __switch_to+0x47/0xf50 [ 12.495543] ? __schedule+0x10c6/0x2b60 [ 12.495566] ? __pfx_read_tsc+0x10/0x10 [ 12.495598] krealloc_large_less_oob+0x1c/0x30 [ 12.495620] kunit_try_run_case+0x1a5/0x480 [ 12.495643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495665] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.495688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.495710] ? __kthread_parkme+0x82/0x180 [ 12.495730] ? preempt_count_sub+0x50/0x80 [ 12.495752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.495798] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.495821] kthread+0x337/0x6f0 [ 12.495840] ? trace_preempt_on+0x20/0xc0 [ 12.495862] ? __pfx_kthread+0x10/0x10 [ 12.495883] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.495903] ? calculate_sigpending+0x7b/0xa0 [ 12.495926] ? __pfx_kthread+0x10/0x10 [ 12.495947] ret_from_fork+0x116/0x1d0 [ 12.495965] ? __pfx_kthread+0x10/0x10 [ 12.495985] ret_from_fork_asm+0x1a/0x30 [ 12.496018] </TASK> [ 12.496028] [ 12.510506] The buggy address belongs to the physical page: [ 12.511030] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.511279] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.511513] flags: 0x200000000000040(head|node=0|zone=2) [ 12.511706] page_type: f8(unknown) [ 12.512001] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.512305] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.512954] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.513349] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.513712] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.514213] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.514687] page dumped because: kasan: bad access detected [ 12.515035] [ 12.515141] Memory state around the buggy address: [ 12.515562] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.516006] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.516441] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.516872] ^ [ 12.517220] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.517555] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.518012] ================================================================== [ 12.543215] ================================================================== [ 12.543895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.544575] Write of size 1 at addr ffff8881038a20da by task kunit_try_catch/180 [ 12.544938] [ 12.545023] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.545063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.545074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.545095] Call Trace: [ 12.545110] <TASK> [ 12.545126] dump_stack_lvl+0x73/0xb0 [ 12.545152] print_report+0xd1/0x610 [ 12.545173] ? __virt_addr_valid+0x1db/0x2d0 [ 12.545195] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545218] ? kasan_addr_to_slab+0x11/0xa0 [ 12.545238] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545261] kasan_report+0x141/0x180 [ 12.545283] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545312] __asan_report_store1_noabort+0x1b/0x30 [ 12.545335] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.545361] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.545384] ? finish_task_switch.isra.0+0x153/0x700 [ 12.545415] ? __switch_to+0x47/0xf50 [ 12.545441] ? __schedule+0x10c6/0x2b60 [ 12.545463] ? __pfx_read_tsc+0x10/0x10 [ 12.545486] krealloc_large_less_oob+0x1c/0x30 [ 12.545508] kunit_try_run_case+0x1a5/0x480 [ 12.545532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545554] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.545577] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.545621] ? __kthread_parkme+0x82/0x180 [ 12.545642] ? preempt_count_sub+0x50/0x80 [ 12.545664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.545710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.545733] kthread+0x337/0x6f0 [ 12.545752] ? trace_preempt_on+0x20/0xc0 [ 12.545775] ? __pfx_kthread+0x10/0x10 [ 12.545795] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.545816] ? calculate_sigpending+0x7b/0xa0 [ 12.545839] ? __pfx_kthread+0x10/0x10 [ 12.545860] ret_from_fork+0x116/0x1d0 [ 12.545880] ? __pfx_kthread+0x10/0x10 [ 12.545901] ret_from_fork_asm+0x1a/0x30 [ 12.545935] </TASK> [ 12.545944] [ 12.555378] The buggy address belongs to the physical page: [ 12.555636] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038a0 [ 12.555971] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.556262] flags: 0x200000000000040(head|node=0|zone=2) [ 12.556448] page_type: f8(unknown) [ 12.556647] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.557021] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.558334] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.558984] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.559319] head: 0200000000000002 ffffea00040e2801 00000000ffffffff 00000000ffffffff [ 12.559812] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.560203] page dumped because: kasan: bad access detected [ 12.560463] [ 12.560550] Memory state around the buggy address: [ 12.561012] ffff8881038a1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.561342] ffff8881038a2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.561734] >ffff8881038a2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.562120] ^ [ 12.562548] ffff8881038a2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.562882] ffff8881038a2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.563256] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 12.303871] ================================================================== [ 12.304350] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.304742] Write of size 1 at addr ffff888100341cf0 by task kunit_try_catch/174 [ 12.305128] [ 12.305231] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.305273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.305284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.305304] Call Trace: [ 12.305317] <TASK> [ 12.305333] dump_stack_lvl+0x73/0xb0 [ 12.305362] print_report+0xd1/0x610 [ 12.305384] ? __virt_addr_valid+0x1db/0x2d0 [ 12.305417] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.305441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.305462] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.305486] kasan_report+0x141/0x180 [ 12.305507] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.305536] __asan_report_store1_noabort+0x1b/0x30 [ 12.305560] krealloc_more_oob_helper+0x7eb/0x930 [ 12.305582] ? __schedule+0x10c6/0x2b60 [ 12.305604] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.305628] ? finish_task_switch.isra.0+0x153/0x700 [ 12.305650] ? __switch_to+0x47/0xf50 [ 12.305676] ? __schedule+0x10c6/0x2b60 [ 12.305698] ? __pfx_read_tsc+0x10/0x10 [ 12.305722] krealloc_more_oob+0x1c/0x30 [ 12.305743] kunit_try_run_case+0x1a5/0x480 [ 12.305767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.305789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.305813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.305836] ? __kthread_parkme+0x82/0x180 [ 12.305857] ? preempt_count_sub+0x50/0x80 [ 12.305881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.305904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.305927] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.305950] kthread+0x337/0x6f0 [ 12.305969] ? trace_preempt_on+0x20/0xc0 [ 12.305992] ? __pfx_kthread+0x10/0x10 [ 12.306013] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.306084] ? calculate_sigpending+0x7b/0xa0 [ 12.306109] ? __pfx_kthread+0x10/0x10 [ 12.306130] ret_from_fork+0x116/0x1d0 [ 12.306149] ? __pfx_kthread+0x10/0x10 [ 12.306169] ret_from_fork_asm+0x1a/0x30 [ 12.306201] </TASK> [ 12.306211] [ 12.313954] Allocated by task 174: [ 12.314085] kasan_save_stack+0x45/0x70 [ 12.314484] kasan_save_track+0x18/0x40 [ 12.314678] kasan_save_alloc_info+0x3b/0x50 [ 12.314898] __kasan_krealloc+0x190/0x1f0 [ 12.315153] krealloc_noprof+0xf3/0x340 [ 12.315340] krealloc_more_oob_helper+0x1a9/0x930 [ 12.315529] krealloc_more_oob+0x1c/0x30 [ 12.315686] kunit_try_run_case+0x1a5/0x480 [ 12.315900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.316155] kthread+0x337/0x6f0 [ 12.316497] ret_from_fork+0x116/0x1d0 [ 12.316702] ret_from_fork_asm+0x1a/0x30 [ 12.316864] [ 12.316939] The buggy address belongs to the object at ffff888100341c00 [ 12.316939] which belongs to the cache kmalloc-256 of size 256 [ 12.317718] The buggy address is located 5 bytes to the right of [ 12.317718] allocated 235-byte region [ffff888100341c00, ffff888100341ceb) [ 12.318224] [ 12.318322] The buggy address belongs to the physical page: [ 12.318581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.318827] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.319054] flags: 0x200000000000040(head|node=0|zone=2) [ 12.319230] page_type: f5(slab) [ 12.319351] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.319656] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.320065] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.320417] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.320762] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.321231] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.321923] page dumped because: kasan: bad access detected [ 12.322372] [ 12.322485] Memory state around the buggy address: [ 12.322706] ffff888100341b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.322940] ffff888100341c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.323546] >ffff888100341c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.323866] ^ [ 12.324175] ffff888100341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.324471] ffff888100341d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.324757] ================================================================== [ 12.273938] ================================================================== [ 12.274589] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.275291] Write of size 1 at addr ffff888100341ceb by task kunit_try_catch/174 [ 12.275950] [ 12.276113] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.276193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.276208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.276229] Call Trace: [ 12.276256] <TASK> [ 12.276276] dump_stack_lvl+0x73/0xb0 [ 12.276309] print_report+0xd1/0x610 [ 12.276334] ? __virt_addr_valid+0x1db/0x2d0 [ 12.276359] ? krealloc_more_oob_helper+0x821/0x930 [ 12.276384] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.276417] ? krealloc_more_oob_helper+0x821/0x930 [ 12.276441] kasan_report+0x141/0x180 [ 12.276464] ? krealloc_more_oob_helper+0x821/0x930 [ 12.276493] __asan_report_store1_noabort+0x1b/0x30 [ 12.276517] krealloc_more_oob_helper+0x821/0x930 [ 12.276539] ? __schedule+0x10c6/0x2b60 [ 12.276562] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.276586] ? finish_task_switch.isra.0+0x153/0x700 [ 12.276610] ? __switch_to+0x47/0xf50 [ 12.276638] ? __schedule+0x10c6/0x2b60 [ 12.276659] ? __pfx_read_tsc+0x10/0x10 [ 12.276688] krealloc_more_oob+0x1c/0x30 [ 12.276709] kunit_try_run_case+0x1a5/0x480 [ 12.276734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.276756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.276781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.276804] ? __kthread_parkme+0x82/0x180 [ 12.276825] ? preempt_count_sub+0x50/0x80 [ 12.276848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.276872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.276895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.276918] kthread+0x337/0x6f0 [ 12.276937] ? trace_preempt_on+0x20/0xc0 [ 12.276961] ? __pfx_kthread+0x10/0x10 [ 12.276982] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.277003] ? calculate_sigpending+0x7b/0xa0 [ 12.277082] ? __pfx_kthread+0x10/0x10 [ 12.277106] ret_from_fork+0x116/0x1d0 [ 12.277125] ? __pfx_kthread+0x10/0x10 [ 12.277146] ret_from_fork_asm+0x1a/0x30 [ 12.277178] </TASK> [ 12.277190] [ 12.289478] Allocated by task 174: [ 12.289811] kasan_save_stack+0x45/0x70 [ 12.290226] kasan_save_track+0x18/0x40 [ 12.290840] kasan_save_alloc_info+0x3b/0x50 [ 12.291278] __kasan_krealloc+0x190/0x1f0 [ 12.291659] krealloc_noprof+0xf3/0x340 [ 12.291839] krealloc_more_oob_helper+0x1a9/0x930 [ 12.292002] krealloc_more_oob+0x1c/0x30 [ 12.292420] kunit_try_run_case+0x1a5/0x480 [ 12.292842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.293357] kthread+0x337/0x6f0 [ 12.293718] ret_from_fork+0x116/0x1d0 [ 12.293889] ret_from_fork_asm+0x1a/0x30 [ 12.294030] [ 12.294254] The buggy address belongs to the object at ffff888100341c00 [ 12.294254] which belongs to the cache kmalloc-256 of size 256 [ 12.295575] The buggy address is located 0 bytes to the right of [ 12.295575] allocated 235-byte region [ffff888100341c00, ffff888100341ceb) [ 12.296448] [ 12.296529] The buggy address belongs to the physical page: [ 12.296932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100340 [ 12.297699] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.298217] flags: 0x200000000000040(head|node=0|zone=2) [ 12.298880] page_type: f5(slab) [ 12.299196] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.299447] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.299736] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.300031] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.300340] head: 0200000000000001 ffffea000400d001 00000000ffffffff 00000000ffffffff [ 12.300681] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.301086] page dumped because: kasan: bad access detected [ 12.301261] [ 12.301336] Memory state around the buggy address: [ 12.301574] ffff888100341b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.301854] ffff888100341c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.302146] >ffff888100341c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.302464] ^ [ 12.302709] ffff888100341d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.303012] ffff888100341d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.303270] ================================================================== [ 12.449370] ================================================================== [ 12.449847] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.450156] Write of size 1 at addr ffff88810389e0eb by task kunit_try_catch/178 [ 12.450631] [ 12.450756] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.450802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.450814] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.450835] Call Trace: [ 12.450848] <TASK> [ 12.450865] dump_stack_lvl+0x73/0xb0 [ 12.450898] print_report+0xd1/0x610 [ 12.450921] ? __virt_addr_valid+0x1db/0x2d0 [ 12.450946] ? krealloc_more_oob_helper+0x821/0x930 [ 12.450970] ? kasan_addr_to_slab+0x11/0xa0 [ 12.450990] ? krealloc_more_oob_helper+0x821/0x930 [ 12.451013] kasan_report+0x141/0x180 [ 12.451274] ? krealloc_more_oob_helper+0x821/0x930 [ 12.451308] __asan_report_store1_noabort+0x1b/0x30 [ 12.451332] krealloc_more_oob_helper+0x821/0x930 [ 12.451355] ? pick_task_fair+0xc9/0x340 [ 12.451381] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.451419] ? __schedule+0x2079/0x2b60 [ 12.451440] ? schedule+0x7c/0x2e0 [ 12.451460] ? trace_hardirqs_on+0x37/0xe0 [ 12.451484] ? __schedule+0x2079/0x2b60 [ 12.451506] ? __pfx_read_tsc+0x10/0x10 [ 12.451531] krealloc_large_more_oob+0x1c/0x30 [ 12.451554] kunit_try_run_case+0x1a5/0x480 [ 12.451578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.451608] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.451631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.451654] ? __kthread_parkme+0x82/0x180 [ 12.451675] ? preempt_count_sub+0x50/0x80 [ 12.451699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.451722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.451745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.451768] kthread+0x337/0x6f0 [ 12.451787] ? trace_preempt_on+0x20/0xc0 [ 12.451809] ? __pfx_kthread+0x10/0x10 [ 12.451829] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.451850] ? calculate_sigpending+0x7b/0xa0 [ 12.451873] ? __pfx_kthread+0x10/0x10 [ 12.451895] ret_from_fork+0x116/0x1d0 [ 12.451913] ? __pfx_kthread+0x10/0x10 [ 12.451933] ret_from_fork_asm+0x1a/0x30 [ 12.451965] </TASK> [ 12.451976] [ 12.460686] The buggy address belongs to the physical page: [ 12.460924] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10389c [ 12.461882] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.462741] flags: 0x200000000000040(head|node=0|zone=2) [ 12.462995] page_type: f8(unknown) [ 12.463533] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.463845] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.464422] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.464848] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.465285] head: 0200000000000002 ffffea00040e2701 00000000ffffffff 00000000ffffffff [ 12.465591] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.466202] page dumped because: kasan: bad access detected [ 12.466406] [ 12.466635] Memory state around the buggy address: [ 12.466983] ffff88810389df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.467510] ffff88810389e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.467970] >ffff88810389e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 12.468485] ^ [ 12.468908] ffff88810389e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.469305] ffff88810389e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.469640] ================================================================== [ 12.470294] ================================================================== [ 12.470707] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.471117] Write of size 1 at addr ffff88810389e0f0 by task kunit_try_catch/178 [ 12.471954] [ 12.472142] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.472186] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.472198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.472218] Call Trace: [ 12.472232] <TASK> [ 12.472248] dump_stack_lvl+0x73/0xb0 [ 12.472278] print_report+0xd1/0x610 [ 12.472299] ? __virt_addr_valid+0x1db/0x2d0 [ 12.472321] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.472344] ? kasan_addr_to_slab+0x11/0xa0 [ 12.472364] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.472389] kasan_report+0x141/0x180 [ 12.472425] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.472454] __asan_report_store1_noabort+0x1b/0x30 [ 12.472478] krealloc_more_oob_helper+0x7eb/0x930 [ 12.472500] ? pick_task_fair+0xc9/0x340 [ 12.472525] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.472549] ? __schedule+0x2079/0x2b60 [ 12.472569] ? schedule+0x7c/0x2e0 [ 12.472589] ? trace_hardirqs_on+0x37/0xe0 [ 12.472611] ? __schedule+0x2079/0x2b60 [ 12.472633] ? __pfx_read_tsc+0x10/0x10 [ 12.472658] krealloc_large_more_oob+0x1c/0x30 [ 12.472684] kunit_try_run_case+0x1a5/0x480 [ 12.472707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.472729] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.472752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.472775] ? __kthread_parkme+0x82/0x180 [ 12.472795] ? preempt_count_sub+0x50/0x80 [ 12.472819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.472842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.472865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.472887] kthread+0x337/0x6f0 [ 12.472906] ? trace_preempt_on+0x20/0xc0 [ 12.472928] ? __pfx_kthread+0x10/0x10 [ 12.472948] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.472969] ? calculate_sigpending+0x7b/0xa0 [ 12.472992] ? __pfx_kthread+0x10/0x10 [ 12.473014] ret_from_fork+0x116/0x1d0 [ 12.473031] ? __pfx_kthread+0x10/0x10 [ 12.473052] ret_from_fork_asm+0x1a/0x30 [ 12.473084] </TASK> [ 12.473094] [ 12.481132] The buggy address belongs to the physical page: [ 12.481391] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10389c [ 12.481904] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.482140] flags: 0x200000000000040(head|node=0|zone=2) [ 12.482318] page_type: f8(unknown) [ 12.482563] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.483355] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.483742] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.484087] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.484449] head: 0200000000000002 ffffea00040e2701 00000000ffffffff 00000000ffffffff [ 12.484752] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.485079] page dumped because: kasan: bad access detected [ 12.485256] [ 12.485329] Memory state around the buggy address: [ 12.485498] ffff88810389df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.485807] ffff88810389e000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.486307] >ffff88810389e080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 12.486720] ^ [ 12.487228] ffff88810389e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.487482] ffff88810389e180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.488089] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 12.243531] ================================================================== [ 12.244168] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 12.244785] Read of size 1 at addr ffff888103940000 by task kunit_try_catch/172 [ 12.245091] [ 12.245182] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.245228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.245240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.245262] Call Trace: [ 12.245320] <TASK> [ 12.245339] dump_stack_lvl+0x73/0xb0 [ 12.245368] print_report+0xd1/0x610 [ 12.245390] ? __virt_addr_valid+0x1db/0x2d0 [ 12.245427] ? page_alloc_uaf+0x356/0x3d0 [ 12.245448] ? kasan_addr_to_slab+0x11/0xa0 [ 12.245468] ? page_alloc_uaf+0x356/0x3d0 [ 12.245491] kasan_report+0x141/0x180 [ 12.245513] ? page_alloc_uaf+0x356/0x3d0 [ 12.245540] __asan_report_load1_noabort+0x18/0x20 [ 12.245564] page_alloc_uaf+0x356/0x3d0 [ 12.245586] ? __pfx_page_alloc_uaf+0x10/0x10 [ 12.245608] ? irqentry_exit+0x2a/0x60 [ 12.245630] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.245654] ? trace_hardirqs_on+0x37/0xe0 [ 12.245676] ? __pfx_read_tsc+0x10/0x10 [ 12.245698] ? ktime_get_ts64+0x86/0x230 [ 12.245722] kunit_try_run_case+0x1a5/0x480 [ 12.245746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.245769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.245792] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.245816] ? __kthread_parkme+0x82/0x180 [ 12.245836] ? preempt_count_sub+0x50/0x80 [ 12.245861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.245885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.245909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.245934] kthread+0x337/0x6f0 [ 12.245954] ? trace_preempt_on+0x20/0xc0 [ 12.245976] ? __pfx_kthread+0x10/0x10 [ 12.245997] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.246018] ? calculate_sigpending+0x7b/0xa0 [ 12.246074] ? __pfx_kthread+0x10/0x10 [ 12.246098] ret_from_fork+0x116/0x1d0 [ 12.246117] ? __pfx_kthread+0x10/0x10 [ 12.246138] ret_from_fork_asm+0x1a/0x30 [ 12.246171] </TASK> [ 12.246181] [ 12.263829] The buggy address belongs to the physical page: [ 12.264022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103940 [ 12.264277] flags: 0x200000000000000(node=0|zone=2) [ 12.264482] page_type: f0(buddy) [ 12.265084] raw: 0200000000000000 ffff88817fffb4f0 ffff88817fffb4f0 0000000000000000 [ 12.265566] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 12.266061] page dumped because: kasan: bad access detected [ 12.266539] [ 12.266785] Memory state around the buggy address: [ 12.267225] ffff88810393ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.267542] ffff88810393ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.268253] >ffff888103940000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.268654] ^ [ 12.268822] ffff888103940080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.269544] ffff888103940100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.270342] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 12.218914] ================================================================== [ 12.219752] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 12.220122] Free of addr ffff8881038cc001 by task kunit_try_catch/168 [ 12.220376] [ 12.220504] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.220547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.220558] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.220578] Call Trace: [ 12.220590] <TASK> [ 12.220605] dump_stack_lvl+0x73/0xb0 [ 12.220634] print_report+0xd1/0x610 [ 12.220657] ? __virt_addr_valid+0x1db/0x2d0 [ 12.220684] ? kasan_addr_to_slab+0x11/0xa0 [ 12.220705] ? kfree+0x274/0x3f0 [ 12.220726] kasan_report_invalid_free+0x10a/0x130 [ 12.220750] ? kfree+0x274/0x3f0 [ 12.220773] ? kfree+0x274/0x3f0 [ 12.220793] __kasan_kfree_large+0x86/0xd0 [ 12.220814] free_large_kmalloc+0x4b/0x110 [ 12.220837] kfree+0x274/0x3f0 [ 12.220862] kmalloc_large_invalid_free+0x120/0x2b0 [ 12.220884] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.220907] ? __schedule+0x10c6/0x2b60 [ 12.220929] ? __pfx_read_tsc+0x10/0x10 [ 12.220949] ? ktime_get_ts64+0x86/0x230 [ 12.220973] kunit_try_run_case+0x1a5/0x480 [ 12.220996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.221018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.221054] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.221076] ? __kthread_parkme+0x82/0x180 [ 12.221096] ? preempt_count_sub+0x50/0x80 [ 12.221119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.221143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.221165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.221188] kthread+0x337/0x6f0 [ 12.221206] ? trace_preempt_on+0x20/0xc0 [ 12.221229] ? __pfx_kthread+0x10/0x10 [ 12.221249] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.221270] ? calculate_sigpending+0x7b/0xa0 [ 12.221292] ? __pfx_kthread+0x10/0x10 [ 12.221313] ret_from_fork+0x116/0x1d0 [ 12.221331] ? __pfx_kthread+0x10/0x10 [ 12.221351] ret_from_fork_asm+0x1a/0x30 [ 12.221382] </TASK> [ 12.221392] [ 12.228859] The buggy address belongs to the physical page: [ 12.229219] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038cc [ 12.229550] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.229895] flags: 0x200000000000040(head|node=0|zone=2) [ 12.230190] page_type: f8(unknown) [ 12.230382] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.230790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.231046] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.231433] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.231791] head: 0200000000000002 ffffea00040e3301 00000000ffffffff 00000000ffffffff [ 12.232262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.232616] page dumped because: kasan: bad access detected [ 12.232829] [ 12.232901] Memory state around the buggy address: [ 12.233196] ffff8881038cbf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.233538] ffff8881038cbf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.233882] >ffff8881038cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.234216] ^ [ 12.234338] ffff8881038cc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.234570] ffff8881038cc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.234809] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 12.200444] ================================================================== [ 12.201509] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 12.201815] Read of size 1 at addr ffff88810389c000 by task kunit_try_catch/166 [ 12.202278] [ 12.202382] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.202441] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.202453] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.202473] Call Trace: [ 12.202488] <TASK> [ 12.202505] dump_stack_lvl+0x73/0xb0 [ 12.202536] print_report+0xd1/0x610 [ 12.202560] ? __virt_addr_valid+0x1db/0x2d0 [ 12.202582] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.202603] ? kasan_addr_to_slab+0x11/0xa0 [ 12.202623] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.202644] kasan_report+0x141/0x180 [ 12.202666] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.202693] __asan_report_load1_noabort+0x18/0x20 [ 12.202716] kmalloc_large_uaf+0x2f1/0x340 [ 12.202737] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 12.202758] ? __schedule+0x10c6/0x2b60 [ 12.202781] ? __pfx_read_tsc+0x10/0x10 [ 12.202803] ? ktime_get_ts64+0x86/0x230 [ 12.202828] kunit_try_run_case+0x1a5/0x480 [ 12.202853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.202875] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.202898] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.202921] ? __kthread_parkme+0x82/0x180 [ 12.202942] ? preempt_count_sub+0x50/0x80 [ 12.202967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.202991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.203014] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.203097] kthread+0x337/0x6f0 [ 12.203117] ? trace_preempt_on+0x20/0xc0 [ 12.203142] ? __pfx_kthread+0x10/0x10 [ 12.203162] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.203184] ? calculate_sigpending+0x7b/0xa0 [ 12.203207] ? __pfx_kthread+0x10/0x10 [ 12.203230] ret_from_fork+0x116/0x1d0 [ 12.203248] ? __pfx_kthread+0x10/0x10 [ 12.203268] ret_from_fork_asm+0x1a/0x30 [ 12.203301] </TASK> [ 12.203312] [ 12.210955] The buggy address belongs to the physical page: [ 12.211370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10389c [ 12.211948] flags: 0x200000000000000(node=0|zone=2) [ 12.212131] raw: 0200000000000000 ffffea00040e2808 ffff88815b039f80 0000000000000000 [ 12.212457] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.213213] page dumped because: kasan: bad access detected [ 12.213462] [ 12.213535] Memory state around the buggy address: [ 12.213694] ffff88810389bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.214124] ffff88810389bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.214503] >ffff88810389c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.214752] ^ [ 12.214871] ffff88810389c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.215099] ffff88810389c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.216430] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 12.171418] ================================================================== [ 12.171909] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.172532] Write of size 1 at addr ffff88810389e00a by task kunit_try_catch/164 [ 12.172833] [ 12.172993] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.173036] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.173048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.173068] Call Trace: [ 12.173079] <TASK> [ 12.173095] dump_stack_lvl+0x73/0xb0 [ 12.173127] print_report+0xd1/0x610 [ 12.173150] ? __virt_addr_valid+0x1db/0x2d0 [ 12.173227] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.173250] ? kasan_addr_to_slab+0x11/0xa0 [ 12.173271] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.173293] kasan_report+0x141/0x180 [ 12.173315] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.173342] __asan_report_store1_noabort+0x1b/0x30 [ 12.173366] kmalloc_large_oob_right+0x2e9/0x330 [ 12.173388] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.173423] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.173448] ? trace_hardirqs_on+0x37/0xe0 [ 12.173471] ? __pfx_read_tsc+0x10/0x10 [ 12.173491] ? ktime_get_ts64+0x86/0x230 [ 12.173518] kunit_try_run_case+0x1a5/0x480 [ 12.173543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.173568] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.173592] ? __kthread_parkme+0x82/0x180 [ 12.173613] ? preempt_count_sub+0x50/0x80 [ 12.173637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.173661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.173683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.173706] kthread+0x337/0x6f0 [ 12.173726] ? trace_preempt_on+0x20/0xc0 [ 12.173756] ? __pfx_kthread+0x10/0x10 [ 12.173776] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.173797] ? calculate_sigpending+0x7b/0xa0 [ 12.173822] ? __pfx_kthread+0x10/0x10 [ 12.173843] ret_from_fork+0x116/0x1d0 [ 12.173862] ? __pfx_kthread+0x10/0x10 [ 12.173883] ret_from_fork_asm+0x1a/0x30 [ 12.173916] </TASK> [ 12.173928] [ 12.188289] The buggy address belongs to the physical page: [ 12.188497] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10389c [ 12.189430] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.190492] flags: 0x200000000000040(head|node=0|zone=2) [ 12.191392] page_type: f8(unknown) [ 12.191574] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.191815] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.192073] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.192331] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.192675] head: 0200000000000002 ffffea00040e2701 00000000ffffffff 00000000ffffffff [ 12.193147] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.193463] page dumped because: kasan: bad access detected [ 12.193680] [ 12.193797] Memory state around the buggy address: [ 12.194026] ffff88810389df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.194423] ffff88810389df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.194678] >ffff88810389e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.195160] ^ [ 12.195330] ffff88810389e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.195574] ffff88810389e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.195886] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 12.145994] ================================================================== [ 12.146683] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 12.146990] Write of size 1 at addr ffff8881029cdf00 by task kunit_try_catch/162 [ 12.147415] [ 12.147531] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.147579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.147591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.147614] Call Trace: [ 12.147625] <TASK> [ 12.147641] dump_stack_lvl+0x73/0xb0 [ 12.147671] print_report+0xd1/0x610 [ 12.147693] ? __virt_addr_valid+0x1db/0x2d0 [ 12.147715] ? kmalloc_big_oob_right+0x316/0x370 [ 12.147737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.147758] ? kmalloc_big_oob_right+0x316/0x370 [ 12.147780] kasan_report+0x141/0x180 [ 12.147803] ? kmalloc_big_oob_right+0x316/0x370 [ 12.147831] __asan_report_store1_noabort+0x1b/0x30 [ 12.147855] kmalloc_big_oob_right+0x316/0x370 [ 12.147877] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 12.147899] ? __schedule+0x10c6/0x2b60 [ 12.147922] ? __pfx_read_tsc+0x10/0x10 [ 12.147943] ? ktime_get_ts64+0x86/0x230 [ 12.147968] kunit_try_run_case+0x1a5/0x480 [ 12.147992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.148015] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.148093] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.148120] ? __kthread_parkme+0x82/0x180 [ 12.148142] ? preempt_count_sub+0x50/0x80 [ 12.148166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.148190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.148213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.148237] kthread+0x337/0x6f0 [ 12.148256] ? trace_preempt_on+0x20/0xc0 [ 12.148280] ? __pfx_kthread+0x10/0x10 [ 12.148300] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.148321] ? calculate_sigpending+0x7b/0xa0 [ 12.148345] ? __pfx_kthread+0x10/0x10 [ 12.148366] ret_from_fork+0x116/0x1d0 [ 12.148384] ? __pfx_kthread+0x10/0x10 [ 12.148418] ret_from_fork_asm+0x1a/0x30 [ 12.148451] </TASK> [ 12.148461] [ 12.156245] Allocated by task 162: [ 12.156381] kasan_save_stack+0x45/0x70 [ 12.156536] kasan_save_track+0x18/0x40 [ 12.156899] kasan_save_alloc_info+0x3b/0x50 [ 12.157153] __kasan_kmalloc+0xb7/0xc0 [ 12.157422] __kmalloc_cache_noprof+0x189/0x420 [ 12.157677] kmalloc_big_oob_right+0xa9/0x370 [ 12.157859] kunit_try_run_case+0x1a5/0x480 [ 12.158087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.158278] kthread+0x337/0x6f0 [ 12.158465] ret_from_fork+0x116/0x1d0 [ 12.158707] ret_from_fork_asm+0x1a/0x30 [ 12.158879] [ 12.158963] The buggy address belongs to the object at ffff8881029cc000 [ 12.158963] which belongs to the cache kmalloc-8k of size 8192 [ 12.159481] The buggy address is located 0 bytes to the right of [ 12.159481] allocated 7936-byte region [ffff8881029cc000, ffff8881029cdf00) [ 12.160064] [ 12.160169] The buggy address belongs to the physical page: [ 12.160388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029c8 [ 12.160756] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.160979] flags: 0x200000000000040(head|node=0|zone=2) [ 12.161152] page_type: f5(slab) [ 12.161270] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.161556] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.162310] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.162736] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.163139] head: 0200000000000003 ffffea00040a7201 00000000ffffffff 00000000ffffffff [ 12.163460] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.163685] page dumped because: kasan: bad access detected [ 12.164182] [ 12.164287] Memory state around the buggy address: [ 12.164491] ffff8881029cde00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.164819] ffff8881029cde80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.165184] >ffff8881029cdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.165543] ^ [ 12.165706] ffff8881029cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.165977] ffff8881029ce000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.166391] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 12.092003] ================================================================== [ 12.092953] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.093229] Write of size 1 at addr ffff888101bc1378 by task kunit_try_catch/160 [ 12.094420] [ 12.094799] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.094850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.094862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.094893] Call Trace: [ 12.094905] <TASK> [ 12.094922] dump_stack_lvl+0x73/0xb0 [ 12.094952] print_report+0xd1/0x610 [ 12.094974] ? __virt_addr_valid+0x1db/0x2d0 [ 12.094997] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095188] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.095217] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095242] kasan_report+0x141/0x180 [ 12.095265] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095304] __asan_report_store1_noabort+0x1b/0x30 [ 12.095329] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.095353] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.095379] ? __schedule+0x10c6/0x2b60 [ 12.095410] ? __pfx_read_tsc+0x10/0x10 [ 12.095430] ? ktime_get_ts64+0x86/0x230 [ 12.095456] kunit_try_run_case+0x1a5/0x480 [ 12.095480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.095501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.095523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.095546] ? __kthread_parkme+0x82/0x180 [ 12.095566] ? preempt_count_sub+0x50/0x80 [ 12.095637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.095661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.095683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.095706] kthread+0x337/0x6f0 [ 12.095725] ? trace_preempt_on+0x20/0xc0 [ 12.095749] ? __pfx_kthread+0x10/0x10 [ 12.095769] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.095790] ? calculate_sigpending+0x7b/0xa0 [ 12.095813] ? __pfx_kthread+0x10/0x10 [ 12.095834] ret_from_fork+0x116/0x1d0 [ 12.095852] ? __pfx_kthread+0x10/0x10 [ 12.095872] ret_from_fork_asm+0x1a/0x30 [ 12.095903] </TASK> [ 12.095914] [ 12.107828] Allocated by task 160: [ 12.108251] kasan_save_stack+0x45/0x70 [ 12.108727] kasan_save_track+0x18/0x40 [ 12.109183] kasan_save_alloc_info+0x3b/0x50 [ 12.109700] __kasan_kmalloc+0xb7/0xc0 [ 12.110070] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.110800] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.111490] kunit_try_run_case+0x1a5/0x480 [ 12.112208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.112852] kthread+0x337/0x6f0 [ 12.113192] ret_from_fork+0x116/0x1d0 [ 12.113702] ret_from_fork_asm+0x1a/0x30 [ 12.114129] [ 12.114213] The buggy address belongs to the object at ffff888101bc1300 [ 12.114213] which belongs to the cache kmalloc-128 of size 128 [ 12.114576] The buggy address is located 0 bytes to the right of [ 12.114576] allocated 120-byte region [ffff888101bc1300, ffff888101bc1378) [ 12.114937] [ 12.115010] The buggy address belongs to the physical page: [ 12.115179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 12.115485] flags: 0x200000000000000(node=0|zone=2) [ 12.115916] page_type: f5(slab) [ 12.116222] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.116919] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.117777] page dumped because: kasan: bad access detected [ 12.118347] [ 12.118523] Memory state around the buggy address: [ 12.118978] ffff888101bc1200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.119871] ffff888101bc1280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.120637] >ffff888101bc1300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.121323] ^ [ 12.121989] ffff888101bc1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.122923] ffff888101bc1400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.123631] ================================================================== [ 12.124210] ================================================================== [ 12.124467] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.124756] Write of size 1 at addr ffff888101bc1478 by task kunit_try_catch/160 [ 12.125044] [ 12.125130] CPU: 1 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.125173] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.125184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.125206] Call Trace: [ 12.125217] <TASK> [ 12.125378] dump_stack_lvl+0x73/0xb0 [ 12.125426] print_report+0xd1/0x610 [ 12.125449] ? __virt_addr_valid+0x1db/0x2d0 [ 12.125473] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125498] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.125519] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125544] kasan_report+0x141/0x180 [ 12.125566] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125597] __asan_report_store1_noabort+0x1b/0x30 [ 12.125621] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 12.125645] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.125671] ? __schedule+0x10c6/0x2b60 [ 12.125693] ? __pfx_read_tsc+0x10/0x10 [ 12.125713] ? ktime_get_ts64+0x86/0x230 [ 12.125737] kunit_try_run_case+0x1a5/0x480 [ 12.125760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.125783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.125805] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.125828] ? __kthread_parkme+0x82/0x180 [ 12.125848] ? preempt_count_sub+0x50/0x80 [ 12.125872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.125895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.125918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.125941] kthread+0x337/0x6f0 [ 12.125960] ? trace_preempt_on+0x20/0xc0 [ 12.125983] ? __pfx_kthread+0x10/0x10 [ 12.126003] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.126024] ? calculate_sigpending+0x7b/0xa0 [ 12.126469] ? __pfx_kthread+0x10/0x10 [ 12.126493] ret_from_fork+0x116/0x1d0 [ 12.126512] ? __pfx_kthread+0x10/0x10 [ 12.126533] ret_from_fork_asm+0x1a/0x30 [ 12.126564] </TASK> [ 12.126575] [ 12.134138] Allocated by task 160: [ 12.134314] kasan_save_stack+0x45/0x70 [ 12.134526] kasan_save_track+0x18/0x40 [ 12.134861] kasan_save_alloc_info+0x3b/0x50 [ 12.135018] __kasan_kmalloc+0xb7/0xc0 [ 12.135252] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.135496] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.135762] kunit_try_run_case+0x1a5/0x480 [ 12.135954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.136233] kthread+0x337/0x6f0 [ 12.136392] ret_from_fork+0x116/0x1d0 [ 12.136579] ret_from_fork_asm+0x1a/0x30 [ 12.136767] [ 12.136849] The buggy address belongs to the object at ffff888101bc1400 [ 12.136849] which belongs to the cache kmalloc-128 of size 128 [ 12.137509] The buggy address is located 0 bytes to the right of [ 12.137509] allocated 120-byte region [ffff888101bc1400, ffff888101bc1478) [ 12.138102] [ 12.138208] The buggy address belongs to the physical page: [ 12.138424] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101bc1 [ 12.138834] flags: 0x200000000000000(node=0|zone=2) [ 12.139081] page_type: f5(slab) [ 12.139212] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.139551] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.139902] page dumped because: kasan: bad access detected [ 12.140189] [ 12.140283] Memory state around the buggy address: [ 12.140504] ffff888101bc1300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.140862] ffff888101bc1380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.141221] >ffff888101bc1400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.141485] ^ [ 12.141763] ffff888101bc1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.142269] ffff888101bc1500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.142596] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 12.063812] ================================================================== [ 12.064473] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 12.064948] Read of size 1 at addr ffff888102867000 by task kunit_try_catch/158 [ 12.065472] [ 12.065627] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.065674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.065687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.065709] Call Trace: [ 12.065722] <TASK> [ 12.065738] dump_stack_lvl+0x73/0xb0 [ 12.065824] print_report+0xd1/0x610 [ 12.065847] ? __virt_addr_valid+0x1db/0x2d0 [ 12.065881] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.065947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.065970] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.066004] kasan_report+0x141/0x180 [ 12.066026] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.066055] __asan_report_load1_noabort+0x18/0x20 [ 12.066079] kmalloc_node_oob_right+0x369/0x3c0 [ 12.066103] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 12.066127] ? __schedule+0x2079/0x2b60 [ 12.066150] ? __pfx_read_tsc+0x10/0x10 [ 12.066171] ? ktime_get_ts64+0x86/0x230 [ 12.066197] kunit_try_run_case+0x1a5/0x480 [ 12.066221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.066243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.066266] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.066290] ? __kthread_parkme+0x82/0x180 [ 12.066311] ? preempt_count_sub+0x50/0x80 [ 12.066335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.066359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.066382] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.066415] kthread+0x337/0x6f0 [ 12.066434] ? trace_preempt_on+0x20/0xc0 [ 12.066457] ? __pfx_kthread+0x10/0x10 [ 12.066478] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.066499] ? calculate_sigpending+0x7b/0xa0 [ 12.066522] ? __pfx_kthread+0x10/0x10 [ 12.066544] ret_from_fork+0x116/0x1d0 [ 12.066562] ? __pfx_kthread+0x10/0x10 [ 12.066582] ret_from_fork_asm+0x1a/0x30 [ 12.066627] </TASK> [ 12.066637] [ 12.076727] Allocated by task 158: [ 12.076962] kasan_save_stack+0x45/0x70 [ 12.077215] kasan_save_track+0x18/0x40 [ 12.077370] kasan_save_alloc_info+0x3b/0x50 [ 12.077730] __kasan_kmalloc+0xb7/0xc0 [ 12.077978] __kmalloc_cache_node_noprof+0x188/0x420 [ 12.078387] kmalloc_node_oob_right+0xab/0x3c0 [ 12.078669] kunit_try_run_case+0x1a5/0x480 [ 12.078912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.079327] kthread+0x337/0x6f0 [ 12.079467] ret_from_fork+0x116/0x1d0 [ 12.079848] ret_from_fork_asm+0x1a/0x30 [ 12.080003] [ 12.080152] The buggy address belongs to the object at ffff888102866000 [ 12.080152] which belongs to the cache kmalloc-4k of size 4096 [ 12.080969] The buggy address is located 0 bytes to the right of [ 12.080969] allocated 4096-byte region [ffff888102866000, ffff888102867000) [ 12.081584] [ 12.081666] The buggy address belongs to the physical page: [ 12.081984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102860 [ 12.082652] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.083028] flags: 0x200000000000040(head|node=0|zone=2) [ 12.083494] page_type: f5(slab) [ 12.083674] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.083995] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.084477] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.084844] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.085365] head: 0200000000000003 ffffea00040a1801 00000000ffffffff 00000000ffffffff [ 12.085706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.086087] page dumped because: kasan: bad access detected [ 12.086372] [ 12.086635] Memory state around the buggy address: [ 12.086843] ffff888102866f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.087234] ffff888102866f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.087520] >ffff888102867000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.087861] ^ [ 12.087999] ffff888102867080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.088316] ffff888102867100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.088660] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 12.032982] ================================================================== [ 12.033617] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 12.033966] Read of size 1 at addr ffff888101b1cbbf by task kunit_try_catch/156 [ 12.034307] [ 12.034453] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.034499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.034534] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.034556] Call Trace: [ 12.034570] <TASK> [ 12.034589] dump_stack_lvl+0x73/0xb0 [ 12.034620] print_report+0xd1/0x610 [ 12.034642] ? __virt_addr_valid+0x1db/0x2d0 [ 12.034684] ? kmalloc_oob_left+0x361/0x3c0 [ 12.034704] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.034726] ? kmalloc_oob_left+0x361/0x3c0 [ 12.034747] kasan_report+0x141/0x180 [ 12.034769] ? kmalloc_oob_left+0x361/0x3c0 [ 12.034795] __asan_report_load1_noabort+0x18/0x20 [ 12.034819] kmalloc_oob_left+0x361/0x3c0 [ 12.034840] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 12.034862] ? __schedule+0x10c6/0x2b60 [ 12.034885] ? __pfx_read_tsc+0x10/0x10 [ 12.034906] ? ktime_get_ts64+0x86/0x230 [ 12.034932] kunit_try_run_case+0x1a5/0x480 [ 12.034974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.034996] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.035019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.035090] ? __kthread_parkme+0x82/0x180 [ 12.035112] ? preempt_count_sub+0x50/0x80 [ 12.035137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.035161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.035203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.035226] kthread+0x337/0x6f0 [ 12.035245] ? trace_preempt_on+0x20/0xc0 [ 12.035269] ? __pfx_kthread+0x10/0x10 [ 12.035289] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.035311] ? calculate_sigpending+0x7b/0xa0 [ 12.035334] ? __pfx_kthread+0x10/0x10 [ 12.035356] ret_from_fork+0x116/0x1d0 [ 12.035374] ? __pfx_kthread+0x10/0x10 [ 12.035394] ret_from_fork_asm+0x1a/0x30 [ 12.035439] </TASK> [ 12.035451] [ 12.043279] Allocated by task 1: [ 12.043424] kasan_save_stack+0x45/0x70 [ 12.043595] kasan_save_track+0x18/0x40 [ 12.043787] kasan_save_alloc_info+0x3b/0x50 [ 12.043999] __kasan_kmalloc+0xb7/0xc0 [ 12.044187] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.044687] kvasprintf+0xc5/0x150 [ 12.044862] __kthread_create_on_node+0x18b/0x3a0 [ 12.045107] kthread_create_on_node+0xab/0xe0 [ 12.045354] cryptomgr_notify+0x704/0x9f0 [ 12.045631] notifier_call_chain+0xcb/0x250 [ 12.045838] blocking_notifier_call_chain+0x64/0x90 [ 12.046069] crypto_alg_mod_lookup+0x21f/0x440 [ 12.046354] crypto_alloc_tfm_node+0xc5/0x1f0 [ 12.046516] crypto_alloc_sig+0x23/0x30 [ 12.046655] public_key_verify_signature+0x208/0x9f0 [ 12.046825] x509_check_for_self_signed+0x2cb/0x480 [ 12.046990] x509_cert_parse+0x59c/0x830 [ 12.047258] x509_key_preparse+0x68/0x8a0 [ 12.047502] asymmetric_key_preparse+0xb1/0x160 [ 12.047742] __key_create_or_update+0x43d/0xcc0 [ 12.047975] key_create_or_update+0x17/0x20 [ 12.048193] x509_load_certificate_list+0x174/0x200 [ 12.048456] regulatory_init_db+0xee/0x3a0 [ 12.048763] do_one_initcall+0xd8/0x370 [ 12.048973] kernel_init_freeable+0x420/0x6f0 [ 12.049275] kernel_init+0x23/0x1e0 [ 12.049493] ret_from_fork+0x116/0x1d0 [ 12.049680] ret_from_fork_asm+0x1a/0x30 [ 12.049882] [ 12.050017] Freed by task 0: [ 12.050190] kasan_save_stack+0x45/0x70 [ 12.050509] kasan_save_track+0x18/0x40 [ 12.050711] kasan_save_free_info+0x3f/0x60 [ 12.050917] __kasan_slab_free+0x56/0x70 [ 12.051058] kfree+0x222/0x3f0 [ 12.051180] free_kthread_struct+0xeb/0x150 [ 12.051327] free_task+0xf3/0x130 [ 12.051674] __put_task_struct+0x1c8/0x480 [ 12.051918] delayed_put_task_struct+0x10a/0x150 [ 12.052165] rcu_core+0x66f/0x1c40 [ 12.052365] rcu_core_si+0x12/0x20 [ 12.052574] handle_softirqs+0x209/0x730 [ 12.052843] __irq_exit_rcu+0xc9/0x110 [ 12.053143] irq_exit_rcu+0x12/0x20 [ 12.053302] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.053545] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.053805] [ 12.053884] The buggy address belongs to the object at ffff888101b1cba0 [ 12.053884] which belongs to the cache kmalloc-16 of size 16 [ 12.054351] The buggy address is located 15 bytes to the right of [ 12.054351] allocated 16-byte region [ffff888101b1cba0, ffff888101b1cbb0) [ 12.055110] [ 12.055216] The buggy address belongs to the physical page: [ 12.055459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101b1c [ 12.055801] flags: 0x200000000000000(node=0|zone=2) [ 12.056041] page_type: f5(slab) [ 12.056232] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.056602] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.056937] page dumped because: kasan: bad access detected [ 12.057198] [ 12.057291] Memory state around the buggy address: [ 12.057521] ffff888101b1ca80: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 12.057827] ffff888101b1cb00: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 12.058038] >ffff888101b1cb80: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 12.058242] ^ [ 12.058743] ffff888101b1cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.059365] ffff888101b1cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.060072] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 11.987832] ================================================================== [ 11.988243] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 11.988546] Write of size 1 at addr ffff88810313a378 by task kunit_try_catch/154 [ 11.988876] [ 11.988986] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 11.989028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.989040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.989063] Call Trace: [ 11.989078] <TASK> [ 11.989094] dump_stack_lvl+0x73/0xb0 [ 11.989121] print_report+0xd1/0x610 [ 11.989143] ? __virt_addr_valid+0x1db/0x2d0 [ 11.989166] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.989187] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.989209] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.989231] kasan_report+0x141/0x180 [ 11.989320] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.989371] __asan_report_store1_noabort+0x1b/0x30 [ 11.989408] kmalloc_oob_right+0x6bd/0x7f0 [ 11.989434] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.989458] ? __schedule+0x10c6/0x2b60 [ 11.989499] ? __pfx_read_tsc+0x10/0x10 [ 11.989520] ? ktime_get_ts64+0x86/0x230 [ 11.989544] kunit_try_run_case+0x1a5/0x480 [ 11.989569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.989602] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.989624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.989648] ? __kthread_parkme+0x82/0x180 [ 11.989669] ? preempt_count_sub+0x50/0x80 [ 11.989692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.989716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.989739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.989762] kthread+0x337/0x6f0 [ 11.989780] ? trace_preempt_on+0x20/0xc0 [ 11.989803] ? __pfx_kthread+0x10/0x10 [ 11.989842] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.989863] ? calculate_sigpending+0x7b/0xa0 [ 11.989887] ? __pfx_kthread+0x10/0x10 [ 11.989909] ret_from_fork+0x116/0x1d0 [ 11.989943] ? __pfx_kthread+0x10/0x10 [ 11.989963] ret_from_fork_asm+0x1a/0x30 [ 11.989996] </TASK> [ 11.990006] [ 11.998852] Allocated by task 154: [ 11.999193] kasan_save_stack+0x45/0x70 [ 11.999393] kasan_save_track+0x18/0x40 [ 11.999604] kasan_save_alloc_info+0x3b/0x50 [ 11.999811] __kasan_kmalloc+0xb7/0xc0 [ 11.999995] __kmalloc_cache_noprof+0x189/0x420 [ 12.000287] kmalloc_oob_right+0xa9/0x7f0 [ 12.000504] kunit_try_run_case+0x1a5/0x480 [ 12.000719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.000984] kthread+0x337/0x6f0 [ 12.001233] ret_from_fork+0x116/0x1d0 [ 12.001448] ret_from_fork_asm+0x1a/0x30 [ 12.001641] [ 12.001746] The buggy address belongs to the object at ffff88810313a300 [ 12.001746] which belongs to the cache kmalloc-128 of size 128 [ 12.002344] The buggy address is located 5 bytes to the right of [ 12.002344] allocated 115-byte region [ffff88810313a300, ffff88810313a373) [ 12.002981] [ 12.003091] The buggy address belongs to the physical page: [ 12.003357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.003733] flags: 0x200000000000000(node=0|zone=2) [ 12.003971] page_type: f5(slab) [ 12.004135] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.004474] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.004918] page dumped because: kasan: bad access detected [ 12.005085] [ 12.005152] Memory state around the buggy address: [ 12.005526] ffff88810313a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.006213] ffff88810313a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.006521] >ffff88810313a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.006728] ^ [ 12.007189] ffff88810313a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.007521] ffff88810313a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.007823] ================================================================== [ 12.008569] ================================================================== [ 12.008917] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 12.009282] Read of size 1 at addr ffff88810313a380 by task kunit_try_catch/154 [ 12.009700] [ 12.009790] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.009831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.009842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.009888] Call Trace: [ 12.009902] <TASK> [ 12.009916] dump_stack_lvl+0x73/0xb0 [ 12.009942] print_report+0xd1/0x610 [ 12.009982] ? __virt_addr_valid+0x1db/0x2d0 [ 12.010006] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.010027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.010096] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.010123] kasan_report+0x141/0x180 [ 12.010145] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.010172] __asan_report_load1_noabort+0x18/0x20 [ 12.010196] kmalloc_oob_right+0x68a/0x7f0 [ 12.010219] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 12.010241] ? __schedule+0x10c6/0x2b60 [ 12.010263] ? __pfx_read_tsc+0x10/0x10 [ 12.010284] ? ktime_get_ts64+0x86/0x230 [ 12.010331] kunit_try_run_case+0x1a5/0x480 [ 12.010369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.010417] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.010453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.010477] ? __kthread_parkme+0x82/0x180 [ 12.010511] ? preempt_count_sub+0x50/0x80 [ 12.010535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.010559] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.010582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.010612] kthread+0x337/0x6f0 [ 12.010632] ? trace_preempt_on+0x20/0xc0 [ 12.010654] ? __pfx_kthread+0x10/0x10 [ 12.010675] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.010696] ? calculate_sigpending+0x7b/0xa0 [ 12.010719] ? __pfx_kthread+0x10/0x10 [ 12.010741] ret_from_fork+0x116/0x1d0 [ 12.010759] ? __pfx_kthread+0x10/0x10 [ 12.010779] ret_from_fork_asm+0x1a/0x30 [ 12.010812] </TASK> [ 12.010823] [ 12.018970] Allocated by task 154: [ 12.019185] kasan_save_stack+0x45/0x70 [ 12.019535] kasan_save_track+0x18/0x40 [ 12.019806] kasan_save_alloc_info+0x3b/0x50 [ 12.020034] __kasan_kmalloc+0xb7/0xc0 [ 12.020244] __kmalloc_cache_noprof+0x189/0x420 [ 12.020610] kmalloc_oob_right+0xa9/0x7f0 [ 12.020835] kunit_try_run_case+0x1a5/0x480 [ 12.021027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.021304] kthread+0x337/0x6f0 [ 12.021436] ret_from_fork+0x116/0x1d0 [ 12.021568] ret_from_fork_asm+0x1a/0x30 [ 12.021769] [ 12.021866] The buggy address belongs to the object at ffff88810313a300 [ 12.021866] which belongs to the cache kmalloc-128 of size 128 [ 12.022666] The buggy address is located 13 bytes to the right of [ 12.022666] allocated 115-byte region [ffff88810313a300, ffff88810313a373) [ 12.023310] [ 12.023417] The buggy address belongs to the physical page: [ 12.023695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 12.023932] flags: 0x200000000000000(node=0|zone=2) [ 12.024428] page_type: f5(slab) [ 12.024675] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.024963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.025505] page dumped because: kasan: bad access detected [ 12.025767] [ 12.025866] Memory state around the buggy address: [ 12.026101] ffff88810313a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.026436] ffff88810313a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.026741] >ffff88810313a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.027056] ^ [ 12.027272] ffff88810313a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.027605] ffff88810313a480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.027897] ================================================================== [ 11.961447] ================================================================== [ 11.962143] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.962897] Write of size 1 at addr ffff88810313a373 by task kunit_try_catch/154 [ 11.963321] [ 11.964422] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 11.964798] Tainted: [N]=TEST [ 11.964831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.965052] Call Trace: [ 11.965119] <TASK> [ 11.965268] dump_stack_lvl+0x73/0xb0 [ 11.965357] print_report+0xd1/0x610 [ 11.965388] ? __virt_addr_valid+0x1db/0x2d0 [ 11.965427] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.965448] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.965470] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.965492] kasan_report+0x141/0x180 [ 11.965514] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.965541] __asan_report_store1_noabort+0x1b/0x30 [ 11.965564] kmalloc_oob_right+0x6f0/0x7f0 [ 11.965586] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.965609] ? __schedule+0x10c6/0x2b60 [ 11.965633] ? __pfx_read_tsc+0x10/0x10 [ 11.965654] ? ktime_get_ts64+0x86/0x230 [ 11.965681] kunit_try_run_case+0x1a5/0x480 [ 11.965708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.965730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.965754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.965778] ? __kthread_parkme+0x82/0x180 [ 11.965799] ? preempt_count_sub+0x50/0x80 [ 11.965824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.965848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.965871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.965894] kthread+0x337/0x6f0 [ 11.965914] ? trace_preempt_on+0x20/0xc0 [ 11.965938] ? __pfx_kthread+0x10/0x10 [ 11.965959] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.965980] ? calculate_sigpending+0x7b/0xa0 [ 11.966005] ? __pfx_kthread+0x10/0x10 [ 11.966044] ret_from_fork+0x116/0x1d0 [ 11.966063] ? __pfx_kthread+0x10/0x10 [ 11.966084] ret_from_fork_asm+0x1a/0x30 [ 11.966147] </TASK> [ 11.966216] [ 11.973972] Allocated by task 154: [ 11.974476] kasan_save_stack+0x45/0x70 [ 11.974797] kasan_save_track+0x18/0x40 [ 11.974982] kasan_save_alloc_info+0x3b/0x50 [ 11.975264] __kasan_kmalloc+0xb7/0xc0 [ 11.975448] __kmalloc_cache_noprof+0x189/0x420 [ 11.975819] kmalloc_oob_right+0xa9/0x7f0 [ 11.976026] kunit_try_run_case+0x1a5/0x480 [ 11.976248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.976610] kthread+0x337/0x6f0 [ 11.976918] ret_from_fork+0x116/0x1d0 [ 11.977116] ret_from_fork_asm+0x1a/0x30 [ 11.977387] [ 11.977634] The buggy address belongs to the object at ffff88810313a300 [ 11.977634] which belongs to the cache kmalloc-128 of size 128 [ 11.978618] The buggy address is located 0 bytes to the right of [ 11.978618] allocated 115-byte region [ffff88810313a300, ffff88810313a373) [ 11.979053] [ 11.979208] The buggy address belongs to the physical page: [ 11.979742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10313a [ 11.980804] flags: 0x200000000000000(node=0|zone=2) [ 11.981563] page_type: f5(slab) [ 11.982239] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.982607] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.982997] page dumped because: kasan: bad access detected [ 11.983364] [ 11.983482] Memory state around the buggy address: [ 11.984112] ffff88810313a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.984549] ffff88810313a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.984928] >ffff88810313a300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.985363] ^ [ 11.985808] ffff88810313a380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986268] ffff88810313a400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986598] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 146.156763] WARNING: CPU: 0 PID: 2766 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 146.157158] Modules linked in: [ 146.157494] CPU: 0 UID: 0 PID: 2766 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 146.157899] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.158290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.158963] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 146.159249] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 146.160059] RSP: 0000:ffff888108037c78 EFLAGS: 00010286 [ 146.160507] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 146.160873] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff95e33d74 [ 146.161379] RBP: ffff888108037ca0 R08: 0000000000000000 R09: ffffed1021d514e0 [ 146.161751] R10: ffff88810ea8a707 R11: 0000000000000000 R12: ffffffff95e33d60 [ 146.162314] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888108037d38 [ 146.162724] FS: 0000000000000000(0000) GS:ffff8881c3272000(0000) knlGS:0000000000000000 [ 146.163057] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.163498] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 146.163993] DR0: ffffffff97e52440 DR1: ffffffff97e52441 DR2: ffffffff97e52443 [ 146.164322] DR3: ffffffff97e52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.164848] Call Trace: [ 146.164993] <TASK> [ 146.165109] drm_test_rect_calc_vscale+0x108/0x270 [ 146.165430] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 146.165818] ? __schedule+0x10c6/0x2b60 [ 146.166090] ? __pfx_read_tsc+0x10/0x10 [ 146.166608] ? ktime_get_ts64+0x86/0x230 [ 146.166785] kunit_try_run_case+0x1a5/0x480 [ 146.167010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.167377] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.167676] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 146.168033] ? __kthread_parkme+0x82/0x180 [ 146.168333] ? preempt_count_sub+0x50/0x80 [ 146.168652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.169109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.169413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.169729] kthread+0x337/0x6f0 [ 146.169908] ? trace_preempt_on+0x20/0xc0 [ 146.170369] ? __pfx_kthread+0x10/0x10 [ 146.170655] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.170890] ? calculate_sigpending+0x7b/0xa0 [ 146.171114] ? __pfx_kthread+0x10/0x10 [ 146.171635] ret_from_fork+0x116/0x1d0 [ 146.171839] ? __pfx_kthread+0x10/0x10 [ 146.172178] ret_from_fork_asm+0x1a/0x30 [ 146.172457] </TASK> [ 146.172649] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 146.139621] WARNING: CPU: 1 PID: 2764 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 146.140050] Modules linked in: [ 146.140464] CPU: 1 UID: 0 PID: 2764 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 146.141004] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.141378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.141762] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 146.141998] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 146.142825] RSP: 0000:ffff88810afdfc78 EFLAGS: 00010286 [ 146.143223] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 146.143638] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff95e33d3c [ 146.143923] RBP: ffff88810afdfca0 R08: 0000000000000000 R09: ffffed1021d514a0 [ 146.144376] R10: ffff88810ea8a507 R11: 0000000000000000 R12: ffffffff95e33d28 [ 146.144725] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810afdfd38 [ 146.145007] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 146.145330] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.145605] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 146.145847] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 146.146345] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.146649] Call Trace: [ 146.146754] <TASK> [ 146.146892] drm_test_rect_calc_vscale+0x108/0x270 [ 146.147111] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 146.147428] ? __schedule+0x10c6/0x2b60 [ 146.147653] ? __pfx_read_tsc+0x10/0x10 [ 146.147867] ? ktime_get_ts64+0x86/0x230 [ 146.148024] kunit_try_run_case+0x1a5/0x480 [ 146.148229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.148695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.148917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 146.149261] ? __kthread_parkme+0x82/0x180 [ 146.149468] ? preempt_count_sub+0x50/0x80 [ 146.149661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.149880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.150103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.150416] kthread+0x337/0x6f0 [ 146.150673] ? trace_preempt_on+0x20/0xc0 [ 146.150924] ? __pfx_kthread+0x10/0x10 [ 146.151063] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.151216] ? calculate_sigpending+0x7b/0xa0 [ 146.151609] ? __pfx_kthread+0x10/0x10 [ 146.151812] ret_from_fork+0x116/0x1d0 [ 146.152010] ? __pfx_kthread+0x10/0x10 [ 146.152378] ret_from_fork_asm+0x1a/0x30 [ 146.152547] </TASK> [ 146.152659] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 146.082464] WARNING: CPU: 1 PID: 2752 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 146.083491] Modules linked in: [ 146.083920] CPU: 1 UID: 0 PID: 2752 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 146.084761] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.084985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.086073] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 146.086486] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b e5 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 146.086997] RSP: 0000:ffff88810afdfc78 EFLAGS: 00010286 [ 146.087830] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 146.088733] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff95e33d40 [ 146.089506] RBP: ffff88810afdfca0 R08: 0000000000000000 R09: ffffed1021d29920 [ 146.090375] R10: ffff88810e94c907 R11: 0000000000000000 R12: ffffffff95e33d28 [ 146.091191] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810afdfd38 [ 146.091470] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 146.091714] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.091896] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 146.092392] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 146.093131] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.093861] Call Trace: [ 146.094125] <TASK> [ 146.094555] drm_test_rect_calc_hscale+0x108/0x270 [ 146.094991] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 146.095406] ? __schedule+0x10c6/0x2b60 [ 146.095679] ? __pfx_read_tsc+0x10/0x10 [ 146.096048] ? ktime_get_ts64+0x86/0x230 [ 146.096473] kunit_try_run_case+0x1a5/0x480 [ 146.096727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.096893] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.097189] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 146.097680] ? __kthread_parkme+0x82/0x180 [ 146.098065] ? preempt_count_sub+0x50/0x80 [ 146.098523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.099085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.099449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.099650] kthread+0x337/0x6f0 [ 146.099780] ? trace_preempt_on+0x20/0xc0 [ 146.099930] ? __pfx_kthread+0x10/0x10 [ 146.100101] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.100255] ? calculate_sigpending+0x7b/0xa0 [ 146.100741] ? __pfx_kthread+0x10/0x10 [ 146.100976] ret_from_fork+0x116/0x1d0 [ 146.101117] ? __pfx_kthread+0x10/0x10 [ 146.101348] ret_from_fork_asm+0x1a/0x30 [ 146.101725] </TASK> [ 146.101855] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 146.105507] WARNING: CPU: 1 PID: 2754 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 146.105894] Modules linked in: [ 146.106080] CPU: 1 UID: 0 PID: 2754 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 146.106667] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.106888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.107350] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 146.107605] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b e5 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 146.108523] RSP: 0000:ffff888108217c78 EFLAGS: 00010286 [ 146.108850] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 146.109320] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff95e33d78 [ 146.109626] RBP: ffff888108217ca0 R08: 0000000000000000 R09: ffffed1021d649e0 [ 146.109902] R10: ffff88810eb24f07 R11: 0000000000000000 R12: ffffffff95e33d60 [ 146.110262] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888108217d38 [ 146.110562] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 146.110923] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 146.111289] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 146.111710] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 146.111995] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 146.112518] Call Trace: [ 146.112667] <TASK> [ 146.112808] drm_test_rect_calc_hscale+0x108/0x270 [ 146.113071] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 146.113320] ? __schedule+0x10c6/0x2b60 [ 146.113499] ? __pfx_read_tsc+0x10/0x10 [ 146.113739] ? ktime_get_ts64+0x86/0x230 [ 146.113923] kunit_try_run_case+0x1a5/0x480 [ 146.114145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.114414] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.114624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 146.115002] ? __kthread_parkme+0x82/0x180 [ 146.115434] ? preempt_count_sub+0x50/0x80 [ 146.115657] ? __pfx_kunit_try_run_case+0x10/0x10 [ 146.115874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.116298] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.116508] kthread+0x337/0x6f0 [ 146.116673] ? trace_preempt_on+0x20/0xc0 [ 146.117149] ? __pfx_kthread+0x10/0x10 [ 146.117323] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.117481] ? calculate_sigpending+0x7b/0xa0 [ 146.117701] ? __pfx_kthread+0x10/0x10 [ 146.117896] ret_from_fork+0x116/0x1d0 [ 146.118217] ? __pfx_kthread+0x10/0x10 [ 146.118398] ret_from_fork_asm+0x1a/0x30 [ 146.118782] </TASK> [ 146.118901] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 145.457979] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 145.458405] WARNING: CPU: 1 PID: 2569 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 145.460662] Modules linked in: [ 145.461297] CPU: 1 UID: 0 PID: 2569 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.461889] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.462380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.463545] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 145.464176] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 ad 1d 80 00 48 c7 c1 20 8c de 95 4c 89 f2 48 c7 c7 e0 88 de 95 48 89 c6 e8 b4 a7 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 145.465901] RSP: 0000:ffff88810459fd18 EFLAGS: 00010286 [ 145.466263] RAX: 0000000000000000 RBX: ffff88810acb6400 RCX: 1ffffffff2d64cf0 [ 145.466665] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 145.467669] RBP: ffff88810459fd48 R08: 0000000000000000 R09: fffffbfff2d64cf0 [ 145.468507] R10: 0000000000000003 R11: 0000000000039528 R12: ffff8881060f4800 [ 145.469106] R13: ffff88810acb64f8 R14: ffff88810e64bf80 R15: ffff88810039fb40 [ 145.469872] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 145.470458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.470652] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 145.470868] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 145.471161] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.471416] Call Trace: [ 145.471591] <TASK> [ 145.471720] ? trace_preempt_on+0x20/0xc0 [ 145.471932] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 145.472123] drm_gem_shmem_free_wrapper+0x12/0x20 [ 145.472371] __kunit_action_free+0x57/0x70 [ 145.472962] kunit_remove_resource+0x133/0x200 [ 145.473243] ? preempt_count_sub+0x50/0x80 [ 145.474043] kunit_cleanup+0x7a/0x120 [ 145.474254] kunit_try_run_case_cleanup+0xbd/0xf0 [ 145.474620] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 145.474843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.475327] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.475708] kthread+0x337/0x6f0 [ 145.475995] ? trace_preempt_on+0x20/0xc0 [ 145.476418] ? __pfx_kthread+0x10/0x10 [ 145.476746] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.476934] ? calculate_sigpending+0x7b/0xa0 [ 145.477387] ? __pfx_kthread+0x10/0x10 [ 145.477655] ret_from_fork+0x116/0x1d0 [ 145.477833] ? __pfx_kthread+0x10/0x10 [ 145.478025] ret_from_fork_asm+0x1a/0x30 [ 145.478367] </TASK> [ 145.478500] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 145.319158] WARNING: CPU: 1 PID: 2550 at drivers/gpu/drm/drm_framebuffer.c:869 drm_framebuffer_init+0x49/0x8d0 [ 145.319962] Modules linked in: [ 145.320426] CPU: 1 UID: 0 PID: 2550 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.321110] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.321761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.322709] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 145.323057] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 145.324392] RSP: 0000:ffff8881045a7b20 EFLAGS: 00010246 [ 145.324772] RAX: ffff8881045a7ba8 RBX: ffff8881045a7c28 RCX: 1ffff110208b4f8e [ 145.324990] RDX: dffffc0000000000 RSI: ffff888107c99000 RDI: ffff888107c99000 [ 145.325941] RBP: ffff8881045a7b70 R08: ffff888107c99000 R09: ffffffff95dd8f60 [ 145.326610] R10: 0000000000000003 R11: 0000000052881d5b R12: 1ffff110208b4f71 [ 145.327180] R13: ffff8881045a7c70 R14: ffff8881045a7db8 R15: 0000000000000000 [ 145.327519] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 145.328237] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.328441] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 145.328661] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 145.328875] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.329108] Call Trace: [ 145.329245] <TASK> [ 145.329498] ? trace_preempt_on+0x20/0xc0 [ 145.329914] ? add_dr+0xc1/0x1d0 [ 145.330216] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 145.330820] ? add_dr+0x148/0x1d0 [ 145.332107] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 145.332386] ? __drmm_add_action+0x1a4/0x280 [ 145.332570] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.332757] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.332940] ? __drmm_add_action_or_reset+0x22/0x50 [ 145.333122] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 145.333364] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 145.333654] kunit_try_run_case+0x1a5/0x480 [ 145.333873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.334101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.335147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.335790] ? __kthread_parkme+0x82/0x180 [ 145.336651] ? preempt_count_sub+0x50/0x80 [ 145.337336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.337935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.338777] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.339611] kthread+0x337/0x6f0 [ 145.339888] ? trace_preempt_on+0x20/0xc0 [ 145.340801] ? __pfx_kthread+0x10/0x10 [ 145.341391] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.342087] ? calculate_sigpending+0x7b/0xa0 [ 145.342699] ? __pfx_kthread+0x10/0x10 [ 145.343379] ret_from_fork+0x116/0x1d0 [ 145.343833] ? __pfx_kthread+0x10/0x10 [ 145.344605] ret_from_fork_asm+0x1a/0x30 [ 145.345242] </TASK> [ 145.345860] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 145.284349] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 145.284478] WARNING: CPU: 0 PID: 2546 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 145.285941] Modules linked in: [ 145.286254] CPU: 0 UID: 0 PID: 2546 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.287318] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.287697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.287970] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 145.288674] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 2b 44 87 00 48 c7 c1 00 3a dd 95 4c 89 fa 48 c7 c7 60 3a dd 95 48 89 c6 e8 32 ce 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 145.289671] RSP: 0000:ffff888107d87b68 EFLAGS: 00010282 [ 145.289908] RAX: 0000000000000000 RBX: ffff888107d87c40 RCX: 1ffffffff2d64cf0 [ 145.290214] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 145.290541] RBP: ffff888107d87b90 R08: 0000000000000000 R09: fffffbfff2d64cf0 [ 145.290824] R10: 0000000000000003 R11: 0000000000037b70 R12: ffff888107d87c18 [ 145.291113] R13: ffff88810f1e0800 R14: ffff88810f200000 R15: ffff88810e5ad400 [ 145.291545] FS: 0000000000000000(0000) GS:ffff8881c3272000(0000) knlGS:0000000000000000 [ 145.291854] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.292163] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 145.292440] DR0: ffffffff97e52440 DR1: ffffffff97e52441 DR2: ffffffff97e52443 [ 145.292798] DR3: ffffffff97e52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.293092] Call Trace: [ 145.293431] <TASK> [ 145.293575] drm_test_framebuffer_free+0x1ab/0x610 [ 145.293818] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 145.294145] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.294417] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.294674] ? __drmm_add_action_or_reset+0x22/0x50 [ 145.294901] ? __schedule+0x10c6/0x2b60 [ 145.295134] ? __pfx_read_tsc+0x10/0x10 [ 145.295415] ? ktime_get_ts64+0x86/0x230 [ 145.295731] kunit_try_run_case+0x1a5/0x480 [ 145.296118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.296354] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.297186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.297430] ? __kthread_parkme+0x82/0x180 [ 145.297782] ? preempt_count_sub+0x50/0x80 [ 145.297976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.298490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.298852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.299317] kthread+0x337/0x6f0 [ 145.299691] ? trace_preempt_on+0x20/0xc0 [ 145.299874] ? __pfx_kthread+0x10/0x10 [ 145.300327] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.300650] ? calculate_sigpending+0x7b/0xa0 [ 145.300933] ? __pfx_kthread+0x10/0x10 [ 145.301453] ret_from_fork+0x116/0x1d0 [ 145.301661] ? __pfx_kthread+0x10/0x10 [ 145.301807] ret_from_fork_asm+0x1a/0x30 [ 145.302116] </TASK> [ 145.302259] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 143.980225] WARNING: CPU: 1 PID: 1976 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 143.980606] Modules linked in: [ 143.981085] CPU: 1 UID: 0 PID: 1976 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 143.982413] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 143.983167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 143.984922] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 143.985346] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 36 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 143.986695] RSP: 0000:ffff88810e6e7c90 EFLAGS: 00010246 [ 143.987330] RAX: dffffc0000000000 RBX: ffff88810e6ce000 RCX: 0000000000000000 [ 143.988092] RDX: 1ffff11021cd9c32 RSI: ffffffff93007878 RDI: ffff88810e6ce190 [ 143.988638] RBP: ffff88810e6e7ca0 R08: 1ffff11020073f69 R09: ffffed1021cdcf65 [ 143.989140] R10: 0000000000000003 R11: ffffffff92585968 R12: 0000000000000000 [ 143.989669] R13: ffff88810e6e7d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 143.989888] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 143.990427] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.991041] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 143.991788] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 143.992511] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 143.992814] Call Trace: [ 143.993119] <TASK> [ 143.993430] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 143.994140] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 143.994405] ? __schedule+0x10c6/0x2b60 [ 143.994784] ? __pfx_read_tsc+0x10/0x10 [ 143.995248] ? ktime_get_ts64+0x86/0x230 [ 143.995767] kunit_try_run_case+0x1a5/0x480 [ 143.996284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.996736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 143.997197] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 143.997391] ? __kthread_parkme+0x82/0x180 [ 143.997698] ? preempt_count_sub+0x50/0x80 [ 143.998092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.998645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 143.999135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 143.999591] kthread+0x337/0x6f0 [ 143.999909] ? trace_preempt_on+0x20/0xc0 [ 144.000157] ? __pfx_kthread+0x10/0x10 [ 144.000538] ? _raw_spin_unlock_irq+0x47/0x80 [ 144.001090] ? calculate_sigpending+0x7b/0xa0 [ 144.001394] ? __pfx_kthread+0x10/0x10 [ 144.001676] ret_from_fork+0x116/0x1d0 [ 144.002055] ? __pfx_kthread+0x10/0x10 [ 144.002365] ret_from_fork_asm+0x1a/0x30 [ 144.002620] </TASK> [ 144.002838] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 144.062140] WARNING: CPU: 1 PID: 1984 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 144.062510] Modules linked in: [ 144.062677] CPU: 1 UID: 0 PID: 1984 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 144.063009] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 144.063189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 144.063882] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 144.064956] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 36 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 144.066360] RSP: 0000:ffff88810e6e7c90 EFLAGS: 00010246 [ 144.066887] RAX: dffffc0000000000 RBX: ffff88810e4e4000 RCX: 0000000000000000 [ 144.067434] RDX: 1ffff11021c9c832 RSI: ffffffff93007878 RDI: ffff88810e4e4190 [ 144.068124] RBP: ffff88810e6e7ca0 R08: 1ffff11020073f69 R09: ffffed1021cdcf65 [ 144.068565] R10: 0000000000000003 R11: ffffffff92585968 R12: 0000000000000000 [ 144.068948] R13: ffff88810e6e7d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 144.069619] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 144.070095] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.070621] CR2: 00007ffff7ffe000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 144.070832] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 144.071164] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 144.071812] Call Trace: [ 144.072137] <TASK> [ 144.072404] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 144.073087] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 144.073469] ? __schedule+0x10c6/0x2b60 [ 144.073861] ? __pfx_read_tsc+0x10/0x10 [ 144.074318] ? ktime_get_ts64+0x86/0x230 [ 144.074625] kunit_try_run_case+0x1a5/0x480 [ 144.074892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 144.075234] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 144.075709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 144.076154] ? __kthread_parkme+0x82/0x180 [ 144.076327] ? preempt_count_sub+0x50/0x80 [ 144.076556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 144.077079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 144.077636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 144.078246] kthread+0x337/0x6f0 [ 144.078560] ? trace_preempt_on+0x20/0xc0 [ 144.078718] ? __pfx_kthread+0x10/0x10 [ 144.078860] ? _raw_spin_unlock_irq+0x47/0x80 [ 144.079085] ? calculate_sigpending+0x7b/0xa0 [ 144.079572] ? __pfx_kthread+0x10/0x10 [ 144.079959] ret_from_fork+0x116/0x1d0 [ 144.080386] ? __pfx_kthread+0x10/0x10 [ 144.080801] ret_from_fork_asm+0x1a/0x30 [ 144.081255] </TASK> [ 144.081536] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 113.847260] WARNING: CPU: 1 PID: 674 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 113.848149] Modules linked in: [ 113.848557] CPU: 1 UID: 0 PID: 674 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 113.848957] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 113.849780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 113.850833] RIP: 0010:intlog10+0x2a/0x40 [ 113.851449] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 87 b9 86 02 90 <0f> 0b 90 31 c0 e9 7c b9 86 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 113.852988] RSP: 0000:ffff88810c36fcb0 EFLAGS: 00010246 [ 113.853196] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff1102186dfb4 [ 113.853576] RDX: 1ffffffff2b92dec RSI: 1ffff1102186dfb3 RDI: 0000000000000000 [ 113.854517] RBP: ffff88810c36fd60 R08: 0000000000000000 R09: ffffed10206258e0 [ 113.854734] R10: ffff88810312c707 R11: 0000000000000000 R12: 1ffff1102186df97 [ 113.854944] R13: ffffffff95c96f60 R14: 0000000000000000 R15: ffff88810c36fd38 [ 113.855839] FS: 0000000000000000(0000) GS:ffff8881c3372000(0000) knlGS:0000000000000000 [ 113.856782] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.857615] CR2: dffffc0000000000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 113.858660] DR0: ffffffff97e52444 DR1: ffffffff97e52449 DR2: ffffffff97e5244a [ 113.859635] DR3: ffffffff97e5244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 113.859995] Call Trace: [ 113.860466] <TASK> [ 113.860826] ? intlog10_test+0xf2/0x220 [ 113.861412] ? __pfx_intlog10_test+0x10/0x10 [ 113.861847] ? __schedule+0x10c6/0x2b60 [ 113.862010] ? __pfx_read_tsc+0x10/0x10 [ 113.862688] ? ktime_get_ts64+0x86/0x230 [ 113.863373] kunit_try_run_case+0x1a5/0x480 [ 113.863947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.864709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 113.865060] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 113.865651] ? __kthread_parkme+0x82/0x180 [ 113.866334] ? preempt_count_sub+0x50/0x80 [ 113.866677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.866848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 113.867119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 113.867857] kthread+0x337/0x6f0 [ 113.868398] ? trace_preempt_on+0x20/0xc0 [ 113.868883] ? __pfx_kthread+0x10/0x10 [ 113.869283] ? _raw_spin_unlock_irq+0x47/0x80 [ 113.869603] ? calculate_sigpending+0x7b/0xa0 [ 113.869768] ? __pfx_kthread+0x10/0x10 [ 113.869911] ret_from_fork+0x116/0x1d0 [ 113.870239] ? __pfx_kthread+0x10/0x10 [ 113.870673] ret_from_fork_asm+0x1a/0x30 [ 113.871130] </TASK> [ 113.871391] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 113.800835] WARNING: CPU: 0 PID: 656 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 113.802240] Modules linked in: [ 113.802874] CPU: 0 UID: 0 PID: 656 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 113.803999] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 113.804584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 113.804888] RIP: 0010:intlog2+0xdf/0x110 [ 113.805459] Code: c9 95 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 5f c7 55 ff 8b 45 e4 eb [ 113.807412] RSP: 0000:ffff88810c98fcb0 EFLAGS: 00010246 [ 113.808229] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021931fb4 [ 113.808756] RDX: 1ffffffff2b92e40 RSI: 1ffff11021931fb3 RDI: 0000000000000000 [ 113.808986] RBP: ffff88810c98fd60 R08: 0000000000000000 R09: ffffed10202ed8c0 [ 113.810000] R10: ffff88810176c607 R11: 0000000000000000 R12: 1ffff11021931f97 [ 113.810863] R13: ffffffff95c97200 R14: 0000000000000000 R15: ffff88810c98fd38 [ 113.811501] FS: 0000000000000000(0000) GS:ffff8881c3272000(0000) knlGS:0000000000000000 [ 113.811753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.811937] CR2: ffff88815a930000 CR3: 00000000228bc000 CR4: 00000000000006f0 [ 113.812926] DR0: ffffffff97e52440 DR1: ffffffff97e52441 DR2: ffffffff97e52443 [ 113.813930] DR3: ffffffff97e52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 113.814799] Call Trace: [ 113.815342] <TASK> [ 113.815783] ? intlog2_test+0xf2/0x220 [ 113.816508] ? __pfx_intlog2_test+0x10/0x10 [ 113.816949] ? __schedule+0x10c6/0x2b60 [ 113.817398] ? __pfx_read_tsc+0x10/0x10 [ 113.818009] ? ktime_get_ts64+0x86/0x230 [ 113.818558] kunit_try_run_case+0x1a5/0x480 [ 113.819182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.819393] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 113.819581] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 113.819771] ? __kthread_parkme+0x82/0x180 [ 113.820207] ? preempt_count_sub+0x50/0x80 [ 113.820724] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.821194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 113.821812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 113.822452] kthread+0x337/0x6f0 [ 113.822829] ? trace_preempt_on+0x20/0xc0 [ 113.822983] ? __pfx_kthread+0x10/0x10 [ 113.823280] ? _raw_spin_unlock_irq+0x47/0x80 [ 113.823720] ? calculate_sigpending+0x7b/0xa0 [ 113.824310] ? __pfx_kthread+0x10/0x10 [ 113.824773] ret_from_fork+0x116/0x1d0 [ 113.825206] ? __pfx_kthread+0x10/0x10 [ 113.825540] ret_from_fork_asm+0x1a/0x30 [ 113.825823] </TASK> [ 113.826020] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 113.236634] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI