Date
July 15, 2025, 2:10 p.m.
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmem_cache_double_destroy
[ 31.990770] ================================================================== [ 31.991392] BUG: KASAN: use-after-free in kmem_cache_double_destroy+0xc2/0x1b0 [ 31.992758] Read of size 1 at addr ffff888101a45500 by task kunit_try_catch/265 [ 31.994082] [ 31.994348] CPU: 1 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.994741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.995049] Call Trace: [ 31.995185] <TASK> [ 31.995334] dump_stack_lvl+0x49/0x62 [ 31.995582] print_report+0x189/0x492 [ 31.995789] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.996081] ? kmem_cache_double_destroy+0xc2/0x1b0 [ 31.996913] kasan_report+0x10c/0x190 [ 31.997237] ? kmem_cache_double_destroy+0xc2/0x1b0 [ 31.997578] ? kmem_cache_double_destroy+0xc2/0x1b0 [ 31.997882] __kasan_check_byte+0x39/0x50 [ 31.998206] kmem_cache_destroy+0x21/0x170 [ 31.998436] kmem_cache_double_destroy+0xc2/0x1b0 [ 31.998790] ? kasan_memchr+0x1e0/0x1e0 [ 31.999099] ? __kunit_add_resource+0xd1/0x100 [ 31.999342] ? kasan_test_init+0x13e/0x1b0 [ 31.999716] kunit_try_run_case+0x8f/0xd0 [ 32.000249] ? kunit_catch_run_case+0x80/0x80 [ 32.000624] ? kunit_try_catch_throw+0x40/0x40 [ 32.000981] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.001343] kthread+0x17b/0x1b0 [ 32.001774] ? kthread_complete_and_exit+0x30/0x30 [ 32.002108] ret_from_fork+0x22/0x30 [ 32.002458] </TASK> [ 32.002595] [ 32.002706] Allocated by task 265: [ 32.002899] kasan_save_stack+0x41/0x70 [ 32.003184] kasan_set_track+0x25/0x40 [ 32.003401] kasan_save_alloc_info+0x1e/0x30 [ 32.003681] __kasan_slab_alloc+0x90/0xa0 [ 32.004095] kmem_cache_alloc+0x150/0x370 [ 32.004405] kmem_cache_create_usercopy+0x120/0x290 [ 32.004609] kmem_cache_create+0x16/0x20 [ 32.004836] kmem_cache_double_destroy+0x93/0x1b0 [ 32.005284] kunit_try_run_case+0x8f/0xd0 [ 32.005673] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.006026] kthread+0x17b/0x1b0 [ 32.006299] ret_from_fork+0x22/0x30 [ 32.006908] [ 32.007118] Freed by task 265: [ 32.007398] kasan_save_stack+0x41/0x70 [ 32.007834] kasan_set_track+0x25/0x40 [ 32.008019] kasan_save_free_info+0x2e/0x50 [ 32.008214] ____kasan_slab_free+0x175/0x1d0 [ 32.008671] __kasan_slab_free+0x12/0x20 [ 32.009142] kmem_cache_free+0x19c/0x4a0 [ 32.009734] slab_kmem_cache_release+0x2a/0x40 [ 32.010235] kmem_cache_release+0x12/0x20 [ 32.010934] kobject_put+0xf2/0x250 [ 32.011412] sysfs_slab_release+0x20/0x30 [ 32.011925] kmem_cache_destroy+0xce/0x170 [ 32.012326] kmem_cache_double_destroy+0xab/0x1b0 [ 32.012787] kunit_try_run_case+0x8f/0xd0 [ 32.012983] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.013232] kthread+0x17b/0x1b0 [ 32.013449] ret_from_fork+0x22/0x30 [ 32.013817] [ 32.013939] The buggy address belongs to the object at ffff888101a45500 [ 32.013939] which belongs to the cache kmem_cache of size 216 [ 32.015409] The buggy address is located 0 bytes inside of [ 32.015409] 216-byte region [ffff888101a45500, ffff888101a455d8) [ 32.016068] [ 32.016188] The buggy address belongs to the physical page: [ 32.016628] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a45 [ 32.017152] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.017719] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041000 [ 32.018089] raw: 0000000000000000 00000000800c000c 00000001ffffffff 0000000000000000 [ 32.018663] page dumped because: kasan: bad access detected [ 32.019030] [ 32.019155] Memory state around the buggy address: [ 32.019583] ffff888101a45400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 32.020251] ffff888101a45480: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.020853] >ffff888101a45500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 32.021371] ^ [ 32.021746] ffff888101a45580: fb fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc [ 32.022210] ffff888101a45600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.022764] ==================================================================
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 65.599564] BUG: kernel NULL pointer dereference, address: 0000000000000000
Failure - log-parser-boot - oops-oops-preempt-smp-kasan-pti
[ 65.601205] Oops: 0010 [#1] PREEMPT SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 63.882563] ================================================================== [ 63.883024] BUG: KFENCE: use-after-free read in test_krealloc+0x413/0x4a6 [ 63.883024] [ 63.883598] Use-after-free read at 0x(____ptrval____) (in kfence-#158): [ 63.884449] test_krealloc+0x413/0x4a6 [ 63.884818] kunit_try_run_case+0x8f/0xd0 [ 63.885201] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 63.885636] kthread+0x17b/0x1b0 [ 63.885967] ret_from_fork+0x22/0x30 [ 63.886324] [ 63.886548] kfence-#158: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 63.886548] [ 63.887016] allocated by task 302 on cpu 0 at 63.881811s: [ 63.887693] test_alloc+0x21e/0x7f3 [ 63.887931] test_krealloc+0xb0/0x4a6 [ 63.888275] kunit_try_run_case+0x8f/0xd0 [ 63.888637] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 63.889039] kthread+0x17b/0x1b0 [ 63.889387] ret_from_fork+0x22/0x30 [ 63.889718] [ 63.889931] freed by task 302 on cpu 0 at 63.882115s: [ 63.890415] krealloc+0x85/0x140 [ 63.890622] test_krealloc+0x18c/0x4a6 [ 63.891014] kunit_try_run_case+0x8f/0xd0 [ 63.891287] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 63.891730] kthread+0x17b/0x1b0 [ 63.891932] ret_from_fork+0x22/0x30 [ 63.892150] [ 63.892474] CPU: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 63.892899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.893460] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcucold
[ 63.783783] ================================================================== [ 63.784243] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu.cold+0xd5/0x20e [ 63.784243] [ 63.784775] Use-after-free read at 0x(____ptrval____) (in kfence-#157): [ 63.785140] test_memcache_typesafe_by_rcu.cold+0xd5/0x20e [ 63.785517] kunit_try_run_case+0x8f/0xd0 [ 63.785742] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 63.786040] kthread+0x17b/0x1b0 [ 63.786256] ret_from_fork+0x22/0x30 [ 63.786496] [ 63.786637] kfence-#157: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 63.786637] [ 63.786978] allocated by task 301 on cpu 1 at 63.777917s: [ 63.787617] test_alloc+0x20d/0x7f3 [ 63.787882] test_memcache_typesafe_by_rcu.cold+0x2d/0x20e [ 63.788173] kunit_try_run_case+0x8f/0xd0 [ 63.788373] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 63.788630] kthread+0x17b/0x1b0 [ 63.788844] ret_from_fork+0x22/0x30 [ 63.789073] [ 63.789199] freed by task 0 on cpu 1 at 63.783478s: [ 63.789715] rcu_guarded_free+0x2a/0x40 [ 63.789938] rcu_core+0x4d4/0x1050 [ 63.790150] rcu_core_si+0xe/0x20 [ 63.790341] handle_softirqs+0x18f/0x4b0 [ 63.790546] __irq_exit_rcu+0xb7/0xf0 [ 63.790773] irq_exit_rcu+0xe/0x20 [ 63.790943] sysvec_apic_timer_interrupt+0x7c/0xa0 [ 63.791223] asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 63.791460] default_idle+0x14/0x20 [ 63.791661] arch_cpu_idle+0x15/0x20 [ 63.791887] default_idle_call+0x73/0x190 [ 63.792116] do_idle+0x363/0x420 [ 63.792283] cpu_startup_entry+0x38/0x40 [ 63.792623] start_secondary+0x1d2/0x1f0 [ 63.792955] secondary_startup_64_no_verify+0xe0/0xeb [ 63.793490] [ 63.793625] CPU: 1 PID: 301 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 63.794024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 63.794461] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 40.805736] ================================================================== [ 40.806378] BUG: KFENCE: invalid read in test_invalid_access+0xb6/0x150 [ 40.806378] [ 40.806909] Invalid read at 0x(____ptrval____): [ 40.807208] test_invalid_access+0xb6/0x150 [ 40.807515] kunit_try_run_case+0x8f/0xd0 [ 40.807721] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 40.808042] kthread+0x17b/0x1b0 [ 40.808296] ret_from_fork+0x22/0x30 [ 40.808538] [ 40.808670] CPU: 1 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 40.809094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 40.809573] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 40.586343] ================================================================== [ 40.586802] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x128/0x1a5 [ 40.586802] [ 40.587430] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . ] (in kfence-#153): [ 40.587980] test_kmalloc_aligned_oob_write+0x128/0x1a5 [ 40.588325] kunit_try_run_case+0x8f/0xd0 [ 40.588622] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 40.588962] kthread+0x17b/0x1b0 [ 40.589139] ret_from_fork+0x22/0x30 [ 40.589332] [ 40.589451] kfence-#153: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 40.589451] [ 40.589992] allocated by task 296 on cpu 1 at 40.585906s: [ 40.590392] test_alloc+0x21e/0x7f3 [ 40.590677] test_kmalloc_aligned_oob_write+0xaa/0x1a5 [ 40.590964] kunit_try_run_case+0x8f/0xd0 [ 40.591266] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 40.591572] kthread+0x17b/0x1b0 [ 40.591812] ret_from_fork+0x22/0x30 [ 40.592056] [ 40.592168] freed by task 296 on cpu 1 at 40.586111s: [ 40.592551] test_kmalloc_aligned_oob_write+0x128/0x1a5 [ 40.592874] kunit_try_run_case+0x8f/0xd0 [ 40.593167] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 40.593535] kthread+0x17b/0x1b0 [ 40.593699] ret_from_fork+0x22/0x30 [ 40.593971] [ 40.594119] CPU: 1 PID: 296 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 40.594623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 40.595056] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 40.170013] ================================================================== [ 40.170700] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x180/0x221 [ 40.170700] [ 40.171222] Out-of-bounds read at 0x(____ptrval____) (81B right of kfence-#149): [ 40.171637] test_kmalloc_aligned_oob_read+0x180/0x221 [ 40.171952] kunit_try_run_case+0x8f/0xd0 [ 40.172223] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 40.172523] kthread+0x17b/0x1b0 [ 40.172763] ret_from_fork+0x22/0x30 [ 40.172987] [ 40.173123] kfence-#149: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 40.173123] [ 40.173598] allocated by task 295 on cpu 0 at 40.169780s: [ 40.173898] test_alloc+0x21e/0x7f3 [ 40.174130] test_kmalloc_aligned_oob_read+0xca/0x221 [ 40.174734] kunit_try_run_case+0x8f/0xd0 [ 40.175441] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 40.175925] kthread+0x17b/0x1b0 [ 40.176258] ret_from_fork+0x22/0x30 [ 40.176597] [ 40.176822] CPU: 0 PID: 295 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 40.177404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 40.177976] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 34.658243] ================================================================== [ 34.658711] BUG: KFENCE: memory corruption in test_corruption+0x105/0x211 [ 34.658711] [ 34.659514] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#96): [ 34.660732] test_corruption+0x105/0x211 [ 34.661101] kunit_try_run_case+0x8f/0xd0 [ 34.661479] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.661795] kthread+0x17b/0x1b0 [ 34.662000] ret_from_fork+0x22/0x30 [ 34.662239] [ 34.662387] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 34.662387] [ 34.662843] allocated by task 289 on cpu 0 at 34.657858s: [ 34.663569] test_alloc+0x21e/0x7f3 [ 34.663804] test_corruption+0xd2/0x211 [ 34.664027] kunit_try_run_case+0x8f/0xd0 [ 34.664434] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.664823] kthread+0x17b/0x1b0 [ 34.665101] ret_from_fork+0x22/0x30 [ 34.665453] [ 34.665665] freed by task 289 on cpu 0 at 34.658041s: [ 34.666066] test_corruption+0x105/0x211 [ 34.666440] kunit_try_run_case+0x8f/0xd0 [ 34.666754] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.667126] kthread+0x17b/0x1b0 [ 34.667511] ret_from_fork+0x22/0x30 [ 34.667820] [ 34.668015] CPU: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.668567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.669095] ================================================================== [ 35.282140] ================================================================== [ 35.282633] BUG: KFENCE: memory corruption in test_corruption+0x187/0x211 [ 35.282633] [ 35.283071] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#102): [ 35.283868] test_corruption+0x187/0x211 [ 35.284150] kunit_try_run_case+0x8f/0xd0 [ 35.284719] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 35.285032] kthread+0x17b/0x1b0 [ 35.285496] ret_from_fork+0x22/0x30 [ 35.285728] [ 35.285851] kfence-#102: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 35.285851] [ 35.286299] allocated by task 290 on cpu 1 at 35.281785s: [ 35.286579] test_alloc+0x20d/0x7f3 [ 35.286808] test_corruption+0x15e/0x211 [ 35.287033] kunit_try_run_case+0x8f/0xd0 [ 35.287238] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 35.287680] kthread+0x17b/0x1b0 [ 35.287889] ret_from_fork+0x22/0x30 [ 35.288097] [ 35.288223] freed by task 290 on cpu 1 at 35.281941s: [ 35.288562] test_corruption+0x187/0x211 [ 35.288785] kunit_try_run_case+0x8f/0xd0 [ 35.289022] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 35.289372] kthread+0x17b/0x1b0 [ 35.289544] ret_from_fork+0x22/0x30 [ 35.289770] [ 35.289888] CPU: 1 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 35.290309] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 35.290652] ================================================================== [ 34.970193] ================================================================== [ 34.970647] BUG: KFENCE: memory corruption in test_corruption+0xfb/0x211 [ 34.970647] [ 34.971067] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#99): [ 34.972416] test_corruption+0xfb/0x211 [ 34.972791] kunit_try_run_case+0x8f/0xd0 [ 34.973154] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.973589] kthread+0x17b/0x1b0 [ 34.973893] ret_from_fork+0x22/0x30 [ 34.974117] [ 34.974230] kfence-#99: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.974230] [ 34.974891] allocated by task 290 on cpu 1 at 34.969890s: [ 34.975422] test_alloc+0x20d/0x7f3 [ 34.975724] test_corruption+0xd2/0x211 [ 34.976030] kunit_try_run_case+0x8f/0xd0 [ 34.976272] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.976700] kthread+0x17b/0x1b0 [ 34.976922] ret_from_fork+0x22/0x30 [ 34.977151] [ 34.977456] freed by task 290 on cpu 1 at 34.970059s: [ 34.977761] test_corruption+0xfb/0x211 [ 34.978086] kunit_try_run_case+0x8f/0xd0 [ 34.978418] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.978709] kthread+0x17b/0x1b0 [ 34.978902] ret_from_fork+0x22/0x30 [ 34.979114] [ 34.979478] CPU: 1 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.979986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.980543] ================================================================== [ 34.762362] ================================================================== [ 34.762808] BUG: KFENCE: memory corruption in test_corruption+0x191/0x211 [ 34.762808] [ 34.763248] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#97): [ 34.763893] test_corruption+0x191/0x211 [ 34.764176] kunit_try_run_case+0x8f/0xd0 [ 34.764778] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.765201] kthread+0x17b/0x1b0 [ 34.765521] ret_from_fork+0x22/0x30 [ 34.765835] [ 34.766030] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 34.766030] [ 34.766577] allocated by task 289 on cpu 0 at 34.761899s: [ 34.767028] test_alloc+0x21e/0x7f3 [ 34.767376] test_corruption+0x15e/0x211 [ 34.767605] kunit_try_run_case+0x8f/0xd0 [ 34.767845] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.768134] kthread+0x17b/0x1b0 [ 34.768652] ret_from_fork+0x22/0x30 [ 34.768874] [ 34.768976] freed by task 289 on cpu 0 at 34.762080s: [ 34.769472] test_corruption+0x191/0x211 [ 34.769825] kunit_try_run_case+0x8f/0xd0 [ 34.770062] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.770492] kthread+0x17b/0x1b0 [ 34.770771] ret_from_fork+0x22/0x30 [ 34.771063] [ 34.771216] CPU: 0 PID: 289 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.771773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.772184] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 34.554093] ================================================================== [ 34.554724] BUG: KFENCE: invalid free in test_invalid_addr_free+0xe7/0x190 [ 34.554724] [ 34.555173] Invalid free of 0x(____ptrval____) (in kfence-#95): [ 34.555459] test_invalid_addr_free+0xe7/0x190 [ 34.555737] kunit_try_run_case+0x8f/0xd0 [ 34.555967] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.556302] kthread+0x17b/0x1b0 [ 34.556785] ret_from_fork+0x22/0x30 [ 34.557001] [ 34.557096] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.557096] [ 34.558274] allocated by task 288 on cpu 0 at 34.553844s: [ 34.558593] test_alloc+0x20d/0x7f3 [ 34.558927] test_invalid_addr_free+0xc7/0x190 [ 34.559267] kunit_try_run_case+0x8f/0xd0 [ 34.559469] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.559707] kthread+0x17b/0x1b0 [ 34.560204] ret_from_fork+0x22/0x30 [ 34.560448] [ 34.560797] CPU: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.561131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.561465] ================================================================== [ 34.450114] ================================================================== [ 34.450694] BUG: KFENCE: invalid free in test_invalid_addr_free+0xf1/0x190 [ 34.450694] [ 34.451131] Invalid free of 0x(____ptrval____) (in kfence-#94): [ 34.451824] test_invalid_addr_free+0xf1/0x190 [ 34.452117] kunit_try_run_case+0x8f/0xd0 [ 34.452747] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.453069] kthread+0x17b/0x1b0 [ 34.453301] ret_from_fork+0x22/0x30 [ 34.453527] [ 34.453631] kfence-#94: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 34.453631] [ 34.454096] allocated by task 287 on cpu 0 at 34.449827s: [ 34.454879] test_alloc+0x21e/0x7f3 [ 34.455127] test_invalid_addr_free+0xc7/0x190 [ 34.455513] kunit_try_run_case+0x8f/0xd0 [ 34.455859] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.456259] kthread+0x17b/0x1b0 [ 34.456552] ret_from_fork+0x22/0x30 [ 34.456852] [ 34.457064] CPU: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.457632] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.458189] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 34.242272] ================================================================== [ 34.242813] BUG: KFENCE: invalid free in test_double_free+0x10a/0x187 [ 34.242813] [ 34.243372] Invalid free of 0x(____ptrval____) (in kfence-#92): [ 34.243787] test_double_free+0x10a/0x187 [ 34.244045] kunit_try_run_case+0x8f/0xd0 [ 34.244264] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.244693] kthread+0x17b/0x1b0 [ 34.244970] ret_from_fork+0x22/0x30 [ 34.245221] [ 34.245358] kfence-#92: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 34.245358] [ 34.245753] allocated by task 285 on cpu 0 at 34.241776s: [ 34.246141] test_alloc+0x21e/0x7f3 [ 34.246474] test_double_free+0xc7/0x187 [ 34.246704] kunit_try_run_case+0x8f/0xd0 [ 34.246939] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.247227] kthread+0x17b/0x1b0 [ 34.247940] ret_from_fork+0x22/0x30 [ 34.248222] [ 34.248433] freed by task 285 on cpu 0 at 34.241934s: [ 34.248814] test_double_free+0xec/0x187 [ 34.249137] kunit_try_run_case+0x8f/0xd0 [ 34.249528] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.249835] kthread+0x17b/0x1b0 [ 34.250048] ret_from_fork+0x22/0x30 [ 34.250491] [ 34.250694] CPU: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.251208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.251728] ================================================================== [ 34.346278] ================================================================== [ 34.346733] BUG: KFENCE: invalid free in test_double_free+0x100/0x187 [ 34.346733] [ 34.347118] Invalid free of 0x(____ptrval____) (in kfence-#93): [ 34.347460] test_double_free+0x100/0x187 [ 34.348223] kunit_try_run_case+0x8f/0xd0 [ 34.348497] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.348791] kthread+0x17b/0x1b0 [ 34.348997] ret_from_fork+0x22/0x30 [ 34.349232] [ 34.349716] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.349716] [ 34.350245] allocated by task 286 on cpu 0 at 34.345862s: [ 34.350753] test_alloc+0x20d/0x7f3 [ 34.350977] test_double_free+0xc7/0x187 [ 34.351213] kunit_try_run_case+0x8f/0xd0 [ 34.351448] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.351727] kthread+0x17b/0x1b0 [ 34.351919] ret_from_fork+0x22/0x30 [ 34.352124] [ 34.352638] freed by task 286 on cpu 0 at 34.346021s: [ 34.353036] test_double_free+0xe2/0x187 [ 34.353463] kunit_try_run_case+0x8f/0xd0 [ 34.353782] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.354153] kthread+0x17b/0x1b0 [ 34.354488] ret_from_fork+0x22/0x30 [ 34.354787] [ 34.354985] CPU: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.355493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.355986] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 34.034197] ================================================================== [ 34.034717] BUG: KFENCE: use-after-free read in test_use_after_free_read+0xf8/0x174 [ 34.034717] [ 34.035238] Use-after-free read at 0x(____ptrval____) (in kfence-#90): [ 34.036050] test_use_after_free_read+0xf8/0x174 [ 34.036585] kunit_try_run_case+0x8f/0xd0 [ 34.036838] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.037128] kthread+0x17b/0x1b0 [ 34.037344] ret_from_fork+0x22/0x30 [ 34.037650] [ 34.037784] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 34.037784] [ 34.038236] allocated by task 283 on cpu 0 at 34.033796s: [ 34.038629] test_alloc+0x21e/0x7f3 [ 34.038875] test_use_after_free_read+0xc7/0x174 [ 34.039126] kunit_try_run_case+0x8f/0xd0 [ 34.039784] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.040039] kthread+0x17b/0x1b0 [ 34.040216] ret_from_fork+0x22/0x30 [ 34.040411] [ 34.040555] freed by task 283 on cpu 0 at 34.033963s: [ 34.040872] test_use_after_free_read+0xec/0x174 [ 34.041094] kunit_try_run_case+0x8f/0xd0 [ 34.041424] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.041724] kthread+0x17b/0x1b0 [ 34.041940] ret_from_fork+0x22/0x30 [ 34.042195] [ 34.042335] CPU: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.043678] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.044137] ================================================================== [ 34.138142] ================================================================== [ 34.138770] BUG: KFENCE: use-after-free read in test_use_after_free_read+0xf8/0x174 [ 34.138770] [ 34.139282] Use-after-free read at 0x(____ptrval____) (in kfence-#91): [ 34.139566] test_use_after_free_read+0xf8/0x174 [ 34.139869] kunit_try_run_case+0x8f/0xd0 [ 34.140112] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.140406] kthread+0x17b/0x1b0 [ 34.140692] ret_from_fork+0x22/0x30 [ 34.140898] [ 34.141019] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 34.141019] [ 34.141527] allocated by task 284 on cpu 1 at 34.137819s: [ 34.141793] test_alloc+0x20d/0x7f3 [ 34.142025] test_use_after_free_read+0xc7/0x174 [ 34.142302] kunit_try_run_case+0x8f/0xd0 [ 34.142553] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.142843] kthread+0x17b/0x1b0 [ 34.143012] ret_from_fork+0x22/0x30 [ 34.143236] [ 34.143365] freed by task 284 on cpu 1 at 34.137963s: [ 34.143715] test_use_after_free_read+0xe2/0x174 [ 34.143929] kunit_try_run_case+0x8f/0xd0 [ 34.144130] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 34.144556] kthread+0x17b/0x1b0 [ 34.144768] ret_from_fork+0x22/0x30 [ 34.144968] [ 34.145101] CPU: 1 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 34.145542] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 34.145987] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 33.929893] ================================================================== [ 33.930468] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0xd6/0x177 [ 33.930468] [ 33.931338] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#89): [ 33.931740] test_out_of_bounds_write+0xd6/0x177 [ 33.932016] kunit_try_run_case+0x8f/0xd0 [ 33.932239] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.932762] kthread+0x17b/0x1b0 [ 33.933029] ret_from_fork+0x22/0x30 [ 33.933248] [ 33.933425] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.933425] [ 33.933854] allocated by task 282 on cpu 1 at 33.929746s: [ 33.934232] test_alloc+0x20d/0x7f3 [ 33.934479] test_out_of_bounds_write+0xc6/0x177 [ 33.934780] kunit_try_run_case+0x8f/0xd0 [ 33.935034] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.935434] kthread+0x17b/0x1b0 [ 33.935675] ret_from_fork+0x22/0x30 [ 33.935899] [ 33.936073] CPU: 1 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 33.936613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.937083] ================================================================== [ 33.721984] ================================================================== [ 33.722679] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0xd6/0x177 [ 33.722679] [ 33.723233] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#87): [ 33.723565] test_out_of_bounds_write+0xd6/0x177 [ 33.723964] kunit_try_run_case+0x8f/0xd0 [ 33.724229] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.724514] kthread+0x17b/0x1b0 [ 33.724762] ret_from_fork+0x22/0x30 [ 33.725026] [ 33.725173] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.725173] [ 33.725685] allocated by task 281 on cpu 0 at 33.721812s: [ 33.725965] test_alloc+0x21e/0x7f3 [ 33.726267] test_out_of_bounds_write+0xc6/0x177 [ 33.726550] kunit_try_run_case+0x8f/0xd0 [ 33.726808] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.727130] kthread+0x17b/0x1b0 [ 33.727421] ret_from_fork+0x22/0x30 [ 33.727685] [ 33.727818] CPU: 0 PID: 281 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 33.728191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.728688] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 33.409979] ================================================================== [ 33.410617] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x198/0x236 [ 33.410617] [ 33.411106] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#84): [ 33.411875] test_out_of_bounds_read+0x198/0x236 [ 33.412158] kunit_try_run_case+0x8f/0xd0 [ 33.412645] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.412960] kthread+0x17b/0x1b0 [ 33.413151] ret_from_fork+0x22/0x30 [ 33.413379] [ 33.413588] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.413588] [ 33.414008] allocated by task 280 on cpu 1 at 33.409839s: [ 33.414274] test_alloc+0x20d/0x7f3 [ 33.414523] test_out_of_bounds_read+0x17f/0x236 [ 33.414808] kunit_try_run_case+0x8f/0xd0 [ 33.415029] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.415357] kthread+0x17b/0x1b0 [ 33.415573] ret_from_fork+0x22/0x30 [ 33.415767] [ 33.415869] CPU: 1 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 33.416302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.416746] ================================================================== [ 33.202107] ================================================================== [ 33.202740] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x10d/0x236 [ 33.202740] [ 33.203272] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#82): [ 33.203613] test_out_of_bounds_read+0x10d/0x236 [ 33.203897] kunit_try_run_case+0x8f/0xd0 [ 33.204136] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.204960] kthread+0x17b/0x1b0 [ 33.205346] ret_from_fork+0x22/0x30 [ 33.205670] [ 33.205776] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 33.205776] [ 33.206376] allocated by task 280 on cpu 1 at 33.201933s: [ 33.206877] test_alloc+0x20d/0x7f3 [ 33.207217] test_out_of_bounds_read+0xf6/0x236 [ 33.207487] kunit_try_run_case+0x8f/0xd0 [ 33.207738] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.208023] kthread+0x17b/0x1b0 [ 33.208234] ret_from_fork+0x22/0x30 [ 33.208716] [ 33.208828] CPU: 1 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 33.209439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.209977] ================================================================== [ 33.098148] ================================================================== [ 33.098806] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x198/0x236 [ 33.098806] [ 33.099385] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#81): [ 33.099706] test_out_of_bounds_read+0x198/0x236 [ 33.099997] kunit_try_run_case+0x8f/0xd0 [ 33.100269] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.100598] kthread+0x17b/0x1b0 [ 33.100765] ret_from_fork+0x22/0x30 [ 33.100997] [ 33.101119] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 33.101119] [ 33.101629] allocated by task 279 on cpu 1 at 33.097898s: [ 33.101971] test_alloc+0x21e/0x7f3 [ 33.102150] test_out_of_bounds_read+0x17f/0x236 [ 33.102523] kunit_try_run_case+0x8f/0xd0 [ 33.102751] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 33.103024] kthread+0x17b/0x1b0 [ 33.103251] ret_from_fork+0x22/0x30 [ 33.103463] [ 33.103583] CPU: 1 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 33.103986] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.104390] ================================================================== [ 32.787114] ================================================================== [ 32.787628] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x10d/0x236 [ 32.787628] [ 32.788186] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#78): [ 32.788679] test_out_of_bounds_read+0x10d/0x236 [ 32.788993] kunit_try_run_case+0x8f/0xd0 [ 32.789239] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.789575] kthread+0x17b/0x1b0 [ 32.789753] ret_from_fork+0x22/0x30 [ 32.789956] [ 32.790199] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 32.790199] [ 32.791007] allocated by task 279 on cpu 1 at 32.785895s: [ 32.791707] test_alloc+0x21e/0x7f3 [ 32.792106] test_out_of_bounds_read+0xf6/0x236 [ 32.792661] kunit_try_run_case+0x8f/0xd0 [ 32.793085] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.793753] kthread+0x17b/0x1b0 [ 32.794105] ret_from_fork+0x22/0x30 [ 32.794581] [ 32.794793] CPU: 1 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.795613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.796510] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree
[ 32.653731] ================================================================== [ 32.654055] BUG: KASAN: double-free in kfree+0x78/0x120 [ 32.654407] Free of addr ffff888101a015c0 by task kunit_try_catch/271 [ 32.654830] [ 32.654957] CPU: 1 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.655598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.656072] Call Trace: [ 32.656251] <TASK> [ 32.656384] dump_stack_lvl+0x49/0x62 [ 32.656884] print_report+0x189/0x492 [ 32.657158] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.657547] ? kfree+0x78/0x120 [ 32.657769] kasan_report_invalid_free+0xd8/0x150 [ 32.658085] ? kfree+0x78/0x120 [ 32.658311] ? kfree+0x78/0x120 [ 32.658687] ____kasan_slab_free+0x19f/0x1d0 [ 32.659061] ? kfree_sensitive+0x1f/0x50 [ 32.659326] __kasan_slab_free+0x12/0x20 [ 32.659662] __kmem_cache_free+0x188/0x2f0 [ 32.660004] kfree+0x78/0x120 [ 32.660283] kfree_sensitive+0x1f/0x50 [ 32.660523] kmalloc_double_kzfree+0xc8/0x1b0 [ 32.660940] ? kasan_global_oob_right+0x160/0x160 [ 32.661190] ? __kunit_add_resource+0xd1/0x100 [ 32.661437] ? kasan_test_init+0x13e/0x1b0 [ 32.661686] kunit_try_run_case+0x8f/0xd0 [ 32.661913] ? kunit_catch_run_case+0x80/0x80 [ 32.662176] ? kunit_try_catch_throw+0x40/0x40 [ 32.662666] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.662995] kthread+0x17b/0x1b0 [ 32.663179] ? kthread_complete_and_exit+0x30/0x30 [ 32.663423] ret_from_fork+0x22/0x30 [ 32.663749] </TASK> [ 32.664119] [ 32.664227] Allocated by task 271: [ 32.664428] kasan_save_stack+0x41/0x70 [ 32.664736] kasan_set_track+0x25/0x40 [ 32.664955] kasan_save_alloc_info+0x1e/0x30 [ 32.665203] __kasan_kmalloc+0xb6/0xc0 [ 32.665414] kmalloc_trace+0x48/0xb0 [ 32.665624] kmalloc_double_kzfree+0x99/0x1b0 [ 32.665872] kunit_try_run_case+0x8f/0xd0 [ 32.666098] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.666412] kthread+0x17b/0x1b0 [ 32.666571] ret_from_fork+0x22/0x30 [ 32.666790] [ 32.666901] Freed by task 271: [ 32.667083] kasan_save_stack+0x41/0x70 [ 32.667310] kasan_set_track+0x25/0x40 [ 32.667554] kasan_save_free_info+0x2e/0x50 [ 32.667791] ____kasan_slab_free+0x175/0x1d0 [ 32.668020] __kasan_slab_free+0x12/0x20 [ 32.668564] __kmem_cache_free+0x188/0x2f0 [ 32.668804] kfree+0x78/0x120 [ 32.668991] kfree_sensitive+0x3e/0x50 [ 32.669235] kmalloc_double_kzfree+0xb1/0x1b0 [ 32.669580] kunit_try_run_case+0x8f/0xd0 [ 32.669806] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.670083] kthread+0x17b/0x1b0 [ 32.670341] ret_from_fork+0x22/0x30 [ 32.670521] [ 32.670612] The buggy address belongs to the object at ffff888101a015c0 [ 32.670612] which belongs to the cache kmalloc-16 of size 16 [ 32.671375] The buggy address is located 0 bytes inside of [ 32.671375] 16-byte region [ffff888101a015c0, ffff888101a015d0) [ 32.671866] [ 32.671984] The buggy address belongs to the physical page: [ 32.672306] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a01 [ 32.672904] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.673236] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.673774] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.674108] page dumped because: kasan: bad access detected [ 32.674483] [ 32.674581] Memory state around the buggy address: [ 32.674840] ffff888101a01480: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 02 fc fc [ 32.675183] ffff888101a01500: 00 03 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 32.675652] >ffff888101a01580: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.675969] ^ [ 32.676222] ffff888101a01600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676509] ffff888101a01680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.676864] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kfree_sensitive
[ 32.620510] ================================================================== [ 32.621370] BUG: KASAN: use-after-free in kfree_sensitive+0x12/0x50 [ 32.621872] Read of size 1 at addr ffff888101a015c0 by task kunit_try_catch/271 [ 32.622931] [ 32.623155] CPU: 1 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.623836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.624313] Call Trace: [ 32.624875] <TASK> [ 32.625241] dump_stack_lvl+0x49/0x62 [ 32.625653] print_report+0x189/0x492 [ 32.626036] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.626602] ? kfree_sensitive+0x12/0x50 [ 32.627004] kasan_report+0x10c/0x190 [ 32.627548] ? kfree_sensitive+0x12/0x50 [ 32.627925] ? kfree_sensitive+0x12/0x50 [ 32.628367] __kasan_check_byte+0x39/0x50 [ 32.628977] ksize+0x1e/0x70 [ 32.629376] kfree_sensitive+0x12/0x50 [ 32.629604] kmalloc_double_kzfree+0xc8/0x1b0 [ 32.629844] ? kasan_global_oob_right+0x160/0x160 [ 32.630089] ? __kunit_add_resource+0xd1/0x100 [ 32.630778] ? kasan_test_init+0x13e/0x1b0 [ 32.631148] kunit_try_run_case+0x8f/0xd0 [ 32.631606] ? kunit_catch_run_case+0x80/0x80 [ 32.632002] ? kunit_try_catch_throw+0x40/0x40 [ 32.632846] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.633174] kthread+0x17b/0x1b0 [ 32.633631] ? kthread_complete_and_exit+0x30/0x30 [ 32.634072] ret_from_fork+0x22/0x30 [ 32.634528] </TASK> [ 32.634866] [ 32.635022] Allocated by task 271: [ 32.635413] kasan_save_stack+0x41/0x70 [ 32.635747] kasan_set_track+0x25/0x40 [ 32.636093] kasan_save_alloc_info+0x1e/0x30 [ 32.636778] __kasan_kmalloc+0xb6/0xc0 [ 32.637192] kmalloc_trace+0x48/0xb0 [ 32.637622] kmalloc_double_kzfree+0x99/0x1b0 [ 32.637992] kunit_try_run_case+0x8f/0xd0 [ 32.638296] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.638783] kthread+0x17b/0x1b0 [ 32.639108] ret_from_fork+0x22/0x30 [ 32.639738] [ 32.639861] Freed by task 271: [ 32.640026] kasan_save_stack+0x41/0x70 [ 32.640697] kasan_set_track+0x25/0x40 [ 32.641089] kasan_save_free_info+0x2e/0x50 [ 32.641603] ____kasan_slab_free+0x175/0x1d0 [ 32.641864] __kasan_slab_free+0x12/0x20 [ 32.642215] __kmem_cache_free+0x188/0x2f0 [ 32.642681] kfree+0x78/0x120 [ 32.643007] kfree_sensitive+0x3e/0x50 [ 32.643255] kmalloc_double_kzfree+0xb1/0x1b0 [ 32.643724] kunit_try_run_case+0x8f/0xd0 [ 32.643997] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.644594] kthread+0x17b/0x1b0 [ 32.644815] ret_from_fork+0x22/0x30 [ 32.645204] [ 32.645299] The buggy address belongs to the object at ffff888101a015c0 [ 32.645299] which belongs to the cache kmalloc-16 of size 16 [ 32.646097] The buggy address is located 0 bytes inside of [ 32.646097] 16-byte region [ffff888101a015c0, ffff888101a015d0) [ 32.647001] [ 32.647125] The buggy address belongs to the physical page: [ 32.647453] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a01 [ 32.647944] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.648309] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.649130] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.649752] page dumped because: kasan: bad access detected [ 32.650027] [ 32.650158] Memory state around the buggy address: [ 32.650577] ffff888101a01480: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 02 fc fc [ 32.650962] ffff888101a01500: 00 03 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 32.651344] >ffff888101a01580: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 32.651813] ^ [ 32.652058] ffff888101a01600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.652729] ffff888101a01680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.653103] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 32.549101] ================================================================== [ 32.549719] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23d/0x670 [ 32.550146] Read of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.550500] [ 32.550618] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.551002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.551680] Call Trace: [ 32.551853] <TASK> [ 32.552003] dump_stack_lvl+0x49/0x62 [ 32.552307] print_report+0x189/0x492 [ 32.552650] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.552946] ? kasan_bitops_test_and_modify.constprop.0+0x23d/0x670 [ 32.553570] kasan_report+0x10c/0x190 [ 32.553885] ? kasan_bitops_test_and_modify.constprop.0+0x23d/0x670 [ 32.554269] kasan_check_range+0x10b/0x1c0 [ 32.554605] __kasan_check_read+0x11/0x20 [ 32.554854] kasan_bitops_test_and_modify.constprop.0+0x23d/0x670 [ 32.555193] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.555616] ? kasan_set_track+0x25/0x40 [ 32.555871] ? kasan_save_alloc_info+0x1e/0x30 [ 32.556146] ? __kasan_kmalloc+0xb6/0xc0 [ 32.556540] kasan_bitops_generic+0xac/0x120 [ 32.556796] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.557153] ? kasan_test_init+0x13e/0x1b0 [ 32.557676] kunit_try_run_case+0x8f/0xd0 [ 32.557902] ? kunit_catch_run_case+0x80/0x80 [ 32.558194] ? kunit_try_catch_throw+0x40/0x40 [ 32.558617] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.558952] kthread+0x17b/0x1b0 [ 32.559190] ? kthread_complete_and_exit+0x30/0x30 [ 32.559608] ret_from_fork+0x22/0x30 [ 32.559891] </TASK> [ 32.560010] [ 32.560121] Allocated by task 269: [ 32.560443] kasan_save_stack+0x41/0x70 [ 32.560696] kasan_set_track+0x25/0x40 [ 32.560920] kasan_save_alloc_info+0x1e/0x30 [ 32.561190] __kasan_kmalloc+0xb6/0xc0 [ 32.561736] kmalloc_trace+0x48/0xb0 [ 32.562008] kasan_bitops_generic+0x86/0x120 [ 32.562307] kunit_try_run_case+0x8f/0xd0 [ 32.562669] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.563016] kthread+0x17b/0x1b0 [ 32.563230] ret_from_fork+0x22/0x30 [ 32.563550] [ 32.563665] The buggy address belongs to the object at ffff888102f54b60 [ 32.563665] which belongs to the cache kmalloc-16 of size 16 [ 32.564238] The buggy address is located 8 bytes inside of [ 32.564238] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.564890] [ 32.565024] The buggy address belongs to the physical page: [ 32.565323] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.566068] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.566522] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.566891] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.567259] page dumped because: kasan: bad access detected [ 32.567649] [ 32.567776] Memory state around the buggy address: [ 32.568022] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.568514] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.568877] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.569239] ^ [ 32.569991] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.570401] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.570781] ================================================================== [ 32.592845] ================================================================== [ 32.593220] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x288/0x670 [ 32.593807] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.594196] [ 32.594552] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.594982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.595595] Call Trace: [ 32.595788] <TASK> [ 32.595949] dump_stack_lvl+0x49/0x62 [ 32.596186] print_report+0x189/0x492 [ 32.596557] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.596846] ? kasan_bitops_test_and_modify.constprop.0+0x288/0x670 [ 32.597246] kasan_report+0x10c/0x190 [ 32.597601] ? kasan_bitops_test_and_modify.constprop.0+0x288/0x670 [ 32.597963] kasan_check_range+0x10b/0x1c0 [ 32.598236] __kasan_check_write+0x14/0x20 [ 32.598701] kasan_bitops_test_and_modify.constprop.0+0x288/0x670 [ 32.599058] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.599544] ? kasan_set_track+0x25/0x40 [ 32.599794] ? kasan_save_alloc_info+0x1e/0x30 [ 32.600072] ? __kasan_kmalloc+0xb6/0xc0 [ 32.600411] kasan_bitops_generic+0xac/0x120 [ 32.600691] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.601053] ? kasan_test_init+0x13e/0x1b0 [ 32.601486] kunit_try_run_case+0x8f/0xd0 [ 32.601736] ? kunit_catch_run_case+0x80/0x80 [ 32.602006] ? kunit_try_catch_throw+0x40/0x40 [ 32.602324] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.602792] kthread+0x17b/0x1b0 [ 32.603126] ? kthread_complete_and_exit+0x30/0x30 [ 32.603601] ret_from_fork+0x22/0x30 [ 32.603861] </TASK> [ 32.603990] [ 32.604109] Allocated by task 269: [ 32.604419] kasan_save_stack+0x41/0x70 [ 32.604670] kasan_set_track+0x25/0x40 [ 32.604906] kasan_save_alloc_info+0x1e/0x30 [ 32.605168] __kasan_kmalloc+0xb6/0xc0 [ 32.605416] kmalloc_trace+0x48/0xb0 [ 32.605743] kasan_bitops_generic+0x86/0x120 [ 32.606008] kunit_try_run_case+0x8f/0xd0 [ 32.606276] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.606829] kthread+0x17b/0x1b0 [ 32.607080] ret_from_fork+0x22/0x30 [ 32.607322] [ 32.607598] The buggy address belongs to the object at ffff888102f54b60 [ 32.607598] which belongs to the cache kmalloc-16 of size 16 [ 32.608135] The buggy address is located 8 bytes inside of [ 32.608135] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.608789] [ 32.608942] The buggy address belongs to the physical page: [ 32.609244] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.609789] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.610105] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.610714] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.611094] page dumped because: kasan: bad access detected [ 32.611523] [ 32.611622] Memory state around the buggy address: [ 32.611901] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.612303] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.612754] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.613092] ^ [ 32.613569] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.613945] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.614323] ================================================================== [ 32.571299] ================================================================== [ 32.571706] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x245/0x670 [ 32.572197] Read of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.572651] [ 32.572804] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.573189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.573846] Call Trace: [ 32.574129] <TASK> [ 32.574285] dump_stack_lvl+0x49/0x62 [ 32.574513] print_report+0x189/0x492 [ 32.574751] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.575178] ? kasan_bitops_test_and_modify.constprop.0+0x245/0x670 [ 32.575637] kasan_report+0x10c/0x190 [ 32.575910] ? kasan_bitops_test_and_modify.constprop.0+0x245/0x670 [ 32.576452] __asan_load8+0x7e/0xb0 [ 32.576690] kasan_bitops_test_and_modify.constprop.0+0x245/0x670 [ 32.577044] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.577392] ? kasan_set_track+0x25/0x40 [ 32.577926] ? kasan_save_alloc_info+0x1e/0x30 [ 32.578252] ? __kasan_kmalloc+0xb6/0xc0 [ 32.578534] kasan_bitops_generic+0xac/0x120 [ 32.578869] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.579258] ? kasan_test_init+0x13e/0x1b0 [ 32.579607] kunit_try_run_case+0x8f/0xd0 [ 32.579878] ? kunit_catch_run_case+0x80/0x80 [ 32.580130] ? kunit_try_catch_throw+0x40/0x40 [ 32.580467] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.580770] kthread+0x17b/0x1b0 [ 32.580955] ? kthread_complete_and_exit+0x30/0x30 [ 32.581209] ret_from_fork+0x22/0x30 [ 32.581458] </TASK> [ 32.581596] [ 32.581696] Allocated by task 269: [ 32.581895] kasan_save_stack+0x41/0x70 [ 32.582106] kasan_set_track+0x25/0x40 [ 32.582851] kasan_save_alloc_info+0x1e/0x30 [ 32.583094] __kasan_kmalloc+0xb6/0xc0 [ 32.583523] kmalloc_trace+0x48/0xb0 [ 32.583722] kasan_bitops_generic+0x86/0x120 [ 32.583963] kunit_try_run_case+0x8f/0xd0 [ 32.584239] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.584657] kthread+0x17b/0x1b0 [ 32.584870] ret_from_fork+0x22/0x30 [ 32.585095] [ 32.585234] The buggy address belongs to the object at ffff888102f54b60 [ 32.585234] which belongs to the cache kmalloc-16 of size 16 [ 32.585926] The buggy address is located 8 bytes inside of [ 32.585926] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.586722] [ 32.586853] The buggy address belongs to the physical page: [ 32.587125] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.587729] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.588047] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.588572] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.588954] page dumped because: kasan: bad access detected [ 32.589244] [ 32.589437] Memory state around the buggy address: [ 32.589718] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.590081] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.590655] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.591007] ^ [ 32.591372] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.591865] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.592235] ================================================================== [ 32.501282] ================================================================== [ 32.502274] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1c6/0x670 [ 32.503035] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.503665] [ 32.503874] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.504761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.505710] Call Trace: [ 32.505848] <TASK> [ 32.505961] dump_stack_lvl+0x49/0x62 [ 32.506154] print_report+0x189/0x492 [ 32.506413] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.506811] ? kasan_bitops_test_and_modify.constprop.0+0x1c6/0x670 [ 32.507133] kasan_report+0x10c/0x190 [ 32.507518] ? kasan_bitops_test_and_modify.constprop.0+0x1c6/0x670 [ 32.507902] kasan_check_range+0x10b/0x1c0 [ 32.508150] __kasan_check_write+0x14/0x20 [ 32.508418] kasan_bitops_test_and_modify.constprop.0+0x1c6/0x670 [ 32.508854] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.509185] ? kasan_set_track+0x25/0x40 [ 32.509711] ? kasan_save_alloc_info+0x1e/0x30 [ 32.509969] ? __kasan_kmalloc+0xb6/0xc0 [ 32.510288] kasan_bitops_generic+0xac/0x120 [ 32.510646] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.511001] ? kasan_test_init+0x13e/0x1b0 [ 32.511284] kunit_try_run_case+0x8f/0xd0 [ 32.511633] ? kunit_catch_run_case+0x80/0x80 [ 32.511893] ? kunit_try_catch_throw+0x40/0x40 [ 32.512155] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.512602] kthread+0x17b/0x1b0 [ 32.512815] ? kthread_complete_and_exit+0x30/0x30 [ 32.513083] ret_from_fork+0x22/0x30 [ 32.513586] </TASK> [ 32.513768] [ 32.513873] Allocated by task 269: [ 32.514018] kasan_save_stack+0x41/0x70 [ 32.514327] kasan_set_track+0x25/0x40 [ 32.514664] kasan_save_alloc_info+0x1e/0x30 [ 32.514919] __kasan_kmalloc+0xb6/0xc0 [ 32.515146] kmalloc_trace+0x48/0xb0 [ 32.515530] kasan_bitops_generic+0x86/0x120 [ 32.515788] kunit_try_run_case+0x8f/0xd0 [ 32.516050] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.516482] kthread+0x17b/0x1b0 [ 32.516677] ret_from_fork+0x22/0x30 [ 32.516919] [ 32.517020] The buggy address belongs to the object at ffff888102f54b60 [ 32.517020] which belongs to the cache kmalloc-16 of size 16 [ 32.517851] The buggy address is located 8 bytes inside of [ 32.517851] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.518355] [ 32.518470] The buggy address belongs to the physical page: [ 32.518700] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.519143] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.519732] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.520145] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.520671] page dumped because: kasan: bad access detected [ 32.520881] [ 32.520978] Memory state around the buggy address: [ 32.521179] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.522147] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.522936] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.523701] ^ [ 32.524433] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.525098] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.526011] ================================================================== [ 32.413279] ================================================================== [ 32.413726] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd8/0x670 [ 32.414185] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.414624] [ 32.414755] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.415101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.415466] Call Trace: [ 32.415647] <TASK> [ 32.415796] dump_stack_lvl+0x49/0x62 [ 32.416041] print_report+0x189/0x492 [ 32.416578] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.416869] ? kasan_bitops_test_and_modify.constprop.0+0xd8/0x670 [ 32.417187] kasan_report+0x10c/0x190 [ 32.417594] ? kasan_bitops_test_and_modify.constprop.0+0xd8/0x670 [ 32.417916] kasan_check_range+0x10b/0x1c0 [ 32.418148] __kasan_check_write+0x14/0x20 [ 32.418396] kasan_bitops_test_and_modify.constprop.0+0xd8/0x670 [ 32.418925] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.419195] ? kasan_set_track+0x25/0x40 [ 32.419500] ? kasan_save_alloc_info+0x1e/0x30 [ 32.419727] ? __kasan_kmalloc+0xb6/0xc0 [ 32.419978] kasan_bitops_generic+0xac/0x120 [ 32.420216] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.420624] ? kasan_test_init+0x13e/0x1b0 [ 32.420862] kunit_try_run_case+0x8f/0xd0 [ 32.421073] ? kunit_catch_run_case+0x80/0x80 [ 32.421637] ? kunit_try_catch_throw+0x40/0x40 [ 32.421881] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.422206] kthread+0x17b/0x1b0 [ 32.422528] ? kthread_complete_and_exit+0x30/0x30 [ 32.422774] ret_from_fork+0x22/0x30 [ 32.423016] </TASK> [ 32.423132] [ 32.423234] Allocated by task 269: [ 32.423429] kasan_save_stack+0x41/0x70 [ 32.423734] kasan_set_track+0x25/0x40 [ 32.423963] kasan_save_alloc_info+0x1e/0x30 [ 32.424205] __kasan_kmalloc+0xb6/0xc0 [ 32.424439] kmalloc_trace+0x48/0xb0 [ 32.424641] kasan_bitops_generic+0x86/0x120 [ 32.424892] kunit_try_run_case+0x8f/0xd0 [ 32.425127] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.425715] kthread+0x17b/0x1b0 [ 32.425928] ret_from_fork+0x22/0x30 [ 32.426110] [ 32.426235] The buggy address belongs to the object at ffff888102f54b60 [ 32.426235] which belongs to the cache kmalloc-16 of size 16 [ 32.426902] The buggy address is located 8 bytes inside of [ 32.426902] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.427417] [ 32.427567] The buggy address belongs to the physical page: [ 32.427859] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.428290] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.428680] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.429068] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.429386] page dumped because: kasan: bad access detected [ 32.429659] [ 32.429768] Memory state around the buggy address: [ 32.430001] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.430641] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.430937] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.431422] ^ [ 32.431743] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.432043] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.432537] ================================================================== [ 32.393095] ================================================================== [ 32.393479] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x9c/0x670 [ 32.393988] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.394362] [ 32.394745] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.395120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.395484] Call Trace: [ 32.395614] <TASK> [ 32.395841] dump_stack_lvl+0x49/0x62 [ 32.396101] print_report+0x189/0x492 [ 32.396472] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.396777] ? kasan_bitops_test_and_modify.constprop.0+0x9c/0x670 [ 32.397124] kasan_report+0x10c/0x190 [ 32.397418] ? kasan_bitops_test_and_modify.constprop.0+0x9c/0x670 [ 32.397758] kasan_check_range+0x10b/0x1c0 [ 32.398001] __kasan_check_write+0x14/0x20 [ 32.398218] kasan_bitops_test_and_modify.constprop.0+0x9c/0x670 [ 32.398832] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.399089] ? kasan_set_track+0x25/0x40 [ 32.399455] ? kasan_save_alloc_info+0x1e/0x30 [ 32.399734] ? __kasan_kmalloc+0xb6/0xc0 [ 32.399945] kasan_bitops_generic+0xac/0x120 [ 32.400219] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.400638] ? kasan_test_init+0x13e/0x1b0 [ 32.400897] kunit_try_run_case+0x8f/0xd0 [ 32.401142] ? kunit_catch_run_case+0x80/0x80 [ 32.401442] ? kunit_try_catch_throw+0x40/0x40 [ 32.401661] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.401986] kthread+0x17b/0x1b0 [ 32.402200] ? kthread_complete_and_exit+0x30/0x30 [ 32.402456] ret_from_fork+0x22/0x30 [ 32.402776] </TASK> [ 32.402896] [ 32.402986] Allocated by task 269: [ 32.403192] kasan_save_stack+0x41/0x70 [ 32.403440] kasan_set_track+0x25/0x40 [ 32.403648] kasan_save_alloc_info+0x1e/0x30 [ 32.403885] __kasan_kmalloc+0xb6/0xc0 [ 32.404063] kmalloc_trace+0x48/0xb0 [ 32.404712] kasan_bitops_generic+0x86/0x120 [ 32.404977] kunit_try_run_case+0x8f/0xd0 [ 32.405196] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.405634] kthread+0x17b/0x1b0 [ 32.405819] ret_from_fork+0x22/0x30 [ 32.406008] [ 32.406115] The buggy address belongs to the object at ffff888102f54b60 [ 32.406115] which belongs to the cache kmalloc-16 of size 16 [ 32.406787] The buggy address is located 8 bytes inside of [ 32.406787] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.407236] [ 32.407351] The buggy address belongs to the physical page: [ 32.407868] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.408346] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.408778] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.409130] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.409489] page dumped because: kasan: bad access detected [ 32.410001] [ 32.410115] Memory state around the buggy address: [ 32.410376] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.410757] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.411105] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.411410] ^ [ 32.412007] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.412492] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.412827] ================================================================== [ 32.453380] ================================================================== [ 32.453733] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x14f/0x670 [ 32.454122] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.454579] [ 32.454909] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.455345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.455926] Call Trace: [ 32.456068] <TASK> [ 32.456229] dump_stack_lvl+0x49/0x62 [ 32.456441] print_report+0x189/0x492 [ 32.456775] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.457178] ? kasan_bitops_test_and_modify.constprop.0+0x14f/0x670 [ 32.457462] kasan_report+0x10c/0x190 [ 32.457773] ? kasan_bitops_test_and_modify.constprop.0+0x14f/0x670 [ 32.458111] kasan_check_range+0x10b/0x1c0 [ 32.458536] __kasan_check_write+0x14/0x20 [ 32.458769] kasan_bitops_test_and_modify.constprop.0+0x14f/0x670 [ 32.459114] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.459631] ? kasan_set_track+0x25/0x40 [ 32.459861] ? kasan_save_alloc_info+0x1e/0x30 [ 32.460123] ? __kasan_kmalloc+0xb6/0xc0 [ 32.460383] kasan_bitops_generic+0xac/0x120 [ 32.460733] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.461079] ? kasan_test_init+0x13e/0x1b0 [ 32.461431] kunit_try_run_case+0x8f/0xd0 [ 32.461681] ? kunit_catch_run_case+0x80/0x80 [ 32.461916] ? kunit_try_catch_throw+0x40/0x40 [ 32.462173] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.462533] kthread+0x17b/0x1b0 [ 32.462993] ? kthread_complete_and_exit+0x30/0x30 [ 32.463300] ret_from_fork+0x22/0x30 [ 32.463528] </TASK> [ 32.463695] [ 32.463784] Allocated by task 269: [ 32.463982] kasan_save_stack+0x41/0x70 [ 32.464241] kasan_set_track+0x25/0x40 [ 32.464443] kasan_save_alloc_info+0x1e/0x30 [ 32.464684] __kasan_kmalloc+0xb6/0xc0 [ 32.464884] kmalloc_trace+0x48/0xb0 [ 32.465100] kasan_bitops_generic+0x86/0x120 [ 32.465708] kunit_try_run_case+0x8f/0xd0 [ 32.465944] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.466287] kthread+0x17b/0x1b0 [ 32.466500] ret_from_fork+0x22/0x30 [ 32.466721] [ 32.466833] The buggy address belongs to the object at ffff888102f54b60 [ 32.466833] which belongs to the cache kmalloc-16 of size 16 [ 32.467690] The buggy address is located 8 bytes inside of [ 32.467690] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.468205] [ 32.468323] The buggy address belongs to the physical page: [ 32.468541] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.469144] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.469491] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.469954] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.470322] page dumped because: kasan: bad access detected [ 32.470584] [ 32.470696] Memory state around the buggy address: [ 32.470925] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.471585] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.471880] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.472249] ^ [ 32.472631] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.472957] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.473332] ================================================================== [ 32.526830] ================================================================== [ 32.527195] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x202/0x670 [ 32.528177] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.528703] [ 32.528810] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.529122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.529860] Call Trace: [ 32.530046] <TASK> [ 32.530199] dump_stack_lvl+0x49/0x62 [ 32.530460] print_report+0x189/0x492 [ 32.530801] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.531125] ? kasan_bitops_test_and_modify.constprop.0+0x202/0x670 [ 32.531587] kasan_report+0x10c/0x190 [ 32.531901] ? kasan_bitops_test_and_modify.constprop.0+0x202/0x670 [ 32.532281] kasan_check_range+0x10b/0x1c0 [ 32.532621] __kasan_check_write+0x14/0x20 [ 32.532882] kasan_bitops_test_and_modify.constprop.0+0x202/0x670 [ 32.533242] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.533801] ? kasan_set_track+0x25/0x40 [ 32.534043] ? kasan_save_alloc_info+0x1e/0x30 [ 32.534414] ? __kasan_kmalloc+0xb6/0xc0 [ 32.534686] kasan_bitops_generic+0xac/0x120 [ 32.534921] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.535406] ? kasan_test_init+0x13e/0x1b0 [ 32.535691] kunit_try_run_case+0x8f/0xd0 [ 32.535949] ? kunit_catch_run_case+0x80/0x80 [ 32.536243] ? kunit_try_catch_throw+0x40/0x40 [ 32.536642] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.536975] kthread+0x17b/0x1b0 [ 32.537190] ? kthread_complete_and_exit+0x30/0x30 [ 32.537760] ret_from_fork+0x22/0x30 [ 32.538026] </TASK> [ 32.538190] [ 32.538439] Allocated by task 269: [ 32.538646] kasan_save_stack+0x41/0x70 [ 32.538917] kasan_set_track+0x25/0x40 [ 32.539145] kasan_save_alloc_info+0x1e/0x30 [ 32.539525] __kasan_kmalloc+0xb6/0xc0 [ 32.539777] kmalloc_trace+0x48/0xb0 [ 32.540014] kasan_bitops_generic+0x86/0x120 [ 32.540270] kunit_try_run_case+0x8f/0xd0 [ 32.540606] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.540919] kthread+0x17b/0x1b0 [ 32.541148] ret_from_fork+0x22/0x30 [ 32.541648] [ 32.541748] The buggy address belongs to the object at ffff888102f54b60 [ 32.541748] which belongs to the cache kmalloc-16 of size 16 [ 32.542406] The buggy address is located 8 bytes inside of [ 32.542406] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.543014] [ 32.543132] The buggy address belongs to the physical page: [ 32.543522] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.543992] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.544473] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.544859] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.545256] page dumped because: kasan: bad access detected [ 32.545787] [ 32.545895] Memory state around the buggy address: [ 32.546147] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.546666] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.547028] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.547500] ^ [ 32.547817] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.548179] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.548647] ================================================================== [ 32.433018] ================================================================== [ 32.433401] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x113/0x670 [ 32.433834] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.434171] [ 32.434283] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.434741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.435082] Call Trace: [ 32.435633] <TASK> [ 32.435795] dump_stack_lvl+0x49/0x62 [ 32.436045] print_report+0x189/0x492 [ 32.436324] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.436642] ? kasan_bitops_test_and_modify.constprop.0+0x113/0x670 [ 32.436998] kasan_report+0x10c/0x190 [ 32.437219] ? kasan_bitops_test_and_modify.constprop.0+0x113/0x670 [ 32.437665] kasan_check_range+0x10b/0x1c0 [ 32.437863] __kasan_check_write+0x14/0x20 [ 32.438108] kasan_bitops_test_and_modify.constprop.0+0x113/0x670 [ 32.438625] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.438954] ? kasan_set_track+0x25/0x40 [ 32.439206] ? kasan_save_alloc_info+0x1e/0x30 [ 32.439562] ? __kasan_kmalloc+0xb6/0xc0 [ 32.439789] kasan_bitops_generic+0xac/0x120 [ 32.440041] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.440365] ? kasan_test_init+0x13e/0x1b0 [ 32.440568] kunit_try_run_case+0x8f/0xd0 [ 32.440833] ? kunit_catch_run_case+0x80/0x80 [ 32.441080] ? kunit_try_catch_throw+0x40/0x40 [ 32.441476] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.441773] kthread+0x17b/0x1b0 [ 32.441986] ? kthread_complete_and_exit+0x30/0x30 [ 32.442214] ret_from_fork+0x22/0x30 [ 32.442766] </TASK> [ 32.442932] [ 32.443035] Allocated by task 269: [ 32.443198] kasan_save_stack+0x41/0x70 [ 32.443626] kasan_set_track+0x25/0x40 [ 32.443847] kasan_save_alloc_info+0x1e/0x30 [ 32.444090] __kasan_kmalloc+0xb6/0xc0 [ 32.444359] kmalloc_trace+0x48/0xb0 [ 32.444544] kasan_bitops_generic+0x86/0x120 [ 32.444900] kunit_try_run_case+0x8f/0xd0 [ 32.445117] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.445398] kthread+0x17b/0x1b0 [ 32.445674] ret_from_fork+0x22/0x30 [ 32.445902] [ 32.446011] The buggy address belongs to the object at ffff888102f54b60 [ 32.446011] which belongs to the cache kmalloc-16 of size 16 [ 32.446551] The buggy address is located 8 bytes inside of [ 32.446551] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.447830] [ 32.447953] The buggy address belongs to the physical page: [ 32.448233] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.448689] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.449101] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.449464] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.449828] page dumped because: kasan: bad access detected [ 32.450112] [ 32.450232] Memory state around the buggy address: [ 32.450739] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.451078] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.451574] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.451900] ^ [ 32.452201] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.452497] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.452860] ================================================================== [ 32.473775] ================================================================== [ 32.474116] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x18b/0x670 [ 32.474709] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.475058] [ 32.475172] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.475885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.476417] Call Trace: [ 32.476556] <TASK> [ 32.476709] dump_stack_lvl+0x49/0x62 [ 32.476971] print_report+0x189/0x492 [ 32.477189] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.477501] ? kasan_bitops_test_and_modify.constprop.0+0x18b/0x670 [ 32.477969] kasan_report+0x10c/0x190 [ 32.478227] ? kasan_bitops_test_and_modify.constprop.0+0x18b/0x670 [ 32.478643] kasan_check_range+0x10b/0x1c0 [ 32.478907] __kasan_check_write+0x14/0x20 [ 32.479116] kasan_bitops_test_and_modify.constprop.0+0x18b/0x670 [ 32.479416] ? kasan_bitops_modify.constprop.0+0x5a0/0x5a0 [ 32.479994] ? kasan_set_track+0x25/0x40 [ 32.480219] ? kasan_save_alloc_info+0x1e/0x30 [ 32.480492] ? __kasan_kmalloc+0xb6/0xc0 [ 32.480792] kasan_bitops_generic+0xac/0x120 [ 32.481081] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.481555] ? kasan_test_init+0x13e/0x1b0 [ 32.481815] kunit_try_run_case+0x8f/0xd0 [ 32.482064] ? kunit_catch_run_case+0x80/0x80 [ 32.482329] ? kunit_try_catch_throw+0x40/0x40 [ 32.482539] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.483052] kthread+0x17b/0x1b0 [ 32.483289] ? kthread_complete_and_exit+0x30/0x30 [ 32.483505] ret_from_fork+0x22/0x30 [ 32.483696] </TASK> [ 32.483825] [ 32.483941] Allocated by task 269: [ 32.484111] kasan_save_stack+0x41/0x70 [ 32.485796] kasan_set_track+0x25/0x40 [ 32.486278] kasan_save_alloc_info+0x1e/0x30 [ 32.486854] __kasan_kmalloc+0xb6/0xc0 [ 32.487054] kmalloc_trace+0x48/0xb0 [ 32.487236] kasan_bitops_generic+0x86/0x120 [ 32.487442] kunit_try_run_case+0x8f/0xd0 [ 32.487631] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.487860] kthread+0x17b/0x1b0 [ 32.488013] ret_from_fork+0x22/0x30 [ 32.488837] [ 32.489039] The buggy address belongs to the object at ffff888102f54b60 [ 32.489039] which belongs to the cache kmalloc-16 of size 16 [ 32.490500] The buggy address is located 8 bytes inside of [ 32.490500] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.491708] [ 32.491952] The buggy address belongs to the physical page: [ 32.492646] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.493537] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.494296] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.495269] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.495770] page dumped because: kasan: bad access detected [ 32.495985] [ 32.496077] Memory state around the buggy address: [ 32.496329] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.497038] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.497810] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.498553] ^ [ 32.499296] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.499949] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.500243] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 32.313841] ================================================================== [ 32.314127] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x180/0x5a0 [ 32.314655] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.315032] [ 32.315155] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.315846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.316271] Call Trace: [ 32.316513] <TASK> [ 32.316645] dump_stack_lvl+0x49/0x62 [ 32.316850] print_report+0x189/0x492 [ 32.317073] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.317452] ? kasan_bitops_modify.constprop.0+0x180/0x5a0 [ 32.317792] kasan_report+0x10c/0x190 [ 32.318036] ? kasan_bitops_modify.constprop.0+0x180/0x5a0 [ 32.318412] kasan_check_range+0x10b/0x1c0 [ 32.318621] __kasan_check_write+0x14/0x20 [ 32.318864] kasan_bitops_modify.constprop.0+0x180/0x5a0 [ 32.319094] ? kasan_test_exit+0xe0/0xe0 [ 32.319335] ? kasan_set_track+0x25/0x40 [ 32.319620] ? kasan_save_alloc_info+0x1e/0x30 [ 32.319826] ? __kasan_kmalloc+0xb6/0xc0 [ 32.320084] kasan_bitops_generic+0xa1/0x120 [ 32.320343] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.320846] ? kasan_test_init+0x13e/0x1b0 [ 32.321133] kunit_try_run_case+0x8f/0xd0 [ 32.321413] ? kunit_catch_run_case+0x80/0x80 [ 32.321716] ? kunit_try_catch_throw+0x40/0x40 [ 32.322072] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.322482] kthread+0x17b/0x1b0 [ 32.322691] ? kthread_complete_and_exit+0x30/0x30 [ 32.322968] ret_from_fork+0x22/0x30 [ 32.323216] </TASK> [ 32.323371] [ 32.323553] Allocated by task 269: [ 32.323760] kasan_save_stack+0x41/0x70 [ 32.323974] kasan_set_track+0x25/0x40 [ 32.324231] kasan_save_alloc_info+0x1e/0x30 [ 32.324434] __kasan_kmalloc+0xb6/0xc0 [ 32.324685] kmalloc_trace+0x48/0xb0 [ 32.324891] kasan_bitops_generic+0x86/0x120 [ 32.325096] kunit_try_run_case+0x8f/0xd0 [ 32.325417] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.325702] kthread+0x17b/0x1b0 [ 32.325869] ret_from_fork+0x22/0x30 [ 32.326079] [ 32.326414] The buggy address belongs to the object at ffff888102f54b60 [ 32.326414] which belongs to the cache kmalloc-16 of size 16 [ 32.327202] The buggy address is located 8 bytes inside of [ 32.327202] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.327934] [ 32.328059] The buggy address belongs to the physical page: [ 32.328363] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.328722] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.329130] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.329533] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.330115] page dumped because: kasan: bad access detected [ 32.330355] [ 32.330466] Memory state around the buggy address: [ 32.330732] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.331196] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.331585] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.331921] ^ [ 32.332209] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.332581] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.333064] ================================================================== [ 32.274579] ================================================================== [ 32.274953] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x10e/0x5a0 [ 32.275426] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.275712] [ 32.275806] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.276184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.276635] Call Trace: [ 32.276754] <TASK> [ 32.276860] dump_stack_lvl+0x49/0x62 [ 32.277051] print_report+0x189/0x492 [ 32.277502] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.277797] ? kasan_bitops_modify.constprop.0+0x10e/0x5a0 [ 32.278108] kasan_report+0x10c/0x190 [ 32.278444] ? kasan_bitops_modify.constprop.0+0x10e/0x5a0 [ 32.278742] kasan_check_range+0x10b/0x1c0 [ 32.278935] __kasan_check_write+0x14/0x20 [ 32.279115] kasan_bitops_modify.constprop.0+0x10e/0x5a0 [ 32.279341] ? kasan_test_exit+0xe0/0xe0 [ 32.279555] ? kasan_set_track+0x25/0x40 [ 32.279817] ? kasan_save_alloc_info+0x1e/0x30 [ 32.280100] ? __kasan_kmalloc+0xb6/0xc0 [ 32.280446] kasan_bitops_generic+0xa1/0x120 [ 32.280643] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.280904] ? kasan_test_init+0x13e/0x1b0 [ 32.281278] kunit_try_run_case+0x8f/0xd0 [ 32.281525] ? kunit_catch_run_case+0x80/0x80 [ 32.281984] ? kunit_try_catch_throw+0x40/0x40 [ 32.282258] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.282623] kthread+0x17b/0x1b0 [ 32.282841] ? kthread_complete_and_exit+0x30/0x30 [ 32.283098] ret_from_fork+0x22/0x30 [ 32.283356] </TASK> [ 32.283501] [ 32.283595] Allocated by task 269: [ 32.283739] kasan_save_stack+0x41/0x70 [ 32.283921] kasan_set_track+0x25/0x40 [ 32.284100] kasan_save_alloc_info+0x1e/0x30 [ 32.284435] __kasan_kmalloc+0xb6/0xc0 [ 32.284750] kmalloc_trace+0x48/0xb0 [ 32.285094] kasan_bitops_generic+0x86/0x120 [ 32.285354] kunit_try_run_case+0x8f/0xd0 [ 32.285535] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.285944] kthread+0x17b/0x1b0 [ 32.286151] ret_from_fork+0x22/0x30 [ 32.286364] [ 32.286479] The buggy address belongs to the object at ffff888102f54b60 [ 32.286479] which belongs to the cache kmalloc-16 of size 16 [ 32.286925] The buggy address is located 8 bytes inside of [ 32.286925] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.287782] [ 32.287892] The buggy address belongs to the physical page: [ 32.288141] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.288588] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.288811] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.289076] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.289745] page dumped because: kasan: bad access detected [ 32.290264] [ 32.290386] Memory state around the buggy address: [ 32.290606] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.290858] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.291294] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.291985] ^ [ 32.292332] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.292607] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.293047] ================================================================== [ 32.353125] ================================================================== [ 32.353557] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1f2/0x5a0 [ 32.353928] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.354349] [ 32.354458] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.355071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.355608] Call Trace: [ 32.355775] <TASK> [ 32.355902] dump_stack_lvl+0x49/0x62 [ 32.356141] print_report+0x189/0x492 [ 32.356429] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.356794] ? kasan_bitops_modify.constprop.0+0x1f2/0x5a0 [ 32.357078] kasan_report+0x10c/0x190 [ 32.357365] ? kasan_bitops_modify.constprop.0+0x1f2/0x5a0 [ 32.357646] kasan_check_range+0x10b/0x1c0 [ 32.357867] __kasan_check_write+0x14/0x20 [ 32.358115] kasan_bitops_modify.constprop.0+0x1f2/0x5a0 [ 32.358365] ? kasan_test_exit+0xe0/0xe0 [ 32.358632] ? kasan_set_track+0x25/0x40 [ 32.359142] ? kasan_save_alloc_info+0x1e/0x30 [ 32.359575] ? __kasan_kmalloc+0xb6/0xc0 [ 32.359847] kasan_bitops_generic+0xa1/0x120 [ 32.360054] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.360396] ? kasan_test_init+0x13e/0x1b0 [ 32.360746] kunit_try_run_case+0x8f/0xd0 [ 32.361016] ? kunit_catch_run_case+0x80/0x80 [ 32.361338] ? kunit_try_catch_throw+0x40/0x40 [ 32.361857] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.362150] kthread+0x17b/0x1b0 [ 32.362621] ? kthread_complete_and_exit+0x30/0x30 [ 32.362874] ret_from_fork+0x22/0x30 [ 32.363125] </TASK> [ 32.363327] [ 32.363525] Allocated by task 269: [ 32.363680] kasan_save_stack+0x41/0x70 [ 32.363928] kasan_set_track+0x25/0x40 [ 32.364170] kasan_save_alloc_info+0x1e/0x30 [ 32.364510] __kasan_kmalloc+0xb6/0xc0 [ 32.364742] kmalloc_trace+0x48/0xb0 [ 32.364965] kasan_bitops_generic+0x86/0x120 [ 32.365216] kunit_try_run_case+0x8f/0xd0 [ 32.365550] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.365789] kthread+0x17b/0x1b0 [ 32.365997] ret_from_fork+0x22/0x30 [ 32.366232] [ 32.366591] The buggy address belongs to the object at ffff888102f54b60 [ 32.366591] which belongs to the cache kmalloc-16 of size 16 [ 32.367093] The buggy address is located 8 bytes inside of [ 32.367093] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.367682] [ 32.367775] The buggy address belongs to the physical page: [ 32.368012] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.368479] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.368846] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.369239] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.369713] page dumped because: kasan: bad access detected [ 32.369994] [ 32.370083] Memory state around the buggy address: [ 32.370321] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.370897] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.371272] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.371754] ^ [ 32.372059] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.372388] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.372767] ================================================================== [ 32.333462] ================================================================== [ 32.333838] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1b7/0x5a0 [ 32.334251] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.334819] [ 32.334954] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.335502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.335836] Call Trace: [ 32.336002] <TASK> [ 32.336152] dump_stack_lvl+0x49/0x62 [ 32.336557] print_report+0x189/0x492 [ 32.336801] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.337063] ? kasan_bitops_modify.constprop.0+0x1b7/0x5a0 [ 32.337370] kasan_report+0x10c/0x190 [ 32.337706] ? kasan_bitops_modify.constprop.0+0x1b7/0x5a0 [ 32.338005] kasan_check_range+0x10b/0x1c0 [ 32.338276] __kasan_check_write+0x14/0x20 [ 32.338478] kasan_bitops_modify.constprop.0+0x1b7/0x5a0 [ 32.339035] ? kasan_test_exit+0xe0/0xe0 [ 32.339264] ? kasan_set_track+0x25/0x40 [ 32.339691] ? kasan_save_alloc_info+0x1e/0x30 [ 32.339955] ? __kasan_kmalloc+0xb6/0xc0 [ 32.340222] kasan_bitops_generic+0xa1/0x120 [ 32.340577] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.340902] ? kasan_test_init+0x13e/0x1b0 [ 32.341115] kunit_try_run_case+0x8f/0xd0 [ 32.341455] ? kunit_catch_run_case+0x80/0x80 [ 32.341683] ? kunit_try_catch_throw+0x40/0x40 [ 32.341939] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.342197] kthread+0x17b/0x1b0 [ 32.342655] ? kthread_complete_and_exit+0x30/0x30 [ 32.342911] ret_from_fork+0x22/0x30 [ 32.343151] </TASK> [ 32.343322] [ 32.343423] Allocated by task 269: [ 32.343669] kasan_save_stack+0x41/0x70 [ 32.343880] kasan_set_track+0x25/0x40 [ 32.344117] kasan_save_alloc_info+0x1e/0x30 [ 32.344406] __kasan_kmalloc+0xb6/0xc0 [ 32.344582] kmalloc_trace+0x48/0xb0 [ 32.344817] kasan_bitops_generic+0x86/0x120 [ 32.345073] kunit_try_run_case+0x8f/0xd0 [ 32.345312] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.345536] kthread+0x17b/0x1b0 [ 32.345738] ret_from_fork+0x22/0x30 [ 32.346178] [ 32.346299] The buggy address belongs to the object at ffff888102f54b60 [ 32.346299] which belongs to the cache kmalloc-16 of size 16 [ 32.347052] The buggy address is located 8 bytes inside of [ 32.347052] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.347702] [ 32.347819] The buggy address belongs to the physical page: [ 32.348031] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.348514] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.348817] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.349187] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.349692] page dumped because: kasan: bad access detected [ 32.349949] [ 32.350059] Memory state around the buggy address: [ 32.350346] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.350921] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.351241] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.351660] ^ [ 32.351967] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.352377] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.352686] ================================================================== [ 32.373526] ================================================================== [ 32.373833] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x229/0x5a0 [ 32.374286] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.374650] [ 32.374773] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.375102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.375594] Call Trace: [ 32.375742] <TASK> [ 32.375856] dump_stack_lvl+0x49/0x62 [ 32.376127] print_report+0x189/0x492 [ 32.376704] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.377009] ? kasan_bitops_modify.constprop.0+0x229/0x5a0 [ 32.377439] kasan_report+0x10c/0x190 [ 32.377670] ? kasan_bitops_modify.constprop.0+0x229/0x5a0 [ 32.377945] kasan_check_range+0x10b/0x1c0 [ 32.378214] __kasan_check_write+0x14/0x20 [ 32.378540] kasan_bitops_modify.constprop.0+0x229/0x5a0 [ 32.378784] ? kasan_test_exit+0xe0/0xe0 [ 32.379032] ? kasan_set_track+0x25/0x40 [ 32.379316] ? kasan_save_alloc_info+0x1e/0x30 [ 32.379549] ? __kasan_kmalloc+0xb6/0xc0 [ 32.379785] kasan_bitops_generic+0xa1/0x120 [ 32.380011] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.380345] ? kasan_test_init+0x13e/0x1b0 [ 32.380960] kunit_try_run_case+0x8f/0xd0 [ 32.381240] ? kunit_catch_run_case+0x80/0x80 [ 32.381595] ? kunit_try_catch_throw+0x40/0x40 [ 32.381865] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.382194] kthread+0x17b/0x1b0 [ 32.382482] ? kthread_complete_and_exit+0x30/0x30 [ 32.382721] ret_from_fork+0x22/0x30 [ 32.382962] </TASK> [ 32.383102] [ 32.383204] Allocated by task 269: [ 32.383379] kasan_save_stack+0x41/0x70 [ 32.383663] kasan_set_track+0x25/0x40 [ 32.383860] kasan_save_alloc_info+0x1e/0x30 [ 32.384109] __kasan_kmalloc+0xb6/0xc0 [ 32.384363] kmalloc_trace+0x48/0xb0 [ 32.384542] kasan_bitops_generic+0x86/0x120 [ 32.384777] kunit_try_run_case+0x8f/0xd0 [ 32.385006] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.385263] kthread+0x17b/0x1b0 [ 32.385463] ret_from_fork+0x22/0x30 [ 32.385765] [ 32.385857] The buggy address belongs to the object at ffff888102f54b60 [ 32.385857] which belongs to the cache kmalloc-16 of size 16 [ 32.386736] The buggy address is located 8 bytes inside of [ 32.386736] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.387256] [ 32.387455] The buggy address belongs to the physical page: [ 32.387675] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.388068] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.388396] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.388975] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.389383] page dumped because: kasan: bad access detected [ 32.389694] [ 32.389805] Memory state around the buggy address: [ 32.390038] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.390610] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.390923] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.391310] ^ [ 32.391700] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.392029] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.392599] ================================================================== [ 32.255953] ================================================================== [ 32.256326] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xd3/0x5a0 [ 32.256814] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.257175] [ 32.257340] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.257697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.258103] Call Trace: [ 32.258248] <TASK> [ 32.258436] dump_stack_lvl+0x49/0x62 [ 32.258675] print_report+0x189/0x492 [ 32.258921] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.259223] ? kasan_bitops_modify.constprop.0+0xd3/0x5a0 [ 32.259655] kasan_report+0x10c/0x190 [ 32.259875] ? kasan_bitops_modify.constprop.0+0xd3/0x5a0 [ 32.260188] kasan_check_range+0x10b/0x1c0 [ 32.260407] __kasan_check_write+0x14/0x20 [ 32.260701] kasan_bitops_modify.constprop.0+0xd3/0x5a0 [ 32.261024] ? kasan_test_exit+0xe0/0xe0 [ 32.261307] ? kasan_set_track+0x25/0x40 [ 32.261642] ? kasan_save_alloc_info+0x1e/0x30 [ 32.261860] ? __kasan_kmalloc+0xb6/0xc0 [ 32.262125] kasan_bitops_generic+0xa1/0x120 [ 32.262369] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.262652] ? kasan_test_init+0x13e/0x1b0 [ 32.262920] kunit_try_run_case+0x8f/0xd0 [ 32.263127] ? kunit_catch_run_case+0x80/0x80 [ 32.263555] ? kunit_try_catch_throw+0x40/0x40 [ 32.263810] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.264121] kthread+0x17b/0x1b0 [ 32.264289] ? kthread_complete_and_exit+0x30/0x30 [ 32.264604] ret_from_fork+0x22/0x30 [ 32.264965] </TASK> [ 32.265082] [ 32.265199] Allocated by task 269: [ 32.265556] kasan_save_stack+0x41/0x70 [ 32.265791] kasan_set_track+0x25/0x40 [ 32.266027] kasan_save_alloc_info+0x1e/0x30 [ 32.266256] __kasan_kmalloc+0xb6/0xc0 [ 32.266532] kmalloc_trace+0x48/0xb0 [ 32.266708] kasan_bitops_generic+0x86/0x120 [ 32.266915] kunit_try_run_case+0x8f/0xd0 [ 32.267151] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.267464] kthread+0x17b/0x1b0 [ 32.267616] ret_from_fork+0x22/0x30 [ 32.267781] [ 32.267888] The buggy address belongs to the object at ffff888102f54b60 [ 32.267888] which belongs to the cache kmalloc-16 of size 16 [ 32.268473] The buggy address is located 8 bytes inside of [ 32.268473] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.269241] [ 32.269367] The buggy address belongs to the physical page: [ 32.269620] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.270103] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.270496] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.270861] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.271125] page dumped because: kasan: bad access detected [ 32.271451] [ 32.271557] Memory state around the buggy address: [ 32.271775] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.272157] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.272630] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.272981] ^ [ 32.273304] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.273581] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.274008] ================================================================== [ 32.294032] ================================================================== [ 32.294353] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x145/0x5a0 [ 32.294840] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.295178] [ 32.295361] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.295839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.296182] Call Trace: [ 32.296313] <TASK> [ 32.296427] dump_stack_lvl+0x49/0x62 [ 32.296751] print_report+0x189/0x492 [ 32.297008] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.297328] ? kasan_bitops_modify.constprop.0+0x145/0x5a0 [ 32.297807] kasan_report+0x10c/0x190 [ 32.298065] ? kasan_bitops_modify.constprop.0+0x145/0x5a0 [ 32.298440] kasan_check_range+0x10b/0x1c0 [ 32.298647] __kasan_check_write+0x14/0x20 [ 32.298834] kasan_bitops_modify.constprop.0+0x145/0x5a0 [ 32.299130] ? kasan_test_exit+0xe0/0xe0 [ 32.299382] ? kasan_set_track+0x25/0x40 [ 32.299736] ? kasan_save_alloc_info+0x1e/0x30 [ 32.300328] ? __kasan_kmalloc+0xb6/0xc0 [ 32.300639] kasan_bitops_generic+0xa1/0x120 [ 32.300908] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.301229] ? kasan_test_init+0x13e/0x1b0 [ 32.301553] kunit_try_run_case+0x8f/0xd0 [ 32.301755] ? kunit_catch_run_case+0x80/0x80 [ 32.301975] ? kunit_try_catch_throw+0x40/0x40 [ 32.302247] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.302661] kthread+0x17b/0x1b0 [ 32.302872] ? kthread_complete_and_exit+0x30/0x30 [ 32.303140] ret_from_fork+0x22/0x30 [ 32.303341] </TASK> [ 32.303727] [ 32.303855] Allocated by task 269: [ 32.304051] kasan_save_stack+0x41/0x70 [ 32.304333] kasan_set_track+0x25/0x40 [ 32.304676] kasan_save_alloc_info+0x1e/0x30 [ 32.304921] __kasan_kmalloc+0xb6/0xc0 [ 32.305103] kmalloc_trace+0x48/0xb0 [ 32.305282] kasan_bitops_generic+0x86/0x120 [ 32.305531] kunit_try_run_case+0x8f/0xd0 [ 32.305767] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.306333] kthread+0x17b/0x1b0 [ 32.306566] ret_from_fork+0x22/0x30 [ 32.306742] [ 32.306853] The buggy address belongs to the object at ffff888102f54b60 [ 32.306853] which belongs to the cache kmalloc-16 of size 16 [ 32.307776] The buggy address is located 8 bytes inside of [ 32.307776] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.308267] [ 32.308506] The buggy address belongs to the physical page: [ 32.308736] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.309173] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.309411] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.309943] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.310264] page dumped because: kasan: bad access detected [ 32.310622] [ 32.310787] Memory state around the buggy address: [ 32.311005] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.311602] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.311929] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.312223] ^ [ 32.312598] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.312939] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.313311] ================================================================== [ 32.227592] ================================================================== [ 32.230201] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x9c/0x5a0 [ 32.230964] Write of size 8 at addr ffff888102f54b68 by task kunit_try_catch/269 [ 32.232506] [ 32.233105] CPU: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.234538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.234940] Call Trace: [ 32.235108] <TASK> [ 32.235249] dump_stack_lvl+0x49/0x62 [ 32.235824] print_report+0x189/0x492 [ 32.236031] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.236567] ? kasan_bitops_modify.constprop.0+0x9c/0x5a0 [ 32.236856] kasan_report+0x10c/0x190 [ 32.237125] ? kasan_bitops_modify.constprop.0+0x9c/0x5a0 [ 32.237576] kasan_check_range+0x10b/0x1c0 [ 32.237816] __kasan_check_write+0x14/0x20 [ 32.238048] kasan_bitops_modify.constprop.0+0x9c/0x5a0 [ 32.238357] ? kasan_test_exit+0xe0/0xe0 [ 32.238587] ? kasan_set_track+0x25/0x40 [ 32.238924] ? kasan_save_alloc_info+0x1e/0x30 [ 32.239185] ? __kasan_kmalloc+0xb6/0xc0 [ 32.239771] kasan_bitops_generic+0xa1/0x120 [ 32.240140] ? kasan_bitops_test_and_modify.constprop.0+0x670/0x670 [ 32.240636] ? kasan_test_init+0x13e/0x1b0 [ 32.241122] kunit_try_run_case+0x8f/0xd0 [ 32.241489] ? kunit_catch_run_case+0x80/0x80 [ 32.241716] ? kunit_try_catch_throw+0x40/0x40 [ 32.242254] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.242654] kthread+0x17b/0x1b0 [ 32.243070] ? kthread_complete_and_exit+0x30/0x30 [ 32.243757] ret_from_fork+0x22/0x30 [ 32.244218] </TASK> [ 32.244612] [ 32.244712] Allocated by task 269: [ 32.244858] kasan_save_stack+0x41/0x70 [ 32.245053] kasan_set_track+0x25/0x40 [ 32.245257] kasan_save_alloc_info+0x1e/0x30 [ 32.245522] __kasan_kmalloc+0xb6/0xc0 [ 32.245829] kmalloc_trace+0x48/0xb0 [ 32.245997] kasan_bitops_generic+0x86/0x120 [ 32.246254] kunit_try_run_case+0x8f/0xd0 [ 32.246932] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.247364] kthread+0x17b/0x1b0 [ 32.247686] ret_from_fork+0x22/0x30 [ 32.248013] [ 32.248114] The buggy address belongs to the object at ffff888102f54b60 [ 32.248114] which belongs to the cache kmalloc-16 of size 16 [ 32.249031] The buggy address is located 8 bytes inside of [ 32.249031] 16-byte region [ffff888102f54b60, ffff888102f54b70) [ 32.249803] [ 32.249903] The buggy address belongs to the physical page: [ 32.250356] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 32.250875] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.251336] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 32.251817] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 32.252276] page dumped because: kasan: bad access detected [ 32.252685] [ 32.252800] Memory state around the buggy address: [ 32.253072] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 32.253366] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 32.253794] >ffff888102f54b00: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 32.254198] ^ [ 32.254496] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.254869] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.255186] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-strnlen
[ 32.202493] ================================================================== [ 32.202867] BUG: KASAN: use-after-free in strnlen+0x2d/0x50 [ 32.203174] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.203618] [ 32.203767] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.204076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.204738] Call Trace: [ 32.204889] <TASK> [ 32.205008] dump_stack_lvl+0x49/0x62 [ 32.205270] print_report+0x189/0x492 [ 32.205511] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.205751] ? strnlen+0x2d/0x50 [ 32.205909] kasan_report+0x10c/0x190 [ 32.206140] ? kasan_report.cold+0xc/0x11 [ 32.206487] ? strnlen+0x2d/0x50 [ 32.206823] __asan_load1+0x62/0x70 [ 32.206995] strnlen+0x2d/0x50 [ 32.207145] kasan_strings+0x1f7/0x4e0 [ 32.207330] ? kmalloc_oob_right+0x310/0x310 [ 32.207555] ? __kunit_add_resource+0xd1/0x100 [ 32.208017] ? kasan_test_init+0x13e/0x1b0 [ 32.208277] kunit_try_run_case+0x8f/0xd0 [ 32.208585] ? kunit_catch_run_case+0x80/0x80 [ 32.208866] ? kunit_try_catch_throw+0x40/0x40 [ 32.209273] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.209708] kthread+0x17b/0x1b0 [ 32.209868] ? kthread_complete_and_exit+0x30/0x30 [ 32.210072] ret_from_fork+0x22/0x30 [ 32.210405] </TASK> [ 32.210555] [ 32.210662] Allocated by task 268: [ 32.210858] kasan_save_stack+0x41/0x70 [ 32.211099] kasan_set_track+0x25/0x40 [ 32.211363] kasan_save_alloc_info+0x1e/0x30 [ 32.211598] __kasan_kmalloc+0xb6/0xc0 [ 32.211805] kmalloc_trace+0x48/0xb0 [ 32.211981] kasan_strings+0x99/0x4e0 [ 32.212209] kunit_try_run_case+0x8f/0xd0 [ 32.212507] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.212786] kthread+0x17b/0x1b0 [ 32.212939] ret_from_fork+0x22/0x30 [ 32.213100] [ 32.213203] Freed by task 268: [ 32.213442] kasan_save_stack+0x41/0x70 [ 32.213677] kasan_set_track+0x25/0x40 [ 32.214075] kasan_save_free_info+0x2e/0x50 [ 32.214280] ____kasan_slab_free+0x175/0x1d0 [ 32.214467] __kasan_slab_free+0x12/0x20 [ 32.214643] __kmem_cache_free+0x188/0x2f0 [ 32.214888] kfree+0x78/0x120 [ 32.215076] kasan_strings+0xbd/0x4e0 [ 32.215296] kunit_try_run_case+0x8f/0xd0 [ 32.215536] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.215849] kthread+0x17b/0x1b0 [ 32.216185] ret_from_fork+0x22/0x30 [ 32.216349] [ 32.216435] The buggy address belongs to the object at ffff8881037341c0 [ 32.216435] which belongs to the cache kmalloc-32 of size 32 [ 32.217030] The buggy address is located 16 bytes inside of [ 32.217030] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.217406] [ 32.217495] The buggy address belongs to the physical page: [ 32.217690] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.218239] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.218544] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.219023] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.219392] page dumped because: kasan: bad access detected [ 32.219671] [ 32.219779] Memory state around the buggy address: [ 32.219986] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.220248] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.220912] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.221304] ^ [ 32.221569] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.221821] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.222105] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-strlen
[ 32.182367] ================================================================== [ 32.182705] BUG: KASAN: use-after-free in strlen+0xf/0x50 [ 32.183192] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.183618] [ 32.183829] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.184191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.184747] Call Trace: [ 32.184948] <TASK> [ 32.185063] dump_stack_lvl+0x49/0x62 [ 32.185379] print_report+0x189/0x492 [ 32.185632] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.185921] ? strlen+0xf/0x50 [ 32.186110] kasan_report+0x10c/0x190 [ 32.186350] ? strlen+0xf/0x50 [ 32.186560] __asan_load1+0x62/0x70 [ 32.186765] strlen+0xf/0x50 [ 32.186967] kasan_strings+0x1bf/0x4e0 [ 32.187210] ? kmalloc_oob_right+0x310/0x310 [ 32.187494] ? __kunit_add_resource+0xd1/0x100 [ 32.187750] ? kasan_test_init+0x13e/0x1b0 [ 32.187981] kunit_try_run_case+0x8f/0xd0 [ 32.188233] ? kunit_catch_run_case+0x80/0x80 [ 32.188484] ? kunit_try_catch_throw+0x40/0x40 [ 32.188719] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.189034] kthread+0x17b/0x1b0 [ 32.189249] ? kthread_complete_and_exit+0x30/0x30 [ 32.189538] ret_from_fork+0x22/0x30 [ 32.189788] </TASK> [ 32.189934] [ 32.190028] Allocated by task 268: [ 32.190239] kasan_save_stack+0x41/0x70 [ 32.190489] kasan_set_track+0x25/0x40 [ 32.190797] kasan_save_alloc_info+0x1e/0x30 [ 32.190991] __kasan_kmalloc+0xb6/0xc0 [ 32.191178] kmalloc_trace+0x48/0xb0 [ 32.191401] kasan_strings+0x99/0x4e0 [ 32.191837] kunit_try_run_case+0x8f/0xd0 [ 32.192061] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.192439] kthread+0x17b/0x1b0 [ 32.192646] ret_from_fork+0x22/0x30 [ 32.192880] [ 32.192973] Freed by task 268: [ 32.193105] kasan_save_stack+0x41/0x70 [ 32.193390] kasan_set_track+0x25/0x40 [ 32.193628] kasan_save_free_info+0x2e/0x50 [ 32.193860] ____kasan_slab_free+0x175/0x1d0 [ 32.194128] __kasan_slab_free+0x12/0x20 [ 32.194387] __kmem_cache_free+0x188/0x2f0 [ 32.194615] kfree+0x78/0x120 [ 32.194798] kasan_strings+0xbd/0x4e0 [ 32.194979] kunit_try_run_case+0x8f/0xd0 [ 32.195192] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.195451] kthread+0x17b/0x1b0 [ 32.195661] ret_from_fork+0x22/0x30 [ 32.195979] [ 32.196061] The buggy address belongs to the object at ffff8881037341c0 [ 32.196061] which belongs to the cache kmalloc-32 of size 32 [ 32.196901] The buggy address is located 16 bytes inside of [ 32.196901] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.197362] [ 32.197448] The buggy address belongs to the physical page: [ 32.197720] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.198109] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.198345] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.198609] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.199172] page dumped because: kasan: bad access detected [ 32.199455] [ 32.199564] Memory state around the buggy address: [ 32.199767] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.200011] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.200452] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.200797] ^ [ 32.201101] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.201569] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.201902] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-strncmp
[ 32.156219] ================================================================== [ 32.156725] BUG: KASAN: use-after-free in strncmp+0x32/0x80 [ 32.157024] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.157920] [ 32.158316] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.158735] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.159249] Call Trace: [ 32.159592] <TASK> [ 32.159815] dump_stack_lvl+0x49/0x62 [ 32.160061] print_report+0x189/0x492 [ 32.160532] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.160854] ? strncmp+0x32/0x80 [ 32.161065] kasan_report+0x10c/0x190 [ 32.161551] ? kasan_report.cold+0xc/0x11 [ 32.161806] ? strncmp+0x32/0x80 [ 32.162113] __asan_load1+0x62/0x70 [ 32.162490] strncmp+0x32/0x80 [ 32.162796] kasan_strings+0x18c/0x4e0 [ 32.163124] ? kmalloc_oob_right+0x310/0x310 [ 32.163545] ? __kunit_add_resource+0xd1/0x100 [ 32.163970] ? kasan_test_init+0x13e/0x1b0 [ 32.164304] kunit_try_run_case+0x8f/0xd0 [ 32.164686] ? kunit_catch_run_case+0x80/0x80 [ 32.164981] ? kunit_try_catch_throw+0x40/0x40 [ 32.165230] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.165530] kthread+0x17b/0x1b0 [ 32.165711] ? kthread_complete_and_exit+0x30/0x30 [ 32.165959] ret_from_fork+0x22/0x30 [ 32.166579] </TASK> [ 32.166742] [ 32.166851] Allocated by task 268: [ 32.167147] kasan_save_stack+0x41/0x70 [ 32.167566] kasan_set_track+0x25/0x40 [ 32.167871] kasan_save_alloc_info+0x1e/0x30 [ 32.168112] __kasan_kmalloc+0xb6/0xc0 [ 32.168557] kmalloc_trace+0x48/0xb0 [ 32.168753] kasan_strings+0x99/0x4e0 [ 32.169109] kunit_try_run_case+0x8f/0xd0 [ 32.169476] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.169773] kthread+0x17b/0x1b0 [ 32.169956] ret_from_fork+0x22/0x30 [ 32.170354] [ 32.170463] Freed by task 268: [ 32.170757] kasan_save_stack+0x41/0x70 [ 32.171041] kasan_set_track+0x25/0x40 [ 32.171405] kasan_save_free_info+0x2e/0x50 [ 32.171713] ____kasan_slab_free+0x175/0x1d0 [ 32.171930] __kasan_slab_free+0x12/0x20 [ 32.172151] __kmem_cache_free+0x188/0x2f0 [ 32.172414] kfree+0x78/0x120 [ 32.172872] kasan_strings+0xbd/0x4e0 [ 32.173248] kunit_try_run_case+0x8f/0xd0 [ 32.173540] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.173888] kthread+0x17b/0x1b0 [ 32.174152] ret_from_fork+0x22/0x30 [ 32.174412] [ 32.174510] The buggy address belongs to the object at ffff8881037341c0 [ 32.174510] which belongs to the cache kmalloc-32 of size 32 [ 32.175025] The buggy address is located 16 bytes inside of [ 32.175025] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.175943] [ 32.176076] The buggy address belongs to the physical page: [ 32.176477] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.176992] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.177428] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.177840] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.178280] page dumped because: kasan: bad access detected [ 32.178609] [ 32.178725] Memory state around the buggy address: [ 32.179105] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.179501] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.180005] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.180315] ^ [ 32.180815] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.181157] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.181768] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-strcmp
[ 32.127293] ================================================================== [ 32.127653] BUG: KASAN: use-after-free in strcmp+0x22/0x60 [ 32.128090] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.128691] [ 32.128959] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.129553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.130075] Call Trace: [ 32.130262] <TASK> [ 32.130470] dump_stack_lvl+0x49/0x62 [ 32.130729] print_report+0x189/0x492 [ 32.131323] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.131844] ? strcmp+0x22/0x60 [ 32.132155] kasan_report+0x10c/0x190 [ 32.132594] ? kasan_quarantine_put+0xba/0x1c0 [ 32.132994] ? strcmp+0x22/0x60 [ 32.133406] __asan_load1+0x62/0x70 [ 32.133730] strcmp+0x22/0x60 [ 32.134043] kasan_strings+0x14d/0x4e0 [ 32.134504] ? kmalloc_oob_right+0x310/0x310 [ 32.134789] ? __kunit_add_resource+0xd1/0x100 [ 32.135174] ? kasan_test_init+0x13e/0x1b0 [ 32.135635] kunit_try_run_case+0x8f/0xd0 [ 32.136014] ? kunit_catch_run_case+0x80/0x80 [ 32.136409] ? kunit_try_catch_throw+0x40/0x40 [ 32.136798] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.137255] kthread+0x17b/0x1b0 [ 32.137579] ? kthread_complete_and_exit+0x30/0x30 [ 32.137885] ret_from_fork+0x22/0x30 [ 32.138105] </TASK> [ 32.138482] [ 32.138599] Allocated by task 268: [ 32.138989] kasan_save_stack+0x41/0x70 [ 32.139260] kasan_set_track+0x25/0x40 [ 32.139597] kasan_save_alloc_info+0x1e/0x30 [ 32.140283] __kasan_kmalloc+0xb6/0xc0 [ 32.140665] kmalloc_trace+0x48/0xb0 [ 32.140929] kasan_strings+0x99/0x4e0 [ 32.141394] kunit_try_run_case+0x8f/0xd0 [ 32.141803] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.142144] kthread+0x17b/0x1b0 [ 32.142644] ret_from_fork+0x22/0x30 [ 32.142848] [ 32.142980] Freed by task 268: [ 32.143455] kasan_save_stack+0x41/0x70 [ 32.143805] kasan_set_track+0x25/0x40 [ 32.144150] kasan_save_free_info+0x2e/0x50 [ 32.144528] ____kasan_slab_free+0x175/0x1d0 [ 32.144949] __kasan_slab_free+0x12/0x20 [ 32.145357] __kmem_cache_free+0x188/0x2f0 [ 32.145712] kfree+0x78/0x120 [ 32.145904] kasan_strings+0xbd/0x4e0 [ 32.146109] kunit_try_run_case+0x8f/0xd0 [ 32.146403] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.146976] kthread+0x17b/0x1b0 [ 32.147200] ret_from_fork+0x22/0x30 [ 32.147438] [ 32.147626] The buggy address belongs to the object at ffff8881037341c0 [ 32.147626] which belongs to the cache kmalloc-32 of size 32 [ 32.148678] The buggy address is located 16 bytes inside of [ 32.148678] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.149368] [ 32.149609] The buggy address belongs to the physical page: [ 32.150007] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.150640] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.151137] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.151481] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.152125] page dumped because: kasan: bad access detected [ 32.152594] [ 32.152690] Memory state around the buggy address: [ 32.152952] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.153489] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.153916] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.154230] ^ [ 32.154615] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.155016] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.155688] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-strrchr
[ 32.101964] ================================================================== [ 32.102424] BUG: KASAN: use-after-free in strrchr+0x1a/0x40 [ 32.102747] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.103092] [ 32.103218] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.103624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.104060] Call Trace: [ 32.104225] <TASK> [ 32.104391] dump_stack_lvl+0x49/0x62 [ 32.104623] print_report+0x189/0x492 [ 32.104890] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.105200] ? strrchr+0x1a/0x40 [ 32.105468] kasan_report+0x10c/0x190 [ 32.105672] ? kasan_quarantine_put+0xba/0x1c0 [ 32.105933] ? strrchr+0x1a/0x40 [ 32.106187] __asan_load1+0x62/0x70 [ 32.106403] strrchr+0x1a/0x40 [ 32.106604] kasan_strings+0x112/0x4e0 [ 32.106846] ? kmalloc_oob_right+0x310/0x310 [ 32.107121] ? __kunit_add_resource+0xd1/0x100 [ 32.107446] ? kasan_test_init+0x13e/0x1b0 [ 32.107667] kunit_try_run_case+0x8f/0xd0 [ 32.107916] ? kunit_catch_run_case+0x80/0x80 [ 32.108797] ? kunit_try_catch_throw+0x40/0x40 [ 32.109001] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.109316] kthread+0x17b/0x1b0 [ 32.109517] ? kthread_complete_and_exit+0x30/0x30 [ 32.109771] ret_from_fork+0x22/0x30 [ 32.109953] </TASK> [ 32.110178] [ 32.110335] Allocated by task 268: [ 32.110526] kasan_save_stack+0x41/0x70 [ 32.110758] kasan_set_track+0x25/0x40 [ 32.110968] kasan_save_alloc_info+0x1e/0x30 [ 32.111181] __kasan_kmalloc+0xb6/0xc0 [ 32.111479] kmalloc_trace+0x48/0xb0 [ 32.111708] kasan_strings+0x99/0x4e0 [ 32.111967] kunit_try_run_case+0x8f/0xd0 [ 32.112289] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.112592] kthread+0x17b/0x1b0 [ 32.112791] ret_from_fork+0x22/0x30 [ 32.113034] [ 32.113200] Freed by task 268: [ 32.113392] kasan_save_stack+0x41/0x70 [ 32.113656] kasan_set_track+0x25/0x40 [ 32.113879] kasan_save_free_info+0x2e/0x50 [ 32.114055] ____kasan_slab_free+0x175/0x1d0 [ 32.114248] __kasan_slab_free+0x12/0x20 [ 32.114478] __kmem_cache_free+0x188/0x2f0 [ 32.114779] kfree+0x78/0x120 [ 32.115048] kasan_strings+0xbd/0x4e0 [ 32.115699] kunit_try_run_case+0x8f/0xd0 [ 32.115947] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.116591] kthread+0x17b/0x1b0 [ 32.116910] ret_from_fork+0x22/0x30 [ 32.117244] [ 32.117570] The buggy address belongs to the object at ffff8881037341c0 [ 32.117570] which belongs to the cache kmalloc-32 of size 32 [ 32.118233] The buggy address is located 16 bytes inside of [ 32.118233] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.119034] [ 32.119278] The buggy address belongs to the physical page: [ 32.119703] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.120379] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.120800] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.121320] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.121824] page dumped because: kasan: bad access detected [ 32.122211] [ 32.122475] Memory state around the buggy address: [ 32.122808] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.123283] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.123745] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.124199] ^ [ 32.124619] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.125096] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.125546] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-strchr
[ 32.076190] ================================================================== [ 32.076835] BUG: KASAN: use-after-free in strchr+0x14/0x60 [ 32.077110] Read of size 1 at addr ffff8881037341d0 by task kunit_try_catch/268 [ 32.077577] [ 32.077700] CPU: 1 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.078119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.078659] Call Trace: [ 32.078796] <TASK> [ 32.078954] dump_stack_lvl+0x49/0x62 [ 32.079229] print_report+0x189/0x492 [ 32.079530] ? kasan_complete_mode_report_info+0x7c/0x200 [ 32.079884] ? strchr+0x14/0x60 [ 32.080102] kasan_report+0x10c/0x190 [ 32.080432] ? kasan_quarantine_put+0xba/0x1c0 [ 32.080665] ? strchr+0x14/0x60 [ 32.080901] __asan_load1+0x62/0x70 [ 32.081099] strchr+0x14/0x60 [ 32.081384] kasan_strings+0xd9/0x4e0 [ 32.081616] ? kmalloc_oob_right+0x310/0x310 [ 32.081876] ? __kunit_add_resource+0xd1/0x100 [ 32.082138] ? kasan_test_init+0x13e/0x1b0 [ 32.082429] kunit_try_run_case+0x8f/0xd0 [ 32.082664] ? kunit_catch_run_case+0x80/0x80 [ 32.082964] ? kunit_try_catch_throw+0x40/0x40 [ 32.083207] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.083590] kthread+0x17b/0x1b0 [ 32.084117] ? kthread_complete_and_exit+0x30/0x30 [ 32.084838] ret_from_fork+0x22/0x30 [ 32.085421] </TASK> [ 32.085576] [ 32.085684] Allocated by task 268: [ 32.085862] kasan_save_stack+0x41/0x70 [ 32.086088] kasan_set_track+0x25/0x40 [ 32.086668] kasan_save_alloc_info+0x1e/0x30 [ 32.087094] __kasan_kmalloc+0xb6/0xc0 [ 32.087498] kmalloc_trace+0x48/0xb0 [ 32.087852] kasan_strings+0x99/0x4e0 [ 32.088071] kunit_try_run_case+0x8f/0xd0 [ 32.088490] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.089093] kthread+0x17b/0x1b0 [ 32.089367] ret_from_fork+0x22/0x30 [ 32.089582] [ 32.089686] Freed by task 268: [ 32.089849] kasan_save_stack+0x41/0x70 [ 32.090068] kasan_set_track+0x25/0x40 [ 32.090590] kasan_save_free_info+0x2e/0x50 [ 32.091092] ____kasan_slab_free+0x175/0x1d0 [ 32.091501] __kasan_slab_free+0x12/0x20 [ 32.091866] __kmem_cache_free+0x188/0x2f0 [ 32.092119] kfree+0x78/0x120 [ 32.092497] kasan_strings+0xbd/0x4e0 [ 32.092915] kunit_try_run_case+0x8f/0xd0 [ 32.093331] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.093621] kthread+0x17b/0x1b0 [ 32.093804] ret_from_fork+0x22/0x30 [ 32.094000] [ 32.094107] The buggy address belongs to the object at ffff8881037341c0 [ 32.094107] which belongs to the cache kmalloc-32 of size 32 [ 32.095121] The buggy address is located 16 bytes inside of [ 32.095121] 32-byte region [ffff8881037341c0, ffff8881037341e0) [ 32.095951] [ 32.096067] The buggy address belongs to the physical page: [ 32.096455] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.096866] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.097184] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.097491] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.097921] page dumped because: kasan: bad access detected [ 32.098144] [ 32.098239] Memory state around the buggy address: [ 32.098509] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.099011] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.099338] >ffff888103734180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.099647] ^ [ 32.100153] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.100494] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.100842] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 32.051953] ================================================================== [ 32.052771] BUG: KASAN: slab-out-of-bounds in memcmp+0x39/0xb0 [ 32.053095] Read of size 1 at addr ffff888103734198 by task kunit_try_catch/267 [ 32.053606] [ 32.053956] CPU: 1 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.054480] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.054997] Call Trace: [ 32.055337] <TASK> [ 32.055593] dump_stack_lvl+0x49/0x62 [ 32.055947] print_report+0x189/0x492 [ 32.056339] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.056742] ? memcmp+0x39/0xb0 [ 32.057058] kasan_report+0x10c/0x190 [ 32.057424] ? memcmp+0x39/0xb0 [ 32.057662] __asan_load1+0x62/0x70 [ 32.057846] memcmp+0x39/0xb0 [ 32.058034] kasan_memcmp+0x127/0x260 [ 32.058565] ? kmalloc_oob_in_memset+0x1d0/0x1d0 [ 32.058933] ? preempt_count_sub+0x4c/0x70 [ 32.059346] kunit_try_run_case+0x8f/0xd0 [ 32.059690] ? kunit_catch_run_case+0x80/0x80 [ 32.060032] ? kunit_try_catch_throw+0x40/0x40 [ 32.060444] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.060852] kthread+0x17b/0x1b0 [ 32.061180] ? kthread_complete_and_exit+0x30/0x30 [ 32.061573] ret_from_fork+0x22/0x30 [ 32.061910] </TASK> [ 32.062215] [ 32.062335] Allocated by task 267: [ 32.062541] kasan_save_stack+0x41/0x70 [ 32.062906] kasan_set_track+0x25/0x40 [ 32.063234] kasan_save_alloc_info+0x1e/0x30 [ 32.063597] __kasan_kmalloc+0xb6/0xc0 [ 32.063840] kmalloc_trace+0x48/0xb0 [ 32.064033] kasan_memcmp+0xd8/0x260 [ 32.064479] kunit_try_run_case+0x8f/0xd0 [ 32.064717] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.065088] kthread+0x17b/0x1b0 [ 32.065406] ret_from_fork+0x22/0x30 [ 32.065731] [ 32.065934] The buggy address belongs to the object at ffff888103734180 [ 32.065934] which belongs to the cache kmalloc-32 of size 32 [ 32.066625] The buggy address is located 24 bytes inside of [ 32.066625] 32-byte region [ffff888103734180, ffff8881037341a0) [ 32.067077] [ 32.067206] The buggy address belongs to the physical page: [ 32.067507] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.068302] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.068609] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.068967] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.069504] page dumped because: kasan: bad access detected [ 32.069866] [ 32.069979] Memory state around the buggy address: [ 32.070433] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.070861] ffff888103734100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.071321] >ffff888103734180: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.071792] ^ [ 32.072095] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.072637] ffff888103734280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.073065] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memchr
[ 32.025608] ================================================================== [ 32.026182] BUG: KASAN: slab-out-of-bounds in memchr+0x23/0x50 [ 32.026907] Read of size 1 at addr ffff888103734158 by task kunit_try_catch/266 [ 32.027372] [ 32.027495] CPU: 1 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 32.028186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.028809] Call Trace: [ 32.029069] <TASK> [ 32.029223] dump_stack_lvl+0x49/0x62 [ 32.029638] print_report+0x189/0x492 [ 32.029996] ? kasan_complete_mode_report_info+0x3c/0x200 [ 32.030449] ? memchr+0x23/0x50 [ 32.030771] kasan_report+0x10c/0x190 [ 32.031107] ? memchr+0x23/0x50 [ 32.031470] __asan_load1+0x62/0x70 [ 32.031701] memchr+0x23/0x50 [ 32.031894] kasan_memchr+0xd9/0x1e0 [ 32.032107] ? kasan_memcmp+0x260/0x260 [ 32.032636] ? kasan_memcmp+0x260/0x260 [ 32.032946] ? kunit_try_run_case+0x84/0xd0 [ 32.033295] ? __kunit_add_resource+0xd1/0x100 [ 32.033649] kunit_try_run_case+0x8f/0xd0 [ 32.033965] ? kunit_catch_run_case+0x80/0x80 [ 32.034368] ? kunit_try_catch_throw+0x40/0x40 [ 32.034720] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.035018] kthread+0x17b/0x1b0 [ 32.035228] ? kthread_complete_and_exit+0x30/0x30 [ 32.035656] ret_from_fork+0x22/0x30 [ 32.035975] </TASK> [ 32.036199] [ 32.036368] Allocated by task 266: [ 32.036561] kasan_save_stack+0x41/0x70 [ 32.036924] kasan_set_track+0x25/0x40 [ 32.037239] kasan_save_alloc_info+0x1e/0x30 [ 32.037506] __kasan_kmalloc+0xb6/0xc0 [ 32.037739] kmalloc_trace+0x48/0xb0 [ 32.037939] kasan_memchr+0x9b/0x1e0 [ 32.038138] kunit_try_run_case+0x8f/0xd0 [ 32.038670] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 32.038943] kthread+0x17b/0x1b0 [ 32.039280] ret_from_fork+0x22/0x30 [ 32.039578] [ 32.039673] The buggy address belongs to the object at ffff888103734140 [ 32.039673] which belongs to the cache kmalloc-32 of size 32 [ 32.040461] The buggy address is located 24 bytes inside of [ 32.040461] 32-byte region [ffff888103734140, ffff888103734160) [ 32.041111] [ 32.041232] The buggy address belongs to the physical page: [ 32.041715] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103734 [ 32.042140] flags: 0x200000000000200(slab|node=0|zone=2) [ 32.042671] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041500 [ 32.043129] raw: 0000000000000000 0000000080400040 00000001ffffffff 0000000000000000 [ 32.043593] page dumped because: kasan: bad access detected [ 32.043958] [ 32.044170] Memory state around the buggy address: [ 32.044546] ffff888103734000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.044962] ffff888103734080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 32.045486] >ffff888103734100: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 32.045904] ^ [ 32.046332] ffff888103734180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.046663] ffff888103734200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 32.046983] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 31.953737] ================================================================== [ 31.954336] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0xe0/0x1f0 [ 31.954757] Free of addr ffff8881034a3001 by task kunit_try_catch/264 [ 31.955047] [ 31.955184] CPU: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.955573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.956328] Call Trace: [ 31.956478] <TASK> [ 31.956659] dump_stack_lvl+0x49/0x62 [ 31.956945] print_report+0x189/0x492 [ 31.957220] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.957739] ? kmem_cache_invalid_free+0xe0/0x1f0 [ 31.958275] kasan_report_invalid_free+0xd8/0x150 [ 31.958579] ? kmem_cache_invalid_free+0xe0/0x1f0 [ 31.959005] ? kmem_cache_invalid_free+0xe0/0x1f0 [ 31.959437] ____kasan_slab_free+0x1c3/0x1d0 [ 31.959797] ? kmem_cache_invalid_free+0xe0/0x1f0 [ 31.960088] __kasan_slab_free+0x12/0x20 [ 31.960521] kmem_cache_free+0x19c/0x4a0 [ 31.960878] kmem_cache_invalid_free+0xe0/0x1f0 [ 31.961295] ? kmem_cache_double_destroy+0x1b0/0x1b0 [ 31.961682] ? __kunit_add_resource+0xd1/0x100 [ 31.961974] kunit_try_run_case+0x8f/0xd0 [ 31.962422] ? kunit_catch_run_case+0x80/0x80 [ 31.962794] ? kunit_try_catch_throw+0x40/0x40 [ 31.963158] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.963618] kthread+0x17b/0x1b0 [ 31.964025] ? kthread_complete_and_exit+0x30/0x30 [ 31.964291] ret_from_fork+0x22/0x30 [ 31.964722] </TASK> [ 31.964984] [ 31.965158] Allocated by task 264: [ 31.965513] kasan_save_stack+0x41/0x70 [ 31.967250] kasan_set_track+0x25/0x40 [ 31.967649] kasan_save_alloc_info+0x1e/0x30 [ 31.967857] __kasan_slab_alloc+0x90/0xa0 [ 31.968041] kmem_cache_alloc+0x150/0x370 [ 31.968246] kmem_cache_invalid_free+0xb9/0x1f0 [ 31.968438] kunit_try_run_case+0x8f/0xd0 [ 31.968617] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.968841] kthread+0x17b/0x1b0 [ 31.969001] ret_from_fork+0x22/0x30 [ 31.970203] [ 31.970761] The buggy address belongs to the object at ffff8881034a3000 [ 31.970761] which belongs to the cache test_cache of size 200 [ 31.972532] The buggy address is located 1 bytes inside of [ 31.972532] 200-byte region [ffff8881034a3000, ffff8881034a30c8) [ 31.974532] [ 31.974659] The buggy address belongs to the physical page: [ 31.975032] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1034a3 [ 31.975676] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.976335] raw: 0200000000000200 0000000000000000 dead000000000122 ffff88810316c780 [ 31.976705] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 31.977234] page dumped because: kasan: bad access detected [ 31.977754] [ 31.977979] Memory state around the buggy address: [ 31.978375] ffff8881034a2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.978820] ffff8881034a2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.979282] >ffff8881034a3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.979725] ^ [ 31.979942] ffff8881034a3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.980371] ffff8881034a3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.980739] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 31.923531] ================================================================== [ 31.924263] BUG: KASAN: double-free in kmem_cache_double_free+0xe7/0x1e0 [ 31.924637] Free of addr ffff8881034a1000 by task kunit_try_catch/263 [ 31.924919] [ 31.925029] CPU: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.925852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.926322] Call Trace: [ 31.926653] <TASK> [ 31.926899] dump_stack_lvl+0x49/0x62 [ 31.927268] print_report+0x189/0x492 [ 31.927509] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.927970] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.928402] kasan_report_invalid_free+0xd8/0x150 [ 31.928683] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.928960] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.929227] ____kasan_slab_free+0x19f/0x1d0 [ 31.929517] ? kmem_cache_double_free+0xe7/0x1e0 [ 31.929792] __kasan_slab_free+0x12/0x20 [ 31.930015] kmem_cache_free+0x19c/0x4a0 [ 31.930317] kmem_cache_double_free+0xe7/0x1e0 [ 31.930594] ? kmem_cache_invalid_free+0x1f0/0x1f0 [ 31.930891] ? __kunit_add_resource+0xd1/0x100 [ 31.931201] kunit_try_run_case+0x8f/0xd0 [ 31.931506] ? kunit_catch_run_case+0x80/0x80 [ 31.931735] ? kunit_try_catch_throw+0x40/0x40 [ 31.932015] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.932323] kthread+0x17b/0x1b0 [ 31.932570] ? kthread_complete_and_exit+0x30/0x30 [ 31.932839] ret_from_fork+0x22/0x30 [ 31.933096] </TASK> [ 31.933261] [ 31.933354] Allocated by task 263: [ 31.933553] kasan_save_stack+0x41/0x70 [ 31.933803] kasan_set_track+0x25/0x40 [ 31.934048] kasan_save_alloc_info+0x1e/0x30 [ 31.934321] __kasan_slab_alloc+0x90/0xa0 [ 31.934607] kmem_cache_alloc+0x150/0x370 [ 31.934845] kmem_cache_double_free+0xb6/0x1e0 [ 31.935117] kunit_try_run_case+0x8f/0xd0 [ 31.935415] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.935705] kthread+0x17b/0x1b0 [ 31.935936] ret_from_fork+0x22/0x30 [ 31.936150] [ 31.936272] Freed by task 263: [ 31.936416] kasan_save_stack+0x41/0x70 [ 31.936666] kasan_set_track+0x25/0x40 [ 31.936895] kasan_save_free_info+0x2e/0x50 [ 31.937132] ____kasan_slab_free+0x175/0x1d0 [ 31.937426] __kasan_slab_free+0x12/0x20 [ 31.937698] kmem_cache_free+0x19c/0x4a0 [ 31.937964] kmem_cache_double_free+0xcd/0x1e0 [ 31.938237] kunit_try_run_case+0x8f/0xd0 [ 31.938539] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.938835] kthread+0x17b/0x1b0 [ 31.939044] ret_from_fork+0x22/0x30 [ 31.939237] [ 31.939346] The buggy address belongs to the object at ffff8881034a1000 [ 31.939346] which belongs to the cache test_cache of size 200 [ 31.939844] The buggy address is located 0 bytes inside of [ 31.939844] 200-byte region [ffff8881034a1000, ffff8881034a10c8) [ 31.940442] [ 31.940612] The buggy address belongs to the physical page: [ 31.940897] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1034a1 [ 31.941295] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.941624] raw: 0200000000000200 0000000000000000 dead000000000122 ffff88810316c640 [ 31.942000] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 31.942439] page dumped because: kasan: bad access detected [ 31.942736] [ 31.942818] Memory state around the buggy address: [ 31.943074] ffff8881034a0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.943687] ffff8881034a0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.944055] >ffff8881034a1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.944372] ^ [ 31.944566] ffff8881034a1080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 31.944874] ffff8881034a1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.945221] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-ksize_uaf
[ 31.840463] ================================================================== [ 31.840998] BUG: KASAN: use-after-free in ksize_uaf+0xd0/0x2f0 [ 31.841423] Read of size 1 at addr ffff88810349f100 by task kunit_try_catch/262 [ 31.841760] [ 31.841899] CPU: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.842329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.842764] Call Trace: [ 31.842951] <TASK> [ 31.843118] dump_stack_lvl+0x49/0x62 [ 31.843518] print_report+0x189/0x492 [ 31.843807] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.844086] ? ksize_uaf+0xd0/0x2f0 [ 31.844292] kasan_report+0x10c/0x190 [ 31.844845] ? ksize_uaf+0xd0/0x2f0 [ 31.845109] ? ksize_uaf+0xd0/0x2f0 [ 31.845515] __kasan_check_byte+0x39/0x50 [ 31.845780] ksize+0x1e/0x70 [ 31.846010] ksize_uaf+0xd0/0x2f0 [ 31.846243] ? kmem_cache_oob+0x210/0x210 [ 31.846615] ? __kunit_add_resource+0xd1/0x100 [ 31.846912] ? kasan_test_init+0x13e/0x1b0 [ 31.847158] kunit_try_run_case+0x8f/0xd0 [ 31.847560] ? kunit_catch_run_case+0x80/0x80 [ 31.847830] ? kunit_try_catch_throw+0x40/0x40 [ 31.848116] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.848734] kthread+0x17b/0x1b0 [ 31.848948] ? kthread_complete_and_exit+0x30/0x30 [ 31.849251] ret_from_fork+0x22/0x30 [ 31.849615] </TASK> [ 31.849774] [ 31.849909] Allocated by task 262: [ 31.850107] kasan_save_stack+0x41/0x70 [ 31.850528] kasan_set_track+0x25/0x40 [ 31.850745] kasan_save_alloc_info+0x1e/0x30 [ 31.851025] __kasan_kmalloc+0xb6/0xc0 [ 31.851254] kmalloc_trace+0x48/0xb0 [ 31.851617] ksize_uaf+0x99/0x2f0 [ 31.851834] kunit_try_run_case+0x8f/0xd0 [ 31.852090] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.852659] kthread+0x17b/0x1b0 [ 31.852832] ret_from_fork+0x22/0x30 [ 31.853094] [ 31.853251] Freed by task 262: [ 31.853528] kasan_save_stack+0x41/0x70 [ 31.853777] kasan_set_track+0x25/0x40 [ 31.854045] kasan_save_free_info+0x2e/0x50 [ 31.854325] ____kasan_slab_free+0x175/0x1d0 [ 31.854707] __kasan_slab_free+0x12/0x20 [ 31.854974] __kmem_cache_free+0x188/0x2f0 [ 31.855250] kfree+0x78/0x120 [ 31.855553] ksize_uaf+0xb9/0x2f0 [ 31.855786] kunit_try_run_case+0x8f/0xd0 [ 31.856041] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.856465] kthread+0x17b/0x1b0 [ 31.856892] ret_from_fork+0x22/0x30 [ 31.857239] [ 31.857375] The buggy address belongs to the object at ffff88810349f100 [ 31.857375] which belongs to the cache kmalloc-128 of size 128 [ 31.858139] The buggy address is located 0 bytes inside of [ 31.858139] 128-byte region [ffff88810349f100, ffff88810349f180) [ 31.858684] [ 31.858799] The buggy address belongs to the physical page: [ 31.859077] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10349f [ 31.859764] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.860104] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.860806] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.861198] page dumped because: kasan: bad access detected [ 31.861584] [ 31.861711] Memory state around the buggy address: [ 31.861956] ffff88810349f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 31.862459] ffff88810349f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.862821] >ffff88810349f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.863150] ^ [ 31.863422] ffff88810349f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.863796] ffff88810349f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.864148] ================================================================== [ 31.896286] ================================================================== [ 31.897020] BUG: KASAN: use-after-free in ksize_uaf+0x12e/0x2f0 [ 31.897401] Read of size 1 at addr ffff88810349f178 by task kunit_try_catch/262 [ 31.897774] [ 31.897895] CPU: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.898288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.898723] Call Trace: [ 31.898892] <TASK> [ 31.899047] dump_stack_lvl+0x49/0x62 [ 31.899370] print_report+0x189/0x492 [ 31.899579] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.899881] ? ksize_uaf+0x12e/0x2f0 [ 31.900055] kasan_report+0x10c/0x190 [ 31.900311] ? ksize_uaf+0x12e/0x2f0 [ 31.900531] __asan_load1+0x62/0x70 [ 31.900693] ksize_uaf+0x12e/0x2f0 [ 31.900997] ? kmem_cache_oob+0x210/0x210 [ 31.901570] ? __kunit_add_resource+0xd1/0x100 [ 31.901986] ? kasan_test_init+0x13e/0x1b0 [ 31.902201] kunit_try_run_case+0x8f/0xd0 [ 31.902475] ? kunit_catch_run_case+0x80/0x80 [ 31.902740] ? kunit_try_catch_throw+0x40/0x40 [ 31.903008] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.903356] kthread+0x17b/0x1b0 [ 31.903571] ? kthread_complete_and_exit+0x30/0x30 [ 31.903861] ret_from_fork+0x22/0x30 [ 31.904123] </TASK> [ 31.904318] [ 31.904428] Allocated by task 262: [ 31.904643] kasan_save_stack+0x41/0x70 [ 31.904908] kasan_set_track+0x25/0x40 [ 31.905184] kasan_save_alloc_info+0x1e/0x30 [ 31.905392] __kasan_kmalloc+0xb6/0xc0 [ 31.905815] kmalloc_trace+0x48/0xb0 [ 31.906067] ksize_uaf+0x99/0x2f0 [ 31.906589] kunit_try_run_case+0x8f/0xd0 [ 31.906982] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.907331] kthread+0x17b/0x1b0 [ 31.907567] ret_from_fork+0x22/0x30 [ 31.907778] [ 31.907897] Freed by task 262: [ 31.908063] kasan_save_stack+0x41/0x70 [ 31.908328] kasan_set_track+0x25/0x40 [ 31.908657] kasan_save_free_info+0x2e/0x50 [ 31.908913] ____kasan_slab_free+0x175/0x1d0 [ 31.909169] __kasan_slab_free+0x12/0x20 [ 31.909530] __kmem_cache_free+0x188/0x2f0 [ 31.910051] kfree+0x78/0x120 [ 31.910215] ksize_uaf+0xb9/0x2f0 [ 31.910458] kunit_try_run_case+0x8f/0xd0 [ 31.910702] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.910978] kthread+0x17b/0x1b0 [ 31.911213] ret_from_fork+0x22/0x30 [ 31.911429] [ 31.911544] The buggy address belongs to the object at ffff88810349f100 [ 31.911544] which belongs to the cache kmalloc-128 of size 128 [ 31.912109] The buggy address is located 120 bytes inside of [ 31.912109] 128-byte region [ffff88810349f100, ffff88810349f180) [ 31.912748] [ 31.912864] The buggy address belongs to the physical page: [ 31.913173] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10349f [ 31.913631] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.914039] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.914824] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.915157] page dumped because: kasan: bad access detected [ 31.915547] [ 31.915642] Memory state around the buggy address: [ 31.915912] ffff88810349f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 31.916309] ffff88810349f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.916631] >ffff88810349f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.916987] ^ [ 31.917338] ffff88810349f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.917929] ffff88810349f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.918405] ================================================================== [ 31.867226] ================================================================== [ 31.867613] BUG: KASAN: use-after-free in ksize_uaf+0xfd/0x2f0 [ 31.868274] Read of size 1 at addr ffff88810349f100 by task kunit_try_catch/262 [ 31.868684] [ 31.868791] CPU: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.869233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.869641] Call Trace: [ 31.869868] <TASK> [ 31.870062] dump_stack_lvl+0x49/0x62 [ 31.870373] print_report+0x189/0x492 [ 31.870713] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.871089] ? ksize_uaf+0xfd/0x2f0 [ 31.871327] kasan_report+0x10c/0x190 [ 31.871614] ? ksize_uaf+0xfd/0x2f0 [ 31.872206] __asan_load1+0x62/0x70 [ 31.872471] ksize_uaf+0xfd/0x2f0 [ 31.872742] ? kmem_cache_oob+0x210/0x210 [ 31.873026] ? __kunit_add_resource+0xd1/0x100 [ 31.873364] ? kasan_test_init+0x13e/0x1b0 [ 31.873639] kunit_try_run_case+0x8f/0xd0 [ 31.873904] ? kunit_catch_run_case+0x80/0x80 [ 31.874178] ? kunit_try_catch_throw+0x40/0x40 [ 31.874496] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.874844] kthread+0x17b/0x1b0 [ 31.875096] ? kthread_complete_and_exit+0x30/0x30 [ 31.875800] ret_from_fork+0x22/0x30 [ 31.876080] </TASK> [ 31.876234] [ 31.876321] Allocated by task 262: [ 31.876584] kasan_save_stack+0x41/0x70 [ 31.876784] kasan_set_track+0x25/0x40 [ 31.877009] kasan_save_alloc_info+0x1e/0x30 [ 31.877629] __kasan_kmalloc+0xb6/0xc0 [ 31.877895] kmalloc_trace+0x48/0xb0 [ 31.878069] ksize_uaf+0x99/0x2f0 [ 31.878247] kunit_try_run_case+0x8f/0xd0 [ 31.878443] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.878674] kthread+0x17b/0x1b0 [ 31.878834] ret_from_fork+0x22/0x30 [ 31.879002] [ 31.879088] Freed by task 262: [ 31.879246] kasan_save_stack+0x41/0x70 [ 31.879774] kasan_set_track+0x25/0x40 [ 31.880232] kasan_save_free_info+0x2e/0x50 [ 31.881184] ____kasan_slab_free+0x175/0x1d0 [ 31.881684] __kasan_slab_free+0x12/0x20 [ 31.882120] __kmem_cache_free+0x188/0x2f0 [ 31.882658] kfree+0x78/0x120 [ 31.883026] ksize_uaf+0xb9/0x2f0 [ 31.883454] kunit_try_run_case+0x8f/0xd0 [ 31.883898] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.884504] kthread+0x17b/0x1b0 [ 31.885192] ret_from_fork+0x22/0x30 [ 31.885622] [ 31.885817] The buggy address belongs to the object at ffff88810349f100 [ 31.885817] which belongs to the cache kmalloc-128 of size 128 [ 31.887099] The buggy address is located 0 bytes inside of [ 31.887099] 128-byte region [ffff88810349f100, ffff88810349f180) [ 31.888251] [ 31.888549] The buggy address belongs to the physical page: [ 31.888893] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10349f [ 31.889264] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.889902] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.890692] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.891506] page dumped because: kasan: bad access detected [ 31.891911] [ 31.892002] Memory state around the buggy address: [ 31.892200] ffff88810349f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 31.892892] ffff88810349f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.893741] >ffff88810349f100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.894484] ^ [ 31.894842] ffff88810349f180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.895564] ffff88810349f200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.895814] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 31.812133] ================================================================== [ 31.813371] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0xe5/0x1f0 [ 31.814423] Read of size 1 at addr ffff888103497f80 by task kunit_try_catch/261 [ 31.815504] [ 31.815621] CPU: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.815934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.816290] Call Trace: [ 31.816455] <TASK> [ 31.816605] dump_stack_lvl+0x49/0x62 [ 31.816856] print_report+0x189/0x492 [ 31.817099] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.817573] ? ksize_unpoisons_memory+0xe5/0x1f0 [ 31.817904] kasan_report+0x10c/0x190 [ 31.818179] ? ksize_unpoisons_memory+0xe5/0x1f0 [ 31.819052] __asan_load1+0x62/0x70 [ 31.819324] ksize_unpoisons_memory+0xe5/0x1f0 [ 31.819743] ? ksize_uaf+0x2f0/0x2f0 [ 31.820003] ? __kunit_add_resource+0xd1/0x100 [ 31.820416] kunit_try_run_case+0x8f/0xd0 [ 31.820690] ? kunit_catch_run_case+0x80/0x80 [ 31.820978] ? kunit_try_catch_throw+0x40/0x40 [ 31.821257] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.821647] kthread+0x17b/0x1b0 [ 31.821860] ? kthread_complete_and_exit+0x30/0x30 [ 31.822150] ret_from_fork+0x22/0x30 [ 31.822653] </TASK> [ 31.822837] [ 31.822950] Allocated by task 261: [ 31.823149] kasan_save_stack+0x41/0x70 [ 31.823567] kasan_set_track+0x25/0x40 [ 31.823826] kasan_save_alloc_info+0x1e/0x30 [ 31.824040] __kasan_kmalloc+0xb6/0xc0 [ 31.824292] kmalloc_trace+0x48/0xb0 [ 31.824619] ksize_unpoisons_memory+0x9b/0x1f0 [ 31.824893] kunit_try_run_case+0x8f/0xd0 [ 31.825149] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.825626] kthread+0x17b/0x1b0 [ 31.825809] ret_from_fork+0x22/0x30 [ 31.826039] [ 31.826183] The buggy address belongs to the object at ffff888103497f00 [ 31.826183] which belongs to the cache kmalloc-128 of size 128 [ 31.826762] The buggy address is located 0 bytes to the right of [ 31.826762] 128-byte region [ffff888103497f00, ffff888103497f80) [ 31.827688] [ 31.827848] The buggy address belongs to the physical page: [ 31.828122] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103497 [ 31.828743] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.829064] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.829555] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.829894] page dumped because: kasan: bad access detected [ 31.830195] [ 31.830512] Memory state around the buggy address: [ 31.830823] ffff888103497e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.831195] ffff888103497f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.831680] >ffff888103497f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.832089] ^ [ 31.832408] ffff888103498000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.832787] ffff888103498080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 31.833132] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 31.790308] ================================================================== [ 31.790873] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x106/0x1f0 [ 31.791302] Read of size 1 at addr ffff8881035dfdaa by task kunit_try_catch/260 [ 31.791689] [ 31.791797] CPU: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.792155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.792892] Call Trace: [ 31.793122] <TASK> [ 31.793826] dump_stack_lvl+0x49/0x62 [ 31.794082] print_report+0x189/0x492 [ 31.794358] ? kasan_addr_to_slab+0xd/0xb0 [ 31.794746] ? kasan_alloca_oob_right+0x106/0x1f0 [ 31.795022] kasan_report+0x10c/0x190 [ 31.795257] ? kasan_alloca_oob_right+0x106/0x1f0 [ 31.795825] __asan_load1+0x62/0x70 [ 31.796134] kasan_alloca_oob_right+0x106/0x1f0 [ 31.796607] ? __kunit_add_resource+0x7c/0x100 [ 31.796988] ? _raw_spin_lock_irqsave+0x9e/0x100 [ 31.797373] ? _raw_spin_unlock_irqrestore+0x46/0x60 [ 31.797607] ? trace_preempt_on+0x2a/0xf0 [ 31.797839] ? __kunit_add_resource+0xd1/0x100 [ 31.798089] ? ksize_unpoisons_memory+0x1f0/0x1f0 [ 31.798604] ? __kunit_add_resource+0xd1/0x100 [ 31.798984] kunit_try_run_case+0x8f/0xd0 [ 31.799341] ? kunit_catch_run_case+0x80/0x80 [ 31.799711] ? kunit_try_catch_throw+0x40/0x40 [ 31.799964] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.800257] kthread+0x17b/0x1b0 [ 31.800742] ? kthread_complete_and_exit+0x30/0x30 [ 31.801024] ret_from_fork+0x22/0x30 [ 31.801740] </TASK> [ 31.801898] [ 31.802005] The buggy address belongs to stack of task kunit_try_catch/260 [ 31.802665] [ 31.802786] The buggy address belongs to the physical page: [ 31.803150] page:(____ptrval____) refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1035df [ 31.803716] flags: 0x200000000000000(node=0|zone=2) [ 31.804000] raw: 0200000000000000 ffffea00040d77c8 ffffea00040d77c8 0000000000000000 [ 31.804735] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.805073] page dumped because: kasan: bad access detected [ 31.805816] [ 31.805929] Memory state around the buggy address: [ 31.806288] ffff8881035dfc80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.806782] ffff8881035dfd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.807142] >ffff8881035dfd80: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 f1 f1 [ 31.807718] ^ [ 31.808038] ffff8881035dfe00: f1 f1 01 f2 04 f2 00 f2 f2 f2 00 00 f3 f3 00 00 [ 31.808623] ffff8881035dfe80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.808967] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 31.766805] ================================================================== [ 31.767532] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0xfd/0x1e0 [ 31.767956] Read of size 1 at addr ffff888103597d9f by task kunit_try_catch/259 [ 31.768635] [ 31.768870] CPU: 1 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.769413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.769937] Call Trace: [ 31.770206] <TASK> [ 31.770480] dump_stack_lvl+0x49/0x62 [ 31.770748] print_report+0x189/0x492 [ 31.771176] ? kasan_addr_to_slab+0xd/0xb0 [ 31.771546] ? kasan_alloca_oob_left+0xfd/0x1e0 [ 31.771989] kasan_report+0x10c/0x190 [ 31.772533] ? kasan_alloca_oob_left+0xfd/0x1e0 [ 31.773045] __asan_load1+0x62/0x70 [ 31.773470] kasan_alloca_oob_left+0xfd/0x1e0 [ 31.773927] ? __kunit_add_resource+0x7c/0x100 [ 31.774423] ? irqentry_exit+0x25/0x60 [ 31.774835] ? sysvec_apic_timer_interrupt+0x90/0xa0 [ 31.775360] ? trace_hardirqs_on+0x38/0x110 [ 31.775814] ? irqentry_exit+0x25/0x60 [ 31.776237] ? kasan_alloca_oob_right+0x1f0/0x1f0 [ 31.776714] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 31.777072] ? kasan_alloca_oob_right+0x1f0/0x1f0 [ 31.777433] ? kunit_try_run_case+0x84/0xd0 [ 31.777864] ? __kunit_add_resource+0xd1/0x100 [ 31.778363] kunit_try_run_case+0x8f/0xd0 [ 31.778788] ? kunit_catch_run_case+0x80/0x80 [ 31.779091] ? kunit_try_catch_throw+0x40/0x40 [ 31.779474] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.780008] kthread+0x17b/0x1b0 [ 31.780398] ? kthread_complete_and_exit+0x30/0x30 [ 31.780738] ret_from_fork+0x22/0x30 [ 31.780930] </TASK> [ 31.781049] [ 31.781138] The buggy address belongs to stack of task kunit_try_catch/259 [ 31.781451] [ 31.781568] The buggy address belongs to the physical page: [ 31.781830] page:(____ptrval____) refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103597 [ 31.782286] flags: 0x200000000000000(node=0|zone=2) [ 31.782563] raw: 0200000000000000 ffffea00040d65c8 ffffea00040d65c8 0000000000000000 [ 31.782875] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.783289] page dumped because: kasan: bad access detected [ 31.783542] [ 31.783655] Memory state around the buggy address: [ 31.783856] ffff888103597c80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.784236] ffff888103597d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.784553] >ffff888103597d80: ca ca ca ca 00 02 cb cb cb cb cb cb 00 00 f1 f1 [ 31.784869] ^ [ 31.785095] ffff888103597e00: f1 f1 01 f2 04 f2 00 f2 f2 f2 00 00 f3 f3 00 00 [ 31.785457] ffff888103597e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.785755] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 31.744704] ================================================================== [ 31.745698] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0xc6/0x190 [ 31.746056] Read of size 1 at addr ffff888103587e6a by task kunit_try_catch/258 [ 31.746363] [ 31.746839] CPU: 1 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.747311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.747795] Call Trace: [ 31.748138] <TASK> [ 31.748428] dump_stack_lvl+0x49/0x62 [ 31.748688] print_report+0x189/0x492 [ 31.748956] ? kasan_addr_to_slab+0xd/0xb0 [ 31.749222] ? kasan_stack_oob+0xc6/0x190 [ 31.749513] kasan_report+0x10c/0x190 [ 31.749767] ? kasan_stack_oob+0xc6/0x190 [ 31.750175] __asan_load1+0x62/0x70 [ 31.750478] kasan_stack_oob+0xc6/0x190 [ 31.750813] ? match_all_mem_tag+0x20/0x20 [ 31.751059] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 31.751636] ? kmalloc_oob_16+0x23e/0x250 [ 31.752145] ? kunit_try_run_case+0x84/0xd0 [ 31.752481] ? __kunit_add_resource+0xd1/0x100 [ 31.752743] kunit_try_run_case+0x8f/0xd0 [ 31.752982] ? kunit_catch_run_case+0x80/0x80 [ 31.753231] ? kunit_try_catch_throw+0x40/0x40 [ 31.753641] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.753966] kthread+0x17b/0x1b0 [ 31.754225] ? kthread_complete_and_exit+0x30/0x30 [ 31.754489] ret_from_fork+0x22/0x30 [ 31.754894] </TASK> [ 31.755045] [ 31.755234] The buggy address belongs to stack of task kunit_try_catch/258 [ 31.755886] and is located at offset 138 in frame: [ 31.756173] kasan_stack_oob+0x0/0x190 [ 31.756596] [ 31.756866] This frame has 4 objects: [ 31.757192] [48, 49) '__assertion' [ 31.757234] [64, 72) 'array' [ 31.757571] [96, 112) '__assertion' [ 31.757775] [128, 138) 'stack_array' [ 31.758020] [ 31.758308] The buggy address belongs to the physical page: [ 31.758666] page:(____ptrval____) refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103587 [ 31.759108] flags: 0x200000000000000(node=0|zone=2) [ 31.759412] raw: 0200000000000000 ffffea00040d61c8 ffffea00040d61c8 0000000000000000 [ 31.759979] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 31.760338] page dumped because: kasan: bad access detected [ 31.760834] [ 31.760942] Memory state around the buggy address: [ 31.761210] ffff888103587d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.761615] ffff888103587d80: 00 00 00 00 00 00 00 00 00 00 00 00 f1 f1 f1 f1 [ 31.761923] >ffff888103587e00: f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 02 f3 f3 [ 31.762238] ^ [ 31.762739] ffff888103587e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.763112] ffff888103587f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.763744] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 31.722885] ================================================================== [ 31.723471] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x9f/0x160 [ 31.724145] Read of size 1 at addr ffffffffb2dc372d by task kunit_try_catch/256 [ 31.724625] [ 31.724787] CPU: 1 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.725611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.726193] Call Trace: [ 31.726379] <TASK> [ 31.726751] dump_stack_lvl+0x49/0x62 [ 31.727100] print_report+0x189/0x492 [ 31.727554] ? kasan_addr_to_slab+0xd/0xb0 [ 31.727916] ? kasan_global_oob_right+0x9f/0x160 [ 31.728303] kasan_report+0x10c/0x190 [ 31.728753] ? kasan_global_oob_right+0x9f/0x160 [ 31.729189] __asan_load1+0x62/0x70 [ 31.729716] kasan_global_oob_right+0x9f/0x160 [ 31.729981] ? kasan_stack_oob+0x190/0x190 [ 31.730231] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 31.730845] ? kasan_test_init+0x13e/0x1b0 [ 31.731101] kunit_try_run_case+0x8f/0xd0 [ 31.731369] ? kunit_catch_run_case+0x80/0x80 [ 31.731760] ? kunit_try_catch_throw+0x40/0x40 [ 31.731997] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.732318] kthread+0x17b/0x1b0 [ 31.732544] ? kthread_complete_and_exit+0x30/0x30 [ 31.732894] ret_from_fork+0x22/0x30 [ 31.733100] </TASK> [ 31.733266] [ 31.733413] The buggy address belongs to the variable: [ 31.733966] global_array+0xd/0x40 [ 31.734210] [ 31.734341] The buggy address belongs to the physical page: [ 31.734771] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10dc3 [ 31.735237] flags: 0x100000000001000(reserved|node=0|zone=1) [ 31.735741] raw: 0100000000001000 ffffea00004370c8 ffffea00004370c8 0000000000000000 [ 31.736180] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 31.736748] page dumped because: kasan: bad access detected [ 31.737056] [ 31.737171] Memory state around the buggy address: [ 31.737568] ffffffffb2dc3600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.737890] ffffffffb2dc3680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.738245] >ffffffffb2dc3700: 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 [ 31.738563] ^ [ 31.739019] ffffffffb2dc3780: f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 [ 31.739422] ffffffffb2dc3800: 00 00 00 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 31.739868] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 31.157489] ================================================================== [ 31.157982] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0xe4/0x210 [ 31.158453] Read of size 1 at addr ffff88810349b0c8 by task kunit_try_catch/253 [ 31.158782] [ 31.158918] CPU: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.159431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.159892] Call Trace: [ 31.160140] <TASK> [ 31.160396] dump_stack_lvl+0x49/0x62 [ 31.160640] print_report+0x189/0x492 [ 31.160878] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.161259] ? kmem_cache_oob+0xe4/0x210 [ 31.161526] kasan_report+0x10c/0x190 [ 31.161811] ? kasan_set_track+0x25/0x40 [ 31.162193] ? kmem_cache_oob+0xe4/0x210 [ 31.162484] __asan_load1+0x62/0x70 [ 31.162814] kmem_cache_oob+0xe4/0x210 [ 31.163184] ? kmem_cache_double_free+0x1e0/0x1e0 [ 31.163430] ? __kunit_add_resource+0xd1/0x100 [ 31.163845] kunit_try_run_case+0x8f/0xd0 [ 31.164051] ? kunit_catch_run_case+0x80/0x80 [ 31.164313] ? kunit_try_catch_throw+0x40/0x40 [ 31.164654] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.165134] kthread+0x17b/0x1b0 [ 31.165444] ? kthread_complete_and_exit+0x30/0x30 [ 31.165820] ret_from_fork+0x22/0x30 [ 31.166121] </TASK> [ 31.166326] [ 31.166437] Allocated by task 253: [ 31.166692] kasan_save_stack+0x41/0x70 [ 31.166985] kasan_set_track+0x25/0x40 [ 31.167261] kasan_save_alloc_info+0x1e/0x30 [ 31.167447] __kasan_slab_alloc+0x90/0xa0 [ 31.167744] kmem_cache_alloc+0x150/0x370 [ 31.168137] kmem_cache_oob+0xbd/0x210 [ 31.168512] kunit_try_run_case+0x8f/0xd0 [ 31.168708] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.169013] kthread+0x17b/0x1b0 [ 31.169277] ret_from_fork+0x22/0x30 [ 31.169589] [ 31.169703] The buggy address belongs to the object at ffff88810349b000 [ 31.169703] which belongs to the cache test_cache of size 200 [ 31.170231] The buggy address is located 0 bytes to the right of [ 31.170231] 200-byte region [ffff88810349b000, ffff88810349b0c8) [ 31.170895] [ 31.171009] The buggy address belongs to the physical page: [ 31.171460] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10349b [ 31.171865] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.172186] raw: 0200000000000200 0000000000000000 dead000000000122 ffff88810316c3c0 [ 31.172586] raw: 0000000000000000 00000000800f000f 00000001ffffffff 0000000000000000 [ 31.172916] page dumped because: kasan: bad access detected [ 31.173271] [ 31.173472] Memory state around the buggy address: [ 31.173757] ffff88810349af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.174075] ffff88810349b000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 31.174534] >ffff88810349b080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 31.175072] ^ [ 31.175413] ffff88810349b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.175869] ffff88810349b180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.176314] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_uaf2
[ 31.113581] ================================================================== [ 31.114864] BUG: KASAN: use-after-free in kmalloc_uaf2+0x11e/0x2b0 [ 31.115149] Read of size 1 at addr ffff888103492da8 by task kunit_try_catch/249 [ 31.116712] [ 31.117090] CPU: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.118203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.119112] Call Trace: [ 31.119536] <TASK> [ 31.119931] dump_stack_lvl+0x49/0x62 [ 31.120734] print_report+0x189/0x492 [ 31.121117] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.121891] ? kmalloc_uaf2+0x11e/0x2b0 [ 31.122103] kasan_report+0x10c/0x190 [ 31.122692] ? kmalloc_uaf2+0x11e/0x2b0 [ 31.123311] __asan_load1+0x62/0x70 [ 31.123861] kmalloc_uaf2+0x11e/0x2b0 [ 31.124443] ? kfree_via_page+0x190/0x190 [ 31.125006] ? preempt_count_sub+0x4c/0x70 [ 31.125704] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 31.126076] ? __kunit_add_resource+0xd1/0x100 [ 31.126325] kunit_try_run_case+0x8f/0xd0 [ 31.126519] ? kunit_catch_run_case+0x80/0x80 [ 31.126719] ? kunit_try_catch_throw+0x40/0x40 [ 31.126924] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.127158] kthread+0x17b/0x1b0 [ 31.127579] ? kthread_complete_and_exit+0x30/0x30 [ 31.128036] ret_from_fork+0x22/0x30 [ 31.128366] </TASK> [ 31.128600] [ 31.128788] Allocated by task 249: [ 31.129046] kasan_save_stack+0x41/0x70 [ 31.129302] kasan_set_track+0x25/0x40 [ 31.129746] kasan_save_alloc_info+0x1e/0x30 [ 31.130203] __kasan_kmalloc+0xb6/0xc0 [ 31.130724] kmalloc_trace+0x48/0xb0 [ 31.131096] kmalloc_uaf2+0xac/0x2b0 [ 31.131562] kunit_try_run_case+0x8f/0xd0 [ 31.131748] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.131970] kthread+0x17b/0x1b0 [ 31.132125] ret_from_fork+0x22/0x30 [ 31.132365] [ 31.132470] Freed by task 249: [ 31.132677] kasan_save_stack+0x41/0x70 [ 31.132881] kasan_set_track+0x25/0x40 [ 31.133239] kasan_save_free_info+0x2e/0x50 [ 31.133577] ____kasan_slab_free+0x175/0x1d0 [ 31.133804] __kasan_slab_free+0x12/0x20 [ 31.134030] __kmem_cache_free+0x188/0x2f0 [ 31.134259] kfree+0x78/0x120 [ 31.134521] kmalloc_uaf2+0xcc/0x2b0 [ 31.135025] kunit_try_run_case+0x8f/0xd0 [ 31.135318] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.135849] kthread+0x17b/0x1b0 [ 31.136040] ret_from_fork+0x22/0x30 [ 31.136274] [ 31.136413] The buggy address belongs to the object at ffff888103492d80 [ 31.136413] which belongs to the cache kmalloc-64 of size 64 [ 31.136994] The buggy address is located 40 bytes inside of [ 31.136994] 64-byte region [ffff888103492d80, ffff888103492dc0) [ 31.137498] [ 31.137614] The buggy address belongs to the physical page: [ 31.137868] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103492 [ 31.138843] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.139182] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.139947] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.140406] page dumped because: kasan: bad access detected [ 31.140897] [ 31.141152] Memory state around the buggy address: [ 31.141622] ffff888103492c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.142081] ffff888103492d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.142535] >ffff888103492d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.143310] ^ [ 31.143796] ffff888103492e00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 31.144526] ffff888103492e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.145172] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_uaf_memset
[ 31.087118] ================================================================== [ 31.087792] BUG: KASAN: use-after-free in kmalloc_uaf_memset+0xcf/0x1c0 [ 31.088123] Write of size 33 at addr ffff8881030dcd80 by task kunit_try_catch/248 [ 31.088606] [ 31.088763] CPU: 1 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.089193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.089572] Call Trace: [ 31.090098] <TASK> [ 31.090244] dump_stack_lvl+0x49/0x62 [ 31.090491] print_report+0x189/0x492 [ 31.090738] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.090985] ? kmalloc_uaf_memset+0xcf/0x1c0 [ 31.091266] kasan_report+0x10c/0x190 [ 31.091501] ? kmalloc_uaf_memset+0xcf/0x1c0 [ 31.091774] kasan_check_range+0x10b/0x1c0 [ 31.091989] memset+0x23/0x50 [ 31.092199] kmalloc_uaf_memset+0xcf/0x1c0 [ 31.092479] ? kasan_strings+0x4e0/0x4e0 [ 31.092719] ? __kunit_add_resource+0xd1/0x100 [ 31.092966] ? kasan_test_init+0x13e/0x1b0 [ 31.093223] kunit_try_run_case+0x8f/0xd0 [ 31.093458] ? kunit_catch_run_case+0x80/0x80 [ 31.093744] ? kunit_try_catch_throw+0x40/0x40 [ 31.093951] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.094292] kthread+0x17b/0x1b0 [ 31.094510] ? kthread_complete_and_exit+0x30/0x30 [ 31.094736] ret_from_fork+0x22/0x30 [ 31.094976] </TASK> [ 31.095121] [ 31.095256] Allocated by task 248: [ 31.095414] kasan_save_stack+0x41/0x70 [ 31.095653] kasan_set_track+0x25/0x40 [ 31.095891] kasan_save_alloc_info+0x1e/0x30 [ 31.096083] __kasan_kmalloc+0xb6/0xc0 [ 31.096429] kmalloc_trace+0x48/0xb0 [ 31.096651] kmalloc_uaf_memset+0x99/0x1c0 [ 31.096854] kunit_try_run_case+0x8f/0xd0 [ 31.097091] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.097344] kthread+0x17b/0x1b0 [ 31.097604] ret_from_fork+0x22/0x30 [ 31.097823] [ 31.097927] Freed by task 248: [ 31.098076] kasan_save_stack+0x41/0x70 [ 31.098369] kasan_set_track+0x25/0x40 [ 31.098569] kasan_save_free_info+0x2e/0x50 [ 31.098812] ____kasan_slab_free+0x175/0x1d0 [ 31.099032] __kasan_slab_free+0x12/0x20 [ 31.099302] __kmem_cache_free+0x188/0x2f0 [ 31.099519] kfree+0x78/0x120 [ 31.099672] kmalloc_uaf_memset+0xb1/0x1c0 [ 31.099883] kunit_try_run_case+0x8f/0xd0 [ 31.100131] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.100431] kthread+0x17b/0x1b0 [ 31.100585] ret_from_fork+0x22/0x30 [ 31.101013] [ 31.101154] The buggy address belongs to the object at ffff8881030dcd80 [ 31.101154] which belongs to the cache kmalloc-64 of size 64 [ 31.102578] The buggy address is located 0 bytes inside of [ 31.102578] 64-byte region [ffff8881030dcd80, ffff8881030dcdc0) [ 31.103477] [ 31.103598] The buggy address belongs to the physical page: [ 31.103854] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030dc [ 31.104487] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.104990] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.105633] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.106110] page dumped because: kasan: bad access detected [ 31.106606] [ 31.106739] Memory state around the buggy address: [ 31.107139] ffff8881030dcc80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.107925] ffff8881030dcd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.108396] >ffff8881030dcd80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.108900] ^ [ 31.109301] ffff8881030dce00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.109766] ffff8881030dce80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.110083] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_uaf
[ 31.062331] ================================================================== [ 31.063003] BUG: KASAN: use-after-free in kmalloc_uaf+0xcd/0x1c0 [ 31.063394] Read of size 1 at addr ffff888101a015a8 by task kunit_try_catch/247 [ 31.063863] [ 31.063992] CPU: 1 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.064451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.064922] Call Trace: [ 31.065140] <TASK> [ 31.065315] dump_stack_lvl+0x49/0x62 [ 31.065605] print_report+0x189/0x492 [ 31.065792] ? kasan_complete_mode_report_info+0x7c/0x200 [ 31.066301] ? kmalloc_uaf+0xcd/0x1c0 [ 31.066619] kasan_report+0x10c/0x190 [ 31.066890] ? kmalloc_uaf+0xcd/0x1c0 [ 31.067535] __asan_load1+0x62/0x70 [ 31.067782] kmalloc_uaf+0xcd/0x1c0 [ 31.067996] ? kmalloc_uaf2+0x2b0/0x2b0 [ 31.068201] ? __kunit_add_resource+0xd1/0x100 [ 31.068517] ? kasan_test_init+0x13e/0x1b0 [ 31.068782] kunit_try_run_case+0x8f/0xd0 [ 31.069000] ? kunit_catch_run_case+0x80/0x80 [ 31.069328] ? kunit_try_catch_throw+0x40/0x40 [ 31.069585] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.069908] kthread+0x17b/0x1b0 [ 31.070096] ? kthread_complete_and_exit+0x30/0x30 [ 31.070321] ret_from_fork+0x22/0x30 [ 31.070612] </TASK> [ 31.070774] [ 31.070886] Allocated by task 247: [ 31.071084] kasan_save_stack+0x41/0x70 [ 31.071337] kasan_set_track+0x25/0x40 [ 31.071964] kasan_save_alloc_info+0x1e/0x30 [ 31.072273] __kasan_kmalloc+0xb6/0xc0 [ 31.072517] kmalloc_trace+0x48/0xb0 [ 31.072724] kmalloc_uaf+0x99/0x1c0 [ 31.072956] kunit_try_run_case+0x8f/0xd0 [ 31.073152] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.073477] kthread+0x17b/0x1b0 [ 31.073722] ret_from_fork+0x22/0x30 [ 31.073932] [ 31.074015] Freed by task 247: [ 31.074219] kasan_save_stack+0x41/0x70 [ 31.074483] kasan_set_track+0x25/0x40 [ 31.074701] kasan_save_free_info+0x2e/0x50 [ 31.074959] ____kasan_slab_free+0x175/0x1d0 [ 31.075199] __kasan_slab_free+0x12/0x20 [ 31.075426] __kmem_cache_free+0x188/0x2f0 [ 31.075679] kfree+0x78/0x120 [ 31.075860] kmalloc_uaf+0xb5/0x1c0 [ 31.076054] kunit_try_run_case+0x8f/0xd0 [ 31.076669] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.077000] kthread+0x17b/0x1b0 [ 31.077201] ret_from_fork+0x22/0x30 [ 31.077465] [ 31.077572] The buggy address belongs to the object at ffff888101a015a0 [ 31.077572] which belongs to the cache kmalloc-16 of size 16 [ 31.078065] The buggy address is located 8 bytes inside of [ 31.078065] 16-byte region [ffff888101a015a0, ffff888101a015b0) [ 31.078576] [ 31.078667] The buggy address belongs to the physical page: [ 31.078922] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101a01 [ 31.079422] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.080020] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 31.080596] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 31.080920] page dumped because: kasan: bad access detected [ 31.081336] [ 31.081577] Memory state around the buggy address: [ 31.081851] ffff888101a01480: 00 06 fc fc 00 06 fc fc 00 06 fc fc 00 02 fc fc [ 31.082338] ffff888101a01500: 00 03 fc fc 00 00 fc fc 00 00 fc fc fa fb fc fc [ 31.082772] >ffff888101a01580: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 31.083094] ^ [ 31.083544] ffff888101a01600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.084012] ffff888101a01680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.084474] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 31.037298] ================================================================== [ 31.037795] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.039270] Read of size 64 at addr ffff8881030dcc84 by task kunit_try_catch/246 [ 31.039874] [ 31.039991] CPU: 1 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.040402] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.040859] Call Trace: [ 31.041035] <TASK> [ 31.041196] dump_stack_lvl+0x49/0x62 [ 31.041454] print_report+0x189/0x492 [ 31.041782] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.042138] ? kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.042586] kasan_report+0x10c/0x190 [ 31.042817] ? kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.043104] kasan_check_range+0x10b/0x1c0 [ 31.043597] memmove+0x23/0x70 [ 31.043852] kmalloc_memmove_invalid_size+0xe6/0x1e0 [ 31.044125] ? kmem_cache_accounted+0x140/0x140 [ 31.044538] ? __kunit_add_resource+0xd1/0x100 [ 31.044838] kunit_try_run_case+0x8f/0xd0 [ 31.045104] ? kunit_catch_run_case+0x80/0x80 [ 31.045419] ? kunit_try_catch_throw+0x40/0x40 [ 31.045644] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.045950] kthread+0x17b/0x1b0 [ 31.046176] ? kthread_complete_and_exit+0x30/0x30 [ 31.046418] ret_from_fork+0x22/0x30 [ 31.046747] </TASK> [ 31.047083] [ 31.047368] Allocated by task 246: [ 31.047531] kasan_save_stack+0x41/0x70 [ 31.047961] kasan_set_track+0x25/0x40 [ 31.048420] kasan_save_alloc_info+0x1e/0x30 [ 31.048769] __kasan_kmalloc+0xb6/0xc0 [ 31.049109] kmalloc_trace+0x48/0xb0 [ 31.049445] kmalloc_memmove_invalid_size+0x9b/0x1e0 [ 31.049706] kunit_try_run_case+0x8f/0xd0 [ 31.049918] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.050223] kthread+0x17b/0x1b0 [ 31.050839] ret_from_fork+0x22/0x30 [ 31.051030] [ 31.051338] The buggy address belongs to the object at ffff8881030dcc80 [ 31.051338] which belongs to the cache kmalloc-64 of size 64 [ 31.052243] The buggy address is located 4 bytes inside of [ 31.052243] 64-byte region [ffff8881030dcc80, ffff8881030dccc0) [ 31.053177] [ 31.053448] The buggy address belongs to the physical page: [ 31.053846] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030dc [ 31.054345] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.054780] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.055150] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.055522] page dumped because: kasan: bad access detected [ 31.055879] [ 31.056056] Memory state around the buggy address: [ 31.056320] ffff8881030dcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.056613] ffff8881030dcc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.056956] >ffff8881030dcc80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.057311] ^ [ 31.057514] ffff8881030dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.057841] ffff8881030dcd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.058169] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 31.014512] ================================================================== [ 31.015634] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.016058] Read of size 18446744073709551614 at addr ffff8881030dcc04 by task kunit_try_catch/245 [ 31.016903] [ 31.017107] CPU: 1 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 31.018074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 31.019013] Call Trace: [ 31.019352] <TASK> [ 31.019475] dump_stack_lvl+0x49/0x62 [ 31.019675] print_report+0x189/0x492 [ 31.019857] ? kasan_complete_mode_report_info+0x3c/0x200 [ 31.020077] ? kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.020398] kasan_report+0x10c/0x190 [ 31.020596] ? kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.021074] kasan_check_range+0x10b/0x1c0 [ 31.021359] memmove+0x23/0x70 [ 31.021575] kmalloc_memmove_negative_size+0xe7/0x1e0 [ 31.021948] ? kmalloc_memmove_invalid_size+0x1e0/0x1e0 [ 31.022251] ? __kunit_add_resource+0xd1/0x100 [ 31.022581] kunit_try_run_case+0x8f/0xd0 [ 31.022846] ? kunit_catch_run_case+0x80/0x80 [ 31.023078] ? kunit_try_catch_throw+0x40/0x40 [ 31.023439] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.023743] kthread+0x17b/0x1b0 [ 31.023952] ? kthread_complete_and_exit+0x30/0x30 [ 31.024182] ret_from_fork+0x22/0x30 [ 31.024523] </TASK> [ 31.024657] [ 31.024754] Allocated by task 245: [ 31.024955] kasan_save_stack+0x41/0x70 [ 31.025206] kasan_set_track+0x25/0x40 [ 31.025749] kasan_save_alloc_info+0x1e/0x30 [ 31.025969] __kasan_kmalloc+0xb6/0xc0 [ 31.026213] kmalloc_trace+0x48/0xb0 [ 31.026410] kmalloc_memmove_negative_size+0x9b/0x1e0 [ 31.026788] kunit_try_run_case+0x8f/0xd0 [ 31.027038] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.027442] kthread+0x17b/0x1b0 [ 31.027650] ret_from_fork+0x22/0x30 [ 31.027842] [ 31.027956] The buggy address belongs to the object at ffff8881030dcc00 [ 31.027956] which belongs to the cache kmalloc-64 of size 64 [ 31.028576] The buggy address is located 4 bytes inside of [ 31.028576] 64-byte region [ffff8881030dcc00, ffff8881030dcc40) [ 31.029088] [ 31.029214] The buggy address belongs to the physical page: [ 31.029575] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030dc [ 31.029986] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.030352] raw: 0200000000000200 0000000000000000 dead000000000122 ffff888100041640 [ 31.030707] raw: 0000000000000000 0000000080200020 00000001ffffffff 0000000000000000 [ 31.031034] page dumped because: kasan: bad access detected [ 31.031625] [ 31.031745] Memory state around the buggy address: [ 31.031999] ffff8881030dcb00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.032425] ffff8881030dcb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 31.032756] >ffff8881030dcc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 31.033085] ^ [ 31.033263] ffff8881030dcc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.033694] ffff8881030dcd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.034003] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 30.990517] ================================================================== [ 30.991127] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.991568] Write of size 16 at addr ffff888103497669 by task kunit_try_catch/244 [ 30.991911] [ 30.992031] CPU: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.992451] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.992867] Call Trace: [ 30.993013] <TASK> [ 30.993174] dump_stack_lvl+0x49/0x62 [ 30.994006] print_report+0x189/0x492 [ 30.994277] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.994746] ? kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.995014] kasan_report+0x10c/0x190 [ 30.995235] ? kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.995591] kasan_check_range+0x10b/0x1c0 [ 30.995799] memset+0x23/0x50 [ 30.996003] kmalloc_oob_memset_16+0xd9/0x1d0 [ 30.996235] ? kmalloc_uaf_memset+0x1c0/0x1c0 [ 30.996661] ? __kunit_add_resource+0xd1/0x100 [ 30.996929] kunit_try_run_case+0x8f/0xd0 [ 30.997191] ? kunit_catch_run_case+0x80/0x80 [ 30.997418] ? kunit_try_catch_throw+0x40/0x40 [ 30.997809] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.998135] kthread+0x17b/0x1b0 [ 30.998352] ? kthread_complete_and_exit+0x30/0x30 [ 30.998656] ret_from_fork+0x22/0x30 [ 30.998993] </TASK> [ 30.999148] [ 30.999268] Allocated by task 244: [ 30.999823] kasan_save_stack+0x41/0x70 [ 31.000059] kasan_set_track+0x25/0x40 [ 31.000298] kasan_save_alloc_info+0x1e/0x30 [ 31.000529] __kasan_kmalloc+0xb6/0xc0 [ 31.000735] kmalloc_trace+0x48/0xb0 [ 31.000939] kmalloc_oob_memset_16+0x9b/0x1d0 [ 31.001200] kunit_try_run_case+0x8f/0xd0 [ 31.002000] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 31.002340] kthread+0x17b/0x1b0 [ 31.002718] ret_from_fork+0x22/0x30 [ 31.002908] [ 31.003143] The buggy address belongs to the object at ffff888103497600 [ 31.003143] which belongs to the cache kmalloc-128 of size 128 [ 31.003900] The buggy address is located 105 bytes inside of [ 31.003900] 128-byte region [ffff888103497600, ffff888103497680) [ 31.004851] [ 31.004988] The buggy address belongs to the physical page: [ 31.005518] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103497 [ 31.005942] flags: 0x200000000000200(slab|node=0|zone=2) [ 31.006399] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 31.006959] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 31.007571] page dumped because: kasan: bad access detected [ 31.007961] [ 31.008199] Memory state around the buggy address: [ 31.008723] ffff888103497500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 31.009212] ffff888103497580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.009824] >ffff888103497600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 31.010186] ^ [ 31.010721] ffff888103497680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011048] ffff888103497700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 31.011549] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 30.966446] ================================================================== [ 30.967638] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0xd9/0x1d0 [ 30.968383] Write of size 8 at addr ffff8881030def71 by task kunit_try_catch/243 [ 30.968985] [ 30.969095] CPU: 1 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.969862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.970981] Call Trace: [ 30.971276] <TASK> [ 30.971620] dump_stack_lvl+0x49/0x62 [ 30.971845] print_report+0x189/0x492 [ 30.972032] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.972328] ? kmalloc_oob_memset_8+0xd9/0x1d0 [ 30.972870] kasan_report+0x10c/0x190 [ 30.973309] ? kmalloc_oob_memset_8+0xd9/0x1d0 [ 30.973839] kasan_check_range+0x10b/0x1c0 [ 30.974270] memset+0x23/0x50 [ 30.974650] kmalloc_oob_memset_8+0xd9/0x1d0 [ 30.975075] ? kmalloc_oob_memset_16+0x1d0/0x1d0 [ 30.975799] ? __kunit_add_resource+0xd1/0x100 [ 30.976029] kunit_try_run_case+0x8f/0xd0 [ 30.976238] ? kunit_catch_run_case+0x80/0x80 [ 30.976489] ? kunit_try_catch_throw+0x40/0x40 [ 30.976852] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.977174] kthread+0x17b/0x1b0 [ 30.977404] ? kthread_complete_and_exit+0x30/0x30 [ 30.977773] ret_from_fork+0x22/0x30 [ 30.978026] </TASK> [ 30.978179] [ 30.978266] Allocated by task 243: [ 30.978491] kasan_save_stack+0x41/0x70 [ 30.978775] kasan_set_track+0x25/0x40 [ 30.979005] kasan_save_alloc_info+0x1e/0x30 [ 30.979282] __kasan_kmalloc+0xb6/0xc0 [ 30.979515] kmalloc_trace+0x48/0xb0 [ 30.979838] kmalloc_oob_memset_8+0x9b/0x1d0 [ 30.980038] kunit_try_run_case+0x8f/0xd0 [ 30.980292] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.980849] kthread+0x17b/0x1b0 [ 30.981068] ret_from_fork+0x22/0x30 [ 30.981299] [ 30.981504] The buggy address belongs to the object at ffff8881030def00 [ 30.981504] which belongs to the cache kmalloc-128 of size 128 [ 30.982040] The buggy address is located 113 bytes inside of [ 30.982040] 128-byte region [ffff8881030def00, ffff8881030def80) [ 30.982501] [ 30.982620] The buggy address belongs to the physical page: [ 30.983099] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030de [ 30.983609] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.983970] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.984371] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.984710] page dumped because: kasan: bad access detected [ 30.984992] [ 30.985094] Memory state around the buggy address: [ 30.985429] ffff8881030dee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.985742] ffff8881030dee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.986073] >ffff8881030def00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.986381] ^ [ 30.986997] ffff8881030def80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.987336] ffff8881030df000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.987738] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 30.931699] ================================================================== [ 30.933588] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.934907] Write of size 4 at addr ffff8881030ded75 by task kunit_try_catch/242 [ 30.935599] [ 30.936142] CPU: 1 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.937094] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.938092] Call Trace: [ 30.938610] <TASK> [ 30.938754] dump_stack_lvl+0x49/0x62 [ 30.938964] print_report+0x189/0x492 [ 30.939150] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.939669] ? kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.939967] kasan_report+0x10c/0x190 [ 30.940250] ? kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.940848] kasan_check_range+0x10b/0x1c0 [ 30.941581] memset+0x23/0x50 [ 30.942036] kmalloc_oob_memset_4+0xd9/0x1d0 [ 30.942667] ? kmalloc_oob_memset_8+0x1d0/0x1d0 [ 30.943176] ? __kunit_add_resource+0xd1/0x100 [ 30.943777] kunit_try_run_case+0x8f/0xd0 [ 30.944081] ? kunit_catch_run_case+0x80/0x80 [ 30.944644] ? kunit_try_catch_throw+0x40/0x40 [ 30.945141] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.945588] kthread+0x17b/0x1b0 [ 30.945965] ? kthread_complete_and_exit+0x30/0x30 [ 30.946311] ret_from_fork+0x22/0x30 [ 30.947035] </TASK> [ 30.947218] [ 30.947425] Allocated by task 242: [ 30.947764] kasan_save_stack+0x41/0x70 [ 30.947953] kasan_set_track+0x25/0x40 [ 30.948123] kasan_save_alloc_info+0x1e/0x30 [ 30.948699] __kasan_kmalloc+0xb6/0xc0 [ 30.949188] kmalloc_trace+0x48/0xb0 [ 30.949688] kmalloc_oob_memset_4+0x9b/0x1d0 [ 30.950185] kunit_try_run_case+0x8f/0xd0 [ 30.950757] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.951255] kthread+0x17b/0x1b0 [ 30.951615] ret_from_fork+0x22/0x30 [ 30.952006] [ 30.952214] The buggy address belongs to the object at ffff8881030ded00 [ 30.952214] which belongs to the cache kmalloc-128 of size 128 [ 30.953193] The buggy address is located 117 bytes inside of [ 30.953193] 128-byte region [ffff8881030ded00, ffff8881030ded80) [ 30.954138] [ 30.954349] The buggy address belongs to the physical page: [ 30.954939] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030de [ 30.955889] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.956138] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.956669] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.957401] page dumped because: kasan: bad access detected [ 30.958191] [ 30.958397] Memory state around the buggy address: [ 30.958875] ffff8881030dec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.959129] ffff8881030dec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.959765] >ffff8881030ded00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.960655] ^ [ 30.961352] ffff8881030ded80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.961904] ffff8881030dee00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.962146] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 30.901899] ================================================================== [ 30.902713] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.903017] Write of size 2 at addr ffff888103497577 by task kunit_try_catch/241 [ 30.903327] [ 30.903428] CPU: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.904424] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.904787] Call Trace: [ 30.905134] <TASK> [ 30.905527] dump_stack_lvl+0x49/0x62 [ 30.905944] print_report+0x189/0x492 [ 30.906516] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.906819] ? kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.907012] kasan_report+0x10c/0x190 [ 30.907207] ? kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.907917] kasan_check_range+0x10b/0x1c0 [ 30.908534] memset+0x23/0x50 [ 30.909051] kmalloc_oob_memset_2+0xd9/0x1d0 [ 30.909620] ? kmalloc_oob_memset_4+0x1d0/0x1d0 [ 30.910233] ? __kunit_add_resource+0xd1/0x100 [ 30.910970] kunit_try_run_case+0x8f/0xd0 [ 30.911627] ? kunit_catch_run_case+0x80/0x80 [ 30.912223] ? kunit_try_catch_throw+0x40/0x40 [ 30.912466] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.913251] kthread+0x17b/0x1b0 [ 30.913725] ? kthread_complete_and_exit+0x30/0x30 [ 30.914218] ret_from_fork+0x22/0x30 [ 30.914442] </TASK> [ 30.914892] [ 30.915072] Allocated by task 241: [ 30.915608] kasan_save_stack+0x41/0x70 [ 30.916119] kasan_set_track+0x25/0x40 [ 30.916737] kasan_save_alloc_info+0x1e/0x30 [ 30.916941] __kasan_kmalloc+0xb6/0xc0 [ 30.917117] kmalloc_trace+0x48/0xb0 [ 30.917311] kmalloc_oob_memset_2+0x9b/0x1d0 [ 30.917724] kunit_try_run_case+0x8f/0xd0 [ 30.918300] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.918675] kthread+0x17b/0x1b0 [ 30.919135] ret_from_fork+0x22/0x30 [ 30.919690] [ 30.919813] The buggy address belongs to the object at ffff888103497500 [ 30.919813] which belongs to the cache kmalloc-128 of size 128 [ 30.920704] The buggy address is located 119 bytes inside of [ 30.920704] 128-byte region [ffff888103497500, ffff888103497580) [ 30.921232] [ 30.921356] The buggy address belongs to the physical page: [ 30.922001] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103497 [ 30.922660] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.923198] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.923479] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.923884] page dumped because: kasan: bad access detected [ 30.924649] [ 30.924919] Memory state around the buggy address: [ 30.925551] ffff888103497400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.926079] ffff888103497480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.926692] >ffff888103497500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.926941] ^ [ 30.927207] ffff888103497580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.927457] ffff888103497600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.927692] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 30.878208] ================================================================== [ 30.878829] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.879233] Write of size 128 at addr ffff8881030dea00 by task kunit_try_catch/240 [ 30.879717] [ 30.879842] CPU: 1 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.880272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.880905] Call Trace: [ 30.881074] <TASK> [ 30.881247] dump_stack_lvl+0x49/0x62 [ 30.881475] print_report+0x189/0x492 [ 30.881919] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.882239] ? kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.882627] kasan_report+0x10c/0x190 [ 30.882895] ? kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.883200] kasan_check_range+0x10b/0x1c0 [ 30.883838] memset+0x23/0x50 [ 30.884049] kmalloc_oob_in_memset+0xd6/0x1d0 [ 30.884361] ? kmalloc_oob_memset_2+0x1d0/0x1d0 [ 30.884704] ? __kunit_add_resource+0xd1/0x100 [ 30.885009] kunit_try_run_case+0x8f/0xd0 [ 30.885291] ? kunit_catch_run_case+0x80/0x80 [ 30.885642] ? kunit_try_catch_throw+0x40/0x40 [ 30.885884] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.886232] kthread+0x17b/0x1b0 [ 30.886528] ? kthread_complete_and_exit+0x30/0x30 [ 30.886831] ret_from_fork+0x22/0x30 [ 30.887143] </TASK> [ 30.887343] [ 30.887549] Allocated by task 240: [ 30.887742] kasan_save_stack+0x41/0x70 [ 30.888013] kasan_set_track+0x25/0x40 [ 30.888226] kasan_save_alloc_info+0x1e/0x30 [ 30.888849] __kasan_kmalloc+0xb6/0xc0 [ 30.889085] kmalloc_trace+0x48/0xb0 [ 30.889397] kmalloc_oob_in_memset+0x9b/0x1d0 [ 30.889791] kunit_try_run_case+0x8f/0xd0 [ 30.890035] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.890371] kthread+0x17b/0x1b0 [ 30.890657] ret_from_fork+0x22/0x30 [ 30.890897] [ 30.891011] The buggy address belongs to the object at ffff8881030dea00 [ 30.891011] which belongs to the cache kmalloc-128 of size 128 [ 30.891733] The buggy address is located 0 bytes inside of [ 30.891733] 128-byte region [ffff8881030dea00, ffff8881030dea80) [ 30.892268] [ 30.892391] The buggy address belongs to the physical page: [ 30.892763] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030de [ 30.893255] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.893661] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.894157] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.894827] page dumped because: kasan: bad access detected [ 30.895101] [ 30.895227] Memory state around the buggy address: [ 30.895508] ffff8881030de900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc fc [ 30.895837] ffff8881030de980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.896294] >ffff8881030dea00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 30.896738] ^ [ 30.897087] ffff8881030dea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.897456] ffff8881030deb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.897801] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_uaf_16
[ 30.844709] ================================================================== [ 30.845240] BUG: KASAN: use-after-free in kmalloc_uaf_16+0x104/0x250 [ 30.846036] Read of size 16 at addr ffff888102f54b40 by task kunit_try_catch/239 [ 30.846786] [ 30.847027] CPU: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.847980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.848922] Call Trace: [ 30.849214] <TASK> [ 30.849511] dump_stack_lvl+0x49/0x62 [ 30.849919] print_report+0x189/0x492 [ 30.850116] ? kasan_complete_mode_report_info+0x7c/0x200 [ 30.850594] ? kmalloc_uaf_16+0x104/0x250 [ 30.851177] kasan_report+0x10c/0x190 [ 30.851681] ? kmalloc_uaf_16+0x104/0x250 [ 30.852134] __asan_load16+0x65/0x90 [ 30.852757] kmalloc_uaf_16+0x104/0x250 [ 30.853186] ? kmalloc_uaf+0x1c0/0x1c0 [ 30.853789] ? __kunit_add_resource+0xd1/0x100 [ 30.854018] ? kasan_test_init+0x13e/0x1b0 [ 30.854230] kunit_try_run_case+0x8f/0xd0 [ 30.854638] ? kunit_catch_run_case+0x80/0x80 [ 30.855088] ? kunit_try_catch_throw+0x40/0x40 [ 30.855631] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.856308] kthread+0x17b/0x1b0 [ 30.856749] ? kthread_complete_and_exit+0x30/0x30 [ 30.857242] ret_from_fork+0x22/0x30 [ 30.857670] </TASK> [ 30.858140] [ 30.858338] Allocated by task 239: [ 30.858615] kasan_save_stack+0x41/0x70 [ 30.858812] kasan_set_track+0x25/0x40 [ 30.858993] kasan_save_alloc_info+0x1e/0x30 [ 30.859191] __kasan_kmalloc+0xb6/0xc0 [ 30.859480] kmalloc_trace+0x48/0xb0 [ 30.859864] kmalloc_uaf_16+0xc5/0x250 [ 30.860039] kunit_try_run_case+0x8f/0xd0 [ 30.860234] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.860724] kthread+0x17b/0x1b0 [ 30.861065] ret_from_fork+0x22/0x30 [ 30.861666] [ 30.861856] Freed by task 239: [ 30.862204] kasan_save_stack+0x41/0x70 [ 30.862717] kasan_set_track+0x25/0x40 [ 30.863100] kasan_save_free_info+0x2e/0x50 [ 30.863568] ____kasan_slab_free+0x175/0x1d0 [ 30.864077] __kasan_slab_free+0x12/0x20 [ 30.864306] __kmem_cache_free+0x188/0x2f0 [ 30.864851] kfree+0x78/0x120 [ 30.865226] kmalloc_uaf_16+0xe5/0x250 [ 30.865905] kunit_try_run_case+0x8f/0xd0 [ 30.866202] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.866922] kthread+0x17b/0x1b0 [ 30.867215] ret_from_fork+0x22/0x30 [ 30.867517] [ 30.867730] The buggy address belongs to the object at ffff888102f54b40 [ 30.867730] which belongs to the cache kmalloc-16 of size 16 [ 30.868848] The buggy address is located 0 bytes inside of [ 30.868848] 16-byte region [ffff888102f54b40, ffff888102f54b50) [ 30.869256] [ 30.869347] The buggy address belongs to the physical page: [ 30.869596] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 30.870017] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.870615] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 30.871031] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 30.871486] page dumped because: kasan: bad access detected [ 30.871764] [ 30.871880] Memory state around the buggy address: [ 30.872139] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 30.872629] ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 30.873012] >ffff888102f54b00: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 30.873481] ^ [ 30.873765] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.874106] ffff888102f54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.874467] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 30.814614] ================================================================== [ 30.815754] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0xef/0x250 [ 30.816768] Write of size 16 at addr ffff888102f54ae0 by task kunit_try_catch/238 [ 30.817632] [ 30.817834] CPU: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.818831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.819981] Call Trace: [ 30.820409] <TASK> [ 30.820783] dump_stack_lvl+0x49/0x62 [ 30.821229] print_report+0x189/0x492 [ 30.821738] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.822294] ? kmalloc_oob_16+0xef/0x250 [ 30.822521] kasan_report+0x10c/0x190 [ 30.822956] ? kmalloc_oob_16+0xef/0x250 [ 30.823403] __asan_store16+0x68/0x90 [ 30.823900] kmalloc_oob_16+0xef/0x250 [ 30.824246] ? kmalloc_uaf_16+0x250/0x250 [ 30.824636] ? __kunit_add_resource+0xd1/0x100 [ 30.824860] ? kasan_test_init+0x13e/0x1b0 [ 30.825059] kunit_try_run_case+0x8f/0xd0 [ 30.825320] ? kunit_catch_run_case+0x80/0x80 [ 30.825646] ? kunit_try_catch_throw+0x40/0x40 [ 30.826138] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.826831] kthread+0x17b/0x1b0 [ 30.827011] ? kthread_complete_and_exit+0x30/0x30 [ 30.827237] ret_from_fork+0x22/0x30 [ 30.827660] </TASK> [ 30.827931] [ 30.828113] Allocated by task 238: [ 30.828574] kasan_save_stack+0x41/0x70 [ 30.829009] kasan_set_track+0x25/0x40 [ 30.829445] kasan_save_alloc_info+0x1e/0x30 [ 30.829966] __kasan_kmalloc+0xb6/0xc0 [ 30.830520] kmalloc_trace+0x48/0xb0 [ 30.831038] kmalloc_oob_16+0x8b/0x250 [ 30.831538] kunit_try_run_case+0x8f/0xd0 [ 30.831730] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.831951] kthread+0x17b/0x1b0 [ 30.832103] ret_from_fork+0x22/0x30 [ 30.832286] [ 30.832378] The buggy address belongs to the object at ffff888102f54ae0 [ 30.832378] which belongs to the cache kmalloc-16 of size 16 [ 30.832964] The buggy address is located 0 bytes inside of [ 30.832964] 16-byte region [ffff888102f54ae0, ffff888102f54af0) [ 30.833467] [ 30.833558] The buggy address belongs to the physical page: [ 30.833985] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 30.834730] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.835092] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 30.835590] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 30.835949] page dumped because: kasan: bad access detected [ 30.836794] [ 30.836917] Memory state around the buggy address: [ 30.837143] ffff888102f54980: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 30.837785] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 30.838244] >ffff888102f54a80: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 30.838893] ^ [ 30.839375] ffff888102f54b00: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.839837] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.840271] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-krealloc_uaf
[ 30.755338] ================================================================== [ 30.756519] BUG: KASAN: use-after-free in krealloc_uaf+0xed/0x2e0 [ 30.757020] Read of size 1 at addr ffff88810090ca00 by task kunit_try_catch/237 [ 30.757539] [ 30.757674] CPU: 1 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.758056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.758818] Call Trace: [ 30.759084] <TASK> [ 30.759367] dump_stack_lvl+0x49/0x62 [ 30.759721] print_report+0x189/0x492 [ 30.760101] ? kasan_complete_mode_report_info+0x7c/0x200 [ 30.760543] ? krealloc_uaf+0xed/0x2e0 [ 30.760735] kasan_report+0x10c/0x190 [ 30.760924] ? krealloc_uaf+0xed/0x2e0 [ 30.761111] ? krealloc_uaf+0xed/0x2e0 [ 30.761358] __kasan_check_byte+0x39/0x50 [ 30.761706] krealloc+0x35/0x140 [ 30.762274] krealloc_uaf+0xed/0x2e0 [ 30.762625] ? kmalloc_memmove_negative_size+0x1e0/0x1e0 [ 30.763049] ? preempt_count_sub+0x4c/0x70 [ 30.763429] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.763822] ? __kunit_add_resource+0xd1/0x100 [ 30.764246] kunit_try_run_case+0x8f/0xd0 [ 30.764659] ? kunit_catch_run_case+0x80/0x80 [ 30.764914] ? kunit_try_catch_throw+0x40/0x40 [ 30.765157] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.765662] kthread+0x17b/0x1b0 [ 30.765990] ? kthread_complete_and_exit+0x30/0x30 [ 30.766432] ret_from_fork+0x22/0x30 [ 30.766813] </TASK> [ 30.767066] [ 30.767329] Allocated by task 237: [ 30.767639] kasan_save_stack+0x41/0x70 [ 30.767993] kasan_set_track+0x25/0x40 [ 30.768218] kasan_save_alloc_info+0x1e/0x30 [ 30.768681] __kasan_kmalloc+0xb6/0xc0 [ 30.769037] kmalloc_trace+0x48/0xb0 [ 30.769397] krealloc_uaf+0xac/0x2e0 [ 30.769732] kunit_try_run_case+0x8f/0xd0 [ 30.770082] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.770482] kthread+0x17b/0x1b0 [ 30.770683] ret_from_fork+0x22/0x30 [ 30.770883] [ 30.770979] Freed by task 237: [ 30.771143] kasan_save_stack+0x41/0x70 [ 30.771710] kasan_set_track+0x25/0x40 [ 30.772031] kasan_save_free_info+0x2e/0x50 [ 30.772478] ____kasan_slab_free+0x175/0x1d0 [ 30.772807] __kasan_slab_free+0x12/0x20 [ 30.773144] __kmem_cache_free+0x188/0x2f0 [ 30.773671] kfree+0x78/0x120 [ 30.773880] krealloc_uaf+0xcc/0x2e0 [ 30.774268] kunit_try_run_case+0x8f/0xd0 [ 30.774505] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.774882] kthread+0x17b/0x1b0 [ 30.775202] ret_from_fork+0x22/0x30 [ 30.775547] [ 30.775767] The buggy address belongs to the object at ffff88810090ca00 [ 30.775767] which belongs to the cache kmalloc-256 of size 256 [ 30.776601] The buggy address is located 0 bytes inside of [ 30.776601] 256-byte region [ffff88810090ca00, ffff88810090cb00) [ 30.777393] [ 30.777528] The buggy address belongs to the physical page: [ 30.777920] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.778528] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.778979] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.779477] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.779966] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.780494] page dumped because: kasan: bad access detected [ 30.780831] [ 30.780926] Memory state around the buggy address: [ 30.781491] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.781812] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.782170] >ffff88810090ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.782656] ^ [ 30.782951] ffff88810090ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.783475] ffff88810090cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.783914] ================================================================== [ 30.784963] ================================================================== [ 30.785310] BUG: KASAN: use-after-free in krealloc_uaf+0x126/0x2e0 [ 30.785702] Read of size 1 at addr ffff88810090ca00 by task kunit_try_catch/237 [ 30.786730] [ 30.786863] CPU: 1 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.787241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.787624] Call Trace: [ 30.787780] <TASK> [ 30.787923] dump_stack_lvl+0x49/0x62 [ 30.788157] print_report+0x189/0x492 [ 30.788429] ? kasan_complete_mode_report_info+0x7c/0x200 [ 30.789268] ? krealloc_uaf+0x126/0x2e0 [ 30.789510] kasan_report+0x10c/0x190 [ 30.789742] ? krealloc_uaf+0x126/0x2e0 [ 30.789964] __asan_load1+0x62/0x70 [ 30.790176] krealloc_uaf+0x126/0x2e0 [ 30.790738] ? kmalloc_memmove_negative_size+0x1e0/0x1e0 [ 30.791116] ? preempt_count_sub+0x4c/0x70 [ 30.791518] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.791911] ? __kunit_add_resource+0xd1/0x100 [ 30.792294] kunit_try_run_case+0x8f/0xd0 [ 30.792647] ? kunit_catch_run_case+0x80/0x80 [ 30.793012] ? kunit_try_catch_throw+0x40/0x40 [ 30.793422] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.793817] kthread+0x17b/0x1b0 [ 30.794020] ? kthread_complete_and_exit+0x30/0x30 [ 30.794507] ret_from_fork+0x22/0x30 [ 30.794759] </TASK> [ 30.795059] [ 30.795305] Allocated by task 237: [ 30.795492] kasan_save_stack+0x41/0x70 [ 30.795862] kasan_set_track+0x25/0x40 [ 30.796103] kasan_save_alloc_info+0x1e/0x30 [ 30.796580] __kasan_kmalloc+0xb6/0xc0 [ 30.796824] kmalloc_trace+0x48/0xb0 [ 30.797208] krealloc_uaf+0xac/0x2e0 [ 30.797538] kunit_try_run_case+0x8f/0xd0 [ 30.797883] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.798193] kthread+0x17b/0x1b0 [ 30.798552] ret_from_fork+0x22/0x30 [ 30.798871] [ 30.799006] Freed by task 237: [ 30.799347] kasan_save_stack+0x41/0x70 [ 30.799592] kasan_set_track+0x25/0x40 [ 30.800002] kasan_save_free_info+0x2e/0x50 [ 30.800394] ____kasan_slab_free+0x175/0x1d0 [ 30.800651] __kasan_slab_free+0x12/0x20 [ 30.800868] __kmem_cache_free+0x188/0x2f0 [ 30.801105] kfree+0x78/0x120 [ 30.801619] krealloc_uaf+0xcc/0x2e0 [ 30.801849] kunit_try_run_case+0x8f/0xd0 [ 30.802173] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.802566] kthread+0x17b/0x1b0 [ 30.802875] ret_from_fork+0x22/0x30 [ 30.803102] [ 30.803392] The buggy address belongs to the object at ffff88810090ca00 [ 30.803392] which belongs to the cache kmalloc-256 of size 256 [ 30.804042] The buggy address is located 0 bytes inside of [ 30.804042] 256-byte region [ffff88810090ca00, ffff88810090cb00) [ 30.804787] [ 30.804940] The buggy address belongs to the physical page: [ 30.805358] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.805919] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.806280] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.806742] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.807227] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.807675] page dumped because: kasan: bad access detected [ 30.808033] [ 30.808173] Memory state around the buggy address: [ 30.808507] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.808992] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.809533] >ffff88810090ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.809872] ^ [ 30.810145] ffff88810090ca80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.810589] ffff88810090cb00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.810925] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 30.663683] ================================================================== [ 30.664406] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18d/0x620 [ 30.665083] Write of size 1 at addr ffff88810370a0d0 by task kunit_try_catch/236 [ 30.665371] [ 30.665474] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.665778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.666087] Call Trace: [ 30.667114] <TASK> [ 30.667979] dump_stack_lvl+0x49/0x62 [ 30.668449] print_report+0x189/0x492 [ 30.668993] ? kasan_addr_to_slab+0xd/0xb0 [ 30.669692] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.670202] kasan_report+0x10c/0x190 [ 30.671642] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.671903] __asan_store1+0x65/0x70 [ 30.672085] krealloc_less_oob_helper+0x18d/0x620 [ 30.672348] ? krealloc_uaf+0x2e0/0x2e0 [ 30.672531] ? __kunit_add_resource+0xd1/0x100 [ 30.672730] ? preempt_count_sub+0x4c/0x70 [ 30.673102] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.674028] ? __kunit_add_resource+0xd1/0x100 [ 30.674394] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.674896] kunit_try_run_case+0x8f/0xd0 [ 30.675345] ? kunit_catch_run_case+0x80/0x80 [ 30.675804] ? kunit_try_catch_throw+0x40/0x40 [ 30.676145] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.676832] kthread+0x17b/0x1b0 [ 30.677428] ? kthread_complete_and_exit+0x30/0x30 [ 30.678022] ret_from_fork+0x22/0x30 [ 30.678246] </TASK> [ 30.678370] [ 30.678585] The buggy address belongs to the physical page: [ 30.679113] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.680186] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.681034] flags: 0x200000000010000(head|node=0|zone=2) [ 30.681393] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.682456] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.682801] page dumped because: kasan: bad access detected [ 30.683447] [ 30.683628] Memory state around the buggy address: [ 30.683892] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.684148] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.684779] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.685514] ^ [ 30.686189] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.687199] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.687905] ================================================================== [ 30.734228] ================================================================== [ 30.734827] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x25e/0x620 [ 30.735852] Write of size 1 at addr ffff88810370a0eb by task kunit_try_catch/236 [ 30.736858] [ 30.736970] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.737352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.738572] Call Trace: [ 30.738917] <TASK> [ 30.739155] dump_stack_lvl+0x49/0x62 [ 30.739932] print_report+0x189/0x492 [ 30.740387] ? kasan_addr_to_slab+0xd/0xb0 [ 30.740586] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.740799] kasan_report+0x10c/0x190 [ 30.740991] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.741235] __asan_store1+0x65/0x70 [ 30.741469] krealloc_less_oob_helper+0x25e/0x620 [ 30.741676] ? krealloc_uaf+0x2e0/0x2e0 [ 30.741940] ? __kunit_add_resource+0xd1/0x100 [ 30.742228] ? preempt_count_sub+0x4c/0x70 [ 30.742597] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.742830] ? __kunit_add_resource+0xd1/0x100 [ 30.743113] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.743542] kunit_try_run_case+0x8f/0xd0 [ 30.743762] ? kunit_catch_run_case+0x80/0x80 [ 30.743998] ? kunit_try_catch_throw+0x40/0x40 [ 30.744212] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.744526] kthread+0x17b/0x1b0 [ 30.744730] ? kthread_complete_and_exit+0x30/0x30 [ 30.745471] ret_from_fork+0x22/0x30 [ 30.745741] </TASK> [ 30.745876] [ 30.745993] The buggy address belongs to the physical page: [ 30.746271] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.746817] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.747142] flags: 0x200000000010000(head|node=0|zone=2) [ 30.747446] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.747919] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.748308] page dumped because: kasan: bad access detected [ 30.748569] [ 30.748673] Memory state around the buggy address: [ 30.748885] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.749232] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.749624] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.749975] ^ [ 30.750288] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.750838] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.751218] ================================================================== [ 30.639775] ================================================================== [ 30.641005] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x141/0x620 [ 30.641709] Write of size 1 at addr ffff88810370a0c9 by task kunit_try_catch/236 [ 30.642531] [ 30.642786] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.643715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.644039] Call Trace: [ 30.644180] <TASK> [ 30.644303] dump_stack_lvl+0x49/0x62 [ 30.644738] print_report+0x189/0x492 [ 30.645188] ? kasan_addr_to_slab+0xd/0xb0 [ 30.645790] ? krealloc_less_oob_helper+0x141/0x620 [ 30.646359] kasan_report+0x10c/0x190 [ 30.646798] ? krealloc_less_oob_helper+0x141/0x620 [ 30.647202] __asan_store1+0x65/0x70 [ 30.647694] krealloc_less_oob_helper+0x141/0x620 [ 30.648212] ? krealloc_uaf+0x2e0/0x2e0 [ 30.648648] ? __kunit_add_resource+0xd1/0x100 [ 30.648990] ? preempt_count_sub+0x4c/0x70 [ 30.649500] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.649772] ? __kunit_add_resource+0xd1/0x100 [ 30.649985] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.650203] kunit_try_run_case+0x8f/0xd0 [ 30.650398] ? kunit_catch_run_case+0x80/0x80 [ 30.650602] ? kunit_try_catch_throw+0x40/0x40 [ 30.650800] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.651027] kthread+0x17b/0x1b0 [ 30.651223] ? kthread_complete_and_exit+0x30/0x30 [ 30.651696] ret_from_fork+0x22/0x30 [ 30.652080] </TASK> [ 30.652344] [ 30.652540] The buggy address belongs to the physical page: [ 30.653465] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.654433] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.655145] flags: 0x200000000010000(head|node=0|zone=2) [ 30.655795] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.656632] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.657688] page dumped because: kasan: bad access detected [ 30.658208] [ 30.658392] Memory state around the buggy address: [ 30.658948] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.659693] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.660447] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.661144] ^ [ 30.661799] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.662105] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.662585] ================================================================== [ 30.510302] ================================================================== [ 30.510758] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x18d/0x620 [ 30.511093] Write of size 1 at addr ffff88810090c8d0 by task kunit_try_catch/234 [ 30.511519] [ 30.511642] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.511999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.512607] Call Trace: [ 30.512775] <TASK> [ 30.512908] dump_stack_lvl+0x49/0x62 [ 30.513171] print_report+0x189/0x492 [ 30.513709] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.514027] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.514278] kasan_report+0x10c/0x190 [ 30.514633] ? krealloc_less_oob_helper+0x18d/0x620 [ 30.514921] __asan_store1+0x65/0x70 [ 30.515137] krealloc_less_oob_helper+0x18d/0x620 [ 30.515425] ? krealloc_uaf+0x2e0/0x2e0 [ 30.515669] ? __kunit_add_resource+0xd1/0x100 [ 30.515882] ? preempt_count_sub+0x4c/0x70 [ 30.516137] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.516587] ? __kunit_add_resource+0xd1/0x100 [ 30.516855] krealloc_less_oob+0x18/0x20 [ 30.517098] kunit_try_run_case+0x8f/0xd0 [ 30.517605] ? kunit_catch_run_case+0x80/0x80 [ 30.517857] ? kunit_try_catch_throw+0x40/0x40 [ 30.518115] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.518563] kthread+0x17b/0x1b0 [ 30.518757] ? kthread_complete_and_exit+0x30/0x30 [ 30.519031] ret_from_fork+0x22/0x30 [ 30.519263] </TASK> [ 30.519524] [ 30.519622] Allocated by task 234: [ 30.519819] kasan_save_stack+0x41/0x70 [ 30.520035] kasan_set_track+0x25/0x40 [ 30.520255] kasan_save_alloc_info+0x1e/0x30 [ 30.520617] __kasan_krealloc+0x12e/0x180 [ 30.520816] krealloc+0xae/0x140 [ 30.521020] krealloc_less_oob_helper+0xe8/0x620 [ 30.521324] krealloc_less_oob+0x18/0x20 [ 30.521566] kunit_try_run_case+0x8f/0xd0 [ 30.521783] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.522063] kthread+0x17b/0x1b0 [ 30.522618] ret_from_fork+0x22/0x30 [ 30.522815] [ 30.522926] The buggy address belongs to the object at ffff88810090c800 [ 30.522926] which belongs to the cache kmalloc-256 of size 256 [ 30.523571] The buggy address is located 208 bytes inside of [ 30.523571] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.524070] [ 30.524192] The buggy address belongs to the physical page: [ 30.524568] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.524985] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.525617] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.525925] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.526282] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.526757] page dumped because: kasan: bad access detected [ 30.527020] [ 30.527135] Memory state around the buggy address: [ 30.527506] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.527814] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.528141] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.528564] ^ [ 30.528869] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529170] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.529777] ================================================================== [ 30.489242] ================================================================== [ 30.490129] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x141/0x620 [ 30.490947] Write of size 1 at addr ffff88810090c8c9 by task kunit_try_catch/234 [ 30.491485] [ 30.491628] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.492017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.492532] Call Trace: [ 30.492703] <TASK> [ 30.492826] dump_stack_lvl+0x49/0x62 [ 30.493086] print_report+0x189/0x492 [ 30.493614] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.493901] ? krealloc_less_oob_helper+0x141/0x620 [ 30.494181] kasan_report+0x10c/0x190 [ 30.494429] ? krealloc_less_oob_helper+0x141/0x620 [ 30.494800] __asan_store1+0x65/0x70 [ 30.495018] krealloc_less_oob_helper+0x141/0x620 [ 30.495415] ? krealloc_uaf+0x2e0/0x2e0 [ 30.495633] ? __kunit_add_resource+0xd1/0x100 [ 30.495908] ? preempt_count_sub+0x4c/0x70 [ 30.496188] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.496592] ? __kunit_add_resource+0xd1/0x100 [ 30.496854] krealloc_less_oob+0x18/0x20 [ 30.497080] kunit_try_run_case+0x8f/0xd0 [ 30.497388] ? kunit_catch_run_case+0x80/0x80 [ 30.497624] ? kunit_try_catch_throw+0x40/0x40 [ 30.497868] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.498140] kthread+0x17b/0x1b0 [ 30.498681] ? kthread_complete_and_exit+0x30/0x30 [ 30.498956] ret_from_fork+0x22/0x30 [ 30.499203] </TASK> [ 30.499466] [ 30.499575] Allocated by task 234: [ 30.499739] kasan_save_stack+0x41/0x70 [ 30.499981] kasan_set_track+0x25/0x40 [ 30.500183] kasan_save_alloc_info+0x1e/0x30 [ 30.500544] __kasan_krealloc+0x12e/0x180 [ 30.500770] krealloc+0xae/0x140 [ 30.500983] krealloc_less_oob_helper+0xe8/0x620 [ 30.501229] krealloc_less_oob+0x18/0x20 [ 30.501738] kunit_try_run_case+0x8f/0xd0 [ 30.501952] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.502268] kthread+0x17b/0x1b0 [ 30.502546] ret_from_fork+0x22/0x30 [ 30.502770] [ 30.502875] The buggy address belongs to the object at ffff88810090c800 [ 30.502875] which belongs to the cache kmalloc-256 of size 256 [ 30.503442] The buggy address is located 201 bytes inside of [ 30.503442] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.503918] [ 30.504035] The buggy address belongs to the physical page: [ 30.504316] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.504749] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.505245] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.505846] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.506192] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.506679] page dumped because: kasan: bad access detected [ 30.506930] [ 30.507040] Memory state around the buggy address: [ 30.507309] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.507756] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.508055] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.508522] ^ [ 30.508798] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.509133] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.509729] ================================================================== [ 30.548804] ================================================================== [ 30.549299] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x229/0x620 [ 30.549687] Write of size 1 at addr ffff88810090c8ea by task kunit_try_catch/234 [ 30.550079] [ 30.550216] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.550587] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.550927] Call Trace: [ 30.551082] <TASK> [ 30.551304] dump_stack_lvl+0x49/0x62 [ 30.551552] print_report+0x189/0x492 [ 30.551742] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.552064] ? krealloc_less_oob_helper+0x229/0x620 [ 30.552468] kasan_report+0x10c/0x190 [ 30.552707] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.552946] ? krealloc_less_oob_helper+0x229/0x620 [ 30.553277] __asan_store1+0x65/0x70 [ 30.553570] krealloc_less_oob_helper+0x229/0x620 [ 30.553835] ? krealloc_uaf+0x2e0/0x2e0 [ 30.554091] ? __kunit_add_resource+0xd1/0x100 [ 30.554412] ? preempt_count_sub+0x4c/0x70 [ 30.554650] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.554916] ? __kunit_add_resource+0xd1/0x100 [ 30.555181] krealloc_less_oob+0x18/0x20 [ 30.555391] kunit_try_run_case+0x8f/0xd0 [ 30.555815] ? kunit_catch_run_case+0x80/0x80 [ 30.556047] ? kunit_try_catch_throw+0x40/0x40 [ 30.556398] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.556669] kthread+0x17b/0x1b0 [ 30.556885] ? kthread_complete_and_exit+0x30/0x30 [ 30.557184] ret_from_fork+0x22/0x30 [ 30.557415] </TASK> [ 30.557574] [ 30.557696] Allocated by task 234: [ 30.557912] kasan_save_stack+0x41/0x70 [ 30.558146] kasan_set_track+0x25/0x40 [ 30.558384] kasan_save_alloc_info+0x1e/0x30 [ 30.558660] __kasan_krealloc+0x12e/0x180 [ 30.558879] krealloc+0xae/0x140 [ 30.559120] krealloc_less_oob_helper+0xe8/0x620 [ 30.559479] krealloc_less_oob+0x18/0x20 [ 30.559693] kunit_try_run_case+0x8f/0xd0 [ 30.559942] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.560225] kthread+0x17b/0x1b0 [ 30.560430] ret_from_fork+0x22/0x30 [ 30.560658] [ 30.560743] The buggy address belongs to the object at ffff88810090c800 [ 30.560743] which belongs to the cache kmalloc-256 of size 256 [ 30.561328] The buggy address is located 234 bytes inside of [ 30.561328] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.561906] [ 30.562020] The buggy address belongs to the physical page: [ 30.562328] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.562816] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.563108] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.563592] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.563996] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.564410] page dumped because: kasan: bad access detected [ 30.564656] [ 30.564741] Memory state around the buggy address: [ 30.564992] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.565412] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.565758] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.566030] ^ [ 30.566490] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.566851] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.567193] ================================================================== [ 30.688257] ================================================================== [ 30.688905] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f3/0x620 [ 30.689699] Write of size 1 at addr ffff88810370a0da by task kunit_try_catch/236 [ 30.690394] [ 30.690602] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.691064] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.692034] Call Trace: [ 30.692322] <TASK> [ 30.692594] dump_stack_lvl+0x49/0x62 [ 30.692794] print_report+0x189/0x492 [ 30.692984] ? kasan_addr_to_slab+0xd/0xb0 [ 30.693189] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.693401] kasan_report+0x10c/0x190 [ 30.693633] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.693916] __asan_store1+0x65/0x70 [ 30.694102] krealloc_less_oob_helper+0x1f3/0x620 [ 30.694724] ? krealloc_uaf+0x2e0/0x2e0 [ 30.694975] ? __kunit_add_resource+0xd1/0x100 [ 30.695224] ? preempt_count_sub+0x4c/0x70 [ 30.695549] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.695809] ? __kunit_add_resource+0xd1/0x100 [ 30.696070] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.696398] kunit_try_run_case+0x8f/0xd0 [ 30.696619] ? kunit_catch_run_case+0x80/0x80 [ 30.696855] ? kunit_try_catch_throw+0x40/0x40 [ 30.697121] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.697387] kthread+0x17b/0x1b0 [ 30.697626] ? kthread_complete_and_exit+0x30/0x30 [ 30.697919] ret_from_fork+0x22/0x30 [ 30.698181] </TASK> [ 30.698427] [ 30.698542] The buggy address belongs to the physical page: [ 30.698831] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.699295] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.700537] flags: 0x200000000010000(head|node=0|zone=2) [ 30.700986] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.701659] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.702681] page dumped because: kasan: bad access detected [ 30.703415] [ 30.703817] Memory state around the buggy address: [ 30.704708] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.704986] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.705268] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.706053] ^ [ 30.706800] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.707523] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.708256] ================================================================== [ 30.708983] ================================================================== [ 30.709291] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x229/0x620 [ 30.710081] Write of size 1 at addr ffff88810370a0ea by task kunit_try_catch/236 [ 30.710928] [ 30.711143] CPU: 1 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.712154] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.713199] Call Trace: [ 30.713642] <TASK> [ 30.713997] dump_stack_lvl+0x49/0x62 [ 30.714497] print_report+0x189/0x492 [ 30.715212] ? kasan_addr_to_slab+0xd/0xb0 [ 30.715692] ? krealloc_less_oob_helper+0x229/0x620 [ 30.716059] kasan_report+0x10c/0x190 [ 30.716280] ? krealloc_less_oob_helper+0x229/0x620 [ 30.716929] __asan_store1+0x65/0x70 [ 30.717379] krealloc_less_oob_helper+0x229/0x620 [ 30.717941] ? krealloc_uaf+0x2e0/0x2e0 [ 30.718481] ? __kunit_add_resource+0xd1/0x100 [ 30.718862] ? preempt_count_sub+0x4c/0x70 [ 30.719204] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.719875] ? __kunit_add_resource+0xd1/0x100 [ 30.720470] krealloc_pagealloc_less_oob+0x18/0x20 [ 30.720690] kunit_try_run_case+0x8f/0xd0 [ 30.720877] ? kunit_catch_run_case+0x80/0x80 [ 30.721073] ? kunit_try_catch_throw+0x40/0x40 [ 30.721515] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.722286] kthread+0x17b/0x1b0 [ 30.722726] ? kthread_complete_and_exit+0x30/0x30 [ 30.723227] ret_from_fork+0x22/0x30 [ 30.723738] </TASK> [ 30.724057] [ 30.724337] The buggy address belongs to the physical page: [ 30.724970] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103708 [ 30.726402] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.727004] flags: 0x200000000010000(head|node=0|zone=2) [ 30.727253] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.727880] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.728639] page dumped because: kasan: bad access detected [ 30.729218] [ 30.729491] Memory state around the buggy address: [ 30.729965] ffff888103709f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.730797] ffff88810370a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.731055] >ffff88810370a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 30.731330] ^ [ 30.732091] ffff88810370a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.732897] ffff88810370a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.733600] ================================================================== [ 30.568327] ================================================================== [ 30.569121] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x25e/0x620 [ 30.569607] Write of size 1 at addr ffff88810090c8eb by task kunit_try_catch/234 [ 30.569984] [ 30.570114] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.570553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.570988] Call Trace: [ 30.571154] <TASK> [ 30.571307] dump_stack_lvl+0x49/0x62 [ 30.572025] print_report+0x189/0x492 [ 30.572341] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.572631] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.572899] kasan_report+0x10c/0x190 [ 30.573150] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.573496] ? krealloc_less_oob_helper+0x25e/0x620 [ 30.573830] __asan_store1+0x65/0x70 [ 30.574046] krealloc_less_oob_helper+0x25e/0x620 [ 30.574350] ? krealloc_uaf+0x2e0/0x2e0 [ 30.574606] ? __kunit_add_resource+0xd1/0x100 [ 30.574866] ? preempt_count_sub+0x4c/0x70 [ 30.575093] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.575365] ? __kunit_add_resource+0xd1/0x100 [ 30.575773] krealloc_less_oob+0x18/0x20 [ 30.575972] kunit_try_run_case+0x8f/0xd0 [ 30.576553] ? kunit_catch_run_case+0x80/0x80 [ 30.576824] ? kunit_try_catch_throw+0x40/0x40 [ 30.577102] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.577479] kthread+0x17b/0x1b0 [ 30.577726] ? kthread_complete_and_exit+0x30/0x30 [ 30.577990] ret_from_fork+0x22/0x30 [ 30.578254] </TASK> [ 30.578389] [ 30.578518] Allocated by task 234: [ 30.578711] kasan_save_stack+0x41/0x70 [ 30.578950] kasan_set_track+0x25/0x40 [ 30.579213] kasan_save_alloc_info+0x1e/0x30 [ 30.579472] __kasan_krealloc+0x12e/0x180 [ 30.580048] krealloc+0xae/0x140 [ 30.580305] krealloc_less_oob_helper+0xe8/0x620 [ 30.580562] krealloc_less_oob+0x18/0x20 [ 30.580811] kunit_try_run_case+0x8f/0xd0 [ 30.581083] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.581414] kthread+0x17b/0x1b0 [ 30.581640] ret_from_fork+0x22/0x30 [ 30.581842] [ 30.581970] The buggy address belongs to the object at ffff88810090c800 [ 30.581970] which belongs to the cache kmalloc-256 of size 256 [ 30.582559] The buggy address is located 235 bytes inside of [ 30.582559] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.583089] [ 30.583228] The buggy address belongs to the physical page: [ 30.583781] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.584174] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.584780] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.585080] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.585482] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.585886] page dumped because: kasan: bad access detected [ 30.586138] [ 30.586232] Memory state around the buggy address: [ 30.586480] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.586888] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.587215] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.587536] ^ [ 30.588249] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.588538] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.588876] ================================================================== [ 30.530545] ================================================================== [ 30.530867] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0x1f3/0x620 [ 30.531296] Write of size 1 at addr ffff88810090c8da by task kunit_try_catch/234 [ 30.531614] [ 30.531742] CPU: 1 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.532460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.532914] Call Trace: [ 30.533089] <TASK> [ 30.533241] dump_stack_lvl+0x49/0x62 [ 30.533476] print_report+0x189/0x492 [ 30.533695] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.533954] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.534261] kasan_report+0x10c/0x190 [ 30.534498] ? asm_sysvec_apic_timer_interrupt+0x1b/0x20 [ 30.534738] ? krealloc_less_oob_helper+0x1f3/0x620 [ 30.535044] __asan_store1+0x65/0x70 [ 30.535261] krealloc_less_oob_helper+0x1f3/0x620 [ 30.535507] ? krealloc_uaf+0x2e0/0x2e0 [ 30.535719] ? __kunit_add_resource+0xd1/0x100 [ 30.535983] ? preempt_count_sub+0x4c/0x70 [ 30.536258] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.536485] ? __kunit_add_resource+0xd1/0x100 [ 30.536766] krealloc_less_oob+0x18/0x20 [ 30.536986] kunit_try_run_case+0x8f/0xd0 [ 30.537234] ? kunit_catch_run_case+0x80/0x80 [ 30.537527] ? kunit_try_catch_throw+0x40/0x40 [ 30.537881] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.538158] kthread+0x17b/0x1b0 [ 30.538344] ? kthread_complete_and_exit+0x30/0x30 [ 30.538636] ret_from_fork+0x22/0x30 [ 30.538870] </TASK> [ 30.538993] [ 30.539086] Allocated by task 234: [ 30.539296] kasan_save_stack+0x41/0x70 [ 30.539534] kasan_set_track+0x25/0x40 [ 30.539769] kasan_save_alloc_info+0x1e/0x30 [ 30.539954] __kasan_krealloc+0x12e/0x180 [ 30.540152] krealloc+0xae/0x140 [ 30.540368] krealloc_less_oob_helper+0xe8/0x620 [ 30.540643] krealloc_less_oob+0x18/0x20 [ 30.540847] kunit_try_run_case+0x8f/0xd0 [ 30.541061] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.541507] kthread+0x17b/0x1b0 [ 30.541680] ret_from_fork+0x22/0x30 [ 30.541894] [ 30.541981] The buggy address belongs to the object at ffff88810090c800 [ 30.541981] which belongs to the cache kmalloc-256 of size 256 [ 30.542538] The buggy address is located 218 bytes inside of [ 30.542538] 256-byte region [ffff88810090c800, ffff88810090c900) [ 30.543035] [ 30.543154] The buggy address belongs to the physical page: [ 30.543455] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.543960] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.544299] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.544544] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.544956] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.545356] page dumped because: kasan: bad access detected [ 30.545558] [ 30.545660] Memory state around the buggy address: [ 30.545929] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.546394] ffff88810090c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.546703] >ffff88810090c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 30.547026] ^ [ 30.547334] ffff88810090c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547591] ffff88810090c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.547939] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 30.465706] ================================================================== [ 30.466052] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.466546] Write of size 1 at addr ffff88810090c6f0 by task kunit_try_catch/233 [ 30.466920] [ 30.467041] CPU: 1 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.467468] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.467833] Call Trace: [ 30.467994] <TASK> [ 30.468284] dump_stack_lvl+0x49/0x62 [ 30.468795] print_report+0x189/0x492 [ 30.469023] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.469464] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.469732] kasan_report+0x10c/0x190 [ 30.469973] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.470267] __asan_store1+0x65/0x70 [ 30.470577] krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.470866] ? krealloc_less_oob+0x20/0x20 [ 30.471076] ? __kunit_add_resource+0xd1/0x100 [ 30.471396] ? preempt_count_sub+0x4c/0x70 [ 30.471626] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.471878] ? __kunit_add_resource+0xd1/0x100 [ 30.472150] krealloc_more_oob+0x18/0x20 [ 30.472367] kunit_try_run_case+0x8f/0xd0 [ 30.472602] ? kunit_catch_run_case+0x80/0x80 [ 30.472832] ? kunit_try_catch_throw+0x40/0x40 [ 30.473061] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.473742] kthread+0x17b/0x1b0 [ 30.473971] ? kthread_complete_and_exit+0x30/0x30 [ 30.474264] ret_from_fork+0x22/0x30 [ 30.474599] </TASK> [ 30.474753] [ 30.474847] Allocated by task 233: [ 30.475043] kasan_save_stack+0x41/0x70 [ 30.475305] kasan_set_track+0x25/0x40 [ 30.475620] kasan_save_alloc_info+0x1e/0x30 [ 30.475866] __kasan_krealloc+0x12e/0x180 [ 30.476110] krealloc+0xae/0x140 [ 30.476604] krealloc_more_oob_helper+0xe5/0x3b0 [ 30.476878] krealloc_more_oob+0x18/0x20 [ 30.477112] kunit_try_run_case+0x8f/0xd0 [ 30.477369] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.477751] kthread+0x17b/0x1b0 [ 30.477945] ret_from_fork+0x22/0x30 [ 30.478181] [ 30.478273] The buggy address belongs to the object at ffff88810090c600 [ 30.478273] which belongs to the cache kmalloc-256 of size 256 [ 30.478920] The buggy address is located 240 bytes inside of [ 30.478920] 256-byte region [ffff88810090c600, ffff88810090c700) [ 30.479557] [ 30.479677] The buggy address belongs to the physical page: [ 30.479957] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.480669] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.481016] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.481371] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.481824] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.482157] page dumped because: kasan: bad access detected [ 30.482561] [ 30.482683] Memory state around the buggy address: [ 30.482918] ffff88810090c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.483247] ffff88810090c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.483703] >ffff88810090c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.484026] ^ [ 30.484630] ffff88810090c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.484957] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.485309] ================================================================== [ 30.592504] ================================================================== [ 30.593656] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17d/0x3b0 [ 30.595001] Write of size 1 at addr ffff8881036be0eb by task kunit_try_catch/235 [ 30.595457] [ 30.595574] CPU: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.595881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.596206] Call Trace: [ 30.597098] <TASK> [ 30.597459] dump_stack_lvl+0x49/0x62 [ 30.598059] print_report+0x189/0x492 [ 30.598843] ? kasan_addr_to_slab+0xd/0xb0 [ 30.599392] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.600056] kasan_report+0x10c/0x190 [ 30.600570] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.601039] __asan_store1+0x65/0x70 [ 30.601397] krealloc_more_oob_helper+0x17d/0x3b0 [ 30.601623] ? krealloc_less_oob+0x20/0x20 [ 30.601812] ? __kunit_add_resource+0xd1/0x100 [ 30.602014] ? preempt_count_sub+0x4c/0x70 [ 30.602404] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.603157] ? __kunit_add_resource+0xd1/0x100 [ 30.603764] krealloc_pagealloc_more_oob+0x18/0x20 [ 30.604370] kunit_try_run_case+0x8f/0xd0 [ 30.604957] ? kunit_catch_run_case+0x80/0x80 [ 30.605552] ? kunit_try_catch_throw+0x40/0x40 [ 30.606097] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.606808] kthread+0x17b/0x1b0 [ 30.607517] ? kthread_complete_and_exit+0x30/0x30 [ 30.608157] ret_from_fork+0x22/0x30 [ 30.608691] </TASK> [ 30.608810] [ 30.608901] The buggy address belongs to the physical page: [ 30.609118] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.610204] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.611189] flags: 0x200000000010000(head|node=0|zone=2) [ 30.611816] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.612611] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.612901] page dumped because: kasan: bad access detected [ 30.613106] [ 30.613205] Memory state around the buggy address: [ 30.613665] ffff8881036bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.614441] ffff8881036be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.615313] >ffff8881036be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.616071] ^ [ 30.616820] ffff8881036be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.617511] ffff8881036be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.618024] ================================================================== [ 30.618448] ================================================================== [ 30.619190] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.620131] Write of size 1 at addr ffff8881036be0f0 by task kunit_try_catch/235 [ 30.620975] [ 30.621127] CPU: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.621911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.622677] Call Trace: [ 30.622806] <TASK> [ 30.622920] dump_stack_lvl+0x49/0x62 [ 30.623114] print_report+0x189/0x492 [ 30.623311] ? kasan_addr_to_slab+0xd/0xb0 [ 30.623623] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.623885] kasan_report+0x10c/0x190 [ 30.624108] ? krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.624401] __asan_store1+0x65/0x70 [ 30.624839] krealloc_more_oob_helper+0x1b8/0x3b0 [ 30.625134] ? krealloc_less_oob+0x20/0x20 [ 30.625519] ? __kunit_add_resource+0xd1/0x100 [ 30.625791] ? preempt_count_sub+0x4c/0x70 [ 30.626014] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.626295] ? __kunit_add_resource+0xd1/0x100 [ 30.626514] krealloc_pagealloc_more_oob+0x18/0x20 [ 30.626870] kunit_try_run_case+0x8f/0xd0 [ 30.627118] ? kunit_catch_run_case+0x80/0x80 [ 30.627513] ? kunit_try_catch_throw+0x40/0x40 [ 30.627776] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.628085] kthread+0x17b/0x1b0 [ 30.628322] ? kthread_complete_and_exit+0x30/0x30 [ 30.628643] ret_from_fork+0x22/0x30 [ 30.628835] </TASK> [ 30.629030] [ 30.629147] The buggy address belongs to the physical page: [ 30.629528] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.629948] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.630799] flags: 0x200000000010000(head|node=0|zone=2) [ 30.631075] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.631608] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.632029] page dumped because: kasan: bad access detected [ 30.632310] [ 30.632514] Memory state around the buggy address: [ 30.632778] ffff8881036bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.633102] ffff8881036be000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.633562] >ffff8881036be080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 30.633877] ^ [ 30.634327] ffff8881036be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.634958] ffff8881036be180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.635357] ================================================================== [ 30.445320] ================================================================== [ 30.445905] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x17d/0x3b0 [ 30.446346] Write of size 1 at addr ffff88810090c6eb by task kunit_try_catch/233 [ 30.446703] [ 30.446836] CPU: 1 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.447260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.447768] Call Trace: [ 30.447941] <TASK> [ 30.448081] dump_stack_lvl+0x49/0x62 [ 30.448655] print_report+0x189/0x492 [ 30.448905] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.449245] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.449553] kasan_report+0x10c/0x190 [ 30.449752] ? krealloc_more_oob_helper+0x17d/0x3b0 [ 30.450051] __asan_store1+0x65/0x70 [ 30.450265] krealloc_more_oob_helper+0x17d/0x3b0 [ 30.450539] ? krealloc_less_oob+0x20/0x20 [ 30.450782] ? __kunit_add_resource+0xd1/0x100 [ 30.451050] ? preempt_count_sub+0x4c/0x70 [ 30.451463] ? _raw_spin_unlock_irqrestore+0x2d/0x60 [ 30.451762] ? __kunit_add_resource+0xd1/0x100 [ 30.451996] krealloc_more_oob+0x18/0x20 [ 30.452261] kunit_try_run_case+0x8f/0xd0 [ 30.452798] ? kunit_catch_run_case+0x80/0x80 [ 30.453075] ? kunit_try_catch_throw+0x40/0x40 [ 30.453374] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.453658] kthread+0x17b/0x1b0 [ 30.453864] ? kthread_complete_and_exit+0x30/0x30 [ 30.454149] ret_from_fork+0x22/0x30 [ 30.454375] </TASK> [ 30.454520] [ 30.454629] Allocated by task 233: [ 30.454804] kasan_save_stack+0x41/0x70 [ 30.455048] kasan_set_track+0x25/0x40 [ 30.455461] kasan_save_alloc_info+0x1e/0x30 [ 30.455710] __kasan_krealloc+0x12e/0x180 [ 30.455955] krealloc+0xae/0x140 [ 30.456134] krealloc_more_oob_helper+0xe5/0x3b0 [ 30.456687] krealloc_more_oob+0x18/0x20 [ 30.456945] kunit_try_run_case+0x8f/0xd0 [ 30.457203] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.457596] kthread+0x17b/0x1b0 [ 30.457806] ret_from_fork+0x22/0x30 [ 30.458025] [ 30.458131] The buggy address belongs to the object at ffff88810090c600 [ 30.458131] which belongs to the cache kmalloc-256 of size 256 [ 30.458745] The buggy address is located 235 bytes inside of [ 30.458745] 256-byte region [ffff88810090c600, ffff88810090c700) [ 30.459412] [ 30.459524] The buggy address belongs to the physical page: [ 30.459790] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10090c [ 30.460233] head:(____ptrval____) order:1 compound_mapcount:0 compound_pincount:0 [ 30.460852] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.461188] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100041b40 [ 30.461625] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.461978] page dumped because: kasan: bad access detected [ 30.462247] [ 30.462475] Memory state around the buggy address: [ 30.462722] ffff88810090c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.463018] ffff88810090c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.463504] >ffff88810090c680: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 30.463811] ^ [ 30.464111] ffff88810090c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.464764] ffff88810090c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.465106] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 30.423116] ================================================================== [ 30.423707] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0xcc/0x1e0 [ 30.424125] Write of size 1 at addr ffff8881035f1f00 by task kunit_try_catch/232 [ 30.424455] [ 30.424581] CPU: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.424988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.425921] Call Trace: [ 30.426094] <TASK> [ 30.426266] dump_stack_lvl+0x49/0x62 [ 30.426618] print_report+0x189/0x492 [ 30.426856] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.427154] ? kmalloc_large_oob_right+0xcc/0x1e0 [ 30.427714] kasan_report+0x10c/0x190 [ 30.427971] ? kmalloc_large_oob_right+0xcc/0x1e0 [ 30.428298] __asan_store1+0x65/0x70 [ 30.428627] kmalloc_large_oob_right+0xcc/0x1e0 [ 30.428880] ? kmalloc_oob_16+0x250/0x250 [ 30.429095] ? __kunit_add_resource+0xd1/0x100 [ 30.429400] ? kasan_test_init+0x13e/0x1b0 [ 30.429658] kunit_try_run_case+0x8f/0xd0 [ 30.429878] ? kunit_catch_run_case+0x80/0x80 [ 30.430102] ? kunit_try_catch_throw+0x40/0x40 [ 30.430365] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.430667] kthread+0x17b/0x1b0 [ 30.430879] ? kthread_complete_and_exit+0x30/0x30 [ 30.431148] ret_from_fork+0x22/0x30 [ 30.431584] </TASK> [ 30.431730] [ 30.431817] Allocated by task 232: [ 30.432014] kasan_save_stack+0x41/0x70 [ 30.432304] kasan_set_track+0x25/0x40 [ 30.432581] kasan_save_alloc_info+0x1e/0x30 [ 30.432830] __kasan_kmalloc+0xb6/0xc0 [ 30.433024] kmalloc_trace+0x48/0xb0 [ 30.433280] kmalloc_large_oob_right+0x99/0x1e0 [ 30.433830] kunit_try_run_case+0x8f/0xd0 [ 30.434053] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.434357] kthread+0x17b/0x1b0 [ 30.434663] ret_from_fork+0x22/0x30 [ 30.434860] [ 30.434970] The buggy address belongs to the object at ffff8881035f0000 [ 30.434970] which belongs to the cache kmalloc-8k of size 8192 [ 30.435589] The buggy address is located 7936 bytes inside of [ 30.435589] 8192-byte region [ffff8881035f0000, ffff8881035f2000) [ 30.436141] [ 30.436243] The buggy address belongs to the physical page: [ 30.436617] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1035f0 [ 30.437003] head:(____ptrval____) order:3 compound_mapcount:0 compound_pincount:0 [ 30.437489] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.437778] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100042280 [ 30.438124] raw: 0000000000000000 0000000080020002 00000001ffffffff 0000000000000000 [ 30.438774] page dumped because: kasan: bad access detected [ 30.439040] [ 30.439154] Memory state around the buggy address: [ 30.439392] ffff8881035f1e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.439822] ffff8881035f1e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.440153] >ffff8881035f1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.440564] ^ [ 30.440764] ffff8881035f1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.441087] ffff8881035f2000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.441515] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-pagealloc_uaf
[ 30.401686] ================================================================== [ 30.402533] BUG: KASAN: use-after-free in pagealloc_uaf+0xe7/0x1e0 [ 30.402962] Read of size 1 at addr ffff888103730000 by task kunit_try_catch/231 [ 30.403333] [ 30.403438] CPU: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.404192] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.404601] Call Trace: [ 30.404729] <TASK> [ 30.404850] dump_stack_lvl+0x49/0x62 [ 30.405053] print_report+0x189/0x492 [ 30.405260] ? kasan_addr_to_slab+0xd/0xb0 [ 30.405458] ? pagealloc_uaf+0xe7/0x1e0 [ 30.405640] kasan_report+0x10c/0x190 [ 30.405824] ? pagealloc_uaf+0xe7/0x1e0 [ 30.406012] __asan_load1+0x62/0x70 [ 30.406183] pagealloc_uaf+0xe7/0x1e0 [ 30.407556] ? krealloc_more_oob+0x20/0x20 [ 30.408460] ? __kunit_add_resource+0xd1/0x100 [ 30.409017] ? kasan_test_init+0x13e/0x1b0 [ 30.410552] kunit_try_run_case+0x8f/0xd0 [ 30.411609] ? kunit_catch_run_case+0x80/0x80 [ 30.412566] ? kunit_try_catch_throw+0x40/0x40 [ 30.412797] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.413044] kthread+0x17b/0x1b0 [ 30.413318] ? kthread_complete_and_exit+0x30/0x30 [ 30.413922] ret_from_fork+0x22/0x30 [ 30.414199] </TASK> [ 30.414718] [ 30.414844] The buggy address belongs to the physical page: [ 30.415143] page:(____ptrval____) refcount:0 mapcount:-128 mapping:0000000000000000 index:0x0 pfn:0x103730 [ 30.415589] flags: 0x200000000000000(node=0|zone=2) [ 30.415942] raw: 0200000000000000 ffff88817fffab60 ffff88817fffab60 0000000000000000 [ 30.416401] raw: 0000000000000000 0000000000000004 00000000ffffff7f 0000000000000000 [ 30.416749] page dumped because: kasan: bad access detected [ 30.416989] [ 30.417100] Memory state around the buggy address: [ 30.417440] ffff88810372ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.417768] ffff88810372ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.418058] >ffff888103730000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.418493] ^ [ 30.418679] ffff888103730080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.419000] ffff888103730100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.419649] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 30.382055] ================================================================== [ 30.383276] BUG: KASAN: invalid-free in kfree+0xfa/0x120 [ 30.383563] Free of addr ffff8881036bc001 by task kunit_try_catch/229 [ 30.383865] [ 30.383989] CPU: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.384416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.384801] Call Trace: [ 30.384967] <TASK> [ 30.385100] dump_stack_lvl+0x49/0x62 [ 30.385361] print_report+0x189/0x492 [ 30.385587] ? kasan_addr_to_slab+0xd/0xb0 [ 30.385807] ? kfree+0xfa/0x120 [ 30.386009] kasan_report_invalid_free+0xd8/0x150 [ 30.386295] ? kfree+0xfa/0x120 [ 30.386508] ? kfree+0xfa/0x120 [ 30.386661] __kasan_kfree_large+0x82/0xd0 [ 30.386913] free_large_kmalloc+0x45/0xb0 [ 30.387171] kfree+0xfa/0x120 [ 30.387330] kmalloc_pagealloc_invalid_free+0xa7/0x1b0 [ 30.387610] ? kmalloc_large_oob_right+0x1e0/0x1e0 [ 30.387848] ? __kunit_add_resource+0xd1/0x100 [ 30.388090] ? kasan_test_init+0x13e/0x1b0 [ 30.388394] kunit_try_run_case+0x8f/0xd0 [ 30.388631] ? kunit_catch_run_case+0x80/0x80 [ 30.388826] ? kunit_try_catch_throw+0x40/0x40 [ 30.389088] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.389465] kthread+0x17b/0x1b0 [ 30.389804] ? kthread_complete_and_exit+0x30/0x30 [ 30.390049] ret_from_fork+0x22/0x30 [ 30.390279] </TASK> [ 30.390421] [ 30.390509] The buggy address belongs to the physical page: [ 30.390808] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.391224] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.391894] flags: 0x200000000010000(head|node=0|zone=2) [ 30.392219] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.392927] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.393307] page dumped because: kasan: bad access detected [ 30.393702] [ 30.393896] Memory state around the buggy address: [ 30.394115] ffff8881036bbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.394679] ffff8881036bbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.395099] >ffff8881036bc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.395457] ^ [ 30.395640] ffff8881036bc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.395956] ffff8881036bc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.396302] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_pagealloc_uaf
[ 30.361472] ================================================================== [ 30.362191] BUG: KASAN: use-after-free in kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.363506] Read of size 1 at addr ffff8881036bc000 by task kunit_try_catch/228 [ 30.364386] [ 30.364555] CPU: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.364870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.365204] Call Trace: [ 30.365334] <TASK> [ 30.365447] dump_stack_lvl+0x49/0x62 [ 30.365640] print_report+0x189/0x492 [ 30.365819] ? kasan_addr_to_slab+0xd/0xb0 [ 30.366006] ? kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.366828] kasan_report+0x10c/0x190 [ 30.367143] ? kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.367685] __asan_load1+0x62/0x70 [ 30.367964] kmalloc_pagealloc_uaf+0xad/0x1a0 [ 30.368387] ? kmalloc_pagealloc_invalid_free+0x1b0/0x1b0 [ 30.368862] ? __kunit_add_resource+0xd1/0x100 [ 30.369273] ? kasan_test_init+0x13e/0x1b0 [ 30.369723] kunit_try_run_case+0x8f/0xd0 [ 30.370025] ? kunit_catch_run_case+0x80/0x80 [ 30.370481] ? kunit_try_catch_throw+0x40/0x40 [ 30.370750] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.371036] kthread+0x17b/0x1b0 [ 30.371209] ? kthread_complete_and_exit+0x30/0x30 [ 30.371476] ret_from_fork+0x22/0x30 [ 30.371718] </TASK> [ 30.371866] [ 30.371966] The buggy address belongs to the physical page: [ 30.372298] page:(____ptrval____) refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.372692] flags: 0x200000000000000(node=0|zone=2) [ 30.373018] raw: 0200000000000000 ffffea00040db008 ffff88815b43b2b8 0000000000000000 [ 30.373539] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 30.373918] page dumped because: kasan: bad access detected [ 30.374738] [ 30.374985] Memory state around the buggy address: [ 30.375566] ffff8881036bbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.375932] ffff8881036bbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.376387] >ffff8881036bc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.376822] ^ [ 30.377404] ffff8881036bc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.378384] ffff8881036bc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 30.378986] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_pagealloc_oob_right
[ 30.339752] ================================================================== [ 30.340376] BUG: KASAN: slab-out-of-bounds in kmalloc_pagealloc_oob_right+0xad/0x1c0 [ 30.340804] Write of size 1 at addr ffff8881036be00a by task kunit_try_catch/227 [ 30.341154] [ 30.341655] CPU: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.342325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.342969] Call Trace: [ 30.343132] <TASK> [ 30.343613] dump_stack_lvl+0x49/0x62 [ 30.343862] print_report+0x189/0x492 [ 30.344224] ? kasan_addr_to_slab+0xd/0xb0 [ 30.344665] ? kmalloc_pagealloc_oob_right+0xad/0x1c0 [ 30.345082] kasan_report+0x10c/0x190 [ 30.345508] ? kasan_poison+0x55/0x70 [ 30.345881] ? kmalloc_pagealloc_oob_right+0xad/0x1c0 [ 30.346362] __asan_store1+0x65/0x70 [ 30.346761] kmalloc_pagealloc_oob_right+0xad/0x1c0 [ 30.347025] ? kmalloc_pagealloc_uaf+0x1a0/0x1a0 [ 30.347290] ? kmalloc_pagealloc_uaf+0x1a0/0x1a0 [ 30.347795] ? kunit_try_run_case+0x84/0xd0 [ 30.348206] ? __kunit_add_resource+0xd1/0x100 [ 30.348633] kunit_try_run_case+0x8f/0xd0 [ 30.349054] ? kunit_catch_run_case+0x80/0x80 [ 30.349521] ? kunit_try_catch_throw+0x40/0x40 [ 30.349935] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.350549] kthread+0x17b/0x1b0 [ 30.350957] ? kthread_complete_and_exit+0x30/0x30 [ 30.351419] ret_from_fork+0x22/0x30 [ 30.351922] </TASK> [ 30.352068] [ 30.352173] The buggy address belongs to the physical page: [ 30.352761] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036bc [ 30.353294] head:(____ptrval____) order:2 compound_mapcount:0 compound_pincount:0 [ 30.353785] flags: 0x200000000010000(head|node=0|zone=2) [ 30.354116] raw: 0200000000010000 0000000000000000 dead000000000122 0000000000000000 [ 30.354643] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 30.355028] page dumped because: kasan: bad access detected [ 30.355303] [ 30.355575] Memory state around the buggy address: [ 30.355820] ffff8881036bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.356185] ffff8881036bdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.356675] >ffff8881036be000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.357045] ^ [ 30.357264] ffff8881036be080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.357643] ffff8881036be100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 30.358091] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 30.307067] ================================================================== [ 30.308395] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0xd0/0x1f0 [ 30.308709] Read of size 1 at addr ffff888103619000 by task kunit_try_catch/226 [ 30.308981] [ 30.309099] CPU: 1 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.310350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.311405] Call Trace: [ 30.311824] <TASK> [ 30.312074] dump_stack_lvl+0x49/0x62 [ 30.312549] print_report+0x189/0x492 [ 30.312746] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.313560] ? kmalloc_node_oob_right+0xd0/0x1f0 [ 30.314022] kasan_report+0x10c/0x190 [ 30.314456] ? kmalloc_node_oob_right+0xd0/0x1f0 [ 30.314945] __asan_load1+0x62/0x70 [ 30.315367] kmalloc_node_oob_right+0xd0/0x1f0 [ 30.315815] ? pagealloc_uaf+0x1e0/0x1e0 [ 30.316153] ? __kunit_add_resource+0xd1/0x100 [ 30.316710] kunit_try_run_case+0x8f/0xd0 [ 30.317207] ? kunit_catch_run_case+0x80/0x80 [ 30.317563] ? kunit_try_catch_throw+0x40/0x40 [ 30.317869] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.318470] kthread+0x17b/0x1b0 [ 30.318822] ? kthread_complete_and_exit+0x30/0x30 [ 30.319319] ret_from_fork+0x22/0x30 [ 30.319811] </TASK> [ 30.320040] [ 30.320170] Allocated by task 226: [ 30.320533] kasan_save_stack+0x41/0x70 [ 30.320949] kasan_set_track+0x25/0x40 [ 30.321240] kasan_save_alloc_info+0x1e/0x30 [ 30.321761] __kasan_kmalloc+0xb6/0xc0 [ 30.322077] kmalloc_node_trace+0x45/0xb0 [ 30.322390] kmalloc_node_oob_right+0x9d/0x1f0 [ 30.322900] kunit_try_run_case+0x8f/0xd0 [ 30.323434] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.324031] kthread+0x17b/0x1b0 [ 30.324403] ret_from_fork+0x22/0x30 [ 30.324575] [ 30.324662] The buggy address belongs to the object at ffff888103618000 [ 30.324662] which belongs to the cache kmalloc-4k of size 4096 [ 30.325104] The buggy address is located 0 bytes to the right of [ 30.325104] 4096-byte region [ffff888103618000, ffff888103619000) [ 30.326323] [ 30.326528] The buggy address belongs to the physical page: [ 30.327184] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103618 [ 30.328210] head:(____ptrval____) order:3 compound_mapcount:0 compound_pincount:0 [ 30.329094] flags: 0x200000000010200(slab|head|node=0|zone=2) [ 30.329914] raw: 0200000000010200 0000000000000000 dead000000000122 ffff888100042140 [ 30.330764] raw: 0000000000000000 0000000080040004 00000001ffffffff 0000000000000000 [ 30.331662] page dumped because: kasan: bad access detected [ 30.331928] [ 30.332015] Memory state around the buggy address: [ 30.332213] ffff888103618f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.332920] ffff888103618f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 30.333706] >ffff888103619000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.334397] ^ [ 30.334754] ffff888103619080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.335460] ffff888103619100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.335903] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 30.273889] ================================================================== [ 30.274291] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0xcb/0x1e0 [ 30.274625] Read of size 1 at addr ffff888102f54abf by task kunit_try_catch/225 [ 30.274989] [ 30.275135] CPU: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.275585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.276098] Call Trace: [ 30.276285] <TASK> [ 30.276414] dump_stack_lvl+0x49/0x62 [ 30.276653] print_report+0x189/0x492 [ 30.276936] ? kasan_complete_mode_report_info+0x7c/0x200 [ 30.277300] ? kmalloc_oob_left+0xcb/0x1e0 [ 30.277546] kasan_report+0x10c/0x190 [ 30.277789] ? kmalloc_oob_left+0xcb/0x1e0 [ 30.278086] __asan_load1+0x62/0x70 [ 30.278319] kmalloc_oob_left+0xcb/0x1e0 [ 30.278503] ? kmalloc_pagealloc_oob_right+0x1c0/0x1c0 [ 30.278794] ? __kunit_add_resource+0xd1/0x100 [ 30.279123] kunit_try_run_case+0x8f/0xd0 [ 30.279426] ? kunit_catch_run_case+0x80/0x80 [ 30.279658] ? kunit_try_catch_throw+0x40/0x40 [ 30.279934] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.280267] kthread+0x17b/0x1b0 [ 30.280492] ? kthread_complete_and_exit+0x30/0x30 [ 30.280760] ret_from_fork+0x22/0x30 [ 30.281025] </TASK> [ 30.281207] [ 30.281324] Allocated by task 27: [ 30.281539] kasan_save_stack+0x41/0x70 [ 30.281798] kasan_set_track+0x25/0x40 [ 30.282020] kasan_save_alloc_info+0x1e/0x30 [ 30.282296] __kasan_kmalloc+0xb6/0xc0 [ 30.282546] __kmalloc_node_track_caller+0x62/0x170 [ 30.282858] kvasprintf+0xc2/0x150 [ 30.283036] kasprintf+0xb3/0xe0 [ 30.283246] input_devnode+0x3b/0x50 [ 30.283419] device_get_devnode+0xcb/0x150 [ 30.283670] dev_uevent+0x28e/0x410 [ 30.283880] kobject_uevent_env+0x33b/0x890 [ 30.284139] kobject_uevent+0xb/0x20 [ 30.284422] device_add+0x73a/0xf50 [ 30.284662] cdev_device_add+0xf2/0x160 [ 30.284836] evdev_connect+0x228/0x260 [ 30.285064] input_attach_handler.isra.0+0xb8/0xe0 [ 30.285354] input_register_device.cold+0xcc/0x1a3 [ 30.285628] psmouse_connect+0x4f0/0x680 [ 30.285893] serio_driver_probe+0x55/0x70 [ 30.286087] really_probe+0x138/0x520 [ 30.286439] __driver_probe_device+0xcd/0x1d0 [ 30.286682] driver_probe_device+0x4f/0x100 [ 30.286938] __driver_attach+0x13c/0x290 [ 30.287213] bus_for_each_dev+0x10c/0x160 [ 30.287453] driver_attach+0x2b/0x40 [ 30.287664] serio_handle_event+0x199/0x3c0 [ 30.287847] process_one_work+0x444/0x750 [ 30.288089] worker_thread+0x91/0x6c0 [ 30.288434] kthread+0x17b/0x1b0 [ 30.288634] ret_from_fork+0x22/0x30 [ 30.288942] [ 30.289103] Freed by task 27: [ 30.289283] kasan_save_stack+0x41/0x70 [ 30.289496] kasan_set_track+0x25/0x40 [ 30.289669] kasan_save_free_info+0x2e/0x50 [ 30.290031] ____kasan_slab_free+0x175/0x1d0 [ 30.290331] __kasan_slab_free+0x12/0x20 [ 30.290592] __kmem_cache_free+0x188/0x2f0 [ 30.290847] kfree+0x78/0x120 [ 30.291052] dev_uevent+0x2e1/0x410 [ 30.291314] kobject_uevent_env+0x33b/0x890 [ 30.291585] kobject_uevent+0xb/0x20 [ 30.291797] device_add+0x73a/0xf50 [ 30.292001] cdev_device_add+0xf2/0x160 [ 30.292439] evdev_connect+0x228/0x260 [ 30.292683] input_attach_handler.isra.0+0xb8/0xe0 [ 30.292877] input_register_device.cold+0xcc/0x1a3 [ 30.293251] psmouse_connect+0x4f0/0x680 [ 30.293693] serio_driver_probe+0x55/0x70 [ 30.293991] really_probe+0x138/0x520 [ 30.294255] __driver_probe_device+0xcd/0x1d0 [ 30.294571] driver_probe_device+0x4f/0x100 [ 30.294852] __driver_attach+0x13c/0x290 [ 30.295070] bus_for_each_dev+0x10c/0x160 [ 30.295333] driver_attach+0x2b/0x40 [ 30.295577] serio_handle_event+0x199/0x3c0 [ 30.295814] process_one_work+0x444/0x750 [ 30.296156] worker_thread+0x91/0x6c0 [ 30.296367] kthread+0x17b/0x1b0 [ 30.296516] ret_from_fork+0x22/0x30 [ 30.296790] [ 30.296950] The buggy address belongs to the object at ffff888102f54aa0 [ 30.296950] which belongs to the cache kmalloc-16 of size 16 [ 30.297614] The buggy address is located 15 bytes to the right of [ 30.297614] 16-byte region [ffff888102f54aa0, ffff888102f54ab0) [ 30.298196] [ 30.298356] The buggy address belongs to the physical page: [ 30.298627] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102f54 [ 30.298974] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.299338] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000413c0 [ 30.299857] raw: 0000000000000000 0000000080800080 00000001ffffffff 0000000000000000 [ 30.300176] page dumped because: kasan: bad access detected [ 30.300600] [ 30.300700] Memory state around the buggy address: [ 30.300954] ffff888102f54980: 00 02 fc fc 00 05 fc fc 00 02 fc fc 00 02 fc fc [ 30.301298] ffff888102f54a00: 00 02 fc fc 00 02 fc fc fa fb fc fc fa fb fc fc [ 30.301684] >ffff888102f54a80: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 30.302025] ^ [ 30.302310] ffff888102f54b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.302650] ffff888102f54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.302990] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 30.228966] ================================================================== [ 30.229459] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xfd/0x310 [ 30.229823] Write of size 1 at addr ffff8881030daf78 by task kunit_try_catch/224 [ 30.230136] [ 30.230297] CPU: 1 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.230772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.231354] Call Trace: [ 30.231520] <TASK> [ 30.231661] dump_stack_lvl+0x49/0x62 [ 30.231858] print_report+0x189/0x492 [ 30.232065] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.232489] ? kmalloc_oob_right+0xfd/0x310 [ 30.232750] kasan_report+0x10c/0x190 [ 30.232980] ? kmalloc_oob_right+0xfd/0x310 [ 30.233239] __asan_store1+0x65/0x70 [ 30.233565] kmalloc_oob_right+0xfd/0x310 [ 30.233817] ? kmalloc_oob_left+0x1e0/0x1e0 [ 30.234038] ? __kunit_add_resource+0xd1/0x100 [ 30.234365] kunit_try_run_case+0x8f/0xd0 [ 30.234648] ? kunit_catch_run_case+0x80/0x80 [ 30.234849] ? kunit_try_catch_throw+0x40/0x40 [ 30.235085] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.235494] kthread+0x17b/0x1b0 [ 30.235662] ? kthread_complete_and_exit+0x30/0x30 [ 30.236174] ret_from_fork+0x22/0x30 [ 30.236459] </TASK> [ 30.236593] [ 30.236693] Allocated by task 224: [ 30.236840] kasan_save_stack+0x41/0x70 [ 30.237073] kasan_set_track+0x25/0x40 [ 30.237362] kasan_save_alloc_info+0x1e/0x30 [ 30.237621] __kasan_kmalloc+0xb6/0xc0 [ 30.237844] kmalloc_trace+0x48/0xb0 [ 30.238027] kmalloc_oob_right+0x9b/0x310 [ 30.238339] kunit_try_run_case+0x8f/0xd0 [ 30.238595] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.238860] kthread+0x17b/0x1b0 [ 30.239041] ret_from_fork+0x22/0x30 [ 30.239233] [ 30.239320] The buggy address belongs to the object at ffff8881030daf00 [ 30.239320] which belongs to the cache kmalloc-128 of size 128 [ 30.239933] The buggy address is located 120 bytes inside of [ 30.239933] 128-byte region [ffff8881030daf00, ffff8881030daf80) [ 30.240588] [ 30.240751] The buggy address belongs to the physical page: [ 30.241013] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030da [ 30.241452] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.241754] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.242169] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.242576] page dumped because: kasan: bad access detected [ 30.242785] [ 30.242871] Memory state around the buggy address: [ 30.243124] ffff8881030dae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.243764] ffff8881030dae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.244019] >ffff8881030daf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.244822] ^ [ 30.245745] ffff8881030daf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.246524] ffff8881030db000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 30.246942] ================================================================== [ 30.200455] ================================================================== [ 30.201366] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0xcb/0x310 [ 30.202474] Write of size 1 at addr ffff8881030daf73 by task kunit_try_catch/224 [ 30.203234] [ 30.203814] CPU: 1 PID: 224 Comm: kunit_try_catch Tainted: G N 6.1.146-rc1 #1 [ 30.204291] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.205534] Call Trace: [ 30.205878] <TASK> [ 30.206126] dump_stack_lvl+0x49/0x62 [ 30.206796] print_report+0x189/0x492 [ 30.207290] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.207933] ? kmalloc_oob_right+0xcb/0x310 [ 30.208141] kasan_report+0x10c/0x190 [ 30.208575] ? kmalloc_oob_right+0xcb/0x310 [ 30.209100] __asan_store1+0x65/0x70 [ 30.209563] kmalloc_oob_right+0xcb/0x310 [ 30.209828] ? kmalloc_oob_left+0x1e0/0x1e0 [ 30.210303] ? __kunit_add_resource+0xd1/0x100 [ 30.210857] kunit_try_run_case+0x8f/0xd0 [ 30.211146] ? kunit_catch_run_case+0x80/0x80 [ 30.211668] ? kunit_try_catch_throw+0x40/0x40 [ 30.211885] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.212117] kthread+0x17b/0x1b0 [ 30.212438] ? kthread_complete_and_exit+0x30/0x30 [ 30.213002] ret_from_fork+0x22/0x30 [ 30.213508] </TASK> [ 30.213813] [ 30.214020] Allocated by task 224: [ 30.214509] kasan_save_stack+0x41/0x70 [ 30.214945] kasan_set_track+0x25/0x40 [ 30.215401] kasan_save_alloc_info+0x1e/0x30 [ 30.215668] __kasan_kmalloc+0xb6/0xc0 [ 30.215857] kmalloc_trace+0x48/0xb0 [ 30.216025] kmalloc_oob_right+0x9b/0x310 [ 30.216250] kunit_try_run_case+0x8f/0xd0 [ 30.216723] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.217289] kthread+0x17b/0x1b0 [ 30.217638] ret_from_fork+0x22/0x30 [ 30.217844] [ 30.217985] The buggy address belongs to the object at ffff8881030daf00 [ 30.217985] which belongs to the cache kmalloc-128 of size 128 [ 30.218996] The buggy address is located 115 bytes inside of [ 30.218996] 128-byte region [ffff8881030daf00, ffff8881030daf80) [ 30.220261] [ 30.220587] The buggy address belongs to the physical page: [ 30.221400] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030da [ 30.222722] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.223885] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.224225] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.224575] page dumped because: kasan: bad access detected [ 30.224844] [ 30.224965] Memory state around the buggy address: [ 30.225453] ffff8881030dae00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 30.225805] ffff8881030dae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.226173] >ffff8881030daf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.226529] ^ [ 30.226928] ffff8881030daf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.227309] ffff8881030db000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 30.227736] ================================================================== [ 30.247945] ================================================================== [ 30.248364] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x132/0x310 [ 30.248753] Read of size 1 at addr ffff8881030daf80 by task kunit_try_catch/224 [ 30.249016] [ 30.249134] CPU: 1 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.1.146-rc1 #1 [ 30.249909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 30.250356] Call Trace: [ 30.250482] <TASK> [ 30.250663] dump_stack_lvl+0x49/0x62 [ 30.251067] print_report+0x189/0x492 [ 30.251493] ? kasan_complete_mode_report_info+0x3c/0x200 [ 30.251803] ? kmalloc_oob_right+0x132/0x310 [ 30.252047] kasan_report+0x10c/0x190 [ 30.252431] ? kmalloc_oob_right+0x132/0x310 [ 30.252737] __asan_load1+0x62/0x70 [ 30.252968] kmalloc_oob_right+0x132/0x310 [ 30.253249] ? kmalloc_oob_left+0x1e0/0x1e0 [ 30.253681] ? __kunit_add_resource+0xd1/0x100 [ 30.253929] kunit_try_run_case+0x8f/0xd0 [ 30.254233] ? kunit_catch_run_case+0x80/0x80 [ 30.254458] ? kunit_try_catch_throw+0x40/0x40 [ 30.254756] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.255123] kthread+0x17b/0x1b0 [ 30.255406] ? kthread_complete_and_exit+0x30/0x30 [ 30.255678] ret_from_fork+0x22/0x30 [ 30.255908] </TASK> [ 30.256055] [ 30.256224] Allocated by task 224: [ 30.256391] kasan_save_stack+0x41/0x70 [ 30.256639] kasan_set_track+0x25/0x40 [ 30.256850] kasan_save_alloc_info+0x1e/0x30 [ 30.257077] __kasan_kmalloc+0xb6/0xc0 [ 30.257419] kmalloc_trace+0x48/0xb0 [ 30.257600] kmalloc_oob_right+0x9b/0x310 [ 30.257782] kunit_try_run_case+0x8f/0xd0 [ 30.257964] kunit_generic_run_threadfn_adapter+0x2f/0x50 [ 30.258474] kthread+0x17b/0x1b0 [ 30.258681] ret_from_fork+0x22/0x30 [ 30.259069] [ 30.259204] The buggy address belongs to the object at ffff8881030daf00 [ 30.259204] which belongs to the cache kmalloc-128 of size 128 [ 30.260347] The buggy address is located 0 bytes to the right of [ 30.260347] 128-byte region [ffff8881030daf00, ffff8881030daf80) [ 30.261065] [ 30.261526] The buggy address belongs to the physical page: [ 30.261808] page:(____ptrval____) refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1030da [ 30.262449] flags: 0x200000000000200(slab|node=0|zone=2) [ 30.262908] raw: 0200000000000200 0000000000000000 dead000000000122 ffff8881000418c0 [ 30.263459] raw: 0000000000000000 0000000080100010 00000001ffffffff 0000000000000000 [ 30.263843] page dumped because: kasan: bad access detected [ 30.264629] [ 30.264815] Memory state around the buggy address: [ 30.265570] ffff8881030dae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.266594] ffff8881030daf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 30.267422] >ffff8881030daf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 30.268078] ^ [ 30.268391] ffff8881030db000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fc fc [ 30.269021] ffff8881030db080: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 30.269447] ==================================================================
Failure - lava - job
(no logs available)
Failure - lava - boot-image-retry
(no logs available)
Failure - lava - auto-login-action
(no logs available)
Failure - lava - login-action
(no logs available)
Failure - boot - gcc-13-lkftconfig-kunit
(no logs available)