Date
July 3, 2025, 6:13 p.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.853303] ================================================================== [ 10.853753] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.854037] Read of size 1 at addr ffff8881036bb000 by task kunit_try_catch/158 [ 10.855054] [ 10.855197] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.855251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.855263] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.855282] Call Trace: [ 10.855294] <TASK> [ 10.855309] dump_stack_lvl+0x73/0xb0 [ 10.855846] print_report+0xd1/0x650 [ 10.855881] ? __virt_addr_valid+0x1db/0x2d0 [ 10.855905] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.855927] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.855950] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.855973] kasan_report+0x141/0x180 [ 10.855994] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.856022] __asan_report_load1_noabort+0x18/0x20 [ 10.856045] kmalloc_node_oob_right+0x369/0x3c0 [ 10.856068] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.856093] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.856130] kunit_try_run_case+0x1a5/0x480 [ 10.856152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.856173] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.856194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.856216] ? __kthread_parkme+0x82/0x180 [ 10.856235] ? preempt_count_sub+0x50/0x80 [ 10.856257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.856278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.856300] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.856321] kthread+0x337/0x6f0 [ 10.856340] ? trace_preempt_on+0x20/0xc0 [ 10.856364] ? __pfx_kthread+0x10/0x10 [ 10.856383] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.856402] ? calculate_sigpending+0x7b/0xa0 [ 10.856424] ? __pfx_kthread+0x10/0x10 [ 10.856444] ret_from_fork+0x116/0x1d0 [ 10.856461] ? __pfx_kthread+0x10/0x10 [ 10.856480] ret_from_fork_asm+0x1a/0x30 [ 10.856509] </TASK> [ 10.856520] [ 10.869639] Allocated by task 158: [ 10.870056] kasan_save_stack+0x45/0x70 [ 10.870346] kasan_save_track+0x18/0x40 [ 10.870746] kasan_save_alloc_info+0x3b/0x50 [ 10.871082] __kasan_kmalloc+0xb7/0xc0 [ 10.871470] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.871838] kmalloc_node_oob_right+0xab/0x3c0 [ 10.872071] kunit_try_run_case+0x1a5/0x480 [ 10.872292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.872802] kthread+0x337/0x6f0 [ 10.873170] ret_from_fork+0x116/0x1d0 [ 10.873400] ret_from_fork_asm+0x1a/0x30 [ 10.873687] [ 10.873790] The buggy address belongs to the object at ffff8881036ba000 [ 10.873790] which belongs to the cache kmalloc-4k of size 4096 [ 10.874294] The buggy address is located 0 bytes to the right of [ 10.874294] allocated 4096-byte region [ffff8881036ba000, ffff8881036bb000) [ 10.875184] [ 10.875416] The buggy address belongs to the physical page: [ 10.876016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1036b8 [ 10.876718] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.877036] flags: 0x200000000000040(head|node=0|zone=2) [ 10.877546] page_type: f5(slab) [ 10.877720] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.878004] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.878742] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.879045] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.879611] head: 0200000000000003 ffffea00040dae01 00000000ffffffff 00000000ffffffff [ 10.880077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.880640] page dumped because: kasan: bad access detected [ 10.881006] [ 10.881106] Memory state around the buggy address: [ 10.881335] ffff8881036baf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.881895] ffff8881036baf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.882333] >ffff8881036bb000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.882759] ^ [ 10.883030] ffff8881036bb080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.883529] ffff8881036bb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.883991] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.817101] ================================================================== [ 10.817619] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.818291] Read of size 1 at addr ffff888101745dff by task kunit_try_catch/156 [ 10.819304] [ 10.819524] CPU: 1 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.819572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.819583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.819606] Call Trace: [ 10.819619] <TASK> [ 10.819636] dump_stack_lvl+0x73/0xb0 [ 10.819667] print_report+0xd1/0x650 [ 10.819689] ? __virt_addr_valid+0x1db/0x2d0 [ 10.819712] ? kmalloc_oob_left+0x361/0x3c0 [ 10.819732] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.819752] ? kmalloc_oob_left+0x361/0x3c0 [ 10.819773] kasan_report+0x141/0x180 [ 10.819793] ? kmalloc_oob_left+0x361/0x3c0 [ 10.819818] __asan_report_load1_noabort+0x18/0x20 [ 10.819841] kmalloc_oob_left+0x361/0x3c0 [ 10.819862] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.819883] ? __schedule+0x10cc/0x2b60 [ 10.819904] ? __pfx_read_tsc+0x10/0x10 [ 10.819925] ? ktime_get_ts64+0x86/0x230 [ 10.819950] kunit_try_run_case+0x1a5/0x480 [ 10.819974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.819994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.820017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.820038] ? __kthread_parkme+0x82/0x180 [ 10.820058] ? preempt_count_sub+0x50/0x80 [ 10.820081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.820103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.820140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.820162] kthread+0x337/0x6f0 [ 10.820181] ? trace_preempt_on+0x20/0xc0 [ 10.820204] ? __pfx_kthread+0x10/0x10 [ 10.820223] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.820243] ? calculate_sigpending+0x7b/0xa0 [ 10.820266] ? __pfx_kthread+0x10/0x10 [ 10.820286] ret_from_fork+0x116/0x1d0 [ 10.820303] ? __pfx_kthread+0x10/0x10 [ 10.820322] ret_from_fork_asm+0x1a/0x30 [ 10.820352] </TASK> [ 10.820363] [ 10.831564] Allocated by task 1: [ 10.831885] kasan_save_stack+0x45/0x70 [ 10.832293] kasan_save_track+0x18/0x40 [ 10.832793] kasan_save_alloc_info+0x3b/0x50 [ 10.833224] __kasan_kmalloc+0xb7/0xc0 [ 10.833689] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.833918] kvasprintf+0xc5/0x150 [ 10.834045] __kthread_create_on_node+0x18b/0x3a0 [ 10.834375] kthread_create_on_node+0xab/0xe0 [ 10.834815] create_worker+0x3e5/0x7b0 [ 10.835263] alloc_unbound_pwq+0x8ea/0xdb0 [ 10.835688] apply_wqattrs_prepare+0x332/0xd20 [ 10.836131] apply_workqueue_attrs_locked+0x4d/0xa0 [ 10.836702] alloc_workqueue+0xcc7/0x1ad0 [ 10.836854] latency_fsnotify_init+0x1b/0x50 [ 10.837006] do_one_initcall+0xd8/0x370 [ 10.837205] kernel_init_freeable+0x420/0x6f0 [ 10.837595] kernel_init+0x23/0x1e0 [ 10.837979] ret_from_fork+0x116/0x1d0 [ 10.838423] ret_from_fork_asm+0x1a/0x30 [ 10.838794] [ 10.838953] The buggy address belongs to the object at ffff888101745de0 [ 10.838953] which belongs to the cache kmalloc-16 of size 16 [ 10.840056] The buggy address is located 18 bytes to the right of [ 10.840056] allocated 13-byte region [ffff888101745de0, ffff888101745ded) [ 10.841056] [ 10.841239] The buggy address belongs to the physical page: [ 10.841749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 10.842004] flags: 0x200000000000000(node=0|zone=2) [ 10.842206] page_type: f5(slab) [ 10.842570] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.843374] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.844054] page dumped because: kasan: bad access detected [ 10.844781] [ 10.844916] Memory state around the buggy address: [ 10.845076] ffff888101745c80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 10.845691] ffff888101745d00: fa fb fc fc 00 04 fc fc 00 04 fc fc 00 01 fc fc [ 10.846341] >ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 10.846925] ^ [ 10.847167] ffff888101745e00: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.847885] ffff888101745e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.848646] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.739055] ================================================================== [ 10.740284] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.741921] Write of size 1 at addr ffff8881029db173 by task kunit_try_catch/154 [ 10.742275] [ 10.743251] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.743595] Tainted: [N]=TEST [ 10.743627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.743848] Call Trace: [ 10.743913] <TASK> [ 10.744073] dump_stack_lvl+0x73/0xb0 [ 10.744201] print_report+0xd1/0x650 [ 10.744230] ? __virt_addr_valid+0x1db/0x2d0 [ 10.744255] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.744276] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.744297] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.744339] kasan_report+0x141/0x180 [ 10.744361] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.744418] __asan_report_store1_noabort+0x1b/0x30 [ 10.744439] kmalloc_oob_right+0x6f0/0x7f0 [ 10.744473] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.744495] ? __schedule+0x10cc/0x2b60 [ 10.744517] ? __pfx_read_tsc+0x10/0x10 [ 10.744539] ? ktime_get_ts64+0x86/0x230 [ 10.744565] kunit_try_run_case+0x1a5/0x480 [ 10.744591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.744612] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.744635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.744656] ? __kthread_parkme+0x82/0x180 [ 10.744678] ? preempt_count_sub+0x50/0x80 [ 10.744701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.744724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.744745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.744767] kthread+0x337/0x6f0 [ 10.744786] ? trace_preempt_on+0x20/0xc0 [ 10.744809] ? __pfx_kthread+0x10/0x10 [ 10.744829] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.744849] ? calculate_sigpending+0x7b/0xa0 [ 10.744873] ? __pfx_kthread+0x10/0x10 [ 10.744893] ret_from_fork+0x116/0x1d0 [ 10.744911] ? __pfx_kthread+0x10/0x10 [ 10.744930] ret_from_fork_asm+0x1a/0x30 [ 10.744990] </TASK> [ 10.745062] [ 10.755804] Allocated by task 154: [ 10.756169] kasan_save_stack+0x45/0x70 [ 10.756526] kasan_save_track+0x18/0x40 [ 10.756693] kasan_save_alloc_info+0x3b/0x50 [ 10.756894] __kasan_kmalloc+0xb7/0xc0 [ 10.757087] __kmalloc_cache_noprof+0x189/0x420 [ 10.757292] kmalloc_oob_right+0xa9/0x7f0 [ 10.757460] kunit_try_run_case+0x1a5/0x480 [ 10.757636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.757883] kthread+0x337/0x6f0 [ 10.758026] ret_from_fork+0x116/0x1d0 [ 10.758206] ret_from_fork_asm+0x1a/0x30 [ 10.758530] [ 10.758669] The buggy address belongs to the object at ffff8881029db100 [ 10.758669] which belongs to the cache kmalloc-128 of size 128 [ 10.759236] The buggy address is located 0 bytes to the right of [ 10.759236] allocated 115-byte region [ffff8881029db100, ffff8881029db173) [ 10.759784] [ 10.759984] The buggy address belongs to the physical page: [ 10.760462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 10.760954] flags: 0x200000000000000(node=0|zone=2) [ 10.761598] page_type: f5(slab) [ 10.762067] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.762433] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.762834] page dumped because: kasan: bad access detected [ 10.763078] [ 10.763195] Memory state around the buggy address: [ 10.763628] ffff8881029db000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.763988] ffff8881029db080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.764323] >ffff8881029db100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.764638] ^ [ 10.764960] ffff8881029db180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.765233] ffff8881029db200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.765603] ================================================================== [ 10.766872] ================================================================== [ 10.767523] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.767801] Write of size 1 at addr ffff8881029db178 by task kunit_try_catch/154 [ 10.768101] [ 10.768227] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.768268] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.768280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.768299] Call Trace: [ 10.768311] <TASK> [ 10.768325] dump_stack_lvl+0x73/0xb0 [ 10.768349] print_report+0xd1/0x650 [ 10.768370] ? __virt_addr_valid+0x1db/0x2d0 [ 10.768391] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.768411] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.768432] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.768452] kasan_report+0x141/0x180 [ 10.768473] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.768498] __asan_report_store1_noabort+0x1b/0x30 [ 10.768517] kmalloc_oob_right+0x6bd/0x7f0 [ 10.768538] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.768569] ? __schedule+0x10cc/0x2b60 [ 10.768590] ? __pfx_read_tsc+0x10/0x10 [ 10.768610] ? ktime_get_ts64+0x86/0x230 [ 10.768632] kunit_try_run_case+0x1a5/0x480 [ 10.768654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.768675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.768695] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.768717] ? __kthread_parkme+0x82/0x180 [ 10.768737] ? preempt_count_sub+0x50/0x80 [ 10.768759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.768781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.768802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.768824] kthread+0x337/0x6f0 [ 10.768842] ? trace_preempt_on+0x20/0xc0 [ 10.768864] ? __pfx_kthread+0x10/0x10 [ 10.768883] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.768903] ? calculate_sigpending+0x7b/0xa0 [ 10.768925] ? __pfx_kthread+0x10/0x10 [ 10.768945] ret_from_fork+0x116/0x1d0 [ 10.768962] ? __pfx_kthread+0x10/0x10 [ 10.768981] ret_from_fork_asm+0x1a/0x30 [ 10.769010] </TASK> [ 10.769021] [ 10.775887] Allocated by task 154: [ 10.776016] kasan_save_stack+0x45/0x70 [ 10.776167] kasan_save_track+0x18/0x40 [ 10.776301] kasan_save_alloc_info+0x3b/0x50 [ 10.776457] __kasan_kmalloc+0xb7/0xc0 [ 10.776681] __kmalloc_cache_noprof+0x189/0x420 [ 10.777012] kmalloc_oob_right+0xa9/0x7f0 [ 10.777313] kunit_try_run_case+0x1a5/0x480 [ 10.777476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.777645] kthread+0x337/0x6f0 [ 10.777767] ret_from_fork+0x116/0x1d0 [ 10.777953] ret_from_fork_asm+0x1a/0x30 [ 10.778157] [ 10.778254] The buggy address belongs to the object at ffff8881029db100 [ 10.778254] which belongs to the cache kmalloc-128 of size 128 [ 10.779994] The buggy address is located 5 bytes to the right of [ 10.779994] allocated 115-byte region [ffff8881029db100, ffff8881029db173) [ 10.780741] [ 10.780848] The buggy address belongs to the physical page: [ 10.781202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 10.781719] flags: 0x200000000000000(node=0|zone=2) [ 10.781923] page_type: f5(slab) [ 10.782081] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.782654] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.783201] page dumped because: kasan: bad access detected [ 10.783469] [ 10.783542] Memory state around the buggy address: [ 10.783699] ffff8881029db000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.783915] ffff8881029db080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.784140] >ffff8881029db100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.784350] ^ [ 10.784560] ffff8881029db180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.784771] ffff8881029db200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.784981] ================================================================== [ 10.786889] ================================================================== [ 10.787158] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.787462] Read of size 1 at addr ffff8881029db180 by task kunit_try_catch/154 [ 10.787817] [ 10.788423] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.788470] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.788482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.788503] Call Trace: [ 10.788517] <TASK> [ 10.788530] dump_stack_lvl+0x73/0xb0 [ 10.788557] print_report+0xd1/0x650 [ 10.788579] ? __virt_addr_valid+0x1db/0x2d0 [ 10.788600] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.788620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.788641] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.788661] kasan_report+0x141/0x180 [ 10.788681] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.788706] __asan_report_load1_noabort+0x18/0x20 [ 10.788729] kmalloc_oob_right+0x68a/0x7f0 [ 10.788750] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.788771] ? __schedule+0x10cc/0x2b60 [ 10.788791] ? __pfx_read_tsc+0x10/0x10 [ 10.788811] ? ktime_get_ts64+0x86/0x230 [ 10.788834] kunit_try_run_case+0x1a5/0x480 [ 10.788856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.788876] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.788897] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.788918] ? __kthread_parkme+0x82/0x180 [ 10.788937] ? preempt_count_sub+0x50/0x80 [ 10.788959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.788983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.789005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.789027] kthread+0x337/0x6f0 [ 10.789046] ? trace_preempt_on+0x20/0xc0 [ 10.789068] ? __pfx_kthread+0x10/0x10 [ 10.789087] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.789122] ? calculate_sigpending+0x7b/0xa0 [ 10.789145] ? __pfx_kthread+0x10/0x10 [ 10.789175] ret_from_fork+0x116/0x1d0 [ 10.789193] ? __pfx_kthread+0x10/0x10 [ 10.789213] ret_from_fork_asm+0x1a/0x30 [ 10.789242] </TASK> [ 10.789252] [ 10.798216] Allocated by task 154: [ 10.798889] kasan_save_stack+0x45/0x70 [ 10.799089] kasan_save_track+0x18/0x40 [ 10.799300] kasan_save_alloc_info+0x3b/0x50 [ 10.800896] __kasan_kmalloc+0xb7/0xc0 [ 10.801095] __kmalloc_cache_noprof+0x189/0x420 [ 10.801328] kmalloc_oob_right+0xa9/0x7f0 [ 10.801840] kunit_try_run_case+0x1a5/0x480 [ 10.802022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.802474] kthread+0x337/0x6f0 [ 10.802775] ret_from_fork+0x116/0x1d0 [ 10.802964] ret_from_fork_asm+0x1a/0x30 [ 10.803376] [ 10.803735] The buggy address belongs to the object at ffff8881029db100 [ 10.803735] which belongs to the cache kmalloc-128 of size 128 [ 10.804374] The buggy address is located 13 bytes to the right of [ 10.804374] allocated 115-byte region [ffff8881029db100, ffff8881029db173) [ 10.804926] [ 10.805015] The buggy address belongs to the physical page: [ 10.805262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 10.805836] flags: 0x200000000000000(node=0|zone=2) [ 10.806032] page_type: f5(slab) [ 10.806522] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.806852] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.807295] page dumped because: kasan: bad access detected [ 10.807578] [ 10.807663] Memory state around the buggy address: [ 10.807863] ffff8881029db080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.808173] ffff8881029db100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.808857] >ffff8881029db180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.809159] ^ [ 10.809327] ffff8881029db200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.809825] ffff8881029db280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.810263] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 139.139262] WARNING: CPU: 0 PID: 2766 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 139.139562] Modules linked in: [ 139.139708] CPU: 0 UID: 0 PID: 2766 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 139.140044] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.140225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.140495] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 139.140670] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 139.141516] RSP: 0000:ffff888107687c78 EFLAGS: 00010286 [ 139.142132] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 139.142939] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb3432794 [ 139.143814] RBP: ffff888107687ca0 R08: 0000000000000000 R09: ffffed102b537800 [ 139.144590] R10: ffff88815a9bc007 R11: 0000000000000000 R12: ffffffffb3432780 [ 139.145365] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888107687d38 [ 139.146117] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 139.146793] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.146985] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 139.147243] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 139.148072] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.148911] Call Trace: [ 139.149394] <TASK> [ 139.149728] drm_test_rect_calc_vscale+0x108/0x270 [ 139.150407] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 139.151008] ? __schedule+0x10cc/0x2b60 [ 139.151610] ? __pfx_read_tsc+0x10/0x10 [ 139.152090] ? ktime_get_ts64+0x86/0x230 [ 139.152676] kunit_try_run_case+0x1a5/0x480 [ 139.153411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.153942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.154501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.154980] ? __kthread_parkme+0x82/0x180 [ 139.155543] ? preempt_count_sub+0x50/0x80 [ 139.155991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.156566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.157071] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.157707] kthread+0x337/0x6f0 [ 139.158221] ? trace_preempt_on+0x20/0xc0 [ 139.158507] ? __pfx_kthread+0x10/0x10 [ 139.158656] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.158811] ? calculate_sigpending+0x7b/0xa0 [ 139.158967] ? __pfx_kthread+0x10/0x10 [ 139.159146] ret_from_fork+0x116/0x1d0 [ 139.159415] ? __pfx_kthread+0x10/0x10 [ 139.159601] ret_from_fork_asm+0x1a/0x30 [ 139.159812] </TASK> [ 139.159924] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 139.117123] WARNING: CPU: 0 PID: 2764 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 139.118476] Modules linked in: [ 139.118846] CPU: 0 UID: 0 PID: 2764 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 139.119651] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.120131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.120673] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 139.121026] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 139.121961] RSP: 0000:ffff888102a4fc78 EFLAGS: 00010286 [ 139.122252] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 139.122701] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb343275c [ 139.123084] RBP: ffff888102a4fca0 R08: 0000000000000000 R09: ffffed1020d0eb60 [ 139.123605] R10: ffff888106875b07 R11: 0000000000000000 R12: ffffffffb3432748 [ 139.123916] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102a4fd38 [ 139.124666] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 139.125005] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.125617] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 139.125942] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 139.126532] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.126958] Call Trace: [ 139.127142] <TASK> [ 139.127563] drm_test_rect_calc_vscale+0x108/0x270 [ 139.127806] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 139.128388] ? __schedule+0x10cc/0x2b60 [ 139.128606] ? __pfx_read_tsc+0x10/0x10 [ 139.128791] ? ktime_get_ts64+0x86/0x230 [ 139.129339] kunit_try_run_case+0x1a5/0x480 [ 139.129568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.129792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.130142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.130590] ? __kthread_parkme+0x82/0x180 [ 139.130802] ? preempt_count_sub+0x50/0x80 [ 139.131166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.131587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.131854] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.132459] kthread+0x337/0x6f0 [ 139.132751] ? trace_preempt_on+0x20/0xc0 [ 139.132966] ? __pfx_kthread+0x10/0x10 [ 139.133516] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.133741] ? calculate_sigpending+0x7b/0xa0 [ 139.133957] ? __pfx_kthread+0x10/0x10 [ 139.134162] ret_from_fork+0x116/0x1d0 [ 139.134854] ? __pfx_kthread+0x10/0x10 [ 139.135054] ret_from_fork_asm+0x1a/0x30 [ 139.135565] </TASK> [ 139.135863] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 139.057429] WARNING: CPU: 0 PID: 2752 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 139.058659] Modules linked in: [ 139.059056] CPU: 0 UID: 0 PID: 2752 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 139.060567] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.060846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.062003] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 139.062604] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 139.063658] RSP: 0000:ffff888107317c78 EFLAGS: 00010286 [ 139.063858] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 139.064479] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb3432760 [ 139.064935] RBP: ffff888107317ca0 R08: 0000000000000000 R09: ffffed1020794800 [ 139.065859] R10: ffff888103ca4007 R11: 0000000000000000 R12: ffffffffb3432748 [ 139.066536] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888107317d38 [ 139.066762] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 139.067004] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.067503] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 139.068043] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 139.068594] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.068891] Call Trace: [ 139.069032] <TASK> [ 139.069844] drm_test_rect_calc_hscale+0x108/0x270 [ 139.070254] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 139.070882] ? __schedule+0x10cc/0x2b60 [ 139.071520] ? __pfx_read_tsc+0x10/0x10 [ 139.071693] ? ktime_get_ts64+0x86/0x230 [ 139.072040] kunit_try_run_case+0x1a5/0x480 [ 139.072417] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.072661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.073077] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.073572] ? __kthread_parkme+0x82/0x180 [ 139.073895] ? preempt_count_sub+0x50/0x80 [ 139.074292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.074633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.074973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.075444] kthread+0x337/0x6f0 [ 139.075779] ? trace_preempt_on+0x20/0xc0 [ 139.076073] ? __pfx_kthread+0x10/0x10 [ 139.076421] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.076797] ? calculate_sigpending+0x7b/0xa0 [ 139.077108] ? __pfx_kthread+0x10/0x10 [ 139.077651] ret_from_fork+0x116/0x1d0 [ 139.077808] ? __pfx_kthread+0x10/0x10 [ 139.078044] ret_from_fork_asm+0x1a/0x30 [ 139.078491] </TASK> [ 139.078642] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 139.081367] WARNING: CPU: 1 PID: 2754 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 139.081672] Modules linked in: [ 139.081819] CPU: 1 UID: 0 PID: 2754 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 139.082156] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.082337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.082601] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 139.082779] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 139.085216] RSP: 0000:ffff8881074cfc78 EFLAGS: 00010286 [ 139.085802] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 139.086841] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb3432798 [ 139.088061] RBP: ffff8881074cfca0 R08: 0000000000000000 R09: ffffed1020d10fa0 [ 139.089127] R10: ffff888106887d07 R11: 0000000000000000 R12: ffffffffb3432780 [ 139.089936] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881074cfd38 [ 139.090985] FS: 0000000000000000(0000) GS:ffff8881a5d74000(0000) knlGS:0000000000000000 [ 139.092088] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.092742] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 139.093928] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450443 [ 139.094799] DR3: ffffffffb5450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.095505] Call Trace: [ 139.095882] <TASK> [ 139.096490] drm_test_rect_calc_hscale+0x108/0x270 [ 139.096811] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 139.097000] ? __schedule+0x10cc/0x2b60 [ 139.097168] ? __pfx_read_tsc+0x10/0x10 [ 139.097313] ? ktime_get_ts64+0x86/0x230 [ 139.097462] kunit_try_run_case+0x1a5/0x480 [ 139.097616] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.097777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.097939] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.098902] ? __kthread_parkme+0x82/0x180 [ 139.099337] ? preempt_count_sub+0x50/0x80 [ 139.099622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.099838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.100110] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.100825] kthread+0x337/0x6f0 [ 139.101157] ? trace_preempt_on+0x20/0xc0 [ 139.101530] ? __pfx_kthread+0x10/0x10 [ 139.101857] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.102070] ? calculate_sigpending+0x7b/0xa0 [ 139.102535] ? __pfx_kthread+0x10/0x10 [ 139.102881] ret_from_fork+0x116/0x1d0 [ 139.103226] ? __pfx_kthread+0x10/0x10 [ 139.103584] ret_from_fork_asm+0x1a/0x30 [ 139.103796] </TASK> [ 139.103915] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 47.617030] ================================================================== [ 47.617607] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 47.617607] [ 47.617993] Use-after-free read at 0x(____ptrval____) (in kfence-#133): [ 47.618228] test_krealloc+0x6fc/0xbe0 [ 47.619020] kunit_try_run_case+0x1a5/0x480 [ 47.619384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 47.619739] kthread+0x337/0x6f0 [ 47.619948] ret_from_fork+0x116/0x1d0 [ 47.620160] ret_from_fork_asm+0x1a/0x30 [ 47.620551] [ 47.620657] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 47.620657] [ 47.621164] allocated by task 355 on cpu 0 at 47.616439s (0.004722s ago): [ 47.621626] test_alloc+0x364/0x10f0 [ 47.621897] test_krealloc+0xad/0xbe0 [ 47.622088] kunit_try_run_case+0x1a5/0x480 [ 47.622261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 47.622785] kthread+0x337/0x6f0 [ 47.622975] ret_from_fork+0x116/0x1d0 [ 47.623278] ret_from_fork_asm+0x1a/0x30 [ 47.623568] [ 47.623656] freed by task 355 on cpu 0 at 47.616653s (0.007000s ago): [ 47.624110] krealloc_noprof+0x108/0x340 [ 47.624417] test_krealloc+0x226/0xbe0 [ 47.624753] kunit_try_run_case+0x1a5/0x480 [ 47.624967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 47.625235] kthread+0x337/0x6f0 [ 47.625429] ret_from_fork+0x116/0x1d0 [ 47.625603] ret_from_fork_asm+0x1a/0x30 [ 47.625802] [ 47.625918] CPU: 0 UID: 0 PID: 355 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 47.626790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.626985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.627517] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 47.535322] ================================================================== [ 47.535723] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 47.535723] [ 47.536134] Use-after-free read at 0x(____ptrval____) (in kfence-#132): [ 47.536488] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 47.536968] kunit_try_run_case+0x1a5/0x480 [ 47.537199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 47.537380] kthread+0x337/0x6f0 [ 47.537506] ret_from_fork+0x116/0x1d0 [ 47.537733] ret_from_fork_asm+0x1a/0x30 [ 47.537988] [ 47.538105] kfence-#132: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 47.538105] [ 47.538534] allocated by task 353 on cpu 0 at 47.512400s (0.026132s ago): [ 47.539464] test_alloc+0x2a6/0x10f0 [ 47.539666] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 47.539923] kunit_try_run_case+0x1a5/0x480 [ 47.540395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 47.540728] kthread+0x337/0x6f0 [ 47.540984] ret_from_fork+0x116/0x1d0 [ 47.541253] ret_from_fork_asm+0x1a/0x30 [ 47.541484] [ 47.541587] freed by task 353 on cpu 0 at 47.512507s (0.029077s ago): [ 47.541872] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 47.542048] kunit_try_run_case+0x1a5/0x480 [ 47.542310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 47.542639] kthread+0x337/0x6f0 [ 47.542782] ret_from_fork+0x116/0x1d0 [ 47.542960] ret_from_fork_asm+0x1a/0x30 [ 47.543527] [ 47.543680] CPU: 0 UID: 0 PID: 353 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 47.544103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 47.544283] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 47.545219] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 22.878334] ================================================================== [ 22.878798] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 22.878798] [ 22.879122] Invalid read at 0x(____ptrval____): [ 22.879327] test_invalid_access+0xf0/0x210 [ 22.879661] kunit_try_run_case+0x1a5/0x480 [ 22.879857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.880092] kthread+0x337/0x6f0 [ 22.880775] ret_from_fork+0x116/0x1d0 [ 22.880935] ret_from_fork_asm+0x1a/0x30 [ 22.881535] [ 22.881673] CPU: 0 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 22.882219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.882626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.883005] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 22.656684] ================================================================== [ 22.657086] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.657086] [ 22.657653] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#128): [ 22.658319] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.658598] kunit_try_run_case+0x1a5/0x480 [ 22.658805] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.659039] kthread+0x337/0x6f0 [ 22.659239] ret_from_fork+0x116/0x1d0 [ 22.659451] ret_from_fork_asm+0x1a/0x30 [ 22.659625] [ 22.659747] kfence-#128: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 22.659747] [ 22.660152] allocated by task 343 on cpu 1 at 22.656454s (0.003696s ago): [ 22.660495] test_alloc+0x364/0x10f0 [ 22.660701] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 22.660968] kunit_try_run_case+0x1a5/0x480 [ 22.661193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.661534] kthread+0x337/0x6f0 [ 22.661721] ret_from_fork+0x116/0x1d0 [ 22.661901] ret_from_fork_asm+0x1a/0x30 [ 22.662093] [ 22.662177] freed by task 343 on cpu 1 at 22.656571s (0.005604s ago): [ 22.662389] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.662790] kunit_try_run_case+0x1a5/0x480 [ 22.663024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.663359] kthread+0x337/0x6f0 [ 22.663542] ret_from_fork+0x116/0x1d0 [ 22.663732] ret_from_fork_asm+0x1a/0x30 [ 22.663921] [ 22.664060] CPU: 1 UID: 0 PID: 343 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 22.664665] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.664805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.665188] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 22.448652] ================================================================== [ 22.449083] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 22.449083] [ 22.449612] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#126): [ 22.449911] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 22.450157] kunit_try_run_case+0x1a5/0x480 [ 22.450316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.450601] kthread+0x337/0x6f0 [ 22.450784] ret_from_fork+0x116/0x1d0 [ 22.450957] ret_from_fork_asm+0x1a/0x30 [ 22.451143] [ 22.451226] kfence-#126: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 22.451226] [ 22.451634] allocated by task 341 on cpu 1 at 22.448451s (0.003181s ago): [ 22.452081] test_alloc+0x364/0x10f0 [ 22.452288] test_kmalloc_aligned_oob_read+0x105/0x560 [ 22.452554] kunit_try_run_case+0x1a5/0x480 [ 22.452736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.452990] kthread+0x337/0x6f0 [ 22.453149] ret_from_fork+0x116/0x1d0 [ 22.453321] ret_from_fork_asm+0x1a/0x30 [ 22.453528] [ 22.453626] CPU: 1 UID: 0 PID: 341 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 22.454057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.454246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.454580] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 17.456658] ================================================================== [ 17.457031] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 17.457031] [ 17.457472] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#78): [ 17.458032] test_corruption+0x2d2/0x3e0 [ 17.458251] kunit_try_run_case+0x1a5/0x480 [ 17.458496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.458693] kthread+0x337/0x6f0 [ 17.458869] ret_from_fork+0x116/0x1d0 [ 17.459070] ret_from_fork_asm+0x1a/0x30 [ 17.459266] [ 17.459343] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.459343] [ 17.459768] allocated by task 329 on cpu 1 at 17.456499s (0.003268s ago): [ 17.459990] test_alloc+0x364/0x10f0 [ 17.460184] test_corruption+0xe6/0x3e0 [ 17.460374] kunit_try_run_case+0x1a5/0x480 [ 17.460671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.460848] kthread+0x337/0x6f0 [ 17.461008] ret_from_fork+0x116/0x1d0 [ 17.461212] ret_from_fork_asm+0x1a/0x30 [ 17.461411] [ 17.461505] freed by task 329 on cpu 1 at 17.456589s (0.004913s ago): [ 17.461716] test_corruption+0x2d2/0x3e0 [ 17.461885] kunit_try_run_case+0x1a5/0x480 [ 17.462124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.462434] kthread+0x337/0x6f0 [ 17.462598] ret_from_fork+0x116/0x1d0 [ 17.462731] ret_from_fork_asm+0x1a/0x30 [ 17.462904] [ 17.463025] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.463568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.463761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.464055] ================================================================== [ 17.768584] ================================================================== [ 17.768966] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 17.768966] [ 17.769491] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#81): [ 17.769813] test_corruption+0x216/0x3e0 [ 17.770023] kunit_try_run_case+0x1a5/0x480 [ 17.770190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.770488] kthread+0x337/0x6f0 [ 17.770670] ret_from_fork+0x116/0x1d0 [ 17.770866] ret_from_fork_asm+0x1a/0x30 [ 17.771077] [ 17.771188] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.771188] [ 17.771595] allocated by task 331 on cpu 1 at 17.768466s (0.003126s ago): [ 17.771854] test_alloc+0x2a6/0x10f0 [ 17.772043] test_corruption+0x1cb/0x3e0 [ 17.772242] kunit_try_run_case+0x1a5/0x480 [ 17.772394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.772685] kthread+0x337/0x6f0 [ 17.772860] ret_from_fork+0x116/0x1d0 [ 17.773051] ret_from_fork_asm+0x1a/0x30 [ 17.773214] [ 17.773317] freed by task 331 on cpu 1 at 17.768518s (0.004797s ago): [ 17.773560] test_corruption+0x216/0x3e0 [ 17.773722] kunit_try_run_case+0x1a5/0x480 [ 17.773938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.774210] kthread+0x337/0x6f0 [ 17.774414] ret_from_fork+0x116/0x1d0 [ 17.774570] ret_from_fork_asm+0x1a/0x30 [ 17.774762] [ 17.774861] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.775284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.775485] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.775830] ================================================================== [ 17.664602] ================================================================== [ 17.665036] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 17.665036] [ 17.665510] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#80): [ 17.666669] test_corruption+0x131/0x3e0 [ 17.666890] kunit_try_run_case+0x1a5/0x480 [ 17.667073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.667583] kthread+0x337/0x6f0 [ 17.667760] ret_from_fork+0x116/0x1d0 [ 17.668075] ret_from_fork_asm+0x1a/0x30 [ 17.668302] [ 17.668400] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.668400] [ 17.668782] allocated by task 331 on cpu 1 at 17.664482s (0.004298s ago): [ 17.669085] test_alloc+0x2a6/0x10f0 [ 17.669303] test_corruption+0xe6/0x3e0 [ 17.669481] kunit_try_run_case+0x1a5/0x480 [ 17.669677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.669917] kthread+0x337/0x6f0 [ 17.670092] ret_from_fork+0x116/0x1d0 [ 17.670240] ret_from_fork_asm+0x1a/0x30 [ 17.670528] [ 17.670619] freed by task 331 on cpu 1 at 17.664534s (0.006082s ago): [ 17.670900] test_corruption+0x131/0x3e0 [ 17.671056] kunit_try_run_case+0x1a5/0x480 [ 17.671282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.671543] kthread+0x337/0x6f0 [ 17.671734] ret_from_fork+0x116/0x1d0 [ 17.671906] ret_from_fork_asm+0x1a/0x30 [ 17.672106] [ 17.672203] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.672804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.673006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.673332] ================================================================== [ 17.561203] ================================================================== [ 17.561648] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 17.561648] [ 17.561981] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#79): [ 17.562292] test_corruption+0x2df/0x3e0 [ 17.562442] kunit_try_run_case+0x1a5/0x480 [ 17.562597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.562773] kthread+0x337/0x6f0 [ 17.562901] ret_from_fork+0x116/0x1d0 [ 17.563038] ret_from_fork_asm+0x1a/0x30 [ 17.563309] [ 17.563467] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.563467] [ 17.563795] allocated by task 329 on cpu 1 at 17.560950s (0.002843s ago): [ 17.564017] test_alloc+0x364/0x10f0 [ 17.564217] test_corruption+0x1cb/0x3e0 [ 17.564409] kunit_try_run_case+0x1a5/0x480 [ 17.564690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.564948] kthread+0x337/0x6f0 [ 17.565951] ret_from_fork+0x116/0x1d0 [ 17.566182] ret_from_fork_asm+0x1a/0x30 [ 17.566433] [ 17.566517] freed by task 329 on cpu 1 at 17.561035s (0.005479s ago): [ 17.566793] test_corruption+0x2df/0x3e0 [ 17.566970] kunit_try_run_case+0x1a5/0x480 [ 17.567156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.567546] kthread+0x337/0x6f0 [ 17.567994] ret_from_fork+0x116/0x1d0 [ 17.568200] ret_from_fork_asm+0x1a/0x30 [ 17.568401] [ 17.568509] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.568873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.569087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.569375] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 17.248571] ================================================================== [ 17.248991] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 17.248991] [ 17.249523] Invalid free of 0x(____ptrval____) (in kfence-#76): [ 17.249786] test_invalid_addr_free+0x1e1/0x260 [ 17.249986] kunit_try_run_case+0x1a5/0x480 [ 17.250197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.250474] kthread+0x337/0x6f0 [ 17.250650] ret_from_fork+0x116/0x1d0 [ 17.250857] ret_from_fork_asm+0x1a/0x30 [ 17.251048] [ 17.251134] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.251134] [ 17.251660] allocated by task 325 on cpu 0 at 17.248447s (0.003211s ago): [ 17.252003] test_alloc+0x364/0x10f0 [ 17.252203] test_invalid_addr_free+0xdb/0x260 [ 17.252425] kunit_try_run_case+0x1a5/0x480 [ 17.252676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.252973] kthread+0x337/0x6f0 [ 17.253214] ret_from_fork+0x116/0x1d0 [ 17.253350] ret_from_fork_asm+0x1a/0x30 [ 17.253490] [ 17.253614] CPU: 0 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.254493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.255090] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.255713] ================================================================== [ 17.352586] ================================================================== [ 17.352962] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 17.352962] [ 17.353421] Invalid free of 0x(____ptrval____) (in kfence-#77): [ 17.353874] test_invalid_addr_free+0xfb/0x260 [ 17.354131] kunit_try_run_case+0x1a5/0x480 [ 17.354665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.355126] kthread+0x337/0x6f0 [ 17.355395] ret_from_fork+0x116/0x1d0 [ 17.355598] ret_from_fork_asm+0x1a/0x30 [ 17.355956] [ 17.356167] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.356167] [ 17.356697] allocated by task 327 on cpu 0 at 17.352486s (0.004208s ago): [ 17.357094] test_alloc+0x2a6/0x10f0 [ 17.357298] test_invalid_addr_free+0xdb/0x260 [ 17.357743] kunit_try_run_case+0x1a5/0x480 [ 17.358030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.358395] kthread+0x337/0x6f0 [ 17.358561] ret_from_fork+0x116/0x1d0 [ 17.358774] ret_from_fork_asm+0x1a/0x30 [ 17.359162] [ 17.359311] CPU: 0 UID: 0 PID: 327 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.359899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.360121] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.360671] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 17.144665] ================================================================== [ 17.145074] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 17.145074] [ 17.145554] Invalid free of 0x(____ptrval____) (in kfence-#75): [ 17.145802] test_double_free+0x112/0x260 [ 17.146016] kunit_try_run_case+0x1a5/0x480 [ 17.146212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.146468] kthread+0x337/0x6f0 [ 17.146596] ret_from_fork+0x116/0x1d0 [ 17.146745] ret_from_fork_asm+0x1a/0x30 [ 17.146947] [ 17.147044] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.147044] [ 17.147413] allocated by task 323 on cpu 1 at 17.144479s (0.002932s ago): [ 17.147786] test_alloc+0x2a6/0x10f0 [ 17.147976] test_double_free+0xdb/0x260 [ 17.148137] kunit_try_run_case+0x1a5/0x480 [ 17.148284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.148547] kthread+0x337/0x6f0 [ 17.148720] ret_from_fork+0x116/0x1d0 [ 17.148910] ret_from_fork_asm+0x1a/0x30 [ 17.149091] [ 17.149180] freed by task 323 on cpu 1 at 17.144527s (0.004651s ago): [ 17.149453] test_double_free+0xfa/0x260 [ 17.149642] kunit_try_run_case+0x1a5/0x480 [ 17.149855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.150074] kthread+0x337/0x6f0 [ 17.150255] ret_from_fork+0x116/0x1d0 [ 17.150520] ret_from_fork_asm+0x1a/0x30 [ 17.150694] [ 17.150820] CPU: 1 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.151190] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.151342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.151718] ================================================================== [ 17.040566] ================================================================== [ 17.040992] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 17.040992] [ 17.041490] Invalid free of 0x(____ptrval____) (in kfence-#74): [ 17.041771] test_double_free+0x1d3/0x260 [ 17.041971] kunit_try_run_case+0x1a5/0x480 [ 17.042188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.042445] kthread+0x337/0x6f0 [ 17.042634] ret_from_fork+0x116/0x1d0 [ 17.042830] ret_from_fork_asm+0x1a/0x30 [ 17.042977] [ 17.043078] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.043078] [ 17.043463] allocated by task 321 on cpu 0 at 17.040388s (0.003073s ago): [ 17.043686] test_alloc+0x364/0x10f0 [ 17.043999] test_double_free+0xdb/0x260 [ 17.044222] kunit_try_run_case+0x1a5/0x480 [ 17.044430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.044688] kthread+0x337/0x6f0 [ 17.044836] ret_from_fork+0x116/0x1d0 [ 17.044971] ret_from_fork_asm+0x1a/0x30 [ 17.045122] [ 17.045196] freed by task 321 on cpu 0 at 17.040442s (0.004752s ago): [ 17.047010] test_double_free+0x1e0/0x260 [ 17.047299] kunit_try_run_case+0x1a5/0x480 [ 17.047455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.047755] kthread+0x337/0x6f0 [ 17.048557] ret_from_fork+0x116/0x1d0 [ 17.048909] ret_from_fork_asm+0x1a/0x30 [ 17.049205] [ 17.049307] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.049627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.049764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.051869] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 16.624672] ================================================================== [ 16.625112] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.625112] [ 16.625673] Use-after-free read at 0x(____ptrval____) (in kfence-#70): [ 16.625915] test_use_after_free_read+0x129/0x270 [ 16.626143] kunit_try_run_case+0x1a5/0x480 [ 16.626422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.626616] kthread+0x337/0x6f0 [ 16.626798] ret_from_fork+0x116/0x1d0 [ 16.626992] ret_from_fork_asm+0x1a/0x30 [ 16.627173] [ 16.627276] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.627276] [ 16.627575] allocated by task 313 on cpu 0 at 16.624453s (0.003120s ago): [ 16.627938] test_alloc+0x364/0x10f0 [ 16.628168] test_use_after_free_read+0xdc/0x270 [ 16.628352] kunit_try_run_case+0x1a5/0x480 [ 16.628562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.628785] kthread+0x337/0x6f0 [ 16.628908] ret_from_fork+0x116/0x1d0 [ 16.629079] ret_from_fork_asm+0x1a/0x30 [ 16.629295] [ 16.629476] freed by task 313 on cpu 0 at 16.624518s (0.004956s ago): [ 16.629740] test_use_after_free_read+0x1e7/0x270 [ 16.629957] kunit_try_run_case+0x1a5/0x480 [ 16.630144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.630326] kthread+0x337/0x6f0 [ 16.630449] ret_from_fork+0x116/0x1d0 [ 16.630638] ret_from_fork_asm+0x1a/0x30 [ 16.630875] [ 16.631050] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.631516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.631660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.632061] ================================================================== [ 16.728565] ================================================================== [ 16.729053] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.729053] [ 16.729493] Use-after-free read at 0x(____ptrval____) (in kfence-#71): [ 16.729723] test_use_after_free_read+0x129/0x270 [ 16.730388] kunit_try_run_case+0x1a5/0x480 [ 16.730587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.730830] kthread+0x337/0x6f0 [ 16.730997] ret_from_fork+0x116/0x1d0 [ 16.731191] ret_from_fork_asm+0x1a/0x30 [ 16.731891] [ 16.732141] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.732141] [ 16.732674] allocated by task 315 on cpu 1 at 16.728429s (0.004242s ago): [ 16.732982] test_alloc+0x2a6/0x10f0 [ 16.733151] test_use_after_free_read+0xdc/0x270 [ 16.733337] kunit_try_run_case+0x1a5/0x480 [ 16.733531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.733884] kthread+0x337/0x6f0 [ 16.734039] ret_from_fork+0x116/0x1d0 [ 16.734224] ret_from_fork_asm+0x1a/0x30 [ 16.734382] [ 16.734479] freed by task 315 on cpu 1 at 16.728482s (0.005995s ago): [ 16.734790] test_use_after_free_read+0xfb/0x270 [ 16.734965] kunit_try_run_case+0x1a5/0x480 [ 16.735190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.735471] kthread+0x337/0x6f0 [ 16.735651] ret_from_fork+0x116/0x1d0 [ 16.735809] ret_from_fork_asm+0x1a/0x30 [ 16.735972] [ 16.736071] CPU: 1 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.736589] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.736737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.737066] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 16.312537] ================================================================== [ 16.312934] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.312934] [ 16.313470] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#67): [ 16.313784] test_out_of_bounds_write+0x10d/0x260 [ 16.313997] kunit_try_run_case+0x1a5/0x480 [ 16.314165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.314514] kthread+0x337/0x6f0 [ 16.314698] ret_from_fork+0x116/0x1d0 [ 16.314894] ret_from_fork_asm+0x1a/0x30 [ 16.315056] [ 16.315171] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.315171] [ 16.315951] allocated by task 309 on cpu 1 at 16.312433s (0.003515s ago): [ 16.316323] test_alloc+0x364/0x10f0 [ 16.316803] test_out_of_bounds_write+0xd4/0x260 [ 16.317010] kunit_try_run_case+0x1a5/0x480 [ 16.317246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.317692] kthread+0x337/0x6f0 [ 16.317873] ret_from_fork+0x116/0x1d0 [ 16.318060] ret_from_fork_asm+0x1a/0x30 [ 16.318261] [ 16.318539] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.319076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.319410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.319792] ================================================================== [ 16.520489] ================================================================== [ 16.520865] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.520865] [ 16.521267] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#69): [ 16.521611] test_out_of_bounds_write+0x10d/0x260 [ 16.521786] kunit_try_run_case+0x1a5/0x480 [ 16.521947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.522144] kthread+0x337/0x6f0 [ 16.522278] ret_from_fork+0x116/0x1d0 [ 16.522423] ret_from_fork_asm+0x1a/0x30 [ 16.522573] [ 16.522651] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.522651] [ 16.522934] allocated by task 311 on cpu 0 at 16.520426s (0.002506s ago): [ 16.523300] test_alloc+0x2a6/0x10f0 [ 16.523462] test_out_of_bounds_write+0xd4/0x260 [ 16.523680] kunit_try_run_case+0x1a5/0x480 [ 16.523838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.524024] kthread+0x337/0x6f0 [ 16.524276] ret_from_fork+0x116/0x1d0 [ 16.524503] ret_from_fork_asm+0x1a/0x30 [ 16.524709] [ 16.524837] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.525278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.525425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.525697] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 15.689517] ================================================================== [ 15.690156] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.690156] [ 15.690751] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#61): [ 15.691051] test_out_of_bounds_read+0x126/0x4e0 [ 15.691295] kunit_try_run_case+0x1a5/0x480 [ 15.691546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.691773] kthread+0x337/0x6f0 [ 15.691953] ret_from_fork+0x116/0x1d0 [ 15.692161] ret_from_fork_asm+0x1a/0x30 [ 15.692325] [ 15.692426] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.692426] [ 15.692818] allocated by task 305 on cpu 1 at 15.688368s (0.004447s ago): [ 15.693711] test_alloc+0x364/0x10f0 [ 15.694055] test_out_of_bounds_read+0xed/0x4e0 [ 15.694380] kunit_try_run_case+0x1a5/0x480 [ 15.694689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.695040] kthread+0x337/0x6f0 [ 15.695333] ret_from_fork+0x116/0x1d0 [ 15.695606] ret_from_fork_asm+0x1a/0x30 [ 15.695802] [ 15.695956] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.696634] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.696931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.697469] ================================================================== [ 15.792677] ================================================================== [ 15.793066] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 15.793066] [ 15.793567] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#62): [ 15.794219] test_out_of_bounds_read+0x216/0x4e0 [ 15.794547] kunit_try_run_case+0x1a5/0x480 [ 15.794757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.795006] kthread+0x337/0x6f0 [ 15.795197] ret_from_fork+0x116/0x1d0 [ 15.795790] ret_from_fork_asm+0x1a/0x30 [ 15.795973] [ 15.796078] kfence-#62: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.796078] [ 15.796700] allocated by task 305 on cpu 1 at 15.792500s (0.004197s ago): [ 15.797172] test_alloc+0x364/0x10f0 [ 15.797478] test_out_of_bounds_read+0x1e2/0x4e0 [ 15.797809] kunit_try_run_case+0x1a5/0x480 [ 15.798010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.798242] kthread+0x337/0x6f0 [ 15.798407] ret_from_fork+0x116/0x1d0 [ 15.798766] ret_from_fork_asm+0x1a/0x30 [ 15.799017] [ 15.799142] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.799768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.800054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.800547] ================================================================== [ 16.208415] ================================================================== [ 16.208796] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.208796] [ 16.209170] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#66): [ 16.209546] test_out_of_bounds_read+0x216/0x4e0 [ 16.209764] kunit_try_run_case+0x1a5/0x480 [ 16.209939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.210208] kthread+0x337/0x6f0 [ 16.210401] ret_from_fork+0x116/0x1d0 [ 16.210565] ret_from_fork_asm+0x1a/0x30 [ 16.210759] [ 16.210837] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.210837] [ 16.211220] allocated by task 307 on cpu 1 at 16.208364s (0.002854s ago): [ 16.211571] test_alloc+0x2a6/0x10f0 [ 16.211757] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.211918] kunit_try_run_case+0x1a5/0x480 [ 16.212146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.212473] kthread+0x337/0x6f0 [ 16.212648] ret_from_fork+0x116/0x1d0 [ 16.212798] ret_from_fork_asm+0x1a/0x30 [ 16.212944] [ 16.213040] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.213528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.213825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.214139] ================================================================== [ 16.104516] ================================================================== [ 16.104930] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.104930] [ 16.105538] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#65): [ 16.105800] test_out_of_bounds_read+0x126/0x4e0 [ 16.106030] kunit_try_run_case+0x1a5/0x480 [ 16.106199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.106569] kthread+0x337/0x6f0 [ 16.106698] ret_from_fork+0x116/0x1d0 [ 16.106882] ret_from_fork_asm+0x1a/0x30 [ 16.107194] [ 16.107346] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.107346] [ 16.107687] allocated by task 307 on cpu 1 at 16.104460s (0.003225s ago): [ 16.108031] test_alloc+0x2a6/0x10f0 [ 16.108184] test_out_of_bounds_read+0xed/0x4e0 [ 16.108408] kunit_try_run_case+0x1a5/0x480 [ 16.108705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.108907] kthread+0x337/0x6f0 [ 16.109051] ret_from_fork+0x116/0x1d0 [ 16.109254] ret_from_fork_asm+0x1a/0x30 [ 16.109626] [ 16.109727] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.110211] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.110401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.110827] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 10.914831] ================================================================== [ 10.915939] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 10.915939] [ 10.916364] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#32): [ 10.917229] kmalloc_track_caller_oob_right+0x288/0x520 [ 10.917549] kunit_try_run_case+0x1a5/0x480 [ 10.917710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.917946] kthread+0x337/0x6f0 [ 10.918130] ret_from_fork+0x116/0x1d0 [ 10.918326] ret_from_fork_asm+0x1a/0x30 [ 10.918557] [ 10.918915] kfence-#32: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 10.918915] [ 10.919658] allocated by task 160 on cpu 0 at 10.913167s (0.006430s ago): [ 10.920063] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.920436] kunit_try_run_case+0x1a5/0x480 [ 10.920617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.920835] kthread+0x337/0x6f0 [ 10.920986] ret_from_fork+0x116/0x1d0 [ 10.921179] ret_from_fork_asm+0x1a/0x30 [ 10.921389] [ 10.921671] freed by task 160 on cpu 0 at 10.914355s (0.007242s ago): [ 10.921960] kmalloc_track_caller_oob_right+0x288/0x520 [ 10.922202] kunit_try_run_case+0x1a5/0x480 [ 10.922399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.922645] kthread+0x337/0x6f0 [ 10.922797] ret_from_fork+0x116/0x1d0 [ 10.922981] ret_from_fork_asm+0x1a/0x30 [ 10.923200] [ 10.923329] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.923984] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.924183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.924633] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.559210] ================================================================== [ 15.559536] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.559808] Write of size 1 at addr ffff8881029dbd78 by task kunit_try_catch/303 [ 15.560125] [ 15.560264] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.560308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.560321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.560350] Call Trace: [ 15.560366] <TASK> [ 15.560384] dump_stack_lvl+0x73/0xb0 [ 15.560410] print_report+0xd1/0x650 [ 15.560434] ? __virt_addr_valid+0x1db/0x2d0 [ 15.560457] ? strncpy_from_user+0x1a5/0x1d0 [ 15.560480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.560502] ? strncpy_from_user+0x1a5/0x1d0 [ 15.560526] kasan_report+0x141/0x180 [ 15.560549] ? strncpy_from_user+0x1a5/0x1d0 [ 15.560576] __asan_report_store1_noabort+0x1b/0x30 [ 15.560598] strncpy_from_user+0x1a5/0x1d0 [ 15.560624] copy_user_test_oob+0x760/0x10f0 [ 15.560650] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.560674] ? finish_task_switch.isra.0+0x153/0x700 [ 15.560695] ? __switch_to+0x47/0xf50 [ 15.560721] ? __schedule+0x10cc/0x2b60 [ 15.560743] ? __pfx_read_tsc+0x10/0x10 [ 15.560764] ? ktime_get_ts64+0x86/0x230 [ 15.560788] kunit_try_run_case+0x1a5/0x480 [ 15.560812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.560836] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.560860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.560884] ? __kthread_parkme+0x82/0x180 [ 15.560904] ? preempt_count_sub+0x50/0x80 [ 15.560928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.560954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.560980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.561004] kthread+0x337/0x6f0 [ 15.561025] ? trace_preempt_on+0x20/0xc0 [ 15.561048] ? __pfx_kthread+0x10/0x10 [ 15.561072] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.561092] ? calculate_sigpending+0x7b/0xa0 [ 15.561129] ? __pfx_kthread+0x10/0x10 [ 15.561152] ret_from_fork+0x116/0x1d0 [ 15.561170] ? __pfx_kthread+0x10/0x10 [ 15.561191] ret_from_fork_asm+0x1a/0x30 [ 15.561223] </TASK> [ 15.561234] [ 15.572366] Allocated by task 303: [ 15.572562] kasan_save_stack+0x45/0x70 [ 15.572746] kasan_save_track+0x18/0x40 [ 15.572925] kasan_save_alloc_info+0x3b/0x50 [ 15.573131] __kasan_kmalloc+0xb7/0xc0 [ 15.573316] __kmalloc_noprof+0x1c9/0x500 [ 15.573502] kunit_kmalloc_array+0x25/0x60 [ 15.573693] copy_user_test_oob+0xab/0x10f0 [ 15.573887] kunit_try_run_case+0x1a5/0x480 [ 15.574081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.574292] kthread+0x337/0x6f0 [ 15.574436] ret_from_fork+0x116/0x1d0 [ 15.574577] ret_from_fork_asm+0x1a/0x30 [ 15.574776] [ 15.574873] The buggy address belongs to the object at ffff8881029dbd00 [ 15.574873] which belongs to the cache kmalloc-128 of size 128 [ 15.575385] The buggy address is located 0 bytes to the right of [ 15.575385] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.575879] [ 15.575977] The buggy address belongs to the physical page: [ 15.576248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.576626] flags: 0x200000000000000(node=0|zone=2) [ 15.576835] page_type: f5(slab) [ 15.576974] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.577292] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.577545] page dumped because: kasan: bad access detected [ 15.577796] [ 15.577893] Memory state around the buggy address: [ 15.578121] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.578439] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.578658] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.578981] ^ [ 15.579325] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579585] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.579899] ================================================================== [ 15.541027] ================================================================== [ 15.541681] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.542011] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.542424] [ 15.542519] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.542561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.542574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.542596] Call Trace: [ 15.542610] <TASK> [ 15.542626] dump_stack_lvl+0x73/0xb0 [ 15.542651] print_report+0xd1/0x650 [ 15.542674] ? __virt_addr_valid+0x1db/0x2d0 [ 15.542696] ? strncpy_from_user+0x2e/0x1d0 [ 15.542719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.542741] ? strncpy_from_user+0x2e/0x1d0 [ 15.542765] kasan_report+0x141/0x180 [ 15.542788] ? strncpy_from_user+0x2e/0x1d0 [ 15.542815] kasan_check_range+0x10c/0x1c0 [ 15.542838] __kasan_check_write+0x18/0x20 [ 15.542859] strncpy_from_user+0x2e/0x1d0 [ 15.542881] ? __kasan_check_read+0x15/0x20 [ 15.542903] copy_user_test_oob+0x760/0x10f0 [ 15.542929] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.542952] ? finish_task_switch.isra.0+0x153/0x700 [ 15.542975] ? __switch_to+0x47/0xf50 [ 15.543000] ? __schedule+0x10cc/0x2b60 [ 15.543023] ? __pfx_read_tsc+0x10/0x10 [ 15.543044] ? ktime_get_ts64+0x86/0x230 [ 15.543068] kunit_try_run_case+0x1a5/0x480 [ 15.543092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.543128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.543151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.543174] ? __kthread_parkme+0x82/0x180 [ 15.543195] ? preempt_count_sub+0x50/0x80 [ 15.543224] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.543249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.543272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.543296] kthread+0x337/0x6f0 [ 15.543316] ? trace_preempt_on+0x20/0xc0 [ 15.543340] ? __pfx_kthread+0x10/0x10 [ 15.543361] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.543382] ? calculate_sigpending+0x7b/0xa0 [ 15.543405] ? __pfx_kthread+0x10/0x10 [ 15.543428] ret_from_fork+0x116/0x1d0 [ 15.543449] ? __pfx_kthread+0x10/0x10 [ 15.543471] ret_from_fork_asm+0x1a/0x30 [ 15.543502] </TASK> [ 15.543515] [ 15.550911] Allocated by task 303: [ 15.551110] kasan_save_stack+0x45/0x70 [ 15.551333] kasan_save_track+0x18/0x40 [ 15.551536] kasan_save_alloc_info+0x3b/0x50 [ 15.551751] __kasan_kmalloc+0xb7/0xc0 [ 15.551942] __kmalloc_noprof+0x1c9/0x500 [ 15.552162] kunit_kmalloc_array+0x25/0x60 [ 15.552403] copy_user_test_oob+0xab/0x10f0 [ 15.552579] kunit_try_run_case+0x1a5/0x480 [ 15.552727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.552904] kthread+0x337/0x6f0 [ 15.553027] ret_from_fork+0x116/0x1d0 [ 15.553172] ret_from_fork_asm+0x1a/0x30 [ 15.553418] [ 15.553516] The buggy address belongs to the object at ffff8881029dbd00 [ 15.553516] which belongs to the cache kmalloc-128 of size 128 [ 15.554061] The buggy address is located 0 bytes inside of [ 15.554061] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.554570] [ 15.554645] The buggy address belongs to the physical page: [ 15.554819] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.555064] flags: 0x200000000000000(node=0|zone=2) [ 15.555329] page_type: f5(slab) [ 15.555501] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.555839] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.556187] page dumped because: kasan: bad access detected [ 15.556436] [ 15.556534] Memory state around the buggy address: [ 15.556728] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.556946] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.557175] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.557540] ^ [ 15.557859] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.558193] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.558668] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.523362] ================================================================== [ 15.523710] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.523998] Read of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.524336] [ 15.524442] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.524484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.524497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.524518] Call Trace: [ 15.524533] <TASK> [ 15.524547] dump_stack_lvl+0x73/0xb0 [ 15.524574] print_report+0xd1/0x650 [ 15.524597] ? __virt_addr_valid+0x1db/0x2d0 [ 15.524620] ? copy_user_test_oob+0x604/0x10f0 [ 15.524643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.524666] ? copy_user_test_oob+0x604/0x10f0 [ 15.524690] kasan_report+0x141/0x180 [ 15.524713] ? copy_user_test_oob+0x604/0x10f0 [ 15.524741] kasan_check_range+0x10c/0x1c0 [ 15.524765] __kasan_check_read+0x15/0x20 [ 15.524785] copy_user_test_oob+0x604/0x10f0 [ 15.524811] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.524833] ? finish_task_switch.isra.0+0x153/0x700 [ 15.524856] ? __switch_to+0x47/0xf50 [ 15.524881] ? __schedule+0x10cc/0x2b60 [ 15.524904] ? __pfx_read_tsc+0x10/0x10 [ 15.524925] ? ktime_get_ts64+0x86/0x230 [ 15.524950] kunit_try_run_case+0x1a5/0x480 [ 15.524975] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.524998] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.525022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.525046] ? __kthread_parkme+0x82/0x180 [ 15.525068] ? preempt_count_sub+0x50/0x80 [ 15.525091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.525128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.525152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.525176] kthread+0x337/0x6f0 [ 15.525196] ? trace_preempt_on+0x20/0xc0 [ 15.525221] ? __pfx_kthread+0x10/0x10 [ 15.525243] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.525264] ? calculate_sigpending+0x7b/0xa0 [ 15.525289] ? __pfx_kthread+0x10/0x10 [ 15.525311] ret_from_fork+0x116/0x1d0 [ 15.525341] ? __pfx_kthread+0x10/0x10 [ 15.525362] ret_from_fork_asm+0x1a/0x30 [ 15.525393] </TASK> [ 15.525403] [ 15.532775] Allocated by task 303: [ 15.532935] kasan_save_stack+0x45/0x70 [ 15.533082] kasan_save_track+0x18/0x40 [ 15.533291] kasan_save_alloc_info+0x3b/0x50 [ 15.533511] __kasan_kmalloc+0xb7/0xc0 [ 15.533648] __kmalloc_noprof+0x1c9/0x500 [ 15.533830] kunit_kmalloc_array+0x25/0x60 [ 15.534033] copy_user_test_oob+0xab/0x10f0 [ 15.534250] kunit_try_run_case+0x1a5/0x480 [ 15.534398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.534860] kthread+0x337/0x6f0 [ 15.534983] ret_from_fork+0x116/0x1d0 [ 15.535130] ret_from_fork_asm+0x1a/0x30 [ 15.535334] [ 15.535433] The buggy address belongs to the object at ffff8881029dbd00 [ 15.535433] which belongs to the cache kmalloc-128 of size 128 [ 15.536036] The buggy address is located 0 bytes inside of [ 15.536036] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.536402] [ 15.536476] The buggy address belongs to the physical page: [ 15.536649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.536887] flags: 0x200000000000000(node=0|zone=2) [ 15.537050] page_type: f5(slab) [ 15.537227] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.537566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.538167] page dumped because: kasan: bad access detected [ 15.538449] [ 15.538521] Memory state around the buggy address: [ 15.538679] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.538899] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.539126] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.539399] ^ [ 15.539717] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540045] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.540441] ================================================================== [ 15.504129] ================================================================== [ 15.505092] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.505702] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.506326] [ 15.506415] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.506474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.506487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.506509] Call Trace: [ 15.506532] <TASK> [ 15.506547] dump_stack_lvl+0x73/0xb0 [ 15.506574] print_report+0xd1/0x650 [ 15.506619] ? __virt_addr_valid+0x1db/0x2d0 [ 15.506643] ? copy_user_test_oob+0x557/0x10f0 [ 15.506667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.506690] ? copy_user_test_oob+0x557/0x10f0 [ 15.506715] kasan_report+0x141/0x180 [ 15.506739] ? copy_user_test_oob+0x557/0x10f0 [ 15.506767] kasan_check_range+0x10c/0x1c0 [ 15.506792] __kasan_check_write+0x18/0x20 [ 15.506811] copy_user_test_oob+0x557/0x10f0 [ 15.506837] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.506860] ? finish_task_switch.isra.0+0x153/0x700 [ 15.506883] ? __switch_to+0x47/0xf50 [ 15.506909] ? __schedule+0x10cc/0x2b60 [ 15.506931] ? __pfx_read_tsc+0x10/0x10 [ 15.506952] ? ktime_get_ts64+0x86/0x230 [ 15.506977] kunit_try_run_case+0x1a5/0x480 [ 15.507001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.507024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.507048] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.507071] ? __kthread_parkme+0x82/0x180 [ 15.507093] ? preempt_count_sub+0x50/0x80 [ 15.507127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.507152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.507176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.507206] kthread+0x337/0x6f0 [ 15.507226] ? trace_preempt_on+0x20/0xc0 [ 15.507250] ? __pfx_kthread+0x10/0x10 [ 15.507271] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.507292] ? calculate_sigpending+0x7b/0xa0 [ 15.507319] ? __pfx_kthread+0x10/0x10 [ 15.507342] ret_from_fork+0x116/0x1d0 [ 15.507361] ? __pfx_kthread+0x10/0x10 [ 15.507382] ret_from_fork_asm+0x1a/0x30 [ 15.507412] </TASK> [ 15.507424] [ 15.514975] Allocated by task 303: [ 15.515117] kasan_save_stack+0x45/0x70 [ 15.515325] kasan_save_track+0x18/0x40 [ 15.515522] kasan_save_alloc_info+0x3b/0x50 [ 15.515866] __kasan_kmalloc+0xb7/0xc0 [ 15.516029] __kmalloc_noprof+0x1c9/0x500 [ 15.516182] kunit_kmalloc_array+0x25/0x60 [ 15.516348] copy_user_test_oob+0xab/0x10f0 [ 15.516564] kunit_try_run_case+0x1a5/0x480 [ 15.516771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.517020] kthread+0x337/0x6f0 [ 15.517204] ret_from_fork+0x116/0x1d0 [ 15.517412] ret_from_fork_asm+0x1a/0x30 [ 15.517590] [ 15.517677] The buggy address belongs to the object at ffff8881029dbd00 [ 15.517677] which belongs to the cache kmalloc-128 of size 128 [ 15.518131] The buggy address is located 0 bytes inside of [ 15.518131] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.518644] [ 15.518719] The buggy address belongs to the physical page: [ 15.518893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.519146] flags: 0x200000000000000(node=0|zone=2) [ 15.519362] page_type: f5(slab) [ 15.519531] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.520067] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.520417] page dumped because: kasan: bad access detected [ 15.520667] [ 15.520737] Memory state around the buggy address: [ 15.520894] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.521130] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.521609] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.521936] ^ [ 15.522253] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.522642] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.522905] ================================================================== [ 15.459514] ================================================================== [ 15.459845] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.460344] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.460627] [ 15.460738] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.460783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.460797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.460817] Call Trace: [ 15.460832] <TASK> [ 15.460850] dump_stack_lvl+0x73/0xb0 [ 15.460877] print_report+0xd1/0x650 [ 15.460899] ? __virt_addr_valid+0x1db/0x2d0 [ 15.460922] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.460946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.460969] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.460993] kasan_report+0x141/0x180 [ 15.461016] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.461044] kasan_check_range+0x10c/0x1c0 [ 15.461068] __kasan_check_write+0x18/0x20 [ 15.461088] copy_user_test_oob+0x3fd/0x10f0 [ 15.461126] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.461149] ? finish_task_switch.isra.0+0x153/0x700 [ 15.461171] ? __switch_to+0x47/0xf50 [ 15.461196] ? __schedule+0x10cc/0x2b60 [ 15.461218] ? __pfx_read_tsc+0x10/0x10 [ 15.461240] ? ktime_get_ts64+0x86/0x230 [ 15.461263] kunit_try_run_case+0x1a5/0x480 [ 15.461287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.461310] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.461332] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.461356] ? __kthread_parkme+0x82/0x180 [ 15.461377] ? preempt_count_sub+0x50/0x80 [ 15.461401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.461425] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.461451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.461475] kthread+0x337/0x6f0 [ 15.461495] ? trace_preempt_on+0x20/0xc0 [ 15.461518] ? __pfx_kthread+0x10/0x10 [ 15.461540] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.461561] ? calculate_sigpending+0x7b/0xa0 [ 15.461585] ? __pfx_kthread+0x10/0x10 [ 15.461607] ret_from_fork+0x116/0x1d0 [ 15.461626] ? __pfx_kthread+0x10/0x10 [ 15.461648] ret_from_fork_asm+0x1a/0x30 [ 15.461679] </TASK> [ 15.461690] [ 15.470480] Allocated by task 303: [ 15.470622] kasan_save_stack+0x45/0x70 [ 15.470836] kasan_save_track+0x18/0x40 [ 15.471033] kasan_save_alloc_info+0x3b/0x50 [ 15.471262] __kasan_kmalloc+0xb7/0xc0 [ 15.471431] __kmalloc_noprof+0x1c9/0x500 [ 15.471664] kunit_kmalloc_array+0x25/0x60 [ 15.471908] copy_user_test_oob+0xab/0x10f0 [ 15.472127] kunit_try_run_case+0x1a5/0x480 [ 15.472360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.472537] kthread+0x337/0x6f0 [ 15.472827] ret_from_fork+0x116/0x1d0 [ 15.473612] ret_from_fork_asm+0x1a/0x30 [ 15.473776] [ 15.473878] The buggy address belongs to the object at ffff8881029dbd00 [ 15.473878] which belongs to the cache kmalloc-128 of size 128 [ 15.474573] The buggy address is located 0 bytes inside of [ 15.474573] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.475058] [ 15.475152] The buggy address belongs to the physical page: [ 15.475599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.475939] flags: 0x200000000000000(node=0|zone=2) [ 15.476172] page_type: f5(slab) [ 15.476322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.476842] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.477247] page dumped because: kasan: bad access detected [ 15.477623] [ 15.477704] Memory state around the buggy address: [ 15.477929] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.478270] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.478781] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.479155] ^ [ 15.479653] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.480069] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.480525] ================================================================== [ 15.481558] ================================================================== [ 15.481876] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.482376] Read of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.482651] [ 15.482764] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.482806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.482819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.482841] Call Trace: [ 15.482856] <TASK> [ 15.482871] dump_stack_lvl+0x73/0xb0 [ 15.482898] print_report+0xd1/0x650 [ 15.482921] ? __virt_addr_valid+0x1db/0x2d0 [ 15.482944] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.482967] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.482990] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.483014] kasan_report+0x141/0x180 [ 15.483037] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.483065] kasan_check_range+0x10c/0x1c0 [ 15.483089] __kasan_check_read+0x15/0x20 [ 15.483137] copy_user_test_oob+0x4aa/0x10f0 [ 15.483163] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.483186] ? finish_task_switch.isra.0+0x153/0x700 [ 15.483212] ? __switch_to+0x47/0xf50 [ 15.483396] ? __schedule+0x10cc/0x2b60 [ 15.483421] ? __pfx_read_tsc+0x10/0x10 [ 15.483443] ? ktime_get_ts64+0x86/0x230 [ 15.483467] kunit_try_run_case+0x1a5/0x480 [ 15.483494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.483517] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.483556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.483580] ? __kthread_parkme+0x82/0x180 [ 15.483615] ? preempt_count_sub+0x50/0x80 [ 15.483640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.483665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.483689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.483714] kthread+0x337/0x6f0 [ 15.483735] ? trace_preempt_on+0x20/0xc0 [ 15.483758] ? __pfx_kthread+0x10/0x10 [ 15.483780] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.483802] ? calculate_sigpending+0x7b/0xa0 [ 15.483826] ? __pfx_kthread+0x10/0x10 [ 15.483848] ret_from_fork+0x116/0x1d0 [ 15.483867] ? __pfx_kthread+0x10/0x10 [ 15.483888] ret_from_fork_asm+0x1a/0x30 [ 15.483918] </TASK> [ 15.483931] [ 15.491244] Allocated by task 303: [ 15.491407] kasan_save_stack+0x45/0x70 [ 15.491561] kasan_save_track+0x18/0x40 [ 15.491934] kasan_save_alloc_info+0x3b/0x50 [ 15.492619] __kasan_kmalloc+0xb7/0xc0 [ 15.492822] __kmalloc_noprof+0x1c9/0x500 [ 15.493031] kunit_kmalloc_array+0x25/0x60 [ 15.493480] copy_user_test_oob+0xab/0x10f0 [ 15.493645] kunit_try_run_case+0x1a5/0x480 [ 15.493796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.493975] kthread+0x337/0x6f0 [ 15.494110] ret_from_fork+0x116/0x1d0 [ 15.494656] ret_from_fork_asm+0x1a/0x30 [ 15.494808] [ 15.494883] The buggy address belongs to the object at ffff8881029dbd00 [ 15.494883] which belongs to the cache kmalloc-128 of size 128 [ 15.495547] The buggy address is located 0 bytes inside of [ 15.495547] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.496123] [ 15.496227] The buggy address belongs to the physical page: [ 15.496804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.497481] flags: 0x200000000000000(node=0|zone=2) [ 15.497953] page_type: f5(slab) [ 15.498282] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.498927] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.499497] page dumped because: kasan: bad access detected [ 15.499963] [ 15.500183] Memory state around the buggy address: [ 15.500383] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.501022] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.501711] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.502115] ^ [ 15.502692] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.503083] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.503656] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.432878] ================================================================== [ 15.433244] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.433505] Read of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.433801] [ 15.433910] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.433954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.433968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.433988] Call Trace: [ 15.434002] <TASK> [ 15.434016] dump_stack_lvl+0x73/0xb0 [ 15.434043] print_report+0xd1/0x650 [ 15.434068] ? __virt_addr_valid+0x1db/0x2d0 [ 15.434090] ? _copy_to_user+0x3c/0x70 [ 15.434123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.434146] ? _copy_to_user+0x3c/0x70 [ 15.434166] kasan_report+0x141/0x180 [ 15.434189] ? _copy_to_user+0x3c/0x70 [ 15.434213] kasan_check_range+0x10c/0x1c0 [ 15.434237] __kasan_check_read+0x15/0x20 [ 15.434257] _copy_to_user+0x3c/0x70 [ 15.434277] copy_user_test_oob+0x364/0x10f0 [ 15.434304] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.434327] ? finish_task_switch.isra.0+0x153/0x700 [ 15.434350] ? __switch_to+0x47/0xf50 [ 15.434374] ? __schedule+0x10cc/0x2b60 [ 15.434398] ? __pfx_read_tsc+0x10/0x10 [ 15.434432] ? ktime_get_ts64+0x86/0x230 [ 15.434457] kunit_try_run_case+0x1a5/0x480 [ 15.434481] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.434504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.434528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.434551] ? __kthread_parkme+0x82/0x180 [ 15.434573] ? preempt_count_sub+0x50/0x80 [ 15.434597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.434622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.434645] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.434670] kthread+0x337/0x6f0 [ 15.434690] ? trace_preempt_on+0x20/0xc0 [ 15.434715] ? __pfx_kthread+0x10/0x10 [ 15.434736] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.434757] ? calculate_sigpending+0x7b/0xa0 [ 15.434782] ? __pfx_kthread+0x10/0x10 [ 15.434804] ret_from_fork+0x116/0x1d0 [ 15.434823] ? __pfx_kthread+0x10/0x10 [ 15.434844] ret_from_fork_asm+0x1a/0x30 [ 15.434875] </TASK> [ 15.434887] [ 15.444863] Allocated by task 303: [ 15.445054] kasan_save_stack+0x45/0x70 [ 15.445262] kasan_save_track+0x18/0x40 [ 15.445704] kasan_save_alloc_info+0x3b/0x50 [ 15.445869] __kasan_kmalloc+0xb7/0xc0 [ 15.446172] __kmalloc_noprof+0x1c9/0x500 [ 15.446490] kunit_kmalloc_array+0x25/0x60 [ 15.446670] copy_user_test_oob+0xab/0x10f0 [ 15.446979] kunit_try_run_case+0x1a5/0x480 [ 15.447184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.447533] kthread+0x337/0x6f0 [ 15.447709] ret_from_fork+0x116/0x1d0 [ 15.447888] ret_from_fork_asm+0x1a/0x30 [ 15.448065] [ 15.448171] The buggy address belongs to the object at ffff8881029dbd00 [ 15.448171] which belongs to the cache kmalloc-128 of size 128 [ 15.448887] The buggy address is located 0 bytes inside of [ 15.448887] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.449598] [ 15.449766] The buggy address belongs to the physical page: [ 15.449997] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.450495] flags: 0x200000000000000(node=0|zone=2) [ 15.450796] page_type: f5(slab) [ 15.450969] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.451451] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.451770] page dumped because: kasan: bad access detected [ 15.452008] [ 15.452088] Memory state around the buggy address: [ 15.452316] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.452860] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.453222] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.453752] ^ [ 15.454052] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.454473] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.454839] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 15.399916] ================================================================== [ 15.401077] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.401771] Write of size 121 at addr ffff8881029dbd00 by task kunit_try_catch/303 [ 15.402042] [ 15.402146] CPU: 0 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.402196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.402209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.402233] Call Trace: [ 15.402247] <TASK> [ 15.402269] dump_stack_lvl+0x73/0xb0 [ 15.402299] print_report+0xd1/0x650 [ 15.402335] ? __virt_addr_valid+0x1db/0x2d0 [ 15.402361] ? _copy_from_user+0x32/0x90 [ 15.402380] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.402404] ? _copy_from_user+0x32/0x90 [ 15.402424] kasan_report+0x141/0x180 [ 15.402447] ? _copy_from_user+0x32/0x90 [ 15.402471] kasan_check_range+0x10c/0x1c0 [ 15.402495] __kasan_check_write+0x18/0x20 [ 15.402515] _copy_from_user+0x32/0x90 [ 15.402536] copy_user_test_oob+0x2be/0x10f0 [ 15.402563] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.402586] ? finish_task_switch.isra.0+0x153/0x700 [ 15.402610] ? __switch_to+0x47/0xf50 [ 15.402637] ? __schedule+0x10cc/0x2b60 [ 15.402659] ? __pfx_read_tsc+0x10/0x10 [ 15.402682] ? ktime_get_ts64+0x86/0x230 [ 15.402708] kunit_try_run_case+0x1a5/0x480 [ 15.402732] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.402755] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.402780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.402806] ? __kthread_parkme+0x82/0x180 [ 15.402828] ? preempt_count_sub+0x50/0x80 [ 15.402852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.402877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.402901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.402926] kthread+0x337/0x6f0 [ 15.402946] ? trace_preempt_on+0x20/0xc0 [ 15.402971] ? __pfx_kthread+0x10/0x10 [ 15.402993] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.403015] ? calculate_sigpending+0x7b/0xa0 [ 15.403039] ? __pfx_kthread+0x10/0x10 [ 15.403061] ret_from_fork+0x116/0x1d0 [ 15.403081] ? __pfx_kthread+0x10/0x10 [ 15.403162] ret_from_fork_asm+0x1a/0x30 [ 15.403197] </TASK> [ 15.403218] [ 15.417029] Allocated by task 303: [ 15.417230] kasan_save_stack+0x45/0x70 [ 15.417737] kasan_save_track+0x18/0x40 [ 15.417983] kasan_save_alloc_info+0x3b/0x50 [ 15.418319] __kasan_kmalloc+0xb7/0xc0 [ 15.418528] __kmalloc_noprof+0x1c9/0x500 [ 15.418721] kunit_kmalloc_array+0x25/0x60 [ 15.418909] copy_user_test_oob+0xab/0x10f0 [ 15.419114] kunit_try_run_case+0x1a5/0x480 [ 15.419315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.419546] kthread+0x337/0x6f0 [ 15.419702] ret_from_fork+0x116/0x1d0 [ 15.419876] ret_from_fork_asm+0x1a/0x30 [ 15.420055] [ 15.420598] The buggy address belongs to the object at ffff8881029dbd00 [ 15.420598] which belongs to the cache kmalloc-128 of size 128 [ 15.421500] The buggy address is located 0 bytes inside of [ 15.421500] allocated 120-byte region [ffff8881029dbd00, ffff8881029dbd78) [ 15.422415] [ 15.422533] The buggy address belongs to the physical page: [ 15.422950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 15.423656] flags: 0x200000000000000(node=0|zone=2) [ 15.424150] page_type: f5(slab) [ 15.424329] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.424641] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.424942] page dumped because: kasan: bad access detected [ 15.425179] [ 15.425271] Memory state around the buggy address: [ 15.425872] ffff8881029dbc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.426336] ffff8881029dbc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.426827] >ffff8881029dbd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.427356] ^ [ 15.427856] ffff8881029dbd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.428167] ffff8881029dbe00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.428874] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 15.363893] ================================================================== [ 15.364236] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.364965] Write of size 8 at addr ffff888103348678 by task kunit_try_catch/299 [ 15.365312] [ 15.365465] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.365510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.365523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.365545] Call Trace: [ 15.365559] <TASK> [ 15.365575] dump_stack_lvl+0x73/0xb0 [ 15.365606] print_report+0xd1/0x650 [ 15.365631] ? __virt_addr_valid+0x1db/0x2d0 [ 15.365654] ? copy_to_kernel_nofault+0x99/0x260 [ 15.365699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.365737] ? copy_to_kernel_nofault+0x99/0x260 [ 15.365761] kasan_report+0x141/0x180 [ 15.365784] ? copy_to_kernel_nofault+0x99/0x260 [ 15.365826] kasan_check_range+0x10c/0x1c0 [ 15.365874] __kasan_check_write+0x18/0x20 [ 15.365895] copy_to_kernel_nofault+0x99/0x260 [ 15.365921] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.365945] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.365969] ? finish_task_switch.isra.0+0x153/0x700 [ 15.365992] ? __schedule+0x10cc/0x2b60 [ 15.366015] ? trace_hardirqs_on+0x37/0xe0 [ 15.366050] ? __pfx_read_tsc+0x10/0x10 [ 15.366071] ? ktime_get_ts64+0x86/0x230 [ 15.366108] kunit_try_run_case+0x1a5/0x480 [ 15.366131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.366155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.366180] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.366204] ? __kthread_parkme+0x82/0x180 [ 15.366225] ? preempt_count_sub+0x50/0x80 [ 15.366256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.366281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.366304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.366329] kthread+0x337/0x6f0 [ 15.366349] ? trace_preempt_on+0x20/0xc0 [ 15.366376] ? __pfx_kthread+0x10/0x10 [ 15.366397] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.366419] ? calculate_sigpending+0x7b/0xa0 [ 15.366443] ? __pfx_kthread+0x10/0x10 [ 15.366466] ret_from_fork+0x116/0x1d0 [ 15.366485] ? __pfx_kthread+0x10/0x10 [ 15.366506] ret_from_fork_asm+0x1a/0x30 [ 15.366536] </TASK> [ 15.366549] [ 15.374866] Allocated by task 299: [ 15.375067] kasan_save_stack+0x45/0x70 [ 15.375275] kasan_save_track+0x18/0x40 [ 15.375434] kasan_save_alloc_info+0x3b/0x50 [ 15.375650] __kasan_kmalloc+0xb7/0xc0 [ 15.375852] __kmalloc_cache_noprof+0x189/0x420 [ 15.376038] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.376288] kunit_try_run_case+0x1a5/0x480 [ 15.376490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.376788] kthread+0x337/0x6f0 [ 15.376973] ret_from_fork+0x116/0x1d0 [ 15.377168] ret_from_fork_asm+0x1a/0x30 [ 15.377370] [ 15.378346] The buggy address belongs to the object at ffff888103348600 [ 15.378346] which belongs to the cache kmalloc-128 of size 128 [ 15.378946] The buggy address is located 0 bytes to the right of [ 15.378946] allocated 120-byte region [ffff888103348600, ffff888103348678) [ 15.380183] [ 15.380271] The buggy address belongs to the physical page: [ 15.381032] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348 [ 15.381662] flags: 0x200000000000000(node=0|zone=2) [ 15.381899] page_type: f5(slab) [ 15.382063] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.382713] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.383469] page dumped because: kasan: bad access detected [ 15.383710] [ 15.383805] Memory state around the buggy address: [ 15.384016] ffff888103348500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.384746] ffff888103348580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.385240] >ffff888103348600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.385782] ^ [ 15.386492] ffff888103348680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.387030] ffff888103348700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.387719] ================================================================== [ 15.335874] ================================================================== [ 15.336512] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.336847] Read of size 8 at addr ffff888103348678 by task kunit_try_catch/299 [ 15.337185] [ 15.337298] CPU: 1 UID: 0 PID: 299 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.337349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.337362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.337387] Call Trace: [ 15.337400] <TASK> [ 15.337419] dump_stack_lvl+0x73/0xb0 [ 15.337450] print_report+0xd1/0x650 [ 15.337476] ? __virt_addr_valid+0x1db/0x2d0 [ 15.337501] ? copy_to_kernel_nofault+0x225/0x260 [ 15.337526] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.337549] ? copy_to_kernel_nofault+0x225/0x260 [ 15.337573] kasan_report+0x141/0x180 [ 15.337596] ? copy_to_kernel_nofault+0x225/0x260 [ 15.337624] __asan_report_load8_noabort+0x18/0x20 [ 15.338051] copy_to_kernel_nofault+0x225/0x260 [ 15.338080] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.338120] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.338144] ? finish_task_switch.isra.0+0x153/0x700 [ 15.338170] ? __schedule+0x10cc/0x2b60 [ 15.338194] ? trace_hardirqs_on+0x37/0xe0 [ 15.338231] ? __pfx_read_tsc+0x10/0x10 [ 15.338255] ? ktime_get_ts64+0x86/0x230 [ 15.338281] kunit_try_run_case+0x1a5/0x480 [ 15.338309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.338333] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.338358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.338383] ? __kthread_parkme+0x82/0x180 [ 15.338406] ? preempt_count_sub+0x50/0x80 [ 15.338429] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.338454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.338478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.338503] kthread+0x337/0x6f0 [ 15.338524] ? trace_preempt_on+0x20/0xc0 [ 15.338551] ? __pfx_kthread+0x10/0x10 [ 15.338573] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.338595] ? calculate_sigpending+0x7b/0xa0 [ 15.338621] ? __pfx_kthread+0x10/0x10 [ 15.338644] ret_from_fork+0x116/0x1d0 [ 15.338663] ? __pfx_kthread+0x10/0x10 [ 15.338685] ret_from_fork_asm+0x1a/0x30 [ 15.338717] </TASK> [ 15.338731] [ 15.351008] Allocated by task 299: [ 15.351453] kasan_save_stack+0x45/0x70 [ 15.351780] kasan_save_track+0x18/0x40 [ 15.351963] kasan_save_alloc_info+0x3b/0x50 [ 15.352345] __kasan_kmalloc+0xb7/0xc0 [ 15.352658] __kmalloc_cache_noprof+0x189/0x420 [ 15.352962] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.353399] kunit_try_run_case+0x1a5/0x480 [ 15.353687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.354013] kthread+0x337/0x6f0 [ 15.354336] ret_from_fork+0x116/0x1d0 [ 15.354512] ret_from_fork_asm+0x1a/0x30 [ 15.354847] [ 15.354947] The buggy address belongs to the object at ffff888103348600 [ 15.354947] which belongs to the cache kmalloc-128 of size 128 [ 15.355768] The buggy address is located 0 bytes to the right of [ 15.355768] allocated 120-byte region [ffff888103348600, ffff888103348678) [ 15.356496] [ 15.356806] The buggy address belongs to the physical page: [ 15.357017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348 [ 15.357641] flags: 0x200000000000000(node=0|zone=2) [ 15.358001] page_type: f5(slab) [ 15.358257] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.358762] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.359065] page dumped because: kasan: bad access detected [ 15.359483] [ 15.359593] Memory state around the buggy address: [ 15.359969] ffff888103348500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.360501] ffff888103348580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.360948] >ffff888103348600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.361478] ^ [ 15.361768] ffff888103348680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.362420] ffff888103348700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.362920] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 14.333663] ================================================================== [ 14.334035] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.334461] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.334762] [ 14.334872] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.334914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.334927] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.334949] Call Trace: [ 14.334964] <TASK> [ 14.334978] dump_stack_lvl+0x73/0xb0 [ 14.335005] print_report+0xd1/0x650 [ 14.335028] ? __virt_addr_valid+0x1db/0x2d0 [ 14.335050] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.335072] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.335108] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.335131] kasan_report+0x141/0x180 [ 14.335154] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.335180] __asan_report_load4_noabort+0x18/0x20 [ 14.335211] kasan_atomics_helper+0x4a84/0x5450 [ 14.335234] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.335256] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.335281] ? kasan_atomics+0x152/0x310 [ 14.335308] kasan_atomics+0x1dc/0x310 [ 14.335331] ? __pfx_kasan_atomics+0x10/0x10 [ 14.335355] ? __pfx_read_tsc+0x10/0x10 [ 14.335376] ? ktime_get_ts64+0x86/0x230 [ 14.335401] kunit_try_run_case+0x1a5/0x480 [ 14.335425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.335448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.335471] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.335495] ? __kthread_parkme+0x82/0x180 [ 14.335517] ? preempt_count_sub+0x50/0x80 [ 14.335565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.335589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.335613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.335636] kthread+0x337/0x6f0 [ 14.335656] ? trace_preempt_on+0x20/0xc0 [ 14.335680] ? __pfx_kthread+0x10/0x10 [ 14.335701] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.335722] ? calculate_sigpending+0x7b/0xa0 [ 14.335745] ? __pfx_kthread+0x10/0x10 [ 14.335767] ret_from_fork+0x116/0x1d0 [ 14.335786] ? __pfx_kthread+0x10/0x10 [ 14.335807] ret_from_fork_asm+0x1a/0x30 [ 14.335838] </TASK> [ 14.335850] [ 14.344930] Allocated by task 283: [ 14.345063] kasan_save_stack+0x45/0x70 [ 14.345395] kasan_save_track+0x18/0x40 [ 14.345813] kasan_save_alloc_info+0x3b/0x50 [ 14.346061] __kasan_kmalloc+0xb7/0xc0 [ 14.346297] __kmalloc_cache_noprof+0x189/0x420 [ 14.346547] kasan_atomics+0x95/0x310 [ 14.346775] kunit_try_run_case+0x1a5/0x480 [ 14.346983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.347265] kthread+0x337/0x6f0 [ 14.347444] ret_from_fork+0x116/0x1d0 [ 14.347632] ret_from_fork_asm+0x1a/0x30 [ 14.347830] [ 14.347928] The buggy address belongs to the object at ffff8881038eb080 [ 14.347928] which belongs to the cache kmalloc-64 of size 64 [ 14.348909] The buggy address is located 0 bytes to the right of [ 14.348909] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.349884] [ 14.350132] The buggy address belongs to the physical page: [ 14.350871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.351623] flags: 0x200000000000000(node=0|zone=2) [ 14.351986] page_type: f5(slab) [ 14.352475] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.352946] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.353567] page dumped because: kasan: bad access detected [ 14.353817] [ 14.353911] Memory state around the buggy address: [ 14.354442] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.354904] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.355677] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.356371] ^ [ 14.356598] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.356878] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.357636] ================================================================== [ 14.496469] ================================================================== [ 14.496792] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.497120] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.498011] [ 14.498322] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.498481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.498499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.498522] Call Trace: [ 14.498544] <TASK> [ 14.498563] dump_stack_lvl+0x73/0xb0 [ 14.498594] print_report+0xd1/0x650 [ 14.498619] ? __virt_addr_valid+0x1db/0x2d0 [ 14.498643] ? kasan_atomics_helper+0x1079/0x5450 [ 14.498667] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.498690] ? kasan_atomics_helper+0x1079/0x5450 [ 14.498712] kasan_report+0x141/0x180 [ 14.498735] ? kasan_atomics_helper+0x1079/0x5450 [ 14.498762] kasan_check_range+0x10c/0x1c0 [ 14.498786] __kasan_check_write+0x18/0x20 [ 14.498805] kasan_atomics_helper+0x1079/0x5450 [ 14.498828] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.498851] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.498875] ? kasan_atomics+0x152/0x310 [ 14.498903] kasan_atomics+0x1dc/0x310 [ 14.498926] ? __pfx_kasan_atomics+0x10/0x10 [ 14.498950] ? __pfx_read_tsc+0x10/0x10 [ 14.498972] ? ktime_get_ts64+0x86/0x230 [ 14.498997] kunit_try_run_case+0x1a5/0x480 [ 14.499022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.499044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.499069] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.499092] ? __kthread_parkme+0x82/0x180 [ 14.499129] ? preempt_count_sub+0x50/0x80 [ 14.499153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.499177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.499207] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.499231] kthread+0x337/0x6f0 [ 14.499251] ? trace_preempt_on+0x20/0xc0 [ 14.499275] ? __pfx_kthread+0x10/0x10 [ 14.499296] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.499318] ? calculate_sigpending+0x7b/0xa0 [ 14.499342] ? __pfx_kthread+0x10/0x10 [ 14.499364] ret_from_fork+0x116/0x1d0 [ 14.499383] ? __pfx_kthread+0x10/0x10 [ 14.499404] ret_from_fork_asm+0x1a/0x30 [ 14.499435] </TASK> [ 14.499448] [ 14.510497] Allocated by task 283: [ 14.510798] kasan_save_stack+0x45/0x70 [ 14.511090] kasan_save_track+0x18/0x40 [ 14.511457] kasan_save_alloc_info+0x3b/0x50 [ 14.511667] __kasan_kmalloc+0xb7/0xc0 [ 14.511846] __kmalloc_cache_noprof+0x189/0x420 [ 14.512069] kasan_atomics+0x95/0x310 [ 14.512256] kunit_try_run_case+0x1a5/0x480 [ 14.512804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.513129] kthread+0x337/0x6f0 [ 14.513389] ret_from_fork+0x116/0x1d0 [ 14.513655] ret_from_fork_asm+0x1a/0x30 [ 14.513945] [ 14.514201] The buggy address belongs to the object at ffff8881038eb080 [ 14.514201] which belongs to the cache kmalloc-64 of size 64 [ 14.514881] The buggy address is located 0 bytes to the right of [ 14.514881] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.515666] [ 14.515776] The buggy address belongs to the physical page: [ 14.516184] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.516628] flags: 0x200000000000000(node=0|zone=2) [ 14.516950] page_type: f5(slab) [ 14.517143] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.517694] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.518034] page dumped because: kasan: bad access detected [ 14.518407] [ 14.518622] Memory state around the buggy address: [ 14.518889] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.519254] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.519770] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.520202] ^ [ 14.520604] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.521011] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.521327] ================================================================== [ 14.826900] ================================================================== [ 14.827587] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 14.827897] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.828320] [ 14.828472] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.828735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.828754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.828776] Call Trace: [ 14.828795] <TASK> [ 14.828810] dump_stack_lvl+0x73/0xb0 [ 14.828839] print_report+0xd1/0x650 [ 14.828862] ? __virt_addr_valid+0x1db/0x2d0 [ 14.828885] ? kasan_atomics_helper+0x177f/0x5450 [ 14.828907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.828929] ? kasan_atomics_helper+0x177f/0x5450 [ 14.828952] kasan_report+0x141/0x180 [ 14.828974] ? kasan_atomics_helper+0x177f/0x5450 [ 14.829000] kasan_check_range+0x10c/0x1c0 [ 14.829025] __kasan_check_write+0x18/0x20 [ 14.829044] kasan_atomics_helper+0x177f/0x5450 [ 14.829067] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.829089] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.829126] ? kasan_atomics+0x152/0x310 [ 14.829154] kasan_atomics+0x1dc/0x310 [ 14.829176] ? __pfx_kasan_atomics+0x10/0x10 [ 14.829200] ? __pfx_read_tsc+0x10/0x10 [ 14.829221] ? ktime_get_ts64+0x86/0x230 [ 14.829246] kunit_try_run_case+0x1a5/0x480 [ 14.829269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.829292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.829315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.829352] ? __kthread_parkme+0x82/0x180 [ 14.829375] ? preempt_count_sub+0x50/0x80 [ 14.829400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.829424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.829447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.829471] kthread+0x337/0x6f0 [ 14.829491] ? trace_preempt_on+0x20/0xc0 [ 14.829515] ? __pfx_kthread+0x10/0x10 [ 14.829536] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.829557] ? calculate_sigpending+0x7b/0xa0 [ 14.829581] ? __pfx_kthread+0x10/0x10 [ 14.829603] ret_from_fork+0x116/0x1d0 [ 14.829622] ? __pfx_kthread+0x10/0x10 [ 14.829644] ret_from_fork_asm+0x1a/0x30 [ 14.829675] </TASK> [ 14.829687] [ 14.839932] Allocated by task 283: [ 14.840320] kasan_save_stack+0x45/0x70 [ 14.840531] kasan_save_track+0x18/0x40 [ 14.840866] kasan_save_alloc_info+0x3b/0x50 [ 14.841142] __kasan_kmalloc+0xb7/0xc0 [ 14.841462] __kmalloc_cache_noprof+0x189/0x420 [ 14.841663] kasan_atomics+0x95/0x310 [ 14.841966] kunit_try_run_case+0x1a5/0x480 [ 14.842192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.842614] kthread+0x337/0x6f0 [ 14.842818] ret_from_fork+0x116/0x1d0 [ 14.843079] ret_from_fork_asm+0x1a/0x30 [ 14.843413] [ 14.843503] The buggy address belongs to the object at ffff8881038eb080 [ 14.843503] which belongs to the cache kmalloc-64 of size 64 [ 14.844233] The buggy address is located 0 bytes to the right of [ 14.844233] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.844839] [ 14.844947] The buggy address belongs to the physical page: [ 14.845199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.845757] flags: 0x200000000000000(node=0|zone=2) [ 14.846031] page_type: f5(slab) [ 14.846217] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.846747] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.847162] page dumped because: kasan: bad access detected [ 14.847442] [ 14.847678] Memory state around the buggy address: [ 14.847989] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.848306] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.848719] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.849127] ^ [ 14.849471] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.849854] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.850272] ================================================================== [ 15.094558] ================================================================== [ 15.094961] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 15.095205] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.095422] [ 15.095624] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.095688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.095702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.095723] Call Trace: [ 15.095736] <TASK> [ 15.095766] dump_stack_lvl+0x73/0xb0 [ 15.095807] print_report+0xd1/0x650 [ 15.095843] ? __virt_addr_valid+0x1db/0x2d0 [ 15.095867] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.095902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.095937] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.095973] kasan_report+0x141/0x180 [ 15.096010] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.096037] kasan_check_range+0x10c/0x1c0 [ 15.096060] __kasan_check_write+0x18/0x20 [ 15.096080] kasan_atomics_helper+0x1eaa/0x5450 [ 15.096117] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.096140] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.096166] ? kasan_atomics+0x152/0x310 [ 15.096193] kasan_atomics+0x1dc/0x310 [ 15.096216] ? __pfx_kasan_atomics+0x10/0x10 [ 15.096242] ? __pfx_read_tsc+0x10/0x10 [ 15.096263] ? ktime_get_ts64+0x86/0x230 [ 15.096287] kunit_try_run_case+0x1a5/0x480 [ 15.096311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.096345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.096368] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.096391] ? __kthread_parkme+0x82/0x180 [ 15.096412] ? preempt_count_sub+0x50/0x80 [ 15.096436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.096460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.096484] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.096507] kthread+0x337/0x6f0 [ 15.096527] ? trace_preempt_on+0x20/0xc0 [ 15.096550] ? __pfx_kthread+0x10/0x10 [ 15.096590] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.096611] ? calculate_sigpending+0x7b/0xa0 [ 15.096636] ? __pfx_kthread+0x10/0x10 [ 15.096658] ret_from_fork+0x116/0x1d0 [ 15.096677] ? __pfx_kthread+0x10/0x10 [ 15.096697] ret_from_fork_asm+0x1a/0x30 [ 15.096728] </TASK> [ 15.096739] [ 15.104319] Allocated by task 283: [ 15.104495] kasan_save_stack+0x45/0x70 [ 15.104687] kasan_save_track+0x18/0x40 [ 15.104877] kasan_save_alloc_info+0x3b/0x50 [ 15.105071] __kasan_kmalloc+0xb7/0xc0 [ 15.105284] __kmalloc_cache_noprof+0x189/0x420 [ 15.105531] kasan_atomics+0x95/0x310 [ 15.105724] kunit_try_run_case+0x1a5/0x480 [ 15.105939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.106155] kthread+0x337/0x6f0 [ 15.106332] ret_from_fork+0x116/0x1d0 [ 15.106528] ret_from_fork_asm+0x1a/0x30 [ 15.106680] [ 15.106775] The buggy address belongs to the object at ffff8881038eb080 [ 15.106775] which belongs to the cache kmalloc-64 of size 64 [ 15.107307] The buggy address is located 0 bytes to the right of [ 15.107307] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.107806] [ 15.107921] The buggy address belongs to the physical page: [ 15.108186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.108514] flags: 0x200000000000000(node=0|zone=2) [ 15.108675] page_type: f5(slab) [ 15.108792] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.109150] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.109597] page dumped because: kasan: bad access detected [ 15.109870] [ 15.109987] Memory state around the buggy address: [ 15.110193] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.110406] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.110806] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.111106] ^ [ 15.111371] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.111658] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.111955] ================================================================== [ 15.130879] ================================================================== [ 15.131289] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 15.131598] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.131923] [ 15.132037] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.132117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.132130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.132151] Call Trace: [ 15.132166] <TASK> [ 15.132180] dump_stack_lvl+0x73/0xb0 [ 15.132207] print_report+0xd1/0x650 [ 15.132230] ? __virt_addr_valid+0x1db/0x2d0 [ 15.132253] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.132274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.132299] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.132321] kasan_report+0x141/0x180 [ 15.132343] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.132370] __asan_report_load8_noabort+0x18/0x20 [ 15.132415] kasan_atomics_helper+0x4f71/0x5450 [ 15.132439] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.132461] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.132486] ? kasan_atomics+0x152/0x310 [ 15.132512] kasan_atomics+0x1dc/0x310 [ 15.132535] ? __pfx_kasan_atomics+0x10/0x10 [ 15.132577] ? __pfx_read_tsc+0x10/0x10 [ 15.132599] ? ktime_get_ts64+0x86/0x230 [ 15.132623] kunit_try_run_case+0x1a5/0x480 [ 15.132647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.132670] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.132693] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.132734] ? __kthread_parkme+0x82/0x180 [ 15.132756] ? preempt_count_sub+0x50/0x80 [ 15.132780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.132804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.132828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.132852] kthread+0x337/0x6f0 [ 15.132872] ? trace_preempt_on+0x20/0xc0 [ 15.132895] ? __pfx_kthread+0x10/0x10 [ 15.132932] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.132968] ? calculate_sigpending+0x7b/0xa0 [ 15.133005] ? __pfx_kthread+0x10/0x10 [ 15.133040] ret_from_fork+0x116/0x1d0 [ 15.133072] ? __pfx_kthread+0x10/0x10 [ 15.133117] ret_from_fork_asm+0x1a/0x30 [ 15.133176] </TASK> [ 15.133188] [ 15.140955] Allocated by task 283: [ 15.141158] kasan_save_stack+0x45/0x70 [ 15.141367] kasan_save_track+0x18/0x40 [ 15.141558] kasan_save_alloc_info+0x3b/0x50 [ 15.141759] __kasan_kmalloc+0xb7/0xc0 [ 15.141927] __kmalloc_cache_noprof+0x189/0x420 [ 15.142195] kasan_atomics+0x95/0x310 [ 15.142407] kunit_try_run_case+0x1a5/0x480 [ 15.142598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.142825] kthread+0x337/0x6f0 [ 15.142948] ret_from_fork+0x116/0x1d0 [ 15.143076] ret_from_fork_asm+0x1a/0x30 [ 15.143318] [ 15.143427] The buggy address belongs to the object at ffff8881038eb080 [ 15.143427] which belongs to the cache kmalloc-64 of size 64 [ 15.143948] The buggy address is located 0 bytes to the right of [ 15.143948] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.144484] [ 15.144578] The buggy address belongs to the physical page: [ 15.144822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.145201] flags: 0x200000000000000(node=0|zone=2) [ 15.145433] page_type: f5(slab) [ 15.145598] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.145883] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.146111] page dumped because: kasan: bad access detected [ 15.146276] [ 15.146345] Memory state around the buggy address: [ 15.146494] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.146701] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.147041] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.147432] ^ [ 15.147677] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.148035] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.148392] ================================================================== [ 15.027658] ================================================================== [ 15.027922] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 15.028201] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.028811] [ 15.028920] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.028962] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.028975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.028996] Call Trace: [ 15.029011] <TASK> [ 15.029026] dump_stack_lvl+0x73/0xb0 [ 15.029052] print_report+0xd1/0x650 [ 15.029075] ? __virt_addr_valid+0x1db/0x2d0 [ 15.029109] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.029132] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.029155] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.029178] kasan_report+0x141/0x180 [ 15.029201] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.029229] kasan_check_range+0x10c/0x1c0 [ 15.029254] __kasan_check_write+0x18/0x20 [ 15.029276] kasan_atomics_helper+0x1ce1/0x5450 [ 15.029303] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.029326] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.029351] ? kasan_atomics+0x152/0x310 [ 15.029379] kasan_atomics+0x1dc/0x310 [ 15.029402] ? __pfx_kasan_atomics+0x10/0x10 [ 15.029426] ? __pfx_read_tsc+0x10/0x10 [ 15.029448] ? ktime_get_ts64+0x86/0x230 [ 15.029471] kunit_try_run_case+0x1a5/0x480 [ 15.029495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.029519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.029543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.029566] ? __kthread_parkme+0x82/0x180 [ 15.029588] ? preempt_count_sub+0x50/0x80 [ 15.029613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.029638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.029662] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.029685] kthread+0x337/0x6f0 [ 15.029705] ? trace_preempt_on+0x20/0xc0 [ 15.029729] ? __pfx_kthread+0x10/0x10 [ 15.029750] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.029773] ? calculate_sigpending+0x7b/0xa0 [ 15.029796] ? __pfx_kthread+0x10/0x10 [ 15.029819] ret_from_fork+0x116/0x1d0 [ 15.029837] ? __pfx_kthread+0x10/0x10 [ 15.029858] ret_from_fork_asm+0x1a/0x30 [ 15.029889] </TASK> [ 15.029901] [ 15.037210] Allocated by task 283: [ 15.037357] kasan_save_stack+0x45/0x70 [ 15.037559] kasan_save_track+0x18/0x40 [ 15.037757] kasan_save_alloc_info+0x3b/0x50 [ 15.037978] __kasan_kmalloc+0xb7/0xc0 [ 15.038178] __kmalloc_cache_noprof+0x189/0x420 [ 15.038477] kasan_atomics+0x95/0x310 [ 15.038655] kunit_try_run_case+0x1a5/0x480 [ 15.038819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.038996] kthread+0x337/0x6f0 [ 15.039128] ret_from_fork+0x116/0x1d0 [ 15.039274] ret_from_fork_asm+0x1a/0x30 [ 15.039417] [ 15.039489] The buggy address belongs to the object at ffff8881038eb080 [ 15.039489] which belongs to the cache kmalloc-64 of size 64 [ 15.039891] The buggy address is located 0 bytes to the right of [ 15.039891] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.040457] [ 15.040556] The buggy address belongs to the physical page: [ 15.040823] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.041431] flags: 0x200000000000000(node=0|zone=2) [ 15.041677] page_type: f5(slab) [ 15.041803] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.042146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.042462] page dumped because: kasan: bad access detected [ 15.042689] [ 15.042788] Memory state around the buggy address: [ 15.042960] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.043190] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.043474] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.043795] ^ [ 15.044024] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.045176] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.045639] ================================================================== [ 14.358541] ================================================================== [ 14.358882] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 14.359215] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.359521] [ 14.359625] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.359668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.359682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.359703] Call Trace: [ 14.359718] <TASK> [ 14.359734] dump_stack_lvl+0x73/0xb0 [ 14.359760] print_report+0xd1/0x650 [ 14.359782] ? __virt_addr_valid+0x1db/0x2d0 [ 14.359806] ? kasan_atomics_helper+0xd47/0x5450 [ 14.359828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.359851] ? kasan_atomics_helper+0xd47/0x5450 [ 14.359874] kasan_report+0x141/0x180 [ 14.359897] ? kasan_atomics_helper+0xd47/0x5450 [ 14.359924] kasan_check_range+0x10c/0x1c0 [ 14.359948] __kasan_check_write+0x18/0x20 [ 14.359968] kasan_atomics_helper+0xd47/0x5450 [ 14.359991] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.360013] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.360038] ? kasan_atomics+0x152/0x310 [ 14.360064] kasan_atomics+0x1dc/0x310 [ 14.360088] ? __pfx_kasan_atomics+0x10/0x10 [ 14.360195] ? __pfx_read_tsc+0x10/0x10 [ 14.360217] ? ktime_get_ts64+0x86/0x230 [ 14.360241] kunit_try_run_case+0x1a5/0x480 [ 14.360267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.360291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.360333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.360357] ? __kthread_parkme+0x82/0x180 [ 14.360377] ? preempt_count_sub+0x50/0x80 [ 14.360401] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.360426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.360449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.360472] kthread+0x337/0x6f0 [ 14.360492] ? trace_preempt_on+0x20/0xc0 [ 14.360514] ? __pfx_kthread+0x10/0x10 [ 14.360536] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.360557] ? calculate_sigpending+0x7b/0xa0 [ 14.360582] ? __pfx_kthread+0x10/0x10 [ 14.360604] ret_from_fork+0x116/0x1d0 [ 14.360622] ? __pfx_kthread+0x10/0x10 [ 14.360644] ret_from_fork_asm+0x1a/0x30 [ 14.360674] </TASK> [ 14.360687] [ 14.368715] Allocated by task 283: [ 14.368901] kasan_save_stack+0x45/0x70 [ 14.369119] kasan_save_track+0x18/0x40 [ 14.369385] kasan_save_alloc_info+0x3b/0x50 [ 14.369563] __kasan_kmalloc+0xb7/0xc0 [ 14.369742] __kmalloc_cache_noprof+0x189/0x420 [ 14.369967] kasan_atomics+0x95/0x310 [ 14.370162] kunit_try_run_case+0x1a5/0x480 [ 14.370347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.370584] kthread+0x337/0x6f0 [ 14.370732] ret_from_fork+0x116/0x1d0 [ 14.370920] ret_from_fork_asm+0x1a/0x30 [ 14.371062] [ 14.371152] The buggy address belongs to the object at ffff8881038eb080 [ 14.371152] which belongs to the cache kmalloc-64 of size 64 [ 14.371796] The buggy address is located 0 bytes to the right of [ 14.371796] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.372456] [ 14.372536] The buggy address belongs to the physical page: [ 14.372712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.372958] flags: 0x200000000000000(node=0|zone=2) [ 14.373262] page_type: f5(slab) [ 14.373465] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.373817] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.374242] page dumped because: kasan: bad access detected [ 14.374520] [ 14.374617] Memory state around the buggy address: [ 14.374849] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.375247] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.375498] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.375805] ^ [ 14.376037] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.376642] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.376949] ================================================================== [ 13.908423] ================================================================== [ 13.908737] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 13.909084] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 13.909473] [ 13.909570] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.910193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.910206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.910228] Call Trace: [ 13.910240] <TASK> [ 13.910256] dump_stack_lvl+0x73/0xb0 [ 13.910283] print_report+0xd1/0x650 [ 13.910306] ? __virt_addr_valid+0x1db/0x2d0 [ 13.910327] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.910348] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.910369] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.910390] kasan_report+0x141/0x180 [ 13.910412] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.910437] __asan_report_store4_noabort+0x1b/0x30 [ 13.910456] kasan_atomics_helper+0x4ba2/0x5450 [ 13.910478] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.910501] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.910539] ? kasan_atomics+0x152/0x310 [ 13.910566] kasan_atomics+0x1dc/0x310 [ 13.910589] ? __pfx_kasan_atomics+0x10/0x10 [ 13.910612] ? __pfx_read_tsc+0x10/0x10 [ 13.910632] ? ktime_get_ts64+0x86/0x230 [ 13.910656] kunit_try_run_case+0x1a5/0x480 [ 13.910679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.910701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.910723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.910745] ? __kthread_parkme+0x82/0x180 [ 13.910765] ? preempt_count_sub+0x50/0x80 [ 13.910788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.910811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.910833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.910856] kthread+0x337/0x6f0 [ 13.910874] ? trace_preempt_on+0x20/0xc0 [ 13.910897] ? __pfx_kthread+0x10/0x10 [ 13.910917] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.910937] ? calculate_sigpending+0x7b/0xa0 [ 13.910959] ? __pfx_kthread+0x10/0x10 [ 13.910984] ret_from_fork+0x116/0x1d0 [ 13.911005] ? __pfx_kthread+0x10/0x10 [ 13.911026] ret_from_fork_asm+0x1a/0x30 [ 13.911057] </TASK> [ 13.911070] [ 13.924205] Allocated by task 283: [ 13.925858] kasan_save_stack+0x45/0x70 [ 13.926036] kasan_save_track+0x18/0x40 [ 13.926363] kasan_save_alloc_info+0x3b/0x50 [ 13.926800] __kasan_kmalloc+0xb7/0xc0 [ 13.927085] __kmalloc_cache_noprof+0x189/0x420 [ 13.927271] kasan_atomics+0x95/0x310 [ 13.927405] kunit_try_run_case+0x1a5/0x480 [ 13.927551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.927726] kthread+0x337/0x6f0 [ 13.928424] ret_from_fork+0x116/0x1d0 [ 13.928821] ret_from_fork_asm+0x1a/0x30 [ 13.929274] [ 13.929501] The buggy address belongs to the object at ffff8881038eb080 [ 13.929501] which belongs to the cache kmalloc-64 of size 64 [ 13.930211] The buggy address is located 0 bytes to the right of [ 13.930211] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 13.931390] [ 13.931554] The buggy address belongs to the physical page: [ 13.931749] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 13.932602] flags: 0x200000000000000(node=0|zone=2) [ 13.932779] page_type: f5(slab) [ 13.932903] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.933242] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.933585] page dumped because: kasan: bad access detected [ 13.933868] [ 13.933967] Memory state around the buggy address: [ 13.934267] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.934608] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.934926] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.935300] ^ [ 13.935535] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.935825] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.936123] ================================================================== [ 14.522446] ================================================================== [ 14.522774] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.523083] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.524199] [ 14.524483] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.524534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.524549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.524573] Call Trace: [ 14.524593] <TASK> [ 14.524612] dump_stack_lvl+0x73/0xb0 [ 14.524646] print_report+0xd1/0x650 [ 14.524670] ? __virt_addr_valid+0x1db/0x2d0 [ 14.524694] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.524716] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.524739] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.524760] kasan_report+0x141/0x180 [ 14.524786] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.524813] __asan_report_load4_noabort+0x18/0x20 [ 14.524838] kasan_atomics_helper+0x4a1c/0x5450 [ 14.524861] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.524884] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.524909] ? kasan_atomics+0x152/0x310 [ 14.524935] kasan_atomics+0x1dc/0x310 [ 14.524958] ? __pfx_kasan_atomics+0x10/0x10 [ 14.524984] ? __pfx_read_tsc+0x10/0x10 [ 14.525005] ? ktime_get_ts64+0x86/0x230 [ 14.525031] kunit_try_run_case+0x1a5/0x480 [ 14.525055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.525078] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.525116] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.525140] ? __kthread_parkme+0x82/0x180 [ 14.525161] ? preempt_count_sub+0x50/0x80 [ 14.525185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.525209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.525233] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.525257] kthread+0x337/0x6f0 [ 14.525277] ? trace_preempt_on+0x20/0xc0 [ 14.525301] ? __pfx_kthread+0x10/0x10 [ 14.525325] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.525347] ? calculate_sigpending+0x7b/0xa0 [ 14.525372] ? __pfx_kthread+0x10/0x10 [ 14.525394] ret_from_fork+0x116/0x1d0 [ 14.525414] ? __pfx_kthread+0x10/0x10 [ 14.525435] ret_from_fork_asm+0x1a/0x30 [ 14.525466] </TASK> [ 14.525479] [ 14.536432] Allocated by task 283: [ 14.536719] kasan_save_stack+0x45/0x70 [ 14.537005] kasan_save_track+0x18/0x40 [ 14.537324] kasan_save_alloc_info+0x3b/0x50 [ 14.537626] __kasan_kmalloc+0xb7/0xc0 [ 14.537774] __kmalloc_cache_noprof+0x189/0x420 [ 14.537985] kasan_atomics+0x95/0x310 [ 14.538378] kunit_try_run_case+0x1a5/0x480 [ 14.538671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.539013] kthread+0x337/0x6f0 [ 14.539287] ret_from_fork+0x116/0x1d0 [ 14.539593] ret_from_fork_asm+0x1a/0x30 [ 14.539895] [ 14.540066] The buggy address belongs to the object at ffff8881038eb080 [ 14.540066] which belongs to the cache kmalloc-64 of size 64 [ 14.540794] The buggy address is located 0 bytes to the right of [ 14.540794] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.541551] [ 14.541665] The buggy address belongs to the physical page: [ 14.542071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.542623] flags: 0x200000000000000(node=0|zone=2) [ 14.542965] page_type: f5(slab) [ 14.543167] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.543660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.544091] page dumped because: kasan: bad access detected [ 14.544488] [ 14.544695] Memory state around the buggy address: [ 14.544972] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.545309] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.545703] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.545982] ^ [ 14.546238] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.546746] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.547154] ================================================================== [ 14.761193] ================================================================== [ 14.761424] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.762168] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.762696] [ 14.762804] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.762845] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.762858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.762905] Call Trace: [ 14.762917] <TASK> [ 14.762932] dump_stack_lvl+0x73/0xb0 [ 14.762977] print_report+0xd1/0x650 [ 14.763000] ? __virt_addr_valid+0x1db/0x2d0 [ 14.763041] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.763063] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.763113] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.763136] kasan_report+0x141/0x180 [ 14.763173] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.763232] kasan_check_range+0x10c/0x1c0 [ 14.763256] __kasan_check_write+0x18/0x20 [ 14.763276] kasan_atomics_helper+0x15b6/0x5450 [ 14.763299] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.763332] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.763357] ? kasan_atomics+0x152/0x310 [ 14.763384] kasan_atomics+0x1dc/0x310 [ 14.763407] ? __pfx_kasan_atomics+0x10/0x10 [ 14.763431] ? __pfx_read_tsc+0x10/0x10 [ 14.763453] ? ktime_get_ts64+0x86/0x230 [ 14.763493] kunit_try_run_case+0x1a5/0x480 [ 14.763531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.763567] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.763604] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.763640] ? __kthread_parkme+0x82/0x180 [ 14.763675] ? preempt_count_sub+0x50/0x80 [ 14.763725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.763763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.763800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.763826] kthread+0x337/0x6f0 [ 14.763846] ? trace_preempt_on+0x20/0xc0 [ 14.763869] ? __pfx_kthread+0x10/0x10 [ 14.763890] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.763913] ? calculate_sigpending+0x7b/0xa0 [ 14.763936] ? __pfx_kthread+0x10/0x10 [ 14.763958] ret_from_fork+0x116/0x1d0 [ 14.763978] ? __pfx_kthread+0x10/0x10 [ 14.763998] ret_from_fork_asm+0x1a/0x30 [ 14.764028] </TASK> [ 14.764041] [ 14.773448] Allocated by task 283: [ 14.773577] kasan_save_stack+0x45/0x70 [ 14.773776] kasan_save_track+0x18/0x40 [ 14.773966] kasan_save_alloc_info+0x3b/0x50 [ 14.774212] __kasan_kmalloc+0xb7/0xc0 [ 14.774398] __kmalloc_cache_noprof+0x189/0x420 [ 14.774662] kasan_atomics+0x95/0x310 [ 14.774830] kunit_try_run_case+0x1a5/0x480 [ 14.774973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.775152] kthread+0x337/0x6f0 [ 14.775278] ret_from_fork+0x116/0x1d0 [ 14.775484] ret_from_fork_asm+0x1a/0x30 [ 14.775705] [ 14.775798] The buggy address belongs to the object at ffff8881038eb080 [ 14.775798] which belongs to the cache kmalloc-64 of size 64 [ 14.776437] The buggy address is located 0 bytes to the right of [ 14.776437] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.776987] [ 14.777081] The buggy address belongs to the physical page: [ 14.777273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.777769] flags: 0x200000000000000(node=0|zone=2) [ 14.778027] page_type: f5(slab) [ 14.778213] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.778568] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.778807] page dumped because: kasan: bad access detected [ 14.779061] [ 14.779185] Memory state around the buggy address: [ 14.779439] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.779728] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.780043] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.780366] ^ [ 14.780530] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.780849] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.781177] ================================================================== [ 14.900679] ================================================================== [ 14.901018] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 14.901466] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.901876] [ 14.901970] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.902015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.902028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.902173] Call Trace: [ 14.902192] <TASK> [ 14.902370] dump_stack_lvl+0x73/0xb0 [ 14.902405] print_report+0xd1/0x650 [ 14.902430] ? __virt_addr_valid+0x1db/0x2d0 [ 14.902453] ? kasan_atomics_helper+0x194a/0x5450 [ 14.902475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.902498] ? kasan_atomics_helper+0x194a/0x5450 [ 14.902523] kasan_report+0x141/0x180 [ 14.902546] ? kasan_atomics_helper+0x194a/0x5450 [ 14.902573] kasan_check_range+0x10c/0x1c0 [ 14.902596] __kasan_check_write+0x18/0x20 [ 14.902616] kasan_atomics_helper+0x194a/0x5450 [ 14.902639] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.902662] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.902689] ? kasan_atomics+0x152/0x310 [ 14.902716] kasan_atomics+0x1dc/0x310 [ 14.902738] ? __pfx_kasan_atomics+0x10/0x10 [ 14.902762] ? __pfx_read_tsc+0x10/0x10 [ 14.902783] ? ktime_get_ts64+0x86/0x230 [ 14.902808] kunit_try_run_case+0x1a5/0x480 [ 14.902833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.902855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.902878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.902901] ? __kthread_parkme+0x82/0x180 [ 14.902921] ? preempt_count_sub+0x50/0x80 [ 14.902945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.902968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.902991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.903015] kthread+0x337/0x6f0 [ 14.903034] ? trace_preempt_on+0x20/0xc0 [ 14.903058] ? __pfx_kthread+0x10/0x10 [ 14.903079] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.903111] ? calculate_sigpending+0x7b/0xa0 [ 14.903135] ? __pfx_kthread+0x10/0x10 [ 14.903157] ret_from_fork+0x116/0x1d0 [ 14.903175] ? __pfx_kthread+0x10/0x10 [ 14.903196] ret_from_fork_asm+0x1a/0x30 [ 14.903231] </TASK> [ 14.903244] [ 14.913828] Allocated by task 283: [ 14.914000] kasan_save_stack+0x45/0x70 [ 14.914283] kasan_save_track+0x18/0x40 [ 14.914555] kasan_save_alloc_info+0x3b/0x50 [ 14.914830] __kasan_kmalloc+0xb7/0xc0 [ 14.915084] __kmalloc_cache_noprof+0x189/0x420 [ 14.915316] kasan_atomics+0x95/0x310 [ 14.915651] kunit_try_run_case+0x1a5/0x480 [ 14.915967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.916318] kthread+0x337/0x6f0 [ 14.916594] ret_from_fork+0x116/0x1d0 [ 14.916865] ret_from_fork_asm+0x1a/0x30 [ 14.917069] [ 14.917175] The buggy address belongs to the object at ffff8881038eb080 [ 14.917175] which belongs to the cache kmalloc-64 of size 64 [ 14.917969] The buggy address is located 0 bytes to the right of [ 14.917969] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.918754] [ 14.919020] The buggy address belongs to the physical page: [ 14.919291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.919963] flags: 0x200000000000000(node=0|zone=2) [ 14.920145] page_type: f5(slab) [ 14.920267] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.921115] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.921892] page dumped because: kasan: bad access detected [ 14.922448] [ 14.922527] Memory state around the buggy address: [ 14.922684] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.922897] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.923126] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.923366] ^ [ 14.923519] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.924458] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.924815] ================================================================== [ 15.190601] ================================================================== [ 15.190946] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 15.191374] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.191873] [ 15.191963] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.192013] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.192026] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.192050] Call Trace: [ 15.192064] <TASK> [ 15.192079] dump_stack_lvl+0x73/0xb0 [ 15.192119] print_report+0xd1/0x650 [ 15.192141] ? __virt_addr_valid+0x1db/0x2d0 [ 15.192164] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.192186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.192208] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.192230] kasan_report+0x141/0x180 [ 15.192252] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.192279] kasan_check_range+0x10c/0x1c0 [ 15.192303] __kasan_check_write+0x18/0x20 [ 15.192322] kasan_atomics_helper+0x20c8/0x5450 [ 15.192345] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.192378] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.192403] ? kasan_atomics+0x152/0x310 [ 15.192429] kasan_atomics+0x1dc/0x310 [ 15.192452] ? __pfx_kasan_atomics+0x10/0x10 [ 15.192476] ? __pfx_read_tsc+0x10/0x10 [ 15.192498] ? ktime_get_ts64+0x86/0x230 [ 15.192522] kunit_try_run_case+0x1a5/0x480 [ 15.192546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.192568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.192592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.192615] ? __kthread_parkme+0x82/0x180 [ 15.192636] ? preempt_count_sub+0x50/0x80 [ 15.192659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.192683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.192707] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.192730] kthread+0x337/0x6f0 [ 15.192749] ? trace_preempt_on+0x20/0xc0 [ 15.192772] ? __pfx_kthread+0x10/0x10 [ 15.192794] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.192815] ? calculate_sigpending+0x7b/0xa0 [ 15.192839] ? __pfx_kthread+0x10/0x10 [ 15.192862] ret_from_fork+0x116/0x1d0 [ 15.192881] ? __pfx_kthread+0x10/0x10 [ 15.192902] ret_from_fork_asm+0x1a/0x30 [ 15.192933] </TASK> [ 15.192945] [ 15.200112] Allocated by task 283: [ 15.200262] kasan_save_stack+0x45/0x70 [ 15.200533] kasan_save_track+0x18/0x40 [ 15.200668] kasan_save_alloc_info+0x3b/0x50 [ 15.200817] __kasan_kmalloc+0xb7/0xc0 [ 15.200953] __kmalloc_cache_noprof+0x189/0x420 [ 15.201187] kasan_atomics+0x95/0x310 [ 15.201424] kunit_try_run_case+0x1a5/0x480 [ 15.201624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.201876] kthread+0x337/0x6f0 [ 15.202033] ret_from_fork+0x116/0x1d0 [ 15.202222] ret_from_fork_asm+0x1a/0x30 [ 15.202448] [ 15.202524] The buggy address belongs to the object at ffff8881038eb080 [ 15.202524] which belongs to the cache kmalloc-64 of size 64 [ 15.202978] The buggy address is located 0 bytes to the right of [ 15.202978] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.203493] [ 15.203590] The buggy address belongs to the physical page: [ 15.203806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.204124] flags: 0x200000000000000(node=0|zone=2) [ 15.204346] page_type: f5(slab) [ 15.204501] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.204765] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.204989] page dumped because: kasan: bad access detected [ 15.205170] [ 15.205241] Memory state around the buggy address: [ 15.205431] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.205763] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.206069] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.206382] ^ [ 15.206548] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206763] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206975] ================================================================== [ 13.936725] ================================================================== [ 13.937043] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 13.937603] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 13.937890] [ 13.938004] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.938045] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.938057] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.938077] Call Trace: [ 13.938093] <TASK> [ 13.938117] dump_stack_lvl+0x73/0xb0 [ 13.938146] print_report+0xd1/0x650 [ 13.938168] ? __virt_addr_valid+0x1db/0x2d0 [ 13.938191] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.938211] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.938233] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.938254] kasan_report+0x141/0x180 [ 13.938275] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.938300] __asan_report_load4_noabort+0x18/0x20 [ 13.938324] kasan_atomics_helper+0x4b88/0x5450 [ 13.938346] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.938367] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.938392] ? kasan_atomics+0x152/0x310 [ 13.938418] kasan_atomics+0x1dc/0x310 [ 13.938440] ? __pfx_kasan_atomics+0x10/0x10 [ 13.938463] ? __pfx_read_tsc+0x10/0x10 [ 13.938482] ? ktime_get_ts64+0x86/0x230 [ 13.938506] kunit_try_run_case+0x1a5/0x480 [ 13.938528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.938550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.938572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.938594] ? __kthread_parkme+0x82/0x180 [ 13.938614] ? preempt_count_sub+0x50/0x80 [ 13.938647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.938739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.938765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.938789] kthread+0x337/0x6f0 [ 13.938808] ? trace_preempt_on+0x20/0xc0 [ 13.938830] ? __pfx_kthread+0x10/0x10 [ 13.938865] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.938897] ? calculate_sigpending+0x7b/0xa0 [ 13.938921] ? __pfx_kthread+0x10/0x10 [ 13.938942] ret_from_fork+0x116/0x1d0 [ 13.938970] ? __pfx_kthread+0x10/0x10 [ 13.938992] ret_from_fork_asm+0x1a/0x30 [ 13.939021] </TASK> [ 13.939032] [ 13.947221] Allocated by task 283: [ 13.947356] kasan_save_stack+0x45/0x70 [ 13.947764] kasan_save_track+0x18/0x40 [ 13.947979] kasan_save_alloc_info+0x3b/0x50 [ 13.948462] __kasan_kmalloc+0xb7/0xc0 [ 13.948670] __kmalloc_cache_noprof+0x189/0x420 [ 13.948868] kasan_atomics+0x95/0x310 [ 13.949074] kunit_try_run_case+0x1a5/0x480 [ 13.949343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.949609] kthread+0x337/0x6f0 [ 13.949763] ret_from_fork+0x116/0x1d0 [ 13.949969] ret_from_fork_asm+0x1a/0x30 [ 13.950208] [ 13.950308] The buggy address belongs to the object at ffff8881038eb080 [ 13.950308] which belongs to the cache kmalloc-64 of size 64 [ 13.950723] The buggy address is located 0 bytes to the right of [ 13.950723] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 13.951262] [ 13.951498] The buggy address belongs to the physical page: [ 13.951853] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 13.952125] flags: 0x200000000000000(node=0|zone=2) [ 13.952887] page_type: f5(slab) [ 13.953326] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.953679] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.953993] page dumped because: kasan: bad access detected [ 13.954616] [ 13.954705] Memory state around the buggy address: [ 13.954911] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.955336] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.955633] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.955917] ^ [ 13.956134] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.957062] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.957776] ================================================================== [ 14.587507] ================================================================== [ 14.587741] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.587987] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.588816] [ 14.588921] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.588965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.588979] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.589000] Call Trace: [ 14.589014] <TASK> [ 14.589027] dump_stack_lvl+0x73/0xb0 [ 14.589056] print_report+0xd1/0x650 [ 14.589079] ? __virt_addr_valid+0x1db/0x2d0 [ 14.589114] ? kasan_atomics_helper+0x1217/0x5450 [ 14.589137] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.589159] ? kasan_atomics_helper+0x1217/0x5450 [ 14.589184] kasan_report+0x141/0x180 [ 14.589207] ? kasan_atomics_helper+0x1217/0x5450 [ 14.589234] kasan_check_range+0x10c/0x1c0 [ 14.589258] __kasan_check_write+0x18/0x20 [ 14.589279] kasan_atomics_helper+0x1217/0x5450 [ 14.589303] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.589324] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.589452] ? kasan_atomics+0x152/0x310 [ 14.589483] kasan_atomics+0x1dc/0x310 [ 14.589534] ? __pfx_kasan_atomics+0x10/0x10 [ 14.589589] ? __pfx_read_tsc+0x10/0x10 [ 14.589609] ? ktime_get_ts64+0x86/0x230 [ 14.589634] kunit_try_run_case+0x1a5/0x480 [ 14.589658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.589681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.589705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.589727] ? __kthread_parkme+0x82/0x180 [ 14.589749] ? preempt_count_sub+0x50/0x80 [ 14.589773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.589797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.589820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.589844] kthread+0x337/0x6f0 [ 14.589864] ? trace_preempt_on+0x20/0xc0 [ 14.589919] ? __pfx_kthread+0x10/0x10 [ 14.589941] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.589962] ? calculate_sigpending+0x7b/0xa0 [ 14.589986] ? __pfx_kthread+0x10/0x10 [ 14.590008] ret_from_fork+0x116/0x1d0 [ 14.590027] ? __pfx_kthread+0x10/0x10 [ 14.590079] ret_from_fork_asm+0x1a/0x30 [ 14.590119] </TASK> [ 14.590131] [ 14.598904] Allocated by task 283: [ 14.599108] kasan_save_stack+0x45/0x70 [ 14.599339] kasan_save_track+0x18/0x40 [ 14.599511] kasan_save_alloc_info+0x3b/0x50 [ 14.599664] __kasan_kmalloc+0xb7/0xc0 [ 14.599800] __kmalloc_cache_noprof+0x189/0x420 [ 14.600008] kasan_atomics+0x95/0x310 [ 14.600157] kunit_try_run_case+0x1a5/0x480 [ 14.600308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.600614] kthread+0x337/0x6f0 [ 14.600793] ret_from_fork+0x116/0x1d0 [ 14.601013] ret_from_fork_asm+0x1a/0x30 [ 14.601225] [ 14.601323] The buggy address belongs to the object at ffff8881038eb080 [ 14.601323] which belongs to the cache kmalloc-64 of size 64 [ 14.602050] The buggy address is located 0 bytes to the right of [ 14.602050] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.602610] [ 14.602758] The buggy address belongs to the physical page: [ 14.602943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.603196] flags: 0x200000000000000(node=0|zone=2) [ 14.603370] page_type: f5(slab) [ 14.603492] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.603732] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.604140] page dumped because: kasan: bad access detected [ 14.604487] [ 14.604637] Memory state around the buggy address: [ 14.604951] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.605441] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.605759] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.605982] ^ [ 14.606153] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.606627] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.606984] ================================================================== [ 14.441559] ================================================================== [ 14.441873] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.443672] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.443921] [ 14.444018] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.444062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.444076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.444112] Call Trace: [ 14.444132] <TASK> [ 14.444151] dump_stack_lvl+0x73/0xb0 [ 14.444182] print_report+0xd1/0x650 [ 14.444207] ? __virt_addr_valid+0x1db/0x2d0 [ 14.444230] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.444252] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.444277] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.444299] kasan_report+0x141/0x180 [ 14.444323] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.444349] kasan_check_range+0x10c/0x1c0 [ 14.444376] __kasan_check_write+0x18/0x20 [ 14.444396] kasan_atomics_helper+0xfa9/0x5450 [ 14.444419] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.444442] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.444467] ? kasan_atomics+0x152/0x310 [ 14.444494] kasan_atomics+0x1dc/0x310 [ 14.444517] ? __pfx_kasan_atomics+0x10/0x10 [ 14.444541] ? __pfx_read_tsc+0x10/0x10 [ 14.444564] ? ktime_get_ts64+0x86/0x230 [ 14.444592] kunit_try_run_case+0x1a5/0x480 [ 14.444617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.444640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.444664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.444687] ? __kthread_parkme+0x82/0x180 [ 14.444709] ? preempt_count_sub+0x50/0x80 [ 14.444733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.444757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.444781] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.444804] kthread+0x337/0x6f0 [ 14.444824] ? trace_preempt_on+0x20/0xc0 [ 14.444848] ? __pfx_kthread+0x10/0x10 [ 14.444869] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.444891] ? calculate_sigpending+0x7b/0xa0 [ 14.444915] ? __pfx_kthread+0x10/0x10 [ 14.444938] ret_from_fork+0x116/0x1d0 [ 14.444957] ? __pfx_kthread+0x10/0x10 [ 14.444978] ret_from_fork_asm+0x1a/0x30 [ 14.445009] </TASK> [ 14.445023] [ 14.458776] Allocated by task 283: [ 14.458975] kasan_save_stack+0x45/0x70 [ 14.459183] kasan_save_track+0x18/0x40 [ 14.459572] kasan_save_alloc_info+0x3b/0x50 [ 14.459866] __kasan_kmalloc+0xb7/0xc0 [ 14.460186] __kmalloc_cache_noprof+0x189/0x420 [ 14.460582] kasan_atomics+0x95/0x310 [ 14.460889] kunit_try_run_case+0x1a5/0x480 [ 14.461179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.461579] kthread+0x337/0x6f0 [ 14.461879] ret_from_fork+0x116/0x1d0 [ 14.462035] ret_from_fork_asm+0x1a/0x30 [ 14.462252] [ 14.462667] The buggy address belongs to the object at ffff8881038eb080 [ 14.462667] which belongs to the cache kmalloc-64 of size 64 [ 14.463344] The buggy address is located 0 bytes to the right of [ 14.463344] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.463964] [ 14.464057] The buggy address belongs to the physical page: [ 14.464328] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.464910] flags: 0x200000000000000(node=0|zone=2) [ 14.465247] page_type: f5(slab) [ 14.465578] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.466004] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.466546] page dumped because: kasan: bad access detected [ 14.466890] [ 14.467112] Memory state around the buggy address: [ 14.467358] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.467741] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.468044] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.468553] ^ [ 14.468845] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.469224] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.469626] ================================================================== [ 13.999534] ================================================================== [ 13.999886] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 14.000360] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.000653] [ 14.000765] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.000806] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.000818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.000839] Call Trace: [ 14.000853] <TASK> [ 14.000866] dump_stack_lvl+0x73/0xb0 [ 14.000895] print_report+0xd1/0x650 [ 14.000918] ? __virt_addr_valid+0x1db/0x2d0 [ 14.000940] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.000962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.000984] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.001006] kasan_report+0x141/0x180 [ 14.001029] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.001055] __asan_report_load4_noabort+0x18/0x20 [ 14.001081] kasan_atomics_helper+0x4b54/0x5450 [ 14.001116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.001139] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.001266] ? kasan_atomics+0x152/0x310 [ 14.001294] kasan_atomics+0x1dc/0x310 [ 14.001318] ? __pfx_kasan_atomics+0x10/0x10 [ 14.001365] ? __pfx_read_tsc+0x10/0x10 [ 14.001387] ? ktime_get_ts64+0x86/0x230 [ 14.001411] kunit_try_run_case+0x1a5/0x480 [ 14.001435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.001467] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.001490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.001514] ? __kthread_parkme+0x82/0x180 [ 14.001546] ? preempt_count_sub+0x50/0x80 [ 14.001570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.001595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.001619] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.001652] kthread+0x337/0x6f0 [ 14.001672] ? trace_preempt_on+0x20/0xc0 [ 14.001696] ? __pfx_kthread+0x10/0x10 [ 14.001728] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.001749] ? calculate_sigpending+0x7b/0xa0 [ 14.001774] ? __pfx_kthread+0x10/0x10 [ 14.001796] ret_from_fork+0x116/0x1d0 [ 14.001815] ? __pfx_kthread+0x10/0x10 [ 14.001836] ret_from_fork_asm+0x1a/0x30 [ 14.001868] </TASK> [ 14.001880] [ 14.009842] Allocated by task 283: [ 14.009988] kasan_save_stack+0x45/0x70 [ 14.010298] kasan_save_track+0x18/0x40 [ 14.010525] kasan_save_alloc_info+0x3b/0x50 [ 14.010720] __kasan_kmalloc+0xb7/0xc0 [ 14.010857] __kmalloc_cache_noprof+0x189/0x420 [ 14.011068] kasan_atomics+0x95/0x310 [ 14.011283] kunit_try_run_case+0x1a5/0x480 [ 14.011795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.012048] kthread+0x337/0x6f0 [ 14.012301] ret_from_fork+0x116/0x1d0 [ 14.012547] ret_from_fork_asm+0x1a/0x30 [ 14.012727] [ 14.012827] The buggy address belongs to the object at ffff8881038eb080 [ 14.012827] which belongs to the cache kmalloc-64 of size 64 [ 14.013441] The buggy address is located 0 bytes to the right of [ 14.013441] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.013960] [ 14.014071] The buggy address belongs to the physical page: [ 14.014401] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.014746] flags: 0x200000000000000(node=0|zone=2) [ 14.014972] page_type: f5(slab) [ 14.015106] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.015592] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.015847] page dumped because: kasan: bad access detected [ 14.016316] [ 14.016504] Memory state around the buggy address: [ 14.016742] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.017020] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.017304] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.017749] ^ [ 14.018007] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.018488] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.018842] ================================================================== [ 14.081149] ================================================================== [ 14.081915] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 14.082178] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.082768] [ 14.082897] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.082940] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.082953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.082974] Call Trace: [ 14.082989] <TASK> [ 14.083002] dump_stack_lvl+0x73/0xb0 [ 14.083034] print_report+0xd1/0x650 [ 14.083088] ? __virt_addr_valid+0x1db/0x2d0 [ 14.083122] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.083145] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.083260] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.083284] kasan_report+0x141/0x180 [ 14.083308] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.083346] kasan_check_range+0x10c/0x1c0 [ 14.083370] __kasan_check_write+0x18/0x20 [ 14.083417] kasan_atomics_helper+0x5fe/0x5450 [ 14.083440] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.083464] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.083500] ? kasan_atomics+0x152/0x310 [ 14.083526] kasan_atomics+0x1dc/0x310 [ 14.083549] ? __pfx_kasan_atomics+0x10/0x10 [ 14.083574] ? __pfx_read_tsc+0x10/0x10 [ 14.083594] ? ktime_get_ts64+0x86/0x230 [ 14.083618] kunit_try_run_case+0x1a5/0x480 [ 14.083642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.083665] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.083688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.083711] ? __kthread_parkme+0x82/0x180 [ 14.083733] ? preempt_count_sub+0x50/0x80 [ 14.083757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.083781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.083803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.083827] kthread+0x337/0x6f0 [ 14.083848] ? trace_preempt_on+0x20/0xc0 [ 14.083872] ? __pfx_kthread+0x10/0x10 [ 14.083919] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.083941] ? calculate_sigpending+0x7b/0xa0 [ 14.083965] ? __pfx_kthread+0x10/0x10 [ 14.084024] ret_from_fork+0x116/0x1d0 [ 14.084042] ? __pfx_kthread+0x10/0x10 [ 14.084090] ret_from_fork_asm+0x1a/0x30 [ 14.084129] </TASK> [ 14.084141] [ 14.093556] Allocated by task 283: [ 14.093758] kasan_save_stack+0x45/0x70 [ 14.093963] kasan_save_track+0x18/0x40 [ 14.094272] kasan_save_alloc_info+0x3b/0x50 [ 14.094488] __kasan_kmalloc+0xb7/0xc0 [ 14.094677] __kmalloc_cache_noprof+0x189/0x420 [ 14.094952] kasan_atomics+0x95/0x310 [ 14.095160] kunit_try_run_case+0x1a5/0x480 [ 14.095371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.095830] kthread+0x337/0x6f0 [ 14.095988] ret_from_fork+0x116/0x1d0 [ 14.096251] ret_from_fork_asm+0x1a/0x30 [ 14.096545] [ 14.096622] The buggy address belongs to the object at ffff8881038eb080 [ 14.096622] which belongs to the cache kmalloc-64 of size 64 [ 14.097071] The buggy address is located 0 bytes to the right of [ 14.097071] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.098113] [ 14.098317] The buggy address belongs to the physical page: [ 14.098532] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.098945] flags: 0x200000000000000(node=0|zone=2) [ 14.099151] page_type: f5(slab) [ 14.099425] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.099823] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.100217] page dumped because: kasan: bad access detected [ 14.100570] [ 14.100689] Memory state around the buggy address: [ 14.100908] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.101429] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.101752] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.102055] ^ [ 14.102291] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.102649] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.103308] ================================================================== [ 14.310042] ================================================================== [ 14.310405] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.311140] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.311642] [ 14.311732] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.311775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.311788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.311811] Call Trace: [ 14.311825] <TASK> [ 14.311841] dump_stack_lvl+0x73/0xb0 [ 14.311868] print_report+0xd1/0x650 [ 14.311894] ? __virt_addr_valid+0x1db/0x2d0 [ 14.311950] ? kasan_atomics_helper+0xc70/0x5450 [ 14.311972] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.312025] ? kasan_atomics_helper+0xc70/0x5450 [ 14.312047] kasan_report+0x141/0x180 [ 14.312070] ? kasan_atomics_helper+0xc70/0x5450 [ 14.312104] kasan_check_range+0x10c/0x1c0 [ 14.312128] __kasan_check_write+0x18/0x20 [ 14.312149] kasan_atomics_helper+0xc70/0x5450 [ 14.312215] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.312269] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.312300] ? kasan_atomics+0x152/0x310 [ 14.312352] kasan_atomics+0x1dc/0x310 [ 14.312376] ? __pfx_kasan_atomics+0x10/0x10 [ 14.312401] ? __pfx_read_tsc+0x10/0x10 [ 14.312449] ? ktime_get_ts64+0x86/0x230 [ 14.312474] kunit_try_run_case+0x1a5/0x480 [ 14.312498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.312531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.312554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.312578] ? __kthread_parkme+0x82/0x180 [ 14.312599] ? preempt_count_sub+0x50/0x80 [ 14.312624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.312648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.312672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.312695] kthread+0x337/0x6f0 [ 14.312716] ? trace_preempt_on+0x20/0xc0 [ 14.312739] ? __pfx_kthread+0x10/0x10 [ 14.312761] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.312782] ? calculate_sigpending+0x7b/0xa0 [ 14.312806] ? __pfx_kthread+0x10/0x10 [ 14.312829] ret_from_fork+0x116/0x1d0 [ 14.312848] ? __pfx_kthread+0x10/0x10 [ 14.312869] ret_from_fork_asm+0x1a/0x30 [ 14.312899] </TASK> [ 14.312912] [ 14.323054] Allocated by task 283: [ 14.323354] kasan_save_stack+0x45/0x70 [ 14.323587] kasan_save_track+0x18/0x40 [ 14.323830] kasan_save_alloc_info+0x3b/0x50 [ 14.324050] __kasan_kmalloc+0xb7/0xc0 [ 14.324381] __kmalloc_cache_noprof+0x189/0x420 [ 14.324647] kasan_atomics+0x95/0x310 [ 14.324860] kunit_try_run_case+0x1a5/0x480 [ 14.325048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.325378] kthread+0x337/0x6f0 [ 14.325834] ret_from_fork+0x116/0x1d0 [ 14.325985] ret_from_fork_asm+0x1a/0x30 [ 14.326260] [ 14.326375] The buggy address belongs to the object at ffff8881038eb080 [ 14.326375] which belongs to the cache kmalloc-64 of size 64 [ 14.327091] The buggy address is located 0 bytes to the right of [ 14.327091] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.327770] [ 14.327904] The buggy address belongs to the physical page: [ 14.328354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.328732] flags: 0x200000000000000(node=0|zone=2) [ 14.329010] page_type: f5(slab) [ 14.329220] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.329727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.329989] page dumped because: kasan: bad access detected [ 14.330177] [ 14.330252] Memory state around the buggy address: [ 14.330516] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.330965] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.331312] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.331849] ^ [ 14.332025] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.332696] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.333037] ================================================================== [ 14.662533] ================================================================== [ 14.663311] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.663691] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.664021] [ 14.664145] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.664185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.664198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.664219] Call Trace: [ 14.664232] <TASK> [ 14.664247] dump_stack_lvl+0x73/0xb0 [ 14.664274] print_report+0xd1/0x650 [ 14.664297] ? __virt_addr_valid+0x1db/0x2d0 [ 14.664319] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.664341] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.664364] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.664385] kasan_report+0x141/0x180 [ 14.664408] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.664434] kasan_check_range+0x10c/0x1c0 [ 14.664458] __kasan_check_read+0x15/0x20 [ 14.664478] kasan_atomics_helper+0x13b5/0x5450 [ 14.664501] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.664524] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.664549] ? kasan_atomics+0x152/0x310 [ 14.664575] kasan_atomics+0x1dc/0x310 [ 14.664598] ? __pfx_kasan_atomics+0x10/0x10 [ 14.664621] ? __pfx_read_tsc+0x10/0x10 [ 14.664643] ? ktime_get_ts64+0x86/0x230 [ 14.664667] kunit_try_run_case+0x1a5/0x480 [ 14.664691] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.664713] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.664735] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.664758] ? __kthread_parkme+0x82/0x180 [ 14.664778] ? preempt_count_sub+0x50/0x80 [ 14.664802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.664826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.664848] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.664872] kthread+0x337/0x6f0 [ 14.664893] ? trace_preempt_on+0x20/0xc0 [ 14.664915] ? __pfx_kthread+0x10/0x10 [ 14.664936] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.664957] ? calculate_sigpending+0x7b/0xa0 [ 14.664982] ? __pfx_kthread+0x10/0x10 [ 14.665003] ret_from_fork+0x116/0x1d0 [ 14.665021] ? __pfx_kthread+0x10/0x10 [ 14.665043] ret_from_fork_asm+0x1a/0x30 [ 14.665073] </TASK> [ 14.665085] [ 14.672547] Allocated by task 283: [ 14.672723] kasan_save_stack+0x45/0x70 [ 14.672922] kasan_save_track+0x18/0x40 [ 14.673125] kasan_save_alloc_info+0x3b/0x50 [ 14.673353] __kasan_kmalloc+0xb7/0xc0 [ 14.673540] __kmalloc_cache_noprof+0x189/0x420 [ 14.673743] kasan_atomics+0x95/0x310 [ 14.673897] kunit_try_run_case+0x1a5/0x480 [ 14.674047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.674235] kthread+0x337/0x6f0 [ 14.674361] ret_from_fork+0x116/0x1d0 [ 14.674494] ret_from_fork_asm+0x1a/0x30 [ 14.674735] [ 14.674834] The buggy address belongs to the object at ffff8881038eb080 [ 14.674834] which belongs to the cache kmalloc-64 of size 64 [ 14.675389] The buggy address is located 0 bytes to the right of [ 14.675389] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.675955] [ 14.676053] The buggy address belongs to the physical page: [ 14.676278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.676653] flags: 0x200000000000000(node=0|zone=2) [ 14.676838] page_type: f5(slab) [ 14.676961] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.677274] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.677730] page dumped because: kasan: bad access detected [ 14.677924] [ 14.677995] Memory state around the buggy address: [ 14.678162] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.678440] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.678760] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.679071] ^ [ 14.679312] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.679652] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.679871] ================================================================== [ 14.723910] ================================================================== [ 14.724404] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.724720] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.725093] [ 14.725206] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.725251] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.725285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.725308] Call Trace: [ 14.725324] <TASK> [ 14.725341] dump_stack_lvl+0x73/0xb0 [ 14.725367] print_report+0xd1/0x650 [ 14.725391] ? __virt_addr_valid+0x1db/0x2d0 [ 14.725413] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.725435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.725457] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.725480] kasan_report+0x141/0x180 [ 14.725502] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.725546] __asan_report_store8_noabort+0x1b/0x30 [ 14.725583] kasan_atomics_helper+0x50d4/0x5450 [ 14.725606] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.725643] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.725682] ? kasan_atomics+0x152/0x310 [ 14.725708] kasan_atomics+0x1dc/0x310 [ 14.725745] ? __pfx_kasan_atomics+0x10/0x10 [ 14.725782] ? __pfx_read_tsc+0x10/0x10 [ 14.725804] ? ktime_get_ts64+0x86/0x230 [ 14.725828] kunit_try_run_case+0x1a5/0x480 [ 14.725865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.725901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.725924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.725948] ? __kthread_parkme+0x82/0x180 [ 14.725968] ? preempt_count_sub+0x50/0x80 [ 14.725991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.726016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.726039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.726064] kthread+0x337/0x6f0 [ 14.726084] ? trace_preempt_on+0x20/0xc0 [ 14.726118] ? __pfx_kthread+0x10/0x10 [ 14.726139] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.726161] ? calculate_sigpending+0x7b/0xa0 [ 14.726184] ? __pfx_kthread+0x10/0x10 [ 14.726207] ret_from_fork+0x116/0x1d0 [ 14.726225] ? __pfx_kthread+0x10/0x10 [ 14.726247] ret_from_fork_asm+0x1a/0x30 [ 14.726276] </TASK> [ 14.726289] [ 14.734032] Allocated by task 283: [ 14.734226] kasan_save_stack+0x45/0x70 [ 14.734423] kasan_save_track+0x18/0x40 [ 14.734746] kasan_save_alloc_info+0x3b/0x50 [ 14.734958] __kasan_kmalloc+0xb7/0xc0 [ 14.735152] __kmalloc_cache_noprof+0x189/0x420 [ 14.735349] kasan_atomics+0x95/0x310 [ 14.735553] kunit_try_run_case+0x1a5/0x480 [ 14.735776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.736019] kthread+0x337/0x6f0 [ 14.736180] ret_from_fork+0x116/0x1d0 [ 14.736311] ret_from_fork_asm+0x1a/0x30 [ 14.736449] [ 14.736520] The buggy address belongs to the object at ffff8881038eb080 [ 14.736520] which belongs to the cache kmalloc-64 of size 64 [ 14.737375] The buggy address is located 0 bytes to the right of [ 14.737375] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.737921] [ 14.738050] The buggy address belongs to the physical page: [ 14.738335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.738692] flags: 0x200000000000000(node=0|zone=2) [ 14.738922] page_type: f5(slab) [ 14.739091] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.739542] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.739863] page dumped because: kasan: bad access detected [ 14.740073] [ 14.740153] Memory state around the buggy address: [ 14.740305] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.740516] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.740853] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.741197] ^ [ 14.741458] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.741786] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.742198] ================================================================== [ 14.149891] ================================================================== [ 14.150284] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 14.150643] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.150915] [ 14.151033] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.151076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.151091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.151148] Call Trace: [ 14.151166] <TASK> [ 14.151183] dump_stack_lvl+0x73/0xb0 [ 14.151226] print_report+0xd1/0x650 [ 14.151249] ? __virt_addr_valid+0x1db/0x2d0 [ 14.151337] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.151362] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.151405] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.151428] kasan_report+0x141/0x180 [ 14.151466] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.151504] kasan_check_range+0x10c/0x1c0 [ 14.151528] __kasan_check_write+0x18/0x20 [ 14.151549] kasan_atomics_helper+0x7c7/0x5450 [ 14.151584] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.151607] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.151633] ? kasan_atomics+0x152/0x310 [ 14.151660] kasan_atomics+0x1dc/0x310 [ 14.151683] ? __pfx_kasan_atomics+0x10/0x10 [ 14.151707] ? __pfx_read_tsc+0x10/0x10 [ 14.151729] ? ktime_get_ts64+0x86/0x230 [ 14.151753] kunit_try_run_case+0x1a5/0x480 [ 14.151777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.151799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.151823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.151845] ? __kthread_parkme+0x82/0x180 [ 14.151866] ? preempt_count_sub+0x50/0x80 [ 14.151890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.151914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.151938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.151961] kthread+0x337/0x6f0 [ 14.151981] ? trace_preempt_on+0x20/0xc0 [ 14.152004] ? __pfx_kthread+0x10/0x10 [ 14.152025] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.152047] ? calculate_sigpending+0x7b/0xa0 [ 14.152071] ? __pfx_kthread+0x10/0x10 [ 14.152093] ret_from_fork+0x116/0x1d0 [ 14.152125] ? __pfx_kthread+0x10/0x10 [ 14.152145] ret_from_fork_asm+0x1a/0x30 [ 14.152215] </TASK> [ 14.152227] [ 14.161689] Allocated by task 283: [ 14.161917] kasan_save_stack+0x45/0x70 [ 14.162142] kasan_save_track+0x18/0x40 [ 14.162415] kasan_save_alloc_info+0x3b/0x50 [ 14.162643] __kasan_kmalloc+0xb7/0xc0 [ 14.162860] __kmalloc_cache_noprof+0x189/0x420 [ 14.163090] kasan_atomics+0x95/0x310 [ 14.163375] kunit_try_run_case+0x1a5/0x480 [ 14.163606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.163820] kthread+0x337/0x6f0 [ 14.163971] ret_from_fork+0x116/0x1d0 [ 14.164116] ret_from_fork_asm+0x1a/0x30 [ 14.164508] [ 14.164584] The buggy address belongs to the object at ffff8881038eb080 [ 14.164584] which belongs to the cache kmalloc-64 of size 64 [ 14.165156] The buggy address is located 0 bytes to the right of [ 14.165156] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.165897] [ 14.166078] The buggy address belongs to the physical page: [ 14.166505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.166917] flags: 0x200000000000000(node=0|zone=2) [ 14.167196] page_type: f5(slab) [ 14.167503] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.167816] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.168224] page dumped because: kasan: bad access detected [ 14.168583] [ 14.168698] Memory state around the buggy address: [ 14.168885] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.169312] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.169760] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.170125] ^ [ 14.170605] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.170945] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.171309] ================================================================== [ 15.074504] ================================================================== [ 15.075230] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 15.075905] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.076575] [ 15.076767] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.076811] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.076842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.076865] Call Trace: [ 15.076882] <TASK> [ 15.076897] dump_stack_lvl+0x73/0xb0 [ 15.076924] print_report+0xd1/0x650 [ 15.076947] ? __virt_addr_valid+0x1db/0x2d0 [ 15.076970] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.076993] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.077016] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.077038] kasan_report+0x141/0x180 [ 15.077061] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.077088] kasan_check_range+0x10c/0x1c0 [ 15.077125] __kasan_check_write+0x18/0x20 [ 15.077145] kasan_atomics_helper+0x1e12/0x5450 [ 15.077168] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.077192] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.077217] ? kasan_atomics+0x152/0x310 [ 15.077245] kasan_atomics+0x1dc/0x310 [ 15.077268] ? __pfx_kasan_atomics+0x10/0x10 [ 15.077293] ? __pfx_read_tsc+0x10/0x10 [ 15.077314] ? ktime_get_ts64+0x86/0x230 [ 15.077347] kunit_try_run_case+0x1a5/0x480 [ 15.077371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.077393] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.077416] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.077440] ? __kthread_parkme+0x82/0x180 [ 15.077461] ? preempt_count_sub+0x50/0x80 [ 15.077485] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.077509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.077532] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.077556] kthread+0x337/0x6f0 [ 15.077575] ? trace_preempt_on+0x20/0xc0 [ 15.077599] ? __pfx_kthread+0x10/0x10 [ 15.077619] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.077641] ? calculate_sigpending+0x7b/0xa0 [ 15.077665] ? __pfx_kthread+0x10/0x10 [ 15.077687] ret_from_fork+0x116/0x1d0 [ 15.077705] ? __pfx_kthread+0x10/0x10 [ 15.077727] ret_from_fork_asm+0x1a/0x30 [ 15.077756] </TASK> [ 15.077768] [ 15.085881] Allocated by task 283: [ 15.086078] kasan_save_stack+0x45/0x70 [ 15.086314] kasan_save_track+0x18/0x40 [ 15.086537] kasan_save_alloc_info+0x3b/0x50 [ 15.086742] __kasan_kmalloc+0xb7/0xc0 [ 15.086934] __kmalloc_cache_noprof+0x189/0x420 [ 15.087140] kasan_atomics+0x95/0x310 [ 15.087359] kunit_try_run_case+0x1a5/0x480 [ 15.087599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.087847] kthread+0x337/0x6f0 [ 15.088079] ret_from_fork+0x116/0x1d0 [ 15.088280] ret_from_fork_asm+0x1a/0x30 [ 15.088581] [ 15.088670] The buggy address belongs to the object at ffff8881038eb080 [ 15.088670] which belongs to the cache kmalloc-64 of size 64 [ 15.089037] The buggy address is located 0 bytes to the right of [ 15.089037] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.089797] [ 15.089896] The buggy address belongs to the physical page: [ 15.090164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.090435] flags: 0x200000000000000(node=0|zone=2) [ 15.090679] page_type: f5(slab) [ 15.090861] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.091163] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.091562] page dumped because: kasan: bad access detected [ 15.091826] [ 15.091941] Memory state around the buggy address: [ 15.092106] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.092409] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.092706] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.093013] ^ [ 15.093231] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.093622] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.093924] ================================================================== [ 13.958245] ================================================================== [ 13.958688] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 13.959025] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 13.959404] [ 13.959581] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.959625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.959637] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.959655] Call Trace: [ 13.959670] <TASK> [ 13.959694] dump_stack_lvl+0x73/0xb0 [ 13.959721] print_report+0xd1/0x650 [ 13.959741] ? __virt_addr_valid+0x1db/0x2d0 [ 13.959775] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.959805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.959826] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.959847] kasan_report+0x141/0x180 [ 13.959880] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.959905] __asan_report_store4_noabort+0x1b/0x30 [ 13.959926] kasan_atomics_helper+0x4b6e/0x5450 [ 13.959947] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.959969] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.959993] ? kasan_atomics+0x152/0x310 [ 13.960019] kasan_atomics+0x1dc/0x310 [ 13.960041] ? __pfx_kasan_atomics+0x10/0x10 [ 13.960065] ? __pfx_read_tsc+0x10/0x10 [ 13.960085] ? ktime_get_ts64+0x86/0x230 [ 13.960119] kunit_try_run_case+0x1a5/0x480 [ 13.960142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.960164] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.960185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.960208] ? __kthread_parkme+0x82/0x180 [ 13.960228] ? preempt_count_sub+0x50/0x80 [ 13.960374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.960415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.960527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.960553] kthread+0x337/0x6f0 [ 13.960573] ? trace_preempt_on+0x20/0xc0 [ 13.960596] ? __pfx_kthread+0x10/0x10 [ 13.960618] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.960640] ? calculate_sigpending+0x7b/0xa0 [ 13.960664] ? __pfx_kthread+0x10/0x10 [ 13.960686] ret_from_fork+0x116/0x1d0 [ 13.960704] ? __pfx_kthread+0x10/0x10 [ 13.960726] ret_from_fork_asm+0x1a/0x30 [ 13.960757] </TASK> [ 13.960768] [ 13.969868] Allocated by task 283: [ 13.970078] kasan_save_stack+0x45/0x70 [ 13.970359] kasan_save_track+0x18/0x40 [ 13.970530] kasan_save_alloc_info+0x3b/0x50 [ 13.970683] __kasan_kmalloc+0xb7/0xc0 [ 13.970819] __kmalloc_cache_noprof+0x189/0x420 [ 13.971043] kasan_atomics+0x95/0x310 [ 13.971261] kunit_try_run_case+0x1a5/0x480 [ 13.971520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.971882] kthread+0x337/0x6f0 [ 13.972011] ret_from_fork+0x116/0x1d0 [ 13.972418] ret_from_fork_asm+0x1a/0x30 [ 13.972646] [ 13.972746] The buggy address belongs to the object at ffff8881038eb080 [ 13.972746] which belongs to the cache kmalloc-64 of size 64 [ 13.973236] The buggy address is located 0 bytes to the right of [ 13.973236] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 13.973879] [ 13.973988] The buggy address belongs to the physical page: [ 13.974389] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 13.974723] flags: 0x200000000000000(node=0|zone=2) [ 13.974965] page_type: f5(slab) [ 13.975107] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.975363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.975974] page dumped because: kasan: bad access detected [ 13.976365] [ 13.976440] Memory state around the buggy address: [ 13.976598] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.976917] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.977450] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.977786] ^ [ 13.978231] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.978598] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.978978] ================================================================== [ 14.742789] ================================================================== [ 14.743066] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.743673] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.743966] [ 14.744055] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.744109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.744122] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.744162] Call Trace: [ 14.744192] <TASK> [ 14.744207] dump_stack_lvl+0x73/0xb0 [ 14.744248] print_report+0xd1/0x650 [ 14.744285] ? __virt_addr_valid+0x1db/0x2d0 [ 14.744321] ? kasan_atomics_helper+0x151d/0x5450 [ 14.744356] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.744379] ? kasan_atomics_helper+0x151d/0x5450 [ 14.744401] kasan_report+0x141/0x180 [ 14.744424] ? kasan_atomics_helper+0x151d/0x5450 [ 14.744451] kasan_check_range+0x10c/0x1c0 [ 14.744475] __kasan_check_write+0x18/0x20 [ 14.744495] kasan_atomics_helper+0x151d/0x5450 [ 14.744518] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.744541] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.744567] ? kasan_atomics+0x152/0x310 [ 14.744594] kasan_atomics+0x1dc/0x310 [ 14.744617] ? __pfx_kasan_atomics+0x10/0x10 [ 14.744642] ? __pfx_read_tsc+0x10/0x10 [ 14.744663] ? ktime_get_ts64+0x86/0x230 [ 14.744688] kunit_try_run_case+0x1a5/0x480 [ 14.744721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.744744] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.744768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.744792] ? __kthread_parkme+0x82/0x180 [ 14.744812] ? preempt_count_sub+0x50/0x80 [ 14.744836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.744880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.744904] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.744928] kthread+0x337/0x6f0 [ 14.744949] ? trace_preempt_on+0x20/0xc0 [ 14.744972] ? __pfx_kthread+0x10/0x10 [ 14.744993] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.745015] ? calculate_sigpending+0x7b/0xa0 [ 14.745040] ? __pfx_kthread+0x10/0x10 [ 14.745061] ret_from_fork+0x116/0x1d0 [ 14.745079] ? __pfx_kthread+0x10/0x10 [ 14.745110] ret_from_fork_asm+0x1a/0x30 [ 14.745141] </TASK> [ 14.745152] [ 14.753125] Allocated by task 283: [ 14.753324] kasan_save_stack+0x45/0x70 [ 14.753545] kasan_save_track+0x18/0x40 [ 14.753703] kasan_save_alloc_info+0x3b/0x50 [ 14.753918] __kasan_kmalloc+0xb7/0xc0 [ 14.754109] __kmalloc_cache_noprof+0x189/0x420 [ 14.754327] kasan_atomics+0x95/0x310 [ 14.754490] kunit_try_run_case+0x1a5/0x480 [ 14.754698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.754930] kthread+0x337/0x6f0 [ 14.755107] ret_from_fork+0x116/0x1d0 [ 14.755296] ret_from_fork_asm+0x1a/0x30 [ 14.755493] [ 14.755590] The buggy address belongs to the object at ffff8881038eb080 [ 14.755590] which belongs to the cache kmalloc-64 of size 64 [ 14.756069] The buggy address is located 0 bytes to the right of [ 14.756069] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.756627] [ 14.756705] The buggy address belongs to the physical page: [ 14.756953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.757288] flags: 0x200000000000000(node=0|zone=2) [ 14.757509] page_type: f5(slab) [ 14.757671] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.758024] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.758437] page dumped because: kasan: bad access detected [ 14.758711] [ 14.758808] Memory state around the buggy address: [ 14.759027] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.759358] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.759670] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.759981] ^ [ 14.760208] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.760516] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.760793] ================================================================== [ 14.265426] ================================================================== [ 14.265770] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 14.266144] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.266483] [ 14.266705] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.266750] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.266764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.266784] Call Trace: [ 14.266799] <TASK> [ 14.266814] dump_stack_lvl+0x73/0xb0 [ 14.266841] print_report+0xd1/0x650 [ 14.266863] ? __virt_addr_valid+0x1db/0x2d0 [ 14.266922] ? kasan_atomics_helper+0xac7/0x5450 [ 14.266945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.266968] ? kasan_atomics_helper+0xac7/0x5450 [ 14.267001] kasan_report+0x141/0x180 [ 14.267025] ? kasan_atomics_helper+0xac7/0x5450 [ 14.267076] kasan_check_range+0x10c/0x1c0 [ 14.267118] __kasan_check_write+0x18/0x20 [ 14.267139] kasan_atomics_helper+0xac7/0x5450 [ 14.267161] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.267184] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.267215] ? kasan_atomics+0x152/0x310 [ 14.267309] kasan_atomics+0x1dc/0x310 [ 14.267346] ? __pfx_kasan_atomics+0x10/0x10 [ 14.267371] ? __pfx_read_tsc+0x10/0x10 [ 14.267392] ? ktime_get_ts64+0x86/0x230 [ 14.267427] kunit_try_run_case+0x1a5/0x480 [ 14.267452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.267503] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.267528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.267551] ? __kthread_parkme+0x82/0x180 [ 14.267582] ? preempt_count_sub+0x50/0x80 [ 14.267606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.267657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.267680] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.267703] kthread+0x337/0x6f0 [ 14.267734] ? trace_preempt_on+0x20/0xc0 [ 14.267758] ? __pfx_kthread+0x10/0x10 [ 14.267779] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.267801] ? calculate_sigpending+0x7b/0xa0 [ 14.267825] ? __pfx_kthread+0x10/0x10 [ 14.267848] ret_from_fork+0x116/0x1d0 [ 14.267866] ? __pfx_kthread+0x10/0x10 [ 14.267887] ret_from_fork_asm+0x1a/0x30 [ 14.267918] </TASK> [ 14.267930] [ 14.277145] Allocated by task 283: [ 14.277478] kasan_save_stack+0x45/0x70 [ 14.277726] kasan_save_track+0x18/0x40 [ 14.278119] kasan_save_alloc_info+0x3b/0x50 [ 14.278494] __kasan_kmalloc+0xb7/0xc0 [ 14.278683] __kmalloc_cache_noprof+0x189/0x420 [ 14.278844] kasan_atomics+0x95/0x310 [ 14.279030] kunit_try_run_case+0x1a5/0x480 [ 14.279405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.279732] kthread+0x337/0x6f0 [ 14.279922] ret_from_fork+0x116/0x1d0 [ 14.280070] ret_from_fork_asm+0x1a/0x30 [ 14.280567] [ 14.280686] The buggy address belongs to the object at ffff8881038eb080 [ 14.280686] which belongs to the cache kmalloc-64 of size 64 [ 14.281085] The buggy address is located 0 bytes to the right of [ 14.281085] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.281927] [ 14.282005] The buggy address belongs to the physical page: [ 14.282202] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.282638] flags: 0x200000000000000(node=0|zone=2) [ 14.283167] page_type: f5(slab) [ 14.283414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.283666] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.284005] page dumped because: kasan: bad access detected [ 14.284449] [ 14.284540] Memory state around the buggy address: [ 14.284739] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.285032] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.285592] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.285947] ^ [ 14.286149] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.286404] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.286948] ================================================================== [ 14.608750] ================================================================== [ 14.609762] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.610122] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.610415] [ 14.610528] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.610571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.610584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.610622] Call Trace: [ 14.610637] <TASK> [ 14.610653] dump_stack_lvl+0x73/0xb0 [ 14.610680] print_report+0xd1/0x650 [ 14.610704] ? __virt_addr_valid+0x1db/0x2d0 [ 14.610727] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.610749] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.610771] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.610793] kasan_report+0x141/0x180 [ 14.610817] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.610845] __asan_report_load4_noabort+0x18/0x20 [ 14.610870] kasan_atomics_helper+0x49e8/0x5450 [ 14.610893] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.610916] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.610942] ? kasan_atomics+0x152/0x310 [ 14.610970] kasan_atomics+0x1dc/0x310 [ 14.610992] ? __pfx_kasan_atomics+0x10/0x10 [ 14.611017] ? __pfx_read_tsc+0x10/0x10 [ 14.611038] ? ktime_get_ts64+0x86/0x230 [ 14.611062] kunit_try_run_case+0x1a5/0x480 [ 14.611085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.611118] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.611142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.611165] ? __kthread_parkme+0x82/0x180 [ 14.611185] ? preempt_count_sub+0x50/0x80 [ 14.611215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.611239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.611262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.611286] kthread+0x337/0x6f0 [ 14.611305] ? trace_preempt_on+0x20/0xc0 [ 14.611338] ? __pfx_kthread+0x10/0x10 [ 14.611360] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.611380] ? calculate_sigpending+0x7b/0xa0 [ 14.611405] ? __pfx_kthread+0x10/0x10 [ 14.611426] ret_from_fork+0x116/0x1d0 [ 14.611444] ? __pfx_kthread+0x10/0x10 [ 14.611466] ret_from_fork_asm+0x1a/0x30 [ 14.611496] </TASK> [ 14.611508] [ 14.618584] Allocated by task 283: [ 14.618732] kasan_save_stack+0x45/0x70 [ 14.618941] kasan_save_track+0x18/0x40 [ 14.619148] kasan_save_alloc_info+0x3b/0x50 [ 14.619366] __kasan_kmalloc+0xb7/0xc0 [ 14.619691] __kmalloc_cache_noprof+0x189/0x420 [ 14.619848] kasan_atomics+0x95/0x310 [ 14.619981] kunit_try_run_case+0x1a5/0x480 [ 14.620254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.620668] kthread+0x337/0x6f0 [ 14.620845] ret_from_fork+0x116/0x1d0 [ 14.621035] ret_from_fork_asm+0x1a/0x30 [ 14.621187] [ 14.621265] The buggy address belongs to the object at ffff8881038eb080 [ 14.621265] which belongs to the cache kmalloc-64 of size 64 [ 14.621654] The buggy address is located 0 bytes to the right of [ 14.621654] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.622232] [ 14.622336] The buggy address belongs to the physical page: [ 14.622594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.622933] flags: 0x200000000000000(node=0|zone=2) [ 14.623151] page_type: f5(slab) [ 14.623284] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.623633] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.623983] page dumped because: kasan: bad access detected [ 14.624167] [ 14.624240] Memory state around the buggy address: [ 14.624467] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.624784] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.625082] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.625309] ^ [ 14.625467] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.625685] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.626001] ================================================================== [ 14.126926] ================================================================== [ 14.127416] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 14.127855] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.128250] [ 14.128357] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.128401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.128415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.128437] Call Trace: [ 14.128452] <TASK> [ 14.128501] dump_stack_lvl+0x73/0xb0 [ 14.128530] print_report+0xd1/0x650 [ 14.128553] ? __virt_addr_valid+0x1db/0x2d0 [ 14.128607] ? kasan_atomics_helper+0x72f/0x5450 [ 14.128629] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.128652] ? kasan_atomics_helper+0x72f/0x5450 [ 14.128685] kasan_report+0x141/0x180 [ 14.128710] ? kasan_atomics_helper+0x72f/0x5450 [ 14.128736] kasan_check_range+0x10c/0x1c0 [ 14.128786] __kasan_check_write+0x18/0x20 [ 14.128807] kasan_atomics_helper+0x72f/0x5450 [ 14.128829] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.128862] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.128888] ? kasan_atomics+0x152/0x310 [ 14.128916] kasan_atomics+0x1dc/0x310 [ 14.128938] ? __pfx_kasan_atomics+0x10/0x10 [ 14.128963] ? __pfx_read_tsc+0x10/0x10 [ 14.128984] ? ktime_get_ts64+0x86/0x230 [ 14.129034] kunit_try_run_case+0x1a5/0x480 [ 14.129058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.129081] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.129121] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.129145] ? __kthread_parkme+0x82/0x180 [ 14.129237] ? preempt_count_sub+0x50/0x80 [ 14.129260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.129306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.129331] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.129355] kthread+0x337/0x6f0 [ 14.129375] ? trace_preempt_on+0x20/0xc0 [ 14.129399] ? __pfx_kthread+0x10/0x10 [ 14.129421] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.129442] ? calculate_sigpending+0x7b/0xa0 [ 14.129467] ? __pfx_kthread+0x10/0x10 [ 14.129489] ret_from_fork+0x116/0x1d0 [ 14.129508] ? __pfx_kthread+0x10/0x10 [ 14.129528] ret_from_fork_asm+0x1a/0x30 [ 14.129559] </TASK> [ 14.129572] [ 14.138907] Allocated by task 283: [ 14.139085] kasan_save_stack+0x45/0x70 [ 14.139432] kasan_save_track+0x18/0x40 [ 14.139788] kasan_save_alloc_info+0x3b/0x50 [ 14.139997] __kasan_kmalloc+0xb7/0xc0 [ 14.140230] __kmalloc_cache_noprof+0x189/0x420 [ 14.140471] kasan_atomics+0x95/0x310 [ 14.140669] kunit_try_run_case+0x1a5/0x480 [ 14.141126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.141378] kthread+0x337/0x6f0 [ 14.141505] ret_from_fork+0x116/0x1d0 [ 14.141852] ret_from_fork_asm+0x1a/0x30 [ 14.142093] [ 14.142255] The buggy address belongs to the object at ffff8881038eb080 [ 14.142255] which belongs to the cache kmalloc-64 of size 64 [ 14.142835] The buggy address is located 0 bytes to the right of [ 14.142835] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.143739] [ 14.143844] The buggy address belongs to the physical page: [ 14.144023] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.144788] flags: 0x200000000000000(node=0|zone=2) [ 14.145000] page_type: f5(slab) [ 14.145213] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.145719] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.146171] page dumped because: kasan: bad access detected [ 14.146467] [ 14.146665] Memory state around the buggy address: [ 14.146916] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.147292] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.147742] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.148077] ^ [ 14.148379] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.148950] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.149371] ================================================================== [ 14.697923] ================================================================== [ 14.698470] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.698782] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.699036] [ 14.699134] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.699177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.699191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.699216] Call Trace: [ 14.699229] <TASK> [ 14.699246] dump_stack_lvl+0x73/0xb0 [ 14.699271] print_report+0xd1/0x650 [ 14.699294] ? __virt_addr_valid+0x1db/0x2d0 [ 14.699317] ? kasan_atomics_helper+0x1467/0x5450 [ 14.699338] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.699361] ? kasan_atomics_helper+0x1467/0x5450 [ 14.699383] kasan_report+0x141/0x180 [ 14.699405] ? kasan_atomics_helper+0x1467/0x5450 [ 14.699433] kasan_check_range+0x10c/0x1c0 [ 14.699458] __kasan_check_write+0x18/0x20 [ 14.699478] kasan_atomics_helper+0x1467/0x5450 [ 14.699502] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.699525] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.699550] ? kasan_atomics+0x152/0x310 [ 14.699576] kasan_atomics+0x1dc/0x310 [ 14.699601] ? __pfx_kasan_atomics+0x10/0x10 [ 14.699625] ? __pfx_read_tsc+0x10/0x10 [ 14.699646] ? ktime_get_ts64+0x86/0x230 [ 14.699669] kunit_try_run_case+0x1a5/0x480 [ 14.699693] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.699717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.699739] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.699762] ? __kthread_parkme+0x82/0x180 [ 14.699783] ? preempt_count_sub+0x50/0x80 [ 14.699807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.699831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.699867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.699892] kthread+0x337/0x6f0 [ 14.699911] ? trace_preempt_on+0x20/0xc0 [ 14.699935] ? __pfx_kthread+0x10/0x10 [ 14.699958] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.699980] ? calculate_sigpending+0x7b/0xa0 [ 14.700004] ? __pfx_kthread+0x10/0x10 [ 14.700026] ret_from_fork+0x116/0x1d0 [ 14.700045] ? __pfx_kthread+0x10/0x10 [ 14.700066] ret_from_fork_asm+0x1a/0x30 [ 14.700106] </TASK> [ 14.700118] [ 14.715018] Allocated by task 283: [ 14.715368] kasan_save_stack+0x45/0x70 [ 14.715584] kasan_save_track+0x18/0x40 [ 14.715766] kasan_save_alloc_info+0x3b/0x50 [ 14.715969] __kasan_kmalloc+0xb7/0xc0 [ 14.716162] __kmalloc_cache_noprof+0x189/0x420 [ 14.716688] kasan_atomics+0x95/0x310 [ 14.716876] kunit_try_run_case+0x1a5/0x480 [ 14.717203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.717409] kthread+0x337/0x6f0 [ 14.717621] ret_from_fork+0x116/0x1d0 [ 14.717805] ret_from_fork_asm+0x1a/0x30 [ 14.718009] [ 14.718107] The buggy address belongs to the object at ffff8881038eb080 [ 14.718107] which belongs to the cache kmalloc-64 of size 64 [ 14.718636] The buggy address is located 0 bytes to the right of [ 14.718636] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.719144] [ 14.719267] The buggy address belongs to the physical page: [ 14.719486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.719802] flags: 0x200000000000000(node=0|zone=2) [ 14.720057] page_type: f5(slab) [ 14.720240] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.720532] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.720860] page dumped because: kasan: bad access detected [ 14.721113] [ 14.721203] Memory state around the buggy address: [ 14.721551] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.721853] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.722175] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.722477] ^ [ 14.722650] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.722970] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.723209] ================================================================== [ 14.781782] ================================================================== [ 14.782087] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.782539] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.782891] [ 14.783008] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.783049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.783062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.783083] Call Trace: [ 14.783108] <TASK> [ 14.783124] dump_stack_lvl+0x73/0xb0 [ 14.783150] print_report+0xd1/0x650 [ 14.783173] ? __virt_addr_valid+0x1db/0x2d0 [ 14.783195] ? kasan_atomics_helper+0x164f/0x5450 [ 14.783221] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.783245] ? kasan_atomics_helper+0x164f/0x5450 [ 14.783268] kasan_report+0x141/0x180 [ 14.783289] ? kasan_atomics_helper+0x164f/0x5450 [ 14.783317] kasan_check_range+0x10c/0x1c0 [ 14.783352] __kasan_check_write+0x18/0x20 [ 14.783373] kasan_atomics_helper+0x164f/0x5450 [ 14.783396] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.783440] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.783466] ? kasan_atomics+0x152/0x310 [ 14.783492] kasan_atomics+0x1dc/0x310 [ 14.783531] ? __pfx_kasan_atomics+0x10/0x10 [ 14.783556] ? __pfx_read_tsc+0x10/0x10 [ 14.783577] ? ktime_get_ts64+0x86/0x230 [ 14.783601] kunit_try_run_case+0x1a5/0x480 [ 14.783624] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.783647] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.783669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.783693] ? __kthread_parkme+0x82/0x180 [ 14.783713] ? preempt_count_sub+0x50/0x80 [ 14.783737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.783778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.783802] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.783827] kthread+0x337/0x6f0 [ 14.783846] ? trace_preempt_on+0x20/0xc0 [ 14.783869] ? __pfx_kthread+0x10/0x10 [ 14.783890] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.783912] ? calculate_sigpending+0x7b/0xa0 [ 14.783936] ? __pfx_kthread+0x10/0x10 [ 14.783958] ret_from_fork+0x116/0x1d0 [ 14.783976] ? __pfx_kthread+0x10/0x10 [ 14.783997] ret_from_fork_asm+0x1a/0x30 [ 14.784028] </TASK> [ 14.784056] [ 14.791718] Allocated by task 283: [ 14.791929] kasan_save_stack+0x45/0x70 [ 14.792170] kasan_save_track+0x18/0x40 [ 14.792413] kasan_save_alloc_info+0x3b/0x50 [ 14.792665] __kasan_kmalloc+0xb7/0xc0 [ 14.792870] __kmalloc_cache_noprof+0x189/0x420 [ 14.793145] kasan_atomics+0x95/0x310 [ 14.793337] kunit_try_run_case+0x1a5/0x480 [ 14.793543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.793728] kthread+0x337/0x6f0 [ 14.793847] ret_from_fork+0x116/0x1d0 [ 14.793978] ret_from_fork_asm+0x1a/0x30 [ 14.794124] [ 14.794218] The buggy address belongs to the object at ffff8881038eb080 [ 14.794218] which belongs to the cache kmalloc-64 of size 64 [ 14.795427] The buggy address is located 0 bytes to the right of [ 14.795427] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.795943] [ 14.796036] The buggy address belongs to the physical page: [ 14.796275] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.797352] flags: 0x200000000000000(node=0|zone=2) [ 14.797540] page_type: f5(slab) [ 14.798355] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.798727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.799074] page dumped because: kasan: bad access detected [ 14.799357] [ 14.799453] Memory state around the buggy address: [ 14.799652] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.799876] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.800349] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.800982] ^ [ 14.801528] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.801988] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.802542] ================================================================== [ 15.010080] ================================================================== [ 15.010524] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 15.010806] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.011243] [ 15.011331] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.011374] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.011387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.011409] Call Trace: [ 15.011424] <TASK> [ 15.011438] dump_stack_lvl+0x73/0xb0 [ 15.011465] print_report+0xd1/0x650 [ 15.011489] ? __virt_addr_valid+0x1db/0x2d0 [ 15.011512] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.011534] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.011557] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.011580] kasan_report+0x141/0x180 [ 15.011603] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.011631] __asan_report_load8_noabort+0x18/0x20 [ 15.011667] kasan_atomics_helper+0x4f30/0x5450 [ 15.011691] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.011714] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.011739] ? kasan_atomics+0x152/0x310 [ 15.011766] kasan_atomics+0x1dc/0x310 [ 15.011789] ? __pfx_kasan_atomics+0x10/0x10 [ 15.011813] ? __pfx_read_tsc+0x10/0x10 [ 15.011836] ? ktime_get_ts64+0x86/0x230 [ 15.011859] kunit_try_run_case+0x1a5/0x480 [ 15.011884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.011906] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.011929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.011953] ? __kthread_parkme+0x82/0x180 [ 15.011976] ? preempt_count_sub+0x50/0x80 [ 15.012000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.012024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.012047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.012072] kthread+0x337/0x6f0 [ 15.012092] ? trace_preempt_on+0x20/0xc0 [ 15.012126] ? __pfx_kthread+0x10/0x10 [ 15.012147] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.012170] ? calculate_sigpending+0x7b/0xa0 [ 15.012193] ? __pfx_kthread+0x10/0x10 [ 15.012215] ret_from_fork+0x116/0x1d0 [ 15.012234] ? __pfx_kthread+0x10/0x10 [ 15.012255] ret_from_fork_asm+0x1a/0x30 [ 15.012286] </TASK> [ 15.012300] [ 15.019763] Allocated by task 283: [ 15.019925] kasan_save_stack+0x45/0x70 [ 15.020076] kasan_save_track+0x18/0x40 [ 15.020279] kasan_save_alloc_info+0x3b/0x50 [ 15.020571] __kasan_kmalloc+0xb7/0xc0 [ 15.020765] __kmalloc_cache_noprof+0x189/0x420 [ 15.020964] kasan_atomics+0x95/0x310 [ 15.021144] kunit_try_run_case+0x1a5/0x480 [ 15.021335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.021572] kthread+0x337/0x6f0 [ 15.021702] ret_from_fork+0x116/0x1d0 [ 15.021836] ret_from_fork_asm+0x1a/0x30 [ 15.021977] [ 15.022050] The buggy address belongs to the object at ffff8881038eb080 [ 15.022050] which belongs to the cache kmalloc-64 of size 64 [ 15.022645] The buggy address is located 0 bytes to the right of [ 15.022645] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.023213] [ 15.023309] The buggy address belongs to the physical page: [ 15.023507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.023752] flags: 0x200000000000000(node=0|zone=2) [ 15.023920] page_type: f5(slab) [ 15.024058] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.024502] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.024849] page dumped because: kasan: bad access detected [ 15.025115] [ 15.025215] Memory state around the buggy address: [ 15.025503] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.025762] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.026048] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.026380] ^ [ 15.026579] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.026867] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.027162] ================================================================== [ 15.168218] ================================================================== [ 15.168691] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 15.169009] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.169337] [ 15.169457] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.169499] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.169512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.169532] Call Trace: [ 15.169547] <TASK> [ 15.169563] dump_stack_lvl+0x73/0xb0 [ 15.169609] print_report+0xd1/0x650 [ 15.169631] ? __virt_addr_valid+0x1db/0x2d0 [ 15.169654] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.169676] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.169698] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.169721] kasan_report+0x141/0x180 [ 15.169759] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.169787] __asan_report_load8_noabort+0x18/0x20 [ 15.169812] kasan_atomics_helper+0x4f98/0x5450 [ 15.169836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.169859] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.169884] ? kasan_atomics+0x152/0x310 [ 15.169926] kasan_atomics+0x1dc/0x310 [ 15.169950] ? __pfx_kasan_atomics+0x10/0x10 [ 15.169974] ? __pfx_read_tsc+0x10/0x10 [ 15.169995] ? ktime_get_ts64+0x86/0x230 [ 15.170019] kunit_try_run_case+0x1a5/0x480 [ 15.170044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.170066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.170089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.170124] ? __kthread_parkme+0x82/0x180 [ 15.170145] ? preempt_count_sub+0x50/0x80 [ 15.170169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.170193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.170216] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.170241] kthread+0x337/0x6f0 [ 15.170261] ? trace_preempt_on+0x20/0xc0 [ 15.170285] ? __pfx_kthread+0x10/0x10 [ 15.170306] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.170344] ? calculate_sigpending+0x7b/0xa0 [ 15.170369] ? __pfx_kthread+0x10/0x10 [ 15.170391] ret_from_fork+0x116/0x1d0 [ 15.170411] ? __pfx_kthread+0x10/0x10 [ 15.170432] ret_from_fork_asm+0x1a/0x30 [ 15.170463] </TASK> [ 15.170475] [ 15.182254] Allocated by task 283: [ 15.182610] kasan_save_stack+0x45/0x70 [ 15.182970] kasan_save_track+0x18/0x40 [ 15.183360] kasan_save_alloc_info+0x3b/0x50 [ 15.183716] __kasan_kmalloc+0xb7/0xc0 [ 15.183844] __kmalloc_cache_noprof+0x189/0x420 [ 15.183995] kasan_atomics+0x95/0x310 [ 15.184135] kunit_try_run_case+0x1a5/0x480 [ 15.184279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.184474] kthread+0x337/0x6f0 [ 15.184593] ret_from_fork+0x116/0x1d0 [ 15.184882] ret_from_fork_asm+0x1a/0x30 [ 15.185071] [ 15.185178] The buggy address belongs to the object at ffff8881038eb080 [ 15.185178] which belongs to the cache kmalloc-64 of size 64 [ 15.185598] The buggy address is located 0 bytes to the right of [ 15.185598] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.186061] [ 15.186144] The buggy address belongs to the physical page: [ 15.186363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.186778] flags: 0x200000000000000(node=0|zone=2) [ 15.187040] page_type: f5(slab) [ 15.187299] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.187558] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.187855] page dumped because: kasan: bad access detected [ 15.188117] [ 15.188215] Memory state around the buggy address: [ 15.188415] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.188735] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.189028] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.189328] ^ [ 15.189521] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.189815] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.190105] ================================================================== [ 14.194522] ================================================================== [ 14.195083] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 14.195526] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.195919] [ 14.196044] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.196132] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.196147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.196169] Call Trace: [ 14.196186] <TASK> [ 14.196214] dump_stack_lvl+0x73/0xb0 [ 14.196289] print_report+0xd1/0x650 [ 14.196336] ? __virt_addr_valid+0x1db/0x2d0 [ 14.196370] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.196393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.196427] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.196450] kasan_report+0x141/0x180 [ 14.196474] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.196529] kasan_check_range+0x10c/0x1c0 [ 14.196553] __kasan_check_write+0x18/0x20 [ 14.196586] kasan_atomics_helper+0x8f9/0x5450 [ 14.196610] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.196633] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.196694] ? kasan_atomics+0x152/0x310 [ 14.196722] kasan_atomics+0x1dc/0x310 [ 14.196746] ? __pfx_kasan_atomics+0x10/0x10 [ 14.196781] ? __pfx_read_tsc+0x10/0x10 [ 14.196828] ? ktime_get_ts64+0x86/0x230 [ 14.196853] kunit_try_run_case+0x1a5/0x480 [ 14.196877] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.196913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.196936] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.196985] ? __kthread_parkme+0x82/0x180 [ 14.197021] ? preempt_count_sub+0x50/0x80 [ 14.197066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.197111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.197134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.197159] kthread+0x337/0x6f0 [ 14.197190] ? trace_preempt_on+0x20/0xc0 [ 14.197213] ? __pfx_kthread+0x10/0x10 [ 14.197236] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.197257] ? calculate_sigpending+0x7b/0xa0 [ 14.197281] ? __pfx_kthread+0x10/0x10 [ 14.197303] ret_from_fork+0x116/0x1d0 [ 14.197361] ? __pfx_kthread+0x10/0x10 [ 14.197386] ret_from_fork_asm+0x1a/0x30 [ 14.197418] </TASK> [ 14.197431] [ 14.206916] Allocated by task 283: [ 14.207117] kasan_save_stack+0x45/0x70 [ 14.207393] kasan_save_track+0x18/0x40 [ 14.207638] kasan_save_alloc_info+0x3b/0x50 [ 14.207864] __kasan_kmalloc+0xb7/0xc0 [ 14.208105] __kmalloc_cache_noprof+0x189/0x420 [ 14.208517] kasan_atomics+0x95/0x310 [ 14.208679] kunit_try_run_case+0x1a5/0x480 [ 14.208830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.209009] kthread+0x337/0x6f0 [ 14.209193] ret_from_fork+0x116/0x1d0 [ 14.209595] ret_from_fork_asm+0x1a/0x30 [ 14.209833] [ 14.209932] The buggy address belongs to the object at ffff8881038eb080 [ 14.209932] which belongs to the cache kmalloc-64 of size 64 [ 14.210598] The buggy address is located 0 bytes to the right of [ 14.210598] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.211252] [ 14.211376] The buggy address belongs to the physical page: [ 14.211655] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.212014] flags: 0x200000000000000(node=0|zone=2) [ 14.212424] page_type: f5(slab) [ 14.212708] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.213130] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.213496] page dumped because: kasan: bad access detected [ 14.213892] [ 14.213995] Memory state around the buggy address: [ 14.214272] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.214717] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.214947] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.215564] ^ [ 14.215784] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.216204] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.216539] ================================================================== [ 15.112527] ================================================================== [ 15.112875] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 15.113501] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.113874] [ 15.114005] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.114049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.114078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.114111] Call Trace: [ 15.114126] <TASK> [ 15.114142] dump_stack_lvl+0x73/0xb0 [ 15.114169] print_report+0xd1/0x650 [ 15.114192] ? __virt_addr_valid+0x1db/0x2d0 [ 15.114214] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.114236] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.114258] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.114282] kasan_report+0x141/0x180 [ 15.114322] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.114362] kasan_check_range+0x10c/0x1c0 [ 15.114387] __kasan_check_write+0x18/0x20 [ 15.114408] kasan_atomics_helper+0x1f43/0x5450 [ 15.114431] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.114454] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.114478] ? kasan_atomics+0x152/0x310 [ 15.114505] kasan_atomics+0x1dc/0x310 [ 15.114528] ? __pfx_kasan_atomics+0x10/0x10 [ 15.114552] ? __pfx_read_tsc+0x10/0x10 [ 15.114591] ? ktime_get_ts64+0x86/0x230 [ 15.114629] kunit_try_run_case+0x1a5/0x480 [ 15.114666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.114703] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.114754] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.114791] ? __kthread_parkme+0x82/0x180 [ 15.114824] ? preempt_count_sub+0x50/0x80 [ 15.114862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.114899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.114922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.114946] kthread+0x337/0x6f0 [ 15.114966] ? trace_preempt_on+0x20/0xc0 [ 15.114989] ? __pfx_kthread+0x10/0x10 [ 15.115010] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.115033] ? calculate_sigpending+0x7b/0xa0 [ 15.115057] ? __pfx_kthread+0x10/0x10 [ 15.115078] ret_from_fork+0x116/0x1d0 [ 15.115108] ? __pfx_kthread+0x10/0x10 [ 15.115129] ret_from_fork_asm+0x1a/0x30 [ 15.115159] </TASK> [ 15.115173] [ 15.122509] Allocated by task 283: [ 15.122699] kasan_save_stack+0x45/0x70 [ 15.122930] kasan_save_track+0x18/0x40 [ 15.123092] kasan_save_alloc_info+0x3b/0x50 [ 15.123310] __kasan_kmalloc+0xb7/0xc0 [ 15.123492] __kmalloc_cache_noprof+0x189/0x420 [ 15.123705] kasan_atomics+0x95/0x310 [ 15.123883] kunit_try_run_case+0x1a5/0x480 [ 15.124121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.124563] kthread+0x337/0x6f0 [ 15.124732] ret_from_fork+0x116/0x1d0 [ 15.124882] ret_from_fork_asm+0x1a/0x30 [ 15.125019] [ 15.125090] The buggy address belongs to the object at ffff8881038eb080 [ 15.125090] which belongs to the cache kmalloc-64 of size 64 [ 15.125763] The buggy address is located 0 bytes to the right of [ 15.125763] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.126355] [ 15.126457] The buggy address belongs to the physical page: [ 15.126702] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.126998] flags: 0x200000000000000(node=0|zone=2) [ 15.127169] page_type: f5(slab) [ 15.127298] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.127666] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.128022] page dumped because: kasan: bad access detected [ 15.128304] [ 15.128434] Memory state around the buggy address: [ 15.128609] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.128885] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.129247] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.129563] ^ [ 15.129741] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.130067] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.130385] ================================================================== [ 14.470493] ================================================================== [ 14.470807] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.471890] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.472432] [ 14.472658] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.472812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.472830] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.472854] Call Trace: [ 14.472872] <TASK> [ 14.472889] dump_stack_lvl+0x73/0xb0 [ 14.472919] print_report+0xd1/0x650 [ 14.472944] ? __virt_addr_valid+0x1db/0x2d0 [ 14.472968] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.472989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.473013] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.473038] kasan_report+0x141/0x180 [ 14.473061] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.473088] __asan_report_load4_noabort+0x18/0x20 [ 14.473128] kasan_atomics_helper+0x4a36/0x5450 [ 14.473151] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.473174] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.473200] ? kasan_atomics+0x152/0x310 [ 14.473226] kasan_atomics+0x1dc/0x310 [ 14.473249] ? __pfx_kasan_atomics+0x10/0x10 [ 14.473273] ? __pfx_read_tsc+0x10/0x10 [ 14.473295] ? ktime_get_ts64+0x86/0x230 [ 14.473320] kunit_try_run_case+0x1a5/0x480 [ 14.473345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.473367] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.473390] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.473414] ? __kthread_parkme+0x82/0x180 [ 14.473435] ? preempt_count_sub+0x50/0x80 [ 14.473458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.473483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.473507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.473531] kthread+0x337/0x6f0 [ 14.473551] ? trace_preempt_on+0x20/0xc0 [ 14.473575] ? __pfx_kthread+0x10/0x10 [ 14.473596] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.473617] ? calculate_sigpending+0x7b/0xa0 [ 14.473642] ? __pfx_kthread+0x10/0x10 [ 14.473664] ret_from_fork+0x116/0x1d0 [ 14.473682] ? __pfx_kthread+0x10/0x10 [ 14.473704] ret_from_fork_asm+0x1a/0x30 [ 14.473734] </TASK> [ 14.473748] [ 14.484539] Allocated by task 283: [ 14.484933] kasan_save_stack+0x45/0x70 [ 14.485241] kasan_save_track+0x18/0x40 [ 14.485520] kasan_save_alloc_info+0x3b/0x50 [ 14.485827] __kasan_kmalloc+0xb7/0xc0 [ 14.486013] __kmalloc_cache_noprof+0x189/0x420 [ 14.486238] kasan_atomics+0x95/0x310 [ 14.486473] kunit_try_run_case+0x1a5/0x480 [ 14.486947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.487316] kthread+0x337/0x6f0 [ 14.487585] ret_from_fork+0x116/0x1d0 [ 14.487861] ret_from_fork_asm+0x1a/0x30 [ 14.488192] [ 14.488272] The buggy address belongs to the object at ffff8881038eb080 [ 14.488272] which belongs to the cache kmalloc-64 of size 64 [ 14.488987] The buggy address is located 0 bytes to the right of [ 14.488987] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.489734] [ 14.489818] The buggy address belongs to the physical page: [ 14.490076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.490693] flags: 0x200000000000000(node=0|zone=2) [ 14.490923] page_type: f5(slab) [ 14.491186] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.491646] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.492070] page dumped because: kasan: bad access detected [ 14.492459] [ 14.492668] Memory state around the buggy address: [ 14.492836] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.493089] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.493623] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.493989] ^ [ 14.494290] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.494686] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.495080] ================================================================== [ 14.417145] ================================================================== [ 14.417967] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.418614] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.418938] [ 14.419056] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.419110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.419123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.419145] Call Trace: [ 14.419158] <TASK> [ 14.419174] dump_stack_lvl+0x73/0xb0 [ 14.419211] print_report+0xd1/0x650 [ 14.419234] ? __virt_addr_valid+0x1db/0x2d0 [ 14.419257] ? kasan_atomics_helper+0xf10/0x5450 [ 14.419279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.419303] ? kasan_atomics_helper+0xf10/0x5450 [ 14.419604] kasan_report+0x141/0x180 [ 14.419636] ? kasan_atomics_helper+0xf10/0x5450 [ 14.419665] kasan_check_range+0x10c/0x1c0 [ 14.419689] __kasan_check_write+0x18/0x20 [ 14.419710] kasan_atomics_helper+0xf10/0x5450 [ 14.419737] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.419761] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.419786] ? kasan_atomics+0x152/0x310 [ 14.419812] kasan_atomics+0x1dc/0x310 [ 14.419836] ? __pfx_kasan_atomics+0x10/0x10 [ 14.419861] ? __pfx_read_tsc+0x10/0x10 [ 14.419883] ? ktime_get_ts64+0x86/0x230 [ 14.419907] kunit_try_run_case+0x1a5/0x480 [ 14.419932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.419954] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.419978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.420001] ? __kthread_parkme+0x82/0x180 [ 14.420022] ? preempt_count_sub+0x50/0x80 [ 14.420047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.420071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.420108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.420133] kthread+0x337/0x6f0 [ 14.420153] ? trace_preempt_on+0x20/0xc0 [ 14.420177] ? __pfx_kthread+0x10/0x10 [ 14.420198] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.420220] ? calculate_sigpending+0x7b/0xa0 [ 14.420244] ? __pfx_kthread+0x10/0x10 [ 14.420267] ret_from_fork+0x116/0x1d0 [ 14.420285] ? __pfx_kthread+0x10/0x10 [ 14.420307] ret_from_fork_asm+0x1a/0x30 [ 14.420337] </TASK> [ 14.420350] [ 14.430515] Allocated by task 283: [ 14.430840] kasan_save_stack+0x45/0x70 [ 14.431169] kasan_save_track+0x18/0x40 [ 14.431372] kasan_save_alloc_info+0x3b/0x50 [ 14.431710] __kasan_kmalloc+0xb7/0xc0 [ 14.431892] __kmalloc_cache_noprof+0x189/0x420 [ 14.432127] kasan_atomics+0x95/0x310 [ 14.432319] kunit_try_run_case+0x1a5/0x480 [ 14.432757] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.433075] kthread+0x337/0x6f0 [ 14.433243] ret_from_fork+0x116/0x1d0 [ 14.433616] ret_from_fork_asm+0x1a/0x30 [ 14.433885] [ 14.433991] The buggy address belongs to the object at ffff8881038eb080 [ 14.433991] which belongs to the cache kmalloc-64 of size 64 [ 14.434769] The buggy address is located 0 bytes to the right of [ 14.434769] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.435424] [ 14.435525] The buggy address belongs to the physical page: [ 14.435888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.436296] flags: 0x200000000000000(node=0|zone=2) [ 14.436594] page_type: f5(slab) [ 14.436918] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.437352] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.437803] page dumped because: kasan: bad access detected [ 14.438137] [ 14.438239] Memory state around the buggy address: [ 14.438637] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.438948] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.439267] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.439792] ^ [ 14.440114] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.440595] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.440894] ================================================================== [ 14.240147] ================================================================== [ 14.240648] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 14.240982] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.241374] [ 14.241508] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.241584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.241598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.241648] Call Trace: [ 14.241666] <TASK> [ 14.241682] dump_stack_lvl+0x73/0xb0 [ 14.241721] print_report+0xd1/0x650 [ 14.241744] ? __virt_addr_valid+0x1db/0x2d0 [ 14.241767] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.241788] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.241837] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.241861] kasan_report+0x141/0x180 [ 14.241885] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.241923] kasan_check_range+0x10c/0x1c0 [ 14.241947] __kasan_check_write+0x18/0x20 [ 14.241966] kasan_atomics_helper+0xa2b/0x5450 [ 14.241989] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.242012] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.242037] ? kasan_atomics+0x152/0x310 [ 14.242064] kasan_atomics+0x1dc/0x310 [ 14.242088] ? __pfx_kasan_atomics+0x10/0x10 [ 14.242123] ? __pfx_read_tsc+0x10/0x10 [ 14.242144] ? ktime_get_ts64+0x86/0x230 [ 14.242212] kunit_try_run_case+0x1a5/0x480 [ 14.242238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.242261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.242327] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.242352] ? __kthread_parkme+0x82/0x180 [ 14.242402] ? preempt_count_sub+0x50/0x80 [ 14.242439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.242463] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.242498] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.242522] kthread+0x337/0x6f0 [ 14.242543] ? trace_preempt_on+0x20/0xc0 [ 14.242594] ? __pfx_kthread+0x10/0x10 [ 14.242616] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.242639] ? calculate_sigpending+0x7b/0xa0 [ 14.242675] ? __pfx_kthread+0x10/0x10 [ 14.242697] ret_from_fork+0x116/0x1d0 [ 14.242716] ? __pfx_kthread+0x10/0x10 [ 14.242738] ret_from_fork_asm+0x1a/0x30 [ 14.242769] </TASK> [ 14.242781] [ 14.252619] Allocated by task 283: [ 14.252846] kasan_save_stack+0x45/0x70 [ 14.253039] kasan_save_track+0x18/0x40 [ 14.253320] kasan_save_alloc_info+0x3b/0x50 [ 14.253669] __kasan_kmalloc+0xb7/0xc0 [ 14.253879] __kmalloc_cache_noprof+0x189/0x420 [ 14.254182] kasan_atomics+0x95/0x310 [ 14.255407] kunit_try_run_case+0x1a5/0x480 [ 14.255723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.255903] kthread+0x337/0x6f0 [ 14.256026] ret_from_fork+0x116/0x1d0 [ 14.256268] ret_from_fork_asm+0x1a/0x30 [ 14.256708] [ 14.256915] The buggy address belongs to the object at ffff8881038eb080 [ 14.256915] which belongs to the cache kmalloc-64 of size 64 [ 14.258171] The buggy address is located 0 bytes to the right of [ 14.258171] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.259541] [ 14.259725] The buggy address belongs to the physical page: [ 14.260137] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.260712] flags: 0x200000000000000(node=0|zone=2) [ 14.260886] page_type: f5(slab) [ 14.261011] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.261323] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.261784] page dumped because: kasan: bad access detected [ 14.262046] [ 14.262205] Memory state around the buggy address: [ 14.262563] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.262910] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.263404] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.263717] ^ [ 14.263926] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.264446] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.264756] ================================================================== [ 14.626653] ================================================================== [ 14.626999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.627363] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.627954] [ 14.628069] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.628126] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.628140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.628175] Call Trace: [ 14.628189] <TASK> [ 14.628204] dump_stack_lvl+0x73/0xb0 [ 14.628231] print_report+0xd1/0x650 [ 14.628254] ? __virt_addr_valid+0x1db/0x2d0 [ 14.628278] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.628300] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.628323] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.628344] kasan_report+0x141/0x180 [ 14.628367] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.628394] kasan_check_range+0x10c/0x1c0 [ 14.628418] __kasan_check_write+0x18/0x20 [ 14.628437] kasan_atomics_helper+0x12e6/0x5450 [ 14.628460] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.628483] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.628507] ? kasan_atomics+0x152/0x310 [ 14.628533] kasan_atomics+0x1dc/0x310 [ 14.628557] ? __pfx_kasan_atomics+0x10/0x10 [ 14.628580] ? __pfx_read_tsc+0x10/0x10 [ 14.628602] ? ktime_get_ts64+0x86/0x230 [ 14.628625] kunit_try_run_case+0x1a5/0x480 [ 14.628650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.628672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.628695] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.628718] ? __kthread_parkme+0x82/0x180 [ 14.628738] ? preempt_count_sub+0x50/0x80 [ 14.628762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.628785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.628809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.628833] kthread+0x337/0x6f0 [ 14.628853] ? trace_preempt_on+0x20/0xc0 [ 14.628876] ? __pfx_kthread+0x10/0x10 [ 14.628897] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.628919] ? calculate_sigpending+0x7b/0xa0 [ 14.628942] ? __pfx_kthread+0x10/0x10 [ 14.628964] ret_from_fork+0x116/0x1d0 [ 14.628982] ? __pfx_kthread+0x10/0x10 [ 14.629003] ret_from_fork_asm+0x1a/0x30 [ 14.629034] </TASK> [ 14.629047] [ 14.636580] Allocated by task 283: [ 14.636717] kasan_save_stack+0x45/0x70 [ 14.636893] kasan_save_track+0x18/0x40 [ 14.637089] kasan_save_alloc_info+0x3b/0x50 [ 14.637317] __kasan_kmalloc+0xb7/0xc0 [ 14.637491] __kmalloc_cache_noprof+0x189/0x420 [ 14.637707] kasan_atomics+0x95/0x310 [ 14.637862] kunit_try_run_case+0x1a5/0x480 [ 14.638075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.638310] kthread+0x337/0x6f0 [ 14.638485] ret_from_fork+0x116/0x1d0 [ 14.638630] ret_from_fork_asm+0x1a/0x30 [ 14.638816] [ 14.638904] The buggy address belongs to the object at ffff8881038eb080 [ 14.638904] which belongs to the cache kmalloc-64 of size 64 [ 14.639438] The buggy address is located 0 bytes to the right of [ 14.639438] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.639857] [ 14.639954] The buggy address belongs to the physical page: [ 14.640203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.640467] flags: 0x200000000000000(node=0|zone=2) [ 14.640820] page_type: f5(slab) [ 14.640995] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.641324] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.641669] page dumped because: kasan: bad access detected [ 14.641906] [ 14.641991] Memory state around the buggy address: [ 14.642199] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.642419] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.642642] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.642860] ^ [ 14.643018] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.643311] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.643642] ================================================================== [ 14.377443] ================================================================== [ 14.377756] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.378078] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.378498] [ 14.378607] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.378650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.378662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.378683] Call Trace: [ 14.378700] <TASK> [ 14.378714] dump_stack_lvl+0x73/0xb0 [ 14.378757] print_report+0xd1/0x650 [ 14.378780] ? __virt_addr_valid+0x1db/0x2d0 [ 14.378803] ? kasan_atomics_helper+0xde0/0x5450 [ 14.378824] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.378846] ? kasan_atomics_helper+0xde0/0x5450 [ 14.378869] kasan_report+0x141/0x180 [ 14.378892] ? kasan_atomics_helper+0xde0/0x5450 [ 14.378918] kasan_check_range+0x10c/0x1c0 [ 14.378942] __kasan_check_write+0x18/0x20 [ 14.378962] kasan_atomics_helper+0xde0/0x5450 [ 14.378985] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.379008] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.379034] ? kasan_atomics+0x152/0x310 [ 14.379061] kasan_atomics+0x1dc/0x310 [ 14.379084] ? __pfx_kasan_atomics+0x10/0x10 [ 14.379121] ? __pfx_read_tsc+0x10/0x10 [ 14.379206] ? ktime_get_ts64+0x86/0x230 [ 14.379234] kunit_try_run_case+0x1a5/0x480 [ 14.379258] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.379281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.379304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.379327] ? __kthread_parkme+0x82/0x180 [ 14.379364] ? preempt_count_sub+0x50/0x80 [ 14.379388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.379413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.379438] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.379462] kthread+0x337/0x6f0 [ 14.379482] ? trace_preempt_on+0x20/0xc0 [ 14.379507] ? __pfx_kthread+0x10/0x10 [ 14.379528] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.379550] ? calculate_sigpending+0x7b/0xa0 [ 14.379573] ? __pfx_kthread+0x10/0x10 [ 14.379596] ret_from_fork+0x116/0x1d0 [ 14.379615] ? __pfx_kthread+0x10/0x10 [ 14.379637] ret_from_fork_asm+0x1a/0x30 [ 14.379668] </TASK> [ 14.379679] [ 14.387623] Allocated by task 283: [ 14.387814] kasan_save_stack+0x45/0x70 [ 14.388024] kasan_save_track+0x18/0x40 [ 14.388392] kasan_save_alloc_info+0x3b/0x50 [ 14.388617] __kasan_kmalloc+0xb7/0xc0 [ 14.388816] __kmalloc_cache_noprof+0x189/0x420 [ 14.389013] kasan_atomics+0x95/0x310 [ 14.389277] kunit_try_run_case+0x1a5/0x480 [ 14.389508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.389739] kthread+0x337/0x6f0 [ 14.389899] ret_from_fork+0x116/0x1d0 [ 14.390056] ret_from_fork_asm+0x1a/0x30 [ 14.390309] [ 14.390433] The buggy address belongs to the object at ffff8881038eb080 [ 14.390433] which belongs to the cache kmalloc-64 of size 64 [ 14.390915] The buggy address is located 0 bytes to the right of [ 14.390915] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.391442] [ 14.391519] The buggy address belongs to the physical page: [ 14.391694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.392040] flags: 0x200000000000000(node=0|zone=2) [ 14.392361] page_type: f5(slab) [ 14.392539] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.392885] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.393375] page dumped because: kasan: bad access detected [ 14.393588] [ 14.393663] Memory state around the buggy address: [ 14.393860] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.394268] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.394614] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.394943] ^ [ 14.395266] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.395625] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.395899] ================================================================== [ 14.974583] ================================================================== [ 14.974892] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 14.975291] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.975660] [ 14.975775] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.975820] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.975833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.975856] Call Trace: [ 14.975872] <TASK> [ 14.975889] dump_stack_lvl+0x73/0xb0 [ 14.975916] print_report+0xd1/0x650 [ 14.975938] ? __virt_addr_valid+0x1db/0x2d0 [ 14.975963] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.975984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.976008] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.976030] kasan_report+0x141/0x180 [ 14.976052] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.976079] kasan_check_range+0x10c/0x1c0 [ 14.976123] __kasan_check_write+0x18/0x20 [ 14.976145] kasan_atomics_helper+0x1b22/0x5450 [ 14.976167] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.976190] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.976215] ? kasan_atomics+0x152/0x310 [ 14.976243] kasan_atomics+0x1dc/0x310 [ 14.976267] ? __pfx_kasan_atomics+0x10/0x10 [ 14.976291] ? __pfx_read_tsc+0x10/0x10 [ 14.976312] ? ktime_get_ts64+0x86/0x230 [ 14.976336] kunit_try_run_case+0x1a5/0x480 [ 14.976361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.976383] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.976406] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.976429] ? __kthread_parkme+0x82/0x180 [ 14.976450] ? preempt_count_sub+0x50/0x80 [ 14.976475] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.976500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.976524] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.976549] kthread+0x337/0x6f0 [ 14.976569] ? trace_preempt_on+0x20/0xc0 [ 14.976593] ? __pfx_kthread+0x10/0x10 [ 14.976614] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.976646] ? calculate_sigpending+0x7b/0xa0 [ 14.976670] ? __pfx_kthread+0x10/0x10 [ 14.976692] ret_from_fork+0x116/0x1d0 [ 14.976710] ? __pfx_kthread+0x10/0x10 [ 14.976732] ret_from_fork_asm+0x1a/0x30 [ 14.976762] </TASK> [ 14.976773] [ 14.984311] Allocated by task 283: [ 14.984446] kasan_save_stack+0x45/0x70 [ 14.984594] kasan_save_track+0x18/0x40 [ 14.984732] kasan_save_alloc_info+0x3b/0x50 [ 14.984986] __kasan_kmalloc+0xb7/0xc0 [ 14.985183] __kmalloc_cache_noprof+0x189/0x420 [ 14.985536] kasan_atomics+0x95/0x310 [ 14.985726] kunit_try_run_case+0x1a5/0x480 [ 14.985933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.986196] kthread+0x337/0x6f0 [ 14.986332] ret_from_fork+0x116/0x1d0 [ 14.986517] ret_from_fork_asm+0x1a/0x30 [ 14.986659] [ 14.986733] The buggy address belongs to the object at ffff8881038eb080 [ 14.986733] which belongs to the cache kmalloc-64 of size 64 [ 14.987247] The buggy address is located 0 bytes to the right of [ 14.987247] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.987908] [ 14.987989] The buggy address belongs to the physical page: [ 14.988209] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.988577] flags: 0x200000000000000(node=0|zone=2) [ 14.988803] page_type: f5(slab) [ 14.988941] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.989242] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.989604] page dumped because: kasan: bad access detected [ 14.989799] [ 14.989872] Memory state around the buggy address: [ 14.990030] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.990339] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.990659] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.990940] ^ [ 14.991153] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.991534] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.991801] ================================================================== [ 14.038813] ================================================================== [ 14.039222] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 14.039887] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.040367] [ 14.040458] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.040503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.040516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.040538] Call Trace: [ 14.040552] <TASK> [ 14.040568] dump_stack_lvl+0x73/0xb0 [ 14.040596] print_report+0xd1/0x650 [ 14.040619] ? __virt_addr_valid+0x1db/0x2d0 [ 14.040642] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.040678] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.040701] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.040735] kasan_report+0x141/0x180 [ 14.040758] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.040784] __asan_report_store4_noabort+0x1b/0x30 [ 14.040805] kasan_atomics_helper+0x4b3a/0x5450 [ 14.040839] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.040862] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.040897] ? kasan_atomics+0x152/0x310 [ 14.040925] kasan_atomics+0x1dc/0x310 [ 14.040948] ? __pfx_kasan_atomics+0x10/0x10 [ 14.040973] ? __pfx_read_tsc+0x10/0x10 [ 14.041002] ? ktime_get_ts64+0x86/0x230 [ 14.041026] kunit_try_run_case+0x1a5/0x480 [ 14.041049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.041084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.041118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.041141] ? __kthread_parkme+0x82/0x180 [ 14.041161] ? preempt_count_sub+0x50/0x80 [ 14.041195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.041218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.041242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.041315] kthread+0x337/0x6f0 [ 14.041349] ? trace_preempt_on+0x20/0xc0 [ 14.041383] ? __pfx_kthread+0x10/0x10 [ 14.041405] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.041427] ? calculate_sigpending+0x7b/0xa0 [ 14.041461] ? __pfx_kthread+0x10/0x10 [ 14.041483] ret_from_fork+0x116/0x1d0 [ 14.041502] ? __pfx_kthread+0x10/0x10 [ 14.041523] ret_from_fork_asm+0x1a/0x30 [ 14.041563] </TASK> [ 14.041576] [ 14.049920] Allocated by task 283: [ 14.050078] kasan_save_stack+0x45/0x70 [ 14.050337] kasan_save_track+0x18/0x40 [ 14.050655] kasan_save_alloc_info+0x3b/0x50 [ 14.050887] __kasan_kmalloc+0xb7/0xc0 [ 14.051084] __kmalloc_cache_noprof+0x189/0x420 [ 14.051286] kasan_atomics+0x95/0x310 [ 14.051557] kunit_try_run_case+0x1a5/0x480 [ 14.051731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.051912] kthread+0x337/0x6f0 [ 14.052037] ret_from_fork+0x116/0x1d0 [ 14.052219] ret_from_fork_asm+0x1a/0x30 [ 14.052578] [ 14.052754] The buggy address belongs to the object at ffff8881038eb080 [ 14.052754] which belongs to the cache kmalloc-64 of size 64 [ 14.053256] The buggy address is located 0 bytes to the right of [ 14.053256] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.053903] [ 14.054033] The buggy address belongs to the physical page: [ 14.054411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.054997] flags: 0x200000000000000(node=0|zone=2) [ 14.055494] page_type: f5(slab) [ 14.055642] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.055880] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.056210] page dumped because: kasan: bad access detected [ 14.056464] [ 14.056560] Memory state around the buggy address: [ 14.056783] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.057084] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.057314] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.057533] ^ [ 14.057797] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.058142] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.058698] ================================================================== [ 14.644584] ================================================================== [ 14.644927] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.645231] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.645867] [ 14.645987] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.646032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.646048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.646071] Call Trace: [ 14.646086] <TASK> [ 14.646113] dump_stack_lvl+0x73/0xb0 [ 14.646140] print_report+0xd1/0x650 [ 14.646164] ? __virt_addr_valid+0x1db/0x2d0 [ 14.646186] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.646208] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.646232] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.646254] kasan_report+0x141/0x180 [ 14.646277] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.646304] __asan_report_load4_noabort+0x18/0x20 [ 14.646338] kasan_atomics_helper+0x49ce/0x5450 [ 14.646362] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.646384] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.646410] ? kasan_atomics+0x152/0x310 [ 14.646437] kasan_atomics+0x1dc/0x310 [ 14.646459] ? __pfx_kasan_atomics+0x10/0x10 [ 14.646484] ? __pfx_read_tsc+0x10/0x10 [ 14.646504] ? ktime_get_ts64+0x86/0x230 [ 14.646529] kunit_try_run_case+0x1a5/0x480 [ 14.646553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.646575] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.646597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.646620] ? __kthread_parkme+0x82/0x180 [ 14.646641] ? preempt_count_sub+0x50/0x80 [ 14.646664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.646687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.646710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.646734] kthread+0x337/0x6f0 [ 14.646753] ? trace_preempt_on+0x20/0xc0 [ 14.646776] ? __pfx_kthread+0x10/0x10 [ 14.646798] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.646819] ? calculate_sigpending+0x7b/0xa0 [ 14.646842] ? __pfx_kthread+0x10/0x10 [ 14.646864] ret_from_fork+0x116/0x1d0 [ 14.646884] ? __pfx_kthread+0x10/0x10 [ 14.646905] ret_from_fork_asm+0x1a/0x30 [ 14.646935] </TASK> [ 14.646947] [ 14.654149] Allocated by task 283: [ 14.654341] kasan_save_stack+0x45/0x70 [ 14.654546] kasan_save_track+0x18/0x40 [ 14.654699] kasan_save_alloc_info+0x3b/0x50 [ 14.654852] __kasan_kmalloc+0xb7/0xc0 [ 14.655042] __kmalloc_cache_noprof+0x189/0x420 [ 14.655284] kasan_atomics+0x95/0x310 [ 14.655546] kunit_try_run_case+0x1a5/0x480 [ 14.655727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.655961] kthread+0x337/0x6f0 [ 14.656136] ret_from_fork+0x116/0x1d0 [ 14.656304] ret_from_fork_asm+0x1a/0x30 [ 14.656480] [ 14.656554] The buggy address belongs to the object at ffff8881038eb080 [ 14.656554] which belongs to the cache kmalloc-64 of size 64 [ 14.656985] The buggy address is located 0 bytes to the right of [ 14.656985] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.657675] [ 14.657751] The buggy address belongs to the physical page: [ 14.657926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.658248] flags: 0x200000000000000(node=0|zone=2) [ 14.658688] page_type: f5(slab) [ 14.658862] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.659224] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.659595] page dumped because: kasan: bad access detected [ 14.659807] [ 14.659903] Memory state around the buggy address: [ 14.660139] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.660437] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.660788] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.661037] ^ [ 14.661205] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.661425] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.661641] ================================================================== [ 14.925513] ================================================================== [ 14.926278] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 14.926722] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.927241] [ 14.927536] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.927585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.927600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.927623] Call Trace: [ 14.927637] <TASK> [ 14.927652] dump_stack_lvl+0x73/0xb0 [ 14.927681] print_report+0xd1/0x650 [ 14.927705] ? __virt_addr_valid+0x1db/0x2d0 [ 14.927727] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.927749] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.927774] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.927797] kasan_report+0x141/0x180 [ 14.927819] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.927846] kasan_check_range+0x10c/0x1c0 [ 14.927871] __kasan_check_write+0x18/0x20 [ 14.927890] kasan_atomics_helper+0x19e3/0x5450 [ 14.927913] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.927936] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.927961] ? kasan_atomics+0x152/0x310 [ 14.927989] kasan_atomics+0x1dc/0x310 [ 14.928011] ? __pfx_kasan_atomics+0x10/0x10 [ 14.928036] ? __pfx_read_tsc+0x10/0x10 [ 14.928056] ? ktime_get_ts64+0x86/0x230 [ 14.928080] kunit_try_run_case+0x1a5/0x480 [ 14.928119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.928141] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.928164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.928188] ? __kthread_parkme+0x82/0x180 [ 14.928208] ? preempt_count_sub+0x50/0x80 [ 14.928232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.928256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.928279] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.928302] kthread+0x337/0x6f0 [ 14.928334] ? trace_preempt_on+0x20/0xc0 [ 14.928357] ? __pfx_kthread+0x10/0x10 [ 14.928378] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.928400] ? calculate_sigpending+0x7b/0xa0 [ 14.928425] ? __pfx_kthread+0x10/0x10 [ 14.928448] ret_from_fork+0x116/0x1d0 [ 14.928467] ? __pfx_kthread+0x10/0x10 [ 14.928489] ret_from_fork_asm+0x1a/0x30 [ 14.928519] </TASK> [ 14.928531] [ 14.938927] Allocated by task 283: [ 14.939316] kasan_save_stack+0x45/0x70 [ 14.939624] kasan_save_track+0x18/0x40 [ 14.939893] kasan_save_alloc_info+0x3b/0x50 [ 14.940193] __kasan_kmalloc+0xb7/0xc0 [ 14.940570] __kmalloc_cache_noprof+0x189/0x420 [ 14.940880] kasan_atomics+0x95/0x310 [ 14.941165] kunit_try_run_case+0x1a5/0x480 [ 14.941532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.941761] kthread+0x337/0x6f0 [ 14.941932] ret_from_fork+0x116/0x1d0 [ 14.942120] ret_from_fork_asm+0x1a/0x30 [ 14.942310] [ 14.942713] The buggy address belongs to the object at ffff8881038eb080 [ 14.942713] which belongs to the cache kmalloc-64 of size 64 [ 14.943297] The buggy address is located 0 bytes to the right of [ 14.943297] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.944083] [ 14.944313] The buggy address belongs to the physical page: [ 14.944663] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.945109] flags: 0x200000000000000(node=0|zone=2) [ 14.945327] page_type: f5(slab) [ 14.945568] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.946148] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.946576] page dumped because: kasan: bad access detected [ 14.946909] [ 14.947128] Memory state around the buggy address: [ 14.947534] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.947852] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.948269] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.948670] ^ [ 14.948904] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.949174] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.949708] ================================================================== [ 14.171727] ================================================================== [ 14.172052] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 14.172297] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.172942] [ 14.173029] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.173072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.173085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.173116] Call Trace: [ 14.173130] <TASK> [ 14.173145] dump_stack_lvl+0x73/0xb0 [ 14.173172] print_report+0xd1/0x650 [ 14.173195] ? __virt_addr_valid+0x1db/0x2d0 [ 14.173218] ? kasan_atomics_helper+0x860/0x5450 [ 14.173240] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.173263] ? kasan_atomics_helper+0x860/0x5450 [ 14.173285] kasan_report+0x141/0x180 [ 14.173308] ? kasan_atomics_helper+0x860/0x5450 [ 14.173335] kasan_check_range+0x10c/0x1c0 [ 14.173359] __kasan_check_write+0x18/0x20 [ 14.173379] kasan_atomics_helper+0x860/0x5450 [ 14.173404] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.173428] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.173453] ? kasan_atomics+0x152/0x310 [ 14.173480] kasan_atomics+0x1dc/0x310 [ 14.173536] ? __pfx_kasan_atomics+0x10/0x10 [ 14.173561] ? __pfx_read_tsc+0x10/0x10 [ 14.173582] ? ktime_get_ts64+0x86/0x230 [ 14.173646] kunit_try_run_case+0x1a5/0x480 [ 14.173749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.173774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.173798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.173821] ? __kthread_parkme+0x82/0x180 [ 14.173842] ? preempt_count_sub+0x50/0x80 [ 14.173866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.173889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.173913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.173966] kthread+0x337/0x6f0 [ 14.173986] ? trace_preempt_on+0x20/0xc0 [ 14.174010] ? __pfx_kthread+0x10/0x10 [ 14.174043] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.174066] ? calculate_sigpending+0x7b/0xa0 [ 14.174091] ? __pfx_kthread+0x10/0x10 [ 14.174122] ret_from_fork+0x116/0x1d0 [ 14.174141] ? __pfx_kthread+0x10/0x10 [ 14.174204] ret_from_fork_asm+0x1a/0x30 [ 14.174269] </TASK> [ 14.174282] [ 14.183728] Allocated by task 283: [ 14.183922] kasan_save_stack+0x45/0x70 [ 14.184126] kasan_save_track+0x18/0x40 [ 14.184322] kasan_save_alloc_info+0x3b/0x50 [ 14.185040] __kasan_kmalloc+0xb7/0xc0 [ 14.185423] __kmalloc_cache_noprof+0x189/0x420 [ 14.185663] kasan_atomics+0x95/0x310 [ 14.185801] kunit_try_run_case+0x1a5/0x480 [ 14.185945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.186140] kthread+0x337/0x6f0 [ 14.186635] ret_from_fork+0x116/0x1d0 [ 14.186979] ret_from_fork_asm+0x1a/0x30 [ 14.187136] [ 14.187217] The buggy address belongs to the object at ffff8881038eb080 [ 14.187217] which belongs to the cache kmalloc-64 of size 64 [ 14.187564] The buggy address is located 0 bytes to the right of [ 14.187564] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.188693] [ 14.188774] The buggy address belongs to the physical page: [ 14.189504] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.189838] flags: 0x200000000000000(node=0|zone=2) [ 14.190004] page_type: f5(slab) [ 14.190517] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.191088] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.191477] page dumped because: kasan: bad access detected [ 14.191655] [ 14.191728] Memory state around the buggy address: [ 14.191885] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.192191] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.192640] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.192994] ^ [ 14.193319] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.193643] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.193856] ================================================================== [ 14.396367] ================================================================== [ 14.396715] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.397013] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.397408] [ 14.397521] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.397562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.397576] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.397598] Call Trace: [ 14.397614] <TASK> [ 14.397629] dump_stack_lvl+0x73/0xb0 [ 14.397656] print_report+0xd1/0x650 [ 14.397679] ? __virt_addr_valid+0x1db/0x2d0 [ 14.397701] ? kasan_atomics_helper+0xe78/0x5450 [ 14.397723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.397746] ? kasan_atomics_helper+0xe78/0x5450 [ 14.397768] kasan_report+0x141/0x180 [ 14.397790] ? kasan_atomics_helper+0xe78/0x5450 [ 14.397818] kasan_check_range+0x10c/0x1c0 [ 14.397843] __kasan_check_write+0x18/0x20 [ 14.397864] kasan_atomics_helper+0xe78/0x5450 [ 14.397887] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.397910] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.397938] ? kasan_atomics+0x152/0x310 [ 14.397965] kasan_atomics+0x1dc/0x310 [ 14.397989] ? __pfx_kasan_atomics+0x10/0x10 [ 14.398013] ? __pfx_read_tsc+0x10/0x10 [ 14.398035] ? ktime_get_ts64+0x86/0x230 [ 14.398059] kunit_try_run_case+0x1a5/0x480 [ 14.398083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.398117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.398203] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.398230] ? __kthread_parkme+0x82/0x180 [ 14.398251] ? preempt_count_sub+0x50/0x80 [ 14.398274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.398299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.398322] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.398362] kthread+0x337/0x6f0 [ 14.398383] ? trace_preempt_on+0x20/0xc0 [ 14.398407] ? __pfx_kthread+0x10/0x10 [ 14.398428] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.398454] ? calculate_sigpending+0x7b/0xa0 [ 14.398480] ? __pfx_kthread+0x10/0x10 [ 14.398504] ret_from_fork+0x116/0x1d0 [ 14.398524] ? __pfx_kthread+0x10/0x10 [ 14.398545] ret_from_fork_asm+0x1a/0x30 [ 14.398576] </TASK> [ 14.398590] [ 14.406645] Allocated by task 283: [ 14.406832] kasan_save_stack+0x45/0x70 [ 14.407039] kasan_save_track+0x18/0x40 [ 14.407464] kasan_save_alloc_info+0x3b/0x50 [ 14.407679] __kasan_kmalloc+0xb7/0xc0 [ 14.407850] __kmalloc_cache_noprof+0x189/0x420 [ 14.408035] kasan_atomics+0x95/0x310 [ 14.408275] kunit_try_run_case+0x1a5/0x480 [ 14.408512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.408757] kthread+0x337/0x6f0 [ 14.408907] ret_from_fork+0x116/0x1d0 [ 14.409119] ret_from_fork_asm+0x1a/0x30 [ 14.409384] [ 14.409460] The buggy address belongs to the object at ffff8881038eb080 [ 14.409460] which belongs to the cache kmalloc-64 of size 64 [ 14.409843] The buggy address is located 0 bytes to the right of [ 14.409843] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.410481] [ 14.410584] The buggy address belongs to the physical page: [ 14.410801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.411046] flags: 0x200000000000000(node=0|zone=2) [ 14.411384] page_type: f5(slab) [ 14.411556] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.411901] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.412245] page dumped because: kasan: bad access detected [ 14.412487] [ 14.412582] Memory state around the buggy address: [ 14.412761] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.413076] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.413599] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.413861] ^ [ 14.414021] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.414426] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.414748] ================================================================== [ 15.046974] ================================================================== [ 15.047507] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 15.047854] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.048200] [ 15.048311] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.049175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.049194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.049217] Call Trace: [ 15.049235] <TASK> [ 15.049250] dump_stack_lvl+0x73/0xb0 [ 15.049280] print_report+0xd1/0x650 [ 15.049304] ? __virt_addr_valid+0x1db/0x2d0 [ 15.049336] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.049358] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.049382] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.049404] kasan_report+0x141/0x180 [ 15.049427] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.049456] kasan_check_range+0x10c/0x1c0 [ 15.049482] __kasan_check_write+0x18/0x20 [ 15.049503] kasan_atomics_helper+0x1d7a/0x5450 [ 15.049527] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.049550] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.049575] ? kasan_atomics+0x152/0x310 [ 15.049601] kasan_atomics+0x1dc/0x310 [ 15.049624] ? __pfx_kasan_atomics+0x10/0x10 [ 15.049649] ? __pfx_read_tsc+0x10/0x10 [ 15.049673] ? ktime_get_ts64+0x86/0x230 [ 15.049697] kunit_try_run_case+0x1a5/0x480 [ 15.049722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.049744] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.049766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.049789] ? __kthread_parkme+0x82/0x180 [ 15.049809] ? preempt_count_sub+0x50/0x80 [ 15.049833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.049858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.049880] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.049903] kthread+0x337/0x6f0 [ 15.049923] ? trace_preempt_on+0x20/0xc0 [ 15.049947] ? __pfx_kthread+0x10/0x10 [ 15.049967] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.049989] ? calculate_sigpending+0x7b/0xa0 [ 15.050012] ? __pfx_kthread+0x10/0x10 [ 15.050033] ret_from_fork+0x116/0x1d0 [ 15.050053] ? __pfx_kthread+0x10/0x10 [ 15.050073] ret_from_fork_asm+0x1a/0x30 [ 15.050114] </TASK> [ 15.050126] [ 15.062482] Allocated by task 283: [ 15.062619] kasan_save_stack+0x45/0x70 [ 15.062764] kasan_save_track+0x18/0x40 [ 15.062897] kasan_save_alloc_info+0x3b/0x50 [ 15.063039] __kasan_kmalloc+0xb7/0xc0 [ 15.063381] __kmalloc_cache_noprof+0x189/0x420 [ 15.063538] kasan_atomics+0x95/0x310 [ 15.063668] kunit_try_run_case+0x1a5/0x480 [ 15.063811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.063979] kthread+0x337/0x6f0 [ 15.064107] ret_from_fork+0x116/0x1d0 [ 15.064238] ret_from_fork_asm+0x1a/0x30 [ 15.064560] [ 15.064737] The buggy address belongs to the object at ffff8881038eb080 [ 15.064737] which belongs to the cache kmalloc-64 of size 64 [ 15.065854] The buggy address is located 0 bytes to the right of [ 15.065854] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.066942] [ 15.067123] The buggy address belongs to the physical page: [ 15.067626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.068298] flags: 0x200000000000000(node=0|zone=2) [ 15.068743] page_type: f5(slab) [ 15.069043] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.069632] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.069854] page dumped because: kasan: bad access detected [ 15.070019] [ 15.070088] Memory state around the buggy address: [ 15.070597] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.071232] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.071854] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.072481] ^ [ 15.072892] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.073286] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.073781] ================================================================== [ 14.992382] ================================================================== [ 14.992699] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 14.992996] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.993236] [ 14.993319] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.993359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.993372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.993393] Call Trace: [ 14.993409] <TASK> [ 14.993423] dump_stack_lvl+0x73/0xb0 [ 14.993449] print_report+0xd1/0x650 [ 14.993488] ? __virt_addr_valid+0x1db/0x2d0 [ 14.993512] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.993534] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.993557] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.993580] kasan_report+0x141/0x180 [ 14.993602] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.993630] kasan_check_range+0x10c/0x1c0 [ 14.993653] __kasan_check_write+0x18/0x20 [ 14.993673] kasan_atomics_helper+0x1c18/0x5450 [ 14.993696] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.993718] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.993744] ? kasan_atomics+0x152/0x310 [ 14.993770] kasan_atomics+0x1dc/0x310 [ 14.993793] ? __pfx_kasan_atomics+0x10/0x10 [ 14.993817] ? __pfx_read_tsc+0x10/0x10 [ 14.993838] ? ktime_get_ts64+0x86/0x230 [ 14.993863] kunit_try_run_case+0x1a5/0x480 [ 14.993887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.993910] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.993932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.993956] ? __kthread_parkme+0x82/0x180 [ 14.993977] ? preempt_count_sub+0x50/0x80 [ 14.994001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.994028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.994052] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.994076] kthread+0x337/0x6f0 [ 14.994111] ? trace_preempt_on+0x20/0xc0 [ 14.994135] ? __pfx_kthread+0x10/0x10 [ 14.994156] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.994178] ? calculate_sigpending+0x7b/0xa0 [ 14.994202] ? __pfx_kthread+0x10/0x10 [ 14.994224] ret_from_fork+0x116/0x1d0 [ 14.994243] ? __pfx_kthread+0x10/0x10 [ 14.994264] ret_from_fork_asm+0x1a/0x30 [ 14.994296] </TASK> [ 14.994307] [ 15.001829] Allocated by task 283: [ 15.002013] kasan_save_stack+0x45/0x70 [ 15.002189] kasan_save_track+0x18/0x40 [ 15.002337] kasan_save_alloc_info+0x3b/0x50 [ 15.002552] __kasan_kmalloc+0xb7/0xc0 [ 15.002739] __kmalloc_cache_noprof+0x189/0x420 [ 15.002914] kasan_atomics+0x95/0x310 [ 15.003050] kunit_try_run_case+0x1a5/0x480 [ 15.003212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.003390] kthread+0x337/0x6f0 [ 15.003511] ret_from_fork+0x116/0x1d0 [ 15.003646] ret_from_fork_asm+0x1a/0x30 [ 15.003847] [ 15.003944] The buggy address belongs to the object at ffff8881038eb080 [ 15.003944] which belongs to the cache kmalloc-64 of size 64 [ 15.004478] The buggy address is located 0 bytes to the right of [ 15.004478] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.005186] [ 15.005376] The buggy address belongs to the physical page: [ 15.005606] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.005919] flags: 0x200000000000000(node=0|zone=2) [ 15.006086] page_type: f5(slab) [ 15.006227] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.006829] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.007161] page dumped because: kasan: bad access detected [ 15.007406] [ 15.007481] Memory state around the buggy address: [ 15.007639] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.007859] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.008176] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.008500] ^ [ 15.008786] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.009122] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.009543] ================================================================== [ 14.287575] ================================================================== [ 14.287925] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 14.288461] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.288808] [ 14.288920] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.288991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.289003] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.289025] Call Trace: [ 14.289051] <TASK> [ 14.289068] dump_stack_lvl+0x73/0xb0 [ 14.289105] print_report+0xd1/0x650 [ 14.289147] ? __virt_addr_valid+0x1db/0x2d0 [ 14.289225] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.289259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.289282] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.289304] kasan_report+0x141/0x180 [ 14.289328] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.289354] kasan_check_range+0x10c/0x1c0 [ 14.289378] __kasan_check_write+0x18/0x20 [ 14.289398] kasan_atomics_helper+0xb6a/0x5450 [ 14.289421] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.289443] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.289487] ? kasan_atomics+0x152/0x310 [ 14.289528] kasan_atomics+0x1dc/0x310 [ 14.289564] ? __pfx_kasan_atomics+0x10/0x10 [ 14.289589] ? __pfx_read_tsc+0x10/0x10 [ 14.289623] ? ktime_get_ts64+0x86/0x230 [ 14.289647] kunit_try_run_case+0x1a5/0x480 [ 14.289684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.289721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.289752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.289776] ? __kthread_parkme+0x82/0x180 [ 14.289797] ? preempt_count_sub+0x50/0x80 [ 14.289831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.289856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.289882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.289905] kthread+0x337/0x6f0 [ 14.289925] ? trace_preempt_on+0x20/0xc0 [ 14.289948] ? __pfx_kthread+0x10/0x10 [ 14.289969] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.289991] ? calculate_sigpending+0x7b/0xa0 [ 14.290015] ? __pfx_kthread+0x10/0x10 [ 14.290037] ret_from_fork+0x116/0x1d0 [ 14.290056] ? __pfx_kthread+0x10/0x10 [ 14.290078] ret_from_fork_asm+0x1a/0x30 [ 14.290118] </TASK> [ 14.290129] [ 14.299849] Allocated by task 283: [ 14.300041] kasan_save_stack+0x45/0x70 [ 14.300406] kasan_save_track+0x18/0x40 [ 14.300645] kasan_save_alloc_info+0x3b/0x50 [ 14.300863] __kasan_kmalloc+0xb7/0xc0 [ 14.301076] __kmalloc_cache_noprof+0x189/0x420 [ 14.301347] kasan_atomics+0x95/0x310 [ 14.301597] kunit_try_run_case+0x1a5/0x480 [ 14.301785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.302002] kthread+0x337/0x6f0 [ 14.302339] ret_from_fork+0x116/0x1d0 [ 14.302590] ret_from_fork_asm+0x1a/0x30 [ 14.302805] [ 14.302923] The buggy address belongs to the object at ffff8881038eb080 [ 14.302923] which belongs to the cache kmalloc-64 of size 64 [ 14.303609] The buggy address is located 0 bytes to the right of [ 14.303609] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.304312] [ 14.304464] The buggy address belongs to the physical page: [ 14.304744] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.305086] flags: 0x200000000000000(node=0|zone=2) [ 14.305273] page_type: f5(slab) [ 14.305397] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.305894] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.306249] page dumped because: kasan: bad access detected [ 14.306509] [ 14.306606] Memory state around the buggy address: [ 14.307184] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.307595] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.307873] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.308340] ^ [ 14.308566] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.308955] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.309532] ================================================================== [ 15.230432] ================================================================== [ 15.230681] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 15.230926] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.232717] [ 15.233240] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.233297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.233577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.233609] Call Trace: [ 15.233630] <TASK> [ 15.233650] dump_stack_lvl+0x73/0xb0 [ 15.233681] print_report+0xd1/0x650 [ 15.233707] ? __virt_addr_valid+0x1db/0x2d0 [ 15.233740] ? kasan_atomics_helper+0x218a/0x5450 [ 15.233762] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.233785] ? kasan_atomics_helper+0x218a/0x5450 [ 15.233807] kasan_report+0x141/0x180 [ 15.233829] ? kasan_atomics_helper+0x218a/0x5450 [ 15.233856] kasan_check_range+0x10c/0x1c0 [ 15.233881] __kasan_check_write+0x18/0x20 [ 15.233901] kasan_atomics_helper+0x218a/0x5450 [ 15.233924] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.233947] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.233972] ? kasan_atomics+0x152/0x310 [ 15.233998] kasan_atomics+0x1dc/0x310 [ 15.234023] ? __pfx_kasan_atomics+0x10/0x10 [ 15.234047] ? __pfx_read_tsc+0x10/0x10 [ 15.234070] ? ktime_get_ts64+0x86/0x230 [ 15.234105] kunit_try_run_case+0x1a5/0x480 [ 15.234130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.234175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.234199] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.234223] ? __kthread_parkme+0x82/0x180 [ 15.234245] ? preempt_count_sub+0x50/0x80 [ 15.234269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.234293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.234333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.234357] kthread+0x337/0x6f0 [ 15.234377] ? trace_preempt_on+0x20/0xc0 [ 15.234401] ? __pfx_kthread+0x10/0x10 [ 15.234422] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.234444] ? calculate_sigpending+0x7b/0xa0 [ 15.234469] ? __pfx_kthread+0x10/0x10 [ 15.234491] ret_from_fork+0x116/0x1d0 [ 15.234510] ? __pfx_kthread+0x10/0x10 [ 15.234532] ret_from_fork_asm+0x1a/0x30 [ 15.234563] </TASK> [ 15.234576] [ 15.245466] Allocated by task 283: [ 15.245837] kasan_save_stack+0x45/0x70 [ 15.246069] kasan_save_track+0x18/0x40 [ 15.246430] kasan_save_alloc_info+0x3b/0x50 [ 15.246784] __kasan_kmalloc+0xb7/0xc0 [ 15.246954] __kmalloc_cache_noprof+0x189/0x420 [ 15.247192] kasan_atomics+0x95/0x310 [ 15.247644] kunit_try_run_case+0x1a5/0x480 [ 15.247849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.248154] kthread+0x337/0x6f0 [ 15.248507] ret_from_fork+0x116/0x1d0 [ 15.248684] ret_from_fork_asm+0x1a/0x30 [ 15.248960] [ 15.249063] The buggy address belongs to the object at ffff8881038eb080 [ 15.249063] which belongs to the cache kmalloc-64 of size 64 [ 15.249846] The buggy address is located 0 bytes to the right of [ 15.249846] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.250561] [ 15.250710] The buggy address belongs to the physical page: [ 15.250987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.251283] flags: 0x200000000000000(node=0|zone=2) [ 15.251541] page_type: f5(slab) [ 15.251729] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.252023] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.252422] page dumped because: kasan: bad access detected [ 15.252667] [ 15.252769] Memory state around the buggy address: [ 15.252938] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.253293] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.253624] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.253918] ^ [ 15.254118] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.254464] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.254738] ================================================================== [ 13.874033] ================================================================== [ 13.874752] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 13.875075] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 13.875425] [ 13.875546] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.875591] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.875603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.875623] Call Trace: [ 13.875635] <TASK> [ 13.875652] dump_stack_lvl+0x73/0xb0 [ 13.875678] print_report+0xd1/0x650 [ 13.875700] ? __virt_addr_valid+0x1db/0x2d0 [ 13.875722] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.875742] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.875764] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.875786] kasan_report+0x141/0x180 [ 13.875807] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.875833] __asan_report_load4_noabort+0x18/0x20 [ 13.875856] kasan_atomics_helper+0x4bbc/0x5450 [ 13.875879] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.875901] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.875924] ? kasan_atomics+0x152/0x310 [ 13.875950] kasan_atomics+0x1dc/0x310 [ 13.875973] ? __pfx_kasan_atomics+0x10/0x10 [ 13.875997] ? __pfx_read_tsc+0x10/0x10 [ 13.876017] ? ktime_get_ts64+0x86/0x230 [ 13.876040] kunit_try_run_case+0x1a5/0x480 [ 13.876063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.876083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.876119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.876142] ? __kthread_parkme+0x82/0x180 [ 13.876175] ? preempt_count_sub+0x50/0x80 [ 13.876198] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.876222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.876244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.876267] kthread+0x337/0x6f0 [ 13.876286] ? trace_preempt_on+0x20/0xc0 [ 13.876309] ? __pfx_kthread+0x10/0x10 [ 13.876368] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.876391] ? calculate_sigpending+0x7b/0xa0 [ 13.876414] ? __pfx_kthread+0x10/0x10 [ 13.876434] ret_from_fork+0x116/0x1d0 [ 13.876452] ? __pfx_kthread+0x10/0x10 [ 13.876481] ret_from_fork_asm+0x1a/0x30 [ 13.876511] </TASK> [ 13.876522] [ 13.890053] Allocated by task 283: [ 13.890495] kasan_save_stack+0x45/0x70 [ 13.890843] kasan_save_track+0x18/0x40 [ 13.890981] kasan_save_alloc_info+0x3b/0x50 [ 13.891146] __kasan_kmalloc+0xb7/0xc0 [ 13.891582] __kmalloc_cache_noprof+0x189/0x420 [ 13.893302] kasan_atomics+0x95/0x310 [ 13.894265] kunit_try_run_case+0x1a5/0x480 [ 13.895320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.895514] kthread+0x337/0x6f0 [ 13.895638] ret_from_fork+0x116/0x1d0 [ 13.895772] ret_from_fork_asm+0x1a/0x30 [ 13.895914] [ 13.895987] The buggy address belongs to the object at ffff8881038eb080 [ 13.895987] which belongs to the cache kmalloc-64 of size 64 [ 13.896939] The buggy address is located 0 bytes to the right of [ 13.896939] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 13.898740] [ 13.899682] The buggy address belongs to the physical page: [ 13.899874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 13.900141] flags: 0x200000000000000(node=0|zone=2) [ 13.901296] page_type: f5(slab) [ 13.901506] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.901863] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.902223] page dumped because: kasan: bad access detected [ 13.902480] [ 13.902573] Memory state around the buggy address: [ 13.902803] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.903035] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.904606] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.905205] ^ [ 13.905388] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.906156] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.906599] ================================================================== [ 14.548680] ================================================================== [ 14.549017] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.549567] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.550139] [ 14.550364] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.550432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.550447] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.550471] Call Trace: [ 14.550487] <TASK> [ 14.550503] dump_stack_lvl+0x73/0xb0 [ 14.550533] print_report+0xd1/0x650 [ 14.550557] ? __virt_addr_valid+0x1db/0x2d0 [ 14.550580] ? kasan_atomics_helper+0x1148/0x5450 [ 14.550602] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.550625] ? kasan_atomics_helper+0x1148/0x5450 [ 14.550647] kasan_report+0x141/0x180 [ 14.550671] ? kasan_atomics_helper+0x1148/0x5450 [ 14.550699] kasan_check_range+0x10c/0x1c0 [ 14.550724] __kasan_check_write+0x18/0x20 [ 14.550745] kasan_atomics_helper+0x1148/0x5450 [ 14.550769] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.550791] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.550816] ? kasan_atomics+0x152/0x310 [ 14.550842] kasan_atomics+0x1dc/0x310 [ 14.550866] ? __pfx_kasan_atomics+0x10/0x10 [ 14.550890] ? __pfx_read_tsc+0x10/0x10 [ 14.550911] ? ktime_get_ts64+0x86/0x230 [ 14.550935] kunit_try_run_case+0x1a5/0x480 [ 14.550959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.550983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.551005] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.551029] ? __kthread_parkme+0x82/0x180 [ 14.551050] ? preempt_count_sub+0x50/0x80 [ 14.551072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.551115] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.551140] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.551165] kthread+0x337/0x6f0 [ 14.551185] ? trace_preempt_on+0x20/0xc0 [ 14.551212] ? __pfx_kthread+0x10/0x10 [ 14.551234] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.551257] ? calculate_sigpending+0x7b/0xa0 [ 14.551280] ? __pfx_kthread+0x10/0x10 [ 14.551302] ret_from_fork+0x116/0x1d0 [ 14.551322] ? __pfx_kthread+0x10/0x10 [ 14.551355] ret_from_fork_asm+0x1a/0x30 [ 14.551387] </TASK> [ 14.551399] [ 14.559315] Allocated by task 283: [ 14.559507] kasan_save_stack+0x45/0x70 [ 14.559730] kasan_save_track+0x18/0x40 [ 14.559908] kasan_save_alloc_info+0x3b/0x50 [ 14.560128] __kasan_kmalloc+0xb7/0xc0 [ 14.560316] __kmalloc_cache_noprof+0x189/0x420 [ 14.560523] kasan_atomics+0x95/0x310 [ 14.560712] kunit_try_run_case+0x1a5/0x480 [ 14.560914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.561168] kthread+0x337/0x6f0 [ 14.561337] ret_from_fork+0x116/0x1d0 [ 14.561531] ret_from_fork_asm+0x1a/0x30 [ 14.561699] [ 14.561817] The buggy address belongs to the object at ffff8881038eb080 [ 14.561817] which belongs to the cache kmalloc-64 of size 64 [ 14.562301] The buggy address is located 0 bytes to the right of [ 14.562301] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.562842] [ 14.562933] The buggy address belongs to the physical page: [ 14.563214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.563725] flags: 0x200000000000000(node=0|zone=2) [ 14.563928] page_type: f5(slab) [ 14.564052] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.564291] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.565033] page dumped because: kasan: bad access detected [ 14.565238] [ 14.565310] Memory state around the buggy address: [ 14.565469] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.565698] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.566089] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.566669] ^ [ 14.566959] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.567336] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.567646] ================================================================== [ 14.803322] ================================================================== [ 14.803643] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.803961] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.804528] [ 14.804872] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.804920] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.804934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.804957] Call Trace: [ 14.804973] <TASK> [ 14.804989] dump_stack_lvl+0x73/0xb0 [ 14.805016] print_report+0xd1/0x650 [ 14.805041] ? __virt_addr_valid+0x1db/0x2d0 [ 14.805065] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.805087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.805122] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.805146] kasan_report+0x141/0x180 [ 14.805168] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.805194] kasan_check_range+0x10c/0x1c0 [ 14.805244] __kasan_check_write+0x18/0x20 [ 14.805265] kasan_atomics_helper+0x16e7/0x5450 [ 14.805288] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.805311] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.805337] ? kasan_atomics+0x152/0x310 [ 14.805364] kasan_atomics+0x1dc/0x310 [ 14.805404] ? __pfx_kasan_atomics+0x10/0x10 [ 14.805429] ? __pfx_read_tsc+0x10/0x10 [ 14.805451] ? ktime_get_ts64+0x86/0x230 [ 14.805492] kunit_try_run_case+0x1a5/0x480 [ 14.805530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.805553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.805590] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.805615] ? __kthread_parkme+0x82/0x180 [ 14.805676] ? preempt_count_sub+0x50/0x80 [ 14.805700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.805724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.805747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.805771] kthread+0x337/0x6f0 [ 14.805792] ? trace_preempt_on+0x20/0xc0 [ 14.805816] ? __pfx_kthread+0x10/0x10 [ 14.805837] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.805859] ? calculate_sigpending+0x7b/0xa0 [ 14.805882] ? __pfx_kthread+0x10/0x10 [ 14.805904] ret_from_fork+0x116/0x1d0 [ 14.805924] ? __pfx_kthread+0x10/0x10 [ 14.805945] ret_from_fork_asm+0x1a/0x30 [ 14.805977] </TASK> [ 14.805990] [ 14.815964] Allocated by task 283: [ 14.816177] kasan_save_stack+0x45/0x70 [ 14.816435] kasan_save_track+0x18/0x40 [ 14.816814] kasan_save_alloc_info+0x3b/0x50 [ 14.817090] __kasan_kmalloc+0xb7/0xc0 [ 14.817393] __kmalloc_cache_noprof+0x189/0x420 [ 14.817626] kasan_atomics+0x95/0x310 [ 14.817919] kunit_try_run_case+0x1a5/0x480 [ 14.818164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.818536] kthread+0x337/0x6f0 [ 14.818820] ret_from_fork+0x116/0x1d0 [ 14.819032] ret_from_fork_asm+0x1a/0x30 [ 14.819244] [ 14.819440] The buggy address belongs to the object at ffff8881038eb080 [ 14.819440] which belongs to the cache kmalloc-64 of size 64 [ 14.820063] The buggy address is located 0 bytes to the right of [ 14.820063] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.820851] [ 14.820935] The buggy address belongs to the physical page: [ 14.821418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.821770] flags: 0x200000000000000(node=0|zone=2) [ 14.822093] page_type: f5(slab) [ 14.822272] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.822686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.823146] page dumped because: kasan: bad access detected [ 14.823530] [ 14.823653] Memory state around the buggy address: [ 14.823995] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.824366] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.824671] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.824970] ^ [ 14.825198] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.825779] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.826153] ================================================================== [ 14.217120] ================================================================== [ 14.217698] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 14.217997] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.218237] [ 14.218589] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.218651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.218665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.218688] Call Trace: [ 14.218715] <TASK> [ 14.218731] dump_stack_lvl+0x73/0xb0 [ 14.218796] print_report+0xd1/0x650 [ 14.218848] ? __virt_addr_valid+0x1db/0x2d0 [ 14.218897] ? kasan_atomics_helper+0x992/0x5450 [ 14.218919] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.218942] ? kasan_atomics_helper+0x992/0x5450 [ 14.218974] kasan_report+0x141/0x180 [ 14.218997] ? kasan_atomics_helper+0x992/0x5450 [ 14.219025] kasan_check_range+0x10c/0x1c0 [ 14.219049] __kasan_check_write+0x18/0x20 [ 14.219070] kasan_atomics_helper+0x992/0x5450 [ 14.219092] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.219123] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.219149] ? kasan_atomics+0x152/0x310 [ 14.219226] kasan_atomics+0x1dc/0x310 [ 14.219250] ? __pfx_kasan_atomics+0x10/0x10 [ 14.219322] ? __pfx_read_tsc+0x10/0x10 [ 14.219345] ? ktime_get_ts64+0x86/0x230 [ 14.219399] kunit_try_run_case+0x1a5/0x480 [ 14.219424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.219448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.219482] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.219506] ? __kthread_parkme+0x82/0x180 [ 14.219527] ? preempt_count_sub+0x50/0x80 [ 14.219551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.219575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.219599] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.219623] kthread+0x337/0x6f0 [ 14.219643] ? trace_preempt_on+0x20/0xc0 [ 14.219667] ? __pfx_kthread+0x10/0x10 [ 14.219688] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.219710] ? calculate_sigpending+0x7b/0xa0 [ 14.219734] ? __pfx_kthread+0x10/0x10 [ 14.219756] ret_from_fork+0x116/0x1d0 [ 14.219777] ? __pfx_kthread+0x10/0x10 [ 14.219798] ret_from_fork_asm+0x1a/0x30 [ 14.219829] </TASK> [ 14.219841] [ 14.229634] Allocated by task 283: [ 14.229896] kasan_save_stack+0x45/0x70 [ 14.230091] kasan_save_track+0x18/0x40 [ 14.230423] kasan_save_alloc_info+0x3b/0x50 [ 14.230725] __kasan_kmalloc+0xb7/0xc0 [ 14.230932] __kmalloc_cache_noprof+0x189/0x420 [ 14.231209] kasan_atomics+0x95/0x310 [ 14.231460] kunit_try_run_case+0x1a5/0x480 [ 14.231656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.231963] kthread+0x337/0x6f0 [ 14.232362] ret_from_fork+0x116/0x1d0 [ 14.232549] ret_from_fork_asm+0x1a/0x30 [ 14.232695] [ 14.232769] The buggy address belongs to the object at ffff8881038eb080 [ 14.232769] which belongs to the cache kmalloc-64 of size 64 [ 14.233569] The buggy address is located 0 bytes to the right of [ 14.233569] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.234073] [ 14.234207] The buggy address belongs to the physical page: [ 14.234503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.234963] flags: 0x200000000000000(node=0|zone=2) [ 14.235354] page_type: f5(slab) [ 14.235551] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.235843] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.236233] page dumped because: kasan: bad access detected [ 14.236705] [ 14.236827] Memory state around the buggy address: [ 14.237073] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.237588] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.237870] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.238501] ^ [ 14.238768] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.239139] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.239529] ================================================================== [ 14.680434] ================================================================== [ 14.680776] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.681131] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.681515] [ 14.681624] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.681666] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.681679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.681699] Call Trace: [ 14.681713] <TASK> [ 14.681727] dump_stack_lvl+0x73/0xb0 [ 14.681752] print_report+0xd1/0x650 [ 14.681775] ? __virt_addr_valid+0x1db/0x2d0 [ 14.681797] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.681818] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.681841] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.681863] kasan_report+0x141/0x180 [ 14.681886] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.681912] __asan_report_load8_noabort+0x18/0x20 [ 14.681937] kasan_atomics_helper+0x4eae/0x5450 [ 14.681960] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.681982] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.682007] ? kasan_atomics+0x152/0x310 [ 14.682033] kasan_atomics+0x1dc/0x310 [ 14.682056] ? __pfx_kasan_atomics+0x10/0x10 [ 14.682081] ? __pfx_read_tsc+0x10/0x10 [ 14.682115] ? ktime_get_ts64+0x86/0x230 [ 14.682139] kunit_try_run_case+0x1a5/0x480 [ 14.682163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.682186] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.682210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.682233] ? __kthread_parkme+0x82/0x180 [ 14.682254] ? preempt_count_sub+0x50/0x80 [ 14.682278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.682302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.682338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.682362] kthread+0x337/0x6f0 [ 14.682382] ? trace_preempt_on+0x20/0xc0 [ 14.682405] ? __pfx_kthread+0x10/0x10 [ 14.682426] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.682448] ? calculate_sigpending+0x7b/0xa0 [ 14.682472] ? __pfx_kthread+0x10/0x10 [ 14.682494] ret_from_fork+0x116/0x1d0 [ 14.682513] ? __pfx_kthread+0x10/0x10 [ 14.682534] ret_from_fork_asm+0x1a/0x30 [ 14.682565] </TASK> [ 14.682577] [ 14.689977] Allocated by task 283: [ 14.690170] kasan_save_stack+0x45/0x70 [ 14.690350] kasan_save_track+0x18/0x40 [ 14.690539] kasan_save_alloc_info+0x3b/0x50 [ 14.690749] __kasan_kmalloc+0xb7/0xc0 [ 14.690901] __kmalloc_cache_noprof+0x189/0x420 [ 14.691107] kasan_atomics+0x95/0x310 [ 14.691304] kunit_try_run_case+0x1a5/0x480 [ 14.691488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.691748] kthread+0x337/0x6f0 [ 14.691873] ret_from_fork+0x116/0x1d0 [ 14.692007] ret_from_fork_asm+0x1a/0x30 [ 14.692158] [ 14.692231] The buggy address belongs to the object at ffff8881038eb080 [ 14.692231] which belongs to the cache kmalloc-64 of size 64 [ 14.692589] The buggy address is located 0 bytes to the right of [ 14.692589] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.693129] [ 14.693242] The buggy address belongs to the physical page: [ 14.693672] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.694027] flags: 0x200000000000000(node=0|zone=2) [ 14.694273] page_type: f5(slab) [ 14.694440] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.694774] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.695003] page dumped because: kasan: bad access detected [ 14.695184] [ 14.695261] Memory state around the buggy address: [ 14.695418] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.695753] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.696073] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.696491] ^ [ 14.696723] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.697053] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.697337] ================================================================== [ 14.850888] ================================================================== [ 14.851414] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 14.851724] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.852074] [ 14.852199] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.852241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.852254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.852275] Call Trace: [ 14.852289] <TASK> [ 14.852303] dump_stack_lvl+0x73/0xb0 [ 14.852575] print_report+0xd1/0x650 [ 14.852827] ? __virt_addr_valid+0x1db/0x2d0 [ 14.852853] ? kasan_atomics_helper+0x1818/0x5450 [ 14.852876] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.852900] ? kasan_atomics_helper+0x1818/0x5450 [ 14.852922] kasan_report+0x141/0x180 [ 14.852945] ? kasan_atomics_helper+0x1818/0x5450 [ 14.852971] kasan_check_range+0x10c/0x1c0 [ 14.852995] __kasan_check_write+0x18/0x20 [ 14.853015] kasan_atomics_helper+0x1818/0x5450 [ 14.853038] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.853060] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.853085] ? kasan_atomics+0x152/0x310 [ 14.853123] kasan_atomics+0x1dc/0x310 [ 14.853146] ? __pfx_kasan_atomics+0x10/0x10 [ 14.853170] ? __pfx_read_tsc+0x10/0x10 [ 14.853191] ? ktime_get_ts64+0x86/0x230 [ 14.853216] kunit_try_run_case+0x1a5/0x480 [ 14.853240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.853262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.853286] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.853309] ? __kthread_parkme+0x82/0x180 [ 14.853337] ? preempt_count_sub+0x50/0x80 [ 14.853363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.853386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.853409] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.853433] kthread+0x337/0x6f0 [ 14.853452] ? trace_preempt_on+0x20/0xc0 [ 14.853476] ? __pfx_kthread+0x10/0x10 [ 14.853497] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.853519] ? calculate_sigpending+0x7b/0xa0 [ 14.853543] ? __pfx_kthread+0x10/0x10 [ 14.853565] ret_from_fork+0x116/0x1d0 [ 14.853584] ? __pfx_kthread+0x10/0x10 [ 14.853604] ret_from_fork_asm+0x1a/0x30 [ 14.853635] </TASK> [ 14.853648] [ 14.864307] Allocated by task 283: [ 14.864511] kasan_save_stack+0x45/0x70 [ 14.864710] kasan_save_track+0x18/0x40 [ 14.865036] kasan_save_alloc_info+0x3b/0x50 [ 14.865337] __kasan_kmalloc+0xb7/0xc0 [ 14.865636] __kmalloc_cache_noprof+0x189/0x420 [ 14.865914] kasan_atomics+0x95/0x310 [ 14.866152] kunit_try_run_case+0x1a5/0x480 [ 14.866582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.866832] kthread+0x337/0x6f0 [ 14.867076] ret_from_fork+0x116/0x1d0 [ 14.867272] ret_from_fork_asm+0x1a/0x30 [ 14.867480] [ 14.867736] The buggy address belongs to the object at ffff8881038eb080 [ 14.867736] which belongs to the cache kmalloc-64 of size 64 [ 14.868470] The buggy address is located 0 bytes to the right of [ 14.868470] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.869137] [ 14.869402] The buggy address belongs to the physical page: [ 14.869640] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.870123] flags: 0x200000000000000(node=0|zone=2) [ 14.870515] page_type: f5(slab) [ 14.870840] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.871179] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.871578] page dumped because: kasan: bad access detected [ 14.871823] [ 14.871923] Memory state around the buggy address: [ 14.872148] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.872707] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.872991] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.873411] ^ [ 14.873729] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.874126] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.874558] ================================================================== [ 15.207694] ================================================================== [ 15.208039] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 15.208724] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.209011] [ 15.209108] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.209154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.209167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.209188] Call Trace: [ 15.209203] <TASK> [ 15.209221] dump_stack_lvl+0x73/0xb0 [ 15.209246] print_report+0xd1/0x650 [ 15.209270] ? __virt_addr_valid+0x1db/0x2d0 [ 15.209293] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.209316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.209350] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.209373] kasan_report+0x141/0x180 [ 15.209396] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.209422] __asan_report_load8_noabort+0x18/0x20 [ 15.209447] kasan_atomics_helper+0x4fb2/0x5450 [ 15.209471] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.209494] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.209519] ? kasan_atomics+0x152/0x310 [ 15.209545] kasan_atomics+0x1dc/0x310 [ 15.209568] ? __pfx_kasan_atomics+0x10/0x10 [ 15.209592] ? __pfx_read_tsc+0x10/0x10 [ 15.209613] ? ktime_get_ts64+0x86/0x230 [ 15.209637] kunit_try_run_case+0x1a5/0x480 [ 15.209661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.209684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.209707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.209730] ? __kthread_parkme+0x82/0x180 [ 15.209751] ? preempt_count_sub+0x50/0x80 [ 15.209776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.209802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.209826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.209850] kthread+0x337/0x6f0 [ 15.209870] ? trace_preempt_on+0x20/0xc0 [ 15.209894] ? __pfx_kthread+0x10/0x10 [ 15.209915] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.209937] ? calculate_sigpending+0x7b/0xa0 [ 15.209960] ? __pfx_kthread+0x10/0x10 [ 15.209982] ret_from_fork+0x116/0x1d0 [ 15.210001] ? __pfx_kthread+0x10/0x10 [ 15.210022] ret_from_fork_asm+0x1a/0x30 [ 15.210053] </TASK> [ 15.210066] [ 15.217524] Allocated by task 283: [ 15.217703] kasan_save_stack+0x45/0x70 [ 15.217846] kasan_save_track+0x18/0x40 [ 15.217982] kasan_save_alloc_info+0x3b/0x50 [ 15.218141] __kasan_kmalloc+0xb7/0xc0 [ 15.218336] __kmalloc_cache_noprof+0x189/0x420 [ 15.218564] kasan_atomics+0x95/0x310 [ 15.218753] kunit_try_run_case+0x1a5/0x480 [ 15.218963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.219210] kthread+0x337/0x6f0 [ 15.219401] ret_from_fork+0x116/0x1d0 [ 15.219536] ret_from_fork_asm+0x1a/0x30 [ 15.219731] [ 15.219824] The buggy address belongs to the object at ffff8881038eb080 [ 15.219824] which belongs to the cache kmalloc-64 of size 64 [ 15.220278] The buggy address is located 0 bytes to the right of [ 15.220278] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.220772] [ 15.220859] The buggy address belongs to the physical page: [ 15.221074] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.221441] flags: 0x200000000000000(node=0|zone=2) [ 15.221629] page_type: f5(slab) [ 15.221751] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.221988] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.222288] page dumped because: kasan: bad access detected [ 15.222486] [ 15.222557] Memory state around the buggy address: [ 15.222714] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.226129] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.227815] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.228156] ^ [ 15.228327] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.229505] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.229746] ================================================================== [ 13.979510] ================================================================== [ 13.980080] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 13.980588] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 13.980909] [ 13.981022] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.981065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.981080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.981121] Call Trace: [ 13.981138] <TASK> [ 13.981179] dump_stack_lvl+0x73/0xb0 [ 13.981207] print_report+0xd1/0x650 [ 13.981230] ? __virt_addr_valid+0x1db/0x2d0 [ 13.981254] ? kasan_atomics_helper+0x3df/0x5450 [ 13.981275] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.981298] ? kasan_atomics_helper+0x3df/0x5450 [ 13.981320] kasan_report+0x141/0x180 [ 13.981343] ? kasan_atomics_helper+0x3df/0x5450 [ 13.981369] kasan_check_range+0x10c/0x1c0 [ 13.981393] __kasan_check_read+0x15/0x20 [ 13.981414] kasan_atomics_helper+0x3df/0x5450 [ 13.981438] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.981461] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.981535] ? kasan_atomics+0x152/0x310 [ 13.981574] kasan_atomics+0x1dc/0x310 [ 13.981598] ? __pfx_kasan_atomics+0x10/0x10 [ 13.981623] ? __pfx_read_tsc+0x10/0x10 [ 13.981645] ? ktime_get_ts64+0x86/0x230 [ 13.981669] kunit_try_run_case+0x1a5/0x480 [ 13.981703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.981727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.981750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.981775] ? __kthread_parkme+0x82/0x180 [ 13.981796] ? preempt_count_sub+0x50/0x80 [ 13.981820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.981844] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.981868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.981901] kthread+0x337/0x6f0 [ 13.981922] ? trace_preempt_on+0x20/0xc0 [ 13.981957] ? __pfx_kthread+0x10/0x10 [ 13.981979] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.982001] ? calculate_sigpending+0x7b/0xa0 [ 13.982025] ? __pfx_kthread+0x10/0x10 [ 13.982047] ret_from_fork+0x116/0x1d0 [ 13.982066] ? __pfx_kthread+0x10/0x10 [ 13.982087] ret_from_fork_asm+0x1a/0x30 [ 13.982128] </TASK> [ 13.982141] [ 13.990835] Allocated by task 283: [ 13.991017] kasan_save_stack+0x45/0x70 [ 13.991324] kasan_save_track+0x18/0x40 [ 13.991475] kasan_save_alloc_info+0x3b/0x50 [ 13.991630] __kasan_kmalloc+0xb7/0xc0 [ 13.991889] __kmalloc_cache_noprof+0x189/0x420 [ 13.992122] kasan_atomics+0x95/0x310 [ 13.992260] kunit_try_run_case+0x1a5/0x480 [ 13.992602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.992932] kthread+0x337/0x6f0 [ 13.993134] ret_from_fork+0x116/0x1d0 [ 13.993381] ret_from_fork_asm+0x1a/0x30 [ 13.993602] [ 13.993714] The buggy address belongs to the object at ffff8881038eb080 [ 13.993714] which belongs to the cache kmalloc-64 of size 64 [ 13.994247] The buggy address is located 0 bytes to the right of [ 13.994247] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 13.994808] [ 13.994888] The buggy address belongs to the physical page: [ 13.995106] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 13.995648] flags: 0x200000000000000(node=0|zone=2) [ 13.995919] page_type: f5(slab) [ 13.996092] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.996559] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.996844] page dumped because: kasan: bad access detected [ 13.997023] [ 13.997107] Memory state around the buggy address: [ 13.997268] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.997606] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.997935] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.998258] ^ [ 13.998573] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.998816] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.999033] ================================================================== [ 14.875567] ================================================================== [ 14.875865] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 14.876348] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.876895] [ 14.877142] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.877191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.877204] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.877341] Call Trace: [ 14.877362] <TASK> [ 14.877379] dump_stack_lvl+0x73/0xb0 [ 14.877407] print_report+0xd1/0x650 [ 14.877430] ? __virt_addr_valid+0x1db/0x2d0 [ 14.877453] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.877476] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.877499] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.877521] kasan_report+0x141/0x180 [ 14.877545] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.877573] kasan_check_range+0x10c/0x1c0 [ 14.877597] __kasan_check_write+0x18/0x20 [ 14.877617] kasan_atomics_helper+0x18b1/0x5450 [ 14.877640] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.877662] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.877687] ? kasan_atomics+0x152/0x310 [ 14.877713] kasan_atomics+0x1dc/0x310 [ 14.877737] ? __pfx_kasan_atomics+0x10/0x10 [ 14.877762] ? __pfx_read_tsc+0x10/0x10 [ 14.877782] ? ktime_get_ts64+0x86/0x230 [ 14.877806] kunit_try_run_case+0x1a5/0x480 [ 14.877829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.877851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.877874] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.877896] ? __kthread_parkme+0x82/0x180 [ 14.877917] ? preempt_count_sub+0x50/0x80 [ 14.877939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.877963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.877987] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.878010] kthread+0x337/0x6f0 [ 14.878029] ? trace_preempt_on+0x20/0xc0 [ 14.878052] ? __pfx_kthread+0x10/0x10 [ 14.878073] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.878107] ? calculate_sigpending+0x7b/0xa0 [ 14.878131] ? __pfx_kthread+0x10/0x10 [ 14.878154] ret_from_fork+0x116/0x1d0 [ 14.878173] ? __pfx_kthread+0x10/0x10 [ 14.878194] ret_from_fork_asm+0x1a/0x30 [ 14.878225] </TASK> [ 14.878237] [ 14.888657] Allocated by task 283: [ 14.888859] kasan_save_stack+0x45/0x70 [ 14.889143] kasan_save_track+0x18/0x40 [ 14.889448] kasan_save_alloc_info+0x3b/0x50 [ 14.889746] __kasan_kmalloc+0xb7/0xc0 [ 14.890005] __kmalloc_cache_noprof+0x189/0x420 [ 14.890337] kasan_atomics+0x95/0x310 [ 14.890625] kunit_try_run_case+0x1a5/0x480 [ 14.890920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.891284] kthread+0x337/0x6f0 [ 14.891568] ret_from_fork+0x116/0x1d0 [ 14.891767] ret_from_fork_asm+0x1a/0x30 [ 14.891979] [ 14.892075] The buggy address belongs to the object at ffff8881038eb080 [ 14.892075] which belongs to the cache kmalloc-64 of size 64 [ 14.892983] The buggy address is located 0 bytes to the right of [ 14.892983] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.893662] [ 14.893771] The buggy address belongs to the physical page: [ 14.894175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.894649] flags: 0x200000000000000(node=0|zone=2) [ 14.894965] page_type: f5(slab) [ 14.895230] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.895684] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.896134] page dumped because: kasan: bad access detected [ 14.896522] [ 14.896604] Memory state around the buggy address: [ 14.896946] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.897376] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.897785] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.898194] ^ [ 14.898599] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.898997] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.899550] ================================================================== [ 15.255307] ================================================================== [ 15.255749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 15.256134] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.256458] [ 15.256627] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.256668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.256681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.256702] Call Trace: [ 15.256717] <TASK> [ 15.256731] dump_stack_lvl+0x73/0xb0 [ 15.256757] print_report+0xd1/0x650 [ 15.256780] ? __virt_addr_valid+0x1db/0x2d0 [ 15.256802] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.256824] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.256866] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.256902] kasan_report+0x141/0x180 [ 15.256925] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.256953] __asan_report_load8_noabort+0x18/0x20 [ 15.256978] kasan_atomics_helper+0x4fa5/0x5450 [ 15.257001] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.257023] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.257048] ? kasan_atomics+0x152/0x310 [ 15.257074] kasan_atomics+0x1dc/0x310 [ 15.257108] ? __pfx_kasan_atomics+0x10/0x10 [ 15.257133] ? __pfx_read_tsc+0x10/0x10 [ 15.257156] ? ktime_get_ts64+0x86/0x230 [ 15.257179] kunit_try_run_case+0x1a5/0x480 [ 15.257203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.257244] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.257268] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.257306] ? __kthread_parkme+0x82/0x180 [ 15.257337] ? preempt_count_sub+0x50/0x80 [ 15.257362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.257386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.257410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.257433] kthread+0x337/0x6f0 [ 15.257453] ? trace_preempt_on+0x20/0xc0 [ 15.257476] ? __pfx_kthread+0x10/0x10 [ 15.257499] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.257520] ? calculate_sigpending+0x7b/0xa0 [ 15.257545] ? __pfx_kthread+0x10/0x10 [ 15.257567] ret_from_fork+0x116/0x1d0 [ 15.257586] ? __pfx_kthread+0x10/0x10 [ 15.257607] ret_from_fork_asm+0x1a/0x30 [ 15.257637] </TASK> [ 15.257649] [ 15.265575] Allocated by task 283: [ 15.265745] kasan_save_stack+0x45/0x70 [ 15.265888] kasan_save_track+0x18/0x40 [ 15.266020] kasan_save_alloc_info+0x3b/0x50 [ 15.266217] __kasan_kmalloc+0xb7/0xc0 [ 15.266510] __kmalloc_cache_noprof+0x189/0x420 [ 15.266754] kasan_atomics+0x95/0x310 [ 15.266965] kunit_try_run_case+0x1a5/0x480 [ 15.267214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.267456] kthread+0x337/0x6f0 [ 15.267578] ret_from_fork+0x116/0x1d0 [ 15.267756] ret_from_fork_asm+0x1a/0x30 [ 15.267953] [ 15.268071] The buggy address belongs to the object at ffff8881038eb080 [ 15.268071] which belongs to the cache kmalloc-64 of size 64 [ 15.268578] The buggy address is located 0 bytes to the right of [ 15.268578] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.269134] [ 15.269234] The buggy address belongs to the physical page: [ 15.269502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.269825] flags: 0x200000000000000(node=0|zone=2) [ 15.270088] page_type: f5(slab) [ 15.270304] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.270671] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.271021] page dumped because: kasan: bad access detected [ 15.271295] [ 15.271390] Memory state around the buggy address: [ 15.271604] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.271820] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.272032] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.272624] ^ [ 15.272853] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.273181] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.273571] ================================================================== [ 14.568108] ================================================================== [ 14.568788] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.569278] Read of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.569666] [ 14.569806] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.569850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.569864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.569885] Call Trace: [ 14.569901] <TASK> [ 14.569915] dump_stack_lvl+0x73/0xb0 [ 14.569943] print_report+0xd1/0x650 [ 14.569966] ? __virt_addr_valid+0x1db/0x2d0 [ 14.569990] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.570012] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.570035] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.570056] kasan_report+0x141/0x180 [ 14.570079] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.570119] __asan_report_load4_noabort+0x18/0x20 [ 14.570145] kasan_atomics_helper+0x4a02/0x5450 [ 14.570170] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.570192] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.570218] ? kasan_atomics+0x152/0x310 [ 14.570245] kasan_atomics+0x1dc/0x310 [ 14.570268] ? __pfx_kasan_atomics+0x10/0x10 [ 14.570328] ? __pfx_read_tsc+0x10/0x10 [ 14.570352] ? ktime_get_ts64+0x86/0x230 [ 14.570378] kunit_try_run_case+0x1a5/0x480 [ 14.570428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.570451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.570474] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.570498] ? __kthread_parkme+0x82/0x180 [ 14.570520] ? preempt_count_sub+0x50/0x80 [ 14.570544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.570568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.570591] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.570646] kthread+0x337/0x6f0 [ 14.570666] ? trace_preempt_on+0x20/0xc0 [ 14.570689] ? __pfx_kthread+0x10/0x10 [ 14.570711] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.570732] ? calculate_sigpending+0x7b/0xa0 [ 14.570756] ? __pfx_kthread+0x10/0x10 [ 14.570809] ret_from_fork+0x116/0x1d0 [ 14.570829] ? __pfx_kthread+0x10/0x10 [ 14.570850] ret_from_fork_asm+0x1a/0x30 [ 14.570881] </TASK> [ 14.570893] [ 14.578603] Allocated by task 283: [ 14.578800] kasan_save_stack+0x45/0x70 [ 14.579014] kasan_save_track+0x18/0x40 [ 14.579209] kasan_save_alloc_info+0x3b/0x50 [ 14.579552] __kasan_kmalloc+0xb7/0xc0 [ 14.579745] __kmalloc_cache_noprof+0x189/0x420 [ 14.579966] kasan_atomics+0x95/0x310 [ 14.580170] kunit_try_run_case+0x1a5/0x480 [ 14.580395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.580662] kthread+0x337/0x6f0 [ 14.580795] ret_from_fork+0x116/0x1d0 [ 14.581018] ret_from_fork_asm+0x1a/0x30 [ 14.581269] [ 14.581385] The buggy address belongs to the object at ffff8881038eb080 [ 14.581385] which belongs to the cache kmalloc-64 of size 64 [ 14.581886] The buggy address is located 0 bytes to the right of [ 14.581886] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.582481] [ 14.582556] The buggy address belongs to the physical page: [ 14.582726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.582959] flags: 0x200000000000000(node=0|zone=2) [ 14.583191] page_type: f5(slab) [ 14.583366] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.583702] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.584229] page dumped because: kasan: bad access detected [ 14.584580] [ 14.584677] Memory state around the buggy address: [ 14.584859] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.585072] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.585499] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.585815] ^ [ 14.586048] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.586275] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.586830] ================================================================== [ 15.292947] ================================================================== [ 15.293592] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.293934] Read of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.294210] [ 15.294304] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.294348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.294361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.294383] Call Trace: [ 15.294401] <TASK> [ 15.294421] dump_stack_lvl+0x73/0xb0 [ 15.294448] print_report+0xd1/0x650 [ 15.294470] ? __virt_addr_valid+0x1db/0x2d0 [ 15.294492] ? kasan_atomics_helper+0x5115/0x5450 [ 15.294515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.294537] ? kasan_atomics_helper+0x5115/0x5450 [ 15.294559] kasan_report+0x141/0x180 [ 15.294583] ? kasan_atomics_helper+0x5115/0x5450 [ 15.294609] __asan_report_load8_noabort+0x18/0x20 [ 15.294634] kasan_atomics_helper+0x5115/0x5450 [ 15.294657] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.294680] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.294706] ? kasan_atomics+0x152/0x310 [ 15.294732] kasan_atomics+0x1dc/0x310 [ 15.294756] ? __pfx_kasan_atomics+0x10/0x10 [ 15.294781] ? __pfx_read_tsc+0x10/0x10 [ 15.294802] ? ktime_get_ts64+0x86/0x230 [ 15.294826] kunit_try_run_case+0x1a5/0x480 [ 15.294851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.294874] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.294898] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.294922] ? __kthread_parkme+0x82/0x180 [ 15.294943] ? preempt_count_sub+0x50/0x80 [ 15.294967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.294991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.295015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.295039] kthread+0x337/0x6f0 [ 15.295058] ? trace_preempt_on+0x20/0xc0 [ 15.295083] ? __pfx_kthread+0x10/0x10 [ 15.295149] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.295172] ? calculate_sigpending+0x7b/0xa0 [ 15.295197] ? __pfx_kthread+0x10/0x10 [ 15.295225] ret_from_fork+0x116/0x1d0 [ 15.295244] ? __pfx_kthread+0x10/0x10 [ 15.295266] ret_from_fork_asm+0x1a/0x30 [ 15.295298] </TASK> [ 15.295310] [ 15.305877] Allocated by task 283: [ 15.306057] kasan_save_stack+0x45/0x70 [ 15.306224] kasan_save_track+0x18/0x40 [ 15.306439] kasan_save_alloc_info+0x3b/0x50 [ 15.307055] __kasan_kmalloc+0xb7/0xc0 [ 15.307250] __kmalloc_cache_noprof+0x189/0x420 [ 15.307587] kasan_atomics+0x95/0x310 [ 15.307797] kunit_try_run_case+0x1a5/0x480 [ 15.308106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.308655] kthread+0x337/0x6f0 [ 15.308800] ret_from_fork+0x116/0x1d0 [ 15.309071] ret_from_fork_asm+0x1a/0x30 [ 15.309483] [ 15.309595] The buggy address belongs to the object at ffff8881038eb080 [ 15.309595] which belongs to the cache kmalloc-64 of size 64 [ 15.310386] The buggy address is located 0 bytes to the right of [ 15.310386] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.311062] [ 15.311295] The buggy address belongs to the physical page: [ 15.311646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.312108] flags: 0x200000000000000(node=0|zone=2) [ 15.312431] page_type: f5(slab) [ 15.312743] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.313155] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.313651] page dumped because: kasan: bad access detected [ 15.314011] [ 15.314111] Memory state around the buggy address: [ 15.314480] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.314932] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.315421] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.315790] ^ [ 15.315993] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.316315] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.316915] ================================================================== [ 14.103809] ================================================================== [ 14.104229] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 14.104630] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.104984] [ 14.105128] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.105183] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.105197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.105269] Call Trace: [ 14.105284] <TASK> [ 14.105323] dump_stack_lvl+0x73/0xb0 [ 14.105363] print_report+0xd1/0x650 [ 14.105402] ? __virt_addr_valid+0x1db/0x2d0 [ 14.105468] ? kasan_atomics_helper+0x697/0x5450 [ 14.105491] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.105514] ? kasan_atomics_helper+0x697/0x5450 [ 14.105546] kasan_report+0x141/0x180 [ 14.105570] ? kasan_atomics_helper+0x697/0x5450 [ 14.105596] kasan_check_range+0x10c/0x1c0 [ 14.105620] __kasan_check_write+0x18/0x20 [ 14.105641] kasan_atomics_helper+0x697/0x5450 [ 14.105663] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.105685] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.105711] ? kasan_atomics+0x152/0x310 [ 14.105737] kasan_atomics+0x1dc/0x310 [ 14.105762] ? __pfx_kasan_atomics+0x10/0x10 [ 14.105814] ? __pfx_read_tsc+0x10/0x10 [ 14.105836] ? ktime_get_ts64+0x86/0x230 [ 14.105860] kunit_try_run_case+0x1a5/0x480 [ 14.105895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.105918] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.105942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.105990] ? __kthread_parkme+0x82/0x180 [ 14.106011] ? preempt_count_sub+0x50/0x80 [ 14.106062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.106110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.106136] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.106160] kthread+0x337/0x6f0 [ 14.106180] ? trace_preempt_on+0x20/0xc0 [ 14.106202] ? __pfx_kthread+0x10/0x10 [ 14.106223] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.106288] ? calculate_sigpending+0x7b/0xa0 [ 14.106326] ? __pfx_kthread+0x10/0x10 [ 14.106348] ret_from_fork+0x116/0x1d0 [ 14.106367] ? __pfx_kthread+0x10/0x10 [ 14.106417] ret_from_fork_asm+0x1a/0x30 [ 14.106449] </TASK> [ 14.106460] [ 14.116022] Allocated by task 283: [ 14.116317] kasan_save_stack+0x45/0x70 [ 14.116577] kasan_save_track+0x18/0x40 [ 14.116796] kasan_save_alloc_info+0x3b/0x50 [ 14.117042] __kasan_kmalloc+0xb7/0xc0 [ 14.117344] __kmalloc_cache_noprof+0x189/0x420 [ 14.117634] kasan_atomics+0x95/0x310 [ 14.117877] kunit_try_run_case+0x1a5/0x480 [ 14.118112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.118400] kthread+0x337/0x6f0 [ 14.118729] ret_from_fork+0x116/0x1d0 [ 14.118918] ret_from_fork_asm+0x1a/0x30 [ 14.119059] [ 14.119144] The buggy address belongs to the object at ffff8881038eb080 [ 14.119144] which belongs to the cache kmalloc-64 of size 64 [ 14.120080] The buggy address is located 0 bytes to the right of [ 14.120080] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.120938] [ 14.121044] The buggy address belongs to the physical page: [ 14.121493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.121841] flags: 0x200000000000000(node=0|zone=2) [ 14.122034] page_type: f5(slab) [ 14.122297] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.122692] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.123004] page dumped because: kasan: bad access detected [ 14.123333] [ 14.123468] Memory state around the buggy address: [ 14.123685] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.124040] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.124455] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.124810] ^ [ 14.125057] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.125690] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.126078] ================================================================== [ 14.019411] ================================================================== [ 14.019699] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 14.020008] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.020278] [ 14.020364] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.020458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.020472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.020494] Call Trace: [ 14.020509] <TASK> [ 14.020525] dump_stack_lvl+0x73/0xb0 [ 14.020551] print_report+0xd1/0x650 [ 14.020575] ? __virt_addr_valid+0x1db/0x2d0 [ 14.020611] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.020634] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.020656] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.020690] kasan_report+0x141/0x180 [ 14.020712] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.020739] kasan_check_range+0x10c/0x1c0 [ 14.020764] __kasan_check_write+0x18/0x20 [ 14.020785] kasan_atomics_helper+0x4a0/0x5450 [ 14.020807] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.020830] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.020855] ? kasan_atomics+0x152/0x310 [ 14.020881] kasan_atomics+0x1dc/0x310 [ 14.020914] ? __pfx_kasan_atomics+0x10/0x10 [ 14.020938] ? __pfx_read_tsc+0x10/0x10 [ 14.020959] ? ktime_get_ts64+0x86/0x230 [ 14.020993] kunit_try_run_case+0x1a5/0x480 [ 14.021016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.021039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.021062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.021087] ? __kthread_parkme+0x82/0x180 [ 14.021115] ? preempt_count_sub+0x50/0x80 [ 14.021139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.021164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.021186] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.021210] kthread+0x337/0x6f0 [ 14.021230] ? trace_preempt_on+0x20/0xc0 [ 14.021254] ? __pfx_kthread+0x10/0x10 [ 14.021275] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.021296] ? calculate_sigpending+0x7b/0xa0 [ 14.021320] ? __pfx_kthread+0x10/0x10 [ 14.021403] ret_from_fork+0x116/0x1d0 [ 14.021424] ? __pfx_kthread+0x10/0x10 [ 14.021449] ret_from_fork_asm+0x1a/0x30 [ 14.021482] </TASK> [ 14.021494] [ 14.029768] Allocated by task 283: [ 14.029904] kasan_save_stack+0x45/0x70 [ 14.030051] kasan_save_track+0x18/0x40 [ 14.030298] kasan_save_alloc_info+0x3b/0x50 [ 14.030555] __kasan_kmalloc+0xb7/0xc0 [ 14.030772] __kmalloc_cache_noprof+0x189/0x420 [ 14.031002] kasan_atomics+0x95/0x310 [ 14.031287] kunit_try_run_case+0x1a5/0x480 [ 14.031532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.031783] kthread+0x337/0x6f0 [ 14.031957] ret_from_fork+0x116/0x1d0 [ 14.032128] ret_from_fork_asm+0x1a/0x30 [ 14.032514] [ 14.032701] The buggy address belongs to the object at ffff8881038eb080 [ 14.032701] which belongs to the cache kmalloc-64 of size 64 [ 14.033272] The buggy address is located 0 bytes to the right of [ 14.033272] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.033870] [ 14.033979] The buggy address belongs to the physical page: [ 14.034276] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.034644] flags: 0x200000000000000(node=0|zone=2) [ 14.034886] page_type: f5(slab) [ 14.035053] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.035501] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.035735] page dumped because: kasan: bad access detected [ 14.035919] [ 14.035995] Memory state around the buggy address: [ 14.036300] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.036755] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.037077] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.037523] ^ [ 14.037680] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.037898] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.038123] ================================================================== [ 14.059180] ================================================================== [ 14.059877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 14.060488] Write of size 4 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.060726] [ 14.060820] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.060862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.060875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.060897] Call Trace: [ 14.060914] <TASK> [ 14.060930] dump_stack_lvl+0x73/0xb0 [ 14.060956] print_report+0xd1/0x650 [ 14.060980] ? __virt_addr_valid+0x1db/0x2d0 [ 14.061003] ? kasan_atomics_helper+0x565/0x5450 [ 14.061025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.061058] ? kasan_atomics_helper+0x565/0x5450 [ 14.061081] kasan_report+0x141/0x180 [ 14.061125] ? kasan_atomics_helper+0x565/0x5450 [ 14.061153] kasan_check_range+0x10c/0x1c0 [ 14.061179] __kasan_check_write+0x18/0x20 [ 14.061199] kasan_atomics_helper+0x565/0x5450 [ 14.061221] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.061293] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.061336] ? kasan_atomics+0x152/0x310 [ 14.061365] kasan_atomics+0x1dc/0x310 [ 14.061388] ? __pfx_kasan_atomics+0x10/0x10 [ 14.061413] ? __pfx_read_tsc+0x10/0x10 [ 14.061444] ? ktime_get_ts64+0x86/0x230 [ 14.061468] kunit_try_run_case+0x1a5/0x480 [ 14.061492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.061524] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.061548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.061571] ? __kthread_parkme+0x82/0x180 [ 14.061591] ? preempt_count_sub+0x50/0x80 [ 14.061615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.061648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.061671] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.061705] kthread+0x337/0x6f0 [ 14.061725] ? trace_preempt_on+0x20/0xc0 [ 14.061748] ? __pfx_kthread+0x10/0x10 [ 14.061769] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.061790] ? calculate_sigpending+0x7b/0xa0 [ 14.061823] ? __pfx_kthread+0x10/0x10 [ 14.061846] ret_from_fork+0x116/0x1d0 [ 14.061867] ? __pfx_kthread+0x10/0x10 [ 14.061898] ret_from_fork_asm+0x1a/0x30 [ 14.061929] </TASK> [ 14.061943] [ 14.070677] Allocated by task 283: [ 14.070939] kasan_save_stack+0x45/0x70 [ 14.071158] kasan_save_track+0x18/0x40 [ 14.071430] kasan_save_alloc_info+0x3b/0x50 [ 14.071690] __kasan_kmalloc+0xb7/0xc0 [ 14.071898] __kmalloc_cache_noprof+0x189/0x420 [ 14.072142] kasan_atomics+0x95/0x310 [ 14.072404] kunit_try_run_case+0x1a5/0x480 [ 14.072608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.072827] kthread+0x337/0x6f0 [ 14.073047] ret_from_fork+0x116/0x1d0 [ 14.073335] ret_from_fork_asm+0x1a/0x30 [ 14.073603] [ 14.073705] The buggy address belongs to the object at ffff8881038eb080 [ 14.073705] which belongs to the cache kmalloc-64 of size 64 [ 14.074269] The buggy address is located 0 bytes to the right of [ 14.074269] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.074950] [ 14.075036] The buggy address belongs to the physical page: [ 14.075323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.075948] flags: 0x200000000000000(node=0|zone=2) [ 14.076324] page_type: f5(slab) [ 14.076521] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.076879] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.077281] page dumped because: kasan: bad access detected [ 14.077673] [ 14.077803] Memory state around the buggy address: [ 14.078063] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.078446] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.078858] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.079424] ^ [ 14.079707] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.080207] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.080654] ================================================================== [ 15.274147] ================================================================== [ 15.274619] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 15.274966] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.275301] [ 15.275429] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.275475] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.275508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.275531] Call Trace: [ 15.275550] <TASK> [ 15.275567] dump_stack_lvl+0x73/0xb0 [ 15.275595] print_report+0xd1/0x650 [ 15.275618] ? __virt_addr_valid+0x1db/0x2d0 [ 15.275640] ? kasan_atomics_helper+0x224c/0x5450 [ 15.275662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.275704] ? kasan_atomics_helper+0x224c/0x5450 [ 15.275726] kasan_report+0x141/0x180 [ 15.275749] ? kasan_atomics_helper+0x224c/0x5450 [ 15.275776] kasan_check_range+0x10c/0x1c0 [ 15.275800] __kasan_check_write+0x18/0x20 [ 15.275820] kasan_atomics_helper+0x224c/0x5450 [ 15.275843] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.275883] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.275908] ? kasan_atomics+0x152/0x310 [ 15.275935] kasan_atomics+0x1dc/0x310 [ 15.275976] ? __pfx_kasan_atomics+0x10/0x10 [ 15.276001] ? __pfx_read_tsc+0x10/0x10 [ 15.276022] ? ktime_get_ts64+0x86/0x230 [ 15.276046] kunit_try_run_case+0x1a5/0x480 [ 15.276071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.276093] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.276128] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.276152] ? __kthread_parkme+0x82/0x180 [ 15.276173] ? preempt_count_sub+0x50/0x80 [ 15.276197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.276221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.276244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.276286] kthread+0x337/0x6f0 [ 15.276305] ? trace_preempt_on+0x20/0xc0 [ 15.276338] ? __pfx_kthread+0x10/0x10 [ 15.276360] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.276382] ? calculate_sigpending+0x7b/0xa0 [ 15.276407] ? __pfx_kthread+0x10/0x10 [ 15.276428] ret_from_fork+0x116/0x1d0 [ 15.276447] ? __pfx_kthread+0x10/0x10 [ 15.276468] ret_from_fork_asm+0x1a/0x30 [ 15.276518] </TASK> [ 15.276530] [ 15.284242] Allocated by task 283: [ 15.284446] kasan_save_stack+0x45/0x70 [ 15.284649] kasan_save_track+0x18/0x40 [ 15.284852] kasan_save_alloc_info+0x3b/0x50 [ 15.285059] __kasan_kmalloc+0xb7/0xc0 [ 15.285238] __kmalloc_cache_noprof+0x189/0x420 [ 15.285395] kasan_atomics+0x95/0x310 [ 15.285607] kunit_try_run_case+0x1a5/0x480 [ 15.285817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.286062] kthread+0x337/0x6f0 [ 15.286236] ret_from_fork+0x116/0x1d0 [ 15.286400] ret_from_fork_asm+0x1a/0x30 [ 15.286620] [ 15.286745] The buggy address belongs to the object at ffff8881038eb080 [ 15.286745] which belongs to the cache kmalloc-64 of size 64 [ 15.287379] The buggy address is located 0 bytes to the right of [ 15.287379] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.288200] [ 15.288297] The buggy address belongs to the physical page: [ 15.288547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.288892] flags: 0x200000000000000(node=0|zone=2) [ 15.289134] page_type: f5(slab) [ 15.289304] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.289698] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.289920] page dumped because: kasan: bad access detected [ 15.290086] [ 15.290165] Memory state around the buggy address: [ 15.290318] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.290709] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.291035] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.291483] ^ [ 15.291739] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.292079] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.292380] ================================================================== [ 14.950459] ================================================================== [ 14.951036] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 14.951543] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 14.951842] [ 14.951947] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.951991] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.952004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.952026] Call Trace: [ 14.952041] <TASK> [ 14.952060] dump_stack_lvl+0x73/0xb0 [ 14.952087] print_report+0xd1/0x650 [ 14.952123] ? __virt_addr_valid+0x1db/0x2d0 [ 14.952146] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.952169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.952193] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.952215] kasan_report+0x141/0x180 [ 14.952238] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.952264] kasan_check_range+0x10c/0x1c0 [ 14.952289] __kasan_check_write+0x18/0x20 [ 14.952309] kasan_atomics_helper+0x1a7f/0x5450 [ 14.952331] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.952355] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.952379] ? kasan_atomics+0x152/0x310 [ 14.952406] kasan_atomics+0x1dc/0x310 [ 14.952429] ? __pfx_kasan_atomics+0x10/0x10 [ 14.952454] ? __pfx_read_tsc+0x10/0x10 [ 14.952475] ? ktime_get_ts64+0x86/0x230 [ 14.952498] kunit_try_run_case+0x1a5/0x480 [ 14.952522] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.952544] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.952567] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.952590] ? __kthread_parkme+0x82/0x180 [ 14.952610] ? preempt_count_sub+0x50/0x80 [ 14.952633] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.952657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.952680] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.952703] kthread+0x337/0x6f0 [ 14.952723] ? trace_preempt_on+0x20/0xc0 [ 14.952745] ? __pfx_kthread+0x10/0x10 [ 14.952766] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.952788] ? calculate_sigpending+0x7b/0xa0 [ 14.952811] ? __pfx_kthread+0x10/0x10 [ 14.952833] ret_from_fork+0x116/0x1d0 [ 14.952852] ? __pfx_kthread+0x10/0x10 [ 14.952872] ret_from_fork_asm+0x1a/0x30 [ 14.952903] </TASK> [ 14.952915] [ 14.963092] Allocated by task 283: [ 14.963269] kasan_save_stack+0x45/0x70 [ 14.963422] kasan_save_track+0x18/0x40 [ 14.963562] kasan_save_alloc_info+0x3b/0x50 [ 14.963717] __kasan_kmalloc+0xb7/0xc0 [ 14.963852] __kmalloc_cache_noprof+0x189/0x420 [ 14.964011] kasan_atomics+0x95/0x310 [ 14.964156] kunit_try_run_case+0x1a5/0x480 [ 14.964339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.964574] kthread+0x337/0x6f0 [ 14.965464] ret_from_fork+0x116/0x1d0 [ 14.965924] ret_from_fork_asm+0x1a/0x30 [ 14.966084] [ 14.966175] The buggy address belongs to the object at ffff8881038eb080 [ 14.966175] which belongs to the cache kmalloc-64 of size 64 [ 14.968192] The buggy address is located 0 bytes to the right of [ 14.968192] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 14.969006] [ 14.969143] The buggy address belongs to the physical page: [ 14.969432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 14.969682] flags: 0x200000000000000(node=0|zone=2) [ 14.969901] page_type: f5(slab) [ 14.970171] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.970421] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.970926] page dumped because: kasan: bad access detected [ 14.971109] [ 14.971184] Memory state around the buggy address: [ 14.972245] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.972482] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.972704] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.973185] ^ [ 14.973390] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.973706] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.973968] ================================================================== [ 15.149281] ================================================================== [ 15.149705] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 15.150081] Write of size 8 at addr ffff8881038eb0b0 by task kunit_try_catch/283 [ 15.150482] [ 15.150603] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.150658] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.150671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.150711] Call Trace: [ 15.150727] <TASK> [ 15.150742] dump_stack_lvl+0x73/0xb0 [ 15.150785] print_report+0xd1/0x650 [ 15.150809] ? __virt_addr_valid+0x1db/0x2d0 [ 15.150832] ? kasan_atomics_helper+0x2006/0x5450 [ 15.150854] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.150877] ? kasan_atomics_helper+0x2006/0x5450 [ 15.150900] kasan_report+0x141/0x180 [ 15.150921] ? kasan_atomics_helper+0x2006/0x5450 [ 15.150948] kasan_check_range+0x10c/0x1c0 [ 15.150973] __kasan_check_write+0x18/0x20 [ 15.150993] kasan_atomics_helper+0x2006/0x5450 [ 15.151016] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.151039] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.151065] ? kasan_atomics+0x152/0x310 [ 15.151093] kasan_atomics+0x1dc/0x310 [ 15.151130] ? __pfx_kasan_atomics+0x10/0x10 [ 15.151155] ? __pfx_read_tsc+0x10/0x10 [ 15.151176] ? ktime_get_ts64+0x86/0x230 [ 15.151205] kunit_try_run_case+0x1a5/0x480 [ 15.151229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.151251] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.151275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.151298] ? __kthread_parkme+0x82/0x180 [ 15.151318] ? preempt_count_sub+0x50/0x80 [ 15.151355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.151380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.151403] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.151427] kthread+0x337/0x6f0 [ 15.151448] ? trace_preempt_on+0x20/0xc0 [ 15.151472] ? __pfx_kthread+0x10/0x10 [ 15.151513] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.151534] ? calculate_sigpending+0x7b/0xa0 [ 15.151557] ? __pfx_kthread+0x10/0x10 [ 15.151596] ret_from_fork+0x116/0x1d0 [ 15.151616] ? __pfx_kthread+0x10/0x10 [ 15.151636] ret_from_fork_asm+0x1a/0x30 [ 15.151685] </TASK> [ 15.151699] [ 15.159311] Allocated by task 283: [ 15.159684] kasan_save_stack+0x45/0x70 [ 15.159924] kasan_save_track+0x18/0x40 [ 15.160144] kasan_save_alloc_info+0x3b/0x50 [ 15.160398] __kasan_kmalloc+0xb7/0xc0 [ 15.160562] __kmalloc_cache_noprof+0x189/0x420 [ 15.160786] kasan_atomics+0x95/0x310 [ 15.160918] kunit_try_run_case+0x1a5/0x480 [ 15.161058] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.161316] kthread+0x337/0x6f0 [ 15.161519] ret_from_fork+0x116/0x1d0 [ 15.161737] ret_from_fork_asm+0x1a/0x30 [ 15.161933] [ 15.162029] The buggy address belongs to the object at ffff8881038eb080 [ 15.162029] which belongs to the cache kmalloc-64 of size 64 [ 15.162557] The buggy address is located 0 bytes to the right of [ 15.162557] allocated 48-byte region [ffff8881038eb080, ffff8881038eb0b0) [ 15.163012] [ 15.163084] The buggy address belongs to the physical page: [ 15.163266] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038eb [ 15.163989] flags: 0x200000000000000(node=0|zone=2) [ 15.164217] page_type: f5(slab) [ 15.164412] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.164727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.165030] page dumped because: kasan: bad access detected [ 15.165240] [ 15.165346] Memory state around the buggy address: [ 15.165567] ffff8881038eaf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.165876] ffff8881038eb000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.166167] >ffff8881038eb080: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.166481] ^ [ 15.166683] ffff8881038eb100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.166990] ffff8881038eb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.167301] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.657081] ================================================================== [ 13.659014] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.659886] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.660983] [ 13.661260] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.661327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.661339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.661361] Call Trace: [ 13.661376] <TASK> [ 13.661390] dump_stack_lvl+0x73/0xb0 [ 13.661421] print_report+0xd1/0x650 [ 13.661443] ? __virt_addr_valid+0x1db/0x2d0 [ 13.661466] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.661492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.661513] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.661540] kasan_report+0x141/0x180 [ 13.661561] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.661591] kasan_check_range+0x10c/0x1c0 [ 13.661614] __kasan_check_write+0x18/0x20 [ 13.661633] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.661659] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.661686] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.661710] ? trace_hardirqs_on+0x37/0xe0 [ 13.661737] ? kasan_bitops_generic+0x92/0x1c0 [ 13.661764] kasan_bitops_generic+0x121/0x1c0 [ 13.661787] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.661811] ? __pfx_read_tsc+0x10/0x10 [ 13.661834] ? ktime_get_ts64+0x86/0x230 [ 13.661858] kunit_try_run_case+0x1a5/0x480 [ 13.661881] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.661902] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.661925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.661947] ? __kthread_parkme+0x82/0x180 [ 13.661967] ? preempt_count_sub+0x50/0x80 [ 13.661990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.662013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.662036] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.662058] kthread+0x337/0x6f0 [ 13.662078] ? trace_preempt_on+0x20/0xc0 [ 13.662121] ? __pfx_kthread+0x10/0x10 [ 13.662209] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.662234] ? calculate_sigpending+0x7b/0xa0 [ 13.662257] ? __pfx_kthread+0x10/0x10 [ 13.662278] ret_from_fork+0x116/0x1d0 [ 13.662297] ? __pfx_kthread+0x10/0x10 [ 13.662317] ret_from_fork_asm+0x1a/0x30 [ 13.662364] </TASK> [ 13.662375] [ 13.681859] Allocated by task 279: [ 13.682466] kasan_save_stack+0x45/0x70 [ 13.682765] kasan_save_track+0x18/0x40 [ 13.682912] kasan_save_alloc_info+0x3b/0x50 [ 13.683061] __kasan_kmalloc+0xb7/0xc0 [ 13.683265] __kmalloc_cache_noprof+0x189/0x420 [ 13.683419] kasan_bitops_generic+0x92/0x1c0 [ 13.683564] kunit_try_run_case+0x1a5/0x480 [ 13.683705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.684236] kthread+0x337/0x6f0 [ 13.684375] ret_from_fork+0x116/0x1d0 [ 13.684509] ret_from_fork_asm+0x1a/0x30 [ 13.684648] [ 13.684721] The buggy address belongs to the object at ffff888101745ee0 [ 13.684721] which belongs to the cache kmalloc-16 of size 16 [ 13.685065] The buggy address is located 8 bytes inside of [ 13.685065] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.687067] [ 13.687752] The buggy address belongs to the physical page: [ 13.688319] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.688810] flags: 0x200000000000000(node=0|zone=2) [ 13.689690] page_type: f5(slab) [ 13.690224] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.690756] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.690989] page dumped because: kasan: bad access detected [ 13.691179] [ 13.691843] Memory state around the buggy address: [ 13.692491] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.693390] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.694351] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.694580] ^ [ 13.694785] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.695004] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.695605] ================================================================== [ 13.759279] ================================================================== [ 13.759567] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.759849] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.760075] [ 13.760268] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.760313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.760352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.760388] Call Trace: [ 13.760402] <TASK> [ 13.760416] dump_stack_lvl+0x73/0xb0 [ 13.760458] print_report+0xd1/0x650 [ 13.760482] ? __virt_addr_valid+0x1db/0x2d0 [ 13.760503] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.760529] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.760551] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.760578] kasan_report+0x141/0x180 [ 13.760600] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.760631] kasan_check_range+0x10c/0x1c0 [ 13.760653] __kasan_check_write+0x18/0x20 [ 13.760672] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.760699] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.760725] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.760749] ? trace_hardirqs_on+0x37/0xe0 [ 13.760775] ? kasan_bitops_generic+0x92/0x1c0 [ 13.760802] kasan_bitops_generic+0x121/0x1c0 [ 13.760824] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.760868] ? __pfx_read_tsc+0x10/0x10 [ 13.760888] ? ktime_get_ts64+0x86/0x230 [ 13.760912] kunit_try_run_case+0x1a5/0x480 [ 13.760934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.760956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.760979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.761000] ? __kthread_parkme+0x82/0x180 [ 13.761019] ? preempt_count_sub+0x50/0x80 [ 13.761059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.761082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.761119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.761142] kthread+0x337/0x6f0 [ 13.761176] ? trace_preempt_on+0x20/0xc0 [ 13.761203] ? __pfx_kthread+0x10/0x10 [ 13.761223] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.761243] ? calculate_sigpending+0x7b/0xa0 [ 13.761266] ? __pfx_kthread+0x10/0x10 [ 13.761287] ret_from_fork+0x116/0x1d0 [ 13.761305] ? __pfx_kthread+0x10/0x10 [ 13.761325] ret_from_fork_asm+0x1a/0x30 [ 13.761355] </TASK> [ 13.761366] [ 13.774013] Allocated by task 279: [ 13.774294] kasan_save_stack+0x45/0x70 [ 13.774737] kasan_save_track+0x18/0x40 [ 13.774936] kasan_save_alloc_info+0x3b/0x50 [ 13.775093] __kasan_kmalloc+0xb7/0xc0 [ 13.775289] __kmalloc_cache_noprof+0x189/0x420 [ 13.775495] kasan_bitops_generic+0x92/0x1c0 [ 13.775808] kunit_try_run_case+0x1a5/0x480 [ 13.775989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.776232] kthread+0x337/0x6f0 [ 13.776494] ret_from_fork+0x116/0x1d0 [ 13.776673] ret_from_fork_asm+0x1a/0x30 [ 13.776876] [ 13.776962] The buggy address belongs to the object at ffff888101745ee0 [ 13.776962] which belongs to the cache kmalloc-16 of size 16 [ 13.778756] The buggy address is located 8 bytes inside of [ 13.778756] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.779565] [ 13.779652] The buggy address belongs to the physical page: [ 13.779832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.780076] flags: 0x200000000000000(node=0|zone=2) [ 13.780255] page_type: f5(slab) [ 13.780386] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.780621] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.780851] page dumped because: kasan: bad access detected [ 13.781026] [ 13.782135] Memory state around the buggy address: [ 13.783192] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.784898] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.785887] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.786638] ^ [ 13.786855] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.787076] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.787342] ================================================================== [ 13.789215] ================================================================== [ 13.789950] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.790380] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.791115] [ 13.791360] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.791408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.791420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.791441] Call Trace: [ 13.791455] <TASK> [ 13.791469] dump_stack_lvl+0x73/0xb0 [ 13.791495] print_report+0xd1/0x650 [ 13.791518] ? __virt_addr_valid+0x1db/0x2d0 [ 13.791540] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.791567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.791588] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.791614] kasan_report+0x141/0x180 [ 13.791635] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.791667] kasan_check_range+0x10c/0x1c0 [ 13.791690] __kasan_check_write+0x18/0x20 [ 13.791709] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.791735] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.791764] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.791788] ? trace_hardirqs_on+0x37/0xe0 [ 13.791814] ? kasan_bitops_generic+0x92/0x1c0 [ 13.791842] kasan_bitops_generic+0x121/0x1c0 [ 13.791864] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.791889] ? __pfx_read_tsc+0x10/0x10 [ 13.791909] ? ktime_get_ts64+0x86/0x230 [ 13.791931] kunit_try_run_case+0x1a5/0x480 [ 13.791953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.791974] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.791996] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.792018] ? __kthread_parkme+0x82/0x180 [ 13.792037] ? preempt_count_sub+0x50/0x80 [ 13.792059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.792082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.792120] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.792142] kthread+0x337/0x6f0 [ 13.792161] ? trace_preempt_on+0x20/0xc0 [ 13.792187] ? __pfx_kthread+0x10/0x10 [ 13.792206] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.792226] ? calculate_sigpending+0x7b/0xa0 [ 13.792249] ? __pfx_kthread+0x10/0x10 [ 13.792269] ret_from_fork+0x116/0x1d0 [ 13.792286] ? __pfx_kthread+0x10/0x10 [ 13.792307] ret_from_fork_asm+0x1a/0x30 [ 13.792344] </TASK> [ 13.792355] [ 13.804848] Allocated by task 279: [ 13.804987] kasan_save_stack+0x45/0x70 [ 13.805152] kasan_save_track+0x18/0x40 [ 13.805290] kasan_save_alloc_info+0x3b/0x50 [ 13.805474] __kasan_kmalloc+0xb7/0xc0 [ 13.805660] __kmalloc_cache_noprof+0x189/0x420 [ 13.805869] kasan_bitops_generic+0x92/0x1c0 [ 13.806021] kunit_try_run_case+0x1a5/0x480 [ 13.806242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.806535] kthread+0x337/0x6f0 [ 13.806696] ret_from_fork+0x116/0x1d0 [ 13.806830] ret_from_fork_asm+0x1a/0x30 [ 13.807026] [ 13.807135] The buggy address belongs to the object at ffff888101745ee0 [ 13.807135] which belongs to the cache kmalloc-16 of size 16 [ 13.807665] The buggy address is located 8 bytes inside of [ 13.807665] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.808032] [ 13.808129] The buggy address belongs to the physical page: [ 13.808379] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.808869] flags: 0x200000000000000(node=0|zone=2) [ 13.809039] page_type: f5(slab) [ 13.809176] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.809733] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.810150] page dumped because: kasan: bad access detected [ 13.810379] [ 13.810456] Memory state around the buggy address: [ 13.810674] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.810929] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.811267] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.811573] ^ [ 13.811867] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.812132] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.812526] ================================================================== [ 13.813118] ================================================================== [ 13.813516] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.813908] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.814211] [ 13.814315] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.814356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.814368] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.814389] Call Trace: [ 13.814404] <TASK> [ 13.814419] dump_stack_lvl+0x73/0xb0 [ 13.814444] print_report+0xd1/0x650 [ 13.814466] ? __virt_addr_valid+0x1db/0x2d0 [ 13.814488] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.814513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.814535] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.814562] kasan_report+0x141/0x180 [ 13.814584] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.814614] kasan_check_range+0x10c/0x1c0 [ 13.814637] __kasan_check_write+0x18/0x20 [ 13.814654] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.814681] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.814707] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.814731] ? trace_hardirqs_on+0x37/0xe0 [ 13.814756] ? kasan_bitops_generic+0x92/0x1c0 [ 13.814783] kasan_bitops_generic+0x121/0x1c0 [ 13.814807] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.814830] ? __pfx_read_tsc+0x10/0x10 [ 13.814851] ? ktime_get_ts64+0x86/0x230 [ 13.814875] kunit_try_run_case+0x1a5/0x480 [ 13.814897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.814918] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.814940] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.814961] ? __kthread_parkme+0x82/0x180 [ 13.814981] ? preempt_count_sub+0x50/0x80 [ 13.815003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.815025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.815047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.815069] kthread+0x337/0x6f0 [ 13.815087] ? trace_preempt_on+0x20/0xc0 [ 13.815125] ? __pfx_kthread+0x10/0x10 [ 13.815147] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.815169] ? calculate_sigpending+0x7b/0xa0 [ 13.815192] ? __pfx_kthread+0x10/0x10 [ 13.815217] ret_from_fork+0x116/0x1d0 [ 13.815234] ? __pfx_kthread+0x10/0x10 [ 13.815255] ret_from_fork_asm+0x1a/0x30 [ 13.815285] </TASK> [ 13.815296] [ 13.823196] Allocated by task 279: [ 13.823399] kasan_save_stack+0x45/0x70 [ 13.823544] kasan_save_track+0x18/0x40 [ 13.823680] kasan_save_alloc_info+0x3b/0x50 [ 13.823884] __kasan_kmalloc+0xb7/0xc0 [ 13.824073] __kmalloc_cache_noprof+0x189/0x420 [ 13.824308] kasan_bitops_generic+0x92/0x1c0 [ 13.824528] kunit_try_run_case+0x1a5/0x480 [ 13.824727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.824960] kthread+0x337/0x6f0 [ 13.825115] ret_from_fork+0x116/0x1d0 [ 13.825287] ret_from_fork_asm+0x1a/0x30 [ 13.825560] [ 13.825636] The buggy address belongs to the object at ffff888101745ee0 [ 13.825636] which belongs to the cache kmalloc-16 of size 16 [ 13.826107] The buggy address is located 8 bytes inside of [ 13.826107] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.826537] [ 13.826636] The buggy address belongs to the physical page: [ 13.826878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.827126] flags: 0x200000000000000(node=0|zone=2) [ 13.827416] page_type: f5(slab) [ 13.827587] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.827929] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.828246] page dumped because: kasan: bad access detected [ 13.828493] [ 13.828581] Memory state around the buggy address: [ 13.828773] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.829048] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.829303] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.829683] ^ [ 13.829913] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.830210] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.830518] ================================================================== [ 13.727838] ================================================================== [ 13.728076] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.729365] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.729951] [ 13.730270] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.730339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.730352] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.730373] Call Trace: [ 13.730390] <TASK> [ 13.730404] dump_stack_lvl+0x73/0xb0 [ 13.730432] print_report+0xd1/0x650 [ 13.730455] ? __virt_addr_valid+0x1db/0x2d0 [ 13.730477] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.730502] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.730526] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.730554] kasan_report+0x141/0x180 [ 13.730576] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.730607] kasan_check_range+0x10c/0x1c0 [ 13.730630] __kasan_check_write+0x18/0x20 [ 13.730648] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.730674] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.730701] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.730726] ? trace_hardirqs_on+0x37/0xe0 [ 13.730752] ? kasan_bitops_generic+0x92/0x1c0 [ 13.730778] kasan_bitops_generic+0x121/0x1c0 [ 13.730800] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.730824] ? __pfx_read_tsc+0x10/0x10 [ 13.730845] ? ktime_get_ts64+0x86/0x230 [ 13.730868] kunit_try_run_case+0x1a5/0x480 [ 13.730891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.730913] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.730934] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.730956] ? __kthread_parkme+0x82/0x180 [ 13.730975] ? preempt_count_sub+0x50/0x80 [ 13.730999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.731022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.731045] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.731067] kthread+0x337/0x6f0 [ 13.731085] ? trace_preempt_on+0x20/0xc0 [ 13.731351] ? __pfx_kthread+0x10/0x10 [ 13.731374] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.731396] ? calculate_sigpending+0x7b/0xa0 [ 13.731419] ? __pfx_kthread+0x10/0x10 [ 13.731440] ret_from_fork+0x116/0x1d0 [ 13.731458] ? __pfx_kthread+0x10/0x10 [ 13.731479] ret_from_fork_asm+0x1a/0x30 [ 13.731511] </TASK> [ 13.731522] [ 13.743720] Allocated by task 279: [ 13.744265] kasan_save_stack+0x45/0x70 [ 13.744599] kasan_save_track+0x18/0x40 [ 13.744892] kasan_save_alloc_info+0x3b/0x50 [ 13.745382] __kasan_kmalloc+0xb7/0xc0 [ 13.745592] __kmalloc_cache_noprof+0x189/0x420 [ 13.746040] kasan_bitops_generic+0x92/0x1c0 [ 13.746463] kunit_try_run_case+0x1a5/0x480 [ 13.746763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.747124] kthread+0x337/0x6f0 [ 13.747529] ret_from_fork+0x116/0x1d0 [ 13.747731] ret_from_fork_asm+0x1a/0x30 [ 13.747907] [ 13.748005] The buggy address belongs to the object at ffff888101745ee0 [ 13.748005] which belongs to the cache kmalloc-16 of size 16 [ 13.748540] The buggy address is located 8 bytes inside of [ 13.748540] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.749016] [ 13.749740] The buggy address belongs to the physical page: [ 13.750229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.750736] flags: 0x200000000000000(node=0|zone=2) [ 13.751091] page_type: f5(slab) [ 13.751498] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.751939] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.752672] page dumped because: kasan: bad access detected [ 13.753042] [ 13.753464] Memory state around the buggy address: [ 13.753688] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.754002] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.754623] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.755105] ^ [ 13.755612] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.756030] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.756531] ================================================================== [ 13.848828] ================================================================== [ 13.849294] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.849689] Read of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.849941] [ 13.850041] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.850081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.850092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.850126] Call Trace: [ 13.850139] <TASK> [ 13.850152] dump_stack_lvl+0x73/0xb0 [ 13.850177] print_report+0xd1/0x650 [ 13.850198] ? __virt_addr_valid+0x1db/0x2d0 [ 13.850219] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850245] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.850265] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850292] kasan_report+0x141/0x180 [ 13.850313] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850343] __asan_report_load8_noabort+0x18/0x20 [ 13.850367] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850393] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.850420] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.850442] ? trace_hardirqs_on+0x37/0xe0 [ 13.850468] ? kasan_bitops_generic+0x92/0x1c0 [ 13.850494] kasan_bitops_generic+0x121/0x1c0 [ 13.850516] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.850540] ? __pfx_read_tsc+0x10/0x10 [ 13.850559] ? ktime_get_ts64+0x86/0x230 [ 13.850581] kunit_try_run_case+0x1a5/0x480 [ 13.850605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.850626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.850649] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.850671] ? __kthread_parkme+0x82/0x180 [ 13.850690] ? preempt_count_sub+0x50/0x80 [ 13.850712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.850735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.850757] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.850779] kthread+0x337/0x6f0 [ 13.850797] ? trace_preempt_on+0x20/0xc0 [ 13.850822] ? __pfx_kthread+0x10/0x10 [ 13.850842] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.850862] ? calculate_sigpending+0x7b/0xa0 [ 13.850884] ? __pfx_kthread+0x10/0x10 [ 13.850905] ret_from_fork+0x116/0x1d0 [ 13.850923] ? __pfx_kthread+0x10/0x10 [ 13.850942] ret_from_fork_asm+0x1a/0x30 [ 13.850971] </TASK> [ 13.850981] [ 13.858595] Allocated by task 279: [ 13.858772] kasan_save_stack+0x45/0x70 [ 13.858969] kasan_save_track+0x18/0x40 [ 13.859169] kasan_save_alloc_info+0x3b/0x50 [ 13.859456] __kasan_kmalloc+0xb7/0xc0 [ 13.859643] __kmalloc_cache_noprof+0x189/0x420 [ 13.859867] kasan_bitops_generic+0x92/0x1c0 [ 13.860077] kunit_try_run_case+0x1a5/0x480 [ 13.860296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.860806] kthread+0x337/0x6f0 [ 13.860968] ret_from_fork+0x116/0x1d0 [ 13.861132] ret_from_fork_asm+0x1a/0x30 [ 13.861298] [ 13.861462] The buggy address belongs to the object at ffff888101745ee0 [ 13.861462] which belongs to the cache kmalloc-16 of size 16 [ 13.861921] The buggy address is located 8 bytes inside of [ 13.861921] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.862448] [ 13.862524] The buggy address belongs to the physical page: [ 13.862699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.862939] flags: 0x200000000000000(node=0|zone=2) [ 13.863121] page_type: f5(slab) [ 13.863248] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.863570] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.863908] page dumped because: kasan: bad access detected [ 13.864172] [ 13.864267] Memory state around the buggy address: [ 13.864492] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.865075] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.865371] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.865670] ^ [ 13.865944] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.866243] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.866530] ================================================================== [ 13.629919] ================================================================== [ 13.630298] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.630706] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.631021] [ 13.631137] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.631178] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.631189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.631215] Call Trace: [ 13.631229] <TASK> [ 13.631378] dump_stack_lvl+0x73/0xb0 [ 13.631410] print_report+0xd1/0x650 [ 13.631433] ? __virt_addr_valid+0x1db/0x2d0 [ 13.631455] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.631481] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.631503] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.631531] kasan_report+0x141/0x180 [ 13.631554] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.631589] kasan_check_range+0x10c/0x1c0 [ 13.631612] __kasan_check_write+0x18/0x20 [ 13.631630] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.631658] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.631687] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.631712] ? trace_hardirqs_on+0x37/0xe0 [ 13.631738] ? kasan_bitops_generic+0x92/0x1c0 [ 13.631765] kasan_bitops_generic+0x121/0x1c0 [ 13.631789] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.631814] ? __pfx_read_tsc+0x10/0x10 [ 13.631834] ? ktime_get_ts64+0x86/0x230 [ 13.631857] kunit_try_run_case+0x1a5/0x480 [ 13.631879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.631901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.631924] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.631945] ? __kthread_parkme+0x82/0x180 [ 13.631965] ? preempt_count_sub+0x50/0x80 [ 13.631987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.632010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.632032] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.632054] kthread+0x337/0x6f0 [ 13.632072] ? trace_preempt_on+0x20/0xc0 [ 13.632118] ? __pfx_kthread+0x10/0x10 [ 13.632139] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.632159] ? calculate_sigpending+0x7b/0xa0 [ 13.632182] ? __pfx_kthread+0x10/0x10 [ 13.632203] ret_from_fork+0x116/0x1d0 [ 13.632221] ? __pfx_kthread+0x10/0x10 [ 13.632241] ret_from_fork_asm+0x1a/0x30 [ 13.632271] </TASK> [ 13.632281] [ 13.642836] Allocated by task 279: [ 13.643019] kasan_save_stack+0x45/0x70 [ 13.643573] kasan_save_track+0x18/0x40 [ 13.643765] kasan_save_alloc_info+0x3b/0x50 [ 13.643981] __kasan_kmalloc+0xb7/0xc0 [ 13.644229] __kmalloc_cache_noprof+0x189/0x420 [ 13.644454] kasan_bitops_generic+0x92/0x1c0 [ 13.644633] kunit_try_run_case+0x1a5/0x480 [ 13.644782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.644959] kthread+0x337/0x6f0 [ 13.645139] ret_from_fork+0x116/0x1d0 [ 13.645381] ret_from_fork_asm+0x1a/0x30 [ 13.645994] [ 13.647801] The buggy address belongs to the object at ffff888101745ee0 [ 13.647801] which belongs to the cache kmalloc-16 of size 16 [ 13.648310] The buggy address is located 8 bytes inside of [ 13.648310] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.648667] [ 13.648741] The buggy address belongs to the physical page: [ 13.648917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.650572] flags: 0x200000000000000(node=0|zone=2) [ 13.650748] page_type: f5(slab) [ 13.650873] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.651122] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.651374] page dumped because: kasan: bad access detected [ 13.651553] [ 13.651626] Memory state around the buggy address: [ 13.651785] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.652004] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.653299] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.653822] ^ [ 13.654029] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.655386] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.656687] ================================================================== [ 13.831230] ================================================================== [ 13.831529] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.831906] Read of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.832238] [ 13.832360] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.832400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.832410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.832430] Call Trace: [ 13.832442] <TASK> [ 13.832455] dump_stack_lvl+0x73/0xb0 [ 13.832481] print_report+0xd1/0x650 [ 13.832502] ? __virt_addr_valid+0x1db/0x2d0 [ 13.832524] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.832550] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.832571] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.832596] kasan_report+0x141/0x180 [ 13.832618] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.832648] kasan_check_range+0x10c/0x1c0 [ 13.832670] __kasan_check_read+0x15/0x20 [ 13.832689] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.832715] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.832742] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.832765] ? trace_hardirqs_on+0x37/0xe0 [ 13.832792] ? kasan_bitops_generic+0x92/0x1c0 [ 13.832817] kasan_bitops_generic+0x121/0x1c0 [ 13.832840] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.832863] ? __pfx_read_tsc+0x10/0x10 [ 13.832884] ? ktime_get_ts64+0x86/0x230 [ 13.832906] kunit_try_run_case+0x1a5/0x480 [ 13.832929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.832950] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.832973] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.832994] ? __kthread_parkme+0x82/0x180 [ 13.833014] ? preempt_count_sub+0x50/0x80 [ 13.833037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.833060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.833082] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.833117] kthread+0x337/0x6f0 [ 13.833137] ? trace_preempt_on+0x20/0xc0 [ 13.833162] ? __pfx_kthread+0x10/0x10 [ 13.833182] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.833202] ? calculate_sigpending+0x7b/0xa0 [ 13.833225] ? __pfx_kthread+0x10/0x10 [ 13.833246] ret_from_fork+0x116/0x1d0 [ 13.833264] ? __pfx_kthread+0x10/0x10 [ 13.833284] ret_from_fork_asm+0x1a/0x30 [ 13.833313] </TASK> [ 13.833335] [ 13.841108] Allocated by task 279: [ 13.841285] kasan_save_stack+0x45/0x70 [ 13.841490] kasan_save_track+0x18/0x40 [ 13.841676] kasan_save_alloc_info+0x3b/0x50 [ 13.841828] __kasan_kmalloc+0xb7/0xc0 [ 13.841961] __kmalloc_cache_noprof+0x189/0x420 [ 13.842137] kasan_bitops_generic+0x92/0x1c0 [ 13.842345] kunit_try_run_case+0x1a5/0x480 [ 13.842566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.842818] kthread+0x337/0x6f0 [ 13.842984] ret_from_fork+0x116/0x1d0 [ 13.843159] ret_from_fork_asm+0x1a/0x30 [ 13.843371] [ 13.843454] The buggy address belongs to the object at ffff888101745ee0 [ 13.843454] which belongs to the cache kmalloc-16 of size 16 [ 13.843931] The buggy address is located 8 bytes inside of [ 13.843931] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.844419] [ 13.844496] The buggy address belongs to the physical page: [ 13.844717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.845015] flags: 0x200000000000000(node=0|zone=2) [ 13.845230] page_type: f5(slab) [ 13.845425] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.845720] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.846026] page dumped because: kasan: bad access detected [ 13.846256] [ 13.846370] Memory state around the buggy address: [ 13.846565] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.846815] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.847032] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.847331] ^ [ 13.847658] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.848117] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.848376] ================================================================== [ 13.696466] ================================================================== [ 13.697039] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.697741] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.698065] [ 13.698198] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.698243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.698254] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.698276] Call Trace: [ 13.698292] <TASK> [ 13.698308] dump_stack_lvl+0x73/0xb0 [ 13.698845] print_report+0xd1/0x650 [ 13.698873] ? __virt_addr_valid+0x1db/0x2d0 [ 13.698898] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.698924] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.698947] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.698973] kasan_report+0x141/0x180 [ 13.698994] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.699025] kasan_check_range+0x10c/0x1c0 [ 13.699048] __kasan_check_write+0x18/0x20 [ 13.699067] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.699112] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.699139] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.699230] ? trace_hardirqs_on+0x37/0xe0 [ 13.699259] ? kasan_bitops_generic+0x92/0x1c0 [ 13.699285] kasan_bitops_generic+0x121/0x1c0 [ 13.699309] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.699332] ? __pfx_read_tsc+0x10/0x10 [ 13.699353] ? ktime_get_ts64+0x86/0x230 [ 13.699376] kunit_try_run_case+0x1a5/0x480 [ 13.699399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.699421] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.699444] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.699466] ? __kthread_parkme+0x82/0x180 [ 13.699486] ? preempt_count_sub+0x50/0x80 [ 13.699508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.699532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.699553] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.699575] kthread+0x337/0x6f0 [ 13.699596] ? trace_preempt_on+0x20/0xc0 [ 13.699621] ? __pfx_kthread+0x10/0x10 [ 13.699641] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.699662] ? calculate_sigpending+0x7b/0xa0 [ 13.699685] ? __pfx_kthread+0x10/0x10 [ 13.699706] ret_from_fork+0x116/0x1d0 [ 13.699724] ? __pfx_kthread+0x10/0x10 [ 13.699744] ret_from_fork_asm+0x1a/0x30 [ 13.699773] </TASK> [ 13.699785] [ 13.715009] Allocated by task 279: [ 13.715478] kasan_save_stack+0x45/0x70 [ 13.715656] kasan_save_track+0x18/0x40 [ 13.715853] kasan_save_alloc_info+0x3b/0x50 [ 13.716054] __kasan_kmalloc+0xb7/0xc0 [ 13.716242] __kmalloc_cache_noprof+0x189/0x420 [ 13.716457] kasan_bitops_generic+0x92/0x1c0 [ 13.716655] kunit_try_run_case+0x1a5/0x480 [ 13.716853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.717093] kthread+0x337/0x6f0 [ 13.718070] ret_from_fork+0x116/0x1d0 [ 13.718526] ret_from_fork_asm+0x1a/0x30 [ 13.718728] [ 13.718809] The buggy address belongs to the object at ffff888101745ee0 [ 13.718809] which belongs to the cache kmalloc-16 of size 16 [ 13.719922] The buggy address is located 8 bytes inside of [ 13.719922] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.720806] [ 13.720920] The buggy address belongs to the physical page: [ 13.721407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.721890] flags: 0x200000000000000(node=0|zone=2) [ 13.722133] page_type: f5(slab) [ 13.722578] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.722987] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.723713] page dumped because: kasan: bad access detected [ 13.724079] [ 13.724406] Memory state around the buggy address: [ 13.724647] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.725262] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.725673] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.726217] ^ [ 13.726693] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.727001] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.727347] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.548827] ================================================================== [ 13.549146] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.549586] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.549881] [ 13.549968] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.550011] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.550022] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.550043] Call Trace: [ 13.550055] <TASK> [ 13.550069] dump_stack_lvl+0x73/0xb0 [ 13.550093] print_report+0xd1/0x650 [ 13.550131] ? __virt_addr_valid+0x1db/0x2d0 [ 13.550153] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.550178] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.550199] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.550224] kasan_report+0x141/0x180 [ 13.550246] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.550275] kasan_check_range+0x10c/0x1c0 [ 13.550298] __kasan_check_write+0x18/0x20 [ 13.550317] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.550342] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.550368] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.550392] ? trace_hardirqs_on+0x37/0xe0 [ 13.550418] ? kasan_bitops_generic+0x92/0x1c0 [ 13.550446] kasan_bitops_generic+0x116/0x1c0 [ 13.550470] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.550494] ? __pfx_read_tsc+0x10/0x10 [ 13.550514] ? ktime_get_ts64+0x86/0x230 [ 13.550537] kunit_try_run_case+0x1a5/0x480 [ 13.550561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.550582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.550605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.550627] ? __kthread_parkme+0x82/0x180 [ 13.550646] ? preempt_count_sub+0x50/0x80 [ 13.550669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.550692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.550714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.550737] kthread+0x337/0x6f0 [ 13.550756] ? trace_preempt_on+0x20/0xc0 [ 13.550782] ? __pfx_kthread+0x10/0x10 [ 13.550802] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.550823] ? calculate_sigpending+0x7b/0xa0 [ 13.550845] ? __pfx_kthread+0x10/0x10 [ 13.550866] ret_from_fork+0x116/0x1d0 [ 13.550884] ? __pfx_kthread+0x10/0x10 [ 13.550904] ret_from_fork_asm+0x1a/0x30 [ 13.550934] </TASK> [ 13.550945] [ 13.559718] Allocated by task 279: [ 13.559949] kasan_save_stack+0x45/0x70 [ 13.560435] kasan_save_track+0x18/0x40 [ 13.560590] kasan_save_alloc_info+0x3b/0x50 [ 13.560805] __kasan_kmalloc+0xb7/0xc0 [ 13.560951] __kmalloc_cache_noprof+0x189/0x420 [ 13.561187] kasan_bitops_generic+0x92/0x1c0 [ 13.561495] kunit_try_run_case+0x1a5/0x480 [ 13.561670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.561850] kthread+0x337/0x6f0 [ 13.561974] ret_from_fork+0x116/0x1d0 [ 13.562175] ret_from_fork_asm+0x1a/0x30 [ 13.562373] [ 13.562738] The buggy address belongs to the object at ffff888101745ee0 [ 13.562738] which belongs to the cache kmalloc-16 of size 16 [ 13.563494] The buggy address is located 8 bytes inside of [ 13.563494] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.563925] [ 13.564001] The buggy address belongs to the physical page: [ 13.564203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.564713] flags: 0x200000000000000(node=0|zone=2) [ 13.564902] page_type: f5(slab) [ 13.565023] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.565546] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.565845] page dumped because: kasan: bad access detected [ 13.566020] [ 13.566116] Memory state around the buggy address: [ 13.566609] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.566943] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.567366] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.567645] ^ [ 13.567877] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.568144] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.568775] ================================================================== [ 13.522317] ================================================================== [ 13.522886] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.523441] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.524066] [ 13.524276] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.524321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.524333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.524353] Call Trace: [ 13.524364] <TASK> [ 13.524379] dump_stack_lvl+0x73/0xb0 [ 13.524406] print_report+0xd1/0x650 [ 13.524428] ? __virt_addr_valid+0x1db/0x2d0 [ 13.524451] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.524475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.524496] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.524522] kasan_report+0x141/0x180 [ 13.524543] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.524573] kasan_check_range+0x10c/0x1c0 [ 13.524596] __kasan_check_write+0x18/0x20 [ 13.524614] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.524639] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.524684] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.524707] ? trace_hardirqs_on+0x37/0xe0 [ 13.524733] ? kasan_bitops_generic+0x92/0x1c0 [ 13.524760] kasan_bitops_generic+0x116/0x1c0 [ 13.524783] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.524807] ? __pfx_read_tsc+0x10/0x10 [ 13.524828] ? ktime_get_ts64+0x86/0x230 [ 13.524852] kunit_try_run_case+0x1a5/0x480 [ 13.524874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.524896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.524918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.524940] ? __kthread_parkme+0x82/0x180 [ 13.524959] ? preempt_count_sub+0x50/0x80 [ 13.524982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.525005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.525028] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.525051] kthread+0x337/0x6f0 [ 13.525069] ? trace_preempt_on+0x20/0xc0 [ 13.525110] ? __pfx_kthread+0x10/0x10 [ 13.525131] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.525151] ? calculate_sigpending+0x7b/0xa0 [ 13.525174] ? __pfx_kthread+0x10/0x10 [ 13.525195] ret_from_fork+0x116/0x1d0 [ 13.525213] ? __pfx_kthread+0x10/0x10 [ 13.525234] ret_from_fork_asm+0x1a/0x30 [ 13.525263] </TASK> [ 13.525274] [ 13.537304] Allocated by task 279: [ 13.537480] kasan_save_stack+0x45/0x70 [ 13.537664] kasan_save_track+0x18/0x40 [ 13.537802] kasan_save_alloc_info+0x3b/0x50 [ 13.537955] __kasan_kmalloc+0xb7/0xc0 [ 13.538213] __kmalloc_cache_noprof+0x189/0x420 [ 13.538922] kasan_bitops_generic+0x92/0x1c0 [ 13.539407] kunit_try_run_case+0x1a5/0x480 [ 13.539986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.540519] kthread+0x337/0x6f0 [ 13.540705] ret_from_fork+0x116/0x1d0 [ 13.540891] ret_from_fork_asm+0x1a/0x30 [ 13.541121] [ 13.541586] The buggy address belongs to the object at ffff888101745ee0 [ 13.541586] which belongs to the cache kmalloc-16 of size 16 [ 13.542007] The buggy address is located 8 bytes inside of [ 13.542007] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.542744] [ 13.542863] The buggy address belongs to the physical page: [ 13.543175] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.543573] flags: 0x200000000000000(node=0|zone=2) [ 13.544000] page_type: f5(slab) [ 13.544189] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.544656] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.545012] page dumped because: kasan: bad access detected [ 13.545277] [ 13.545490] Memory state around the buggy address: [ 13.545712] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.546029] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.546501] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.547047] ^ [ 13.547395] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.547789] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.548049] ================================================================== [ 13.446039] ================================================================== [ 13.447436] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.447980] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.448528] [ 13.448786] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.448839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.448852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.448875] Call Trace: [ 13.448891] <TASK> [ 13.448909] dump_stack_lvl+0x73/0xb0 [ 13.448940] print_report+0xd1/0x650 [ 13.448962] ? __virt_addr_valid+0x1db/0x2d0 [ 13.448985] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.449009] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.449030] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.449055] kasan_report+0x141/0x180 [ 13.449076] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.449119] kasan_check_range+0x10c/0x1c0 [ 13.449149] __kasan_check_write+0x18/0x20 [ 13.449167] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.449192] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.449219] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.449242] ? trace_hardirqs_on+0x37/0xe0 [ 13.449268] ? kasan_bitops_generic+0x92/0x1c0 [ 13.449295] kasan_bitops_generic+0x116/0x1c0 [ 13.449317] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.449341] ? __pfx_read_tsc+0x10/0x10 [ 13.449362] ? ktime_get_ts64+0x86/0x230 [ 13.449385] kunit_try_run_case+0x1a5/0x480 [ 13.449409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.449431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.449454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.449476] ? __kthread_parkme+0x82/0x180 [ 13.449496] ? preempt_count_sub+0x50/0x80 [ 13.449518] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.449542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.449564] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.449587] kthread+0x337/0x6f0 [ 13.449606] ? trace_preempt_on+0x20/0xc0 [ 13.449632] ? __pfx_kthread+0x10/0x10 [ 13.449652] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.449672] ? calculate_sigpending+0x7b/0xa0 [ 13.449695] ? __pfx_kthread+0x10/0x10 [ 13.449715] ret_from_fork+0x116/0x1d0 [ 13.449733] ? __pfx_kthread+0x10/0x10 [ 13.449753] ret_from_fork_asm+0x1a/0x30 [ 13.449782] </TASK> [ 13.449795] [ 13.461711] Allocated by task 279: [ 13.461926] kasan_save_stack+0x45/0x70 [ 13.462239] kasan_save_track+0x18/0x40 [ 13.462505] kasan_save_alloc_info+0x3b/0x50 [ 13.462738] __kasan_kmalloc+0xb7/0xc0 [ 13.462939] __kmalloc_cache_noprof+0x189/0x420 [ 13.463270] kasan_bitops_generic+0x92/0x1c0 [ 13.463531] kunit_try_run_case+0x1a5/0x480 [ 13.463754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.464035] kthread+0x337/0x6f0 [ 13.464474] ret_from_fork+0x116/0x1d0 [ 13.464697] ret_from_fork_asm+0x1a/0x30 [ 13.464876] [ 13.464967] The buggy address belongs to the object at ffff888101745ee0 [ 13.464967] which belongs to the cache kmalloc-16 of size 16 [ 13.465691] The buggy address is located 8 bytes inside of [ 13.465691] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.466259] [ 13.466358] The buggy address belongs to the physical page: [ 13.466563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.466935] flags: 0x200000000000000(node=0|zone=2) [ 13.467176] page_type: f5(slab) [ 13.467341] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.467699] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.467965] page dumped because: kasan: bad access detected [ 13.468464] [ 13.468580] Memory state around the buggy address: [ 13.468810] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.469083] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.469453] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.469827] ^ [ 13.470307] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.470795] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.471022] ================================================================== [ 13.569230] ================================================================== [ 13.569694] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.570019] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.570490] [ 13.570576] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.570615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.570627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.570646] Call Trace: [ 13.570661] <TASK> [ 13.570674] dump_stack_lvl+0x73/0xb0 [ 13.570701] print_report+0xd1/0x650 [ 13.570723] ? __virt_addr_valid+0x1db/0x2d0 [ 13.570744] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.570769] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.570791] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.570816] kasan_report+0x141/0x180 [ 13.570837] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.570867] kasan_check_range+0x10c/0x1c0 [ 13.570890] __kasan_check_write+0x18/0x20 [ 13.570909] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.570934] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.570961] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.570985] ? trace_hardirqs_on+0x37/0xe0 [ 13.571012] ? kasan_bitops_generic+0x92/0x1c0 [ 13.571039] kasan_bitops_generic+0x116/0x1c0 [ 13.571063] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.571086] ? __pfx_read_tsc+0x10/0x10 [ 13.571118] ? ktime_get_ts64+0x86/0x230 [ 13.571141] kunit_try_run_case+0x1a5/0x480 [ 13.571164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.571186] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.571218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.571240] ? __kthread_parkme+0x82/0x180 [ 13.571260] ? preempt_count_sub+0x50/0x80 [ 13.571283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.571307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.571347] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.571370] kthread+0x337/0x6f0 [ 13.571389] ? trace_preempt_on+0x20/0xc0 [ 13.571414] ? __pfx_kthread+0x10/0x10 [ 13.571434] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.571454] ? calculate_sigpending+0x7b/0xa0 [ 13.571477] ? __pfx_kthread+0x10/0x10 [ 13.571497] ret_from_fork+0x116/0x1d0 [ 13.571515] ? __pfx_kthread+0x10/0x10 [ 13.571534] ret_from_fork_asm+0x1a/0x30 [ 13.571564] </TASK> [ 13.571575] [ 13.579635] Allocated by task 279: [ 13.579768] kasan_save_stack+0x45/0x70 [ 13.579962] kasan_save_track+0x18/0x40 [ 13.580216] kasan_save_alloc_info+0x3b/0x50 [ 13.580576] __kasan_kmalloc+0xb7/0xc0 [ 13.580766] __kmalloc_cache_noprof+0x189/0x420 [ 13.580996] kasan_bitops_generic+0x92/0x1c0 [ 13.581410] kunit_try_run_case+0x1a5/0x480 [ 13.581596] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.581847] kthread+0x337/0x6f0 [ 13.581970] ret_from_fork+0x116/0x1d0 [ 13.582135] ret_from_fork_asm+0x1a/0x30 [ 13.582397] [ 13.582500] The buggy address belongs to the object at ffff888101745ee0 [ 13.582500] which belongs to the cache kmalloc-16 of size 16 [ 13.582956] The buggy address is located 8 bytes inside of [ 13.582956] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.583595] [ 13.583685] The buggy address belongs to the physical page: [ 13.583919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.584342] flags: 0x200000000000000(node=0|zone=2) [ 13.584549] page_type: f5(slab) [ 13.584715] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.584998] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.585355] page dumped because: kasan: bad access detected [ 13.585549] [ 13.585644] Memory state around the buggy address: [ 13.585855] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.586158] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.586413] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.586629] ^ [ 13.586830] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.587049] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.587530] ================================================================== [ 13.587987] ================================================================== [ 13.588336] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.588701] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.588987] [ 13.589070] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.589119] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.589131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.589150] Call Trace: [ 13.589162] <TASK> [ 13.589175] dump_stack_lvl+0x73/0xb0 [ 13.589200] print_report+0xd1/0x650 [ 13.589221] ? __virt_addr_valid+0x1db/0x2d0 [ 13.589243] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.589267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.589288] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.589313] kasan_report+0x141/0x180 [ 13.589335] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.589428] kasan_check_range+0x10c/0x1c0 [ 13.589452] __kasan_check_write+0x18/0x20 [ 13.589471] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.589496] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.589523] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.589548] ? trace_hardirqs_on+0x37/0xe0 [ 13.589575] ? kasan_bitops_generic+0x92/0x1c0 [ 13.589602] kasan_bitops_generic+0x116/0x1c0 [ 13.589625] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.589648] ? __pfx_read_tsc+0x10/0x10 [ 13.589668] ? ktime_get_ts64+0x86/0x230 [ 13.589691] kunit_try_run_case+0x1a5/0x480 [ 13.589714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.589736] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.589759] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.589781] ? __kthread_parkme+0x82/0x180 [ 13.589800] ? preempt_count_sub+0x50/0x80 [ 13.589823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.589846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.589868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.589890] kthread+0x337/0x6f0 [ 13.589909] ? trace_preempt_on+0x20/0xc0 [ 13.589934] ? __pfx_kthread+0x10/0x10 [ 13.589954] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.589974] ? calculate_sigpending+0x7b/0xa0 [ 13.589996] ? __pfx_kthread+0x10/0x10 [ 13.590017] ret_from_fork+0x116/0x1d0 [ 13.590035] ? __pfx_kthread+0x10/0x10 [ 13.590055] ret_from_fork_asm+0x1a/0x30 [ 13.590084] </TASK> [ 13.590105] [ 13.599573] Allocated by task 279: [ 13.599713] kasan_save_stack+0x45/0x70 [ 13.599862] kasan_save_track+0x18/0x40 [ 13.600048] kasan_save_alloc_info+0x3b/0x50 [ 13.600339] __kasan_kmalloc+0xb7/0xc0 [ 13.600537] __kmalloc_cache_noprof+0x189/0x420 [ 13.600764] kasan_bitops_generic+0x92/0x1c0 [ 13.600917] kunit_try_run_case+0x1a5/0x480 [ 13.601064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.601331] kthread+0x337/0x6f0 [ 13.601504] ret_from_fork+0x116/0x1d0 [ 13.601796] ret_from_fork_asm+0x1a/0x30 [ 13.601937] [ 13.602010] The buggy address belongs to the object at ffff888101745ee0 [ 13.602010] which belongs to the cache kmalloc-16 of size 16 [ 13.602404] The buggy address is located 8 bytes inside of [ 13.602404] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.603295] [ 13.603422] The buggy address belongs to the physical page: [ 13.603667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.603910] flags: 0x200000000000000(node=0|zone=2) [ 13.604077] page_type: f5(slab) [ 13.604439] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.604996] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.605455] page dumped because: kasan: bad access detected [ 13.605626] [ 13.605697] Memory state around the buggy address: [ 13.606082] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.606529] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.606752] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.606968] ^ [ 13.607481] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.607817] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.608178] ================================================================== [ 13.471673] ================================================================== [ 13.472012] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.472720] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.473039] [ 13.473199] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.473240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.473253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.473274] Call Trace: [ 13.473289] <TASK> [ 13.473304] dump_stack_lvl+0x73/0xb0 [ 13.473331] print_report+0xd1/0x650 [ 13.473357] ? __virt_addr_valid+0x1db/0x2d0 [ 13.473381] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.473446] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.473494] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.473521] kasan_report+0x141/0x180 [ 13.473544] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.473574] kasan_check_range+0x10c/0x1c0 [ 13.473597] __kasan_check_write+0x18/0x20 [ 13.473617] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.473641] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.473667] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.473691] ? trace_hardirqs_on+0x37/0xe0 [ 13.473750] ? kasan_bitops_generic+0x92/0x1c0 [ 13.473787] kasan_bitops_generic+0x116/0x1c0 [ 13.473811] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.473835] ? __pfx_read_tsc+0x10/0x10 [ 13.473855] ? ktime_get_ts64+0x86/0x230 [ 13.473879] kunit_try_run_case+0x1a5/0x480 [ 13.473908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.473929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.473952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.474006] ? __kthread_parkme+0x82/0x180 [ 13.474027] ? preempt_count_sub+0x50/0x80 [ 13.474049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.474072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.474094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.474130] kthread+0x337/0x6f0 [ 13.474149] ? trace_preempt_on+0x20/0xc0 [ 13.474177] ? __pfx_kthread+0x10/0x10 [ 13.474197] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.474218] ? calculate_sigpending+0x7b/0xa0 [ 13.474241] ? __pfx_kthread+0x10/0x10 [ 13.474262] ret_from_fork+0x116/0x1d0 [ 13.474280] ? __pfx_kthread+0x10/0x10 [ 13.474300] ret_from_fork_asm+0x1a/0x30 [ 13.474329] </TASK> [ 13.474341] [ 13.484726] Allocated by task 279: [ 13.484953] kasan_save_stack+0x45/0x70 [ 13.485271] kasan_save_track+0x18/0x40 [ 13.485441] kasan_save_alloc_info+0x3b/0x50 [ 13.485690] __kasan_kmalloc+0xb7/0xc0 [ 13.485887] __kmalloc_cache_noprof+0x189/0x420 [ 13.486068] kasan_bitops_generic+0x92/0x1c0 [ 13.486360] kunit_try_run_case+0x1a5/0x480 [ 13.486626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.486975] kthread+0x337/0x6f0 [ 13.487305] ret_from_fork+0x116/0x1d0 [ 13.487626] ret_from_fork_asm+0x1a/0x30 [ 13.487846] [ 13.487937] The buggy address belongs to the object at ffff888101745ee0 [ 13.487937] which belongs to the cache kmalloc-16 of size 16 [ 13.488782] The buggy address is located 8 bytes inside of [ 13.488782] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.489436] [ 13.489573] The buggy address belongs to the physical page: [ 13.489843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.490249] flags: 0x200000000000000(node=0|zone=2) [ 13.490599] page_type: f5(slab) [ 13.490784] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.491138] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.491639] page dumped because: kasan: bad access detected [ 13.491875] [ 13.491948] Memory state around the buggy address: [ 13.492120] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.492599] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.493035] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.493653] ^ [ 13.493906] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.494143] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.494359] ================================================================== [ 13.609434] ================================================================== [ 13.609761] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.610077] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.610584] [ 13.610684] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.610727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.610739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.610760] Call Trace: [ 13.610774] <TASK> [ 13.610789] dump_stack_lvl+0x73/0xb0 [ 13.610816] print_report+0xd1/0x650 [ 13.610838] ? __virt_addr_valid+0x1db/0x2d0 [ 13.610859] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.610884] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.610906] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.610930] kasan_report+0x141/0x180 [ 13.610952] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.610980] kasan_check_range+0x10c/0x1c0 [ 13.611003] __kasan_check_write+0x18/0x20 [ 13.611022] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.611047] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.611073] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.611110] ? trace_hardirqs_on+0x37/0xe0 [ 13.611136] ? kasan_bitops_generic+0x92/0x1c0 [ 13.611308] kasan_bitops_generic+0x116/0x1c0 [ 13.611337] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.611363] ? __pfx_read_tsc+0x10/0x10 [ 13.611384] ? ktime_get_ts64+0x86/0x230 [ 13.611407] kunit_try_run_case+0x1a5/0x480 [ 13.611430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.611451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.611474] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.611496] ? __kthread_parkme+0x82/0x180 [ 13.611516] ? preempt_count_sub+0x50/0x80 [ 13.611539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.611561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.611583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.611606] kthread+0x337/0x6f0 [ 13.611625] ? trace_preempt_on+0x20/0xc0 [ 13.611651] ? __pfx_kthread+0x10/0x10 [ 13.611671] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.611690] ? calculate_sigpending+0x7b/0xa0 [ 13.611713] ? __pfx_kthread+0x10/0x10 [ 13.611734] ret_from_fork+0x116/0x1d0 [ 13.611751] ? __pfx_kthread+0x10/0x10 [ 13.611771] ret_from_fork_asm+0x1a/0x30 [ 13.611800] </TASK> [ 13.611811] [ 13.620202] Allocated by task 279: [ 13.620425] kasan_save_stack+0x45/0x70 [ 13.620688] kasan_save_track+0x18/0x40 [ 13.621115] kasan_save_alloc_info+0x3b/0x50 [ 13.621267] __kasan_kmalloc+0xb7/0xc0 [ 13.621615] __kmalloc_cache_noprof+0x189/0x420 [ 13.621823] kasan_bitops_generic+0x92/0x1c0 [ 13.621975] kunit_try_run_case+0x1a5/0x480 [ 13.622262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.622698] kthread+0x337/0x6f0 [ 13.622865] ret_from_fork+0x116/0x1d0 [ 13.623057] ret_from_fork_asm+0x1a/0x30 [ 13.623525] [ 13.623615] The buggy address belongs to the object at ffff888101745ee0 [ 13.623615] which belongs to the cache kmalloc-16 of size 16 [ 13.623995] The buggy address is located 8 bytes inside of [ 13.623995] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.624363] [ 13.624463] The buggy address belongs to the physical page: [ 13.624717] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.625390] flags: 0x200000000000000(node=0|zone=2) [ 13.625592] page_type: f5(slab) [ 13.625715] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.625949] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.626257] page dumped because: kasan: bad access detected [ 13.626767] [ 13.626867] Memory state around the buggy address: [ 13.627108] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.627639] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.628176] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.628547] ^ [ 13.628755] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.629074] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.629400] ================================================================== [ 13.495005] ================================================================== [ 13.495669] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.496010] Write of size 8 at addr ffff888101745ee8 by task kunit_try_catch/279 [ 13.496502] [ 13.496643] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.496684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.496696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.496748] Call Trace: [ 13.496765] <TASK> [ 13.496778] dump_stack_lvl+0x73/0xb0 [ 13.496805] print_report+0xd1/0x650 [ 13.496827] ? __virt_addr_valid+0x1db/0x2d0 [ 13.496848] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.496899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.496922] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.496948] kasan_report+0x141/0x180 [ 13.496969] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.496999] kasan_check_range+0x10c/0x1c0 [ 13.497022] __kasan_check_write+0x18/0x20 [ 13.497041] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.497065] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.497091] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.497127] ? trace_hardirqs_on+0x37/0xe0 [ 13.497346] ? kasan_bitops_generic+0x92/0x1c0 [ 13.497384] kasan_bitops_generic+0x116/0x1c0 [ 13.497437] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.497487] ? __pfx_read_tsc+0x10/0x10 [ 13.497507] ? ktime_get_ts64+0x86/0x230 [ 13.497530] kunit_try_run_case+0x1a5/0x480 [ 13.497554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.497576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.497600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.497622] ? __kthread_parkme+0x82/0x180 [ 13.497642] ? preempt_count_sub+0x50/0x80 [ 13.497664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.497688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.497710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.497733] kthread+0x337/0x6f0 [ 13.497752] ? trace_preempt_on+0x20/0xc0 [ 13.497778] ? __pfx_kthread+0x10/0x10 [ 13.497798] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.497818] ? calculate_sigpending+0x7b/0xa0 [ 13.497842] ? __pfx_kthread+0x10/0x10 [ 13.497862] ret_from_fork+0x116/0x1d0 [ 13.497880] ? __pfx_kthread+0x10/0x10 [ 13.497900] ret_from_fork_asm+0x1a/0x30 [ 13.497930] </TASK> [ 13.497941] [ 13.507979] Allocated by task 279: [ 13.508151] kasan_save_stack+0x45/0x70 [ 13.508297] kasan_save_track+0x18/0x40 [ 13.508603] kasan_save_alloc_info+0x3b/0x50 [ 13.508820] __kasan_kmalloc+0xb7/0xc0 [ 13.508955] __kmalloc_cache_noprof+0x189/0x420 [ 13.509174] kasan_bitops_generic+0x92/0x1c0 [ 13.509637] kunit_try_run_case+0x1a5/0x480 [ 13.509849] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.510088] kthread+0x337/0x6f0 [ 13.510410] ret_from_fork+0x116/0x1d0 [ 13.510553] ret_from_fork_asm+0x1a/0x30 [ 13.510767] [ 13.510843] The buggy address belongs to the object at ffff888101745ee0 [ 13.510843] which belongs to the cache kmalloc-16 of size 16 [ 13.511622] The buggy address is located 8 bytes inside of [ 13.511622] allocated 9-byte region [ffff888101745ee0, ffff888101745ee9) [ 13.512880] [ 13.513110] The buggy address belongs to the physical page: [ 13.513776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 13.514514] flags: 0x200000000000000(node=0|zone=2) [ 13.514857] page_type: f5(slab) [ 13.514983] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.515323] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.516044] page dumped because: kasan: bad access detected [ 13.516724] [ 13.516887] Memory state around the buggy address: [ 13.517461] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 13.518055] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.518709] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.519270] ^ [ 13.519960] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.520210] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.521131] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.419681] ================================================================== [ 13.420031] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.420459] Read of size 1 at addr ffff8881038e6250 by task kunit_try_catch/277 [ 13.420795] [ 13.420897] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.420949] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.420962] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.420981] Call Trace: [ 13.421006] <TASK> [ 13.421019] dump_stack_lvl+0x73/0xb0 [ 13.421045] print_report+0xd1/0x650 [ 13.421069] ? __virt_addr_valid+0x1db/0x2d0 [ 13.421109] ? strnlen+0x73/0x80 [ 13.421126] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.421148] ? strnlen+0x73/0x80 [ 13.421176] kasan_report+0x141/0x180 [ 13.421208] ? strnlen+0x73/0x80 [ 13.421229] __asan_report_load1_noabort+0x18/0x20 [ 13.421253] strnlen+0x73/0x80 [ 13.421271] kasan_strings+0x615/0xe80 [ 13.421290] ? trace_hardirqs_on+0x37/0xe0 [ 13.421356] ? __pfx_kasan_strings+0x10/0x10 [ 13.421390] ? finish_task_switch.isra.0+0x153/0x700 [ 13.421412] ? __switch_to+0x47/0xf50 [ 13.421435] ? __schedule+0x10cc/0x2b60 [ 13.421457] ? __pfx_read_tsc+0x10/0x10 [ 13.421477] ? ktime_get_ts64+0x86/0x230 [ 13.421500] kunit_try_run_case+0x1a5/0x480 [ 13.421524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.421545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.421568] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.421590] ? __kthread_parkme+0x82/0x180 [ 13.421609] ? preempt_count_sub+0x50/0x80 [ 13.421632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.421655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.421677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.421702] kthread+0x337/0x6f0 [ 13.421720] ? trace_preempt_on+0x20/0xc0 [ 13.421742] ? __pfx_kthread+0x10/0x10 [ 13.421762] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.421783] ? calculate_sigpending+0x7b/0xa0 [ 13.421807] ? __pfx_kthread+0x10/0x10 [ 13.421828] ret_from_fork+0x116/0x1d0 [ 13.421846] ? __pfx_kthread+0x10/0x10 [ 13.421866] ret_from_fork_asm+0x1a/0x30 [ 13.421895] </TASK> [ 13.421906] [ 13.429986] Allocated by task 277: [ 13.430253] kasan_save_stack+0x45/0x70 [ 13.430449] kasan_save_track+0x18/0x40 [ 13.430661] kasan_save_alloc_info+0x3b/0x50 [ 13.430861] __kasan_kmalloc+0xb7/0xc0 [ 13.431041] __kmalloc_cache_noprof+0x189/0x420 [ 13.431512] kasan_strings+0xc0/0xe80 [ 13.431724] kunit_try_run_case+0x1a5/0x480 [ 13.431906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.432223] kthread+0x337/0x6f0 [ 13.432437] ret_from_fork+0x116/0x1d0 [ 13.432615] ret_from_fork_asm+0x1a/0x30 [ 13.432757] [ 13.432827] Freed by task 277: [ 13.432940] kasan_save_stack+0x45/0x70 [ 13.433076] kasan_save_track+0x18/0x40 [ 13.433225] kasan_save_free_info+0x3f/0x60 [ 13.433691] __kasan_slab_free+0x56/0x70 [ 13.433889] kfree+0x222/0x3f0 [ 13.434052] kasan_strings+0x2aa/0xe80 [ 13.434426] kunit_try_run_case+0x1a5/0x480 [ 13.434641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.434893] kthread+0x337/0x6f0 [ 13.435105] ret_from_fork+0x116/0x1d0 [ 13.435349] ret_from_fork_asm+0x1a/0x30 [ 13.435550] [ 13.435657] The buggy address belongs to the object at ffff8881038e6240 [ 13.435657] which belongs to the cache kmalloc-32 of size 32 [ 13.436012] The buggy address is located 16 bytes inside of [ 13.436012] freed 32-byte region [ffff8881038e6240, ffff8881038e6260) [ 13.436540] [ 13.436650] The buggy address belongs to the physical page: [ 13.436852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e6 [ 13.437094] flags: 0x200000000000000(node=0|zone=2) [ 13.437267] page_type: f5(slab) [ 13.437388] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.437984] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.438358] page dumped because: kasan: bad access detected [ 13.438617] [ 13.438712] Memory state around the buggy address: [ 13.439106] ffff8881038e6100: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.439677] ffff8881038e6180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.440000] >ffff8881038e6200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.440402] ^ [ 13.440585] ffff8881038e6280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.440906] ffff8881038e6300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.441329] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.387507] ================================================================== [ 13.388508] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.388805] Read of size 1 at addr ffff8881038e6250 by task kunit_try_catch/277 [ 13.389032] [ 13.389152] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.389197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.389258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.389281] Call Trace: [ 13.389297] <TASK> [ 13.389313] dump_stack_lvl+0x73/0xb0 [ 13.389339] print_report+0xd1/0x650 [ 13.389362] ? __virt_addr_valid+0x1db/0x2d0 [ 13.389384] ? strlen+0x8f/0xb0 [ 13.389401] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.389422] ? strlen+0x8f/0xb0 [ 13.389439] kasan_report+0x141/0x180 [ 13.389462] ? strlen+0x8f/0xb0 [ 13.389484] __asan_report_load1_noabort+0x18/0x20 [ 13.389509] strlen+0x8f/0xb0 [ 13.389528] kasan_strings+0x57b/0xe80 [ 13.389547] ? trace_hardirqs_on+0x37/0xe0 [ 13.389569] ? __pfx_kasan_strings+0x10/0x10 [ 13.389589] ? finish_task_switch.isra.0+0x153/0x700 [ 13.389609] ? __switch_to+0x47/0xf50 [ 13.389634] ? __schedule+0x10cc/0x2b60 [ 13.389656] ? __pfx_read_tsc+0x10/0x10 [ 13.389675] ? ktime_get_ts64+0x86/0x230 [ 13.389702] kunit_try_run_case+0x1a5/0x480 [ 13.389726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.389748] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.389769] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.389791] ? __kthread_parkme+0x82/0x180 [ 13.389810] ? preempt_count_sub+0x50/0x80 [ 13.389833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.389856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.389879] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.389901] kthread+0x337/0x6f0 [ 13.389920] ? trace_preempt_on+0x20/0xc0 [ 13.389941] ? __pfx_kthread+0x10/0x10 [ 13.389961] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.389982] ? calculate_sigpending+0x7b/0xa0 [ 13.390005] ? __pfx_kthread+0x10/0x10 [ 13.390026] ret_from_fork+0x116/0x1d0 [ 13.390045] ? __pfx_kthread+0x10/0x10 [ 13.390065] ret_from_fork_asm+0x1a/0x30 [ 13.390094] </TASK> [ 13.390121] [ 13.406259] Allocated by task 277: [ 13.406733] kasan_save_stack+0x45/0x70 [ 13.407191] kasan_save_track+0x18/0x40 [ 13.407594] kasan_save_alloc_info+0x3b/0x50 [ 13.408039] __kasan_kmalloc+0xb7/0xc0 [ 13.408257] __kmalloc_cache_noprof+0x189/0x420 [ 13.408752] kasan_strings+0xc0/0xe80 [ 13.409152] kunit_try_run_case+0x1a5/0x480 [ 13.409444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.409907] kthread+0x337/0x6f0 [ 13.410032] ret_from_fork+0x116/0x1d0 [ 13.410333] ret_from_fork_asm+0x1a/0x30 [ 13.410582] [ 13.410698] Freed by task 277: [ 13.410857] kasan_save_stack+0x45/0x70 [ 13.411047] kasan_save_track+0x18/0x40 [ 13.411284] kasan_save_free_info+0x3f/0x60 [ 13.411579] __kasan_slab_free+0x56/0x70 [ 13.411769] kfree+0x222/0x3f0 [ 13.411933] kasan_strings+0x2aa/0xe80 [ 13.412151] kunit_try_run_case+0x1a5/0x480 [ 13.412319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.412590] kthread+0x337/0x6f0 [ 13.412843] ret_from_fork+0x116/0x1d0 [ 13.412991] ret_from_fork_asm+0x1a/0x30 [ 13.413302] [ 13.413387] The buggy address belongs to the object at ffff8881038e6240 [ 13.413387] which belongs to the cache kmalloc-32 of size 32 [ 13.413891] The buggy address is located 16 bytes inside of [ 13.413891] freed 32-byte region [ffff8881038e6240, ffff8881038e6260) [ 13.414441] [ 13.414515] The buggy address belongs to the physical page: [ 13.414793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e6 [ 13.415321] flags: 0x200000000000000(node=0|zone=2) [ 13.415578] page_type: f5(slab) [ 13.415757] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.416024] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.416497] page dumped because: kasan: bad access detected [ 13.416677] [ 13.416753] Memory state around the buggy address: [ 13.416979] ffff8881038e6100: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.417339] ffff8881038e6180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.417746] >ffff8881038e6200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.418080] ^ [ 13.418470] ffff8881038e6280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.418754] ffff8881038e6300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.419080] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.358865] ================================================================== [ 13.359759] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.360015] Read of size 1 at addr ffff8881038e6250 by task kunit_try_catch/277 [ 13.360641] [ 13.360748] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.360791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.360802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.360822] Call Trace: [ 13.360838] <TASK> [ 13.360852] dump_stack_lvl+0x73/0xb0 [ 13.360879] print_report+0xd1/0x650 [ 13.360901] ? __virt_addr_valid+0x1db/0x2d0 [ 13.360924] ? kasan_strings+0xcbc/0xe80 [ 13.360945] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.360967] ? kasan_strings+0xcbc/0xe80 [ 13.360987] kasan_report+0x141/0x180 [ 13.361008] ? kasan_strings+0xcbc/0xe80 [ 13.361033] __asan_report_load1_noabort+0x18/0x20 [ 13.361058] kasan_strings+0xcbc/0xe80 [ 13.361077] ? trace_hardirqs_on+0x37/0xe0 [ 13.361111] ? __pfx_kasan_strings+0x10/0x10 [ 13.361131] ? finish_task_switch.isra.0+0x153/0x700 [ 13.361151] ? __switch_to+0x47/0xf50 [ 13.361174] ? __schedule+0x10cc/0x2b60 [ 13.361196] ? __pfx_read_tsc+0x10/0x10 [ 13.361217] ? ktime_get_ts64+0x86/0x230 [ 13.361240] kunit_try_run_case+0x1a5/0x480 [ 13.361262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.361284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.361304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.361327] ? __kthread_parkme+0x82/0x180 [ 13.361346] ? preempt_count_sub+0x50/0x80 [ 13.361368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.361391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.361413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.361436] kthread+0x337/0x6f0 [ 13.361455] ? trace_preempt_on+0x20/0xc0 [ 13.361477] ? __pfx_kthread+0x10/0x10 [ 13.361499] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.361520] ? calculate_sigpending+0x7b/0xa0 [ 13.361543] ? __pfx_kthread+0x10/0x10 [ 13.361563] ret_from_fork+0x116/0x1d0 [ 13.361581] ? __pfx_kthread+0x10/0x10 [ 13.361675] ret_from_fork_asm+0x1a/0x30 [ 13.361707] </TASK> [ 13.361718] [ 13.372308] Allocated by task 277: [ 13.372487] kasan_save_stack+0x45/0x70 [ 13.372678] kasan_save_track+0x18/0x40 [ 13.372853] kasan_save_alloc_info+0x3b/0x50 [ 13.373050] __kasan_kmalloc+0xb7/0xc0 [ 13.373362] __kmalloc_cache_noprof+0x189/0x420 [ 13.373573] kasan_strings+0xc0/0xe80 [ 13.373744] kunit_try_run_case+0x1a5/0x480 [ 13.373930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.374210] kthread+0x337/0x6f0 [ 13.374433] ret_from_fork+0x116/0x1d0 [ 13.374592] ret_from_fork_asm+0x1a/0x30 [ 13.374767] [ 13.374856] Freed by task 277: [ 13.374998] kasan_save_stack+0x45/0x70 [ 13.376123] kasan_save_track+0x18/0x40 [ 13.376292] kasan_save_free_info+0x3f/0x60 [ 13.376449] __kasan_slab_free+0x56/0x70 [ 13.376591] kfree+0x222/0x3f0 [ 13.376711] kasan_strings+0x2aa/0xe80 [ 13.376847] kunit_try_run_case+0x1a5/0x480 [ 13.376997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.377795] kthread+0x337/0x6f0 [ 13.377966] ret_from_fork+0x116/0x1d0 [ 13.378412] ret_from_fork_asm+0x1a/0x30 [ 13.378571] [ 13.378734] The buggy address belongs to the object at ffff8881038e6240 [ 13.378734] which belongs to the cache kmalloc-32 of size 32 [ 13.379340] The buggy address is located 16 bytes inside of [ 13.379340] freed 32-byte region [ffff8881038e6240, ffff8881038e6260) [ 13.379804] [ 13.379895] The buggy address belongs to the physical page: [ 13.380142] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e6 [ 13.381485] flags: 0x200000000000000(node=0|zone=2) [ 13.381821] page_type: f5(slab) [ 13.382410] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.382761] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.383074] page dumped because: kasan: bad access detected [ 13.383273] [ 13.383359] Memory state around the buggy address: [ 13.383624] ffff8881038e6100: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.383952] ffff8881038e6180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.384192] >ffff8881038e6200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.384474] ^ [ 13.384693] ffff8881038e6280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.385007] ffff8881038e6300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.385857] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.332030] ================================================================== [ 13.333512] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.333908] Read of size 1 at addr ffff8881038e6250 by task kunit_try_catch/277 [ 13.334386] [ 13.334660] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.334708] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.334720] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.334741] Call Trace: [ 13.334753] <TASK> [ 13.334767] dump_stack_lvl+0x73/0xb0 [ 13.334794] print_report+0xd1/0x650 [ 13.334818] ? __virt_addr_valid+0x1db/0x2d0 [ 13.334840] ? strcmp+0xb0/0xc0 [ 13.334860] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.334883] ? strcmp+0xb0/0xc0 [ 13.334903] kasan_report+0x141/0x180 [ 13.334925] ? strcmp+0xb0/0xc0 [ 13.334949] __asan_report_load1_noabort+0x18/0x20 [ 13.334973] strcmp+0xb0/0xc0 [ 13.334994] kasan_strings+0x431/0xe80 [ 13.335013] ? trace_hardirqs_on+0x37/0xe0 [ 13.335037] ? __pfx_kasan_strings+0x10/0x10 [ 13.335057] ? finish_task_switch.isra.0+0x153/0x700 [ 13.335078] ? __switch_to+0x47/0xf50 [ 13.335118] ? __schedule+0x10cc/0x2b60 [ 13.335141] ? __pfx_read_tsc+0x10/0x10 [ 13.335161] ? ktime_get_ts64+0x86/0x230 [ 13.335184] kunit_try_run_case+0x1a5/0x480 [ 13.335212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.335233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.335256] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.335278] ? __kthread_parkme+0x82/0x180 [ 13.335298] ? preempt_count_sub+0x50/0x80 [ 13.335320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.335343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.335365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.335388] kthread+0x337/0x6f0 [ 13.335407] ? trace_preempt_on+0x20/0xc0 [ 13.335428] ? __pfx_kthread+0x10/0x10 [ 13.335448] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.335468] ? calculate_sigpending+0x7b/0xa0 [ 13.335491] ? __pfx_kthread+0x10/0x10 [ 13.335512] ret_from_fork+0x116/0x1d0 [ 13.335530] ? __pfx_kthread+0x10/0x10 [ 13.335550] ret_from_fork_asm+0x1a/0x30 [ 13.335579] </TASK> [ 13.335590] [ 13.344691] Allocated by task 277: [ 13.345052] kasan_save_stack+0x45/0x70 [ 13.345298] kasan_save_track+0x18/0x40 [ 13.345454] kasan_save_alloc_info+0x3b/0x50 [ 13.345744] __kasan_kmalloc+0xb7/0xc0 [ 13.345939] __kmalloc_cache_noprof+0x189/0x420 [ 13.346142] kasan_strings+0xc0/0xe80 [ 13.346403] kunit_try_run_case+0x1a5/0x480 [ 13.346575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.346832] kthread+0x337/0x6f0 [ 13.346984] ret_from_fork+0x116/0x1d0 [ 13.347169] ret_from_fork_asm+0x1a/0x30 [ 13.347439] [ 13.347560] Freed by task 277: [ 13.347693] kasan_save_stack+0x45/0x70 [ 13.347860] kasan_save_track+0x18/0x40 [ 13.348030] kasan_save_free_info+0x3f/0x60 [ 13.348249] __kasan_slab_free+0x56/0x70 [ 13.348709] kfree+0x222/0x3f0 [ 13.348865] kasan_strings+0x2aa/0xe80 [ 13.349004] kunit_try_run_case+0x1a5/0x480 [ 13.349165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.349405] kthread+0x337/0x6f0 [ 13.349575] ret_from_fork+0x116/0x1d0 [ 13.349838] ret_from_fork_asm+0x1a/0x30 [ 13.349978] [ 13.350049] The buggy address belongs to the object at ffff8881038e6240 [ 13.350049] which belongs to the cache kmalloc-32 of size 32 [ 13.351249] The buggy address is located 16 bytes inside of [ 13.351249] freed 32-byte region [ffff8881038e6240, ffff8881038e6260) [ 13.352581] [ 13.352706] The buggy address belongs to the physical page: [ 13.352931] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e6 [ 13.353679] flags: 0x200000000000000(node=0|zone=2) [ 13.353909] page_type: f5(slab) [ 13.354072] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.354885] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.355389] page dumped because: kasan: bad access detected [ 13.355634] [ 13.355726] Memory state around the buggy address: [ 13.355939] ffff8881038e6100: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.356704] ffff8881038e6180: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.356959] >ffff8881038e6200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.357473] ^ [ 13.357727] ffff8881038e6280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.358020] ffff8881038e6300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.358401] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.298263] ================================================================== [ 13.298820] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.299122] Read of size 1 at addr ffff8881038e61d8 by task kunit_try_catch/275 [ 13.299748] [ 13.299937] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.299987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.299999] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.300020] Call Trace: [ 13.300032] <TASK> [ 13.300048] dump_stack_lvl+0x73/0xb0 [ 13.300074] print_report+0xd1/0x650 [ 13.300108] ? __virt_addr_valid+0x1db/0x2d0 [ 13.300210] ? memcmp+0x1b4/0x1d0 [ 13.300243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.300266] ? memcmp+0x1b4/0x1d0 [ 13.300283] kasan_report+0x141/0x180 [ 13.300325] ? memcmp+0x1b4/0x1d0 [ 13.300358] __asan_report_load1_noabort+0x18/0x20 [ 13.300382] memcmp+0x1b4/0x1d0 [ 13.300402] kasan_memcmp+0x18f/0x390 [ 13.300433] ? trace_hardirqs_on+0x37/0xe0 [ 13.300456] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.300476] ? finish_task_switch.isra.0+0x153/0x700 [ 13.300498] ? __switch_to+0x47/0xf50 [ 13.300551] ? __pfx_read_tsc+0x10/0x10 [ 13.300572] ? ktime_get_ts64+0x86/0x230 [ 13.300595] kunit_try_run_case+0x1a5/0x480 [ 13.300629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.300650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.300672] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.300694] ? __kthread_parkme+0x82/0x180 [ 13.300713] ? preempt_count_sub+0x50/0x80 [ 13.300736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.300759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.300782] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.300805] kthread+0x337/0x6f0 [ 13.300824] ? trace_preempt_on+0x20/0xc0 [ 13.300845] ? __pfx_kthread+0x10/0x10 [ 13.300865] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.300885] ? calculate_sigpending+0x7b/0xa0 [ 13.300908] ? __pfx_kthread+0x10/0x10 [ 13.300929] ret_from_fork+0x116/0x1d0 [ 13.300947] ? __pfx_kthread+0x10/0x10 [ 13.300966] ret_from_fork_asm+0x1a/0x30 [ 13.300996] </TASK> [ 13.301007] [ 13.314050] Allocated by task 275: [ 13.314375] kasan_save_stack+0x45/0x70 [ 13.314768] kasan_save_track+0x18/0x40 [ 13.315031] kasan_save_alloc_info+0x3b/0x50 [ 13.315389] __kasan_kmalloc+0xb7/0xc0 [ 13.315726] __kmalloc_cache_noprof+0x189/0x420 [ 13.315885] kasan_memcmp+0xb7/0x390 [ 13.316011] kunit_try_run_case+0x1a5/0x480 [ 13.316207] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.316826] kthread+0x337/0x6f0 [ 13.317202] ret_from_fork+0x116/0x1d0 [ 13.317710] ret_from_fork_asm+0x1a/0x30 [ 13.318120] [ 13.318309] The buggy address belongs to the object at ffff8881038e61c0 [ 13.318309] which belongs to the cache kmalloc-32 of size 32 [ 13.319065] The buggy address is located 0 bytes to the right of [ 13.319065] allocated 24-byte region [ffff8881038e61c0, ffff8881038e61d8) [ 13.320090] [ 13.320379] The buggy address belongs to the physical page: [ 13.320902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e6 [ 13.321590] flags: 0x200000000000000(node=0|zone=2) [ 13.321754] page_type: f5(slab) [ 13.321874] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.322110] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.322399] page dumped because: kasan: bad access detected [ 13.322692] [ 13.322785] Memory state around the buggy address: [ 13.322950] ffff8881038e6080: 00 00 07 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.323313] ffff8881038e6100: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.323712] >ffff8881038e6180: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.324072] ^ [ 13.324449] ffff8881038e6200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.324785] ffff8881038e6280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.325166] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.266784] ================================================================== [ 13.267647] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.268220] Read of size 1 at addr ffff888103a67c4a by task kunit_try_catch/271 [ 13.268825] [ 13.269059] CPU: 0 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.269122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.269136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.269308] Call Trace: [ 13.269341] <TASK> [ 13.269358] dump_stack_lvl+0x73/0xb0 [ 13.269386] print_report+0xd1/0x650 [ 13.269409] ? __virt_addr_valid+0x1db/0x2d0 [ 13.269431] ? kasan_alloca_oob_right+0x329/0x390 [ 13.269454] ? kasan_addr_to_slab+0x11/0xa0 [ 13.269473] ? kasan_alloca_oob_right+0x329/0x390 [ 13.269495] kasan_report+0x141/0x180 [ 13.269517] ? kasan_alloca_oob_right+0x329/0x390 [ 13.269543] __asan_report_load1_noabort+0x18/0x20 [ 13.269566] kasan_alloca_oob_right+0x329/0x390 [ 13.269589] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.269609] ? finish_task_switch.isra.0+0x153/0x700 [ 13.269631] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 13.269654] ? trace_hardirqs_on+0x37/0xe0 [ 13.269679] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.269703] ? __schedule+0x10cc/0x2b60 [ 13.269724] ? __pfx_read_tsc+0x10/0x10 [ 13.269743] ? ktime_get_ts64+0x86/0x230 [ 13.269766] kunit_try_run_case+0x1a5/0x480 [ 13.269789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.269811] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.269833] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.269855] ? __kthread_parkme+0x82/0x180 [ 13.269875] ? preempt_count_sub+0x50/0x80 [ 13.269898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.269921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.269943] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.269966] kthread+0x337/0x6f0 [ 13.269984] ? trace_preempt_on+0x20/0xc0 [ 13.270006] ? __pfx_kthread+0x10/0x10 [ 13.270025] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.270046] ? calculate_sigpending+0x7b/0xa0 [ 13.270070] ? __pfx_kthread+0x10/0x10 [ 13.270091] ret_from_fork+0x116/0x1d0 [ 13.270124] ? __pfx_kthread+0x10/0x10 [ 13.270145] ret_from_fork_asm+0x1a/0x30 [ 13.270188] </TASK> [ 13.270199] [ 13.283159] The buggy address belongs to stack of task kunit_try_catch/271 [ 13.283430] [ 13.283523] The buggy address belongs to the physical page: [ 13.284004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a67 [ 13.284968] flags: 0x200000000000000(node=0|zone=2) [ 13.285501] raw: 0200000000000000 ffffea00040e99c8 ffffea00040e99c8 0000000000000000 [ 13.286189] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.286658] page dumped because: kasan: bad access detected [ 13.287190] [ 13.287321] Memory state around the buggy address: [ 13.287565] ffff888103a67b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.288210] ffff888103a67b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.288743] >ffff888103a67c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.288962] ^ [ 13.289153] ffff888103a67c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.289782] ffff888103a67d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.290550] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 13.242976] ================================================================== [ 13.243675] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.244433] Read of size 1 at addr ffff888103997c3f by task kunit_try_catch/269 [ 13.244821] [ 13.244923] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.244971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.244984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.245006] Call Trace: [ 13.245019] <TASK> [ 13.245042] dump_stack_lvl+0x73/0xb0 [ 13.245070] print_report+0xd1/0x650 [ 13.245094] ? __virt_addr_valid+0x1db/0x2d0 [ 13.245132] ? kasan_alloca_oob_left+0x320/0x380 [ 13.245153] ? kasan_addr_to_slab+0x11/0xa0 [ 13.245173] ? kasan_alloca_oob_left+0x320/0x380 [ 13.245195] kasan_report+0x141/0x180 [ 13.245217] ? kasan_alloca_oob_left+0x320/0x380 [ 13.245242] __asan_report_load1_noabort+0x18/0x20 [ 13.245330] kasan_alloca_oob_left+0x320/0x380 [ 13.245355] ? __kasan_check_write+0x18/0x20 [ 13.245374] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.245397] ? finish_task_switch.isra.0+0x153/0x700 [ 13.245450] ? out_of_line_wait_on_bit_timeout+0x7e/0x190 [ 13.245476] ? trace_hardirqs_on+0x37/0xe0 [ 13.245501] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.245525] ? __schedule+0x10cc/0x2b60 [ 13.245546] ? __pfx_read_tsc+0x10/0x10 [ 13.245567] ? ktime_get_ts64+0x86/0x230 [ 13.245590] kunit_try_run_case+0x1a5/0x480 [ 13.245636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.245668] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.245692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.245715] ? __kthread_parkme+0x82/0x180 [ 13.245735] ? preempt_count_sub+0x50/0x80 [ 13.245757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.245779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.245801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.245823] kthread+0x337/0x6f0 [ 13.245843] ? trace_preempt_on+0x20/0xc0 [ 13.245864] ? __pfx_kthread+0x10/0x10 [ 13.245884] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.245904] ? calculate_sigpending+0x7b/0xa0 [ 13.245929] ? __pfx_kthread+0x10/0x10 [ 13.245949] ret_from_fork+0x116/0x1d0 [ 13.245967] ? __pfx_kthread+0x10/0x10 [ 13.245987] ret_from_fork_asm+0x1a/0x30 [ 13.246017] </TASK> [ 13.246029] [ 13.257524] The buggy address belongs to stack of task kunit_try_catch/269 [ 13.257873] [ 13.257947] The buggy address belongs to the physical page: [ 13.258217] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103997 [ 13.258660] flags: 0x200000000000000(node=0|zone=2) [ 13.258967] raw: 0200000000000000 ffffea00040e65c8 ffffea00040e65c8 0000000000000000 [ 13.259600] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.259953] page dumped because: kasan: bad access detected [ 13.260360] [ 13.260485] Memory state around the buggy address: [ 13.260735] ffff888103997b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.261058] ffff888103997b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.261526] >ffff888103997c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.261867] ^ [ 13.262135] ffff888103997c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.262594] ffff888103997d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.262883] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 13.214918] ================================================================== [ 13.215864] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.216385] Read of size 1 at addr ffff888102b0fd02 by task kunit_try_catch/267 [ 13.216954] [ 13.217217] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.217399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.217413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.217436] Call Trace: [ 13.217449] <TASK> [ 13.217465] dump_stack_lvl+0x73/0xb0 [ 13.217494] print_report+0xd1/0x650 [ 13.217516] ? __virt_addr_valid+0x1db/0x2d0 [ 13.217540] ? kasan_stack_oob+0x2b5/0x300 [ 13.217559] ? kasan_addr_to_slab+0x11/0xa0 [ 13.217580] ? kasan_stack_oob+0x2b5/0x300 [ 13.217601] kasan_report+0x141/0x180 [ 13.217623] ? kasan_stack_oob+0x2b5/0x300 [ 13.217648] __asan_report_load1_noabort+0x18/0x20 [ 13.217671] kasan_stack_oob+0x2b5/0x300 [ 13.217692] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.217711] ? finish_task_switch.isra.0+0x153/0x700 [ 13.217732] ? __switch_to+0x47/0xf50 [ 13.217757] ? __schedule+0x10cc/0x2b60 [ 13.217779] ? __pfx_read_tsc+0x10/0x10 [ 13.217798] ? ktime_get_ts64+0x86/0x230 [ 13.217821] kunit_try_run_case+0x1a5/0x480 [ 13.217844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.217867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.217888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.217911] ? __kthread_parkme+0x82/0x180 [ 13.217930] ? preempt_count_sub+0x50/0x80 [ 13.217953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.217976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.217998] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.218020] kthread+0x337/0x6f0 [ 13.218038] ? trace_preempt_on+0x20/0xc0 [ 13.218062] ? __pfx_kthread+0x10/0x10 [ 13.218082] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.218116] ? calculate_sigpending+0x7b/0xa0 [ 13.218160] ? __pfx_kthread+0x10/0x10 [ 13.218182] ret_from_fork+0x116/0x1d0 [ 13.218200] ? __pfx_kthread+0x10/0x10 [ 13.218221] ret_from_fork_asm+0x1a/0x30 [ 13.218251] </TASK> [ 13.218261] [ 13.229629] The buggy address belongs to stack of task kunit_try_catch/267 [ 13.230207] and is located at offset 138 in frame: [ 13.230475] kasan_stack_oob+0x0/0x300 [ 13.231036] [ 13.231263] This frame has 4 objects: [ 13.231784] [48, 49) '__assertion' [ 13.231817] [64, 72) 'array' [ 13.231986] [96, 112) '__assertion' [ 13.232433] [128, 138) 'stack_array' [ 13.232630] [ 13.232971] The buggy address belongs to the physical page: [ 13.233677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0f [ 13.234056] flags: 0x200000000000000(node=0|zone=2) [ 13.234290] raw: 0200000000000000 0000000000000000 ffffea00040ac3c8 0000000000000000 [ 13.234638] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.234956] page dumped because: kasan: bad access detected [ 13.235216] [ 13.235305] Memory state around the buggy address: [ 13.235530] ffff888102b0fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.235799] ffff888102b0fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.236241] >ffff888102b0fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.236496] ^ [ 13.236618] ffff888102b0fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.236940] ffff888102b0fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.237452] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 13.190947] ================================================================== [ 13.191422] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 13.191681] Read of size 1 at addr ffffffffb5461e8d by task kunit_try_catch/263 [ 13.191907] [ 13.192023] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.192072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.192084] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.192118] Call Trace: [ 13.192131] <TASK> [ 13.192149] dump_stack_lvl+0x73/0xb0 [ 13.192177] print_report+0xd1/0x650 [ 13.192199] ? __virt_addr_valid+0x1db/0x2d0 [ 13.192221] ? kasan_global_oob_right+0x286/0x2d0 [ 13.192242] ? kasan_addr_to_slab+0x11/0xa0 [ 13.192262] ? kasan_global_oob_right+0x286/0x2d0 [ 13.192283] kasan_report+0x141/0x180 [ 13.192304] ? kasan_global_oob_right+0x286/0x2d0 [ 13.192330] __asan_report_load1_noabort+0x18/0x20 [ 13.192353] kasan_global_oob_right+0x286/0x2d0 [ 13.192374] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 13.192397] ? __schedule+0x10cc/0x2b60 [ 13.192419] ? __pfx_read_tsc+0x10/0x10 [ 13.192440] ? ktime_get_ts64+0x86/0x230 [ 13.192464] kunit_try_run_case+0x1a5/0x480 [ 13.192488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.192509] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.192532] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.192553] ? __kthread_parkme+0x82/0x180 [ 13.192573] ? preempt_count_sub+0x50/0x80 [ 13.192596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.192618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.192640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.192663] kthread+0x337/0x6f0 [ 13.192681] ? trace_preempt_on+0x20/0xc0 [ 13.192705] ? __pfx_kthread+0x10/0x10 [ 13.192725] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.192745] ? calculate_sigpending+0x7b/0xa0 [ 13.192768] ? __pfx_kthread+0x10/0x10 [ 13.192788] ret_from_fork+0x116/0x1d0 [ 13.192806] ? __pfx_kthread+0x10/0x10 [ 13.192825] ret_from_fork_asm+0x1a/0x30 [ 13.192856] </TASK> [ 13.192867] [ 13.203443] The buggy address belongs to the variable: [ 13.203674] global_array+0xd/0x40 [ 13.203882] [ 13.203995] The buggy address belongs to the physical page: [ 13.204861] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x61661 [ 13.205384] flags: 0x100000000002000(reserved|node=0|zone=1) [ 13.205766] raw: 0100000000002000 ffffea0001859848 ffffea0001859848 0000000000000000 [ 13.206234] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.206678] page dumped because: kasan: bad access detected [ 13.207001] [ 13.207115] Memory state around the buggy address: [ 13.207572] ffffffffb5461d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.207901] ffffffffb5461e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.208461] >ffffffffb5461e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 13.208899] ^ [ 13.209070] ffffffffb5461f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 13.209801] ffffffffb5461f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 13.210244] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 13.165093] ================================================================== [ 13.166050] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.166565] Free of addr ffff888102a18001 by task kunit_try_catch/261 [ 13.166847] [ 13.166977] CPU: 0 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.167022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.167034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.167056] Call Trace: [ 13.167069] <TASK> [ 13.167084] dump_stack_lvl+0x73/0xb0 [ 13.167127] print_report+0xd1/0x650 [ 13.167151] ? __virt_addr_valid+0x1db/0x2d0 [ 13.167176] ? kasan_addr_to_slab+0x11/0xa0 [ 13.167197] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167227] kasan_report_invalid_free+0x10a/0x130 [ 13.167251] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167290] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167315] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.167340] mempool_free+0x2ec/0x380 [ 13.167375] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.167400] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.167423] ? update_load_avg+0x1be/0x21b0 [ 13.167452] ? finish_task_switch.isra.0+0x153/0x700 [ 13.167476] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.167529] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.167557] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.167579] ? __pfx_mempool_kfree+0x10/0x10 [ 13.167604] ? __pfx_read_tsc+0x10/0x10 [ 13.167625] ? ktime_get_ts64+0x86/0x230 [ 13.167650] kunit_try_run_case+0x1a5/0x480 [ 13.167674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.167696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.167719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.167742] ? __kthread_parkme+0x82/0x180 [ 13.167764] ? preempt_count_sub+0x50/0x80 [ 13.167786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.167808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.167831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.167853] kthread+0x337/0x6f0 [ 13.167871] ? trace_preempt_on+0x20/0xc0 [ 13.167896] ? __pfx_kthread+0x10/0x10 [ 13.167915] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.167936] ? calculate_sigpending+0x7b/0xa0 [ 13.167961] ? __pfx_kthread+0x10/0x10 [ 13.167981] ret_from_fork+0x116/0x1d0 [ 13.167999] ? __pfx_kthread+0x10/0x10 [ 13.168019] ret_from_fork_asm+0x1a/0x30 [ 13.168050] </TASK> [ 13.168061] [ 13.178290] The buggy address belongs to the physical page: [ 13.178596] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a18 [ 13.178946] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.179396] flags: 0x200000000000040(head|node=0|zone=2) [ 13.179605] page_type: f8(unknown) [ 13.179737] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.180076] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.180425] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.181068] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.181535] head: 0200000000000002 ffffea00040a8601 00000000ffffffff 00000000ffffffff [ 13.181914] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.182438] page dumped because: kasan: bad access detected [ 13.182710] [ 13.182812] Memory state around the buggy address: [ 13.183024] ffff888102a17f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183412] ffff888102a17f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183755] >ffff888102a18000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.184085] ^ [ 13.184457] ffff888102a18080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.184803] ffff888102a18100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.185116] ================================================================== [ 13.137181] ================================================================== [ 13.137868] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138150] Free of addr ffff8881029dba01 by task kunit_try_catch/259 [ 13.138360] [ 13.138451] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.138496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.138508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.138529] Call Trace: [ 13.138542] <TASK> [ 13.138559] dump_stack_lvl+0x73/0xb0 [ 13.138586] print_report+0xd1/0x650 [ 13.138609] ? __virt_addr_valid+0x1db/0x2d0 [ 13.138633] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.138655] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138680] kasan_report_invalid_free+0x10a/0x130 [ 13.138704] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138732] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138756] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138780] check_slab_allocation+0x11f/0x130 [ 13.138801] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.138825] mempool_free+0x2ec/0x380 [ 13.138847] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.138871] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.138898] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.138918] ? finish_task_switch.isra.0+0x153/0x700 [ 13.138943] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.138966] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.138992] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.139013] ? __pfx_mempool_kfree+0x10/0x10 [ 13.139037] ? __pfx_read_tsc+0x10/0x10 [ 13.139057] ? ktime_get_ts64+0x86/0x230 [ 13.139080] kunit_try_run_case+0x1a5/0x480 [ 13.139764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.139799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.139830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.139853] ? __kthread_parkme+0x82/0x180 [ 13.139874] ? preempt_count_sub+0x50/0x80 [ 13.139895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.139918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.139940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.139962] kthread+0x337/0x6f0 [ 13.139981] ? trace_preempt_on+0x20/0xc0 [ 13.140004] ? __pfx_kthread+0x10/0x10 [ 13.140024] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.140044] ? calculate_sigpending+0x7b/0xa0 [ 13.140067] ? __pfx_kthread+0x10/0x10 [ 13.140088] ret_from_fork+0x116/0x1d0 [ 13.140115] ? __pfx_kthread+0x10/0x10 [ 13.140134] ret_from_fork_asm+0x1a/0x30 [ 13.140216] </TASK> [ 13.140229] [ 13.152638] Allocated by task 259: [ 13.152787] kasan_save_stack+0x45/0x70 [ 13.152939] kasan_save_track+0x18/0x40 [ 13.153255] kasan_save_alloc_info+0x3b/0x50 [ 13.153681] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.153935] remove_element+0x11e/0x190 [ 13.154108] mempool_alloc_preallocated+0x4d/0x90 [ 13.154418] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.154606] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.154862] kunit_try_run_case+0x1a5/0x480 [ 13.155068] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.155331] kthread+0x337/0x6f0 [ 13.155557] ret_from_fork+0x116/0x1d0 [ 13.155701] ret_from_fork_asm+0x1a/0x30 [ 13.155845] [ 13.155932] The buggy address belongs to the object at ffff8881029dba00 [ 13.155932] which belongs to the cache kmalloc-128 of size 128 [ 13.156794] The buggy address is located 1 bytes inside of [ 13.156794] 128-byte region [ffff8881029dba00, ffff8881029dba80) [ 13.157371] [ 13.157485] The buggy address belongs to the physical page: [ 13.157688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 13.158070] flags: 0x200000000000000(node=0|zone=2) [ 13.158413] page_type: f5(slab) [ 13.158649] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.159116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.159527] page dumped because: kasan: bad access detected [ 13.159794] [ 13.159886] Memory state around the buggy address: [ 13.160110] ffff8881029db900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.160504] ffff8881029db980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.160725] >ffff8881029dba00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.160958] ^ [ 13.161187] ffff8881029dba80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.161679] ffff8881029dbb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.161908] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 13.115164] ================================================================== [ 13.116318] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.116736] Free of addr ffff888102a14000 by task kunit_try_catch/257 [ 13.116945] [ 13.117035] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.117081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.117093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.117125] Call Trace: [ 13.117139] <TASK> [ 13.117164] dump_stack_lvl+0x73/0xb0 [ 13.117192] print_report+0xd1/0x650 [ 13.117214] ? __virt_addr_valid+0x1db/0x2d0 [ 13.117237] ? kasan_addr_to_slab+0x11/0xa0 [ 13.117257] ? mempool_double_free_helper+0x184/0x370 [ 13.117282] kasan_report_invalid_free+0x10a/0x130 [ 13.117306] ? mempool_double_free_helper+0x184/0x370 [ 13.117338] ? mempool_double_free_helper+0x184/0x370 [ 13.117361] __kasan_mempool_poison_pages+0x115/0x130 [ 13.117384] mempool_free+0x290/0x380 [ 13.117405] mempool_double_free_helper+0x184/0x370 [ 13.117428] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.117453] ? __kasan_check_write+0x18/0x20 [ 13.117484] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.117504] ? finish_task_switch.isra.0+0x153/0x700 [ 13.117529] mempool_page_alloc_double_free+0xe8/0x140 [ 13.117564] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.117601] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.117620] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.117642] ? __pfx_read_tsc+0x10/0x10 [ 13.117674] ? ktime_get_ts64+0x86/0x230 [ 13.117696] kunit_try_run_case+0x1a5/0x480 [ 13.117719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.117740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.117763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.117784] ? __kthread_parkme+0x82/0x180 [ 13.117804] ? preempt_count_sub+0x50/0x80 [ 13.117835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.117859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.117881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.117914] kthread+0x337/0x6f0 [ 13.117933] ? trace_preempt_on+0x20/0xc0 [ 13.117956] ? __pfx_kthread+0x10/0x10 [ 13.117976] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.118007] ? calculate_sigpending+0x7b/0xa0 [ 13.118030] ? __pfx_kthread+0x10/0x10 [ 13.118051] ret_from_fork+0x116/0x1d0 [ 13.118078] ? __pfx_kthread+0x10/0x10 [ 13.118108] ret_from_fork_asm+0x1a/0x30 [ 13.118138] </TASK> [ 13.118149] [ 13.128438] The buggy address belongs to the physical page: [ 13.128623] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a14 [ 13.129598] flags: 0x200000000000000(node=0|zone=2) [ 13.129779] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.130153] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.130704] page dumped because: kasan: bad access detected [ 13.130971] [ 13.131045] Memory state around the buggy address: [ 13.131528] ffff888102a13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.131860] ffff888102a13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.132725] >ffff888102a14000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.132955] ^ [ 13.133074] ffff888102a14080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.133883] ffff888102a14100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.134298] ================================================================== [ 13.058515] ================================================================== [ 13.058995] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.059439] Free of addr ffff888103348300 by task kunit_try_catch/253 [ 13.059699] [ 13.059810] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.059852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.059864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.059885] Call Trace: [ 13.059896] <TASK> [ 13.059912] dump_stack_lvl+0x73/0xb0 [ 13.059941] print_report+0xd1/0x650 [ 13.059963] ? __virt_addr_valid+0x1db/0x2d0 [ 13.059988] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.060010] ? mempool_double_free_helper+0x184/0x370 [ 13.060033] kasan_report_invalid_free+0x10a/0x130 [ 13.060056] ? mempool_double_free_helper+0x184/0x370 [ 13.060082] ? mempool_double_free_helper+0x184/0x370 [ 13.060116] ? mempool_double_free_helper+0x184/0x370 [ 13.060140] check_slab_allocation+0x101/0x130 [ 13.060164] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.060190] mempool_free+0x2ec/0x380 [ 13.060213] mempool_double_free_helper+0x184/0x370 [ 13.060236] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.060261] ? __kasan_check_write+0x18/0x20 [ 13.060281] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.060303] ? irqentry_exit+0x2a/0x60 [ 13.060326] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.060351] mempool_kmalloc_double_free+0xed/0x140 [ 13.060373] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.060400] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.060424] ? __pfx_mempool_kfree+0x10/0x10 [ 13.060448] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.060472] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.060552] kunit_try_run_case+0x1a5/0x480 [ 13.060579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.060600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.060623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.060644] ? __kthread_parkme+0x82/0x180 [ 13.060680] ? preempt_count_sub+0x50/0x80 [ 13.060704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.060726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.060748] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.060771] kthread+0x337/0x6f0 [ 13.060790] ? trace_preempt_on+0x20/0xc0 [ 13.060812] ? __pfx_kthread+0x10/0x10 [ 13.060832] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.060852] ? calculate_sigpending+0x7b/0xa0 [ 13.060876] ? __pfx_kthread+0x10/0x10 [ 13.060897] ret_from_fork+0x116/0x1d0 [ 13.060916] ? __pfx_kthread+0x10/0x10 [ 13.060936] ret_from_fork_asm+0x1a/0x30 [ 13.060965] </TASK> [ 13.060976] [ 13.075086] Allocated by task 253: [ 13.075281] kasan_save_stack+0x45/0x70 [ 13.075503] kasan_save_track+0x18/0x40 [ 13.075637] kasan_save_alloc_info+0x3b/0x50 [ 13.075977] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.076340] remove_element+0x11e/0x190 [ 13.076528] mempool_alloc_preallocated+0x4d/0x90 [ 13.076820] mempool_double_free_helper+0x8a/0x370 [ 13.076980] mempool_kmalloc_double_free+0xed/0x140 [ 13.077198] kunit_try_run_case+0x1a5/0x480 [ 13.077530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.077789] kthread+0x337/0x6f0 [ 13.077959] ret_from_fork+0x116/0x1d0 [ 13.078200] ret_from_fork_asm+0x1a/0x30 [ 13.078404] [ 13.078500] Freed by task 253: [ 13.078644] kasan_save_stack+0x45/0x70 [ 13.078821] kasan_save_track+0x18/0x40 [ 13.078956] kasan_save_free_info+0x3f/0x60 [ 13.079116] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.079406] mempool_free+0x2ec/0x380 [ 13.079597] mempool_double_free_helper+0x109/0x370 [ 13.079828] mempool_kmalloc_double_free+0xed/0x140 [ 13.079997] kunit_try_run_case+0x1a5/0x480 [ 13.080155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.080421] kthread+0x337/0x6f0 [ 13.080644] ret_from_fork+0x116/0x1d0 [ 13.080836] ret_from_fork_asm+0x1a/0x30 [ 13.081030] [ 13.081135] The buggy address belongs to the object at ffff888103348300 [ 13.081135] which belongs to the cache kmalloc-128 of size 128 [ 13.081638] The buggy address is located 0 bytes inside of [ 13.081638] 128-byte region [ffff888103348300, ffff888103348380) [ 13.082085] [ 13.082172] The buggy address belongs to the physical page: [ 13.082348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348 [ 13.082698] flags: 0x200000000000000(node=0|zone=2) [ 13.083070] page_type: f5(slab) [ 13.083395] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.083682] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.083911] page dumped because: kasan: bad access detected [ 13.084214] [ 13.084314] Memory state around the buggy address: [ 13.084546] ffff888103348200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.084873] ffff888103348280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.085184] >ffff888103348300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.085561] ^ [ 13.085729] ffff888103348380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.085968] ffff888103348400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.086506] ================================================================== [ 13.090080] ================================================================== [ 13.090660] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.090963] Free of addr ffff8881039c0000 by task kunit_try_catch/255 [ 13.091845] [ 13.092096] CPU: 1 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.092154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.092167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.092189] Call Trace: [ 13.092297] <TASK> [ 13.092312] dump_stack_lvl+0x73/0xb0 [ 13.092343] print_report+0xd1/0x650 [ 13.092366] ? __virt_addr_valid+0x1db/0x2d0 [ 13.092388] ? kasan_addr_to_slab+0x11/0xa0 [ 13.092407] ? mempool_double_free_helper+0x184/0x370 [ 13.092431] kasan_report_invalid_free+0x10a/0x130 [ 13.092454] ? mempool_double_free_helper+0x184/0x370 [ 13.092480] ? mempool_double_free_helper+0x184/0x370 [ 13.092502] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.092526] mempool_free+0x2ec/0x380 [ 13.092547] mempool_double_free_helper+0x184/0x370 [ 13.092569] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.092593] ? __kasan_check_write+0x18/0x20 [ 13.092612] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.092633] ? finish_task_switch.isra.0+0x153/0x700 [ 13.092658] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.092682] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.092708] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.092730] ? __pfx_mempool_kfree+0x10/0x10 [ 13.092753] ? __pfx_read_tsc+0x10/0x10 [ 13.092774] ? ktime_get_ts64+0x86/0x230 [ 13.092798] kunit_try_run_case+0x1a5/0x480 [ 13.092821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.092842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.092865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.092886] ? __kthread_parkme+0x82/0x180 [ 13.092905] ? preempt_count_sub+0x50/0x80 [ 13.092927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.092950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.092972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.092993] kthread+0x337/0x6f0 [ 13.093012] ? trace_preempt_on+0x20/0xc0 [ 13.093034] ? __pfx_kthread+0x10/0x10 [ 13.093053] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.093074] ? calculate_sigpending+0x7b/0xa0 [ 13.093109] ? __pfx_kthread+0x10/0x10 [ 13.093132] ret_from_fork+0x116/0x1d0 [ 13.093163] ? __pfx_kthread+0x10/0x10 [ 13.093183] ret_from_fork_asm+0x1a/0x30 [ 13.093213] </TASK> [ 13.093224] [ 13.105552] The buggy address belongs to the physical page: [ 13.105910] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 13.106312] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.106852] flags: 0x200000000000040(head|node=0|zone=2) [ 13.107129] page_type: f8(unknown) [ 13.107383] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.107707] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.108027] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.108456] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.108747] head: 0200000000000002 ffffea00040e7001 00000000ffffffff 00000000ffffffff [ 13.109063] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.109512] page dumped because: kasan: bad access detected [ 13.109700] [ 13.109817] Memory state around the buggy address: [ 13.110041] ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.110785] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.111140] >ffff8881039c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.111740] ^ [ 13.111940] ffff8881039c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.112519] ffff8881039c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.112825] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 13.039884] ================================================================== [ 13.040463] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.040838] Read of size 1 at addr ffff8881039c0000 by task kunit_try_catch/251 [ 13.041126] [ 13.041247] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.041295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.041307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.041329] Call Trace: [ 13.041344] <TASK> [ 13.041362] dump_stack_lvl+0x73/0xb0 [ 13.041390] print_report+0xd1/0x650 [ 13.041412] ? __virt_addr_valid+0x1db/0x2d0 [ 13.041437] ? mempool_uaf_helper+0x392/0x400 [ 13.041459] ? kasan_addr_to_slab+0x11/0xa0 [ 13.041479] ? mempool_uaf_helper+0x392/0x400 [ 13.041501] kasan_report+0x141/0x180 [ 13.041523] ? mempool_uaf_helper+0x392/0x400 [ 13.041550] __asan_report_load1_noabort+0x18/0x20 [ 13.041574] mempool_uaf_helper+0x392/0x400 [ 13.041597] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.041620] ? __kasan_check_write+0x18/0x20 [ 13.041639] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.041662] ? finish_task_switch.isra.0+0x153/0x700 [ 13.041687] mempool_page_alloc_uaf+0xed/0x140 [ 13.041711] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 13.041735] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.041756] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.041777] ? __pfx_read_tsc+0x10/0x10 [ 13.041798] ? ktime_get_ts64+0x86/0x230 [ 13.041823] kunit_try_run_case+0x1a5/0x480 [ 13.041848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.041869] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.041909] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.041931] ? __kthread_parkme+0x82/0x180 [ 13.041952] ? preempt_count_sub+0x50/0x80 [ 13.041973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.041996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.042018] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.042041] kthread+0x337/0x6f0 [ 13.042059] ? trace_preempt_on+0x20/0xc0 [ 13.042087] ? __pfx_kthread+0x10/0x10 [ 13.042118] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.042138] ? calculate_sigpending+0x7b/0xa0 [ 13.042161] ? __pfx_kthread+0x10/0x10 [ 13.042182] ret_from_fork+0x116/0x1d0 [ 13.042200] ? __pfx_kthread+0x10/0x10 [ 13.042219] ret_from_fork_asm+0x1a/0x30 [ 13.042249] </TASK> [ 13.042260] [ 13.051084] The buggy address belongs to the physical page: [ 13.051422] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 13.051679] flags: 0x200000000000000(node=0|zone=2) [ 13.051858] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.052458] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.052824] page dumped because: kasan: bad access detected [ 13.053019] [ 13.053117] Memory state around the buggy address: [ 13.053473] ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.053757] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.054069] >ffff8881039c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.054496] ^ [ 13.054651] ffff8881039c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.054933] ffff8881039c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.055207] ================================================================== [ 12.963960] ================================================================== [ 12.964470] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.964761] Read of size 1 at addr ffff888102a14000 by task kunit_try_catch/247 [ 12.965113] [ 12.965262] CPU: 0 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.965307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.965338] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.965360] Call Trace: [ 12.965372] <TASK> [ 12.965389] dump_stack_lvl+0x73/0xb0 [ 12.965416] print_report+0xd1/0x650 [ 12.965437] ? __virt_addr_valid+0x1db/0x2d0 [ 12.965460] ? mempool_uaf_helper+0x392/0x400 [ 12.965482] ? kasan_addr_to_slab+0x11/0xa0 [ 12.965512] ? mempool_uaf_helper+0x392/0x400 [ 12.965534] kasan_report+0x141/0x180 [ 12.965556] ? mempool_uaf_helper+0x392/0x400 [ 12.965593] __asan_report_load1_noabort+0x18/0x20 [ 12.965617] mempool_uaf_helper+0x392/0x400 [ 12.965640] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.965661] ? update_load_avg+0x1be/0x21b0 [ 12.965687] ? finish_task_switch.isra.0+0x153/0x700 [ 12.965710] mempool_kmalloc_large_uaf+0xef/0x140 [ 12.965733] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 12.965772] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.965795] ? __pfx_mempool_kfree+0x10/0x10 [ 12.965819] ? __pfx_read_tsc+0x10/0x10 [ 12.965839] ? ktime_get_ts64+0x86/0x230 [ 12.965861] kunit_try_run_case+0x1a5/0x480 [ 12.965885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.965907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.965928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.965961] ? __kthread_parkme+0x82/0x180 [ 12.965980] ? preempt_count_sub+0x50/0x80 [ 12.966002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.966036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.966058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.966081] kthread+0x337/0x6f0 [ 12.966108] ? trace_preempt_on+0x20/0xc0 [ 12.966154] ? __pfx_kthread+0x10/0x10 [ 12.966175] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.966206] ? calculate_sigpending+0x7b/0xa0 [ 12.966229] ? __pfx_kthread+0x10/0x10 [ 12.966249] ret_from_fork+0x116/0x1d0 [ 12.966267] ? __pfx_kthread+0x10/0x10 [ 12.966287] ret_from_fork_asm+0x1a/0x30 [ 12.966330] </TASK> [ 12.966342] [ 12.980486] The buggy address belongs to the physical page: [ 12.980746] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a14 [ 12.981403] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.981868] flags: 0x200000000000040(head|node=0|zone=2) [ 12.982057] page_type: f8(unknown) [ 12.982384] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.983057] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.983815] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.984552] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.984796] head: 0200000000000002 ffffea00040a8501 00000000ffffffff 00000000ffffffff [ 12.985033] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.985735] page dumped because: kasan: bad access detected [ 12.986451] [ 12.986667] Memory state around the buggy address: [ 12.987117] ffff888102a13f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.987890] ffff888102a13f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.988685] >ffff888102a14000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.989205] ^ [ 12.989564] ffff888102a14080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.990115] ffff888102a14100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.990741] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 12.938768] ================================================================== [ 12.939281] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.939678] Read of size 1 at addr ffff888103328f00 by task kunit_try_catch/245 [ 12.939965] [ 12.940130] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.940194] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.940208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.940230] Call Trace: [ 12.940243] <TASK> [ 12.940260] dump_stack_lvl+0x73/0xb0 [ 12.940289] print_report+0xd1/0x650 [ 12.940331] ? __virt_addr_valid+0x1db/0x2d0 [ 12.940356] ? mempool_uaf_helper+0x392/0x400 [ 12.940389] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.940411] ? mempool_uaf_helper+0x392/0x400 [ 12.940432] kasan_report+0x141/0x180 [ 12.940465] ? mempool_uaf_helper+0x392/0x400 [ 12.940491] __asan_report_load1_noabort+0x18/0x20 [ 12.940515] mempool_uaf_helper+0x392/0x400 [ 12.940536] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.940562] ? finish_task_switch.isra.0+0x153/0x700 [ 12.940590] mempool_kmalloc_uaf+0xef/0x140 [ 12.940612] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.940637] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.940661] ? __pfx_mempool_kfree+0x10/0x10 [ 12.940686] ? __pfx_read_tsc+0x10/0x10 [ 12.940707] ? ktime_get_ts64+0x86/0x230 [ 12.940732] kunit_try_run_case+0x1a5/0x480 [ 12.940757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.940789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.940813] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.940836] ? __kthread_parkme+0x82/0x180 [ 12.940868] ? preempt_count_sub+0x50/0x80 [ 12.940891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.940914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.940936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.940959] kthread+0x337/0x6f0 [ 12.940979] ? trace_preempt_on+0x20/0xc0 [ 12.941008] ? __pfx_kthread+0x10/0x10 [ 12.941029] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.941050] ? calculate_sigpending+0x7b/0xa0 [ 12.941075] ? __pfx_kthread+0x10/0x10 [ 12.941097] ret_from_fork+0x116/0x1d0 [ 12.941123] ? __pfx_kthread+0x10/0x10 [ 12.941144] ret_from_fork_asm+0x1a/0x30 [ 12.941174] </TASK> [ 12.941186] [ 12.949004] Allocated by task 245: [ 12.949206] kasan_save_stack+0x45/0x70 [ 12.949433] kasan_save_track+0x18/0x40 [ 12.949621] kasan_save_alloc_info+0x3b/0x50 [ 12.949790] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.950054] remove_element+0x11e/0x190 [ 12.950249] mempool_alloc_preallocated+0x4d/0x90 [ 12.950478] mempool_uaf_helper+0x96/0x400 [ 12.950669] mempool_kmalloc_uaf+0xef/0x140 [ 12.950895] kunit_try_run_case+0x1a5/0x480 [ 12.951118] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.951387] kthread+0x337/0x6f0 [ 12.951573] ret_from_fork+0x116/0x1d0 [ 12.951776] ret_from_fork_asm+0x1a/0x30 [ 12.951973] [ 12.952065] Freed by task 245: [ 12.952217] kasan_save_stack+0x45/0x70 [ 12.952383] kasan_save_track+0x18/0x40 [ 12.952521] kasan_save_free_info+0x3f/0x60 [ 12.952670] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.952904] mempool_free+0x2ec/0x380 [ 12.953118] mempool_uaf_helper+0x11a/0x400 [ 12.953340] mempool_kmalloc_uaf+0xef/0x140 [ 12.953551] kunit_try_run_case+0x1a5/0x480 [ 12.953719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.953895] kthread+0x337/0x6f0 [ 12.954018] ret_from_fork+0x116/0x1d0 [ 12.954183] ret_from_fork_asm+0x1a/0x30 [ 12.954413] [ 12.954531] The buggy address belongs to the object at ffff888103328f00 [ 12.954531] which belongs to the cache kmalloc-128 of size 128 [ 12.955092] The buggy address is located 0 bytes inside of [ 12.955092] freed 128-byte region [ffff888103328f00, ffff888103328f80) [ 12.955657] [ 12.955743] The buggy address belongs to the physical page: [ 12.955992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103328 [ 12.956344] flags: 0x200000000000000(node=0|zone=2) [ 12.956540] page_type: f5(slab) [ 12.956713] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.957012] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 12.957429] page dumped because: kasan: bad access detected [ 12.957670] [ 12.957777] Memory state around the buggy address: [ 12.957961] ffff888103328e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.958211] ffff888103328e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.958562] >ffff888103328f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.958877] ^ [ 12.959006] ffff888103328f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.959358] ffff888103329000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.959687] ================================================================== [ 12.994644] ================================================================== [ 12.995687] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.995995] Read of size 1 at addr ffff88810334b240 by task kunit_try_catch/249 [ 12.996256] [ 12.996472] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.996516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.996529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.996550] Call Trace: [ 12.996562] <TASK> [ 12.996578] dump_stack_lvl+0x73/0xb0 [ 12.996609] print_report+0xd1/0x650 [ 12.996634] ? __virt_addr_valid+0x1db/0x2d0 [ 12.996658] ? mempool_uaf_helper+0x392/0x400 [ 12.996679] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.996700] ? mempool_uaf_helper+0x392/0x400 [ 12.996722] kasan_report+0x141/0x180 [ 12.996743] ? mempool_uaf_helper+0x392/0x400 [ 12.996769] __asan_report_load1_noabort+0x18/0x20 [ 12.996793] mempool_uaf_helper+0x392/0x400 [ 12.996816] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.996840] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.996863] ? finish_task_switch.isra.0+0x153/0x700 [ 12.996889] mempool_slab_uaf+0xea/0x140 [ 12.996912] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 12.996936] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.996956] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.996978] ? __pfx_read_tsc+0x10/0x10 [ 12.997000] ? ktime_get_ts64+0x86/0x230 [ 12.997023] kunit_try_run_case+0x1a5/0x480 [ 12.997049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.997071] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.997094] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.997129] ? __kthread_parkme+0x82/0x180 [ 12.997150] ? preempt_count_sub+0x50/0x80 [ 12.997207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.997230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.997252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.997275] kthread+0x337/0x6f0 [ 12.997293] ? trace_preempt_on+0x20/0xc0 [ 12.997321] ? __pfx_kthread+0x10/0x10 [ 12.997342] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.997362] ? calculate_sigpending+0x7b/0xa0 [ 12.997386] ? __pfx_kthread+0x10/0x10 [ 12.997407] ret_from_fork+0x116/0x1d0 [ 12.997424] ? __pfx_kthread+0x10/0x10 [ 12.997444] ret_from_fork_asm+0x1a/0x30 [ 12.997475] </TASK> [ 12.997486] [ 13.012840] Allocated by task 249: [ 13.013036] kasan_save_stack+0x45/0x70 [ 13.013330] kasan_save_track+0x18/0x40 [ 13.013740] kasan_save_alloc_info+0x3b/0x50 [ 13.014143] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.014531] remove_element+0x11e/0x190 [ 13.014876] mempool_alloc_preallocated+0x4d/0x90 [ 13.015035] mempool_uaf_helper+0x96/0x400 [ 13.015307] mempool_slab_uaf+0xea/0x140 [ 13.015758] kunit_try_run_case+0x1a5/0x480 [ 13.016223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.016757] kthread+0x337/0x6f0 [ 13.017071] ret_from_fork+0x116/0x1d0 [ 13.017340] ret_from_fork_asm+0x1a/0x30 [ 13.017483] [ 13.017555] Freed by task 249: [ 13.017670] kasan_save_stack+0x45/0x70 [ 13.017807] kasan_save_track+0x18/0x40 [ 13.017944] kasan_save_free_info+0x3f/0x60 [ 13.018091] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.018543] mempool_free+0x2ec/0x380 [ 13.018867] mempool_uaf_helper+0x11a/0x400 [ 13.019299] mempool_slab_uaf+0xea/0x140 [ 13.019743] kunit_try_run_case+0x1a5/0x480 [ 13.020140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.020745] kthread+0x337/0x6f0 [ 13.021062] ret_from_fork+0x116/0x1d0 [ 13.021444] ret_from_fork_asm+0x1a/0x30 [ 13.021905] [ 13.022143] The buggy address belongs to the object at ffff88810334b240 [ 13.022143] which belongs to the cache test_cache of size 123 [ 13.023424] The buggy address is located 0 bytes inside of [ 13.023424] freed 123-byte region [ffff88810334b240, ffff88810334b2bb) [ 13.024010] [ 13.024088] The buggy address belongs to the physical page: [ 13.024552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10334b [ 13.025533] flags: 0x200000000000000(node=0|zone=2) [ 13.025975] page_type: f5(slab) [ 13.026387] raw: 0200000000000000 ffff888101849a00 dead000000000122 0000000000000000 [ 13.026935] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.027277] page dumped because: kasan: bad access detected [ 13.027867] [ 13.028081] Memory state around the buggy address: [ 13.028619] ffff88810334b100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.029326] ffff88810334b180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.029576] >ffff88810334b200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.029793] ^ [ 13.029963] ffff88810334b280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.030197] ffff88810334b300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.030644] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 12.839075] ================================================================== [ 12.839921] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.840444] Read of size 1 at addr ffff888103328b73 by task kunit_try_catch/239 [ 12.840673] [ 12.841050] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.841140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.841167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.841191] Call Trace: [ 12.841203] <TASK> [ 12.841224] dump_stack_lvl+0x73/0xb0 [ 12.841257] print_report+0xd1/0x650 [ 12.841281] ? __virt_addr_valid+0x1db/0x2d0 [ 12.841307] ? mempool_oob_right_helper+0x318/0x380 [ 12.841329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.841351] ? mempool_oob_right_helper+0x318/0x380 [ 12.841374] kasan_report+0x141/0x180 [ 12.841395] ? mempool_oob_right_helper+0x318/0x380 [ 12.841422] __asan_report_load1_noabort+0x18/0x20 [ 12.841446] mempool_oob_right_helper+0x318/0x380 [ 12.841470] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.841494] ? __kasan_check_write+0x18/0x20 [ 12.841513] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.841536] ? finish_task_switch.isra.0+0x153/0x700 [ 12.841561] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.841583] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 12.841610] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.841636] ? __pfx_mempool_kfree+0x10/0x10 [ 12.841659] ? __pfx_read_tsc+0x10/0x10 [ 12.841683] ? ktime_get_ts64+0x86/0x230 [ 12.841708] kunit_try_run_case+0x1a5/0x480 [ 12.841734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.841756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.841781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.841802] ? __kthread_parkme+0x82/0x180 [ 12.841825] ? preempt_count_sub+0x50/0x80 [ 12.841848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.841871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.841893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.841916] kthread+0x337/0x6f0 [ 12.841934] ? trace_preempt_on+0x20/0xc0 [ 12.841963] ? __pfx_kthread+0x10/0x10 [ 12.841983] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.842004] ? calculate_sigpending+0x7b/0xa0 [ 12.842029] ? __pfx_kthread+0x10/0x10 [ 12.842051] ret_from_fork+0x116/0x1d0 [ 12.842068] ? __pfx_kthread+0x10/0x10 [ 12.842088] ret_from_fork_asm+0x1a/0x30 [ 12.842130] </TASK> [ 12.842142] [ 12.853129] Allocated by task 239: [ 12.853657] kasan_save_stack+0x45/0x70 [ 12.853852] kasan_save_track+0x18/0x40 [ 12.854006] kasan_save_alloc_info+0x3b/0x50 [ 12.854477] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.854727] remove_element+0x11e/0x190 [ 12.854920] mempool_alloc_preallocated+0x4d/0x90 [ 12.855142] mempool_oob_right_helper+0x8a/0x380 [ 12.855609] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.855798] kunit_try_run_case+0x1a5/0x480 [ 12.856134] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.856596] kthread+0x337/0x6f0 [ 12.856852] ret_from_fork+0x116/0x1d0 [ 12.857002] ret_from_fork_asm+0x1a/0x30 [ 12.857397] [ 12.857811] The buggy address belongs to the object at ffff888103328b00 [ 12.857811] which belongs to the cache kmalloc-128 of size 128 [ 12.858519] The buggy address is located 0 bytes to the right of [ 12.858519] allocated 115-byte region [ffff888103328b00, ffff888103328b73) [ 12.859018] [ 12.859117] The buggy address belongs to the physical page: [ 12.859730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103328 [ 12.860154] flags: 0x200000000000000(node=0|zone=2) [ 12.860333] page_type: f5(slab) [ 12.860461] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.860776] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.861135] page dumped because: kasan: bad access detected [ 12.861304] [ 12.861375] Memory state around the buggy address: [ 12.861535] ffff888103328a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.861750] ffff888103328a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.861959] >ffff888103328b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.862263] ^ [ 12.862469] ffff888103328b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.862678] ffff888103328c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.864157] ================================================================== [ 12.872486] ================================================================== [ 12.872972] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.873570] Read of size 1 at addr ffff888102a12001 by task kunit_try_catch/241 [ 12.873863] [ 12.874139] CPU: 0 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.874189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.874385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.874410] Call Trace: [ 12.874425] <TASK> [ 12.874444] dump_stack_lvl+0x73/0xb0 [ 12.874477] print_report+0xd1/0x650 [ 12.874499] ? __virt_addr_valid+0x1db/0x2d0 [ 12.874523] ? mempool_oob_right_helper+0x318/0x380 [ 12.874545] ? kasan_addr_to_slab+0x11/0xa0 [ 12.874565] ? mempool_oob_right_helper+0x318/0x380 [ 12.874587] kasan_report+0x141/0x180 [ 12.874609] ? mempool_oob_right_helper+0x318/0x380 [ 12.874637] __asan_report_load1_noabort+0x18/0x20 [ 12.874661] mempool_oob_right_helper+0x318/0x380 [ 12.874684] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.874709] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.874732] ? finish_task_switch.isra.0+0x153/0x700 [ 12.874757] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 12.874781] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.874807] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.874830] ? __pfx_mempool_kfree+0x10/0x10 [ 12.874854] ? __pfx_read_tsc+0x10/0x10 [ 12.874875] ? ktime_get_ts64+0x86/0x230 [ 12.874897] kunit_try_run_case+0x1a5/0x480 [ 12.874922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.874943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.874965] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.874987] ? __kthread_parkme+0x82/0x180 [ 12.875007] ? preempt_count_sub+0x50/0x80 [ 12.875029] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.875051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.875073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.875096] kthread+0x337/0x6f0 [ 12.875267] ? trace_preempt_on+0x20/0xc0 [ 12.875294] ? __pfx_kthread+0x10/0x10 [ 12.875322] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.875343] ? calculate_sigpending+0x7b/0xa0 [ 12.875368] ? __pfx_kthread+0x10/0x10 [ 12.875388] ret_from_fork+0x116/0x1d0 [ 12.875406] ? __pfx_kthread+0x10/0x10 [ 12.875425] ret_from_fork_asm+0x1a/0x30 [ 12.875455] </TASK> [ 12.875468] [ 12.887605] The buggy address belongs to the physical page: [ 12.887876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a10 [ 12.888460] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.888904] flags: 0x200000000000040(head|node=0|zone=2) [ 12.889403] page_type: f8(unknown) [ 12.889560] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.890043] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.890554] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.890866] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.891284] head: 0200000000000002 ffffea00040a8401 00000000ffffffff 00000000ffffffff [ 12.891589] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.891942] page dumped because: kasan: bad access detected [ 12.892197] [ 12.892312] Memory state around the buggy address: [ 12.892646] ffff888102a11f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.893053] ffff888102a11f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.893327] >ffff888102a12000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.893816] ^ [ 12.894019] ffff888102a12080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.894248] ffff888102a12100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.894679] ================================================================== [ 12.899907] ================================================================== [ 12.901490] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.902629] Read of size 1 at addr ffff8881033482bb by task kunit_try_catch/243 [ 12.902872] [ 12.902966] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.903011] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.903024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.903044] Call Trace: [ 12.903057] <TASK> [ 12.903072] dump_stack_lvl+0x73/0xb0 [ 12.903117] print_report+0xd1/0x650 [ 12.903165] ? __virt_addr_valid+0x1db/0x2d0 [ 12.903192] ? mempool_oob_right_helper+0x318/0x380 [ 12.903221] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.903242] ? mempool_oob_right_helper+0x318/0x380 [ 12.903265] kasan_report+0x141/0x180 [ 12.903287] ? mempool_oob_right_helper+0x318/0x380 [ 12.903332] __asan_report_load1_noabort+0x18/0x20 [ 12.903358] mempool_oob_right_helper+0x318/0x380 [ 12.903382] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.903419] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.903453] ? finish_task_switch.isra.0+0x153/0x700 [ 12.903478] mempool_slab_oob_right+0xed/0x140 [ 12.903513] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.903540] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.903560] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.903582] ? __pfx_read_tsc+0x10/0x10 [ 12.903604] ? ktime_get_ts64+0x86/0x230 [ 12.903628] kunit_try_run_case+0x1a5/0x480 [ 12.903652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.903674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.903697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.903718] ? __kthread_parkme+0x82/0x180 [ 12.903740] ? preempt_count_sub+0x50/0x80 [ 12.903764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.903787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.903809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.903832] kthread+0x337/0x6f0 [ 12.903852] ? trace_preempt_on+0x20/0xc0 [ 12.903881] ? __pfx_kthread+0x10/0x10 [ 12.903901] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.903923] ? calculate_sigpending+0x7b/0xa0 [ 12.903957] ? __pfx_kthread+0x10/0x10 [ 12.903978] ret_from_fork+0x116/0x1d0 [ 12.903997] ? __pfx_kthread+0x10/0x10 [ 12.904028] ret_from_fork_asm+0x1a/0x30 [ 12.904060] </TASK> [ 12.904071] [ 12.918418] Allocated by task 243: [ 12.918841] kasan_save_stack+0x45/0x70 [ 12.918995] kasan_save_track+0x18/0x40 [ 12.919151] kasan_save_alloc_info+0x3b/0x50 [ 12.919307] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.919481] remove_element+0x11e/0x190 [ 12.919621] mempool_alloc_preallocated+0x4d/0x90 [ 12.919786] mempool_oob_right_helper+0x8a/0x380 [ 12.919945] mempool_slab_oob_right+0xed/0x140 [ 12.920350] kunit_try_run_case+0x1a5/0x480 [ 12.920764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.921351] kthread+0x337/0x6f0 [ 12.921680] ret_from_fork+0x116/0x1d0 [ 12.922041] ret_from_fork_asm+0x1a/0x30 [ 12.922572] [ 12.922759] The buggy address belongs to the object at ffff888103348240 [ 12.922759] which belongs to the cache test_cache of size 123 [ 12.923936] The buggy address is located 0 bytes to the right of [ 12.923936] allocated 123-byte region [ffff888103348240, ffff8881033482bb) [ 12.925214] [ 12.925422] The buggy address belongs to the physical page: [ 12.925866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103348 [ 12.926121] flags: 0x200000000000000(node=0|zone=2) [ 12.926765] page_type: f5(slab) [ 12.927086] raw: 0200000000000000 ffff8881018498c0 dead000000000122 0000000000000000 [ 12.927807] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.928041] page dumped because: kasan: bad access detected [ 12.928551] [ 12.928722] Memory state around the buggy address: [ 12.929208] ffff888103348180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.929913] ffff888103348200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 12.930574] >ffff888103348280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 12.930799] ^ [ 12.930963] ffff888103348300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.931217] ffff888103348380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.931659] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 12.267715] ================================================================== [ 12.268135] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 12.268445] Read of size 1 at addr ffff888101675640 by task kunit_try_catch/233 [ 12.268746] [ 12.268865] CPU: 0 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.268909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.268921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.268942] Call Trace: [ 12.268955] <TASK> [ 12.268972] dump_stack_lvl+0x73/0xb0 [ 12.269001] print_report+0xd1/0x650 [ 12.269023] ? __virt_addr_valid+0x1db/0x2d0 [ 12.269047] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.269071] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.269093] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.269130] kasan_report+0x141/0x180 [ 12.269151] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.269192] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.269216] __kasan_check_byte+0x3d/0x50 [ 12.269252] kmem_cache_destroy+0x25/0x1d0 [ 12.269275] kmem_cache_double_destroy+0x1bf/0x380 [ 12.269299] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 12.269322] ? finish_task_switch.isra.0+0x153/0x700 [ 12.269344] ? __switch_to+0x47/0xf50 [ 12.269373] ? __pfx_read_tsc+0x10/0x10 [ 12.269404] ? ktime_get_ts64+0x86/0x230 [ 12.269429] kunit_try_run_case+0x1a5/0x480 [ 12.269453] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.269475] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.269498] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.269520] ? __kthread_parkme+0x82/0x180 [ 12.269541] ? preempt_count_sub+0x50/0x80 [ 12.269563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.269597] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.269620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.269653] kthread+0x337/0x6f0 [ 12.269673] ? trace_preempt_on+0x20/0xc0 [ 12.269695] ? __pfx_kthread+0x10/0x10 [ 12.269725] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.269745] ? calculate_sigpending+0x7b/0xa0 [ 12.269770] ? __pfx_kthread+0x10/0x10 [ 12.269800] ret_from_fork+0x116/0x1d0 [ 12.269819] ? __pfx_kthread+0x10/0x10 [ 12.269838] ret_from_fork_asm+0x1a/0x30 [ 12.269868] </TASK> [ 12.269880] [ 12.279943] Allocated by task 233: [ 12.280123] kasan_save_stack+0x45/0x70 [ 12.280775] kasan_save_track+0x18/0x40 [ 12.281121] kasan_save_alloc_info+0x3b/0x50 [ 12.281402] __kasan_slab_alloc+0x91/0xa0 [ 12.281594] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.281800] __kmem_cache_create_args+0x169/0x240 [ 12.282012] kmem_cache_double_destroy+0xd5/0x380 [ 12.282331] kunit_try_run_case+0x1a5/0x480 [ 12.282532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.282765] kthread+0x337/0x6f0 [ 12.282921] ret_from_fork+0x116/0x1d0 [ 12.283091] ret_from_fork_asm+0x1a/0x30 [ 12.283253] [ 12.283326] Freed by task 233: [ 12.283441] kasan_save_stack+0x45/0x70 [ 12.283578] kasan_save_track+0x18/0x40 [ 12.283848] kasan_save_free_info+0x3f/0x60 [ 12.284055] __kasan_slab_free+0x56/0x70 [ 12.284467] kmem_cache_free+0x249/0x420 [ 12.284671] slab_kmem_cache_release+0x2e/0x40 [ 12.284893] kmem_cache_release+0x16/0x20 [ 12.285039] kobject_put+0x181/0x450 [ 12.285335] sysfs_slab_release+0x16/0x20 [ 12.285572] kmem_cache_destroy+0xf0/0x1d0 [ 12.285808] kmem_cache_double_destroy+0x14e/0x380 [ 12.286033] kunit_try_run_case+0x1a5/0x480 [ 12.286243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.286547] kthread+0x337/0x6f0 [ 12.286679] ret_from_fork+0x116/0x1d0 [ 12.287043] ret_from_fork_asm+0x1a/0x30 [ 12.287925] [ 12.288027] The buggy address belongs to the object at ffff888101675640 [ 12.288027] which belongs to the cache kmem_cache of size 208 [ 12.288868] The buggy address is located 0 bytes inside of [ 12.288868] freed 208-byte region [ffff888101675640, ffff888101675710) [ 12.289622] [ 12.289740] The buggy address belongs to the physical page: [ 12.289982] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101675 [ 12.290636] flags: 0x200000000000000(node=0|zone=2) [ 12.291136] page_type: f5(slab) [ 12.291556] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 12.291891] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.292662] page dumped because: kasan: bad access detected [ 12.292928] [ 12.293021] Memory state around the buggy address: [ 12.293599] ffff888101675500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.294208] ffff888101675580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.294699] >ffff888101675600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 12.294989] ^ [ 12.295615] ffff888101675680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.296029] ffff888101675700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.296607] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 12.206527] ================================================================== [ 12.206987] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.208040] Read of size 1 at addr ffff888103343000 by task kunit_try_catch/231 [ 12.209205] [ 12.209572] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.209624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.209636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.209658] Call Trace: [ 12.209670] <TASK> [ 12.209689] dump_stack_lvl+0x73/0xb0 [ 12.209845] print_report+0xd1/0x650 [ 12.209877] ? __virt_addr_valid+0x1db/0x2d0 [ 12.209902] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.209924] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.209945] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.209967] kasan_report+0x141/0x180 [ 12.209987] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.210014] __asan_report_load1_noabort+0x18/0x20 [ 12.210036] kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.210058] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.210079] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.210122] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.210149] kunit_try_run_case+0x1a5/0x480 [ 12.210173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.210194] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.210217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.210238] ? __kthread_parkme+0x82/0x180 [ 12.210259] ? preempt_count_sub+0x50/0x80 [ 12.210282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.210304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.210326] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.210347] kthread+0x337/0x6f0 [ 12.210365] ? trace_preempt_on+0x20/0xc0 [ 12.210389] ? __pfx_kthread+0x10/0x10 [ 12.210408] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.210428] ? calculate_sigpending+0x7b/0xa0 [ 12.210451] ? __pfx_kthread+0x10/0x10 [ 12.210471] ret_from_fork+0x116/0x1d0 [ 12.210490] ? __pfx_kthread+0x10/0x10 [ 12.210509] ret_from_fork_asm+0x1a/0x30 [ 12.210539] </TASK> [ 12.210552] [ 12.220208] Allocated by task 231: [ 12.220633] kasan_save_stack+0x45/0x70 [ 12.220804] kasan_save_track+0x18/0x40 [ 12.221007] kasan_save_alloc_info+0x3b/0x50 [ 12.221245] __kasan_slab_alloc+0x91/0xa0 [ 12.221563] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.221770] kmem_cache_rcu_uaf+0x155/0x510 [ 12.221980] kunit_try_run_case+0x1a5/0x480 [ 12.222330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.222570] kthread+0x337/0x6f0 [ 12.222742] ret_from_fork+0x116/0x1d0 [ 12.222902] ret_from_fork_asm+0x1a/0x30 [ 12.223067] [ 12.223169] Freed by task 0: [ 12.223363] kasan_save_stack+0x45/0x70 [ 12.223502] kasan_save_track+0x18/0x40 [ 12.223772] kasan_save_free_info+0x3f/0x60 [ 12.224043] __kasan_slab_free+0x56/0x70 [ 12.224239] slab_free_after_rcu_debug+0xe4/0x310 [ 12.224537] rcu_core+0x66f/0x1c40 [ 12.224676] rcu_core_si+0x12/0x20 [ 12.224799] handle_softirqs+0x209/0x730 [ 12.225126] __irq_exit_rcu+0xc9/0x110 [ 12.225524] irq_exit_rcu+0x12/0x20 [ 12.225661] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.225873] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.226096] [ 12.226361] Last potentially related work creation: [ 12.226570] kasan_save_stack+0x45/0x70 [ 12.226852] kasan_record_aux_stack+0xb2/0xc0 [ 12.227089] kmem_cache_free+0x131/0x420 [ 12.227961] kmem_cache_rcu_uaf+0x194/0x510 [ 12.228322] kunit_try_run_case+0x1a5/0x480 [ 12.228702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.228936] kthread+0x337/0x6f0 [ 12.229119] ret_from_fork+0x116/0x1d0 [ 12.229591] ret_from_fork_asm+0x1a/0x30 [ 12.229880] [ 12.229985] The buggy address belongs to the object at ffff888103343000 [ 12.229985] which belongs to the cache test_cache of size 200 [ 12.230785] The buggy address is located 0 bytes inside of [ 12.230785] freed 200-byte region [ffff888103343000, ffff8881033430c8) [ 12.231558] [ 12.231662] The buggy address belongs to the physical page: [ 12.231841] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103343 [ 12.232534] flags: 0x200000000000000(node=0|zone=2) [ 12.232890] page_type: f5(slab) [ 12.233239] raw: 0200000000000000 ffff888101849640 dead000000000122 0000000000000000 [ 12.233935] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.234543] page dumped because: kasan: bad access detected [ 12.234740] [ 12.234949] Memory state around the buggy address: [ 12.235134] ffff888103342f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.235875] ffff888103342f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.236418] >ffff888103343000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.236673] ^ [ 12.236978] ffff888103343080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.237495] ffff888103343100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.237880] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 12.144844] ================================================================== [ 12.145885] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 12.146435] Free of addr ffff8881038dd001 by task kunit_try_catch/229 [ 12.146947] [ 12.147130] CPU: 0 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.147195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.147212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.147233] Call Trace: [ 12.147246] <TASK> [ 12.147262] dump_stack_lvl+0x73/0xb0 [ 12.147291] print_report+0xd1/0x650 [ 12.147328] ? __virt_addr_valid+0x1db/0x2d0 [ 12.147354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.147374] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.147398] kasan_report_invalid_free+0x10a/0x130 [ 12.147420] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.147455] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.147478] check_slab_allocation+0x11f/0x130 [ 12.147499] __kasan_slab_pre_free+0x28/0x40 [ 12.147538] kmem_cache_free+0xed/0x420 [ 12.147558] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.147577] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.147613] kmem_cache_invalid_free+0x1d8/0x460 [ 12.147636] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.147658] ? finish_task_switch.isra.0+0x153/0x700 [ 12.147680] ? __switch_to+0x47/0xf50 [ 12.147707] ? __pfx_read_tsc+0x10/0x10 [ 12.147728] ? ktime_get_ts64+0x86/0x230 [ 12.147751] kunit_try_run_case+0x1a5/0x480 [ 12.147774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.147795] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.147816] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.147838] ? __kthread_parkme+0x82/0x180 [ 12.147858] ? preempt_count_sub+0x50/0x80 [ 12.147879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.147901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.147921] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.147943] kthread+0x337/0x6f0 [ 12.147961] ? trace_preempt_on+0x20/0xc0 [ 12.147984] ? __pfx_kthread+0x10/0x10 [ 12.148003] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.148023] ? calculate_sigpending+0x7b/0xa0 [ 12.148046] ? __pfx_kthread+0x10/0x10 [ 12.148066] ret_from_fork+0x116/0x1d0 [ 12.148082] ? __pfx_kthread+0x10/0x10 [ 12.148110] ret_from_fork_asm+0x1a/0x30 [ 12.148156] </TASK> [ 12.148168] [ 12.163266] Allocated by task 229: [ 12.163544] kasan_save_stack+0x45/0x70 [ 12.163695] kasan_save_track+0x18/0x40 [ 12.163832] kasan_save_alloc_info+0x3b/0x50 [ 12.163981] __kasan_slab_alloc+0x91/0xa0 [ 12.164131] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.164418] kmem_cache_invalid_free+0x157/0x460 [ 12.164617] kunit_try_run_case+0x1a5/0x480 [ 12.164843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.165037] kthread+0x337/0x6f0 [ 12.165213] ret_from_fork+0x116/0x1d0 [ 12.165521] ret_from_fork_asm+0x1a/0x30 [ 12.165668] [ 12.165740] The buggy address belongs to the object at ffff8881038dd000 [ 12.165740] which belongs to the cache test_cache of size 200 [ 12.166264] The buggy address is located 1 bytes inside of [ 12.166264] 200-byte region [ffff8881038dd000, ffff8881038dd0c8) [ 12.166910] [ 12.167041] The buggy address belongs to the physical page: [ 12.167234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038dd [ 12.167709] flags: 0x200000000000000(node=0|zone=2) [ 12.167877] page_type: f5(slab) [ 12.168241] raw: 0200000000000000 ffff888101675500 dead000000000122 0000000000000000 [ 12.168681] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.169059] page dumped because: kasan: bad access detected [ 12.169394] [ 12.169493] Memory state around the buggy address: [ 12.169711] ffff8881038dcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.169994] ffff8881038dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.170655] >ffff8881038dd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.171007] ^ [ 12.171194] ffff8881038dd080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.171609] ffff8881038dd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.171883] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 12.104772] ================================================================== [ 12.106280] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.106779] Free of addr ffff888103342000 by task kunit_try_catch/227 [ 12.106985] [ 12.107077] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.107140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.107151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.107172] Call Trace: [ 12.107187] <TASK> [ 12.107234] dump_stack_lvl+0x73/0xb0 [ 12.107262] print_report+0xd1/0x650 [ 12.107284] ? __virt_addr_valid+0x1db/0x2d0 [ 12.107325] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.107347] ? kmem_cache_double_free+0x1e5/0x480 [ 12.107371] kasan_report_invalid_free+0x10a/0x130 [ 12.107395] ? kmem_cache_double_free+0x1e5/0x480 [ 12.107419] ? kmem_cache_double_free+0x1e5/0x480 [ 12.107442] check_slab_allocation+0x101/0x130 [ 12.107463] __kasan_slab_pre_free+0x28/0x40 [ 12.107483] kmem_cache_free+0xed/0x420 [ 12.107502] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.107522] ? kmem_cache_double_free+0x1e5/0x480 [ 12.107547] kmem_cache_double_free+0x1e5/0x480 [ 12.107570] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.107592] ? finish_task_switch.isra.0+0x153/0x700 [ 12.107613] ? __switch_to+0x47/0xf50 [ 12.107640] ? __pfx_read_tsc+0x10/0x10 [ 12.107660] ? ktime_get_ts64+0x86/0x230 [ 12.107683] kunit_try_run_case+0x1a5/0x480 [ 12.107705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.107726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.107748] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.107770] ? __kthread_parkme+0x82/0x180 [ 12.107790] ? preempt_count_sub+0x50/0x80 [ 12.107812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.107835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.107856] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.107877] kthread+0x337/0x6f0 [ 12.107896] ? trace_preempt_on+0x20/0xc0 [ 12.107919] ? __pfx_kthread+0x10/0x10 [ 12.107938] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.107957] ? calculate_sigpending+0x7b/0xa0 [ 12.107980] ? __pfx_kthread+0x10/0x10 [ 12.108000] ret_from_fork+0x116/0x1d0 [ 12.108017] ? __pfx_kthread+0x10/0x10 [ 12.108037] ret_from_fork_asm+0x1a/0x30 [ 12.108066] </TASK> [ 12.108077] [ 12.121202] Allocated by task 227: [ 12.121360] kasan_save_stack+0x45/0x70 [ 12.121575] kasan_save_track+0x18/0x40 [ 12.121766] kasan_save_alloc_info+0x3b/0x50 [ 12.121972] __kasan_slab_alloc+0x91/0xa0 [ 12.122601] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.122820] kmem_cache_double_free+0x14f/0x480 [ 12.123139] kunit_try_run_case+0x1a5/0x480 [ 12.123522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.123837] kthread+0x337/0x6f0 [ 12.123964] ret_from_fork+0x116/0x1d0 [ 12.124162] ret_from_fork_asm+0x1a/0x30 [ 12.124390] [ 12.124878] Freed by task 227: [ 12.125036] kasan_save_stack+0x45/0x70 [ 12.125226] kasan_save_track+0x18/0x40 [ 12.125577] kasan_save_free_info+0x3f/0x60 [ 12.125774] __kasan_slab_free+0x56/0x70 [ 12.125965] kmem_cache_free+0x249/0x420 [ 12.126224] kmem_cache_double_free+0x16a/0x480 [ 12.126810] kunit_try_run_case+0x1a5/0x480 [ 12.127028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.127388] kthread+0x337/0x6f0 [ 12.127567] ret_from_fork+0x116/0x1d0 [ 12.127751] ret_from_fork_asm+0x1a/0x30 [ 12.127946] [ 12.128036] The buggy address belongs to the object at ffff888103342000 [ 12.128036] which belongs to the cache test_cache of size 200 [ 12.129323] The buggy address is located 0 bytes inside of [ 12.129323] 200-byte region [ffff888103342000, ffff8881033420c8) [ 12.129939] [ 12.130159] The buggy address belongs to the physical page: [ 12.130578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103342 [ 12.130900] flags: 0x200000000000000(node=0|zone=2) [ 12.131136] page_type: f5(slab) [ 12.131384] raw: 0200000000000000 ffff888101849500 dead000000000122 0000000000000000 [ 12.132051] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.132633] page dumped because: kasan: bad access detected [ 12.132975] [ 12.133195] Memory state around the buggy address: [ 12.133765] ffff888103341f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.134326] ffff888103341f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.134756] >ffff888103342000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.135408] ^ [ 12.135780] ffff888103342080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.136007] ffff888103342100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.136277] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 12.068498] ================================================================== [ 12.068937] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.069282] Read of size 1 at addr ffff8881038da0c8 by task kunit_try_catch/225 [ 12.069674] [ 12.069820] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.069862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.069874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.069895] Call Trace: [ 12.069906] <TASK> [ 12.069922] dump_stack_lvl+0x73/0xb0 [ 12.069951] print_report+0xd1/0x650 [ 12.069974] ? __virt_addr_valid+0x1db/0x2d0 [ 12.070136] ? kmem_cache_oob+0x402/0x530 [ 12.070159] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.070181] ? kmem_cache_oob+0x402/0x530 [ 12.070203] kasan_report+0x141/0x180 [ 12.070224] ? kmem_cache_oob+0x402/0x530 [ 12.070251] __asan_report_load1_noabort+0x18/0x20 [ 12.070274] kmem_cache_oob+0x402/0x530 [ 12.070295] ? trace_hardirqs_on+0x37/0xe0 [ 12.070319] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.070342] ? __kasan_check_write+0x18/0x20 [ 12.070361] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.070383] ? irqentry_exit+0x2a/0x60 [ 12.070405] ? trace_hardirqs_on+0x37/0xe0 [ 12.070438] ? __pfx_read_tsc+0x10/0x10 [ 12.070460] ? ktime_get_ts64+0x86/0x230 [ 12.070484] kunit_try_run_case+0x1a5/0x480 [ 12.070509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.070532] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.070554] ? __kthread_parkme+0x82/0x180 [ 12.070574] ? preempt_count_sub+0x50/0x80 [ 12.070597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.070620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.070641] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.070663] kthread+0x337/0x6f0 [ 12.070681] ? trace_preempt_on+0x20/0xc0 [ 12.070702] ? __pfx_kthread+0x10/0x10 [ 12.070728] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.070748] ? calculate_sigpending+0x7b/0xa0 [ 12.070771] ? __pfx_kthread+0x10/0x10 [ 12.070792] ret_from_fork+0x116/0x1d0 [ 12.070809] ? __pfx_kthread+0x10/0x10 [ 12.070828] ret_from_fork_asm+0x1a/0x30 [ 12.070858] </TASK> [ 12.070869] [ 12.079538] Allocated by task 225: [ 12.079697] kasan_save_stack+0x45/0x70 [ 12.079895] kasan_save_track+0x18/0x40 [ 12.080035] kasan_save_alloc_info+0x3b/0x50 [ 12.080398] __kasan_slab_alloc+0x91/0xa0 [ 12.080584] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.080781] kmem_cache_oob+0x157/0x530 [ 12.080927] kunit_try_run_case+0x1a5/0x480 [ 12.081112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.081360] kthread+0x337/0x6f0 [ 12.081553] ret_from_fork+0x116/0x1d0 [ 12.081837] ret_from_fork_asm+0x1a/0x30 [ 12.081981] [ 12.082054] The buggy address belongs to the object at ffff8881038da000 [ 12.082054] which belongs to the cache test_cache of size 200 [ 12.082884] The buggy address is located 0 bytes to the right of [ 12.082884] allocated 200-byte region [ffff8881038da000, ffff8881038da0c8) [ 12.083383] [ 12.083582] The buggy address belongs to the physical page: [ 12.083764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038da [ 12.084007] flags: 0x200000000000000(node=0|zone=2) [ 12.084187] page_type: f5(slab) [ 12.084349] raw: 0200000000000000 ffff8881016753c0 dead000000000122 0000000000000000 [ 12.084686] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.085027] page dumped because: kasan: bad access detected [ 12.085575] [ 12.085654] Memory state around the buggy address: [ 12.085814] ffff8881038d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.086137] ffff8881038da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.086664] >ffff8881038da080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.086986] ^ [ 12.087259] ffff8881038da100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.087479] ffff8881038da180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.087702] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 12.035592] ================================================================== [ 12.036024] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.036657] Read of size 8 at addr ffff88810333d180 by task kunit_try_catch/218 [ 12.036914] [ 12.037025] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.037069] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.037080] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.037100] Call Trace: [ 12.037125] <TASK> [ 12.037140] dump_stack_lvl+0x73/0xb0 [ 12.037167] print_report+0xd1/0x650 [ 12.037189] ? __virt_addr_valid+0x1db/0x2d0 [ 12.037210] ? workqueue_uaf+0x4d6/0x560 [ 12.037230] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.037251] ? workqueue_uaf+0x4d6/0x560 [ 12.037271] kasan_report+0x141/0x180 [ 12.037292] ? workqueue_uaf+0x4d6/0x560 [ 12.037317] __asan_report_load8_noabort+0x18/0x20 [ 12.037340] workqueue_uaf+0x4d6/0x560 [ 12.037361] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.037382] ? __schedule+0x10cc/0x2b60 [ 12.037403] ? __pfx_read_tsc+0x10/0x10 [ 12.037424] ? ktime_get_ts64+0x86/0x230 [ 12.037446] kunit_try_run_case+0x1a5/0x480 [ 12.037470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.037491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.037512] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.037534] ? __kthread_parkme+0x82/0x180 [ 12.037553] ? preempt_count_sub+0x50/0x80 [ 12.037576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.037598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.037620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.037642] kthread+0x337/0x6f0 [ 12.037661] ? trace_preempt_on+0x20/0xc0 [ 12.037685] ? __pfx_kthread+0x10/0x10 [ 12.037706] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.037729] ? calculate_sigpending+0x7b/0xa0 [ 12.037751] ? __pfx_kthread+0x10/0x10 [ 12.037801] ret_from_fork+0x116/0x1d0 [ 12.037820] ? __pfx_kthread+0x10/0x10 [ 12.037839] ret_from_fork_asm+0x1a/0x30 [ 12.037870] </TASK> [ 12.037881] [ 12.045275] Allocated by task 218: [ 12.045451] kasan_save_stack+0x45/0x70 [ 12.045664] kasan_save_track+0x18/0x40 [ 12.045827] kasan_save_alloc_info+0x3b/0x50 [ 12.046039] __kasan_kmalloc+0xb7/0xc0 [ 12.046307] __kmalloc_cache_noprof+0x189/0x420 [ 12.046510] workqueue_uaf+0x152/0x560 [ 12.046699] kunit_try_run_case+0x1a5/0x480 [ 12.046892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.047141] kthread+0x337/0x6f0 [ 12.047280] ret_from_fork+0x116/0x1d0 [ 12.047523] ret_from_fork_asm+0x1a/0x30 [ 12.047707] [ 12.047797] Freed by task 41: [ 12.047947] kasan_save_stack+0x45/0x70 [ 12.048299] kasan_save_track+0x18/0x40 [ 12.048505] kasan_save_free_info+0x3f/0x60 [ 12.048757] __kasan_slab_free+0x56/0x70 [ 12.048930] kfree+0x222/0x3f0 [ 12.049049] workqueue_uaf_work+0x12/0x20 [ 12.049245] process_one_work+0x5ee/0xf60 [ 12.049580] worker_thread+0x758/0x1220 [ 12.049759] kthread+0x337/0x6f0 [ 12.049915] ret_from_fork+0x116/0x1d0 [ 12.050078] ret_from_fork_asm+0x1a/0x30 [ 12.050310] [ 12.050410] Last potentially related work creation: [ 12.050616] kasan_save_stack+0x45/0x70 [ 12.050817] kasan_record_aux_stack+0xb2/0xc0 [ 12.051025] __queue_work+0x626/0xeb0 [ 12.051265] queue_work_on+0xb6/0xc0 [ 12.051446] workqueue_uaf+0x26d/0x560 [ 12.051637] kunit_try_run_case+0x1a5/0x480 [ 12.051824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.052050] kthread+0x337/0x6f0 [ 12.052184] ret_from_fork+0x116/0x1d0 [ 12.052318] ret_from_fork_asm+0x1a/0x30 [ 12.052456] [ 12.052527] The buggy address belongs to the object at ffff88810333d180 [ 12.052527] which belongs to the cache kmalloc-32 of size 32 [ 12.052918] The buggy address is located 0 bytes inside of [ 12.052918] freed 32-byte region [ffff88810333d180, ffff88810333d1a0) [ 12.054018] [ 12.054161] The buggy address belongs to the physical page: [ 12.054472] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10333d [ 12.054804] flags: 0x200000000000000(node=0|zone=2) [ 12.055023] page_type: f5(slab) [ 12.055158] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.055639] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.055896] page dumped because: kasan: bad access detected [ 12.056069] [ 12.056155] Memory state around the buggy address: [ 12.056312] ffff88810333d080: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.056688] ffff88810333d100: 00 00 03 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 12.057170] >ffff88810333d180: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 12.057884] ^ [ 12.058065] ffff88810333d200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.058298] ffff88810333d280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.058514] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 12.000261] ================================================================== [ 12.000736] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.001019] Read of size 4 at addr ffff88810333d040 by task swapper/1/0 [ 12.001369] [ 12.001458] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.001555] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.001569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.001590] Call Trace: [ 12.001616] <IRQ> [ 12.001632] dump_stack_lvl+0x73/0xb0 [ 12.001661] print_report+0xd1/0x650 [ 12.001682] ? __virt_addr_valid+0x1db/0x2d0 [ 12.001705] ? rcu_uaf_reclaim+0x50/0x60 [ 12.001725] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.001746] ? rcu_uaf_reclaim+0x50/0x60 [ 12.001767] kasan_report+0x141/0x180 [ 12.001788] ? rcu_uaf_reclaim+0x50/0x60 [ 12.001812] __asan_report_load4_noabort+0x18/0x20 [ 12.001835] rcu_uaf_reclaim+0x50/0x60 [ 12.001855] rcu_core+0x66f/0x1c40 [ 12.001882] ? __pfx_rcu_core+0x10/0x10 [ 12.001902] ? ktime_get+0x6b/0x150 [ 12.001922] ? handle_softirqs+0x18e/0x730 [ 12.001947] rcu_core_si+0x12/0x20 [ 12.001965] handle_softirqs+0x209/0x730 [ 12.001984] ? hrtimer_interrupt+0x2fe/0x780 [ 12.002005] ? __pfx_handle_softirqs+0x10/0x10 [ 12.002029] __irq_exit_rcu+0xc9/0x110 [ 12.002049] irq_exit_rcu+0x12/0x20 [ 12.002067] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.002090] </IRQ> [ 12.002128] <TASK> [ 12.002140] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.002300] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.002535] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 8a 21 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.002615] RSP: 0000:ffff888100877dc8 EFLAGS: 00010202 [ 12.002703] RAX: ffff8881a5d74000 RBX: ffff88810085a000 RCX: ffffffffb2e730e5 [ 12.002748] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 000000000000fe74 [ 12.002790] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 12.002832] R10: ffff88815b130c53 R11: 00000000000c9c00 R12: 0000000000000001 [ 12.002874] R13: ffffed102010b400 R14: ffffffffb4bb0690 R15: 0000000000000000 [ 12.002930] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.002982] ? default_idle+0xd/0x20 [ 12.003004] arch_cpu_idle+0xd/0x20 [ 12.003024] default_idle_call+0x48/0x80 [ 12.003046] do_idle+0x379/0x4f0 [ 12.003068] ? complete+0x15b/0x1d0 [ 12.003085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.003124] ? __pfx_do_idle+0x10/0x10 [ 12.003144] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 12.003315] ? complete+0x15b/0x1d0 [ 12.003341] cpu_startup_entry+0x5c/0x70 [ 12.003364] start_secondary+0x211/0x290 [ 12.003386] ? __pfx_start_secondary+0x10/0x10 [ 12.003411] common_startup_64+0x13e/0x148 [ 12.003443] </TASK> [ 12.003454] [ 12.013352] Allocated by task 216: [ 12.013489] kasan_save_stack+0x45/0x70 [ 12.013688] kasan_save_track+0x18/0x40 [ 12.013884] kasan_save_alloc_info+0x3b/0x50 [ 12.014365] __kasan_kmalloc+0xb7/0xc0 [ 12.015322] __kmalloc_cache_noprof+0x189/0x420 [ 12.015530] rcu_uaf+0xb0/0x330 [ 12.015653] kunit_try_run_case+0x1a5/0x480 [ 12.015830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.016034] kthread+0x337/0x6f0 [ 12.016235] ret_from_fork+0x116/0x1d0 [ 12.016522] ret_from_fork_asm+0x1a/0x30 [ 12.016719] [ 12.016808] Freed by task 0: [ 12.016928] kasan_save_stack+0x45/0x70 [ 12.017097] kasan_save_track+0x18/0x40 [ 12.017456] kasan_save_free_info+0x3f/0x60 [ 12.017651] __kasan_slab_free+0x56/0x70 [ 12.017851] kfree+0x222/0x3f0 [ 12.017990] rcu_uaf_reclaim+0x1f/0x60 [ 12.018201] rcu_core+0x66f/0x1c40 [ 12.018351] rcu_core_si+0x12/0x20 [ 12.018527] handle_softirqs+0x209/0x730 [ 12.018666] __irq_exit_rcu+0xc9/0x110 [ 12.018798] irq_exit_rcu+0x12/0x20 [ 12.018926] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.019116] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.019361] [ 12.019476] Last potentially related work creation: [ 12.019714] kasan_save_stack+0x45/0x70 [ 12.019909] kasan_record_aux_stack+0xb2/0xc0 [ 12.020077] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.020423] call_rcu+0x12/0x20 [ 12.020620] rcu_uaf+0x168/0x330 [ 12.020792] kunit_try_run_case+0x1a5/0x480 [ 12.021009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.021509] kthread+0x337/0x6f0 [ 12.021675] ret_from_fork+0x116/0x1d0 [ 12.021808] ret_from_fork_asm+0x1a/0x30 [ 12.021963] [ 12.022068] The buggy address belongs to the object at ffff88810333d040 [ 12.022068] which belongs to the cache kmalloc-32 of size 32 [ 12.023229] The buggy address is located 0 bytes inside of [ 12.023229] freed 32-byte region [ffff88810333d040, ffff88810333d060) [ 12.023576] [ 12.023649] The buggy address belongs to the physical page: [ 12.023821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10333d [ 12.024189] flags: 0x200000000000000(node=0|zone=2) [ 12.024735] page_type: f5(slab) [ 12.024940] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.026042] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.026379] page dumped because: kasan: bad access detected [ 12.026631] [ 12.026716] Memory state around the buggy address: [ 12.026908] ffff88810333cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.027559] ffff88810333cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.027852] >ffff88810333d000: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.028180] ^ [ 12.028800] ffff88810333d080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.029127] ffff88810333d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.029725] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 11.946893] ================================================================== [ 11.947292] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 11.947623] Read of size 1 at addr ffff8881029db700 by task kunit_try_catch/214 [ 11.947868] [ 11.947982] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.948023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.948034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.948054] Call Trace: [ 11.948066] <TASK> [ 11.948082] dump_stack_lvl+0x73/0xb0 [ 11.948123] print_report+0xd1/0x650 [ 11.948145] ? __virt_addr_valid+0x1db/0x2d0 [ 11.948208] ? ksize_uaf+0x5fe/0x6c0 [ 11.948229] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.948250] ? ksize_uaf+0x5fe/0x6c0 [ 11.948270] kasan_report+0x141/0x180 [ 11.948291] ? ksize_uaf+0x5fe/0x6c0 [ 11.948316] __asan_report_load1_noabort+0x18/0x20 [ 11.948339] ksize_uaf+0x5fe/0x6c0 [ 11.948358] ? __pfx_ksize_uaf+0x10/0x10 [ 11.948378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.948404] ? __pfx_read_tsc+0x10/0x10 [ 11.948425] ? ktime_get_ts64+0x86/0x230 [ 11.948449] kunit_try_run_case+0x1a5/0x480 [ 11.948471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.948492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.948514] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.948536] ? __kthread_parkme+0x82/0x180 [ 11.948556] ? preempt_count_sub+0x50/0x80 [ 11.948579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.948601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.948622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.948644] kthread+0x337/0x6f0 [ 11.948663] ? trace_preempt_on+0x20/0xc0 [ 11.948698] ? __pfx_kthread+0x10/0x10 [ 11.948718] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.948738] ? calculate_sigpending+0x7b/0xa0 [ 11.948761] ? __pfx_kthread+0x10/0x10 [ 11.948782] ret_from_fork+0x116/0x1d0 [ 11.948799] ? __pfx_kthread+0x10/0x10 [ 11.948819] ret_from_fork_asm+0x1a/0x30 [ 11.948849] </TASK> [ 11.948860] [ 11.956306] Allocated by task 214: [ 11.956497] kasan_save_stack+0x45/0x70 [ 11.956698] kasan_save_track+0x18/0x40 [ 11.956891] kasan_save_alloc_info+0x3b/0x50 [ 11.957068] __kasan_kmalloc+0xb7/0xc0 [ 11.957361] __kmalloc_cache_noprof+0x189/0x420 [ 11.957529] ksize_uaf+0xaa/0x6c0 [ 11.957655] kunit_try_run_case+0x1a5/0x480 [ 11.957803] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.958000] kthread+0x337/0x6f0 [ 11.958174] ret_from_fork+0x116/0x1d0 [ 11.958509] ret_from_fork_asm+0x1a/0x30 [ 11.958712] [ 11.958811] Freed by task 214: [ 11.958965] kasan_save_stack+0x45/0x70 [ 11.959330] kasan_save_track+0x18/0x40 [ 11.959538] kasan_save_free_info+0x3f/0x60 [ 11.959744] __kasan_slab_free+0x56/0x70 [ 11.959903] kfree+0x222/0x3f0 [ 11.960059] ksize_uaf+0x12c/0x6c0 [ 11.960284] kunit_try_run_case+0x1a5/0x480 [ 11.960562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.960791] kthread+0x337/0x6f0 [ 11.960959] ret_from_fork+0x116/0x1d0 [ 11.961179] ret_from_fork_asm+0x1a/0x30 [ 11.961324] [ 11.961440] The buggy address belongs to the object at ffff8881029db700 [ 11.961440] which belongs to the cache kmalloc-128 of size 128 [ 11.961962] The buggy address is located 0 bytes inside of [ 11.961962] freed 128-byte region [ffff8881029db700, ffff8881029db780) [ 11.962534] [ 11.962621] The buggy address belongs to the physical page: [ 11.962822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.963252] flags: 0x200000000000000(node=0|zone=2) [ 11.963481] page_type: f5(slab) [ 11.963622] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.963957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.964438] page dumped because: kasan: bad access detected [ 11.964621] [ 11.964693] Memory state around the buggy address: [ 11.964850] ffff8881029db600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.965068] ffff8881029db680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.965550] >ffff8881029db700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.966237] ^ [ 11.966403] ffff8881029db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.966703] ffff8881029db800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.966919] ================================================================== [ 11.926427] ================================================================== [ 11.926837] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 11.927059] Read of size 1 at addr ffff8881029db700 by task kunit_try_catch/214 [ 11.927354] [ 11.927457] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.927503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.927514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.927534] Call Trace: [ 11.927546] <TASK> [ 11.927562] dump_stack_lvl+0x73/0xb0 [ 11.927589] print_report+0xd1/0x650 [ 11.927612] ? __virt_addr_valid+0x1db/0x2d0 [ 11.927635] ? ksize_uaf+0x19d/0x6c0 [ 11.927654] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.927675] ? ksize_uaf+0x19d/0x6c0 [ 11.927695] kasan_report+0x141/0x180 [ 11.927716] ? ksize_uaf+0x19d/0x6c0 [ 11.927739] ? ksize_uaf+0x19d/0x6c0 [ 11.927759] __kasan_check_byte+0x3d/0x50 [ 11.927780] ksize+0x20/0x60 [ 11.927801] ksize_uaf+0x19d/0x6c0 [ 11.927821] ? __pfx_ksize_uaf+0x10/0x10 [ 11.927841] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.927867] ? __pfx_read_tsc+0x10/0x10 [ 11.927888] ? ktime_get_ts64+0x86/0x230 [ 11.927913] kunit_try_run_case+0x1a5/0x480 [ 11.927936] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.927957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.927981] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.928003] ? __kthread_parkme+0x82/0x180 [ 11.928023] ? preempt_count_sub+0x50/0x80 [ 11.928045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.928067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.928090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.928124] kthread+0x337/0x6f0 [ 11.928143] ? trace_preempt_on+0x20/0xc0 [ 11.928167] ? __pfx_kthread+0x10/0x10 [ 11.928187] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.928207] ? calculate_sigpending+0x7b/0xa0 [ 11.928230] ? __pfx_kthread+0x10/0x10 [ 11.928250] ret_from_fork+0x116/0x1d0 [ 11.928277] ? __pfx_kthread+0x10/0x10 [ 11.928297] ret_from_fork_asm+0x1a/0x30 [ 11.928327] </TASK> [ 11.928340] [ 11.935688] Allocated by task 214: [ 11.935872] kasan_save_stack+0x45/0x70 [ 11.936051] kasan_save_track+0x18/0x40 [ 11.936362] kasan_save_alloc_info+0x3b/0x50 [ 11.936579] __kasan_kmalloc+0xb7/0xc0 [ 11.936717] __kmalloc_cache_noprof+0x189/0x420 [ 11.936908] ksize_uaf+0xaa/0x6c0 [ 11.937086] kunit_try_run_case+0x1a5/0x480 [ 11.937417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.937645] kthread+0x337/0x6f0 [ 11.937893] ret_from_fork+0x116/0x1d0 [ 11.938033] ret_from_fork_asm+0x1a/0x30 [ 11.938268] [ 11.938417] Freed by task 214: [ 11.938608] kasan_save_stack+0x45/0x70 [ 11.938796] kasan_save_track+0x18/0x40 [ 11.938935] kasan_save_free_info+0x3f/0x60 [ 11.939083] __kasan_slab_free+0x56/0x70 [ 11.939238] kfree+0x222/0x3f0 [ 11.939387] ksize_uaf+0x12c/0x6c0 [ 11.939562] kunit_try_run_case+0x1a5/0x480 [ 11.939776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.940027] kthread+0x337/0x6f0 [ 11.940205] ret_from_fork+0x116/0x1d0 [ 11.940389] ret_from_fork_asm+0x1a/0x30 [ 11.940774] [ 11.940881] The buggy address belongs to the object at ffff8881029db700 [ 11.940881] which belongs to the cache kmalloc-128 of size 128 [ 11.941505] The buggy address is located 0 bytes inside of [ 11.941505] freed 128-byte region [ffff8881029db700, ffff8881029db780) [ 11.941959] [ 11.942060] The buggy address belongs to the physical page: [ 11.942348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.942652] flags: 0x200000000000000(node=0|zone=2) [ 11.942819] page_type: f5(slab) [ 11.942943] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.943267] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.943603] page dumped because: kasan: bad access detected [ 11.943834] [ 11.943905] Memory state around the buggy address: [ 11.944245] ffff8881029db600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.944534] ffff8881029db680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.944755] >ffff8881029db700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.945046] ^ [ 11.945492] ffff8881029db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.945834] ffff8881029db800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.946216] ================================================================== [ 11.967347] ================================================================== [ 11.967917] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 11.968281] Read of size 1 at addr ffff8881029db778 by task kunit_try_catch/214 [ 11.968605] [ 11.968713] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.968751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.968762] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.968781] Call Trace: [ 11.968796] <TASK> [ 11.968811] dump_stack_lvl+0x73/0xb0 [ 11.968836] print_report+0xd1/0x650 [ 11.968857] ? __virt_addr_valid+0x1db/0x2d0 [ 11.968878] ? ksize_uaf+0x5e4/0x6c0 [ 11.968897] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.968918] ? ksize_uaf+0x5e4/0x6c0 [ 11.968938] kasan_report+0x141/0x180 [ 11.968959] ? ksize_uaf+0x5e4/0x6c0 [ 11.968983] __asan_report_load1_noabort+0x18/0x20 [ 11.969006] ksize_uaf+0x5e4/0x6c0 [ 11.969026] ? __pfx_ksize_uaf+0x10/0x10 [ 11.969045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.969069] ? __pfx_read_tsc+0x10/0x10 [ 11.969089] ? ktime_get_ts64+0x86/0x230 [ 11.969123] kunit_try_run_case+0x1a5/0x480 [ 11.969145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.969165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.969188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.969209] ? __kthread_parkme+0x82/0x180 [ 11.969288] ? preempt_count_sub+0x50/0x80 [ 11.969312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.969347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.969369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.969391] kthread+0x337/0x6f0 [ 11.969410] ? trace_preempt_on+0x20/0xc0 [ 11.969433] ? __pfx_kthread+0x10/0x10 [ 11.969453] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.969473] ? calculate_sigpending+0x7b/0xa0 [ 11.969495] ? __pfx_kthread+0x10/0x10 [ 11.969516] ret_from_fork+0x116/0x1d0 [ 11.969533] ? __pfx_kthread+0x10/0x10 [ 11.969553] ret_from_fork_asm+0x1a/0x30 [ 11.969583] </TASK> [ 11.969593] [ 11.977014] Allocated by task 214: [ 11.977243] kasan_save_stack+0x45/0x70 [ 11.977450] kasan_save_track+0x18/0x40 [ 11.977628] kasan_save_alloc_info+0x3b/0x50 [ 11.977839] __kasan_kmalloc+0xb7/0xc0 [ 11.978013] __kmalloc_cache_noprof+0x189/0x420 [ 11.978325] ksize_uaf+0xaa/0x6c0 [ 11.978467] kunit_try_run_case+0x1a5/0x480 [ 11.978673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.978888] kthread+0x337/0x6f0 [ 11.979046] ret_from_fork+0x116/0x1d0 [ 11.979293] ret_from_fork_asm+0x1a/0x30 [ 11.979527] [ 11.979613] Freed by task 214: [ 11.979768] kasan_save_stack+0x45/0x70 [ 11.979924] kasan_save_track+0x18/0x40 [ 11.980127] kasan_save_free_info+0x3f/0x60 [ 11.980323] __kasan_slab_free+0x56/0x70 [ 11.980490] kfree+0x222/0x3f0 [ 11.980608] ksize_uaf+0x12c/0x6c0 [ 11.980734] kunit_try_run_case+0x1a5/0x480 [ 11.980912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.981166] kthread+0x337/0x6f0 [ 11.981382] ret_from_fork+0x116/0x1d0 [ 11.981530] ret_from_fork_asm+0x1a/0x30 [ 11.981671] [ 11.981742] The buggy address belongs to the object at ffff8881029db700 [ 11.981742] which belongs to the cache kmalloc-128 of size 128 [ 11.982100] The buggy address is located 120 bytes inside of [ 11.982100] freed 128-byte region [ffff8881029db700, ffff8881029db780) [ 11.982554] [ 11.982648] The buggy address belongs to the physical page: [ 11.982897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.983256] flags: 0x200000000000000(node=0|zone=2) [ 11.983492] page_type: f5(slab) [ 11.983909] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.984172] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.984634] page dumped because: kasan: bad access detected [ 11.984891] [ 11.984986] Memory state around the buggy address: [ 11.985289] ffff8881029db600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.985605] ffff8881029db680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.985882] >ffff8881029db700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.986237] ^ [ 11.986524] ffff8881029db780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986743] ffff8881029db800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.987041] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 11.895343] ================================================================== [ 11.895691] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.895988] Read of size 1 at addr ffff8881029db67f by task kunit_try_catch/212 [ 11.896446] [ 11.896569] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.896612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.896623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.896642] Call Trace: [ 11.896660] <TASK> [ 11.896676] dump_stack_lvl+0x73/0xb0 [ 11.896702] print_report+0xd1/0x650 [ 11.896724] ? __virt_addr_valid+0x1db/0x2d0 [ 11.896746] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.896768] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.896789] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.896811] kasan_report+0x141/0x180 [ 11.896832] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.896859] __asan_report_load1_noabort+0x18/0x20 [ 11.896883] ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.896905] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.896926] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.896954] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.896981] kunit_try_run_case+0x1a5/0x480 [ 11.897004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.897025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.897047] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.897069] ? __kthread_parkme+0x82/0x180 [ 11.897088] ? preempt_count_sub+0x50/0x80 [ 11.897124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.897146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.897168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.897190] kthread+0x337/0x6f0 [ 11.897208] ? trace_preempt_on+0x20/0xc0 [ 11.897234] ? __pfx_kthread+0x10/0x10 [ 11.897254] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.897273] ? calculate_sigpending+0x7b/0xa0 [ 11.897296] ? __pfx_kthread+0x10/0x10 [ 11.897317] ret_from_fork+0x116/0x1d0 [ 11.897335] ? __pfx_kthread+0x10/0x10 [ 11.897354] ret_from_fork_asm+0x1a/0x30 [ 11.897384] </TASK> [ 11.897395] [ 11.908125] Allocated by task 212: [ 11.908526] kasan_save_stack+0x45/0x70 [ 11.908763] kasan_save_track+0x18/0x40 [ 11.908907] kasan_save_alloc_info+0x3b/0x50 [ 11.909060] __kasan_kmalloc+0xb7/0xc0 [ 11.909355] __kmalloc_cache_noprof+0x189/0x420 [ 11.909800] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.910286] kunit_try_run_case+0x1a5/0x480 [ 11.910681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.911157] kthread+0x337/0x6f0 [ 11.911528] ret_from_fork+0x116/0x1d0 [ 11.911928] ret_from_fork_asm+0x1a/0x30 [ 11.912366] [ 11.912548] The buggy address belongs to the object at ffff8881029db600 [ 11.912548] which belongs to the cache kmalloc-128 of size 128 [ 11.913061] The buggy address is located 12 bytes to the right of [ 11.913061] allocated 115-byte region [ffff8881029db600, ffff8881029db673) [ 11.914036] [ 11.914222] The buggy address belongs to the physical page: [ 11.914820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.915755] flags: 0x200000000000000(node=0|zone=2) [ 11.916328] page_type: f5(slab) [ 11.916737] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.917569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.917985] page dumped because: kasan: bad access detected [ 11.918224] [ 11.918392] Memory state around the buggy address: [ 11.918862] ffff8881029db500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.919667] ffff8881029db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.920408] >ffff8881029db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.920950] ^ [ 11.921225] ffff8881029db680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.921872] ffff8881029db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.922671] ================================================================== [ 11.856509] ================================================================== [ 11.856992] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.857327] Read of size 1 at addr ffff8881029db673 by task kunit_try_catch/212 [ 11.857692] [ 11.857807] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.857853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.857865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.857884] Call Trace: [ 11.857895] <TASK> [ 11.857919] dump_stack_lvl+0x73/0xb0 [ 11.857946] print_report+0xd1/0x650 [ 11.857968] ? __virt_addr_valid+0x1db/0x2d0 [ 11.857991] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.858012] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.858034] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.858056] kasan_report+0x141/0x180 [ 11.858076] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.858115] __asan_report_load1_noabort+0x18/0x20 [ 11.858139] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.858162] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.858183] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.858212] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.858238] kunit_try_run_case+0x1a5/0x480 [ 11.858261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.858282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.858304] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.858326] ? __kthread_parkme+0x82/0x180 [ 11.858345] ? preempt_count_sub+0x50/0x80 [ 11.858367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.858390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.858411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.858433] kthread+0x337/0x6f0 [ 11.858452] ? trace_preempt_on+0x20/0xc0 [ 11.858475] ? __pfx_kthread+0x10/0x10 [ 11.858495] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.858515] ? calculate_sigpending+0x7b/0xa0 [ 11.858537] ? __pfx_kthread+0x10/0x10 [ 11.858558] ret_from_fork+0x116/0x1d0 [ 11.858576] ? __pfx_kthread+0x10/0x10 [ 11.858595] ret_from_fork_asm+0x1a/0x30 [ 11.858624] </TASK> [ 11.858635] [ 11.865945] Allocated by task 212: [ 11.866117] kasan_save_stack+0x45/0x70 [ 11.866371] kasan_save_track+0x18/0x40 [ 11.866580] kasan_save_alloc_info+0x3b/0x50 [ 11.866801] __kasan_kmalloc+0xb7/0xc0 [ 11.866992] __kmalloc_cache_noprof+0x189/0x420 [ 11.867351] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.867582] kunit_try_run_case+0x1a5/0x480 [ 11.867763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.867994] kthread+0x337/0x6f0 [ 11.868181] ret_from_fork+0x116/0x1d0 [ 11.868519] ret_from_fork_asm+0x1a/0x30 [ 11.868708] [ 11.868814] The buggy address belongs to the object at ffff8881029db600 [ 11.868814] which belongs to the cache kmalloc-128 of size 128 [ 11.869385] The buggy address is located 0 bytes to the right of [ 11.869385] allocated 115-byte region [ffff8881029db600, ffff8881029db673) [ 11.869862] [ 11.869968] The buggy address belongs to the physical page: [ 11.870299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.870641] flags: 0x200000000000000(node=0|zone=2) [ 11.870842] page_type: f5(slab) [ 11.871020] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.871498] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.871737] page dumped because: kasan: bad access detected [ 11.871915] [ 11.871991] Memory state around the buggy address: [ 11.872180] ffff8881029db500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.872500] ffff8881029db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.873065] >ffff8881029db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.873298] ^ [ 11.873512] ffff8881029db680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.873734] ffff8881029db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.874300] ================================================================== [ 11.875763] ================================================================== [ 11.876138] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.876739] Read of size 1 at addr ffff8881029db678 by task kunit_try_catch/212 [ 11.876971] [ 11.877092] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.877149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.877203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.877225] Call Trace: [ 11.877244] <TASK> [ 11.877260] dump_stack_lvl+0x73/0xb0 [ 11.877286] print_report+0xd1/0x650 [ 11.877308] ? __virt_addr_valid+0x1db/0x2d0 [ 11.877330] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.877352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.877373] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.877395] kasan_report+0x141/0x180 [ 11.877416] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.877442] __asan_report_load1_noabort+0x18/0x20 [ 11.877466] ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.877489] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.877511] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.877539] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.877565] kunit_try_run_case+0x1a5/0x480 [ 11.877587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.877608] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.877631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.877653] ? __kthread_parkme+0x82/0x180 [ 11.877673] ? preempt_count_sub+0x50/0x80 [ 11.877695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.877718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.877739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.877762] kthread+0x337/0x6f0 [ 11.877783] ? trace_preempt_on+0x20/0xc0 [ 11.877807] ? __pfx_kthread+0x10/0x10 [ 11.877828] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.877847] ? calculate_sigpending+0x7b/0xa0 [ 11.877871] ? __pfx_kthread+0x10/0x10 [ 11.877891] ret_from_fork+0x116/0x1d0 [ 11.877909] ? __pfx_kthread+0x10/0x10 [ 11.877929] ret_from_fork_asm+0x1a/0x30 [ 11.877960] </TASK> [ 11.877971] [ 11.885732] Allocated by task 212: [ 11.885905] kasan_save_stack+0x45/0x70 [ 11.886132] kasan_save_track+0x18/0x40 [ 11.886393] kasan_save_alloc_info+0x3b/0x50 [ 11.886575] __kasan_kmalloc+0xb7/0xc0 [ 11.886745] __kmalloc_cache_noprof+0x189/0x420 [ 11.886943] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.887155] kunit_try_run_case+0x1a5/0x480 [ 11.887572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.887823] kthread+0x337/0x6f0 [ 11.887980] ret_from_fork+0x116/0x1d0 [ 11.888191] ret_from_fork_asm+0x1a/0x30 [ 11.888681] [ 11.888787] The buggy address belongs to the object at ffff8881029db600 [ 11.888787] which belongs to the cache kmalloc-128 of size 128 [ 11.889237] The buggy address is located 5 bytes to the right of [ 11.889237] allocated 115-byte region [ffff8881029db600, ffff8881029db673) [ 11.890042] [ 11.890131] The buggy address belongs to the physical page: [ 11.890313] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.890560] flags: 0x200000000000000(node=0|zone=2) [ 11.890857] page_type: f5(slab) [ 11.891031] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.891658] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.891894] page dumped because: kasan: bad access detected [ 11.892071] [ 11.892226] Memory state around the buggy address: [ 11.892596] ffff8881029db500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.893358] ffff8881029db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.893688] >ffff8881029db600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.893972] ^ [ 11.894326] ffff8881029db680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.894596] ffff8881029db700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.894813] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.829023] ================================================================== [ 11.829844] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.830425] Free of addr ffff888101745ec0 by task kunit_try_catch/210 [ 11.830741] [ 11.830836] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.830877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.830889] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.830909] Call Trace: [ 11.830923] <TASK> [ 11.830939] dump_stack_lvl+0x73/0xb0 [ 11.832581] print_report+0xd1/0x650 [ 11.832623] ? __virt_addr_valid+0x1db/0x2d0 [ 11.832648] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.832670] ? kfree_sensitive+0x2e/0x90 [ 11.832692] kasan_report_invalid_free+0x10a/0x130 [ 11.832717] ? kfree_sensitive+0x2e/0x90 [ 11.832738] ? kfree_sensitive+0x2e/0x90 [ 11.832756] check_slab_allocation+0x101/0x130 [ 11.832777] __kasan_slab_pre_free+0x28/0x40 [ 11.832798] kfree+0xf0/0x3f0 [ 11.832820] ? kfree_sensitive+0x2e/0x90 [ 11.832841] kfree_sensitive+0x2e/0x90 [ 11.832860] kmalloc_double_kzfree+0x19c/0x350 [ 11.832883] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.832906] ? __schedule+0x10cc/0x2b60 [ 11.832927] ? __pfx_read_tsc+0x10/0x10 [ 11.832948] ? ktime_get_ts64+0x86/0x230 [ 11.832971] kunit_try_run_case+0x1a5/0x480 [ 11.832995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.833016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.833039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.833061] ? __kthread_parkme+0x82/0x180 [ 11.833079] ? preempt_count_sub+0x50/0x80 [ 11.833126] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.833149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.833341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.833364] kthread+0x337/0x6f0 [ 11.833383] ? trace_preempt_on+0x20/0xc0 [ 11.833406] ? __pfx_kthread+0x10/0x10 [ 11.833427] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.833447] ? calculate_sigpending+0x7b/0xa0 [ 11.833470] ? __pfx_kthread+0x10/0x10 [ 11.833490] ret_from_fork+0x116/0x1d0 [ 11.833508] ? __pfx_kthread+0x10/0x10 [ 11.833527] ret_from_fork_asm+0x1a/0x30 [ 11.833557] </TASK> [ 11.833569] [ 11.841055] Allocated by task 210: [ 11.841411] kasan_save_stack+0x45/0x70 [ 11.841620] kasan_save_track+0x18/0x40 [ 11.841817] kasan_save_alloc_info+0x3b/0x50 [ 11.842017] __kasan_kmalloc+0xb7/0xc0 [ 11.842348] __kmalloc_cache_noprof+0x189/0x420 [ 11.842591] kmalloc_double_kzfree+0xa9/0x350 [ 11.842786] kunit_try_run_case+0x1a5/0x480 [ 11.842932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.843122] kthread+0x337/0x6f0 [ 11.843301] ret_from_fork+0x116/0x1d0 [ 11.843491] ret_from_fork_asm+0x1a/0x30 [ 11.843863] [ 11.844016] Freed by task 210: [ 11.844183] kasan_save_stack+0x45/0x70 [ 11.844451] kasan_save_track+0x18/0x40 [ 11.844622] kasan_save_free_info+0x3f/0x60 [ 11.844809] __kasan_slab_free+0x56/0x70 [ 11.845000] kfree+0x222/0x3f0 [ 11.845149] kfree_sensitive+0x67/0x90 [ 11.845282] kmalloc_double_kzfree+0x12b/0x350 [ 11.845434] kunit_try_run_case+0x1a5/0x480 [ 11.845579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.845792] kthread+0x337/0x6f0 [ 11.845957] ret_from_fork+0x116/0x1d0 [ 11.846143] ret_from_fork_asm+0x1a/0x30 [ 11.846342] [ 11.846586] The buggy address belongs to the object at ffff888101745ec0 [ 11.846586] which belongs to the cache kmalloc-16 of size 16 [ 11.847066] The buggy address is located 0 bytes inside of [ 11.847066] 16-byte region [ffff888101745ec0, ffff888101745ed0) [ 11.847840] [ 11.847925] The buggy address belongs to the physical page: [ 11.848235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 11.848553] flags: 0x200000000000000(node=0|zone=2) [ 11.848721] page_type: f5(slab) [ 11.848842] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.849142] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.849705] page dumped because: kasan: bad access detected [ 11.849969] [ 11.850061] Memory state around the buggy address: [ 11.850576] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 11.850903] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.851152] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 11.851488] ^ [ 11.851766] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.851984] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.852571] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.803741] ================================================================== [ 11.804358] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.804828] Read of size 1 at addr ffff888101745ec0 by task kunit_try_catch/210 [ 11.805129] [ 11.805299] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.805344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.805355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.805376] Call Trace: [ 11.805388] <TASK> [ 11.805404] dump_stack_lvl+0x73/0xb0 [ 11.805433] print_report+0xd1/0x650 [ 11.805456] ? __virt_addr_valid+0x1db/0x2d0 [ 11.805479] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.805501] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.805522] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.805544] kasan_report+0x141/0x180 [ 11.805565] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.805590] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.805612] __kasan_check_byte+0x3d/0x50 [ 11.805633] kfree_sensitive+0x22/0x90 [ 11.805655] kmalloc_double_kzfree+0x19c/0x350 [ 11.805677] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.805699] ? __schedule+0x10cc/0x2b60 [ 11.805720] ? __pfx_read_tsc+0x10/0x10 [ 11.805741] ? ktime_get_ts64+0x86/0x230 [ 11.805765] kunit_try_run_case+0x1a5/0x480 [ 11.805789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.805809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.805831] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.805853] ? __kthread_parkme+0x82/0x180 [ 11.805873] ? preempt_count_sub+0x50/0x80 [ 11.805897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.805920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.805941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.805962] kthread+0x337/0x6f0 [ 11.805981] ? trace_preempt_on+0x20/0xc0 [ 11.806003] ? __pfx_kthread+0x10/0x10 [ 11.806023] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.806042] ? calculate_sigpending+0x7b/0xa0 [ 11.806065] ? __pfx_kthread+0x10/0x10 [ 11.806085] ret_from_fork+0x116/0x1d0 [ 11.806116] ? __pfx_kthread+0x10/0x10 [ 11.806136] ret_from_fork_asm+0x1a/0x30 [ 11.806167] </TASK> [ 11.806179] [ 11.816371] Allocated by task 210: [ 11.816557] kasan_save_stack+0x45/0x70 [ 11.816731] kasan_save_track+0x18/0x40 [ 11.816889] kasan_save_alloc_info+0x3b/0x50 [ 11.817094] __kasan_kmalloc+0xb7/0xc0 [ 11.817378] __kmalloc_cache_noprof+0x189/0x420 [ 11.817625] kmalloc_double_kzfree+0xa9/0x350 [ 11.817779] kunit_try_run_case+0x1a5/0x480 [ 11.817959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.818298] kthread+0x337/0x6f0 [ 11.818545] ret_from_fork+0x116/0x1d0 [ 11.818720] ret_from_fork_asm+0x1a/0x30 [ 11.818904] [ 11.818978] Freed by task 210: [ 11.819125] kasan_save_stack+0x45/0x70 [ 11.819270] kasan_save_track+0x18/0x40 [ 11.819405] kasan_save_free_info+0x3f/0x60 [ 11.819551] __kasan_slab_free+0x56/0x70 [ 11.819737] kfree+0x222/0x3f0 [ 11.819897] kfree_sensitive+0x67/0x90 [ 11.820118] kmalloc_double_kzfree+0x12b/0x350 [ 11.820403] kunit_try_run_case+0x1a5/0x480 [ 11.820618] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.820827] kthread+0x337/0x6f0 [ 11.820992] ret_from_fork+0x116/0x1d0 [ 11.821153] ret_from_fork_asm+0x1a/0x30 [ 11.821448] [ 11.821532] The buggy address belongs to the object at ffff888101745ec0 [ 11.821532] which belongs to the cache kmalloc-16 of size 16 [ 11.821939] The buggy address is located 0 bytes inside of [ 11.821939] freed 16-byte region [ffff888101745ec0, ffff888101745ed0) [ 11.822382] [ 11.822482] The buggy address belongs to the physical page: [ 11.822788] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 11.823210] flags: 0x200000000000000(node=0|zone=2) [ 11.823560] page_type: f5(slab) [ 11.823722] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.824025] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.824444] page dumped because: kasan: bad access detected [ 11.824665] [ 11.824735] Memory state around the buggy address: [ 11.824924] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 11.825161] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.826162] >ffff888101745e80: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 11.826508] ^ [ 11.827914] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828170] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828392] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.775490] ================================================================== [ 11.775916] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.776289] Read of size 1 at addr ffff8881038d51a8 by task kunit_try_catch/206 [ 11.776633] [ 11.776745] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.776792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.776804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.776824] Call Trace: [ 11.776836] <TASK> [ 11.776854] dump_stack_lvl+0x73/0xb0 [ 11.776881] print_report+0xd1/0x650 [ 11.776904] ? __virt_addr_valid+0x1db/0x2d0 [ 11.776927] ? kmalloc_uaf2+0x4a8/0x520 [ 11.776946] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.776968] ? kmalloc_uaf2+0x4a8/0x520 [ 11.776987] kasan_report+0x141/0x180 [ 11.777008] ? kmalloc_uaf2+0x4a8/0x520 [ 11.777032] __asan_report_load1_noabort+0x18/0x20 [ 11.777055] kmalloc_uaf2+0x4a8/0x520 [ 11.777075] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.777093] ? finish_task_switch.isra.0+0x153/0x700 [ 11.777125] ? __switch_to+0x47/0xf50 [ 11.777152] ? __schedule+0x10cc/0x2b60 [ 11.777173] ? __pfx_read_tsc+0x10/0x10 [ 11.777193] ? ktime_get_ts64+0x86/0x230 [ 11.777217] kunit_try_run_case+0x1a5/0x480 [ 11.777240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.777261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.777284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.777306] ? __kthread_parkme+0x82/0x180 [ 11.777325] ? preempt_count_sub+0x50/0x80 [ 11.777358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.777381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.777403] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.777425] kthread+0x337/0x6f0 [ 11.777444] ? trace_preempt_on+0x20/0xc0 [ 11.777468] ? __pfx_kthread+0x10/0x10 [ 11.777488] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.777508] ? calculate_sigpending+0x7b/0xa0 [ 11.777531] ? __pfx_kthread+0x10/0x10 [ 11.777551] ret_from_fork+0x116/0x1d0 [ 11.777569] ? __pfx_kthread+0x10/0x10 [ 11.777588] ret_from_fork_asm+0x1a/0x30 [ 11.777631] </TASK> [ 11.777643] [ 11.784891] Allocated by task 206: [ 11.785078] kasan_save_stack+0x45/0x70 [ 11.785366] kasan_save_track+0x18/0x40 [ 11.785572] kasan_save_alloc_info+0x3b/0x50 [ 11.785828] __kasan_kmalloc+0xb7/0xc0 [ 11.786028] __kmalloc_cache_noprof+0x189/0x420 [ 11.786450] kmalloc_uaf2+0xc6/0x520 [ 11.786643] kunit_try_run_case+0x1a5/0x480 [ 11.786827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.787035] kthread+0x337/0x6f0 [ 11.787215] ret_from_fork+0x116/0x1d0 [ 11.787428] ret_from_fork_asm+0x1a/0x30 [ 11.787573] [ 11.787645] Freed by task 206: [ 11.787758] kasan_save_stack+0x45/0x70 [ 11.788060] kasan_save_track+0x18/0x40 [ 11.788285] kasan_save_free_info+0x3f/0x60 [ 11.788538] __kasan_slab_free+0x56/0x70 [ 11.788729] kfree+0x222/0x3f0 [ 11.789000] kmalloc_uaf2+0x14c/0x520 [ 11.789348] kunit_try_run_case+0x1a5/0x480 [ 11.789539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.789781] kthread+0x337/0x6f0 [ 11.789916] ret_from_fork+0x116/0x1d0 [ 11.790100] ret_from_fork_asm+0x1a/0x30 [ 11.790407] [ 11.790506] The buggy address belongs to the object at ffff8881038d5180 [ 11.790506] which belongs to the cache kmalloc-64 of size 64 [ 11.790888] The buggy address is located 40 bytes inside of [ 11.790888] freed 64-byte region [ffff8881038d5180, ffff8881038d51c0) [ 11.791482] [ 11.791584] The buggy address belongs to the physical page: [ 11.791825] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 11.792071] flags: 0x200000000000000(node=0|zone=2) [ 11.792253] page_type: f5(slab) [ 11.792397] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.792739] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.793125] page dumped because: kasan: bad access detected [ 11.793470] [ 11.793566] Memory state around the buggy address: [ 11.793768] ffff8881038d5080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.794026] ffff8881038d5100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.794260] >ffff8881038d5180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.794766] ^ [ 11.794986] ffff8881038d5200: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.795271] ffff8881038d5280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.795685] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.746423] ================================================================== [ 11.747010] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.748313] Write of size 33 at addr ffff888103338600 by task kunit_try_catch/204 [ 11.749380] [ 11.749597] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.749646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.749657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.749685] Call Trace: [ 11.749698] <TASK> [ 11.749714] dump_stack_lvl+0x73/0xb0 [ 11.749743] print_report+0xd1/0x650 [ 11.749766] ? __virt_addr_valid+0x1db/0x2d0 [ 11.749788] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.749807] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.749828] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.749848] kasan_report+0x141/0x180 [ 11.749869] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.749893] kasan_check_range+0x10c/0x1c0 [ 11.749915] __asan_memset+0x27/0x50 [ 11.749934] kmalloc_uaf_memset+0x1a3/0x360 [ 11.749954] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.749976] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.750000] kunit_try_run_case+0x1a5/0x480 [ 11.750024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.750044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.750067] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.750088] ? __kthread_parkme+0x82/0x180 [ 11.750120] ? preempt_count_sub+0x50/0x80 [ 11.750142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.750189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.750212] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.750234] kthread+0x337/0x6f0 [ 11.750285] ? trace_preempt_on+0x20/0xc0 [ 11.750311] ? __pfx_kthread+0x10/0x10 [ 11.750346] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.750366] ? calculate_sigpending+0x7b/0xa0 [ 11.750388] ? __pfx_kthread+0x10/0x10 [ 11.750409] ret_from_fork+0x116/0x1d0 [ 11.750426] ? __pfx_kthread+0x10/0x10 [ 11.750445] ret_from_fork_asm+0x1a/0x30 [ 11.750485] </TASK> [ 11.750497] [ 11.760139] Allocated by task 204: [ 11.760470] kasan_save_stack+0x45/0x70 [ 11.760675] kasan_save_track+0x18/0x40 [ 11.760856] kasan_save_alloc_info+0x3b/0x50 [ 11.761077] __kasan_kmalloc+0xb7/0xc0 [ 11.761396] __kmalloc_cache_noprof+0x189/0x420 [ 11.761597] kmalloc_uaf_memset+0xa9/0x360 [ 11.761764] kunit_try_run_case+0x1a5/0x480 [ 11.761977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.762261] kthread+0x337/0x6f0 [ 11.762570] ret_from_fork+0x116/0x1d0 [ 11.762932] ret_from_fork_asm+0x1a/0x30 [ 11.763077] [ 11.763158] Freed by task 204: [ 11.763275] kasan_save_stack+0x45/0x70 [ 11.763471] kasan_save_track+0x18/0x40 [ 11.763755] kasan_save_free_info+0x3f/0x60 [ 11.763985] __kasan_slab_free+0x56/0x70 [ 11.764272] kfree+0x222/0x3f0 [ 11.764711] kmalloc_uaf_memset+0x12b/0x360 [ 11.764893] kunit_try_run_case+0x1a5/0x480 [ 11.765041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.765284] kthread+0x337/0x6f0 [ 11.765450] ret_from_fork+0x116/0x1d0 [ 11.765634] ret_from_fork_asm+0x1a/0x30 [ 11.766010] [ 11.766085] The buggy address belongs to the object at ffff888103338600 [ 11.766085] which belongs to the cache kmalloc-64 of size 64 [ 11.766835] The buggy address is located 0 bytes inside of [ 11.766835] freed 64-byte region [ffff888103338600, ffff888103338640) [ 11.767483] [ 11.767599] The buggy address belongs to the physical page: [ 11.767839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103338 [ 11.768189] flags: 0x200000000000000(node=0|zone=2) [ 11.768765] page_type: f5(slab) [ 11.768918] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.769333] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.769692] page dumped because: kasan: bad access detected [ 11.769923] [ 11.770127] Memory state around the buggy address: [ 11.770409] ffff888103338500: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 11.770747] ffff888103338580: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.771073] >ffff888103338600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.771459] ^ [ 11.771576] ffff888103338680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.771791] ffff888103338700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.772373] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.714584] ================================================================== [ 11.715081] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.715730] Read of size 1 at addr ffff888101745ea8 by task kunit_try_catch/202 [ 11.716408] [ 11.716541] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.716592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.716604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.716626] Call Trace: [ 11.716639] <TASK> [ 11.716659] dump_stack_lvl+0x73/0xb0 [ 11.716692] print_report+0xd1/0x650 [ 11.716819] ? __virt_addr_valid+0x1db/0x2d0 [ 11.716845] ? kmalloc_uaf+0x320/0x380 [ 11.716864] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.716885] ? kmalloc_uaf+0x320/0x380 [ 11.716904] kasan_report+0x141/0x180 [ 11.716925] ? kmalloc_uaf+0x320/0x380 [ 11.716948] __asan_report_load1_noabort+0x18/0x20 [ 11.716971] kmalloc_uaf+0x320/0x380 [ 11.716991] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.717011] ? __schedule+0x10cc/0x2b60 [ 11.717034] ? __pfx_read_tsc+0x10/0x10 [ 11.717055] ? ktime_get_ts64+0x86/0x230 [ 11.717080] kunit_try_run_case+0x1a5/0x480 [ 11.717119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.717140] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.717353] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.717378] ? __kthread_parkme+0x82/0x180 [ 11.717400] ? preempt_count_sub+0x50/0x80 [ 11.717424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.717447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.717469] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.717491] kthread+0x337/0x6f0 [ 11.717509] ? trace_preempt_on+0x20/0xc0 [ 11.717533] ? __pfx_kthread+0x10/0x10 [ 11.717552] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.717572] ? calculate_sigpending+0x7b/0xa0 [ 11.717596] ? __pfx_kthread+0x10/0x10 [ 11.717616] ret_from_fork+0x116/0x1d0 [ 11.717634] ? __pfx_kthread+0x10/0x10 [ 11.717653] ret_from_fork_asm+0x1a/0x30 [ 11.717683] </TASK> [ 11.717695] [ 11.728305] Allocated by task 202: [ 11.728691] kasan_save_stack+0x45/0x70 [ 11.728980] kasan_save_track+0x18/0x40 [ 11.729416] kasan_save_alloc_info+0x3b/0x50 [ 11.729760] __kasan_kmalloc+0xb7/0xc0 [ 11.730029] __kmalloc_cache_noprof+0x189/0x420 [ 11.730258] kmalloc_uaf+0xaa/0x380 [ 11.730512] kunit_try_run_case+0x1a5/0x480 [ 11.730695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.730950] kthread+0x337/0x6f0 [ 11.731122] ret_from_fork+0x116/0x1d0 [ 11.731744] ret_from_fork_asm+0x1a/0x30 [ 11.732012] [ 11.732127] Freed by task 202: [ 11.732552] kasan_save_stack+0x45/0x70 [ 11.732704] kasan_save_track+0x18/0x40 [ 11.733020] kasan_save_free_info+0x3f/0x60 [ 11.733399] __kasan_slab_free+0x56/0x70 [ 11.733591] kfree+0x222/0x3f0 [ 11.733757] kmalloc_uaf+0x12c/0x380 [ 11.733925] kunit_try_run_case+0x1a5/0x480 [ 11.734147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.734784] kthread+0x337/0x6f0 [ 11.734950] ret_from_fork+0x116/0x1d0 [ 11.735389] ret_from_fork_asm+0x1a/0x30 [ 11.735785] [ 11.735875] The buggy address belongs to the object at ffff888101745ea0 [ 11.735875] which belongs to the cache kmalloc-16 of size 16 [ 11.736817] The buggy address is located 8 bytes inside of [ 11.736817] freed 16-byte region [ffff888101745ea0, ffff888101745eb0) [ 11.737595] [ 11.737698] The buggy address belongs to the physical page: [ 11.737945] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 11.738312] flags: 0x200000000000000(node=0|zone=2) [ 11.738959] page_type: f5(slab) [ 11.739333] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.739703] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.740092] page dumped because: kasan: bad access detected [ 11.740525] [ 11.740628] Memory state around the buggy address: [ 11.740834] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 11.741177] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.741806] >ffff888101745e80: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.742324] ^ [ 11.742648] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.743048] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.743636] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.683125] ================================================================== [ 11.683673] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.684006] Read of size 64 at addr ffff88810335cf04 by task kunit_try_catch/200 [ 11.684393] [ 11.684517] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.684562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.684574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.684596] Call Trace: [ 11.684609] <TASK> [ 11.684628] dump_stack_lvl+0x73/0xb0 [ 11.684663] print_report+0xd1/0x650 [ 11.684686] ? __virt_addr_valid+0x1db/0x2d0 [ 11.684711] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.684737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.684758] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.684782] kasan_report+0x141/0x180 [ 11.684805] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.684833] kasan_check_range+0x10c/0x1c0 [ 11.684856] __asan_memmove+0x27/0x70 [ 11.684876] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.684900] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.684924] ? __schedule+0x10cc/0x2b60 [ 11.684946] ? __pfx_read_tsc+0x10/0x10 [ 11.684967] ? ktime_get_ts64+0x86/0x230 [ 11.684992] kunit_try_run_case+0x1a5/0x480 [ 11.685018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.685039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.685062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.685083] ? __kthread_parkme+0x82/0x180 [ 11.685119] ? preempt_count_sub+0x50/0x80 [ 11.685143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.685211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.685235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.685257] kthread+0x337/0x6f0 [ 11.685278] ? trace_preempt_on+0x20/0xc0 [ 11.685305] ? __pfx_kthread+0x10/0x10 [ 11.685326] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.685347] ? calculate_sigpending+0x7b/0xa0 [ 11.685371] ? __pfx_kthread+0x10/0x10 [ 11.685391] ret_from_fork+0x116/0x1d0 [ 11.685408] ? __pfx_kthread+0x10/0x10 [ 11.685428] ret_from_fork_asm+0x1a/0x30 [ 11.685458] </TASK> [ 11.685470] [ 11.695882] Allocated by task 200: [ 11.696348] kasan_save_stack+0x45/0x70 [ 11.696654] kasan_save_track+0x18/0x40 [ 11.696915] kasan_save_alloc_info+0x3b/0x50 [ 11.697094] __kasan_kmalloc+0xb7/0xc0 [ 11.697408] __kmalloc_cache_noprof+0x189/0x420 [ 11.697630] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.697879] kunit_try_run_case+0x1a5/0x480 [ 11.698089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.698335] kthread+0x337/0x6f0 [ 11.698908] ret_from_fork+0x116/0x1d0 [ 11.699073] ret_from_fork_asm+0x1a/0x30 [ 11.699319] [ 11.699790] The buggy address belongs to the object at ffff88810335cf00 [ 11.699790] which belongs to the cache kmalloc-64 of size 64 [ 11.700560] The buggy address is located 4 bytes inside of [ 11.700560] allocated 64-byte region [ffff88810335cf00, ffff88810335cf40) [ 11.701059] [ 11.701158] The buggy address belongs to the physical page: [ 11.701706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10335c [ 11.702138] flags: 0x200000000000000(node=0|zone=2) [ 11.702565] page_type: f5(slab) [ 11.702783] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.703213] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.703749] page dumped because: kasan: bad access detected [ 11.703998] [ 11.704095] Memory state around the buggy address: [ 11.705177] ffff88810335ce00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 11.705606] ffff88810335ce80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.705906] >ffff88810335cf00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.706233] ^ [ 11.707431] ffff88810335cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.708248] ffff88810335d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.708772] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.658492] ================================================================== [ 11.658989] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.659910] Read of size 18446744073709551614 at addr ffff888103338404 by task kunit_try_catch/198 [ 11.661052] [ 11.661276] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.661335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.661348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.661369] Call Trace: [ 11.661380] <TASK> [ 11.661395] dump_stack_lvl+0x73/0xb0 [ 11.661424] print_report+0xd1/0x650 [ 11.661446] ? __virt_addr_valid+0x1db/0x2d0 [ 11.661469] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.661492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.661513] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.661559] kasan_report+0x141/0x180 [ 11.661581] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.661609] kasan_check_range+0x10c/0x1c0 [ 11.661631] __asan_memmove+0x27/0x70 [ 11.661650] kmalloc_memmove_negative_size+0x171/0x330 [ 11.661673] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.661697] ? __schedule+0x10cc/0x2b60 [ 11.661718] ? __pfx_read_tsc+0x10/0x10 [ 11.661739] ? ktime_get_ts64+0x86/0x230 [ 11.661762] kunit_try_run_case+0x1a5/0x480 [ 11.661787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.661807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.661830] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.661851] ? __kthread_parkme+0x82/0x180 [ 11.661870] ? preempt_count_sub+0x50/0x80 [ 11.661893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.661914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.661936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.661957] kthread+0x337/0x6f0 [ 11.661975] ? trace_preempt_on+0x20/0xc0 [ 11.661999] ? __pfx_kthread+0x10/0x10 [ 11.662018] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.662038] ? calculate_sigpending+0x7b/0xa0 [ 11.662060] ? __pfx_kthread+0x10/0x10 [ 11.662080] ret_from_fork+0x116/0x1d0 [ 11.662097] ? __pfx_kthread+0x10/0x10 [ 11.662129] ret_from_fork_asm+0x1a/0x30 [ 11.662174] </TASK> [ 11.662186] [ 11.671289] Allocated by task 198: [ 11.671643] kasan_save_stack+0x45/0x70 [ 11.671851] kasan_save_track+0x18/0x40 [ 11.672127] kasan_save_alloc_info+0x3b/0x50 [ 11.672280] __kasan_kmalloc+0xb7/0xc0 [ 11.672413] __kmalloc_cache_noprof+0x189/0x420 [ 11.672670] kmalloc_memmove_negative_size+0xac/0x330 [ 11.673016] kunit_try_run_case+0x1a5/0x480 [ 11.673244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.673608] kthread+0x337/0x6f0 [ 11.673737] ret_from_fork+0x116/0x1d0 [ 11.673878] ret_from_fork_asm+0x1a/0x30 [ 11.674081] [ 11.674267] The buggy address belongs to the object at ffff888103338400 [ 11.674267] which belongs to the cache kmalloc-64 of size 64 [ 11.674808] The buggy address is located 4 bytes inside of [ 11.674808] 64-byte region [ffff888103338400, ffff888103338440) [ 11.675321] [ 11.675423] The buggy address belongs to the physical page: [ 11.675723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103338 [ 11.676039] flags: 0x200000000000000(node=0|zone=2) [ 11.676218] page_type: f5(slab) [ 11.676342] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.676657] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.676991] page dumped because: kasan: bad access detected [ 11.677464] [ 11.677538] Memory state around the buggy address: [ 11.677697] ffff888103338300: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.677979] ffff888103338380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.678333] >ffff888103338400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.678650] ^ [ 11.678812] ffff888103338480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.679100] ffff888103338500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.679498] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.627829] ================================================================== [ 11.628623] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.629245] Write of size 16 at addr ffff888103328869 by task kunit_try_catch/196 [ 11.630045] [ 11.630359] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.630406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.630417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.630437] Call Trace: [ 11.630451] <TASK> [ 11.630486] dump_stack_lvl+0x73/0xb0 [ 11.630515] print_report+0xd1/0x650 [ 11.630538] ? __virt_addr_valid+0x1db/0x2d0 [ 11.630563] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.630585] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.630606] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.630627] kasan_report+0x141/0x180 [ 11.630648] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.630673] kasan_check_range+0x10c/0x1c0 [ 11.630696] __asan_memset+0x27/0x50 [ 11.630715] kmalloc_oob_memset_16+0x166/0x330 [ 11.630737] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.630758] ? __schedule+0x10cc/0x2b60 [ 11.630779] ? __pfx_read_tsc+0x10/0x10 [ 11.630800] ? ktime_get_ts64+0x86/0x230 [ 11.630824] kunit_try_run_case+0x1a5/0x480 [ 11.630849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.630870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.630894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.630916] ? __kthread_parkme+0x82/0x180 [ 11.630936] ? preempt_count_sub+0x50/0x80 [ 11.630958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.630980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.631002] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.631023] kthread+0x337/0x6f0 [ 11.631042] ? trace_preempt_on+0x20/0xc0 [ 11.631065] ? __pfx_kthread+0x10/0x10 [ 11.631084] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.631115] ? calculate_sigpending+0x7b/0xa0 [ 11.631163] ? __pfx_kthread+0x10/0x10 [ 11.631184] ret_from_fork+0x116/0x1d0 [ 11.631201] ? __pfx_kthread+0x10/0x10 [ 11.631227] ret_from_fork_asm+0x1a/0x30 [ 11.631269] </TASK> [ 11.631280] [ 11.643944] Allocated by task 196: [ 11.644433] kasan_save_stack+0x45/0x70 [ 11.644821] kasan_save_track+0x18/0x40 [ 11.645068] kasan_save_alloc_info+0x3b/0x50 [ 11.645235] __kasan_kmalloc+0xb7/0xc0 [ 11.645371] __kmalloc_cache_noprof+0x189/0x420 [ 11.645529] kmalloc_oob_memset_16+0xac/0x330 [ 11.645677] kunit_try_run_case+0x1a5/0x480 [ 11.645823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.645999] kthread+0x337/0x6f0 [ 11.646228] ret_from_fork+0x116/0x1d0 [ 11.646622] ret_from_fork_asm+0x1a/0x30 [ 11.646996] [ 11.647240] The buggy address belongs to the object at ffff888103328800 [ 11.647240] which belongs to the cache kmalloc-128 of size 128 [ 11.648425] The buggy address is located 105 bytes inside of [ 11.648425] allocated 120-byte region [ffff888103328800, ffff888103328878) [ 11.649577] [ 11.649742] The buggy address belongs to the physical page: [ 11.650320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103328 [ 11.651015] flags: 0x200000000000000(node=0|zone=2) [ 11.651473] page_type: f5(slab) [ 11.651603] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.651835] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.652060] page dumped because: kasan: bad access detected [ 11.652439] [ 11.652515] Memory state around the buggy address: [ 11.652741] ffff888103328700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.653028] ffff888103328780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.653511] >ffff888103328800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.653820] ^ [ 11.654063] ffff888103328880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.654503] ffff888103328900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.654765] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.599853] ================================================================== [ 11.601007] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.601938] Write of size 8 at addr ffff888103328771 by task kunit_try_catch/194 [ 11.602208] [ 11.602490] CPU: 1 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.602544] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.602557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.602576] Call Trace: [ 11.602588] <TASK> [ 11.602604] dump_stack_lvl+0x73/0xb0 [ 11.602631] print_report+0xd1/0x650 [ 11.602653] ? __virt_addr_valid+0x1db/0x2d0 [ 11.602674] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.602694] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.602715] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.602736] kasan_report+0x141/0x180 [ 11.602756] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.602781] kasan_check_range+0x10c/0x1c0 [ 11.602803] __asan_memset+0x27/0x50 [ 11.602822] kmalloc_oob_memset_8+0x166/0x330 [ 11.602844] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.602865] ? __schedule+0x10cc/0x2b60 [ 11.602886] ? __pfx_read_tsc+0x10/0x10 [ 11.602906] ? ktime_get_ts64+0x86/0x230 [ 11.602928] kunit_try_run_case+0x1a5/0x480 [ 11.602952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.602972] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.602994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.603016] ? __kthread_parkme+0x82/0x180 [ 11.603034] ? preempt_count_sub+0x50/0x80 [ 11.603057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.603079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.603102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.603137] kthread+0x337/0x6f0 [ 11.603242] ? trace_preempt_on+0x20/0xc0 [ 11.603272] ? __pfx_kthread+0x10/0x10 [ 11.603295] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.603316] ? calculate_sigpending+0x7b/0xa0 [ 11.603339] ? __pfx_kthread+0x10/0x10 [ 11.603360] ret_from_fork+0x116/0x1d0 [ 11.603379] ? __pfx_kthread+0x10/0x10 [ 11.603398] ret_from_fork_asm+0x1a/0x30 [ 11.603428] </TASK> [ 11.603439] [ 11.613506] Allocated by task 194: [ 11.613675] kasan_save_stack+0x45/0x70 [ 11.614064] kasan_save_track+0x18/0x40 [ 11.614401] kasan_save_alloc_info+0x3b/0x50 [ 11.614723] __kasan_kmalloc+0xb7/0xc0 [ 11.614998] __kmalloc_cache_noprof+0x189/0x420 [ 11.615364] kmalloc_oob_memset_8+0xac/0x330 [ 11.615668] kunit_try_run_case+0x1a5/0x480 [ 11.615991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.616419] kthread+0x337/0x6f0 [ 11.616601] ret_from_fork+0x116/0x1d0 [ 11.616792] ret_from_fork_asm+0x1a/0x30 [ 11.616984] [ 11.617080] The buggy address belongs to the object at ffff888103328700 [ 11.617080] which belongs to the cache kmalloc-128 of size 128 [ 11.617969] The buggy address is located 113 bytes inside of [ 11.617969] allocated 120-byte region [ffff888103328700, ffff888103328778) [ 11.618605] [ 11.618717] The buggy address belongs to the physical page: [ 11.618984] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103328 [ 11.619337] flags: 0x200000000000000(node=0|zone=2) [ 11.619825] page_type: f5(slab) [ 11.619996] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.620613] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.620976] page dumped because: kasan: bad access detected [ 11.621502] [ 11.621699] Memory state around the buggy address: [ 11.621922] ffff888103328600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.622472] ffff888103328680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.622864] >ffff888103328700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.623139] ^ [ 11.623732] ffff888103328780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.624082] ffff888103328800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.624519] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.570250] ================================================================== [ 11.570729] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.571034] Write of size 4 at addr ffff8881029db575 by task kunit_try_catch/192 [ 11.572585] [ 11.572689] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.572733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.572745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.572764] Call Trace: [ 11.572776] <TASK> [ 11.572790] dump_stack_lvl+0x73/0xb0 [ 11.572820] print_report+0xd1/0x650 [ 11.572843] ? __virt_addr_valid+0x1db/0x2d0 [ 11.572866] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.572886] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.572908] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.572929] kasan_report+0x141/0x180 [ 11.572950] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.572975] kasan_check_range+0x10c/0x1c0 [ 11.572998] __asan_memset+0x27/0x50 [ 11.573016] kmalloc_oob_memset_4+0x166/0x330 [ 11.573036] ? __kasan_check_write+0x18/0x20 [ 11.573056] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.573077] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.573101] ? trace_hardirqs_on+0x37/0xe0 [ 11.573139] ? __pfx_read_tsc+0x10/0x10 [ 11.573160] ? ktime_get_ts64+0x86/0x230 [ 11.573183] kunit_try_run_case+0x1a5/0x480 [ 11.573207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.573230] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.573254] ? __kthread_parkme+0x82/0x180 [ 11.573275] ? preempt_count_sub+0x50/0x80 [ 11.573298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.573320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.573341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.573364] kthread+0x337/0x6f0 [ 11.573382] ? trace_preempt_on+0x20/0xc0 [ 11.573404] ? __pfx_kthread+0x10/0x10 [ 11.573424] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.573443] ? calculate_sigpending+0x7b/0xa0 [ 11.573466] ? __pfx_kthread+0x10/0x10 [ 11.573486] ret_from_fork+0x116/0x1d0 [ 11.573504] ? __pfx_kthread+0x10/0x10 [ 11.573523] ret_from_fork_asm+0x1a/0x30 [ 11.573552] </TASK> [ 11.573564] [ 11.584314] Allocated by task 192: [ 11.584639] kasan_save_stack+0x45/0x70 [ 11.585061] kasan_save_track+0x18/0x40 [ 11.585258] kasan_save_alloc_info+0x3b/0x50 [ 11.585585] __kasan_kmalloc+0xb7/0xc0 [ 11.585818] __kmalloc_cache_noprof+0x189/0x420 [ 11.586383] kmalloc_oob_memset_4+0xac/0x330 [ 11.586786] kunit_try_run_case+0x1a5/0x480 [ 11.587187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.587764] kthread+0x337/0x6f0 [ 11.588080] ret_from_fork+0x116/0x1d0 [ 11.588463] ret_from_fork_asm+0x1a/0x30 [ 11.588923] [ 11.589084] The buggy address belongs to the object at ffff8881029db500 [ 11.589084] which belongs to the cache kmalloc-128 of size 128 [ 11.590361] The buggy address is located 117 bytes inside of [ 11.590361] allocated 120-byte region [ffff8881029db500, ffff8881029db578) [ 11.590838] [ 11.590916] The buggy address belongs to the physical page: [ 11.591091] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.591471] flags: 0x200000000000000(node=0|zone=2) [ 11.591974] page_type: f5(slab) [ 11.592166] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.592815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.593137] page dumped because: kasan: bad access detected [ 11.593537] [ 11.593647] Memory state around the buggy address: [ 11.594022] ffff8881029db400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.594504] ffff8881029db480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.594940] >ffff8881029db500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.595390] ^ [ 11.595798] ffff8881029db580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.596227] ffff8881029db600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.596636] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.543559] ================================================================== [ 11.544063] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.544551] Write of size 2 at addr ffff888103328677 by task kunit_try_catch/190 [ 11.544864] [ 11.544978] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.545041] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.545052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.545073] Call Trace: [ 11.545084] <TASK> [ 11.545099] dump_stack_lvl+0x73/0xb0 [ 11.545223] print_report+0xd1/0x650 [ 11.545254] ? __virt_addr_valid+0x1db/0x2d0 [ 11.545278] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.545299] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.545343] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.545365] kasan_report+0x141/0x180 [ 11.545386] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.545411] kasan_check_range+0x10c/0x1c0 [ 11.545434] __asan_memset+0x27/0x50 [ 11.545453] kmalloc_oob_memset_2+0x166/0x330 [ 11.545474] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.545496] ? __schedule+0x10cc/0x2b60 [ 11.545517] ? __pfx_read_tsc+0x10/0x10 [ 11.545537] ? ktime_get_ts64+0x86/0x230 [ 11.545579] kunit_try_run_case+0x1a5/0x480 [ 11.545603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.545624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.545646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.545668] ? __kthread_parkme+0x82/0x180 [ 11.545687] ? preempt_count_sub+0x50/0x80 [ 11.545709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.545733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.545754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.545796] kthread+0x337/0x6f0 [ 11.545816] ? trace_preempt_on+0x20/0xc0 [ 11.545839] ? __pfx_kthread+0x10/0x10 [ 11.545859] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.545879] ? calculate_sigpending+0x7b/0xa0 [ 11.545901] ? __pfx_kthread+0x10/0x10 [ 11.545921] ret_from_fork+0x116/0x1d0 [ 11.545938] ? __pfx_kthread+0x10/0x10 [ 11.545958] ret_from_fork_asm+0x1a/0x30 [ 11.545987] </TASK> [ 11.545998] [ 11.553691] Allocated by task 190: [ 11.553848] kasan_save_stack+0x45/0x70 [ 11.553994] kasan_save_track+0x18/0x40 [ 11.554209] kasan_save_alloc_info+0x3b/0x50 [ 11.554484] __kasan_kmalloc+0xb7/0xc0 [ 11.554693] __kmalloc_cache_noprof+0x189/0x420 [ 11.554922] kmalloc_oob_memset_2+0xac/0x330 [ 11.555242] kunit_try_run_case+0x1a5/0x480 [ 11.555504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.555684] kthread+0x337/0x6f0 [ 11.555814] ret_from_fork+0x116/0x1d0 [ 11.556022] ret_from_fork_asm+0x1a/0x30 [ 11.556309] [ 11.556456] The buggy address belongs to the object at ffff888103328600 [ 11.556456] which belongs to the cache kmalloc-128 of size 128 [ 11.557008] The buggy address is located 119 bytes inside of [ 11.557008] allocated 120-byte region [ffff888103328600, ffff888103328678) [ 11.557557] [ 11.557666] The buggy address belongs to the physical page: [ 11.557917] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103328 [ 11.558290] flags: 0x200000000000000(node=0|zone=2) [ 11.558495] page_type: f5(slab) [ 11.558638] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.558940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.559253] page dumped because: kasan: bad access detected [ 11.559482] [ 11.559565] Memory state around the buggy address: [ 11.559774] ffff888103328500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.560061] ffff888103328580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.561557] >ffff888103328600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.561860] ^ [ 11.562557] ffff888103328680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.563039] ffff888103328700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.563611] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.517421] ================================================================== [ 11.518023] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.518543] Write of size 128 at addr ffff8881029db400 by task kunit_try_catch/188 [ 11.518862] [ 11.519045] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.519091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.519102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.519135] Call Trace: [ 11.519146] <TASK> [ 11.519231] dump_stack_lvl+0x73/0xb0 [ 11.519264] print_report+0xd1/0x650 [ 11.519287] ? __virt_addr_valid+0x1db/0x2d0 [ 11.519310] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.519331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.519352] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.519374] kasan_report+0x141/0x180 [ 11.519395] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.519421] kasan_check_range+0x10c/0x1c0 [ 11.519444] __asan_memset+0x27/0x50 [ 11.519464] kmalloc_oob_in_memset+0x15f/0x320 [ 11.519511] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.519535] ? __schedule+0x10cc/0x2b60 [ 11.519556] ? __pfx_read_tsc+0x10/0x10 [ 11.519577] ? ktime_get_ts64+0x86/0x230 [ 11.519600] kunit_try_run_case+0x1a5/0x480 [ 11.519625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.519646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.519669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.519690] ? __kthread_parkme+0x82/0x180 [ 11.519710] ? preempt_count_sub+0x50/0x80 [ 11.519733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.519756] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.519778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.519800] kthread+0x337/0x6f0 [ 11.519818] ? trace_preempt_on+0x20/0xc0 [ 11.519841] ? __pfx_kthread+0x10/0x10 [ 11.519860] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.519880] ? calculate_sigpending+0x7b/0xa0 [ 11.519902] ? __pfx_kthread+0x10/0x10 [ 11.519923] ret_from_fork+0x116/0x1d0 [ 11.519940] ? __pfx_kthread+0x10/0x10 [ 11.519960] ret_from_fork_asm+0x1a/0x30 [ 11.519989] </TASK> [ 11.520000] [ 11.528064] Allocated by task 188: [ 11.528218] kasan_save_stack+0x45/0x70 [ 11.528369] kasan_save_track+0x18/0x40 [ 11.528546] kasan_save_alloc_info+0x3b/0x50 [ 11.528756] __kasan_kmalloc+0xb7/0xc0 [ 11.528944] __kmalloc_cache_noprof+0x189/0x420 [ 11.529413] kmalloc_oob_in_memset+0xac/0x320 [ 11.529641] kunit_try_run_case+0x1a5/0x480 [ 11.529824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.530051] kthread+0x337/0x6f0 [ 11.530336] ret_from_fork+0x116/0x1d0 [ 11.530534] ret_from_fork_asm+0x1a/0x30 [ 11.530747] [ 11.530838] The buggy address belongs to the object at ffff8881029db400 [ 11.530838] which belongs to the cache kmalloc-128 of size 128 [ 11.531469] The buggy address is located 0 bytes inside of [ 11.531469] allocated 120-byte region [ffff8881029db400, ffff8881029db478) [ 11.531982] [ 11.532076] The buggy address belongs to the physical page: [ 11.532418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.532759] flags: 0x200000000000000(node=0|zone=2) [ 11.532990] page_type: f5(slab) [ 11.533323] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.533707] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.534054] page dumped because: kasan: bad access detected [ 11.534321] [ 11.534423] Memory state around the buggy address: [ 11.534598] ffff8881029db300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.534819] ffff8881029db380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.535139] >ffff8881029db400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.535470] ^ [ 11.535789] ffff8881029db480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.536082] ffff8881029db500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.536462] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.487929] ================================================================== [ 11.488611] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.488948] Read of size 16 at addr ffff888101745e80 by task kunit_try_catch/186 [ 11.489358] [ 11.489657] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.489703] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.489715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.489733] Call Trace: [ 11.489745] <TASK> [ 11.489759] dump_stack_lvl+0x73/0xb0 [ 11.489789] print_report+0xd1/0x650 [ 11.489811] ? __virt_addr_valid+0x1db/0x2d0 [ 11.489834] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.489853] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.489874] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.489894] kasan_report+0x141/0x180 [ 11.489915] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.489939] __asan_report_load16_noabort+0x18/0x20 [ 11.489962] kmalloc_uaf_16+0x47b/0x4c0 [ 11.489982] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.490003] ? __schedule+0x10cc/0x2b60 [ 11.490024] ? __pfx_read_tsc+0x10/0x10 [ 11.490044] ? ktime_get_ts64+0x86/0x230 [ 11.490067] kunit_try_run_case+0x1a5/0x480 [ 11.490092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.490127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.490185] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.490208] ? __kthread_parkme+0x82/0x180 [ 11.490229] ? preempt_count_sub+0x50/0x80 [ 11.490252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.490275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.490297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.490319] kthread+0x337/0x6f0 [ 11.490337] ? trace_preempt_on+0x20/0xc0 [ 11.490360] ? __pfx_kthread+0x10/0x10 [ 11.490380] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.490400] ? calculate_sigpending+0x7b/0xa0 [ 11.490423] ? __pfx_kthread+0x10/0x10 [ 11.490443] ret_from_fork+0x116/0x1d0 [ 11.490460] ? __pfx_kthread+0x10/0x10 [ 11.490480] ret_from_fork_asm+0x1a/0x30 [ 11.490509] </TASK> [ 11.490520] [ 11.498830] Allocated by task 186: [ 11.499029] kasan_save_stack+0x45/0x70 [ 11.499377] kasan_save_track+0x18/0x40 [ 11.499579] kasan_save_alloc_info+0x3b/0x50 [ 11.499796] __kasan_kmalloc+0xb7/0xc0 [ 11.499994] __kmalloc_cache_noprof+0x189/0x420 [ 11.500246] kmalloc_uaf_16+0x15b/0x4c0 [ 11.500551] kunit_try_run_case+0x1a5/0x480 [ 11.500770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.501015] kthread+0x337/0x6f0 [ 11.501301] ret_from_fork+0x116/0x1d0 [ 11.501523] ret_from_fork_asm+0x1a/0x30 [ 11.501767] [ 11.501857] Freed by task 186: [ 11.501968] kasan_save_stack+0x45/0x70 [ 11.502150] kasan_save_track+0x18/0x40 [ 11.502338] kasan_save_free_info+0x3f/0x60 [ 11.502535] __kasan_slab_free+0x56/0x70 [ 11.502723] kfree+0x222/0x3f0 [ 11.503147] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.503395] kunit_try_run_case+0x1a5/0x480 [ 11.503574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.503744] kthread+0x337/0x6f0 [ 11.503903] ret_from_fork+0x116/0x1d0 [ 11.504223] ret_from_fork_asm+0x1a/0x30 [ 11.504550] [ 11.504686] The buggy address belongs to the object at ffff888101745e80 [ 11.504686] which belongs to the cache kmalloc-16 of size 16 [ 11.505333] The buggy address is located 0 bytes inside of [ 11.505333] freed 16-byte region [ffff888101745e80, ffff888101745e90) [ 11.505895] [ 11.505997] The buggy address belongs to the physical page: [ 11.506442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 11.506709] flags: 0x200000000000000(node=0|zone=2) [ 11.506879] page_type: f5(slab) [ 11.507051] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.507775] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.508003] page dumped because: kasan: bad access detected [ 11.508184] [ 11.508254] Memory state around the buggy address: [ 11.508476] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 11.508833] ffff888101745e00: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 11.509251] >ffff888101745e80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.509960] ^ [ 11.510296] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.510665] ffff888101745f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.510916] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.465080] ================================================================== [ 11.465700] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.466044] Write of size 16 at addr ffff888101745e20 by task kunit_try_catch/184 [ 11.466392] [ 11.466649] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.466700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.466711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.466732] Call Trace: [ 11.466745] <TASK> [ 11.466762] dump_stack_lvl+0x73/0xb0 [ 11.466790] print_report+0xd1/0x650 [ 11.466813] ? __virt_addr_valid+0x1db/0x2d0 [ 11.466875] ? kmalloc_oob_16+0x452/0x4a0 [ 11.466920] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.466942] ? kmalloc_oob_16+0x452/0x4a0 [ 11.466962] kasan_report+0x141/0x180 [ 11.466983] ? kmalloc_oob_16+0x452/0x4a0 [ 11.467008] __asan_report_store16_noabort+0x1b/0x30 [ 11.467028] kmalloc_oob_16+0x452/0x4a0 [ 11.467048] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.467069] ? __schedule+0x10cc/0x2b60 [ 11.467090] ? __pfx_read_tsc+0x10/0x10 [ 11.467123] ? ktime_get_ts64+0x86/0x230 [ 11.467148] kunit_try_run_case+0x1a5/0x480 [ 11.467227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.467248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.467271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.467293] ? __kthread_parkme+0x82/0x180 [ 11.467312] ? preempt_count_sub+0x50/0x80 [ 11.467335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.467358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.467379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.467401] kthread+0x337/0x6f0 [ 11.467419] ? trace_preempt_on+0x20/0xc0 [ 11.467442] ? __pfx_kthread+0x10/0x10 [ 11.467461] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.467481] ? calculate_sigpending+0x7b/0xa0 [ 11.467503] ? __pfx_kthread+0x10/0x10 [ 11.467523] ret_from_fork+0x116/0x1d0 [ 11.467541] ? __pfx_kthread+0x10/0x10 [ 11.467560] ret_from_fork_asm+0x1a/0x30 [ 11.467590] </TASK> [ 11.467601] [ 11.475665] Allocated by task 184: [ 11.475906] kasan_save_stack+0x45/0x70 [ 11.476202] kasan_save_track+0x18/0x40 [ 11.476549] kasan_save_alloc_info+0x3b/0x50 [ 11.476777] __kasan_kmalloc+0xb7/0xc0 [ 11.476907] __kmalloc_cache_noprof+0x189/0x420 [ 11.477265] kmalloc_oob_16+0xa8/0x4a0 [ 11.477512] kunit_try_run_case+0x1a5/0x480 [ 11.477755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.478007] kthread+0x337/0x6f0 [ 11.478217] ret_from_fork+0x116/0x1d0 [ 11.478545] ret_from_fork_asm+0x1a/0x30 [ 11.478741] [ 11.478813] The buggy address belongs to the object at ffff888101745e20 [ 11.478813] which belongs to the cache kmalloc-16 of size 16 [ 11.479501] The buggy address is located 0 bytes inside of [ 11.479501] allocated 13-byte region [ffff888101745e20, ffff888101745e2d) [ 11.480005] [ 11.480116] The buggy address belongs to the physical page: [ 11.480446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101745 [ 11.480891] flags: 0x200000000000000(node=0|zone=2) [ 11.481205] page_type: f5(slab) [ 11.481463] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.481814] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.482205] page dumped because: kasan: bad access detected [ 11.482477] [ 11.482576] Memory state around the buggy address: [ 11.482749] ffff888101745d00: fa fb fc fc 00 04 fc fc 00 04 fc fc 00 01 fc fc [ 11.483003] ffff888101745d80: 00 01 fc fc 00 04 fc fc 00 04 fc fc 00 05 fc fc [ 11.483671] >ffff888101745e00: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 11.483911] ^ [ 11.484169] ffff888101745e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.484599] ffff888101745f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.484923] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.403384] ================================================================== [ 11.403950] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.404947] Read of size 1 at addr ffff888100aa8400 by task kunit_try_catch/182 [ 11.405405] [ 11.405628] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.405672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.405684] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.405703] Call Trace: [ 11.405714] <TASK> [ 11.405728] dump_stack_lvl+0x73/0xb0 [ 11.405756] print_report+0xd1/0x650 [ 11.405778] ? __virt_addr_valid+0x1db/0x2d0 [ 11.405801] ? krealloc_uaf+0x1b8/0x5e0 [ 11.405822] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.405843] ? krealloc_uaf+0x1b8/0x5e0 [ 11.405863] kasan_report+0x141/0x180 [ 11.405884] ? krealloc_uaf+0x1b8/0x5e0 [ 11.405907] ? krealloc_uaf+0x1b8/0x5e0 [ 11.405927] __kasan_check_byte+0x3d/0x50 [ 11.405947] krealloc_noprof+0x3f/0x340 [ 11.405970] krealloc_uaf+0x1b8/0x5e0 [ 11.405991] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.406011] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.406039] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.406063] kunit_try_run_case+0x1a5/0x480 [ 11.406088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.406122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.406145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.406167] ? __kthread_parkme+0x82/0x180 [ 11.406187] ? preempt_count_sub+0x50/0x80 [ 11.406209] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.406232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.406253] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.406275] kthread+0x337/0x6f0 [ 11.406293] ? trace_preempt_on+0x20/0xc0 [ 11.406316] ? __pfx_kthread+0x10/0x10 [ 11.406488] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.406516] ? calculate_sigpending+0x7b/0xa0 [ 11.406539] ? __pfx_kthread+0x10/0x10 [ 11.406560] ret_from_fork+0x116/0x1d0 [ 11.406578] ? __pfx_kthread+0x10/0x10 [ 11.406598] ret_from_fork_asm+0x1a/0x30 [ 11.406628] </TASK> [ 11.406639] [ 11.416718] Allocated by task 182: [ 11.416941] kasan_save_stack+0x45/0x70 [ 11.417260] kasan_save_track+0x18/0x40 [ 11.417479] kasan_save_alloc_info+0x3b/0x50 [ 11.417634] __kasan_kmalloc+0xb7/0xc0 [ 11.417767] __kmalloc_cache_noprof+0x189/0x420 [ 11.418058] krealloc_uaf+0xbb/0x5e0 [ 11.418260] kunit_try_run_case+0x1a5/0x480 [ 11.418475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.418732] kthread+0x337/0x6f0 [ 11.419090] ret_from_fork+0x116/0x1d0 [ 11.419354] ret_from_fork_asm+0x1a/0x30 [ 11.419548] [ 11.419686] Freed by task 182: [ 11.419886] kasan_save_stack+0x45/0x70 [ 11.420119] kasan_save_track+0x18/0x40 [ 11.420504] kasan_save_free_info+0x3f/0x60 [ 11.420669] __kasan_slab_free+0x56/0x70 [ 11.420909] kfree+0x222/0x3f0 [ 11.421301] krealloc_uaf+0x13d/0x5e0 [ 11.421442] kunit_try_run_case+0x1a5/0x480 [ 11.421628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.421880] kthread+0x337/0x6f0 [ 11.422049] ret_from_fork+0x116/0x1d0 [ 11.422505] ret_from_fork_asm+0x1a/0x30 [ 11.422712] [ 11.422814] The buggy address belongs to the object at ffff888100aa8400 [ 11.422814] which belongs to the cache kmalloc-256 of size 256 [ 11.423322] The buggy address is located 0 bytes inside of [ 11.423322] freed 256-byte region [ffff888100aa8400, ffff888100aa8500) [ 11.424680] [ 11.424978] The buggy address belongs to the physical page: [ 11.425563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 11.425938] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.426536] flags: 0x200000000000040(head|node=0|zone=2) [ 11.426766] page_type: f5(slab) [ 11.426941] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.427706] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.428024] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.428615] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.429062] head: 0200000000000001 ffffea000402aa01 00000000ffffffff 00000000ffffffff [ 11.429667] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.430050] page dumped because: kasan: bad access detected [ 11.430665] [ 11.430765] Memory state around the buggy address: [ 11.431119] ffff888100aa8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.431636] ffff888100aa8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.432054] >ffff888100aa8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.432630] ^ [ 11.432789] ffff888100aa8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.433118] ffff888100aa8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.433779] ================================================================== [ 11.434877] ================================================================== [ 11.435351] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.435673] Read of size 1 at addr ffff888100aa8400 by task kunit_try_catch/182 [ 11.435984] [ 11.436083] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.436135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.436146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.436164] Call Trace: [ 11.436181] <TASK> [ 11.436197] dump_stack_lvl+0x73/0xb0 [ 11.436224] print_report+0xd1/0x650 [ 11.436332] ? __virt_addr_valid+0x1db/0x2d0 [ 11.436387] ? krealloc_uaf+0x53c/0x5e0 [ 11.436432] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.436454] ? krealloc_uaf+0x53c/0x5e0 [ 11.436475] kasan_report+0x141/0x180 [ 11.436496] ? krealloc_uaf+0x53c/0x5e0 [ 11.436520] __asan_report_load1_noabort+0x18/0x20 [ 11.436543] krealloc_uaf+0x53c/0x5e0 [ 11.436564] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.436583] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.436611] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.436635] kunit_try_run_case+0x1a5/0x480 [ 11.436659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.436680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.436702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.436723] ? __kthread_parkme+0x82/0x180 [ 11.436742] ? preempt_count_sub+0x50/0x80 [ 11.436764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.436786] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.436808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.436829] kthread+0x337/0x6f0 [ 11.436847] ? trace_preempt_on+0x20/0xc0 [ 11.436870] ? __pfx_kthread+0x10/0x10 [ 11.436889] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.436908] ? calculate_sigpending+0x7b/0xa0 [ 11.436930] ? __pfx_kthread+0x10/0x10 [ 11.436950] ret_from_fork+0x116/0x1d0 [ 11.436967] ? __pfx_kthread+0x10/0x10 [ 11.436986] ret_from_fork_asm+0x1a/0x30 [ 11.437015] </TASK> [ 11.437025] [ 11.445363] Allocated by task 182: [ 11.445535] kasan_save_stack+0x45/0x70 [ 11.445823] kasan_save_track+0x18/0x40 [ 11.446082] kasan_save_alloc_info+0x3b/0x50 [ 11.446581] __kasan_kmalloc+0xb7/0xc0 [ 11.446797] __kmalloc_cache_noprof+0x189/0x420 [ 11.447029] krealloc_uaf+0xbb/0x5e0 [ 11.447431] kunit_try_run_case+0x1a5/0x480 [ 11.447661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.447921] kthread+0x337/0x6f0 [ 11.448087] ret_from_fork+0x116/0x1d0 [ 11.448394] ret_from_fork_asm+0x1a/0x30 [ 11.448637] [ 11.448725] Freed by task 182: [ 11.448903] kasan_save_stack+0x45/0x70 [ 11.449132] kasan_save_track+0x18/0x40 [ 11.449411] kasan_save_free_info+0x3f/0x60 [ 11.449597] __kasan_slab_free+0x56/0x70 [ 11.449829] kfree+0x222/0x3f0 [ 11.450010] krealloc_uaf+0x13d/0x5e0 [ 11.450392] kunit_try_run_case+0x1a5/0x480 [ 11.450594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.450779] kthread+0x337/0x6f0 [ 11.450949] ret_from_fork+0x116/0x1d0 [ 11.451148] ret_from_fork_asm+0x1a/0x30 [ 11.451655] [ 11.451761] The buggy address belongs to the object at ffff888100aa8400 [ 11.451761] which belongs to the cache kmalloc-256 of size 256 [ 11.452478] The buggy address is located 0 bytes inside of [ 11.452478] freed 256-byte region [ffff888100aa8400, ffff888100aa8500) [ 11.452966] [ 11.453068] The buggy address belongs to the physical page: [ 11.453446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 11.453943] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.454343] flags: 0x200000000000040(head|node=0|zone=2) [ 11.454726] page_type: f5(slab) [ 11.454890] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.455135] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.455951] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.456576] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.456985] head: 0200000000000001 ffffea000402aa01 00000000ffffffff 00000000ffffffff [ 11.457461] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.457701] page dumped because: kasan: bad access detected [ 11.457955] [ 11.458050] Memory state around the buggy address: [ 11.458496] ffff888100aa8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.458857] ffff888100aa8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.459207] >ffff888100aa8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.459647] ^ [ 11.459817] ffff888100aa8480: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.460117] ffff888100aa8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.460674] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 11.113951] ================================================================== [ 11.114819] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.115415] Write of size 1 at addr ffff88810034a0c9 by task kunit_try_catch/176 [ 11.115792] [ 11.115884] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.115929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.115941] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.115962] Call Trace: [ 11.115974] <TASK> [ 11.115990] dump_stack_lvl+0x73/0xb0 [ 11.116018] print_report+0xd1/0x650 [ 11.116040] ? __virt_addr_valid+0x1db/0x2d0 [ 11.116063] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.116086] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.116127] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.116213] kasan_report+0x141/0x180 [ 11.116236] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.116263] __asan_report_store1_noabort+0x1b/0x30 [ 11.116283] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.116308] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.116349] ? finish_task_switch.isra.0+0x153/0x700 [ 11.116371] ? __switch_to+0x47/0xf50 [ 11.116396] ? __schedule+0x10cc/0x2b60 [ 11.116417] ? __pfx_read_tsc+0x10/0x10 [ 11.116441] krealloc_less_oob+0x1c/0x30 [ 11.116461] kunit_try_run_case+0x1a5/0x480 [ 11.116486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.116507] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.116529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.116551] ? __kthread_parkme+0x82/0x180 [ 11.116570] ? preempt_count_sub+0x50/0x80 [ 11.116591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.116614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.116635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.116657] kthread+0x337/0x6f0 [ 11.116675] ? trace_preempt_on+0x20/0xc0 [ 11.116698] ? __pfx_kthread+0x10/0x10 [ 11.116718] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.116738] ? calculate_sigpending+0x7b/0xa0 [ 11.116760] ? __pfx_kthread+0x10/0x10 [ 11.116781] ret_from_fork+0x116/0x1d0 [ 11.116798] ? __pfx_kthread+0x10/0x10 [ 11.116817] ret_from_fork_asm+0x1a/0x30 [ 11.116846] </TASK> [ 11.116857] [ 11.130282] Allocated by task 176: [ 11.130624] kasan_save_stack+0x45/0x70 [ 11.130977] kasan_save_track+0x18/0x40 [ 11.131409] kasan_save_alloc_info+0x3b/0x50 [ 11.131769] __kasan_krealloc+0x190/0x1f0 [ 11.131910] krealloc_noprof+0xf3/0x340 [ 11.132047] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.132223] krealloc_less_oob+0x1c/0x30 [ 11.132430] kunit_try_run_case+0x1a5/0x480 [ 11.132622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.133088] kthread+0x337/0x6f0 [ 11.133455] ret_from_fork+0x116/0x1d0 [ 11.133890] ret_from_fork_asm+0x1a/0x30 [ 11.134293] [ 11.134449] The buggy address belongs to the object at ffff88810034a000 [ 11.134449] which belongs to the cache kmalloc-256 of size 256 [ 11.135223] The buggy address is located 0 bytes to the right of [ 11.135223] allocated 201-byte region [ffff88810034a000, ffff88810034a0c9) [ 11.136589] [ 11.136837] The buggy address belongs to the physical page: [ 11.137140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a [ 11.137447] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.138129] flags: 0x200000000000040(head|node=0|zone=2) [ 11.138704] page_type: f5(slab) [ 11.139032] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.140020] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.140602] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.141314] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.141555] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff [ 11.141794] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.142027] page dumped because: kasan: bad access detected [ 11.142219] [ 11.142292] Memory state around the buggy address: [ 11.142617] ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.142878] ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.143134] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.143588] ^ [ 11.143887] ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.144246] ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.144580] ================================================================== [ 11.367497] ================================================================== [ 11.367803] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.368100] Write of size 1 at addr ffff8881027ba0ea by task kunit_try_catch/180 [ 11.368537] [ 11.368629] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.368670] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.368681] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.368701] Call Trace: [ 11.368714] <TASK> [ 11.368728] dump_stack_lvl+0x73/0xb0 [ 11.368753] print_report+0xd1/0x650 [ 11.368774] ? __virt_addr_valid+0x1db/0x2d0 [ 11.368796] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.368818] ? kasan_addr_to_slab+0x11/0xa0 [ 11.368837] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.368860] kasan_report+0x141/0x180 [ 11.368881] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.368909] __asan_report_store1_noabort+0x1b/0x30 [ 11.368929] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.368953] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.368976] ? finish_task_switch.isra.0+0x153/0x700 [ 11.368996] ? __switch_to+0x47/0xf50 [ 11.369020] ? __schedule+0x10cc/0x2b60 [ 11.369040] ? __pfx_read_tsc+0x10/0x10 [ 11.369062] krealloc_large_less_oob+0x1c/0x30 [ 11.369084] kunit_try_run_case+0x1a5/0x480 [ 11.369120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.369142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.369164] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.369185] ? __kthread_parkme+0x82/0x180 [ 11.369204] ? preempt_count_sub+0x50/0x80 [ 11.369226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.369249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.369271] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.369293] kthread+0x337/0x6f0 [ 11.369311] ? trace_preempt_on+0x20/0xc0 [ 11.369333] ? __pfx_kthread+0x10/0x10 [ 11.369352] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.369372] ? calculate_sigpending+0x7b/0xa0 [ 11.369394] ? __pfx_kthread+0x10/0x10 [ 11.369414] ret_from_fork+0x116/0x1d0 [ 11.369431] ? __pfx_kthread+0x10/0x10 [ 11.369451] ret_from_fork_asm+0x1a/0x30 [ 11.369480] </TASK> [ 11.369490] [ 11.377198] The buggy address belongs to the physical page: [ 11.377384] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8 [ 11.378267] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.378550] flags: 0x200000000000040(head|node=0|zone=2) [ 11.378726] page_type: f8(unknown) [ 11.378927] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.379494] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.379736] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.379972] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.380275] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff [ 11.380613] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.380953] page dumped because: kasan: bad access detected [ 11.381317] [ 11.381511] Memory state around the buggy address: [ 11.381715] ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.381931] ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.382259] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.382884] ^ [ 11.383386] ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.383683] ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.383972] ================================================================== [ 11.384421] ================================================================== [ 11.384811] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.385078] Write of size 1 at addr ffff8881027ba0eb by task kunit_try_catch/180 [ 11.385415] [ 11.385519] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.385556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.385567] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.385585] Call Trace: [ 11.385599] <TASK> [ 11.385612] dump_stack_lvl+0x73/0xb0 [ 11.385634] print_report+0xd1/0x650 [ 11.385656] ? __virt_addr_valid+0x1db/0x2d0 [ 11.385676] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.385699] ? kasan_addr_to_slab+0x11/0xa0 [ 11.385718] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.385741] kasan_report+0x141/0x180 [ 11.385777] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.385804] __asan_report_store1_noabort+0x1b/0x30 [ 11.385825] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.385849] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.385872] ? finish_task_switch.isra.0+0x153/0x700 [ 11.385892] ? __switch_to+0x47/0xf50 [ 11.385918] ? __schedule+0x10cc/0x2b60 [ 11.385939] ? __pfx_read_tsc+0x10/0x10 [ 11.385962] krealloc_large_less_oob+0x1c/0x30 [ 11.385983] kunit_try_run_case+0x1a5/0x480 [ 11.386006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.386027] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.386049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.386071] ? __kthread_parkme+0x82/0x180 [ 11.386090] ? preempt_count_sub+0x50/0x80 [ 11.386121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.386144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.386165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.386187] kthread+0x337/0x6f0 [ 11.386205] ? trace_preempt_on+0x20/0xc0 [ 11.386227] ? __pfx_kthread+0x10/0x10 [ 11.386247] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.386266] ? calculate_sigpending+0x7b/0xa0 [ 11.386288] ? __pfx_kthread+0x10/0x10 [ 11.386308] ret_from_fork+0x116/0x1d0 [ 11.386326] ? __pfx_kthread+0x10/0x10 [ 11.386345] ret_from_fork_asm+0x1a/0x30 [ 11.386374] </TASK> [ 11.386384] [ 11.394007] The buggy address belongs to the physical page: [ 11.394309] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8 [ 11.394581] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.394810] flags: 0x200000000000040(head|node=0|zone=2) [ 11.395062] page_type: f8(unknown) [ 11.395263] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.395577] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.395808] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.396041] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.396646] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff [ 11.396997] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.397352] page dumped because: kasan: bad access detected [ 11.397558] [ 11.397629] Memory state around the buggy address: [ 11.397785] ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.398049] ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.398544] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.398878] ^ [ 11.399268] ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.399639] ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.399878] ================================================================== [ 11.145307] ================================================================== [ 11.145937] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.146369] Write of size 1 at addr ffff88810034a0d0 by task kunit_try_catch/176 [ 11.146784] [ 11.146950] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.147002] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.147013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.147032] Call Trace: [ 11.147043] <TASK> [ 11.147057] dump_stack_lvl+0x73/0xb0 [ 11.147093] print_report+0xd1/0x650 [ 11.147133] ? __virt_addr_valid+0x1db/0x2d0 [ 11.147155] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.147177] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.147198] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.147229] kasan_report+0x141/0x180 [ 11.147250] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.147277] __asan_report_store1_noabort+0x1b/0x30 [ 11.147297] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.147321] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.147354] ? finish_task_switch.isra.0+0x153/0x700 [ 11.147374] ? __switch_to+0x47/0xf50 [ 11.147399] ? __schedule+0x10cc/0x2b60 [ 11.147431] ? __pfx_read_tsc+0x10/0x10 [ 11.147454] krealloc_less_oob+0x1c/0x30 [ 11.147474] kunit_try_run_case+0x1a5/0x480 [ 11.147498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.147519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.147541] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.147563] ? __kthread_parkme+0x82/0x180 [ 11.147583] ? preempt_count_sub+0x50/0x80 [ 11.147655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.147679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.147701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.147733] kthread+0x337/0x6f0 [ 11.147752] ? trace_preempt_on+0x20/0xc0 [ 11.147776] ? __pfx_kthread+0x10/0x10 [ 11.147806] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.147826] ? calculate_sigpending+0x7b/0xa0 [ 11.147858] ? __pfx_kthread+0x10/0x10 [ 11.147879] ret_from_fork+0x116/0x1d0 [ 11.147896] ? __pfx_kthread+0x10/0x10 [ 11.147926] ret_from_fork_asm+0x1a/0x30 [ 11.147956] </TASK> [ 11.147967] [ 11.159092] Allocated by task 176: [ 11.159387] kasan_save_stack+0x45/0x70 [ 11.159965] kasan_save_track+0x18/0x40 [ 11.160152] kasan_save_alloc_info+0x3b/0x50 [ 11.160523] __kasan_krealloc+0x190/0x1f0 [ 11.160727] krealloc_noprof+0xf3/0x340 [ 11.160913] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.161154] krealloc_less_oob+0x1c/0x30 [ 11.161855] kunit_try_run_case+0x1a5/0x480 [ 11.162169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.162559] kthread+0x337/0x6f0 [ 11.162801] ret_from_fork+0x116/0x1d0 [ 11.163088] ret_from_fork_asm+0x1a/0x30 [ 11.163350] [ 11.163496] The buggy address belongs to the object at ffff88810034a000 [ 11.163496] which belongs to the cache kmalloc-256 of size 256 [ 11.164453] The buggy address is located 7 bytes to the right of [ 11.164453] allocated 201-byte region [ffff88810034a000, ffff88810034a0c9) [ 11.165081] [ 11.165368] The buggy address belongs to the physical page: [ 11.165730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a [ 11.166062] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.166755] flags: 0x200000000000040(head|node=0|zone=2) [ 11.167137] page_type: f5(slab) [ 11.167499] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.167943] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.168435] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.168798] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.169305] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff [ 11.169799] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.170306] page dumped because: kasan: bad access detected [ 11.170649] [ 11.170768] Memory state around the buggy address: [ 11.171093] ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.171775] ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.172099] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.172716] ^ [ 11.173060] ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.173634] ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.173996] ================================================================== [ 11.350662] ================================================================== [ 11.350887] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.351157] Write of size 1 at addr ffff8881027ba0da by task kunit_try_catch/180 [ 11.351745] [ 11.351864] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.351905] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.351916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.351934] Call Trace: [ 11.351949] <TASK> [ 11.351964] dump_stack_lvl+0x73/0xb0 [ 11.351990] print_report+0xd1/0x650 [ 11.352011] ? __virt_addr_valid+0x1db/0x2d0 [ 11.352032] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.352054] ? kasan_addr_to_slab+0x11/0xa0 [ 11.352073] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.352096] kasan_report+0x141/0x180 [ 11.352130] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.352239] __asan_report_store1_noabort+0x1b/0x30 [ 11.352264] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.352289] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.352312] ? finish_task_switch.isra.0+0x153/0x700 [ 11.352332] ? __switch_to+0x47/0xf50 [ 11.352355] ? __schedule+0x10cc/0x2b60 [ 11.352375] ? __pfx_read_tsc+0x10/0x10 [ 11.352398] krealloc_large_less_oob+0x1c/0x30 [ 11.352419] kunit_try_run_case+0x1a5/0x480 [ 11.352443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.352464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.352486] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.352507] ? __kthread_parkme+0x82/0x180 [ 11.352527] ? preempt_count_sub+0x50/0x80 [ 11.352548] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.352571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.352592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.352614] kthread+0x337/0x6f0 [ 11.352632] ? trace_preempt_on+0x20/0xc0 [ 11.352655] ? __pfx_kthread+0x10/0x10 [ 11.352674] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.352694] ? calculate_sigpending+0x7b/0xa0 [ 11.352716] ? __pfx_kthread+0x10/0x10 [ 11.352736] ret_from_fork+0x116/0x1d0 [ 11.352754] ? __pfx_kthread+0x10/0x10 [ 11.352774] ret_from_fork_asm+0x1a/0x30 [ 11.352803] </TASK> [ 11.352813] [ 11.361021] The buggy address belongs to the physical page: [ 11.361394] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8 [ 11.361685] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.361915] flags: 0x200000000000040(head|node=0|zone=2) [ 11.362170] page_type: f8(unknown) [ 11.362347] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.362710] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.362944] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.363194] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.363444] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff [ 11.364120] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.364476] page dumped because: kasan: bad access detected [ 11.364963] [ 11.365043] Memory state around the buggy address: [ 11.365212] ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.365442] ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.365767] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.366077] ^ [ 11.366356] ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.366677] ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.366955] ================================================================== [ 11.205774] ================================================================== [ 11.206018] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.206990] Write of size 1 at addr ffff88810034a0ea by task kunit_try_catch/176 [ 11.207763] [ 11.208029] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.208284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.208298] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.208340] Call Trace: [ 11.208356] <TASK> [ 11.208372] dump_stack_lvl+0x73/0xb0 [ 11.208401] print_report+0xd1/0x650 [ 11.208425] ? __virt_addr_valid+0x1db/0x2d0 [ 11.208449] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.208474] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.208496] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.208519] kasan_report+0x141/0x180 [ 11.208541] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.208568] __asan_report_store1_noabort+0x1b/0x30 [ 11.208588] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.208612] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.208635] ? finish_task_switch.isra.0+0x153/0x700 [ 11.208656] ? __switch_to+0x47/0xf50 [ 11.208680] ? __schedule+0x10cc/0x2b60 [ 11.208701] ? __pfx_read_tsc+0x10/0x10 [ 11.208724] krealloc_less_oob+0x1c/0x30 [ 11.208745] kunit_try_run_case+0x1a5/0x480 [ 11.208768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.208788] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.208811] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.208832] ? __kthread_parkme+0x82/0x180 [ 11.208851] ? preempt_count_sub+0x50/0x80 [ 11.208873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.208895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.208916] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.208937] kthread+0x337/0x6f0 [ 11.208956] ? trace_preempt_on+0x20/0xc0 [ 11.208979] ? __pfx_kthread+0x10/0x10 [ 11.208999] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.209019] ? calculate_sigpending+0x7b/0xa0 [ 11.209040] ? __pfx_kthread+0x10/0x10 [ 11.209061] ret_from_fork+0x116/0x1d0 [ 11.209078] ? __pfx_kthread+0x10/0x10 [ 11.209097] ret_from_fork_asm+0x1a/0x30 [ 11.209198] </TASK> [ 11.209213] [ 11.220680] Allocated by task 176: [ 11.220854] kasan_save_stack+0x45/0x70 [ 11.221037] kasan_save_track+0x18/0x40 [ 11.221934] kasan_save_alloc_info+0x3b/0x50 [ 11.222390] __kasan_krealloc+0x190/0x1f0 [ 11.222557] krealloc_noprof+0xf3/0x340 [ 11.222984] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.223436] krealloc_less_oob+0x1c/0x30 [ 11.223610] kunit_try_run_case+0x1a5/0x480 [ 11.224071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.224702] kthread+0x337/0x6f0 [ 11.224996] ret_from_fork+0x116/0x1d0 [ 11.225428] ret_from_fork_asm+0x1a/0x30 [ 11.225832] [ 11.225930] The buggy address belongs to the object at ffff88810034a000 [ 11.225930] which belongs to the cache kmalloc-256 of size 256 [ 11.226655] The buggy address is located 33 bytes to the right of [ 11.226655] allocated 201-byte region [ffff88810034a000, ffff88810034a0c9) [ 11.227618] [ 11.227926] The buggy address belongs to the physical page: [ 11.228252] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a [ 11.228685] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.229368] flags: 0x200000000000040(head|node=0|zone=2) [ 11.229819] page_type: f5(slab) [ 11.230087] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.230672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.231150] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.231467] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.231818] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff [ 11.232490] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.232797] page dumped because: kasan: bad access detected [ 11.233232] [ 11.233343] Memory state around the buggy address: [ 11.233785] ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.234289] ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.234696] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.235120] ^ [ 11.235749] ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.236270] ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.236672] ================================================================== [ 11.333944] ================================================================== [ 11.334331] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.334657] Write of size 1 at addr ffff8881027ba0d0 by task kunit_try_catch/180 [ 11.334967] [ 11.335070] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.335121] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.335132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.335150] Call Trace: [ 11.335178] <TASK> [ 11.335191] dump_stack_lvl+0x73/0xb0 [ 11.335221] print_report+0xd1/0x650 [ 11.335242] ? __virt_addr_valid+0x1db/0x2d0 [ 11.335264] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.335286] ? kasan_addr_to_slab+0x11/0xa0 [ 11.335306] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.335329] kasan_report+0x141/0x180 [ 11.335350] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.335377] __asan_report_store1_noabort+0x1b/0x30 [ 11.335397] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.335422] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.335445] ? finish_task_switch.isra.0+0x153/0x700 [ 11.335465] ? __switch_to+0x47/0xf50 [ 11.335488] ? __schedule+0x10cc/0x2b60 [ 11.335509] ? __pfx_read_tsc+0x10/0x10 [ 11.335531] krealloc_large_less_oob+0x1c/0x30 [ 11.335553] kunit_try_run_case+0x1a5/0x480 [ 11.335577] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.335598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.335620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.335641] ? __kthread_parkme+0x82/0x180 [ 11.335660] ? preempt_count_sub+0x50/0x80 [ 11.335681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.335704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.335725] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.335747] kthread+0x337/0x6f0 [ 11.335766] ? trace_preempt_on+0x20/0xc0 [ 11.335789] ? __pfx_kthread+0x10/0x10 [ 11.335809] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.335828] ? calculate_sigpending+0x7b/0xa0 [ 11.335850] ? __pfx_kthread+0x10/0x10 [ 11.335871] ret_from_fork+0x116/0x1d0 [ 11.335888] ? __pfx_kthread+0x10/0x10 [ 11.335907] ret_from_fork_asm+0x1a/0x30 [ 11.335936] </TASK> [ 11.335946] [ 11.344212] The buggy address belongs to the physical page: [ 11.344452] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8 [ 11.344816] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.345138] flags: 0x200000000000040(head|node=0|zone=2) [ 11.345369] page_type: f8(unknown) [ 11.345542] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.345824] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.346413] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.346712] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.347019] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff [ 11.347519] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.347818] page dumped because: kasan: bad access detected [ 11.348053] [ 11.348145] Memory state around the buggy address: [ 11.348322] ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.348644] ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.349008] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.349383] ^ [ 11.349674] ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.349961] ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.350273] ================================================================== [ 11.174875] ================================================================== [ 11.175564] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.175903] Write of size 1 at addr ffff88810034a0da by task kunit_try_catch/176 [ 11.176443] [ 11.176650] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.176695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.176806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.176829] Call Trace: [ 11.176845] <TASK> [ 11.176861] dump_stack_lvl+0x73/0xb0 [ 11.176888] print_report+0xd1/0x650 [ 11.176910] ? __virt_addr_valid+0x1db/0x2d0 [ 11.176931] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.176953] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.176975] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.176997] kasan_report+0x141/0x180 [ 11.177018] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.177045] __asan_report_store1_noabort+0x1b/0x30 [ 11.177065] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.177090] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.177124] ? finish_task_switch.isra.0+0x153/0x700 [ 11.177145] ? __switch_to+0x47/0xf50 [ 11.177169] ? __schedule+0x10cc/0x2b60 [ 11.177190] ? __pfx_read_tsc+0x10/0x10 [ 11.177212] krealloc_less_oob+0x1c/0x30 [ 11.177233] kunit_try_run_case+0x1a5/0x480 [ 11.177255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.177276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.177299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.177321] ? __kthread_parkme+0x82/0x180 [ 11.177340] ? preempt_count_sub+0x50/0x80 [ 11.177361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.177383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.177405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.177426] kthread+0x337/0x6f0 [ 11.177446] ? trace_preempt_on+0x20/0xc0 [ 11.177468] ? __pfx_kthread+0x10/0x10 [ 11.177488] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.177507] ? calculate_sigpending+0x7b/0xa0 [ 11.177529] ? __pfx_kthread+0x10/0x10 [ 11.177550] ret_from_fork+0x116/0x1d0 [ 11.177567] ? __pfx_kthread+0x10/0x10 [ 11.177586] ret_from_fork_asm+0x1a/0x30 [ 11.177616] </TASK> [ 11.177627] [ 11.189771] Allocated by task 176: [ 11.189984] kasan_save_stack+0x45/0x70 [ 11.190549] kasan_save_track+0x18/0x40 [ 11.190771] kasan_save_alloc_info+0x3b/0x50 [ 11.191009] __kasan_krealloc+0x190/0x1f0 [ 11.191215] krealloc_noprof+0xf3/0x340 [ 11.191680] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.191876] krealloc_less_oob+0x1c/0x30 [ 11.192192] kunit_try_run_case+0x1a5/0x480 [ 11.192741] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.192995] kthread+0x337/0x6f0 [ 11.193325] ret_from_fork+0x116/0x1d0 [ 11.193786] ret_from_fork_asm+0x1a/0x30 [ 11.194160] [ 11.194244] The buggy address belongs to the object at ffff88810034a000 [ 11.194244] which belongs to the cache kmalloc-256 of size 256 [ 11.195345] The buggy address is located 17 bytes to the right of [ 11.195345] allocated 201-byte region [ffff88810034a000, ffff88810034a0c9) [ 11.196032] [ 11.196155] The buggy address belongs to the physical page: [ 11.196642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a [ 11.196994] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.197788] flags: 0x200000000000040(head|node=0|zone=2) [ 11.198184] page_type: f5(slab) [ 11.198524] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.198875] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.199193] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.199693] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.200004] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff [ 11.200376] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.200625] page dumped because: kasan: bad access detected [ 11.200804] [ 11.200880] Memory state around the buggy address: [ 11.201040] ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.201983] ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.203319] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.204246] ^ [ 11.204570] ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.204916] ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.205264] ================================================================== [ 11.240346] ================================================================== [ 11.240824] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.241074] Write of size 1 at addr ffff88810034a0eb by task kunit_try_catch/176 [ 11.241572] [ 11.241778] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.241822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.241833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.241853] Call Trace: [ 11.241867] <TASK> [ 11.241881] dump_stack_lvl+0x73/0xb0 [ 11.241908] print_report+0xd1/0x650 [ 11.241930] ? __virt_addr_valid+0x1db/0x2d0 [ 11.241952] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.241976] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.241997] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.242020] kasan_report+0x141/0x180 [ 11.242042] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.242069] __asan_report_store1_noabort+0x1b/0x30 [ 11.242088] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.242124] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.242148] ? finish_task_switch.isra.0+0x153/0x700 [ 11.242170] ? __switch_to+0x47/0xf50 [ 11.242194] ? __schedule+0x10cc/0x2b60 [ 11.242215] ? __pfx_read_tsc+0x10/0x10 [ 11.242238] krealloc_less_oob+0x1c/0x30 [ 11.242259] kunit_try_run_case+0x1a5/0x480 [ 11.242282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.242302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.242325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.242346] ? __kthread_parkme+0x82/0x180 [ 11.242366] ? preempt_count_sub+0x50/0x80 [ 11.242398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.242421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.242442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.242464] kthread+0x337/0x6f0 [ 11.242482] ? trace_preempt_on+0x20/0xc0 [ 11.242506] ? __pfx_kthread+0x10/0x10 [ 11.242525] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.242545] ? calculate_sigpending+0x7b/0xa0 [ 11.242568] ? __pfx_kthread+0x10/0x10 [ 11.242588] ret_from_fork+0x116/0x1d0 [ 11.242605] ? __pfx_kthread+0x10/0x10 [ 11.242624] ret_from_fork_asm+0x1a/0x30 [ 11.242654] </TASK> [ 11.242665] [ 11.254919] Allocated by task 176: [ 11.255056] kasan_save_stack+0x45/0x70 [ 11.255405] kasan_save_track+0x18/0x40 [ 11.255567] kasan_save_alloc_info+0x3b/0x50 [ 11.255727] __kasan_krealloc+0x190/0x1f0 [ 11.255877] krealloc_noprof+0xf3/0x340 [ 11.256267] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.256723] krealloc_less_oob+0x1c/0x30 [ 11.257096] kunit_try_run_case+0x1a5/0x480 [ 11.257519] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.258014] kthread+0x337/0x6f0 [ 11.258149] ret_from_fork+0x116/0x1d0 [ 11.258283] ret_from_fork_asm+0x1a/0x30 [ 11.258621] [ 11.258781] The buggy address belongs to the object at ffff88810034a000 [ 11.258781] which belongs to the cache kmalloc-256 of size 256 [ 11.260007] The buggy address is located 34 bytes to the right of [ 11.260007] allocated 201-byte region [ffff88810034a000, ffff88810034a0c9) [ 11.261150] [ 11.261325] The buggy address belongs to the physical page: [ 11.261816] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10034a [ 11.262060] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.262650] flags: 0x200000000000040(head|node=0|zone=2) [ 11.263223] page_type: f5(slab) [ 11.263563] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.264287] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.265021] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.265526] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.266228] head: 0200000000000001 ffffea000400d281 00000000ffffffff 00000000ffffffff [ 11.266888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.267309] page dumped because: kasan: bad access detected [ 11.267503] [ 11.267672] Memory state around the buggy address: [ 11.267848] ffff888100349f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.268066] ffff88810034a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.268589] >ffff88810034a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.268874] ^ [ 11.269287] ffff88810034a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.269857] ffff88810034a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.270148] ================================================================== [ 11.315417] ================================================================== [ 11.316918] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.317464] Write of size 1 at addr ffff8881027ba0c9 by task kunit_try_catch/180 [ 11.317997] [ 11.318124] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.318168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.318180] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.318200] Call Trace: [ 11.318213] <TASK> [ 11.318228] dump_stack_lvl+0x73/0xb0 [ 11.318256] print_report+0xd1/0x650 [ 11.318279] ? __virt_addr_valid+0x1db/0x2d0 [ 11.318301] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.318324] ? kasan_addr_to_slab+0x11/0xa0 [ 11.318343] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.318366] kasan_report+0x141/0x180 [ 11.318387] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.318413] __asan_report_store1_noabort+0x1b/0x30 [ 11.318433] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.318458] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.318481] ? finish_task_switch.isra.0+0x153/0x700 [ 11.318502] ? __switch_to+0x47/0xf50 [ 11.318527] ? __schedule+0x10cc/0x2b60 [ 11.318548] ? __pfx_read_tsc+0x10/0x10 [ 11.318571] krealloc_large_less_oob+0x1c/0x30 [ 11.318593] kunit_try_run_case+0x1a5/0x480 [ 11.318617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.318638] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.318661] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.318683] ? __kthread_parkme+0x82/0x180 [ 11.318704] ? preempt_count_sub+0x50/0x80 [ 11.318727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.318751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.318773] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.318795] kthread+0x337/0x6f0 [ 11.318813] ? trace_preempt_on+0x20/0xc0 [ 11.318836] ? __pfx_kthread+0x10/0x10 [ 11.318855] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.318875] ? calculate_sigpending+0x7b/0xa0 [ 11.318899] ? __pfx_kthread+0x10/0x10 [ 11.318919] ret_from_fork+0x116/0x1d0 [ 11.318936] ? __pfx_kthread+0x10/0x10 [ 11.318955] ret_from_fork_asm+0x1a/0x30 [ 11.318985] </TASK> [ 11.318996] [ 11.326916] The buggy address belongs to the physical page: [ 11.327165] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b8 [ 11.327576] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.327809] flags: 0x200000000000040(head|node=0|zone=2) [ 11.328063] page_type: f8(unknown) [ 11.328415] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.328760] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.329117] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.329632] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.329907] head: 0200000000000002 ffffea000409ee01 00000000ffffffff 00000000ffffffff [ 11.330157] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.330521] page dumped because: kasan: bad access detected [ 11.330773] [ 11.330868] Memory state around the buggy address: [ 11.331309] ffff8881027b9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.331641] ffff8881027ba000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.331922] >ffff8881027ba080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.332299] ^ [ 11.332582] ffff8881027ba100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.332841] ffff8881027ba180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.333129] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 11.273264] ================================================================== [ 11.274298] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.274830] Write of size 1 at addr ffff8881029fe0eb by task kunit_try_catch/178 [ 11.275058] [ 11.275160] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.275215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.275227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.275247] Call Trace: [ 11.275260] <TASK> [ 11.275276] dump_stack_lvl+0x73/0xb0 [ 11.275304] print_report+0xd1/0x650 [ 11.275327] ? __virt_addr_valid+0x1db/0x2d0 [ 11.275349] ? krealloc_more_oob_helper+0x821/0x930 [ 11.275372] ? kasan_addr_to_slab+0x11/0xa0 [ 11.275391] ? krealloc_more_oob_helper+0x821/0x930 [ 11.275414] kasan_report+0x141/0x180 [ 11.275435] ? krealloc_more_oob_helper+0x821/0x930 [ 11.275462] __asan_report_store1_noabort+0x1b/0x30 [ 11.275482] krealloc_more_oob_helper+0x821/0x930 [ 11.275503] ? __schedule+0x10cc/0x2b60 [ 11.275524] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.275547] ? finish_task_switch.isra.0+0x153/0x700 [ 11.275569] ? __switch_to+0x47/0xf50 [ 11.275593] ? __schedule+0x10cc/0x2b60 [ 11.275613] ? __pfx_read_tsc+0x10/0x10 [ 11.275637] krealloc_large_more_oob+0x1c/0x30 [ 11.275659] kunit_try_run_case+0x1a5/0x480 [ 11.275683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.275705] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.275727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.275749] ? __kthread_parkme+0x82/0x180 [ 11.275769] ? preempt_count_sub+0x50/0x80 [ 11.275791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.275813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.275834] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.275856] kthread+0x337/0x6f0 [ 11.275874] ? trace_preempt_on+0x20/0xc0 [ 11.275897] ? __pfx_kthread+0x10/0x10 [ 11.275917] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.275937] ? calculate_sigpending+0x7b/0xa0 [ 11.275960] ? __pfx_kthread+0x10/0x10 [ 11.275980] ret_from_fork+0x116/0x1d0 [ 11.275997] ? __pfx_kthread+0x10/0x10 [ 11.276017] ret_from_fork_asm+0x1a/0x30 [ 11.276046] </TASK> [ 11.276057] [ 11.284061] The buggy address belongs to the physical page: [ 11.284315] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 11.284695] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.285069] flags: 0x200000000000040(head|node=0|zone=2) [ 11.285316] page_type: f8(unknown) [ 11.285505] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.285738] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.286133] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.286508] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.286942] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 11.287310] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.287540] page dumped because: kasan: bad access detected [ 11.287936] [ 11.288122] Memory state around the buggy address: [ 11.288322] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.288598] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.288817] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.289034] ^ [ 11.289407] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.289746] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.290031] ================================================================== [ 11.090875] ================================================================== [ 11.091481] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.091833] Write of size 1 at addr ffff888100aa82f0 by task kunit_try_catch/174 [ 11.092253] [ 11.092347] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.092387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.092397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.092416] Call Trace: [ 11.092430] <TASK> [ 11.092445] dump_stack_lvl+0x73/0xb0 [ 11.092470] print_report+0xd1/0x650 [ 11.092491] ? __virt_addr_valid+0x1db/0x2d0 [ 11.092511] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.092533] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.092553] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.092576] kasan_report+0x141/0x180 [ 11.092596] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.092624] __asan_report_store1_noabort+0x1b/0x30 [ 11.092643] krealloc_more_oob_helper+0x7eb/0x930 [ 11.092664] ? __schedule+0x10cc/0x2b60 [ 11.092685] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.092707] ? finish_task_switch.isra.0+0x153/0x700 [ 11.092727] ? __switch_to+0x47/0xf50 [ 11.092750] ? __schedule+0x10cc/0x2b60 [ 11.092769] ? __pfx_read_tsc+0x10/0x10 [ 11.092792] krealloc_more_oob+0x1c/0x30 [ 11.092812] kunit_try_run_case+0x1a5/0x480 [ 11.092834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.092855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.092876] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.092898] ? __kthread_parkme+0x82/0x180 [ 11.092916] ? preempt_count_sub+0x50/0x80 [ 11.092937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.092959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.092981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.093002] kthread+0x337/0x6f0 [ 11.093020] ? trace_preempt_on+0x20/0xc0 [ 11.093042] ? __pfx_kthread+0x10/0x10 [ 11.093062] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.093081] ? calculate_sigpending+0x7b/0xa0 [ 11.093103] ? __pfx_kthread+0x10/0x10 [ 11.093136] ret_from_fork+0x116/0x1d0 [ 11.093153] ? __pfx_kthread+0x10/0x10 [ 11.093173] ret_from_fork_asm+0x1a/0x30 [ 11.093202] </TASK> [ 11.093212] [ 11.101064] Allocated by task 174: [ 11.101333] kasan_save_stack+0x45/0x70 [ 11.101562] kasan_save_track+0x18/0x40 [ 11.101760] kasan_save_alloc_info+0x3b/0x50 [ 11.101922] __kasan_krealloc+0x190/0x1f0 [ 11.102134] krealloc_noprof+0xf3/0x340 [ 11.102423] krealloc_more_oob_helper+0x1a9/0x930 [ 11.102593] krealloc_more_oob+0x1c/0x30 [ 11.102741] kunit_try_run_case+0x1a5/0x480 [ 11.102946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.103437] kthread+0x337/0x6f0 [ 11.103638] ret_from_fork+0x116/0x1d0 [ 11.103785] ret_from_fork_asm+0x1a/0x30 [ 11.103984] [ 11.104081] The buggy address belongs to the object at ffff888100aa8200 [ 11.104081] which belongs to the cache kmalloc-256 of size 256 [ 11.104597] The buggy address is located 5 bytes to the right of [ 11.104597] allocated 235-byte region [ffff888100aa8200, ffff888100aa82eb) [ 11.105236] [ 11.105338] The buggy address belongs to the physical page: [ 11.105614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 11.105915] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.106281] flags: 0x200000000000040(head|node=0|zone=2) [ 11.106488] page_type: f5(slab) [ 11.106639] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.106980] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.107555] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.107863] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.108264] head: 0200000000000001 ffffea000402aa01 00000000ffffffff 00000000ffffffff [ 11.108544] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.108889] page dumped because: kasan: bad access detected [ 11.109218] [ 11.109294] Memory state around the buggy address: [ 11.109505] ffff888100aa8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.109788] ffff888100aa8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.110098] >ffff888100aa8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.110433] ^ [ 11.110740] ffff888100aa8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.111027] ffff888100aa8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.111321] ================================================================== [ 11.069948] ================================================================== [ 11.070391] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.070708] Write of size 1 at addr ffff888100aa82eb by task kunit_try_catch/174 [ 11.071012] [ 11.071152] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.071196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.071212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.071232] Call Trace: [ 11.071244] <TASK> [ 11.071258] dump_stack_lvl+0x73/0xb0 [ 11.071288] print_report+0xd1/0x650 [ 11.071310] ? __virt_addr_valid+0x1db/0x2d0 [ 11.071352] ? krealloc_more_oob_helper+0x821/0x930 [ 11.071375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.071396] ? krealloc_more_oob_helper+0x821/0x930 [ 11.071419] kasan_report+0x141/0x180 [ 11.071439] ? krealloc_more_oob_helper+0x821/0x930 [ 11.071466] __asan_report_store1_noabort+0x1b/0x30 [ 11.071486] krealloc_more_oob_helper+0x821/0x930 [ 11.071507] ? __schedule+0x10cc/0x2b60 [ 11.071528] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.071551] ? finish_task_switch.isra.0+0x153/0x700 [ 11.071574] ? __switch_to+0x47/0xf50 [ 11.071600] ? __schedule+0x10cc/0x2b60 [ 11.071620] ? __pfx_read_tsc+0x10/0x10 [ 11.071644] krealloc_more_oob+0x1c/0x30 [ 11.071664] kunit_try_run_case+0x1a5/0x480 [ 11.071689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.071709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.071731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.071752] ? __kthread_parkme+0x82/0x180 [ 11.071772] ? preempt_count_sub+0x50/0x80 [ 11.071794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.071815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.071837] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.071858] kthread+0x337/0x6f0 [ 11.071876] ? trace_preempt_on+0x20/0xc0 [ 11.071899] ? __pfx_kthread+0x10/0x10 [ 11.071919] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.071938] ? calculate_sigpending+0x7b/0xa0 [ 11.071961] ? __pfx_kthread+0x10/0x10 [ 11.071981] ret_from_fork+0x116/0x1d0 [ 11.071998] ? __pfx_kthread+0x10/0x10 [ 11.072017] ret_from_fork_asm+0x1a/0x30 [ 11.072047] </TASK> [ 11.072058] [ 11.080317] Allocated by task 174: [ 11.080509] kasan_save_stack+0x45/0x70 [ 11.080705] kasan_save_track+0x18/0x40 [ 11.080890] kasan_save_alloc_info+0x3b/0x50 [ 11.081092] __kasan_krealloc+0x190/0x1f0 [ 11.081403] krealloc_noprof+0xf3/0x340 [ 11.081575] krealloc_more_oob_helper+0x1a9/0x930 [ 11.081770] krealloc_more_oob+0x1c/0x30 [ 11.081957] kunit_try_run_case+0x1a5/0x480 [ 11.082242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.082479] kthread+0x337/0x6f0 [ 11.082649] ret_from_fork+0x116/0x1d0 [ 11.082822] ret_from_fork_asm+0x1a/0x30 [ 11.082994] [ 11.083066] The buggy address belongs to the object at ffff888100aa8200 [ 11.083066] which belongs to the cache kmalloc-256 of size 256 [ 11.083734] The buggy address is located 0 bytes to the right of [ 11.083734] allocated 235-byte region [ffff888100aa8200, ffff888100aa82eb) [ 11.084394] [ 11.084473] The buggy address belongs to the physical page: [ 11.084651] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100aa8 [ 11.084935] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.085371] flags: 0x200000000000040(head|node=0|zone=2) [ 11.085626] page_type: f5(slab) [ 11.085797] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.086063] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.086427] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.086789] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.087386] head: 0200000000000001 ffffea000402aa01 00000000ffffffff 00000000ffffffff [ 11.087726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.087994] page dumped because: kasan: bad access detected [ 11.088261] [ 11.088380] Memory state around the buggy address: [ 11.088608] ffff888100aa8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.088921] ffff888100aa8200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.089291] >ffff888100aa8280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.089614] ^ [ 11.089818] ffff888100aa8300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.090104] ffff888100aa8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.090473] ================================================================== [ 11.290589] ================================================================== [ 11.290826] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.291064] Write of size 1 at addr ffff8881029fe0f0 by task kunit_try_catch/178 [ 11.291633] [ 11.291753] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.291792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.291804] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.291832] Call Trace: [ 11.291847] <TASK> [ 11.291861] dump_stack_lvl+0x73/0xb0 [ 11.291886] print_report+0xd1/0x650 [ 11.291907] ? __virt_addr_valid+0x1db/0x2d0 [ 11.291928] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.291950] ? kasan_addr_to_slab+0x11/0xa0 [ 11.291970] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.291993] kasan_report+0x141/0x180 [ 11.292013] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.292041] __asan_report_store1_noabort+0x1b/0x30 [ 11.292061] krealloc_more_oob_helper+0x7eb/0x930 [ 11.292082] ? __schedule+0x10cc/0x2b60 [ 11.292102] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.292136] ? finish_task_switch.isra.0+0x153/0x700 [ 11.292156] ? __switch_to+0x47/0xf50 [ 11.292180] ? __schedule+0x10cc/0x2b60 [ 11.292200] ? __pfx_read_tsc+0x10/0x10 [ 11.292223] krealloc_large_more_oob+0x1c/0x30 [ 11.292245] kunit_try_run_case+0x1a5/0x480 [ 11.292269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.292291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.292314] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.292345] ? __kthread_parkme+0x82/0x180 [ 11.292366] ? preempt_count_sub+0x50/0x80 [ 11.292388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.292410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.292432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.292454] kthread+0x337/0x6f0 [ 11.292472] ? trace_preempt_on+0x20/0xc0 [ 11.292495] ? __pfx_kthread+0x10/0x10 [ 11.292515] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.292535] ? calculate_sigpending+0x7b/0xa0 [ 11.292558] ? __pfx_kthread+0x10/0x10 [ 11.292578] ret_from_fork+0x116/0x1d0 [ 11.292596] ? __pfx_kthread+0x10/0x10 [ 11.292615] ret_from_fork_asm+0x1a/0x30 [ 11.292644] </TASK> [ 11.292654] [ 11.300964] The buggy address belongs to the physical page: [ 11.301203] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 11.301828] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.302059] flags: 0x200000000000040(head|node=0|zone=2) [ 11.302486] page_type: f8(unknown) [ 11.302842] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.303146] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.303563] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.303800] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.304035] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 11.304540] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.305121] page dumped because: kasan: bad access detected [ 11.307223] [ 11.307333] Memory state around the buggy address: [ 11.307547] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.308344] ffff8881029fe000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.308578] >ffff8881029fe080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.308791] ^ [ 11.308995] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.309308] ffff8881029fe180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.309608] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 11.043046] ================================================================== [ 11.044201] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.044434] Read of size 1 at addr ffff888103980000 by task kunit_try_catch/172 [ 11.044651] [ 11.044741] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.044785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.044797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.044817] Call Trace: [ 11.044829] <TASK> [ 11.044844] dump_stack_lvl+0x73/0xb0 [ 11.044870] print_report+0xd1/0x650 [ 11.044892] ? __virt_addr_valid+0x1db/0x2d0 [ 11.044915] ? page_alloc_uaf+0x356/0x3d0 [ 11.044936] ? kasan_addr_to_slab+0x11/0xa0 [ 11.044955] ? page_alloc_uaf+0x356/0x3d0 [ 11.044976] kasan_report+0x141/0x180 [ 11.044997] ? page_alloc_uaf+0x356/0x3d0 [ 11.045022] __asan_report_load1_noabort+0x18/0x20 [ 11.045045] page_alloc_uaf+0x356/0x3d0 [ 11.045065] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.045087] ? __schedule+0x10cc/0x2b60 [ 11.045119] ? __pfx_read_tsc+0x10/0x10 [ 11.045140] ? ktime_get_ts64+0x86/0x230 [ 11.045163] kunit_try_run_case+0x1a5/0x480 [ 11.045187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.045209] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.045230] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.045251] ? __kthread_parkme+0x82/0x180 [ 11.045270] ? preempt_count_sub+0x50/0x80 [ 11.045292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.045315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.045338] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.045362] kthread+0x337/0x6f0 [ 11.045380] ? trace_preempt_on+0x20/0xc0 [ 11.045403] ? __pfx_kthread+0x10/0x10 [ 11.045423] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.045442] ? calculate_sigpending+0x7b/0xa0 [ 11.045465] ? __pfx_kthread+0x10/0x10 [ 11.045486] ret_from_fork+0x116/0x1d0 [ 11.045503] ? __pfx_kthread+0x10/0x10 [ 11.045522] ret_from_fork_asm+0x1a/0x30 [ 11.045551] </TASK> [ 11.045563] [ 11.061325] The buggy address belongs to the physical page: [ 11.061830] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 11.062563] flags: 0x200000000000000(node=0|zone=2) [ 11.062735] page_type: f0(buddy) [ 11.062860] raw: 0200000000000000 ffff88817fffb538 ffff88817fffb538 0000000000000000 [ 11.063094] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000 [ 11.063518] page dumped because: kasan: bad access detected [ 11.063743] [ 11.063834] Memory state around the buggy address: [ 11.064027] ffff88810397ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.064437] ffff88810397ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.064697] >ffff888103980000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.065009] ^ [ 11.065251] ffff888103980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.065573] ffff888103980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.065805] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 11.007542] ================================================================== [ 11.008040] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 11.009090] Free of addr ffff8881029fc001 by task kunit_try_catch/168 [ 11.010015] [ 11.010373] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.010418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.010430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.010450] Call Trace: [ 11.010462] <TASK> [ 11.010476] dump_stack_lvl+0x73/0xb0 [ 11.010503] print_report+0xd1/0x650 [ 11.010524] ? __virt_addr_valid+0x1db/0x2d0 [ 11.010546] ? kasan_addr_to_slab+0x11/0xa0 [ 11.010565] ? kfree+0x274/0x3f0 [ 11.010586] kasan_report_invalid_free+0x10a/0x130 [ 11.010609] ? kfree+0x274/0x3f0 [ 11.010631] ? kfree+0x274/0x3f0 [ 11.010650] __kasan_kfree_large+0x86/0xd0 [ 11.010670] free_large_kmalloc+0x4b/0x110 [ 11.010693] kfree+0x274/0x3f0 [ 11.010717] kmalloc_large_invalid_free+0x120/0x2b0 [ 11.010738] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 11.010760] ? __schedule+0x10cc/0x2b60 [ 11.010780] ? __pfx_read_tsc+0x10/0x10 [ 11.010799] ? ktime_get_ts64+0x86/0x230 [ 11.010821] kunit_try_run_case+0x1a5/0x480 [ 11.010843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.010864] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.010885] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.010906] ? __kthread_parkme+0x82/0x180 [ 11.010925] ? preempt_count_sub+0x50/0x80 [ 11.010947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.010969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.010990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.011012] kthread+0x337/0x6f0 [ 11.011030] ? trace_preempt_on+0x20/0xc0 [ 11.011052] ? __pfx_kthread+0x10/0x10 [ 11.011072] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.011091] ? calculate_sigpending+0x7b/0xa0 [ 11.011125] ? __pfx_kthread+0x10/0x10 [ 11.011146] ret_from_fork+0x116/0x1d0 [ 11.011164] ? __pfx_kthread+0x10/0x10 [ 11.011183] ret_from_fork_asm+0x1a/0x30 [ 11.011218] </TASK> [ 11.011229] [ 11.026561] The buggy address belongs to the physical page: [ 11.026761] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 11.027013] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.027286] flags: 0x200000000000040(head|node=0|zone=2) [ 11.027982] page_type: f8(unknown) [ 11.028493] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.029366] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.030130] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.031019] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.031813] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 11.032584] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.032811] page dumped because: kasan: bad access detected [ 11.032980] [ 11.033048] Memory state around the buggy address: [ 11.033236] ffff8881029fbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.034074] ffff8881029fbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.034835] >ffff8881029fc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.035595] ^ [ 11.035944] ffff8881029fc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.036670] ffff8881029fc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.037706] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 10.989591] ================================================================== [ 10.990632] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 10.990931] Read of size 1 at addr ffff8881029fc000 by task kunit_try_catch/166 [ 10.991244] [ 10.991417] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.991458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.991469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.991488] Call Trace: [ 10.991500] <TASK> [ 10.991514] dump_stack_lvl+0x73/0xb0 [ 10.991540] print_report+0xd1/0x650 [ 10.991562] ? __virt_addr_valid+0x1db/0x2d0 [ 10.991583] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.991602] ? kasan_addr_to_slab+0x11/0xa0 [ 10.991622] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.991641] kasan_report+0x141/0x180 [ 10.991662] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.991687] __asan_report_load1_noabort+0x18/0x20 [ 10.991711] kmalloc_large_uaf+0x2f1/0x340 [ 10.991730] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 10.991752] ? __schedule+0x10cc/0x2b60 [ 10.991773] ? __pfx_read_tsc+0x10/0x10 [ 10.991792] ? ktime_get_ts64+0x86/0x230 [ 10.991815] kunit_try_run_case+0x1a5/0x480 [ 10.991838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.991859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.991880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.991902] ? __kthread_parkme+0x82/0x180 [ 10.991921] ? preempt_count_sub+0x50/0x80 [ 10.991944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.991966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.991988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.992009] kthread+0x337/0x6f0 [ 10.992028] ? trace_preempt_on+0x20/0xc0 [ 10.992051] ? __pfx_kthread+0x10/0x10 [ 10.992070] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.992090] ? calculate_sigpending+0x7b/0xa0 [ 10.992127] ? __pfx_kthread+0x10/0x10 [ 10.992147] ret_from_fork+0x116/0x1d0 [ 10.992165] ? __pfx_kthread+0x10/0x10 [ 10.992184] ret_from_fork_asm+0x1a/0x30 [ 10.992214] </TASK> [ 10.992224] [ 10.999289] The buggy address belongs to the physical page: [ 10.999625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 10.999897] flags: 0x200000000000000(node=0|zone=2) [ 11.000071] raw: 0200000000000000 ffffea00040a8008 ffff88815b039f80 0000000000000000 [ 11.000365] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 11.000809] page dumped because: kasan: bad access detected [ 11.001055] [ 11.001254] Memory state around the buggy address: [ 11.001447] ffff8881029fbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.001667] ffff8881029fbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.001982] >ffff8881029fc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.002542] ^ [ 11.002676] ffff8881029fc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.002987] ffff8881029fc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.003345] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 10.967145] ================================================================== [ 10.967836] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 10.968162] Write of size 1 at addr ffff8881029fe00a by task kunit_try_catch/164 [ 10.968497] [ 10.968616] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.968660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.968671] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.968692] Call Trace: [ 10.968703] <TASK> [ 10.968719] dump_stack_lvl+0x73/0xb0 [ 10.968747] print_report+0xd1/0x650 [ 10.968768] ? __virt_addr_valid+0x1db/0x2d0 [ 10.968791] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.968811] ? kasan_addr_to_slab+0x11/0xa0 [ 10.968831] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.968852] kasan_report+0x141/0x180 [ 10.968872] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.968898] __asan_report_store1_noabort+0x1b/0x30 [ 10.968917] kmalloc_large_oob_right+0x2e9/0x330 [ 10.968938] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 10.968960] ? __schedule+0x10cc/0x2b60 [ 10.968981] ? __pfx_read_tsc+0x10/0x10 [ 10.969001] ? ktime_get_ts64+0x86/0x230 [ 10.969026] kunit_try_run_case+0x1a5/0x480 [ 10.969050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.969070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.969092] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.969126] ? __kthread_parkme+0x82/0x180 [ 10.969147] ? preempt_count_sub+0x50/0x80 [ 10.969170] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.969192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.969213] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.969234] kthread+0x337/0x6f0 [ 10.969253] ? trace_preempt_on+0x20/0xc0 [ 10.969276] ? __pfx_kthread+0x10/0x10 [ 10.969296] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.969315] ? calculate_sigpending+0x7b/0xa0 [ 10.969338] ? __pfx_kthread+0x10/0x10 [ 10.969358] ret_from_fork+0x116/0x1d0 [ 10.969375] ? __pfx_kthread+0x10/0x10 [ 10.969395] ret_from_fork_asm+0x1a/0x30 [ 10.969424] </TASK> [ 10.969434] [ 10.981229] The buggy address belongs to the physical page: [ 10.981524] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029fc [ 10.981863] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.982141] flags: 0x200000000000040(head|node=0|zone=2) [ 10.982612] page_type: f8(unknown) [ 10.982805] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.983170] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.983599] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.983913] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.984242] head: 0200000000000002 ffffea00040a7f01 00000000ffffffff 00000000ffffffff [ 10.984637] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.984911] page dumped because: kasan: bad access detected [ 10.985173] [ 10.985260] Memory state around the buggy address: [ 10.985529] ffff8881029fdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.985807] ffff8881029fdf80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.986131] >ffff8881029fe000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.986467] ^ [ 10.986625] ffff8881029fe080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.987043] ffff8881029fe100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.987479] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 10.930304] ================================================================== [ 10.931467] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 10.931716] Write of size 1 at addr ffff888102a35f00 by task kunit_try_catch/162 [ 10.931944] [ 10.932032] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.932076] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.932087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.932119] Call Trace: [ 10.932133] <TASK> [ 10.932149] dump_stack_lvl+0x73/0xb0 [ 10.932175] print_report+0xd1/0x650 [ 10.932198] ? __virt_addr_valid+0x1db/0x2d0 [ 10.932220] ? kmalloc_big_oob_right+0x316/0x370 [ 10.932240] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.932262] ? kmalloc_big_oob_right+0x316/0x370 [ 10.932284] kasan_report+0x141/0x180 [ 10.932305] ? kmalloc_big_oob_right+0x316/0x370 [ 10.932331] __asan_report_store1_noabort+0x1b/0x30 [ 10.932350] kmalloc_big_oob_right+0x316/0x370 [ 10.932371] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 10.932393] ? __schedule+0x10cc/0x2b60 [ 10.932414] ? __pfx_read_tsc+0x10/0x10 [ 10.932434] ? ktime_get_ts64+0x86/0x230 [ 10.932457] kunit_try_run_case+0x1a5/0x480 [ 10.932480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.932500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.932522] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.932543] ? __kthread_parkme+0x82/0x180 [ 10.932562] ? preempt_count_sub+0x50/0x80 [ 10.932584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.932606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.932627] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.932648] kthread+0x337/0x6f0 [ 10.932666] ? trace_preempt_on+0x20/0xc0 [ 10.932688] ? __pfx_kthread+0x10/0x10 [ 10.932708] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.932728] ? calculate_sigpending+0x7b/0xa0 [ 10.932749] ? __pfx_kthread+0x10/0x10 [ 10.932769] ret_from_fork+0x116/0x1d0 [ 10.932786] ? __pfx_kthread+0x10/0x10 [ 10.932805] ret_from_fork_asm+0x1a/0x30 [ 10.932834] </TASK> [ 10.932845] [ 10.948073] Allocated by task 162: [ 10.948548] kasan_save_stack+0x45/0x70 [ 10.948861] kasan_save_track+0x18/0x40 [ 10.949355] kasan_save_alloc_info+0x3b/0x50 [ 10.949559] __kasan_kmalloc+0xb7/0xc0 [ 10.949732] __kmalloc_cache_noprof+0x189/0x420 [ 10.949938] kmalloc_big_oob_right+0xa9/0x370 [ 10.950147] kunit_try_run_case+0x1a5/0x480 [ 10.950337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.950561] kthread+0x337/0x6f0 [ 10.950716] ret_from_fork+0x116/0x1d0 [ 10.950888] ret_from_fork_asm+0x1a/0x30 [ 10.951063] [ 10.951866] The buggy address belongs to the object at ffff888102a34000 [ 10.951866] which belongs to the cache kmalloc-8k of size 8192 [ 10.952811] The buggy address is located 0 bytes to the right of [ 10.952811] allocated 7936-byte region [ffff888102a34000, ffff888102a35f00) [ 10.953909] [ 10.954154] The buggy address belongs to the physical page: [ 10.954692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a30 [ 10.955418] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.955950] flags: 0x200000000000040(head|node=0|zone=2) [ 10.956435] page_type: f5(slab) [ 10.956699] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.957150] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.957728] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.958071] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.958713] head: 0200000000000003 ffffea00040a8c01 00000000ffffffff 00000000ffffffff [ 10.959245] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.960017] page dumped because: kasan: bad access detected [ 10.960533] [ 10.960769] Memory state around the buggy address: [ 10.961265] ffff888102a35e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.961579] ffff888102a35e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.961852] >ffff888102a35f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.962160] ^ [ 10.962421] ffff888102a35f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.962698] ffff888102a36000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.963079] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 10.887224] ================================================================== [ 10.887755] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.888021] Write of size 1 at addr ffff8881029db278 by task kunit_try_catch/160 [ 10.888436] [ 10.888531] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.888574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.888585] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.888606] Call Trace: [ 10.888618] <TASK> [ 10.888634] dump_stack_lvl+0x73/0xb0 [ 10.888663] print_report+0xd1/0x650 [ 10.888684] ? __virt_addr_valid+0x1db/0x2d0 [ 10.888707] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.888731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.888751] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.888775] kasan_report+0x141/0x180 [ 10.888796] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.888824] __asan_report_store1_noabort+0x1b/0x30 [ 10.888844] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.888867] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.888891] ? __schedule+0x10cc/0x2b60 [ 10.888913] ? __pfx_read_tsc+0x10/0x10 [ 10.888934] ? ktime_get_ts64+0x86/0x230 [ 10.888959] kunit_try_run_case+0x1a5/0x480 [ 10.888983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.889003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.889025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.889046] ? __kthread_parkme+0x82/0x180 [ 10.889066] ? preempt_count_sub+0x50/0x80 [ 10.889089] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.889132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.889155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.889177] kthread+0x337/0x6f0 [ 10.889195] ? trace_preempt_on+0x20/0xc0 [ 10.889218] ? __pfx_kthread+0x10/0x10 [ 10.889238] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.889257] ? calculate_sigpending+0x7b/0xa0 [ 10.889281] ? __pfx_kthread+0x10/0x10 [ 10.889301] ret_from_fork+0x116/0x1d0 [ 10.889337] ? __pfx_kthread+0x10/0x10 [ 10.889357] ret_from_fork_asm+0x1a/0x30 [ 10.889387] </TASK> [ 10.889398] [ 10.903166] Allocated by task 160: [ 10.903538] kasan_save_stack+0x45/0x70 [ 10.904217] kasan_save_track+0x18/0x40 [ 10.904373] kasan_save_alloc_info+0x3b/0x50 [ 10.904780] __kasan_kmalloc+0xb7/0xc0 [ 10.905090] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.905366] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.905838] kunit_try_run_case+0x1a5/0x480 [ 10.906249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.906656] kthread+0x337/0x6f0 [ 10.906785] ret_from_fork+0x116/0x1d0 [ 10.906918] ret_from_fork_asm+0x1a/0x30 [ 10.907059] [ 10.907150] The buggy address belongs to the object at ffff8881029db200 [ 10.907150] which belongs to the cache kmalloc-128 of size 128 [ 10.907802] The buggy address is located 0 bytes to the right of [ 10.907802] allocated 120-byte region [ffff8881029db200, ffff8881029db278) [ 10.908397] [ 10.908502] The buggy address belongs to the physical page: [ 10.908730] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 10.909045] flags: 0x200000000000000(node=0|zone=2) [ 10.909398] page_type: f5(slab) [ 10.909531] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.909864] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.910241] page dumped because: kasan: bad access detected [ 10.910493] [ 10.910587] Memory state around the buggy address: [ 10.910784] ffff8881029db100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.911038] ffff8881029db180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.911297] >ffff8881029db200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.911606] ^ [ 10.912043] ffff8881029db280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.912404] ffff8881029db300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.912644] ==================================================================
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 138.430089] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 138.430236] WARNING: CPU: 0 PID: 2569 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 138.431935] Modules linked in: [ 138.432455] CPU: 0 UID: 0 PID: 2569 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 138.432976] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 138.433310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 138.434290] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 138.434920] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 9d 24 80 00 48 c7 c1 40 76 3e b3 4c 89 f2 48 c7 c7 00 73 3e b3 48 89 c6 e8 74 c7 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 138.436143] RSP: 0000:ffff8881015b7d18 EFLAGS: 00010286 [ 138.436698] RAX: 0000000000000000 RBX: ffff88810279ec00 RCX: 1ffffffff6824c80 [ 138.437499] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 138.438445] RBP: ffff8881015b7d48 R08: 0000000000000000 R09: fffffbfff6824c80 [ 138.439028] R10: 0000000000000003 R11: 0000000000038968 R12: ffff888106dfd800 [ 138.439724] R13: ffff88810279ecf8 R14: ffff888100a6fc00 R15: ffff88810039fb40 [ 138.440505] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 138.441140] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.441918] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 138.442234] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 138.442905] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 138.443714] Call Trace: [ 138.443881] <TASK> [ 138.443979] ? trace_preempt_on+0x20/0xc0 [ 138.444207] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 138.444688] drm_gem_shmem_free_wrapper+0x12/0x20 [ 138.445113] __kunit_action_free+0x57/0x70 [ 138.445566] kunit_remove_resource+0x133/0x200 [ 138.445895] ? preempt_count_sub+0x50/0x80 [ 138.446064] kunit_cleanup+0x7a/0x120 [ 138.446378] kunit_try_run_case_cleanup+0xbd/0xf0 [ 138.446896] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 138.447462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 138.448203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 138.448604] kthread+0x337/0x6f0 [ 138.448741] ? trace_preempt_on+0x20/0xc0 [ 138.448888] ? __pfx_kthread+0x10/0x10 [ 138.449040] ? _raw_spin_unlock_irq+0x47/0x80 [ 138.449231] ? calculate_sigpending+0x7b/0xa0 [ 138.449433] ? __pfx_kthread+0x10/0x10 [ 138.449572] ret_from_fork+0x116/0x1d0 [ 138.449861] ? __pfx_kthread+0x10/0x10 [ 138.450072] ret_from_fork_asm+0x1a/0x30 [ 138.450229] </TASK> [ 138.450803] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 138.294078] WARNING: CPU: 0 PID: 2550 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 138.294881] Modules linked in: [ 138.295427] CPU: 0 UID: 0 PID: 2550 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 138.296009] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 138.296332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 138.297066] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 138.297330] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 138.298060] RSP: 0000:ffff888106cd7b30 EFLAGS: 00010246 [ 138.298309] RAX: dffffc0000000000 RBX: ffff888106cd7c28 RCX: 0000000000000000 [ 138.298605] RDX: 1ffff11020d9af8e RSI: ffff888106cd7c28 RDI: ffff888106cd7c70 [ 138.298907] RBP: ffff888106cd7b70 R08: ffff888106d84000 R09: ffffffffb33d7980 [ 138.299772] R10: 0000000000000003 R11: 000000000601c649 R12: ffff888106d84000 [ 138.300479] R13: ffff88810039fae8 R14: ffff888106cd7ba8 R15: 0000000000000000 [ 138.300925] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 138.301515] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.301947] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 138.302520] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 138.302974] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 138.303558] Call Trace: [ 138.303854] <TASK> [ 138.304097] ? add_dr+0xc1/0x1d0 [ 138.304627] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 138.304880] ? add_dr+0x148/0x1d0 [ 138.305087] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 138.305656] ? __drmm_add_action+0x1a4/0x280 [ 138.305886] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 138.306287] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 138.306637] ? __drmm_add_action_or_reset+0x22/0x50 [ 138.306974] ? __schedule+0x10cc/0x2b60 [ 138.307416] ? __pfx_read_tsc+0x10/0x10 [ 138.307622] ? ktime_get_ts64+0x86/0x230 [ 138.307908] kunit_try_run_case+0x1a5/0x480 [ 138.308147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 138.308691] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 138.309062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 138.309330] ? __kthread_parkme+0x82/0x180 [ 138.309732] ? preempt_count_sub+0x50/0x80 [ 138.309987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 138.310290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 138.310655] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 138.310976] kthread+0x337/0x6f0 [ 138.311168] ? trace_preempt_on+0x20/0xc0 [ 138.311723] ? __pfx_kthread+0x10/0x10 [ 138.311978] ? _raw_spin_unlock_irq+0x47/0x80 [ 138.312385] ? calculate_sigpending+0x7b/0xa0 [ 138.312690] ? __pfx_kthread+0x10/0x10 [ 138.312898] ret_from_fork+0x116/0x1d0 [ 138.313113] ? __pfx_kthread+0x10/0x10 [ 138.313363] ret_from_fork_asm+0x1a/0x30 [ 138.313707] </TASK> [ 138.313807] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 138.263332] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 138.263463] WARNING: CPU: 0 PID: 2546 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 138.264590] Modules linked in: [ 138.264757] CPU: 0 UID: 0 PID: 2546 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 138.265092] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 138.265821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 138.266695] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 138.267102] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 cb 3e 87 00 48 c7 c1 40 29 3d b3 4c 89 fa 48 c7 c7 a0 29 3d b3 48 89 c6 e8 a2 e1 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 138.267954] RSP: 0000:ffff8881016efb68 EFLAGS: 00010282 [ 138.268191] RAX: 0000000000000000 RBX: ffff8881016efc40 RCX: 1ffffffff6824c80 [ 138.268661] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 138.268939] RBP: ffff8881016efb90 R08: 0000000000000000 R09: fffffbfff6824c80 [ 138.269223] R10: 0000000000000003 R11: 0000000000036fc0 R12: ffff8881016efc18 [ 138.269692] R13: ffff888106df8800 R14: ffff888106d82000 R15: ffff88810728db80 [ 138.269982] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 138.270441] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 138.270828] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 138.271091] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 138.271434] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 138.271756] Call Trace: [ 138.271915] <TASK> [ 138.272226] drm_test_framebuffer_free+0x1ab/0x610 [ 138.272472] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 138.272721] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 138.272945] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 138.273188] ? __drmm_add_action_or_reset+0x22/0x50 [ 138.273654] ? __schedule+0x10cc/0x2b60 [ 138.273879] ? __pfx_read_tsc+0x10/0x10 [ 138.274160] ? ktime_get_ts64+0x86/0x230 [ 138.274448] kunit_try_run_case+0x1a5/0x480 [ 138.274697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 138.274890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 138.275119] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 138.275430] ? __kthread_parkme+0x82/0x180 [ 138.275627] ? preempt_count_sub+0x50/0x80 [ 138.275826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 138.276027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 138.276356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 138.276630] kthread+0x337/0x6f0 [ 138.276814] ? trace_preempt_on+0x20/0xc0 [ 138.276978] ? __pfx_kthread+0x10/0x10 [ 138.277389] ? _raw_spin_unlock_irq+0x47/0x80 [ 138.277593] ? calculate_sigpending+0x7b/0xa0 [ 138.277794] ? __pfx_kthread+0x10/0x10 [ 138.277990] ret_from_fork+0x116/0x1d0 [ 138.278194] ? __pfx_kthread+0x10/0x10 [ 138.278469] ret_from_fork_asm+0x1a/0x30 [ 138.278714] </TASK> [ 138.278825] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 137.035603] WARNING: CPU: 0 PID: 1984 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 137.036717] Modules linked in: [ 137.036917] CPU: 0 UID: 0 PID: 1984 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 137.037560] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 137.037801] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 137.038326] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 137.038609] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 137.039816] RSP: 0000:ffff888102e47c90 EFLAGS: 00010246 [ 137.040605] RAX: dffffc0000000000 RBX: ffff8881028e0000 RCX: 0000000000000000 [ 137.041325] RDX: 1ffff1102051c032 RSI: ffffffffb0605688 RDI: ffff8881028e0190 [ 137.041987] RBP: ffff888102e47ca0 R08: 1ffff11020073f69 R09: ffffed10205c8f65 [ 137.042716] R10: 0000000000000003 R11: ffffffffafb86fb8 R12: 0000000000000000 [ 137.042936] R13: ffff888102e47d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 137.043250] FS: 0000000000000000(0000) GS:ffff8881a5c74000(0000) knlGS:0000000000000000 [ 137.043643] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 137.043913] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 137.044213] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450442 [ 137.044822] DR3: ffffffffb5450443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 137.045150] Call Trace: [ 137.045294] <TASK> [ 137.045532] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 137.045979] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 137.046341] ? __schedule+0x10cc/0x2b60 [ 137.046676] ? __pfx_read_tsc+0x10/0x10 [ 137.046896] ? ktime_get_ts64+0x86/0x230 [ 137.047136] kunit_try_run_case+0x1a5/0x480 [ 137.047385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 137.047659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 137.047900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 137.048104] ? __kthread_parkme+0x82/0x180 [ 137.048599] ? preempt_count_sub+0x50/0x80 [ 137.048779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 137.049031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 137.049435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 137.049765] kthread+0x337/0x6f0 [ 137.049938] ? trace_preempt_on+0x20/0xc0 [ 137.050176] ? __pfx_kthread+0x10/0x10 [ 137.050547] ? _raw_spin_unlock_irq+0x47/0x80 [ 137.050736] ? calculate_sigpending+0x7b/0xa0 [ 137.051407] ? __pfx_kthread+0x10/0x10 [ 137.051630] ret_from_fork+0x116/0x1d0 [ 137.051832] ? __pfx_kthread+0x10/0x10 [ 137.052316] ret_from_fork_asm+0x1a/0x30 [ 137.052634] </TASK> [ 137.052831] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 136.960707] WARNING: CPU: 1 PID: 1976 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 136.961151] Modules linked in: [ 136.961633] CPU: 1 UID: 0 PID: 1976 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 136.962965] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 136.963484] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 136.963751] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 136.963948] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 136.964872] RSP: 0000:ffff888108547c90 EFLAGS: 00010246 [ 136.965083] RAX: dffffc0000000000 RBX: ffff88810190e000 RCX: 0000000000000000 [ 136.965328] RDX: 1ffff11020321c32 RSI: ffffffffb0605688 RDI: ffff88810190e190 [ 136.965781] RBP: ffff888108547ca0 R08: 1ffff11020073f69 R09: ffffed10210a8f65 [ 136.966048] R10: 0000000000000003 R11: ffffffffafb86fb8 R12: 0000000000000000 [ 136.966683] R13: ffff888108547d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 136.966964] FS: 0000000000000000(0000) GS:ffff8881a5d74000(0000) knlGS:0000000000000000 [ 136.967424] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 136.967885] CR2: 00007ffff7ffe000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 136.968330] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450443 [ 136.968785] DR3: ffffffffb5450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 136.969107] Call Trace: [ 136.969362] <TASK> [ 136.969551] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 136.969910] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 136.970514] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 136.970875] kunit_try_run_case+0x1a5/0x480 [ 136.971124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 136.971540] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 136.971866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 136.972105] ? __kthread_parkme+0x82/0x180 [ 136.972490] ? preempt_count_sub+0x50/0x80 [ 136.972695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 136.972909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 136.973266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 136.973546] kthread+0x337/0x6f0 [ 136.973723] ? trace_preempt_on+0x20/0xc0 [ 136.974060] ? __pfx_kthread+0x10/0x10 [ 136.974248] ? _raw_spin_unlock_irq+0x47/0x80 [ 136.974543] ? calculate_sigpending+0x7b/0xa0 [ 136.974902] ? __pfx_kthread+0x10/0x10 [ 136.975418] ret_from_fork+0x116/0x1d0 [ 136.975593] ? __pfx_kthread+0x10/0x10 [ 136.975784] ret_from_fork_asm+0x1a/0x30 [ 136.975995] </TASK> [ 136.976108] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 106.635994] WARNING: CPU: 1 PID: 674 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 106.636758] Modules linked in: [ 106.637512] CPU: 1 UID: 0 PID: 674 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 106.637980] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 106.638260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.638808] RIP: 0010:intlog10+0x2a/0x40 [ 106.638966] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 106.640573] RSP: 0000:ffff8881071afcb0 EFLAGS: 00010246 [ 106.641067] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11020e35fb4 [ 106.641762] RDX: 1ffffffff6652bc4 RSI: 1ffff11020e35fb3 RDI: 0000000000000000 [ 106.641984] RBP: ffff8881071afd60 R08: 0000000000000000 R09: ffffed1020d13b20 [ 106.642253] R10: ffff88810689d907 R11: 0000000000000000 R12: 1ffff11020e35f97 [ 106.642672] R13: ffffffffb3295e20 R14: 0000000000000000 R15: ffff8881071afd38 [ 106.642949] FS: 0000000000000000(0000) GS:ffff8881a5d74000(0000) knlGS:0000000000000000 [ 106.643592] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.643878] CR2: dffffc0000000000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 106.644266] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450443 [ 106.644735] DR3: ffffffffb5450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 106.645389] Call Trace: [ 106.645641] <TASK> [ 106.645752] ? intlog10_test+0xf2/0x220 [ 106.646158] ? __pfx_intlog10_test+0x10/0x10 [ 106.646720] ? __schedule+0x10cc/0x2b60 [ 106.646925] ? __pfx_read_tsc+0x10/0x10 [ 106.647410] ? ktime_get_ts64+0x86/0x230 [ 106.647625] kunit_try_run_case+0x1a5/0x480 [ 106.647840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.648086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 106.648651] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 106.648849] ? __kthread_parkme+0x82/0x180 [ 106.649312] ? preempt_count_sub+0x50/0x80 [ 106.649651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.649982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 106.650500] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 106.650872] kthread+0x337/0x6f0 [ 106.651069] ? trace_preempt_on+0x20/0xc0 [ 106.651631] ? __pfx_kthread+0x10/0x10 [ 106.651798] ? _raw_spin_unlock_irq+0x47/0x80 [ 106.652327] ? calculate_sigpending+0x7b/0xa0 [ 106.652517] ? __pfx_kthread+0x10/0x10 [ 106.652723] ret_from_fork+0x116/0x1d0 [ 106.652917] ? __pfx_kthread+0x10/0x10 [ 106.653138] ret_from_fork_asm+0x1a/0x30 [ 106.653736] </TASK> [ 106.653844] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 106.601758] WARNING: CPU: 1 PID: 656 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 106.602060] Modules linked in: [ 106.602393] CPU: 1 UID: 0 PID: 656 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 106.602860] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 106.603042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.603429] RIP: 0010:intlog2+0xdf/0x110 [ 106.603678] Code: 29 b3 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 d7 9b 86 02 89 45 e4 e8 df ff 55 ff 8b 45 e4 eb [ 106.604785] RSP: 0000:ffff888107097cb0 EFLAGS: 00010246 [ 106.605073] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11020e12fb4 [ 106.605476] RDX: 1ffffffff6652c18 RSI: 1ffff11020e12fb3 RDI: 0000000000000000 [ 106.605758] RBP: ffff888107097d60 R08: 0000000000000000 R09: ffffed1020d147e0 [ 106.606100] R10: ffff8881068a3f07 R11: 0000000000000000 R12: 1ffff11020e12f97 [ 106.606522] R13: ffffffffb32960c0 R14: 0000000000000000 R15: ffff888107097d38 [ 106.606904] FS: 0000000000000000(0000) GS:ffff8881a5d74000(0000) knlGS:0000000000000000 [ 106.607342] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.607584] CR2: dffffc0000000000 CR3: 00000000602bc000 CR4: 00000000000006f0 [ 106.607890] DR0: ffffffffb5450440 DR1: ffffffffb5450441 DR2: ffffffffb5450443 [ 106.608255] DR3: ffffffffb5450445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 106.608499] Call Trace: [ 106.608699] <TASK> [ 106.609022] ? intlog2_test+0xf2/0x220 [ 106.609400] ? __pfx_intlog2_test+0x10/0x10 [ 106.609690] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 106.610005] ? trace_hardirqs_on+0x37/0xe0 [ 106.610226] ? __pfx_read_tsc+0x10/0x10 [ 106.610592] ? ktime_get_ts64+0x86/0x230 [ 106.610820] kunit_try_run_case+0x1a5/0x480 [ 106.610999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.611340] ? queued_spin_lock_slowpath+0x116/0xb40 [ 106.611590] ? __kthread_parkme+0x82/0x180 [ 106.611818] ? preempt_count_sub+0x50/0x80 [ 106.612024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.612466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 106.612744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 106.613066] kthread+0x337/0x6f0 [ 106.613400] ? trace_preempt_on+0x20/0xc0 [ 106.613597] ? __pfx_kthread+0x10/0x10 [ 106.613820] ? _raw_spin_unlock_irq+0x47/0x80 [ 106.614053] ? calculate_sigpending+0x7b/0xa0 [ 106.614253] ? __pfx_kthread+0x10/0x10 [ 106.614603] ret_from_fork+0x116/0x1d0 [ 106.614822] ? __pfx_kthread+0x10/0x10 [ 106.614987] ret_from_fork_asm+0x1a/0x30 [ 106.615358] </TASK> [ 106.615538] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 106.052828] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI