Date
July 5, 2025, 5:09 p.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 48.547094] ================================================================== [ 48.547517] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 48.547517] [ 48.547998] Use-after-free read at 0x(____ptrval____) (in kfence-#142): [ 48.548230] test_krealloc+0x6fc/0xbe0 [ 48.548431] kunit_try_run_case+0x1a5/0x480 [ 48.548661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.548839] kthread+0x337/0x6f0 [ 48.549547] ret_from_fork+0x116/0x1d0 [ 48.549807] ret_from_fork_asm+0x1a/0x30 [ 48.550004] [ 48.550085] kfence-#142: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 48.550085] [ 48.550499] allocated by task 356 on cpu 0 at 48.546527s (0.003970s ago): [ 48.551103] test_alloc+0x364/0x10f0 [ 48.551275] test_krealloc+0xad/0xbe0 [ 48.551561] kunit_try_run_case+0x1a5/0x480 [ 48.551753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.551997] kthread+0x337/0x6f0 [ 48.552158] ret_from_fork+0x116/0x1d0 [ 48.552331] ret_from_fork_asm+0x1a/0x30 [ 48.552523] [ 48.552605] freed by task 356 on cpu 0 at 48.546741s (0.005862s ago): [ 48.553277] krealloc_noprof+0x108/0x340 [ 48.553469] test_krealloc+0x226/0xbe0 [ 48.553876] kunit_try_run_case+0x1a5/0x480 [ 48.554150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.554465] kthread+0x337/0x6f0 [ 48.554652] ret_from_fork+0x116/0x1d0 [ 48.554953] ret_from_fork_asm+0x1a/0x30 [ 48.555207] [ 48.555332] CPU: 0 UID: 0 PID: 356 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 48.555896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.556189] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.556633] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 48.458941] ================================================================== [ 48.459796] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.459796] [ 48.460271] Use-after-free read at 0x(____ptrval____) (in kfence-#141): [ 48.460585] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.461603] kunit_try_run_case+0x1a5/0x480 [ 48.462182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.462464] kthread+0x337/0x6f0 [ 48.462639] ret_from_fork+0x116/0x1d0 [ 48.462960] ret_from_fork_asm+0x1a/0x30 [ 48.463318] [ 48.463548] kfence-#141: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 48.463548] [ 48.463993] allocated by task 354 on cpu 0 at 48.442967s (0.021024s ago): [ 48.464279] test_alloc+0x2a6/0x10f0 [ 48.464447] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 48.464674] kunit_try_run_case+0x1a5/0x480 [ 48.464886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.465170] kthread+0x337/0x6f0 [ 48.465346] ret_from_fork+0x116/0x1d0 [ 48.465503] ret_from_fork_asm+0x1a/0x30 [ 48.465704] [ 48.465842] freed by task 354 on cpu 0 at 48.443075s (0.022764s ago): [ 48.466110] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 48.466331] kunit_try_run_case+0x1a5/0x480 [ 48.466532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.466784] kthread+0x337/0x6f0 [ 48.466910] ret_from_fork+0x116/0x1d0 [ 48.467078] ret_from_fork_asm+0x1a/0x30 [ 48.467279] [ 48.467405] CPU: 0 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 48.467865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.468125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.468507] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 24.016226] ================================================================== [ 24.016746] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 24.016746] [ 24.017413] Invalid read at 0x(____ptrval____): [ 24.017669] test_invalid_access+0xf0/0x210 [ 24.017890] kunit_try_run_case+0x1a5/0x480 [ 24.018084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.018484] kthread+0x337/0x6f0 [ 24.018720] ret_from_fork+0x116/0x1d0 [ 24.019008] ret_from_fork_asm+0x1a/0x30 [ 24.019183] [ 24.019318] CPU: 1 UID: 0 PID: 350 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 24.019870] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.020092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.020608] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 23.794769] ================================================================== [ 23.795229] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.795229] [ 23.795628] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#137): [ 23.796263] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.796487] kunit_try_run_case+0x1a5/0x480 [ 23.796717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.796944] kthread+0x337/0x6f0 [ 23.797119] ret_from_fork+0x116/0x1d0 [ 23.797257] ret_from_fork_asm+0x1a/0x30 [ 23.797474] [ 23.797582] kfence-#137: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.797582] [ 23.798017] allocated by task 344 on cpu 0 at 23.794516s (0.003498s ago): [ 23.798278] test_alloc+0x364/0x10f0 [ 23.798436] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 23.798700] kunit_try_run_case+0x1a5/0x480 [ 23.798914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.799129] kthread+0x337/0x6f0 [ 23.799253] ret_from_fork+0x116/0x1d0 [ 23.799445] ret_from_fork_asm+0x1a/0x30 [ 23.799659] [ 23.799754] freed by task 344 on cpu 0 at 23.794656s (0.005096s ago): [ 23.799998] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 23.800197] kunit_try_run_case+0x1a5/0x480 [ 23.800410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.800691] kthread+0x337/0x6f0 [ 23.800866] ret_from_fork+0x116/0x1d0 [ 23.801003] ret_from_fork_asm+0x1a/0x30 [ 23.801161] [ 23.801287] CPU: 0 UID: 0 PID: 344 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.801794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.801974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.802245] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 13.386663] ================================================================== [ 13.387364] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.387682] Read of size 1 at addr ffff8881039dfd02 by task kunit_try_catch/267 [ 13.388024] [ 13.388172] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.388286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.388300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.388321] Call Trace: [ 13.388335] <TASK> [ 13.388350] dump_stack_lvl+0x73/0xb0 [ 13.388378] print_report+0xd1/0x650 [ 13.388401] ? __virt_addr_valid+0x1db/0x2d0 [ 13.388423] ? kasan_stack_oob+0x2b5/0x300 [ 13.388442] ? kasan_addr_to_slab+0x11/0xa0 [ 13.388474] ? kasan_stack_oob+0x2b5/0x300 [ 13.388495] kasan_report+0x141/0x180 [ 13.388518] ? kasan_stack_oob+0x2b5/0x300 [ 13.388543] __asan_report_load1_noabort+0x18/0x20 [ 13.388566] kasan_stack_oob+0x2b5/0x300 [ 13.388586] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.388605] ? finish_task_switch.isra.0+0x153/0x700 [ 13.388627] ? __switch_to+0x47/0xf50 [ 13.388652] ? __schedule+0x10cc/0x2b60 [ 13.388675] ? __pfx_read_tsc+0x10/0x10 [ 13.388710] ? ktime_get_ts64+0x86/0x230 [ 13.388734] kunit_try_run_case+0x1a5/0x480 [ 13.388758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.388780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.388803] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.388826] ? __kthread_parkme+0x82/0x180 [ 13.388846] ? preempt_count_sub+0x50/0x80 [ 13.388869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.388892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.388915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.388937] kthread+0x337/0x6f0 [ 13.388957] ? trace_preempt_on+0x20/0xc0 [ 13.388980] ? __pfx_kthread+0x10/0x10 [ 13.389001] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.389022] ? calculate_sigpending+0x7b/0xa0 [ 13.389045] ? __pfx_kthread+0x10/0x10 [ 13.389067] ret_from_fork+0x116/0x1d0 [ 13.389086] ? __pfx_kthread+0x10/0x10 [ 13.389106] ret_from_fork_asm+0x1a/0x30 [ 13.389135] </TASK> [ 13.389147] [ 13.401756] The buggy address belongs to stack of task kunit_try_catch/267 [ 13.402713] and is located at offset 138 in frame: [ 13.402898] kasan_stack_oob+0x0/0x300 [ 13.403157] [ 13.403264] This frame has 4 objects: [ 13.403645] [48, 49) '__assertion' [ 13.403673] [64, 72) 'array' [ 13.403884] [96, 112) '__assertion' [ 13.404057] [128, 138) 'stack_array' [ 13.404225] [ 13.404527] The buggy address belongs to the physical page: [ 13.404714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039df [ 13.405114] flags: 0x200000000000000(node=0|zone=2) [ 13.405303] raw: 0200000000000000 ffffea00040e77c8 ffffea00040e77c8 0000000000000000 [ 13.405668] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.406057] page dumped because: kasan: bad access detected [ 13.406423] [ 13.406575] Memory state around the buggy address: [ 13.406870] ffff8881039dfc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.407163] ffff8881039dfc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.407464] >ffff8881039dfd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.407877] ^ [ 13.408092] ffff8881039dfd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.408477] ffff8881039dfe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.408781] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 23.482694] ================================================================== [ 23.483100] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.483100] [ 23.483578] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#134): [ 23.484446] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.484735] kunit_try_run_case+0x1a5/0x480 [ 23.485170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.485419] kthread+0x337/0x6f0 [ 23.485604] ret_from_fork+0x116/0x1d0 [ 23.485874] ret_from_fork_asm+0x1a/0x30 [ 23.486019] [ 23.486097] kfence-#134: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.486097] [ 23.486381] allocated by task 342 on cpu 1 at 23.482474s (0.003905s ago): [ 23.486677] test_alloc+0x364/0x10f0 [ 23.487026] test_kmalloc_aligned_oob_read+0x105/0x560 [ 23.487255] kunit_try_run_case+0x1a5/0x480 [ 23.487482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.488235] kthread+0x337/0x6f0 [ 23.488404] ret_from_fork+0x116/0x1d0 [ 23.488592] ret_from_fork_asm+0x1a/0x30 [ 23.488895] [ 23.489099] CPU: 1 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 23.489662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.489965] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.490341] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 18.490965] ================================================================== [ 18.491332] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 18.491332] [ 18.491621] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#86): [ 18.492132] test_corruption+0x131/0x3e0 [ 18.492284] kunit_try_run_case+0x1a5/0x480 [ 18.492582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.493066] kthread+0x337/0x6f0 [ 18.493264] ret_from_fork+0x116/0x1d0 [ 18.493405] ret_from_fork_asm+0x1a/0x30 [ 18.493597] [ 18.493708] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.493708] [ 18.493983] allocated by task 332 on cpu 1 at 18.490856s (0.003125s ago): [ 18.494204] test_alloc+0x2a6/0x10f0 [ 18.494336] test_corruption+0xe6/0x3e0 [ 18.494484] kunit_try_run_case+0x1a5/0x480 [ 18.494629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.494830] kthread+0x337/0x6f0 [ 18.495052] ret_from_fork+0x116/0x1d0 [ 18.495247] ret_from_fork_asm+0x1a/0x30 [ 18.495448] [ 18.495569] freed by task 332 on cpu 1 at 18.490896s (0.004670s ago): [ 18.495819] test_corruption+0x131/0x3e0 [ 18.495960] kunit_try_run_case+0x1a5/0x480 [ 18.496105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.496277] kthread+0x337/0x6f0 [ 18.496397] ret_from_fork+0x116/0x1d0 [ 18.496552] ret_from_fork_asm+0x1a/0x30 [ 18.496728] [ 18.496863] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.497219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.497363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.497705] ================================================================== [ 18.178694] ================================================================== [ 18.179079] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 18.179079] [ 18.179379] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#83): [ 18.179861] test_corruption+0x2df/0x3e0 [ 18.180044] kunit_try_run_case+0x1a5/0x480 [ 18.180265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.180502] kthread+0x337/0x6f0 [ 18.180647] ret_from_fork+0x116/0x1d0 [ 18.180852] ret_from_fork_asm+0x1a/0x30 [ 18.181034] [ 18.181137] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.181137] [ 18.181443] allocated by task 330 on cpu 0 at 18.178466s (0.002975s ago): [ 18.181772] test_alloc+0x364/0x10f0 [ 18.181996] test_corruption+0x1cb/0x3e0 [ 18.182197] kunit_try_run_case+0x1a5/0x480 [ 18.182355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.182619] kthread+0x337/0x6f0 [ 18.182823] ret_from_fork+0x116/0x1d0 [ 18.183031] ret_from_fork_asm+0x1a/0x30 [ 18.183208] [ 18.183308] freed by task 330 on cpu 0 at 18.178545s (0.004761s ago): [ 18.183618] test_corruption+0x2df/0x3e0 [ 18.183802] kunit_try_run_case+0x1a5/0x480 [ 18.183989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.184264] kthread+0x337/0x6f0 [ 18.184426] ret_from_fork+0x116/0x1d0 [ 18.184616] ret_from_fork_asm+0x1a/0x30 [ 18.184885] [ 18.184992] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.185411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.185628] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.185944] ================================================================== [ 18.594643] ================================================================== [ 18.595023] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 18.595023] [ 18.595546] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#87): [ 18.596198] test_corruption+0x216/0x3e0 [ 18.596663] kunit_try_run_case+0x1a5/0x480 [ 18.597235] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.597572] kthread+0x337/0x6f0 [ 18.597764] ret_from_fork+0x116/0x1d0 [ 18.598104] ret_from_fork_asm+0x1a/0x30 [ 18.598291] [ 18.598392] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.598392] [ 18.598793] allocated by task 332 on cpu 1 at 18.594534s (0.004256s ago): [ 18.599096] test_alloc+0x2a6/0x10f0 [ 18.599290] test_corruption+0x1cb/0x3e0 [ 18.599500] kunit_try_run_case+0x1a5/0x480 [ 18.599681] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.599974] kthread+0x337/0x6f0 [ 18.600124] ret_from_fork+0x116/0x1d0 [ 18.600271] ret_from_fork_asm+0x1a/0x30 [ 18.600481] [ 18.600600] freed by task 332 on cpu 1 at 18.594579s (0.006018s ago): [ 18.600926] test_corruption+0x216/0x3e0 [ 18.601122] kunit_try_run_case+0x1a5/0x480 [ 18.601348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.601601] kthread+0x337/0x6f0 [ 18.601823] ret_from_fork+0x116/0x1d0 [ 18.602019] ret_from_fork_asm+0x1a/0x30 [ 18.602219] [ 18.602338] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.602802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.603067] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.603367] ================================================================== [ 18.074806] ================================================================== [ 18.075246] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 18.075246] [ 18.075611] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#82): [ 18.076415] test_corruption+0x2d2/0x3e0 [ 18.076640] kunit_try_run_case+0x1a5/0x480 [ 18.076828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.077236] kthread+0x337/0x6f0 [ 18.077395] ret_from_fork+0x116/0x1d0 [ 18.077596] ret_from_fork_asm+0x1a/0x30 [ 18.077802] [ 18.077907] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.077907] [ 18.078317] allocated by task 330 on cpu 0 at 18.074550s (0.003765s ago): [ 18.078678] test_alloc+0x364/0x10f0 [ 18.078891] test_corruption+0xe6/0x3e0 [ 18.079157] kunit_try_run_case+0x1a5/0x480 [ 18.079335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.079574] kthread+0x337/0x6f0 [ 18.079784] ret_from_fork+0x116/0x1d0 [ 18.079987] ret_from_fork_asm+0x1a/0x30 [ 18.080152] [ 18.080254] freed by task 330 on cpu 0 at 18.074656s (0.005595s ago): [ 18.080598] test_corruption+0x2d2/0x3e0 [ 18.080790] kunit_try_run_case+0x1a5/0x480 [ 18.081025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.081350] kthread+0x337/0x6f0 [ 18.081524] ret_from_fork+0x116/0x1d0 [ 18.081660] ret_from_fork_asm+0x1a/0x30 [ 18.082007] [ 18.082140] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 18.082603] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.083299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.083760] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 17.866643] ================================================================== [ 17.867073] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 17.867073] [ 17.867482] Invalid free of 0x(____ptrval____) (in kfence-#80): [ 17.868126] test_invalid_addr_free+0x1e1/0x260 [ 17.868304] kunit_try_run_case+0x1a5/0x480 [ 17.868544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.869141] kthread+0x337/0x6f0 [ 17.869312] ret_from_fork+0x116/0x1d0 [ 17.869504] ret_from_fork_asm+0x1a/0x30 [ 17.869858] [ 17.869962] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.869962] [ 17.870412] allocated by task 326 on cpu 0 at 17.866537s (0.003872s ago): [ 17.870896] test_alloc+0x364/0x10f0 [ 17.871078] test_invalid_addr_free+0xdb/0x260 [ 17.871297] kunit_try_run_case+0x1a5/0x480 [ 17.871476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.871724] kthread+0x337/0x6f0 [ 17.872100] ret_from_fork+0x116/0x1d0 [ 17.872357] ret_from_fork_asm+0x1a/0x30 [ 17.872530] [ 17.872769] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.873313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.873608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.874023] ================================================================== [ 17.971101] ================================================================== [ 17.971471] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 17.971471] [ 17.971747] Invalid free of 0x(____ptrval____) (in kfence-#81): [ 17.971948] test_invalid_addr_free+0xfb/0x260 [ 17.972111] kunit_try_run_case+0x1a5/0x480 [ 17.972265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.972660] kthread+0x337/0x6f0 [ 17.972963] ret_from_fork+0x116/0x1d0 [ 17.973318] ret_from_fork_asm+0x1a/0x30 [ 17.974076] [ 17.974253] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.974253] [ 17.975070] allocated by task 328 on cpu 1 at 17.970997s (0.004071s ago): [ 17.975754] test_alloc+0x2a6/0x10f0 [ 17.975974] test_invalid_addr_free+0xdb/0x260 [ 17.976128] kunit_try_run_case+0x1a5/0x480 [ 17.976277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.976464] kthread+0x337/0x6f0 [ 17.976587] ret_from_fork+0x116/0x1d0 [ 17.976744] ret_from_fork_asm+0x1a/0x30 [ 17.976887] [ 17.976985] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.977326] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.977722] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.978487] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 17.658742] ================================================================== [ 17.659250] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 17.659250] [ 17.659609] Invalid free of 0x(____ptrval____) (in kfence-#78): [ 17.659982] test_double_free+0x1d3/0x260 [ 17.660146] kunit_try_run_case+0x1a5/0x480 [ 17.660302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.660574] kthread+0x337/0x6f0 [ 17.660777] ret_from_fork+0x116/0x1d0 [ 17.660996] ret_from_fork_asm+0x1a/0x30 [ 17.661487] [ 17.662074] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.662074] [ 17.662503] allocated by task 322 on cpu 1 at 17.658479s (0.004022s ago): [ 17.663090] test_alloc+0x364/0x10f0 [ 17.663288] test_double_free+0xdb/0x260 [ 17.663488] kunit_try_run_case+0x1a5/0x480 [ 17.663957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.664214] kthread+0x337/0x6f0 [ 17.664492] ret_from_fork+0x116/0x1d0 [ 17.664834] ret_from_fork_asm+0x1a/0x30 [ 17.665037] [ 17.665123] freed by task 322 on cpu 1 at 17.658547s (0.006573s ago): [ 17.665637] test_double_free+0x1e0/0x260 [ 17.665870] kunit_try_run_case+0x1a5/0x480 [ 17.666205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.666556] kthread+0x337/0x6f0 [ 17.666863] ret_from_fork+0x116/0x1d0 [ 17.667133] ret_from_fork_asm+0x1a/0x30 [ 17.667333] [ 17.667658] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.668144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.668337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.668898] ================================================================== [ 17.762697] ================================================================== [ 17.763088] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 17.763088] [ 17.763437] Invalid free of 0x(____ptrval____) (in kfence-#79): [ 17.763786] test_double_free+0x112/0x260 [ 17.763949] kunit_try_run_case+0x1a5/0x480 [ 17.764197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.764565] kthread+0x337/0x6f0 [ 17.764694] ret_from_fork+0x116/0x1d0 [ 17.764934] ret_from_fork_asm+0x1a/0x30 [ 17.765143] [ 17.765248] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.765248] [ 17.765574] allocated by task 324 on cpu 0 at 17.762552s (0.003019s ago): [ 17.765859] test_alloc+0x2a6/0x10f0 [ 17.766059] test_double_free+0xdb/0x260 [ 17.766261] kunit_try_run_case+0x1a5/0x480 [ 17.766488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.766808] kthread+0x337/0x6f0 [ 17.766974] ret_from_fork+0x116/0x1d0 [ 17.767140] ret_from_fork_asm+0x1a/0x30 [ 17.767284] [ 17.767360] freed by task 324 on cpu 0 at 17.762593s (0.004765s ago): [ 17.767705] test_double_free+0xfa/0x260 [ 17.767929] kunit_try_run_case+0x1a5/0x480 [ 17.768145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.768325] kthread+0x337/0x6f0 [ 17.768475] ret_from_fork+0x116/0x1d0 [ 17.768670] ret_from_fork_asm+0x1a/0x30 [ 17.768892] [ 17.768993] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.769894] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.770093] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.770467] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 17.346667] ================================================================== [ 17.347063] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.347063] [ 17.347436] Use-after-free read at 0x(____ptrval____) (in kfence-#75): [ 17.348171] test_use_after_free_read+0x129/0x270 [ 17.348392] kunit_try_run_case+0x1a5/0x480 [ 17.348626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.349178] kthread+0x337/0x6f0 [ 17.349355] ret_from_fork+0x116/0x1d0 [ 17.349552] ret_from_fork_asm+0x1a/0x30 [ 17.349741] [ 17.350073] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.350073] [ 17.350518] allocated by task 316 on cpu 0 at 17.346549s (0.003966s ago): [ 17.351027] test_alloc+0x2a6/0x10f0 [ 17.351207] test_use_after_free_read+0xdc/0x270 [ 17.351420] kunit_try_run_case+0x1a5/0x480 [ 17.351624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.352092] kthread+0x337/0x6f0 [ 17.352326] ret_from_fork+0x116/0x1d0 [ 17.352573] ret_from_fork_asm+0x1a/0x30 [ 17.352780] [ 17.352994] freed by task 316 on cpu 0 at 17.346602s (0.006389s ago): [ 17.353339] test_use_after_free_read+0xfb/0x270 [ 17.353541] kunit_try_run_case+0x1a5/0x480 [ 17.353938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.354249] kthread+0x337/0x6f0 [ 17.354420] ret_from_fork+0x116/0x1d0 [ 17.354616] ret_from_fork_asm+0x1a/0x30 [ 17.354952] [ 17.355083] CPU: 0 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.355622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.355949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.356381] ================================================================== [ 17.242741] ================================================================== [ 17.243164] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.243164] [ 17.243634] Use-after-free read at 0x(____ptrval____) (in kfence-#74): [ 17.244296] test_use_after_free_read+0x129/0x270 [ 17.244545] kunit_try_run_case+0x1a5/0x480 [ 17.244941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.245179] kthread+0x337/0x6f0 [ 17.245339] ret_from_fork+0x116/0x1d0 [ 17.245527] ret_from_fork_asm+0x1a/0x30 [ 17.245960] [ 17.246066] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.246066] [ 17.246580] allocated by task 314 on cpu 0 at 17.242535s (0.004042s ago): [ 17.246992] test_alloc+0x364/0x10f0 [ 17.247159] test_use_after_free_read+0xdc/0x270 [ 17.247499] kunit_try_run_case+0x1a5/0x480 [ 17.247837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.248142] kthread+0x337/0x6f0 [ 17.248277] ret_from_fork+0x116/0x1d0 [ 17.248481] ret_from_fork_asm+0x1a/0x30 [ 17.248684] [ 17.249160] freed by task 314 on cpu 0 at 17.242599s (0.006477s ago): [ 17.249506] test_use_after_free_read+0x1e7/0x270 [ 17.249834] kunit_try_run_case+0x1a5/0x480 [ 17.250101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.250305] kthread+0x337/0x6f0 [ 17.250598] ret_from_fork+0x116/0x1d0 [ 17.250791] ret_from_fork_asm+0x1a/0x30 [ 17.250987] [ 17.251098] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.251485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.251687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.252140] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 17.034620] ================================================================== [ 17.035025] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.035025] [ 17.035524] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#72): [ 17.035845] test_out_of_bounds_write+0x10d/0x260 [ 17.036079] kunit_try_run_case+0x1a5/0x480 [ 17.036283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.036533] kthread+0x337/0x6f0 [ 17.036737] ret_from_fork+0x116/0x1d0 [ 17.036886] ret_from_fork_asm+0x1a/0x30 [ 17.037068] [ 17.037174] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.037174] [ 17.037528] allocated by task 310 on cpu 0 at 17.034507s (0.003018s ago): [ 17.037881] test_alloc+0x364/0x10f0 [ 17.038124] test_out_of_bounds_write+0xd4/0x260 [ 17.038284] kunit_try_run_case+0x1a5/0x480 [ 17.038895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.039183] kthread+0x337/0x6f0 [ 17.039359] ret_from_fork+0x116/0x1d0 [ 17.039569] ret_from_fork_asm+0x1a/0x30 [ 17.039872] [ 17.039979] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.040408] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.040631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.041070] ================================================================== [ 17.138525] ================================================================== [ 17.139020] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.139020] [ 17.139502] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#73): [ 17.139878] test_out_of_bounds_write+0x10d/0x260 [ 17.140103] kunit_try_run_case+0x1a5/0x480 [ 17.140317] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.140578] kthread+0x337/0x6f0 [ 17.140715] ret_from_fork+0x116/0x1d0 [ 17.141007] ret_from_fork_asm+0x1a/0x30 [ 17.141323] [ 17.141424] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.141424] [ 17.141851] allocated by task 312 on cpu 1 at 17.138472s (0.003377s ago): [ 17.142321] test_alloc+0x2a6/0x10f0 [ 17.142465] test_out_of_bounds_write+0xd4/0x260 [ 17.142703] kunit_try_run_case+0x1a5/0x480 [ 17.142981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.143240] kthread+0x337/0x6f0 [ 17.143386] ret_from_fork+0x116/0x1d0 [ 17.143617] ret_from_fork_asm+0x1a/0x30 [ 17.143898] [ 17.144018] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 17.144516] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.144752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.145129] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 16.410574] ================================================================== [ 16.410980] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.410980] [ 16.411532] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#66): [ 16.412255] test_out_of_bounds_read+0x126/0x4e0 [ 16.412526] kunit_try_run_case+0x1a5/0x480 [ 16.412957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.413316] kthread+0x337/0x6f0 [ 16.413523] ret_from_fork+0x116/0x1d0 [ 16.413856] ret_from_fork_asm+0x1a/0x30 [ 16.414150] [ 16.414274] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.414274] [ 16.414873] allocated by task 308 on cpu 0 at 16.410516s (0.004354s ago): [ 16.415440] test_alloc+0x2a6/0x10f0 [ 16.415645] test_out_of_bounds_read+0xed/0x4e0 [ 16.415965] kunit_try_run_case+0x1a5/0x480 [ 16.416199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.416575] kthread+0x337/0x6f0 [ 16.416860] ret_from_fork+0x116/0x1d0 [ 16.417186] ret_from_fork_asm+0x1a/0x30 [ 16.417396] [ 16.417702] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.418171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.418392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.419109] ================================================================== [ 15.995629] ================================================================== [ 15.996135] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.996135] [ 15.996605] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#62): [ 15.997094] test_out_of_bounds_read+0x126/0x4e0 [ 15.997316] kunit_try_run_case+0x1a5/0x480 [ 15.997550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.997731] kthread+0x337/0x6f0 [ 15.997918] ret_from_fork+0x116/0x1d0 [ 15.998183] ret_from_fork_asm+0x1a/0x30 [ 15.998348] [ 15.998601] kfence-#62: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.998601] [ 15.999146] allocated by task 306 on cpu 1 at 15.994636s (0.004456s ago): [ 15.999725] test_alloc+0x364/0x10f0 [ 15.999929] test_out_of_bounds_read+0xed/0x4e0 [ 16.000147] kunit_try_run_case+0x1a5/0x480 [ 16.000342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.000578] kthread+0x337/0x6f0 [ 16.000832] ret_from_fork+0x116/0x1d0 [ 16.001004] ret_from_fork_asm+0x1a/0x30 [ 16.001244] [ 16.001403] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.001825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.002032] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.002347] ================================================================== [ 16.202678] ================================================================== [ 16.203082] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.203082] [ 16.203536] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#64): [ 16.203850] test_out_of_bounds_read+0x216/0x4e0 [ 16.204081] kunit_try_run_case+0x1a5/0x480 [ 16.204308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.204553] kthread+0x337/0x6f0 [ 16.204748] ret_from_fork+0x116/0x1d0 [ 16.204891] ret_from_fork_asm+0x1a/0x30 [ 16.205099] [ 16.205205] kfence-#64: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.205205] [ 16.205599] allocated by task 306 on cpu 1 at 16.202519s (0.003078s ago): [ 16.205906] test_alloc+0x364/0x10f0 [ 16.206098] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.206294] kunit_try_run_case+0x1a5/0x480 [ 16.206461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.206756] kthread+0x337/0x6f0 [ 16.206929] ret_from_fork+0x116/0x1d0 [ 16.207084] ret_from_fork_asm+0x1a/0x30 [ 16.207227] [ 16.207325] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.207816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.207982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.208297] ================================================================== [ 16.826578] ================================================================== [ 16.826949] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.826949] [ 16.827301] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#70): [ 16.827549] test_out_of_bounds_read+0x216/0x4e0 [ 16.827911] kunit_try_run_case+0x1a5/0x480 [ 16.828130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.828389] kthread+0x337/0x6f0 [ 16.828564] ret_from_fork+0x116/0x1d0 [ 16.828839] ret_from_fork_asm+0x1a/0x30 [ 16.829088] [ 16.829209] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.829209] [ 16.829693] allocated by task 308 on cpu 0 at 16.826518s (0.003172s ago): [ 16.829982] test_alloc+0x2a6/0x10f0 [ 16.830137] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.830460] kunit_try_run_case+0x1a5/0x480 [ 16.830696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.830941] kthread+0x337/0x6f0 [ 16.831104] ret_from_fork+0x116/0x1d0 [ 16.831315] ret_from_fork_asm+0x1a/0x30 [ 16.831533] [ 16.831658] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 16.832134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.832327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.832749] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.748159] ================================================================== [ 15.748633] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.748953] Write of size 1 at addr ffff8881031c1978 by task kunit_try_catch/304 [ 15.749232] [ 15.749346] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.749417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.749445] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.749492] Call Trace: [ 15.749522] <TASK> [ 15.749540] dump_stack_lvl+0x73/0xb0 [ 15.749595] print_report+0xd1/0x650 [ 15.749634] ? __virt_addr_valid+0x1db/0x2d0 [ 15.749672] ? strncpy_from_user+0x1a5/0x1d0 [ 15.749706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.749730] ? strncpy_from_user+0x1a5/0x1d0 [ 15.749754] kasan_report+0x141/0x180 [ 15.749778] ? strncpy_from_user+0x1a5/0x1d0 [ 15.749807] __asan_report_store1_noabort+0x1b/0x30 [ 15.749829] strncpy_from_user+0x1a5/0x1d0 [ 15.749856] copy_user_test_oob+0x760/0x10f0 [ 15.749883] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.749907] ? finish_task_switch.isra.0+0x153/0x700 [ 15.749930] ? __switch_to+0x47/0xf50 [ 15.749957] ? __schedule+0x10cc/0x2b60 [ 15.749981] ? __pfx_read_tsc+0x10/0x10 [ 15.750003] ? ktime_get_ts64+0x86/0x230 [ 15.750028] kunit_try_run_case+0x1a5/0x480 [ 15.750055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.750079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.750104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.750128] ? __kthread_parkme+0x82/0x180 [ 15.750150] ? preempt_count_sub+0x50/0x80 [ 15.750174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.750199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.750223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.750248] kthread+0x337/0x6f0 [ 15.750269] ? trace_preempt_on+0x20/0xc0 [ 15.750294] ? __pfx_kthread+0x10/0x10 [ 15.750316] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.750337] ? calculate_sigpending+0x7b/0xa0 [ 15.750361] ? __pfx_kthread+0x10/0x10 [ 15.750384] ret_from_fork+0x116/0x1d0 [ 15.750403] ? __pfx_kthread+0x10/0x10 [ 15.750425] ret_from_fork_asm+0x1a/0x30 [ 15.750466] </TASK> [ 15.750479] [ 15.757863] Allocated by task 304: [ 15.758023] kasan_save_stack+0x45/0x70 [ 15.758170] kasan_save_track+0x18/0x40 [ 15.758310] kasan_save_alloc_info+0x3b/0x50 [ 15.758535] __kasan_kmalloc+0xb7/0xc0 [ 15.758750] __kmalloc_noprof+0x1c9/0x500 [ 15.758952] kunit_kmalloc_array+0x25/0x60 [ 15.759160] copy_user_test_oob+0xab/0x10f0 [ 15.759375] kunit_try_run_case+0x1a5/0x480 [ 15.759540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.759927] kthread+0x337/0x6f0 [ 15.760063] ret_from_fork+0x116/0x1d0 [ 15.760237] ret_from_fork_asm+0x1a/0x30 [ 15.760429] [ 15.760534] The buggy address belongs to the object at ffff8881031c1900 [ 15.760534] which belongs to the cache kmalloc-128 of size 128 [ 15.761020] The buggy address is located 0 bytes to the right of [ 15.761020] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.761527] [ 15.761615] The buggy address belongs to the physical page: [ 15.761864] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.762177] flags: 0x200000000000000(node=0|zone=2) [ 15.762344] page_type: f5(slab) [ 15.762478] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.762834] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.763169] page dumped because: kasan: bad access detected [ 15.763378] [ 15.763461] Memory state around the buggy address: [ 15.763657] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.763997] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.764309] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.764600] ^ [ 15.764908] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.765173] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.765479] ================================================================== [ 15.728188] ================================================================== [ 15.728561] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.728932] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.729575] [ 15.729733] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.729793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.729821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.729857] Call Trace: [ 15.729875] <TASK> [ 15.729891] dump_stack_lvl+0x73/0xb0 [ 15.729921] print_report+0xd1/0x650 [ 15.729945] ? __virt_addr_valid+0x1db/0x2d0 [ 15.729972] ? strncpy_from_user+0x2e/0x1d0 [ 15.729997] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.730020] ? strncpy_from_user+0x2e/0x1d0 [ 15.730045] kasan_report+0x141/0x180 [ 15.730069] ? strncpy_from_user+0x2e/0x1d0 [ 15.730098] kasan_check_range+0x10c/0x1c0 [ 15.730123] __kasan_check_write+0x18/0x20 [ 15.730144] strncpy_from_user+0x2e/0x1d0 [ 15.730167] ? __kasan_check_read+0x15/0x20 [ 15.730190] copy_user_test_oob+0x760/0x10f0 [ 15.730217] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.730242] ? finish_task_switch.isra.0+0x153/0x700 [ 15.730265] ? __switch_to+0x47/0xf50 [ 15.730291] ? __schedule+0x10cc/0x2b60 [ 15.730314] ? __pfx_read_tsc+0x10/0x10 [ 15.730336] ? ktime_get_ts64+0x86/0x230 [ 15.730361] kunit_try_run_case+0x1a5/0x480 [ 15.730387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.730412] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.730437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.730473] ? __kthread_parkme+0x82/0x180 [ 15.730495] ? preempt_count_sub+0x50/0x80 [ 15.730519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.730544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.730569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.730614] kthread+0x337/0x6f0 [ 15.730636] ? trace_preempt_on+0x20/0xc0 [ 15.730662] ? __pfx_kthread+0x10/0x10 [ 15.730712] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.730734] ? calculate_sigpending+0x7b/0xa0 [ 15.730759] ? __pfx_kthread+0x10/0x10 [ 15.730800] ret_from_fork+0x116/0x1d0 [ 15.730820] ? __pfx_kthread+0x10/0x10 [ 15.730841] ret_from_fork_asm+0x1a/0x30 [ 15.730874] </TASK> [ 15.730887] [ 15.739126] Allocated by task 304: [ 15.739299] kasan_save_stack+0x45/0x70 [ 15.739498] kasan_save_track+0x18/0x40 [ 15.739697] kasan_save_alloc_info+0x3b/0x50 [ 15.739887] __kasan_kmalloc+0xb7/0xc0 [ 15.740090] __kmalloc_noprof+0x1c9/0x500 [ 15.740269] kunit_kmalloc_array+0x25/0x60 [ 15.740480] copy_user_test_oob+0xab/0x10f0 [ 15.740704] kunit_try_run_case+0x1a5/0x480 [ 15.740902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.741148] kthread+0x337/0x6f0 [ 15.741319] ret_from_fork+0x116/0x1d0 [ 15.741504] ret_from_fork_asm+0x1a/0x30 [ 15.741757] [ 15.741845] The buggy address belongs to the object at ffff8881031c1900 [ 15.741845] which belongs to the cache kmalloc-128 of size 128 [ 15.742341] The buggy address is located 0 bytes inside of [ 15.742341] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.742910] [ 15.743026] The buggy address belongs to the physical page: [ 15.743241] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.743664] flags: 0x200000000000000(node=0|zone=2) [ 15.743975] page_type: f5(slab) [ 15.744191] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.744591] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.744939] page dumped because: kasan: bad access detected [ 15.745192] [ 15.745286] Memory state around the buggy address: [ 15.745489] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.745713] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.745931] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.746149] ^ [ 15.746564] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.747150] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.747508] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.708488] ================================================================== [ 15.708747] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.709907] Read of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.710227] [ 15.710605] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.710655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.710670] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.710704] Call Trace: [ 15.710719] <TASK> [ 15.710737] dump_stack_lvl+0x73/0xb0 [ 15.710792] print_report+0xd1/0x650 [ 15.710819] ? __virt_addr_valid+0x1db/0x2d0 [ 15.710846] ? copy_user_test_oob+0x604/0x10f0 [ 15.710872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.710896] ? copy_user_test_oob+0x604/0x10f0 [ 15.710922] kasan_report+0x141/0x180 [ 15.710946] ? copy_user_test_oob+0x604/0x10f0 [ 15.710976] kasan_check_range+0x10c/0x1c0 [ 15.711000] __kasan_check_read+0x15/0x20 [ 15.711020] copy_user_test_oob+0x604/0x10f0 [ 15.711047] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.711071] ? finish_task_switch.isra.0+0x153/0x700 [ 15.711094] ? __switch_to+0x47/0xf50 [ 15.711120] ? __schedule+0x10cc/0x2b60 [ 15.711143] ? __pfx_read_tsc+0x10/0x10 [ 15.711164] ? ktime_get_ts64+0x86/0x230 [ 15.711189] kunit_try_run_case+0x1a5/0x480 [ 15.711214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.711238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.711262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.711287] ? __kthread_parkme+0x82/0x180 [ 15.711308] ? preempt_count_sub+0x50/0x80 [ 15.711332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.711357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.711381] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.711406] kthread+0x337/0x6f0 [ 15.711426] ? trace_preempt_on+0x20/0xc0 [ 15.711463] ? __pfx_kthread+0x10/0x10 [ 15.711486] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.711509] ? calculate_sigpending+0x7b/0xa0 [ 15.711535] ? __pfx_kthread+0x10/0x10 [ 15.711558] ret_from_fork+0x116/0x1d0 [ 15.711577] ? __pfx_kthread+0x10/0x10 [ 15.711598] ret_from_fork_asm+0x1a/0x30 [ 15.711630] </TASK> [ 15.711642] [ 15.719421] Allocated by task 304: [ 15.719616] kasan_save_stack+0x45/0x70 [ 15.719855] kasan_save_track+0x18/0x40 [ 15.720067] kasan_save_alloc_info+0x3b/0x50 [ 15.720286] __kasan_kmalloc+0xb7/0xc0 [ 15.720505] __kmalloc_noprof+0x1c9/0x500 [ 15.720715] kunit_kmalloc_array+0x25/0x60 [ 15.720935] copy_user_test_oob+0xab/0x10f0 [ 15.721141] kunit_try_run_case+0x1a5/0x480 [ 15.721336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.721571] kthread+0x337/0x6f0 [ 15.721847] ret_from_fork+0x116/0x1d0 [ 15.722033] ret_from_fork_asm+0x1a/0x30 [ 15.722226] [ 15.722305] The buggy address belongs to the object at ffff8881031c1900 [ 15.722305] which belongs to the cache kmalloc-128 of size 128 [ 15.722889] The buggy address is located 0 bytes inside of [ 15.722889] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.723383] [ 15.723514] The buggy address belongs to the physical page: [ 15.723881] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.724222] flags: 0x200000000000000(node=0|zone=2) [ 15.724442] page_type: f5(slab) [ 15.724614] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.725025] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.725335] page dumped because: kasan: bad access detected [ 15.725609] [ 15.725720] Memory state around the buggy address: [ 15.725914] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.726136] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.726356] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.726681] ^ [ 15.726996] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.727390] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.727626] ================================================================== [ 15.658579] ================================================================== [ 15.659176] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.659428] Read of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.660147] [ 15.660358] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.660406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.660420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.660445] Call Trace: [ 15.660473] <TASK> [ 15.660491] dump_stack_lvl+0x73/0xb0 [ 15.660520] print_report+0xd1/0x650 [ 15.660566] ? __virt_addr_valid+0x1db/0x2d0 [ 15.660589] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.660614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.660638] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.660663] kasan_report+0x141/0x180 [ 15.660698] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.660728] kasan_check_range+0x10c/0x1c0 [ 15.660753] __kasan_check_read+0x15/0x20 [ 15.660773] copy_user_test_oob+0x4aa/0x10f0 [ 15.660800] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.660824] ? finish_task_switch.isra.0+0x153/0x700 [ 15.660847] ? __switch_to+0x47/0xf50 [ 15.660873] ? __schedule+0x10cc/0x2b60 [ 15.660897] ? __pfx_read_tsc+0x10/0x10 [ 15.660919] ? ktime_get_ts64+0x86/0x230 [ 15.660944] kunit_try_run_case+0x1a5/0x480 [ 15.660970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.660994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.661019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.661044] ? __kthread_parkme+0x82/0x180 [ 15.661066] ? preempt_count_sub+0x50/0x80 [ 15.661090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.661116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.661139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.661165] kthread+0x337/0x6f0 [ 15.661185] ? trace_preempt_on+0x20/0xc0 [ 15.661210] ? __pfx_kthread+0x10/0x10 [ 15.661232] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.661254] ? calculate_sigpending+0x7b/0xa0 [ 15.661280] ? __pfx_kthread+0x10/0x10 [ 15.661302] ret_from_fork+0x116/0x1d0 [ 15.661322] ? __pfx_kthread+0x10/0x10 [ 15.661344] ret_from_fork_asm+0x1a/0x30 [ 15.661375] </TASK> [ 15.661394] [ 15.674195] Allocated by task 304: [ 15.674438] kasan_save_stack+0x45/0x70 [ 15.674728] kasan_save_track+0x18/0x40 [ 15.675103] kasan_save_alloc_info+0x3b/0x50 [ 15.675405] __kasan_kmalloc+0xb7/0xc0 [ 15.675556] __kmalloc_noprof+0x1c9/0x500 [ 15.675725] kunit_kmalloc_array+0x25/0x60 [ 15.676142] copy_user_test_oob+0xab/0x10f0 [ 15.676565] kunit_try_run_case+0x1a5/0x480 [ 15.676991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.677491] kthread+0x337/0x6f0 [ 15.677848] ret_from_fork+0x116/0x1d0 [ 15.678124] ret_from_fork_asm+0x1a/0x30 [ 15.678269] [ 15.678344] The buggy address belongs to the object at ffff8881031c1900 [ 15.678344] which belongs to the cache kmalloc-128 of size 128 [ 15.678804] The buggy address is located 0 bytes inside of [ 15.678804] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.679904] [ 15.680086] The buggy address belongs to the physical page: [ 15.680573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.681259] flags: 0x200000000000000(node=0|zone=2) [ 15.681727] page_type: f5(slab) [ 15.682040] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.682363] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.682607] page dumped because: kasan: bad access detected [ 15.682819] [ 15.682943] Memory state around the buggy address: [ 15.683173] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.683483] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.683826] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.684131] ^ [ 15.684420] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.684771] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.685060] ================================================================== [ 15.685892] ================================================================== [ 15.686560] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.686966] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.687283] [ 15.687398] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.687473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.687489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.687526] Call Trace: [ 15.687545] <TASK> [ 15.687562] dump_stack_lvl+0x73/0xb0 [ 15.687591] print_report+0xd1/0x650 [ 15.687615] ? __virt_addr_valid+0x1db/0x2d0 [ 15.687639] ? copy_user_test_oob+0x557/0x10f0 [ 15.687664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.687687] ? copy_user_test_oob+0x557/0x10f0 [ 15.687712] kasan_report+0x141/0x180 [ 15.687735] ? copy_user_test_oob+0x557/0x10f0 [ 15.687775] kasan_check_range+0x10c/0x1c0 [ 15.687800] __kasan_check_write+0x18/0x20 [ 15.687821] copy_user_test_oob+0x557/0x10f0 [ 15.687867] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.687890] ? finish_task_switch.isra.0+0x153/0x700 [ 15.687913] ? __switch_to+0x47/0xf50 [ 15.687940] ? __schedule+0x10cc/0x2b60 [ 15.687963] ? __pfx_read_tsc+0x10/0x10 [ 15.687984] ? ktime_get_ts64+0x86/0x230 [ 15.688008] kunit_try_run_case+0x1a5/0x480 [ 15.688052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.688077] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.688101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.688126] ? __kthread_parkme+0x82/0x180 [ 15.688148] ? preempt_count_sub+0x50/0x80 [ 15.688172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.688196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.688220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.688245] kthread+0x337/0x6f0 [ 15.688265] ? trace_preempt_on+0x20/0xc0 [ 15.688290] ? __pfx_kthread+0x10/0x10 [ 15.688312] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.688335] ? calculate_sigpending+0x7b/0xa0 [ 15.688359] ? __pfx_kthread+0x10/0x10 [ 15.688383] ret_from_fork+0x116/0x1d0 [ 15.688401] ? __pfx_kthread+0x10/0x10 [ 15.688423] ret_from_fork_asm+0x1a/0x30 [ 15.688464] </TASK> [ 15.688476] [ 15.698955] Allocated by task 304: [ 15.699161] kasan_save_stack+0x45/0x70 [ 15.699350] kasan_save_track+0x18/0x40 [ 15.699541] kasan_save_alloc_info+0x3b/0x50 [ 15.699817] __kasan_kmalloc+0xb7/0xc0 [ 15.699999] __kmalloc_noprof+0x1c9/0x500 [ 15.700204] kunit_kmalloc_array+0x25/0x60 [ 15.700354] copy_user_test_oob+0xab/0x10f0 [ 15.700561] kunit_try_run_case+0x1a5/0x480 [ 15.700769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.701006] kthread+0x337/0x6f0 [ 15.701130] ret_from_fork+0x116/0x1d0 [ 15.701264] ret_from_fork_asm+0x1a/0x30 [ 15.701478] [ 15.701598] The buggy address belongs to the object at ffff8881031c1900 [ 15.701598] which belongs to the cache kmalloc-128 of size 128 [ 15.702398] The buggy address is located 0 bytes inside of [ 15.702398] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.702911] [ 15.703005] The buggy address belongs to the physical page: [ 15.703250] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.703586] flags: 0x200000000000000(node=0|zone=2) [ 15.703878] page_type: f5(slab) [ 15.704056] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.704355] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.704710] page dumped because: kasan: bad access detected [ 15.704939] [ 15.705035] Memory state around the buggy address: [ 15.705270] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.705628] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.705953] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.706263] ^ [ 15.706486] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.707160] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.707474] ================================================================== [ 15.631166] ================================================================== [ 15.631515] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.631931] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.632298] [ 15.632411] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.632467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.632482] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.632506] Call Trace: [ 15.632522] <TASK> [ 15.632538] dump_stack_lvl+0x73/0xb0 [ 15.632569] print_report+0xd1/0x650 [ 15.632593] ? __virt_addr_valid+0x1db/0x2d0 [ 15.632617] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.632642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.632665] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.632726] kasan_report+0x141/0x180 [ 15.632774] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.632833] kasan_check_range+0x10c/0x1c0 [ 15.632859] __kasan_check_write+0x18/0x20 [ 15.632880] copy_user_test_oob+0x3fd/0x10f0 [ 15.632918] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.632942] ? finish_task_switch.isra.0+0x153/0x700 [ 15.632964] ? __switch_to+0x47/0xf50 [ 15.632991] ? __schedule+0x10cc/0x2b60 [ 15.633014] ? __pfx_read_tsc+0x10/0x10 [ 15.633036] ? ktime_get_ts64+0x86/0x230 [ 15.633062] kunit_try_run_case+0x1a5/0x480 [ 15.633088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.633112] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.633137] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.633161] ? __kthread_parkme+0x82/0x180 [ 15.633183] ? preempt_count_sub+0x50/0x80 [ 15.633207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.633232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.633256] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.633280] kthread+0x337/0x6f0 [ 15.633301] ? trace_preempt_on+0x20/0xc0 [ 15.633326] ? __pfx_kthread+0x10/0x10 [ 15.633348] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.633370] ? calculate_sigpending+0x7b/0xa0 [ 15.633398] ? __pfx_kthread+0x10/0x10 [ 15.633421] ret_from_fork+0x116/0x1d0 [ 15.633441] ? __pfx_kthread+0x10/0x10 [ 15.633471] ret_from_fork_asm+0x1a/0x30 [ 15.633501] </TASK> [ 15.633514] [ 15.641546] Allocated by task 304: [ 15.641742] kasan_save_stack+0x45/0x70 [ 15.641995] kasan_save_track+0x18/0x40 [ 15.642233] kasan_save_alloc_info+0x3b/0x50 [ 15.642471] __kasan_kmalloc+0xb7/0xc0 [ 15.642703] __kmalloc_noprof+0x1c9/0x500 [ 15.642851] kunit_kmalloc_array+0x25/0x60 [ 15.642997] copy_user_test_oob+0xab/0x10f0 [ 15.643627] kunit_try_run_case+0x1a5/0x480 [ 15.643857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.644119] kthread+0x337/0x6f0 [ 15.644296] ret_from_fork+0x116/0x1d0 [ 15.645780] ret_from_fork_asm+0x1a/0x30 [ 15.646111] [ 15.646201] The buggy address belongs to the object at ffff8881031c1900 [ 15.646201] which belongs to the cache kmalloc-128 of size 128 [ 15.646585] The buggy address is located 0 bytes inside of [ 15.646585] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.646957] [ 15.647034] The buggy address belongs to the physical page: [ 15.647211] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.648657] flags: 0x200000000000000(node=0|zone=2) [ 15.649263] page_type: f5(slab) [ 15.649994] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.651012] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.652066] page dumped because: kasan: bad access detected [ 15.652814] [ 15.652991] Memory state around the buggy address: [ 15.653655] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.654575] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.655507] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.656262] ^ [ 15.656503] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.656891] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.657515] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.607805] ================================================================== [ 15.608145] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.608481] Read of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.608824] [ 15.608917] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.609006] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.609021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.609069] Call Trace: [ 15.609084] <TASK> [ 15.609100] dump_stack_lvl+0x73/0xb0 [ 15.609132] print_report+0xd1/0x650 [ 15.609157] ? __virt_addr_valid+0x1db/0x2d0 [ 15.609181] ? _copy_to_user+0x3c/0x70 [ 15.609201] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.609225] ? _copy_to_user+0x3c/0x70 [ 15.609245] kasan_report+0x141/0x180 [ 15.609268] ? _copy_to_user+0x3c/0x70 [ 15.609293] kasan_check_range+0x10c/0x1c0 [ 15.609318] __kasan_check_read+0x15/0x20 [ 15.609371] _copy_to_user+0x3c/0x70 [ 15.609396] copy_user_test_oob+0x364/0x10f0 [ 15.609435] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.609469] ? finish_task_switch.isra.0+0x153/0x700 [ 15.609492] ? __switch_to+0x47/0xf50 [ 15.609519] ? __schedule+0x10cc/0x2b60 [ 15.609543] ? __pfx_read_tsc+0x10/0x10 [ 15.609565] ? ktime_get_ts64+0x86/0x230 [ 15.609589] kunit_try_run_case+0x1a5/0x480 [ 15.609614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.609637] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.609662] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.609687] ? __kthread_parkme+0x82/0x180 [ 15.609708] ? preempt_count_sub+0x50/0x80 [ 15.609733] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.609758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.609783] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.609807] kthread+0x337/0x6f0 [ 15.609828] ? trace_preempt_on+0x20/0xc0 [ 15.609853] ? __pfx_kthread+0x10/0x10 [ 15.609875] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.609897] ? calculate_sigpending+0x7b/0xa0 [ 15.609923] ? __pfx_kthread+0x10/0x10 [ 15.609946] ret_from_fork+0x116/0x1d0 [ 15.609965] ? __pfx_kthread+0x10/0x10 [ 15.609987] ret_from_fork_asm+0x1a/0x30 [ 15.610018] </TASK> [ 15.610031] [ 15.618025] Allocated by task 304: [ 15.618160] kasan_save_stack+0x45/0x70 [ 15.618306] kasan_save_track+0x18/0x40 [ 15.618498] kasan_save_alloc_info+0x3b/0x50 [ 15.618763] __kasan_kmalloc+0xb7/0xc0 [ 15.619038] __kmalloc_noprof+0x1c9/0x500 [ 15.619308] kunit_kmalloc_array+0x25/0x60 [ 15.619527] copy_user_test_oob+0xab/0x10f0 [ 15.619804] kunit_try_run_case+0x1a5/0x480 [ 15.620055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.620331] kthread+0x337/0x6f0 [ 15.620518] ret_from_fork+0x116/0x1d0 [ 15.620658] ret_from_fork_asm+0x1a/0x30 [ 15.620860] [ 15.621031] The buggy address belongs to the object at ffff8881031c1900 [ 15.621031] which belongs to the cache kmalloc-128 of size 128 [ 15.621552] The buggy address is located 0 bytes inside of [ 15.621552] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.622148] [ 15.622249] The buggy address belongs to the physical page: [ 15.622507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.622919] flags: 0x200000000000000(node=0|zone=2) [ 15.623146] page_type: f5(slab) [ 15.623273] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.623552] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.624069] page dumped because: kasan: bad access detected [ 15.624375] [ 15.624481] Memory state around the buggy address: [ 15.624648] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.625179] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.625407] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.625661] ^ [ 15.625980] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.626366] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.626689] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 15.576887] ================================================================== [ 15.577583] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.577973] Write of size 121 at addr ffff8881031c1900 by task kunit_try_catch/304 [ 15.578301] [ 15.578438] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.578507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.578532] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.578557] Call Trace: [ 15.578573] <TASK> [ 15.578594] dump_stack_lvl+0x73/0xb0 [ 15.578628] print_report+0xd1/0x650 [ 15.578654] ? __virt_addr_valid+0x1db/0x2d0 [ 15.578680] ? _copy_from_user+0x32/0x90 [ 15.578711] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.578735] ? _copy_from_user+0x32/0x90 [ 15.578755] kasan_report+0x141/0x180 [ 15.578790] ? _copy_from_user+0x32/0x90 [ 15.578825] kasan_check_range+0x10c/0x1c0 [ 15.578850] __kasan_check_write+0x18/0x20 [ 15.578871] _copy_from_user+0x32/0x90 [ 15.578904] copy_user_test_oob+0x2be/0x10f0 [ 15.578932] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.578957] ? finish_task_switch.isra.0+0x153/0x700 [ 15.578982] ? __switch_to+0x47/0xf50 [ 15.579010] ? __schedule+0x10cc/0x2b60 [ 15.579034] ? __pfx_read_tsc+0x10/0x10 [ 15.579067] ? ktime_get_ts64+0x86/0x230 [ 15.579093] kunit_try_run_case+0x1a5/0x480 [ 15.579119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.579153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.579179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.579205] ? __kthread_parkme+0x82/0x180 [ 15.579236] ? preempt_count_sub+0x50/0x80 [ 15.579262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.579297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.579324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.579348] kthread+0x337/0x6f0 [ 15.579382] ? trace_preempt_on+0x20/0xc0 [ 15.579408] ? __pfx_kthread+0x10/0x10 [ 15.579431] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.579463] ? calculate_sigpending+0x7b/0xa0 [ 15.579489] ? __pfx_kthread+0x10/0x10 [ 15.579513] ret_from_fork+0x116/0x1d0 [ 15.579533] ? __pfx_kthread+0x10/0x10 [ 15.579556] ret_from_fork_asm+0x1a/0x30 [ 15.579589] </TASK> [ 15.579602] [ 15.591127] Allocated by task 304: [ 15.591659] kasan_save_stack+0x45/0x70 [ 15.592053] kasan_save_track+0x18/0x40 [ 15.592471] kasan_save_alloc_info+0x3b/0x50 [ 15.592688] __kasan_kmalloc+0xb7/0xc0 [ 15.592904] __kmalloc_noprof+0x1c9/0x500 [ 15.593114] kunit_kmalloc_array+0x25/0x60 [ 15.593317] copy_user_test_oob+0xab/0x10f0 [ 15.593550] kunit_try_run_case+0x1a5/0x480 [ 15.593769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.594498] kthread+0x337/0x6f0 [ 15.594844] ret_from_fork+0x116/0x1d0 [ 15.595139] ret_from_fork_asm+0x1a/0x30 [ 15.595369] [ 15.595546] The buggy address belongs to the object at ffff8881031c1900 [ 15.595546] which belongs to the cache kmalloc-128 of size 128 [ 15.596129] The buggy address is located 0 bytes inside of [ 15.596129] allocated 120-byte region [ffff8881031c1900, ffff8881031c1978) [ 15.597519] [ 15.597628] The buggy address belongs to the physical page: [ 15.598079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.598852] flags: 0x200000000000000(node=0|zone=2) [ 15.599099] page_type: f5(slab) [ 15.599496] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.599979] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.600467] page dumped because: kasan: bad access detected [ 15.600737] [ 15.601019] Memory state around the buggy address: [ 15.601349] ffff8881031c1800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.601724] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.602202] >ffff8881031c1900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.602523] ^ [ 15.602985] ffff8881031c1980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.603551] ffff8881031c1a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.604036] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 15.537272] ================================================================== [ 15.537796] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.538278] Write of size 8 at addr ffff8881031c1878 by task kunit_try_catch/300 [ 15.538678] [ 15.538979] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.539028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.539043] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.539091] Call Trace: [ 15.539108] <TASK> [ 15.539126] dump_stack_lvl+0x73/0xb0 [ 15.539157] print_report+0xd1/0x650 [ 15.539181] ? __virt_addr_valid+0x1db/0x2d0 [ 15.539301] ? copy_to_kernel_nofault+0x99/0x260 [ 15.539329] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.539354] ? copy_to_kernel_nofault+0x99/0x260 [ 15.539421] kasan_report+0x141/0x180 [ 15.539468] ? copy_to_kernel_nofault+0x99/0x260 [ 15.539498] kasan_check_range+0x10c/0x1c0 [ 15.539523] __kasan_check_write+0x18/0x20 [ 15.539545] copy_to_kernel_nofault+0x99/0x260 [ 15.539571] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.539597] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.539621] ? finish_task_switch.isra.0+0x153/0x700 [ 15.539644] ? __schedule+0x10cc/0x2b60 [ 15.539667] ? trace_hardirqs_on+0x37/0xe0 [ 15.539709] ? __pfx_read_tsc+0x10/0x10 [ 15.539730] ? ktime_get_ts64+0x86/0x230 [ 15.539755] kunit_try_run_case+0x1a5/0x480 [ 15.539781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.539805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.539829] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.539854] ? __kthread_parkme+0x82/0x180 [ 15.539876] ? preempt_count_sub+0x50/0x80 [ 15.539901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.539926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.539951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.539976] kthread+0x337/0x6f0 [ 15.539997] ? trace_preempt_on+0x20/0xc0 [ 15.540020] ? __pfx_kthread+0x10/0x10 [ 15.540042] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.540065] ? calculate_sigpending+0x7b/0xa0 [ 15.540090] ? __pfx_kthread+0x10/0x10 [ 15.540113] ret_from_fork+0x116/0x1d0 [ 15.540132] ? __pfx_kthread+0x10/0x10 [ 15.540154] ret_from_fork_asm+0x1a/0x30 [ 15.540186] </TASK> [ 15.540347] [ 15.550647] Allocated by task 300: [ 15.550843] kasan_save_stack+0x45/0x70 [ 15.551056] kasan_save_track+0x18/0x40 [ 15.551474] kasan_save_alloc_info+0x3b/0x50 [ 15.551664] __kasan_kmalloc+0xb7/0xc0 [ 15.551829] __kmalloc_cache_noprof+0x189/0x420 [ 15.551988] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.552309] kunit_try_run_case+0x1a5/0x480 [ 15.552696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.553104] kthread+0x337/0x6f0 [ 15.553388] ret_from_fork+0x116/0x1d0 [ 15.553796] ret_from_fork_asm+0x1a/0x30 [ 15.553970] [ 15.554071] The buggy address belongs to the object at ffff8881031c1800 [ 15.554071] which belongs to the cache kmalloc-128 of size 128 [ 15.554835] The buggy address is located 0 bytes to the right of [ 15.554835] allocated 120-byte region [ffff8881031c1800, ffff8881031c1878) [ 15.555584] [ 15.555810] The buggy address belongs to the physical page: [ 15.556029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.556344] flags: 0x200000000000000(node=0|zone=2) [ 15.556591] page_type: f5(slab) [ 15.557000] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.557304] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.557753] page dumped because: kasan: bad access detected [ 15.558165] [ 15.558265] Memory state around the buggy address: [ 15.558599] ffff8881031c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.559080] ffff8881031c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.559516] >ffff8881031c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.559964] ^ [ 15.560511] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.560950] ffff8881031c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.561471] ================================================================== [ 15.512027] ================================================================== [ 15.512730] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.513307] Read of size 8 at addr ffff8881031c1878 by task kunit_try_catch/300 [ 15.513691] [ 15.513811] CPU: 0 UID: 0 PID: 300 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.513937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.513984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.514030] Call Trace: [ 15.514070] <TASK> [ 15.514104] dump_stack_lvl+0x73/0xb0 [ 15.514135] print_report+0xd1/0x650 [ 15.514161] ? __virt_addr_valid+0x1db/0x2d0 [ 15.514184] ? copy_to_kernel_nofault+0x225/0x260 [ 15.514210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.514234] ? copy_to_kernel_nofault+0x225/0x260 [ 15.514259] kasan_report+0x141/0x180 [ 15.514304] ? copy_to_kernel_nofault+0x225/0x260 [ 15.514335] __asan_report_load8_noabort+0x18/0x20 [ 15.514371] copy_to_kernel_nofault+0x225/0x260 [ 15.514398] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.514424] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.514448] ? finish_task_switch.isra.0+0x153/0x700 [ 15.514481] ? __schedule+0x10cc/0x2b60 [ 15.514503] ? trace_hardirqs_on+0x37/0xe0 [ 15.514536] ? __pfx_read_tsc+0x10/0x10 [ 15.514558] ? ktime_get_ts64+0x86/0x230 [ 15.514584] kunit_try_run_case+0x1a5/0x480 [ 15.514611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.514659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.514698] ? __kthread_parkme+0x82/0x180 [ 15.514719] ? preempt_count_sub+0x50/0x80 [ 15.514743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.514768] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.514793] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.514817] kthread+0x337/0x6f0 [ 15.514839] ? trace_preempt_on+0x20/0xc0 [ 15.514862] ? __pfx_kthread+0x10/0x10 [ 15.514884] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.514907] ? calculate_sigpending+0x7b/0xa0 [ 15.514931] ? __pfx_kthread+0x10/0x10 [ 15.514954] ret_from_fork+0x116/0x1d0 [ 15.514975] ? __pfx_kthread+0x10/0x10 [ 15.514997] ret_from_fork_asm+0x1a/0x30 [ 15.515028] </TASK> [ 15.515042] [ 15.525247] Allocated by task 300: [ 15.526041] kasan_save_stack+0x45/0x70 [ 15.526408] kasan_save_track+0x18/0x40 [ 15.526654] kasan_save_alloc_info+0x3b/0x50 [ 15.526990] __kasan_kmalloc+0xb7/0xc0 [ 15.527158] __kmalloc_cache_noprof+0x189/0x420 [ 15.527636] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.527901] kunit_try_run_case+0x1a5/0x480 [ 15.528094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.528517] kthread+0x337/0x6f0 [ 15.528778] ret_from_fork+0x116/0x1d0 [ 15.528984] ret_from_fork_asm+0x1a/0x30 [ 15.529178] [ 15.529393] The buggy address belongs to the object at ffff8881031c1800 [ 15.529393] which belongs to the cache kmalloc-128 of size 128 [ 15.530007] The buggy address is located 0 bytes to the right of [ 15.530007] allocated 120-byte region [ffff8881031c1800, ffff8881031c1878) [ 15.530848] [ 15.530992] The buggy address belongs to the physical page: [ 15.531338] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 15.531807] flags: 0x200000000000000(node=0|zone=2) [ 15.532160] page_type: f5(slab) [ 15.532630] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.532975] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.533503] page dumped because: kasan: bad access detected [ 15.533782] [ 15.533896] Memory state around the buggy address: [ 15.534146] ffff8881031c1700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.534611] ffff8881031c1780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.534958] >ffff8881031c1800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.535394] ^ [ 15.535646] ffff8881031c1880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.536090] ffff8881031c1900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.536624] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 14.902731] ================================================================== [ 14.903187] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.903873] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.904144] [ 14.904262] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.904307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.904332] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.904355] Call Trace: [ 14.904372] <TASK> [ 14.904400] dump_stack_lvl+0x73/0xb0 [ 14.904430] print_report+0xd1/0x650 [ 14.904464] ? __virt_addr_valid+0x1db/0x2d0 [ 14.904487] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.904519] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.904542] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.904576] kasan_report+0x141/0x180 [ 14.904601] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.904630] __asan_report_store8_noabort+0x1b/0x30 [ 14.904653] kasan_atomics_helper+0x50d4/0x5450 [ 14.904679] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.904705] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.904732] ? kasan_atomics+0x152/0x310 [ 14.904775] kasan_atomics+0x1dc/0x310 [ 14.904799] ? __pfx_kasan_atomics+0x10/0x10 [ 14.904825] ? __pfx_read_tsc+0x10/0x10 [ 14.904847] ? ktime_get_ts64+0x86/0x230 [ 14.904873] kunit_try_run_case+0x1a5/0x480 [ 14.904898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.904931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.904956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.904991] ? __kthread_parkme+0x82/0x180 [ 14.905013] ? preempt_count_sub+0x50/0x80 [ 14.905038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.905063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.905087] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.905112] kthread+0x337/0x6f0 [ 14.905133] ? trace_preempt_on+0x20/0xc0 [ 14.905157] ? __pfx_kthread+0x10/0x10 [ 14.905179] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.905201] ? calculate_sigpending+0x7b/0xa0 [ 14.905226] ? __pfx_kthread+0x10/0x10 [ 14.905249] ret_from_fork+0x116/0x1d0 [ 14.905268] ? __pfx_kthread+0x10/0x10 [ 14.905290] ret_from_fork_asm+0x1a/0x30 [ 14.905331] </TASK> [ 14.905344] [ 14.912837] Allocated by task 283: [ 14.913032] kasan_save_stack+0x45/0x70 [ 14.913219] kasan_save_track+0x18/0x40 [ 14.913405] kasan_save_alloc_info+0x3b/0x50 [ 14.913593] __kasan_kmalloc+0xb7/0xc0 [ 14.913850] __kmalloc_cache_noprof+0x189/0x420 [ 14.914044] kasan_atomics+0x95/0x310 [ 14.914215] kunit_try_run_case+0x1a5/0x480 [ 14.914366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.914633] kthread+0x337/0x6f0 [ 14.914839] ret_from_fork+0x116/0x1d0 [ 14.915016] ret_from_fork_asm+0x1a/0x30 [ 14.915190] [ 14.915289] The buggy address belongs to the object at ffff8881031c4500 [ 14.915289] which belongs to the cache kmalloc-64 of size 64 [ 14.915820] The buggy address is located 0 bytes to the right of [ 14.915820] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.916356] [ 14.916473] The buggy address belongs to the physical page: [ 14.916715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.917057] flags: 0x200000000000000(node=0|zone=2) [ 14.917278] page_type: f5(slab) [ 14.917408] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.917657] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.917933] page dumped because: kasan: bad access detected [ 14.918211] [ 14.918321] Memory state around the buggy address: [ 14.918558] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.918833] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.919052] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.919269] ^ [ 14.919676] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.919998] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.920345] ================================================================== [ 15.096857] ================================================================== [ 15.097101] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 15.097732] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.098064] [ 15.098199] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.098244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.098259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.098283] Call Trace: [ 15.098300] <TASK> [ 15.098316] dump_stack_lvl+0x73/0xb0 [ 15.098345] print_report+0xd1/0x650 [ 15.098368] ? __virt_addr_valid+0x1db/0x2d0 [ 15.098391] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.098415] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.098439] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.098476] kasan_report+0x141/0x180 [ 15.098499] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.098528] kasan_check_range+0x10c/0x1c0 [ 15.098553] __kasan_check_write+0x18/0x20 [ 15.098573] kasan_atomics_helper+0x19e3/0x5450 [ 15.098598] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.098621] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.098648] ? kasan_atomics+0x152/0x310 [ 15.098675] kasan_atomics+0x1dc/0x310 [ 15.098710] ? __pfx_kasan_atomics+0x10/0x10 [ 15.098735] ? __pfx_read_tsc+0x10/0x10 [ 15.098757] ? ktime_get_ts64+0x86/0x230 [ 15.098782] kunit_try_run_case+0x1a5/0x480 [ 15.098808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.098830] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.098854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.098879] ? __kthread_parkme+0x82/0x180 [ 15.098901] ? preempt_count_sub+0x50/0x80 [ 15.098927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.098952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.098976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.099000] kthread+0x337/0x6f0 [ 15.099022] ? trace_preempt_on+0x20/0xc0 [ 15.099045] ? __pfx_kthread+0x10/0x10 [ 15.099068] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.099091] ? calculate_sigpending+0x7b/0xa0 [ 15.099116] ? __pfx_kthread+0x10/0x10 [ 15.099138] ret_from_fork+0x116/0x1d0 [ 15.099158] ? __pfx_kthread+0x10/0x10 [ 15.099179] ret_from_fork_asm+0x1a/0x30 [ 15.099211] </TASK> [ 15.099226] [ 15.107026] Allocated by task 283: [ 15.107168] kasan_save_stack+0x45/0x70 [ 15.107327] kasan_save_track+0x18/0x40 [ 15.107534] kasan_save_alloc_info+0x3b/0x50 [ 15.107822] __kasan_kmalloc+0xb7/0xc0 [ 15.107993] __kmalloc_cache_noprof+0x189/0x420 [ 15.108185] kasan_atomics+0x95/0x310 [ 15.108322] kunit_try_run_case+0x1a5/0x480 [ 15.108483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.108663] kthread+0x337/0x6f0 [ 15.108843] ret_from_fork+0x116/0x1d0 [ 15.109035] ret_from_fork_asm+0x1a/0x30 [ 15.109242] [ 15.109345] The buggy address belongs to the object at ffff8881031c4500 [ 15.109345] which belongs to the cache kmalloc-64 of size 64 [ 15.109947] The buggy address is located 0 bytes to the right of [ 15.109947] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.110363] [ 15.110474] The buggy address belongs to the physical page: [ 15.110793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.111150] flags: 0x200000000000000(node=0|zone=2) [ 15.111367] page_type: f5(slab) [ 15.111554] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.111907] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.112204] page dumped because: kasan: bad access detected [ 15.112450] [ 15.112536] Memory state around the buggy address: [ 15.112769] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.113063] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.113345] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.113652] ^ [ 15.113860] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.114147] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.114424] ================================================================== [ 15.458013] ================================================================== [ 15.458554] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 15.459042] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.459308] [ 15.459401] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.459445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.459469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.459493] Call Trace: [ 15.459508] <TASK> [ 15.459524] dump_stack_lvl+0x73/0xb0 [ 15.459555] print_report+0xd1/0x650 [ 15.459578] ? __virt_addr_valid+0x1db/0x2d0 [ 15.459602] ? kasan_atomics_helper+0x224c/0x5450 [ 15.459625] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.459648] ? kasan_atomics_helper+0x224c/0x5450 [ 15.459678] kasan_report+0x141/0x180 [ 15.459702] ? kasan_atomics_helper+0x224c/0x5450 [ 15.459730] kasan_check_range+0x10c/0x1c0 [ 15.459755] __kasan_check_write+0x18/0x20 [ 15.459776] kasan_atomics_helper+0x224c/0x5450 [ 15.459800] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.459824] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.459850] ? kasan_atomics+0x152/0x310 [ 15.459878] kasan_atomics+0x1dc/0x310 [ 15.459902] ? __pfx_kasan_atomics+0x10/0x10 [ 15.459927] ? __pfx_read_tsc+0x10/0x10 [ 15.459949] ? ktime_get_ts64+0x86/0x230 [ 15.459993] kunit_try_run_case+0x1a5/0x480 [ 15.460038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.460061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.460086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.460111] ? __kthread_parkme+0x82/0x180 [ 15.460150] ? preempt_count_sub+0x50/0x80 [ 15.460175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.460201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.460225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.460249] kthread+0x337/0x6f0 [ 15.460271] ? trace_preempt_on+0x20/0xc0 [ 15.460295] ? __pfx_kthread+0x10/0x10 [ 15.460317] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.460340] ? calculate_sigpending+0x7b/0xa0 [ 15.460365] ? __pfx_kthread+0x10/0x10 [ 15.460388] ret_from_fork+0x116/0x1d0 [ 15.460406] ? __pfx_kthread+0x10/0x10 [ 15.460430] ret_from_fork_asm+0x1a/0x30 [ 15.460471] </TASK> [ 15.460484] [ 15.467860] Allocated by task 283: [ 15.468035] kasan_save_stack+0x45/0x70 [ 15.468228] kasan_save_track+0x18/0x40 [ 15.468370] kasan_save_alloc_info+0x3b/0x50 [ 15.468600] __kasan_kmalloc+0xb7/0xc0 [ 15.468818] __kmalloc_cache_noprof+0x189/0x420 [ 15.468978] kasan_atomics+0x95/0x310 [ 15.469116] kunit_try_run_case+0x1a5/0x480 [ 15.469267] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.469463] kthread+0x337/0x6f0 [ 15.469639] ret_from_fork+0x116/0x1d0 [ 15.469846] ret_from_fork_asm+0x1a/0x30 [ 15.470046] [ 15.470144] The buggy address belongs to the object at ffff8881031c4500 [ 15.470144] which belongs to the cache kmalloc-64 of size 64 [ 15.470711] The buggy address is located 0 bytes to the right of [ 15.470711] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.471216] [ 15.471291] The buggy address belongs to the physical page: [ 15.471477] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.471833] flags: 0x200000000000000(node=0|zone=2) [ 15.472072] page_type: f5(slab) [ 15.472239] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.472592] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.472904] page dumped because: kasan: bad access detected [ 15.473163] [ 15.473237] Memory state around the buggy address: [ 15.473461] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.473775] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.474072] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.474354] ^ [ 15.474563] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.474867] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.475138] ================================================================== [ 14.184640] ================================================================== [ 14.185029] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 14.185444] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.185816] [ 14.185953] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.185997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.186011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.186034] Call Trace: [ 14.186050] <TASK> [ 14.186067] dump_stack_lvl+0x73/0xb0 [ 14.186117] print_report+0xd1/0x650 [ 14.186143] ? __virt_addr_valid+0x1db/0x2d0 [ 14.186167] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.186254] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.186301] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.186326] kasan_report+0x141/0x180 [ 14.186351] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.186378] kasan_check_range+0x10c/0x1c0 [ 14.186403] __kasan_check_write+0x18/0x20 [ 14.186426] kasan_atomics_helper+0x4a0/0x5450 [ 14.186481] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.186504] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.186547] ? kasan_atomics+0x152/0x310 [ 14.186577] kasan_atomics+0x1dc/0x310 [ 14.186600] ? __pfx_kasan_atomics+0x10/0x10 [ 14.186626] ? __pfx_read_tsc+0x10/0x10 [ 14.186648] ? ktime_get_ts64+0x86/0x230 [ 14.186672] kunit_try_run_case+0x1a5/0x480 [ 14.186715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.186740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.186765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.186805] ? __kthread_parkme+0x82/0x180 [ 14.186841] ? preempt_count_sub+0x50/0x80 [ 14.186879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.186917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.186941] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.186979] kthread+0x337/0x6f0 [ 14.187014] ? trace_preempt_on+0x20/0xc0 [ 14.187038] ? __pfx_kthread+0x10/0x10 [ 14.187060] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.187081] ? calculate_sigpending+0x7b/0xa0 [ 14.187106] ? __pfx_kthread+0x10/0x10 [ 14.187129] ret_from_fork+0x116/0x1d0 [ 14.187149] ? __pfx_kthread+0x10/0x10 [ 14.187170] ret_from_fork_asm+0x1a/0x30 [ 14.187264] </TASK> [ 14.187277] [ 14.196141] Allocated by task 283: [ 14.196395] kasan_save_stack+0x45/0x70 [ 14.196596] kasan_save_track+0x18/0x40 [ 14.196758] kasan_save_alloc_info+0x3b/0x50 [ 14.196994] __kasan_kmalloc+0xb7/0xc0 [ 14.197216] __kmalloc_cache_noprof+0x189/0x420 [ 14.197516] kasan_atomics+0x95/0x310 [ 14.197731] kunit_try_run_case+0x1a5/0x480 [ 14.197965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.198176] kthread+0x337/0x6f0 [ 14.198447] ret_from_fork+0x116/0x1d0 [ 14.198653] ret_from_fork_asm+0x1a/0x30 [ 14.198882] [ 14.198976] The buggy address belongs to the object at ffff8881031c4500 [ 14.198976] which belongs to the cache kmalloc-64 of size 64 [ 14.199606] The buggy address is located 0 bytes to the right of [ 14.199606] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.200415] [ 14.200517] The buggy address belongs to the physical page: [ 14.200705] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.201170] flags: 0x200000000000000(node=0|zone=2) [ 14.201477] page_type: f5(slab) [ 14.201681] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.202012] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.202426] page dumped because: kasan: bad access detected [ 14.202710] [ 14.202826] Memory state around the buggy address: [ 14.203057] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.203434] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.203753] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.204052] ^ [ 14.204375] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.204685] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.205031] ================================================================== [ 14.106667] ================================================================== [ 14.106995] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 14.107388] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.107688] [ 14.107801] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.107842] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.107856] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.107876] Call Trace: [ 14.107892] <TASK> [ 14.107907] dump_stack_lvl+0x73/0xb0 [ 14.107936] print_report+0xd1/0x650 [ 14.107959] ? __virt_addr_valid+0x1db/0x2d0 [ 14.107980] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.108002] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.108024] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.108045] kasan_report+0x141/0x180 [ 14.108066] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.108092] __asan_report_load4_noabort+0x18/0x20 [ 14.108115] kasan_atomics_helper+0x4b88/0x5450 [ 14.108138] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.108159] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.108183] ? kasan_atomics+0x152/0x310 [ 14.108251] kasan_atomics+0x1dc/0x310 [ 14.108274] ? __pfx_kasan_atomics+0x10/0x10 [ 14.108298] ? __pfx_read_tsc+0x10/0x10 [ 14.108318] ? ktime_get_ts64+0x86/0x230 [ 14.108340] kunit_try_run_case+0x1a5/0x480 [ 14.108364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.108386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.108408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.108431] ? __kthread_parkme+0x82/0x180 [ 14.108464] ? preempt_count_sub+0x50/0x80 [ 14.108488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.108511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.108533] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.108555] kthread+0x337/0x6f0 [ 14.108575] ? trace_preempt_on+0x20/0xc0 [ 14.108598] ? __pfx_kthread+0x10/0x10 [ 14.108617] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.108638] ? calculate_sigpending+0x7b/0xa0 [ 14.108662] ? __pfx_kthread+0x10/0x10 [ 14.108682] ret_from_fork+0x116/0x1d0 [ 14.108708] ? __pfx_kthread+0x10/0x10 [ 14.108728] ret_from_fork_asm+0x1a/0x30 [ 14.108759] </TASK> [ 14.108770] [ 14.116511] Allocated by task 283: [ 14.116644] kasan_save_stack+0x45/0x70 [ 14.116811] kasan_save_track+0x18/0x40 [ 14.116976] kasan_save_alloc_info+0x3b/0x50 [ 14.117599] __kasan_kmalloc+0xb7/0xc0 [ 14.117832] __kmalloc_cache_noprof+0x189/0x420 [ 14.118058] kasan_atomics+0x95/0x310 [ 14.118218] kunit_try_run_case+0x1a5/0x480 [ 14.118368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.118654] kthread+0x337/0x6f0 [ 14.118850] ret_from_fork+0x116/0x1d0 [ 14.119039] ret_from_fork_asm+0x1a/0x30 [ 14.119307] [ 14.119408] The buggy address belongs to the object at ffff8881031c4500 [ 14.119408] which belongs to the cache kmalloc-64 of size 64 [ 14.119962] The buggy address is located 0 bytes to the right of [ 14.119962] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.120471] [ 14.120575] The buggy address belongs to the physical page: [ 14.120855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.121196] flags: 0x200000000000000(node=0|zone=2) [ 14.121413] page_type: f5(slab) [ 14.121547] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.121892] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.122236] page dumped because: kasan: bad access detected [ 14.122515] [ 14.122618] Memory state around the buggy address: [ 14.122825] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.123105] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.123579] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.123939] ^ [ 14.124236] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.124537] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.124822] ================================================================== [ 14.609520] ================================================================== [ 14.609861] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.610160] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.610485] [ 14.610871] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.610918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.610932] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.610954] Call Trace: [ 14.610971] <TASK> [ 14.610988] dump_stack_lvl+0x73/0xb0 [ 14.611020] print_report+0xd1/0x650 [ 14.611045] ? __virt_addr_valid+0x1db/0x2d0 [ 14.611067] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.611090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.611113] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.611135] kasan_report+0x141/0x180 [ 14.611159] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.611186] kasan_check_range+0x10c/0x1c0 [ 14.611229] __kasan_check_write+0x18/0x20 [ 14.611250] kasan_atomics_helper+0xfa9/0x5450 [ 14.611274] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.611297] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.611324] ? kasan_atomics+0x152/0x310 [ 14.611352] kasan_atomics+0x1dc/0x310 [ 14.611376] ? __pfx_kasan_atomics+0x10/0x10 [ 14.611402] ? __pfx_read_tsc+0x10/0x10 [ 14.611424] ? ktime_get_ts64+0x86/0x230 [ 14.611449] kunit_try_run_case+0x1a5/0x480 [ 14.611556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.611580] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.611605] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.611629] ? __kthread_parkme+0x82/0x180 [ 14.611651] ? preempt_count_sub+0x50/0x80 [ 14.611675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.611700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.611724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.611748] kthread+0x337/0x6f0 [ 14.611770] ? trace_preempt_on+0x20/0xc0 [ 14.611794] ? __pfx_kthread+0x10/0x10 [ 14.611815] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.611837] ? calculate_sigpending+0x7b/0xa0 [ 14.611863] ? __pfx_kthread+0x10/0x10 [ 14.611885] ret_from_fork+0x116/0x1d0 [ 14.611905] ? __pfx_kthread+0x10/0x10 [ 14.611944] ret_from_fork_asm+0x1a/0x30 [ 14.611976] </TASK> [ 14.611990] [ 14.623355] Allocated by task 283: [ 14.623543] kasan_save_stack+0x45/0x70 [ 14.624021] kasan_save_track+0x18/0x40 [ 14.624335] kasan_save_alloc_info+0x3b/0x50 [ 14.624789] __kasan_kmalloc+0xb7/0xc0 [ 14.624981] __kmalloc_cache_noprof+0x189/0x420 [ 14.625187] kasan_atomics+0x95/0x310 [ 14.625363] kunit_try_run_case+0x1a5/0x480 [ 14.625567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.626511] kthread+0x337/0x6f0 [ 14.626922] ret_from_fork+0x116/0x1d0 [ 14.627314] ret_from_fork_asm+0x1a/0x30 [ 14.627531] [ 14.627631] The buggy address belongs to the object at ffff8881031c4500 [ 14.627631] which belongs to the cache kmalloc-64 of size 64 [ 14.628618] The buggy address is located 0 bytes to the right of [ 14.628618] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.629484] [ 14.629596] The buggy address belongs to the physical page: [ 14.629779] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.630158] flags: 0x200000000000000(node=0|zone=2) [ 14.630562] page_type: f5(slab) [ 14.630755] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.631059] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.631437] page dumped because: kasan: bad access detected [ 14.631666] [ 14.631779] Memory state around the buggy address: [ 14.631988] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.632255] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.632534] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.632959] ^ [ 14.633140] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.633637] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.633932] ================================================================== [ 14.275107] ================================================================== [ 14.275471] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 14.275828] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.276090] [ 14.276181] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.276224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.276239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.276261] Call Trace: [ 14.276277] <TASK> [ 14.276294] dump_stack_lvl+0x73/0xb0 [ 14.276325] print_report+0xd1/0x650 [ 14.276350] ? __virt_addr_valid+0x1db/0x2d0 [ 14.276373] ? kasan_atomics_helper+0x697/0x5450 [ 14.276395] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.276419] ? kasan_atomics_helper+0x697/0x5450 [ 14.276442] kasan_report+0x141/0x180 [ 14.276477] ? kasan_atomics_helper+0x697/0x5450 [ 14.276505] kasan_check_range+0x10c/0x1c0 [ 14.276530] __kasan_check_write+0x18/0x20 [ 14.276551] kasan_atomics_helper+0x697/0x5450 [ 14.276575] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.276598] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.276625] ? kasan_atomics+0x152/0x310 [ 14.276654] kasan_atomics+0x1dc/0x310 [ 14.276700] ? __pfx_kasan_atomics+0x10/0x10 [ 14.276728] ? __pfx_read_tsc+0x10/0x10 [ 14.276751] ? ktime_get_ts64+0x86/0x230 [ 14.276776] kunit_try_run_case+0x1a5/0x480 [ 14.276802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.276825] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.276850] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.276874] ? __kthread_parkme+0x82/0x180 [ 14.276896] ? preempt_count_sub+0x50/0x80 [ 14.276921] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.276946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.276970] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.276994] kthread+0x337/0x6f0 [ 14.277015] ? trace_preempt_on+0x20/0xc0 [ 14.277039] ? __pfx_kthread+0x10/0x10 [ 14.277060] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.277083] ? calculate_sigpending+0x7b/0xa0 [ 14.277108] ? __pfx_kthread+0x10/0x10 [ 14.277130] ret_from_fork+0x116/0x1d0 [ 14.277150] ? __pfx_kthread+0x10/0x10 [ 14.277171] ret_from_fork_asm+0x1a/0x30 [ 14.277203] </TASK> [ 14.277216] [ 14.286440] Allocated by task 283: [ 14.286701] kasan_save_stack+0x45/0x70 [ 14.286911] kasan_save_track+0x18/0x40 [ 14.287096] kasan_save_alloc_info+0x3b/0x50 [ 14.287570] __kasan_kmalloc+0xb7/0xc0 [ 14.288050] __kmalloc_cache_noprof+0x189/0x420 [ 14.288563] kasan_atomics+0x95/0x310 [ 14.288895] kunit_try_run_case+0x1a5/0x480 [ 14.289363] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.289616] kthread+0x337/0x6f0 [ 14.290077] ret_from_fork+0x116/0x1d0 [ 14.290561] ret_from_fork_asm+0x1a/0x30 [ 14.290768] [ 14.290865] The buggy address belongs to the object at ffff8881031c4500 [ 14.290865] which belongs to the cache kmalloc-64 of size 64 [ 14.291645] The buggy address is located 0 bytes to the right of [ 14.291645] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.292566] [ 14.292835] The buggy address belongs to the physical page: [ 14.293073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.293664] flags: 0x200000000000000(node=0|zone=2) [ 14.294065] page_type: f5(slab) [ 14.294385] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.294875] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.295367] page dumped because: kasan: bad access detected [ 14.295913] [ 14.296025] Memory state around the buggy address: [ 14.296506] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.297127] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.297562] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.298175] ^ [ 14.298530] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.299253] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.299947] ================================================================== [ 14.751354] ================================================================== [ 14.751660] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.752591] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.752958] [ 14.753078] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.753125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.753139] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.753164] Call Trace: [ 14.753179] <TASK> [ 14.753197] dump_stack_lvl+0x73/0xb0 [ 14.753229] print_report+0xd1/0x650 [ 14.753259] ? __virt_addr_valid+0x1db/0x2d0 [ 14.753284] ? kasan_atomics_helper+0x1217/0x5450 [ 14.753332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.753356] ? kasan_atomics_helper+0x1217/0x5450 [ 14.753384] kasan_report+0x141/0x180 [ 14.753407] ? kasan_atomics_helper+0x1217/0x5450 [ 14.753436] kasan_check_range+0x10c/0x1c0 [ 14.753473] __kasan_check_write+0x18/0x20 [ 14.753495] kasan_atomics_helper+0x1217/0x5450 [ 14.753519] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.753542] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.753569] ? kasan_atomics+0x152/0x310 [ 14.753596] kasan_atomics+0x1dc/0x310 [ 14.753620] ? __pfx_kasan_atomics+0x10/0x10 [ 14.753647] ? __pfx_read_tsc+0x10/0x10 [ 14.753669] ? ktime_get_ts64+0x86/0x230 [ 14.753704] kunit_try_run_case+0x1a5/0x480 [ 14.753729] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.753753] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.753777] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.753801] ? __kthread_parkme+0x82/0x180 [ 14.753822] ? preempt_count_sub+0x50/0x80 [ 14.753848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.753872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.753896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.753920] kthread+0x337/0x6f0 [ 14.753941] ? trace_preempt_on+0x20/0xc0 [ 14.753965] ? __pfx_kthread+0x10/0x10 [ 14.753987] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.754009] ? calculate_sigpending+0x7b/0xa0 [ 14.754034] ? __pfx_kthread+0x10/0x10 [ 14.754057] ret_from_fork+0x116/0x1d0 [ 14.754077] ? __pfx_kthread+0x10/0x10 [ 14.754098] ret_from_fork_asm+0x1a/0x30 [ 14.754130] </TASK> [ 14.754142] [ 14.764471] Allocated by task 283: [ 14.764839] kasan_save_stack+0x45/0x70 [ 14.765115] kasan_save_track+0x18/0x40 [ 14.765307] kasan_save_alloc_info+0x3b/0x50 [ 14.765536] __kasan_kmalloc+0xb7/0xc0 [ 14.765961] __kmalloc_cache_noprof+0x189/0x420 [ 14.766198] kasan_atomics+0x95/0x310 [ 14.766464] kunit_try_run_case+0x1a5/0x480 [ 14.766682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.767074] kthread+0x337/0x6f0 [ 14.767321] ret_from_fork+0x116/0x1d0 [ 14.767630] ret_from_fork_asm+0x1a/0x30 [ 14.767920] [ 14.768025] The buggy address belongs to the object at ffff8881031c4500 [ 14.768025] which belongs to the cache kmalloc-64 of size 64 [ 14.768822] The buggy address is located 0 bytes to the right of [ 14.768822] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.769362] [ 14.769467] The buggy address belongs to the physical page: [ 14.769944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.770273] flags: 0x200000000000000(node=0|zone=2) [ 14.770591] page_type: f5(slab) [ 14.770932] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.771272] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.771691] page dumped because: kasan: bad access detected [ 14.772035] [ 14.772143] Memory state around the buggy address: [ 14.772338] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.772679] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.773219] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.773611] ^ [ 14.773975] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.774369] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.774856] ================================================================== [ 15.475547] ================================================================== [ 15.476031] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.476478] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.476804] [ 15.476920] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.476963] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.476977] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.477000] Call Trace: [ 15.477018] <TASK> [ 15.477035] dump_stack_lvl+0x73/0xb0 [ 15.477063] print_report+0xd1/0x650 [ 15.477086] ? __virt_addr_valid+0x1db/0x2d0 [ 15.477111] ? kasan_atomics_helper+0x5115/0x5450 [ 15.477133] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.477156] ? kasan_atomics_helper+0x5115/0x5450 [ 15.477180] kasan_report+0x141/0x180 [ 15.477203] ? kasan_atomics_helper+0x5115/0x5450 [ 15.477232] __asan_report_load8_noabort+0x18/0x20 [ 15.477257] kasan_atomics_helper+0x5115/0x5450 [ 15.477281] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.477304] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.477331] ? kasan_atomics+0x152/0x310 [ 15.477359] kasan_atomics+0x1dc/0x310 [ 15.477388] ? __pfx_kasan_atomics+0x10/0x10 [ 15.477414] ? __pfx_read_tsc+0x10/0x10 [ 15.477435] ? ktime_get_ts64+0x86/0x230 [ 15.477470] kunit_try_run_case+0x1a5/0x480 [ 15.477496] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.477519] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.477544] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.477568] ? __kthread_parkme+0x82/0x180 [ 15.477589] ? preempt_count_sub+0x50/0x80 [ 15.477614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.477640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.477684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.477709] kthread+0x337/0x6f0 [ 15.477731] ? trace_preempt_on+0x20/0xc0 [ 15.477756] ? __pfx_kthread+0x10/0x10 [ 15.477778] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.477800] ? calculate_sigpending+0x7b/0xa0 [ 15.477825] ? __pfx_kthread+0x10/0x10 [ 15.477848] ret_from_fork+0x116/0x1d0 [ 15.477867] ? __pfx_kthread+0x10/0x10 [ 15.477890] ret_from_fork_asm+0x1a/0x30 [ 15.477921] </TASK> [ 15.477935] [ 15.485028] Allocated by task 283: [ 15.485185] kasan_save_stack+0x45/0x70 [ 15.485349] kasan_save_track+0x18/0x40 [ 15.485565] kasan_save_alloc_info+0x3b/0x50 [ 15.485787] __kasan_kmalloc+0xb7/0xc0 [ 15.485961] __kmalloc_cache_noprof+0x189/0x420 [ 15.486122] kasan_atomics+0x95/0x310 [ 15.486261] kunit_try_run_case+0x1a5/0x480 [ 15.486412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.486691] kthread+0x337/0x6f0 [ 15.486868] ret_from_fork+0x116/0x1d0 [ 15.487058] ret_from_fork_asm+0x1a/0x30 [ 15.487256] [ 15.487354] The buggy address belongs to the object at ffff8881031c4500 [ 15.487354] which belongs to the cache kmalloc-64 of size 64 [ 15.487828] The buggy address is located 0 bytes to the right of [ 15.487828] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.488328] [ 15.488429] The buggy address belongs to the physical page: [ 15.488649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.488994] flags: 0x200000000000000(node=0|zone=2) [ 15.489212] page_type: f5(slab) [ 15.489367] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.489686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.490008] page dumped because: kasan: bad access detected [ 15.490250] [ 15.490352] Memory state around the buggy address: [ 15.490579] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.490901] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.491128] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.491347] ^ [ 15.491516] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.491827] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.492154] ================================================================== [ 14.125366] ================================================================== [ 14.125752] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 14.126041] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.126460] [ 14.126568] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.126613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.126626] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.126650] Call Trace: [ 14.126666] <TASK> [ 14.126681] dump_stack_lvl+0x73/0xb0 [ 14.126730] print_report+0xd1/0x650 [ 14.126754] ? __virt_addr_valid+0x1db/0x2d0 [ 14.126777] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.126799] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.126822] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.126844] kasan_report+0x141/0x180 [ 14.126868] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.126895] __asan_report_store4_noabort+0x1b/0x30 [ 14.126917] kasan_atomics_helper+0x4b6e/0x5450 [ 14.126940] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.126963] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.126989] ? kasan_atomics+0x152/0x310 [ 14.127016] kasan_atomics+0x1dc/0x310 [ 14.127041] ? __pfx_kasan_atomics+0x10/0x10 [ 14.127066] ? __pfx_read_tsc+0x10/0x10 [ 14.127088] ? ktime_get_ts64+0x86/0x230 [ 14.127114] kunit_try_run_case+0x1a5/0x480 [ 14.127139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.127162] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.127244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.127271] ? __kthread_parkme+0x82/0x180 [ 14.127292] ? preempt_count_sub+0x50/0x80 [ 14.127317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.127342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.127366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.127390] kthread+0x337/0x6f0 [ 14.127412] ? trace_preempt_on+0x20/0xc0 [ 14.127436] ? __pfx_kthread+0x10/0x10 [ 14.127469] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.127491] ? calculate_sigpending+0x7b/0xa0 [ 14.127516] ? __pfx_kthread+0x10/0x10 [ 14.127539] ret_from_fork+0x116/0x1d0 [ 14.127559] ? __pfx_kthread+0x10/0x10 [ 14.127581] ret_from_fork_asm+0x1a/0x30 [ 14.127612] </TASK> [ 14.127625] [ 14.135707] Allocated by task 283: [ 14.135894] kasan_save_stack+0x45/0x70 [ 14.136092] kasan_save_track+0x18/0x40 [ 14.136471] kasan_save_alloc_info+0x3b/0x50 [ 14.136664] __kasan_kmalloc+0xb7/0xc0 [ 14.136881] __kmalloc_cache_noprof+0x189/0x420 [ 14.137073] kasan_atomics+0x95/0x310 [ 14.137333] kunit_try_run_case+0x1a5/0x480 [ 14.137544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.137810] kthread+0x337/0x6f0 [ 14.137970] ret_from_fork+0x116/0x1d0 [ 14.138139] ret_from_fork_asm+0x1a/0x30 [ 14.138361] [ 14.138446] The buggy address belongs to the object at ffff8881031c4500 [ 14.138446] which belongs to the cache kmalloc-64 of size 64 [ 14.138970] The buggy address is located 0 bytes to the right of [ 14.138970] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.139443] [ 14.139531] The buggy address belongs to the physical page: [ 14.139707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.140064] flags: 0x200000000000000(node=0|zone=2) [ 14.140298] page_type: f5(slab) [ 14.140617] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.141052] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.141528] page dumped because: kasan: bad access detected [ 14.141762] [ 14.141862] Memory state around the buggy address: [ 14.142097] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.142499] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.142854] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.143176] ^ [ 14.143438] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.143745] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.144035] ================================================================== [ 15.391544] ================================================================== [ 15.392937] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 15.393632] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.394253] [ 15.394430] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.394486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.394500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.394523] Call Trace: [ 15.394542] <TASK> [ 15.394559] dump_stack_lvl+0x73/0xb0 [ 15.394589] print_report+0xd1/0x650 [ 15.394613] ? __virt_addr_valid+0x1db/0x2d0 [ 15.394638] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.394660] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.394705] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.394728] kasan_report+0x141/0x180 [ 15.394751] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.394779] __asan_report_load8_noabort+0x18/0x20 [ 15.394804] kasan_atomics_helper+0x4fb2/0x5450 [ 15.394828] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.394851] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.394877] ? kasan_atomics+0x152/0x310 [ 15.394905] kasan_atomics+0x1dc/0x310 [ 15.394930] ? __pfx_kasan_atomics+0x10/0x10 [ 15.394955] ? __pfx_read_tsc+0x10/0x10 [ 15.394977] ? ktime_get_ts64+0x86/0x230 [ 15.395002] kunit_try_run_case+0x1a5/0x480 [ 15.395027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.395050] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.395074] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.395099] ? __kthread_parkme+0x82/0x180 [ 15.395120] ? preempt_count_sub+0x50/0x80 [ 15.395145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.395170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.395194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.395219] kthread+0x337/0x6f0 [ 15.395241] ? trace_preempt_on+0x20/0xc0 [ 15.395265] ? __pfx_kthread+0x10/0x10 [ 15.395287] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.395309] ? calculate_sigpending+0x7b/0xa0 [ 15.395334] ? __pfx_kthread+0x10/0x10 [ 15.395356] ret_from_fork+0x116/0x1d0 [ 15.395376] ? __pfx_kthread+0x10/0x10 [ 15.395398] ret_from_fork_asm+0x1a/0x30 [ 15.395431] </TASK> [ 15.395445] [ 15.408402] Allocated by task 283: [ 15.408754] kasan_save_stack+0x45/0x70 [ 15.409107] kasan_save_track+0x18/0x40 [ 15.409417] kasan_save_alloc_info+0x3b/0x50 [ 15.409583] __kasan_kmalloc+0xb7/0xc0 [ 15.409840] __kmalloc_cache_noprof+0x189/0x420 [ 15.410250] kasan_atomics+0x95/0x310 [ 15.410604] kunit_try_run_case+0x1a5/0x480 [ 15.410997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.411467] kthread+0x337/0x6f0 [ 15.411621] ret_from_fork+0x116/0x1d0 [ 15.411984] ret_from_fork_asm+0x1a/0x30 [ 15.412354] [ 15.412528] The buggy address belongs to the object at ffff8881031c4500 [ 15.412528] which belongs to the cache kmalloc-64 of size 64 [ 15.412993] The buggy address is located 0 bytes to the right of [ 15.412993] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.414222] [ 15.414386] The buggy address belongs to the physical page: [ 15.414782] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.415182] flags: 0x200000000000000(node=0|zone=2) [ 15.415350] page_type: f5(slab) [ 15.415484] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.415737] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.416152] page dumped because: kasan: bad access detected [ 15.416381] [ 15.416494] Memory state around the buggy address: [ 15.417144] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.417448] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.417793] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.418212] ^ [ 15.418437] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.418872] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.419163] ================================================================== [ 14.331805] ================================================================== [ 14.332163] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 14.332653] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.333510] [ 14.333747] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.333802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.333819] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.333945] Call Trace: [ 14.333965] <TASK> [ 14.333985] dump_stack_lvl+0x73/0xb0 [ 14.334017] print_report+0xd1/0x650 [ 14.334041] ? __virt_addr_valid+0x1db/0x2d0 [ 14.334096] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.334121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.334144] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.334167] kasan_report+0x141/0x180 [ 14.334208] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.334235] kasan_check_range+0x10c/0x1c0 [ 14.334260] __kasan_check_write+0x18/0x20 [ 14.334281] kasan_atomics_helper+0x7c7/0x5450 [ 14.334305] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.334329] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.334356] ? kasan_atomics+0x152/0x310 [ 14.334384] kasan_atomics+0x1dc/0x310 [ 14.334408] ? __pfx_kasan_atomics+0x10/0x10 [ 14.334434] ? __pfx_read_tsc+0x10/0x10 [ 14.334468] ? ktime_get_ts64+0x86/0x230 [ 14.334493] kunit_try_run_case+0x1a5/0x480 [ 14.334519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.334542] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.334566] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.334591] ? __kthread_parkme+0x82/0x180 [ 14.334612] ? preempt_count_sub+0x50/0x80 [ 14.334638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.334662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.334686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.334711] kthread+0x337/0x6f0 [ 14.334732] ? trace_preempt_on+0x20/0xc0 [ 14.334757] ? __pfx_kthread+0x10/0x10 [ 14.334779] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.334802] ? calculate_sigpending+0x7b/0xa0 [ 14.334827] ? __pfx_kthread+0x10/0x10 [ 14.334850] ret_from_fork+0x116/0x1d0 [ 14.334869] ? __pfx_kthread+0x10/0x10 [ 14.334891] ret_from_fork_asm+0x1a/0x30 [ 14.334923] </TASK> [ 14.334935] [ 14.348996] Allocated by task 283: [ 14.349763] kasan_save_stack+0x45/0x70 [ 14.350276] kasan_save_track+0x18/0x40 [ 14.351019] kasan_save_alloc_info+0x3b/0x50 [ 14.351210] __kasan_kmalloc+0xb7/0xc0 [ 14.351597] __kmalloc_cache_noprof+0x189/0x420 [ 14.351805] kasan_atomics+0x95/0x310 [ 14.352145] kunit_try_run_case+0x1a5/0x480 [ 14.352510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.352888] kthread+0x337/0x6f0 [ 14.353141] ret_from_fork+0x116/0x1d0 [ 14.353425] ret_from_fork_asm+0x1a/0x30 [ 14.353630] [ 14.353769] The buggy address belongs to the object at ffff8881031c4500 [ 14.353769] which belongs to the cache kmalloc-64 of size 64 [ 14.354245] The buggy address is located 0 bytes to the right of [ 14.354245] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.354959] [ 14.355058] The buggy address belongs to the physical page: [ 14.355300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.356212] flags: 0x200000000000000(node=0|zone=2) [ 14.356577] page_type: f5(slab) [ 14.356728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.357266] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.357779] page dumped because: kasan: bad access detected [ 14.358126] [ 14.358236] Memory state around the buggy address: [ 14.358578] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.359109] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.359653] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.359990] ^ [ 14.360248] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.360604] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.361017] ================================================================== [ 14.697978] ================================================================== [ 14.698395] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.698649] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.698991] [ 14.699105] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.699149] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.699164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.699189] Call Trace: [ 14.699244] <TASK> [ 14.699265] dump_stack_lvl+0x73/0xb0 [ 14.699296] print_report+0xd1/0x650 [ 14.699320] ? __virt_addr_valid+0x1db/0x2d0 [ 14.699344] ? kasan_atomics_helper+0x1148/0x5450 [ 14.699368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.699393] ? kasan_atomics_helper+0x1148/0x5450 [ 14.699416] kasan_report+0x141/0x180 [ 14.699440] ? kasan_atomics_helper+0x1148/0x5450 [ 14.699482] kasan_check_range+0x10c/0x1c0 [ 14.699508] __kasan_check_write+0x18/0x20 [ 14.699528] kasan_atomics_helper+0x1148/0x5450 [ 14.699552] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.699575] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.699601] ? kasan_atomics+0x152/0x310 [ 14.699629] kasan_atomics+0x1dc/0x310 [ 14.699653] ? __pfx_kasan_atomics+0x10/0x10 [ 14.699679] ? __pfx_read_tsc+0x10/0x10 [ 14.699700] ? ktime_get_ts64+0x86/0x230 [ 14.699725] kunit_try_run_case+0x1a5/0x480 [ 14.699750] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.699774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.699798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.699822] ? __kthread_parkme+0x82/0x180 [ 14.699843] ? preempt_count_sub+0x50/0x80 [ 14.699869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.699895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.699919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.699943] kthread+0x337/0x6f0 [ 14.699964] ? trace_preempt_on+0x20/0xc0 [ 14.700000] ? __pfx_kthread+0x10/0x10 [ 14.700022] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.700044] ? calculate_sigpending+0x7b/0xa0 [ 14.700069] ? __pfx_kthread+0x10/0x10 [ 14.700091] ret_from_fork+0x116/0x1d0 [ 14.700111] ? __pfx_kthread+0x10/0x10 [ 14.700132] ret_from_fork_asm+0x1a/0x30 [ 14.700164] </TASK> [ 14.700177] [ 14.708281] Allocated by task 283: [ 14.708477] kasan_save_stack+0x45/0x70 [ 14.708685] kasan_save_track+0x18/0x40 [ 14.709132] kasan_save_alloc_info+0x3b/0x50 [ 14.709529] __kasan_kmalloc+0xb7/0xc0 [ 14.709779] __kmalloc_cache_noprof+0x189/0x420 [ 14.709966] kasan_atomics+0x95/0x310 [ 14.710141] kunit_try_run_case+0x1a5/0x480 [ 14.710292] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.710481] kthread+0x337/0x6f0 [ 14.710655] ret_from_fork+0x116/0x1d0 [ 14.710846] ret_from_fork_asm+0x1a/0x30 [ 14.711264] [ 14.711353] The buggy address belongs to the object at ffff8881031c4500 [ 14.711353] which belongs to the cache kmalloc-64 of size 64 [ 14.711842] The buggy address is located 0 bytes to the right of [ 14.711842] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.712400] [ 14.712495] The buggy address belongs to the physical page: [ 14.712696] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.712941] flags: 0x200000000000000(node=0|zone=2) [ 14.713107] page_type: f5(slab) [ 14.713371] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.713742] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.714084] page dumped because: kasan: bad access detected [ 14.714391] [ 14.714489] Memory state around the buggy address: [ 14.714714] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.714938] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.715157] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.715591] ^ [ 14.716040] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.716585] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.717089] ================================================================== [ 14.146571] ================================================================== [ 14.146896] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 14.147197] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.147533] [ 14.147631] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.147695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.147710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.147733] Call Trace: [ 14.147751] <TASK> [ 14.147768] dump_stack_lvl+0x73/0xb0 [ 14.147796] print_report+0xd1/0x650 [ 14.147820] ? __virt_addr_valid+0x1db/0x2d0 [ 14.147843] ? kasan_atomics_helper+0x3df/0x5450 [ 14.147865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.147888] ? kasan_atomics_helper+0x3df/0x5450 [ 14.147911] kasan_report+0x141/0x180 [ 14.147934] ? kasan_atomics_helper+0x3df/0x5450 [ 14.147962] kasan_check_range+0x10c/0x1c0 [ 14.147987] __kasan_check_read+0x15/0x20 [ 14.148007] kasan_atomics_helper+0x3df/0x5450 [ 14.148031] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.148054] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.148079] ? kasan_atomics+0x152/0x310 [ 14.148108] kasan_atomics+0x1dc/0x310 [ 14.148131] ? __pfx_kasan_atomics+0x10/0x10 [ 14.148157] ? __pfx_read_tsc+0x10/0x10 [ 14.148179] ? ktime_get_ts64+0x86/0x230 [ 14.148203] kunit_try_run_case+0x1a5/0x480 [ 14.148229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.148252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.148276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.148301] ? __kthread_parkme+0x82/0x180 [ 14.148321] ? preempt_count_sub+0x50/0x80 [ 14.148345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.148371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.148394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.148419] kthread+0x337/0x6f0 [ 14.148440] ? trace_preempt_on+0x20/0xc0 [ 14.148474] ? __pfx_kthread+0x10/0x10 [ 14.148496] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.148519] ? calculate_sigpending+0x7b/0xa0 [ 14.148544] ? __pfx_kthread+0x10/0x10 [ 14.148567] ret_from_fork+0x116/0x1d0 [ 14.148587] ? __pfx_kthread+0x10/0x10 [ 14.148609] ret_from_fork_asm+0x1a/0x30 [ 14.148641] </TASK> [ 14.148655] [ 14.156812] Allocated by task 283: [ 14.157001] kasan_save_stack+0x45/0x70 [ 14.157268] kasan_save_track+0x18/0x40 [ 14.157437] kasan_save_alloc_info+0x3b/0x50 [ 14.157601] __kasan_kmalloc+0xb7/0xc0 [ 14.157782] __kmalloc_cache_noprof+0x189/0x420 [ 14.158011] kasan_atomics+0x95/0x310 [ 14.158410] kunit_try_run_case+0x1a5/0x480 [ 14.158647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.158889] kthread+0x337/0x6f0 [ 14.159014] ret_from_fork+0x116/0x1d0 [ 14.159160] ret_from_fork_asm+0x1a/0x30 [ 14.159425] [ 14.159540] The buggy address belongs to the object at ffff8881031c4500 [ 14.159540] which belongs to the cache kmalloc-64 of size 64 [ 14.160100] The buggy address is located 0 bytes to the right of [ 14.160100] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.160668] [ 14.160775] The buggy address belongs to the physical page: [ 14.161004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.161410] flags: 0x200000000000000(node=0|zone=2) [ 14.161594] page_type: f5(slab) [ 14.161740] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.162090] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.162504] page dumped because: kasan: bad access detected [ 14.162789] [ 14.162885] Memory state around the buggy address: [ 14.163044] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.163592] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.163895] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.164290] ^ [ 14.164501] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.164817] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.165068] ================================================================== [ 15.229563] ================================================================== [ 15.230000] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 15.230382] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.231134] [ 15.231410] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.231472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.231486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.231510] Call Trace: [ 15.231528] <TASK> [ 15.231544] dump_stack_lvl+0x73/0xb0 [ 15.231574] print_report+0xd1/0x650 [ 15.231619] ? __virt_addr_valid+0x1db/0x2d0 [ 15.231643] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.231690] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.231714] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.231737] kasan_report+0x141/0x180 [ 15.231761] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.231789] kasan_check_range+0x10c/0x1c0 [ 15.231814] __kasan_check_write+0x18/0x20 [ 15.231835] kasan_atomics_helper+0x1d7a/0x5450 [ 15.231859] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.231883] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.231910] ? kasan_atomics+0x152/0x310 [ 15.231938] kasan_atomics+0x1dc/0x310 [ 15.231962] ? __pfx_kasan_atomics+0x10/0x10 [ 15.231987] ? __pfx_read_tsc+0x10/0x10 [ 15.232009] ? ktime_get_ts64+0x86/0x230 [ 15.232035] kunit_try_run_case+0x1a5/0x480 [ 15.232061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.232085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.232109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.232134] ? __kthread_parkme+0x82/0x180 [ 15.232155] ? preempt_count_sub+0x50/0x80 [ 15.232181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.232216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.232239] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.232262] kthread+0x337/0x6f0 [ 15.232312] ? trace_preempt_on+0x20/0xc0 [ 15.232337] ? __pfx_kthread+0x10/0x10 [ 15.232387] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.232409] ? calculate_sigpending+0x7b/0xa0 [ 15.232471] ? __pfx_kthread+0x10/0x10 [ 15.232494] ret_from_fork+0x116/0x1d0 [ 15.232531] ? __pfx_kthread+0x10/0x10 [ 15.232565] ret_from_fork_asm+0x1a/0x30 [ 15.232613] </TASK> [ 15.232637] [ 15.241245] Allocated by task 283: [ 15.241485] kasan_save_stack+0x45/0x70 [ 15.241740] kasan_save_track+0x18/0x40 [ 15.241927] kasan_save_alloc_info+0x3b/0x50 [ 15.242163] __kasan_kmalloc+0xb7/0xc0 [ 15.242378] __kmalloc_cache_noprof+0x189/0x420 [ 15.242634] kasan_atomics+0x95/0x310 [ 15.242872] kunit_try_run_case+0x1a5/0x480 [ 15.243096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.243384] kthread+0x337/0x6f0 [ 15.243581] ret_from_fork+0x116/0x1d0 [ 15.243951] ret_from_fork_asm+0x1a/0x30 [ 15.244157] [ 15.244232] The buggy address belongs to the object at ffff8881031c4500 [ 15.244232] which belongs to the cache kmalloc-64 of size 64 [ 15.244800] The buggy address is located 0 bytes to the right of [ 15.244800] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.245539] [ 15.245660] The buggy address belongs to the physical page: [ 15.245923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.246241] flags: 0x200000000000000(node=0|zone=2) [ 15.246402] page_type: f5(slab) [ 15.246534] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.246941] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.247318] page dumped because: kasan: bad access detected [ 15.247663] [ 15.247799] Memory state around the buggy address: [ 15.248135] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.248409] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.248787] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.249190] ^ [ 15.249438] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.249815] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.250033] ================================================================== [ 14.547040] ================================================================== [ 14.547436] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.547770] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.548010] [ 14.548125] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.548169] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.548247] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.548272] Call Trace: [ 14.548290] <TASK> [ 14.548307] dump_stack_lvl+0x73/0xb0 [ 14.548337] print_report+0xd1/0x650 [ 14.548361] ? __virt_addr_valid+0x1db/0x2d0 [ 14.548385] ? kasan_atomics_helper+0xde0/0x5450 [ 14.548407] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.548431] ? kasan_atomics_helper+0xde0/0x5450 [ 14.548463] kasan_report+0x141/0x180 [ 14.548487] ? kasan_atomics_helper+0xde0/0x5450 [ 14.548515] kasan_check_range+0x10c/0x1c0 [ 14.548539] __kasan_check_write+0x18/0x20 [ 14.548561] kasan_atomics_helper+0xde0/0x5450 [ 14.548585] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.548608] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.548635] ? kasan_atomics+0x152/0x310 [ 14.548662] kasan_atomics+0x1dc/0x310 [ 14.548686] ? __pfx_kasan_atomics+0x10/0x10 [ 14.548730] ? __pfx_read_tsc+0x10/0x10 [ 14.548752] ? ktime_get_ts64+0x86/0x230 [ 14.548777] kunit_try_run_case+0x1a5/0x480 [ 14.548802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.548825] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.548851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.548876] ? __kthread_parkme+0x82/0x180 [ 14.548898] ? preempt_count_sub+0x50/0x80 [ 14.548923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.548948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.548972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.548997] kthread+0x337/0x6f0 [ 14.549018] ? trace_preempt_on+0x20/0xc0 [ 14.549043] ? __pfx_kthread+0x10/0x10 [ 14.549065] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.549089] ? calculate_sigpending+0x7b/0xa0 [ 14.549115] ? __pfx_kthread+0x10/0x10 [ 14.549138] ret_from_fork+0x116/0x1d0 [ 14.549157] ? __pfx_kthread+0x10/0x10 [ 14.549233] ret_from_fork_asm+0x1a/0x30 [ 14.549268] </TASK> [ 14.549282] [ 14.557440] Allocated by task 283: [ 14.557608] kasan_save_stack+0x45/0x70 [ 14.557758] kasan_save_track+0x18/0x40 [ 14.558380] kasan_save_alloc_info+0x3b/0x50 [ 14.558626] __kasan_kmalloc+0xb7/0xc0 [ 14.558813] __kmalloc_cache_noprof+0x189/0x420 [ 14.559009] kasan_atomics+0x95/0x310 [ 14.559148] kunit_try_run_case+0x1a5/0x480 [ 14.559298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.559566] kthread+0x337/0x6f0 [ 14.559780] ret_from_fork+0x116/0x1d0 [ 14.559973] ret_from_fork_asm+0x1a/0x30 [ 14.560118] [ 14.560244] The buggy address belongs to the object at ffff8881031c4500 [ 14.560244] which belongs to the cache kmalloc-64 of size 64 [ 14.560797] The buggy address is located 0 bytes to the right of [ 14.560797] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.561336] [ 14.561446] The buggy address belongs to the physical page: [ 14.561699] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.561948] flags: 0x200000000000000(node=0|zone=2) [ 14.562113] page_type: f5(slab) [ 14.562470] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.562805] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.563242] page dumped because: kasan: bad access detected [ 14.563505] [ 14.563605] Memory state around the buggy address: [ 14.563850] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.564105] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.564388] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.564638] ^ [ 14.564894] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.565276] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.565566] ================================================================== [ 15.168932] ================================================================== [ 15.169406] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 15.169672] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.170046] [ 15.170172] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.170217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.170231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.170284] Call Trace: [ 15.170300] <TASK> [ 15.170319] dump_stack_lvl+0x73/0xb0 [ 15.170362] print_report+0xd1/0x650 [ 15.170404] ? __virt_addr_valid+0x1db/0x2d0 [ 15.170436] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.170475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.170499] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.170524] kasan_report+0x141/0x180 [ 15.170548] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.170593] kasan_check_range+0x10c/0x1c0 [ 15.170627] __kasan_check_write+0x18/0x20 [ 15.170648] kasan_atomics_helper+0x1c18/0x5450 [ 15.170682] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.170706] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.170732] ? kasan_atomics+0x152/0x310 [ 15.170760] kasan_atomics+0x1dc/0x310 [ 15.170786] ? __pfx_kasan_atomics+0x10/0x10 [ 15.170810] ? __pfx_read_tsc+0x10/0x10 [ 15.170831] ? ktime_get_ts64+0x86/0x230 [ 15.170856] kunit_try_run_case+0x1a5/0x480 [ 15.170880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.170903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.170928] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.170979] ? __kthread_parkme+0x82/0x180 [ 15.171000] ? preempt_count_sub+0x50/0x80 [ 15.171024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.171060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.171084] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.171133] kthread+0x337/0x6f0 [ 15.171154] ? trace_preempt_on+0x20/0xc0 [ 15.171179] ? __pfx_kthread+0x10/0x10 [ 15.171211] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.171234] ? calculate_sigpending+0x7b/0xa0 [ 15.171259] ? __pfx_kthread+0x10/0x10 [ 15.171281] ret_from_fork+0x116/0x1d0 [ 15.171300] ? __pfx_kthread+0x10/0x10 [ 15.171321] ret_from_fork_asm+0x1a/0x30 [ 15.171353] </TASK> [ 15.171365] [ 15.179647] Allocated by task 283: [ 15.179844] kasan_save_stack+0x45/0x70 [ 15.180049] kasan_save_track+0x18/0x40 [ 15.180233] kasan_save_alloc_info+0x3b/0x50 [ 15.180386] __kasan_kmalloc+0xb7/0xc0 [ 15.180533] __kmalloc_cache_noprof+0x189/0x420 [ 15.180728] kasan_atomics+0x95/0x310 [ 15.180972] kunit_try_run_case+0x1a5/0x480 [ 15.181262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.181572] kthread+0x337/0x6f0 [ 15.181808] ret_from_fork+0x116/0x1d0 [ 15.182042] ret_from_fork_asm+0x1a/0x30 [ 15.182243] [ 15.182388] The buggy address belongs to the object at ffff8881031c4500 [ 15.182388] which belongs to the cache kmalloc-64 of size 64 [ 15.182947] The buggy address is located 0 bytes to the right of [ 15.182947] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.183532] [ 15.183670] The buggy address belongs to the physical page: [ 15.183937] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.184290] flags: 0x200000000000000(node=0|zone=2) [ 15.184561] page_type: f5(slab) [ 15.184769] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.185114] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.185473] page dumped because: kasan: bad access detected [ 15.185819] [ 15.185929] Memory state around the buggy address: [ 15.186143] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.186531] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.186897] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.187231] ^ [ 15.187447] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.187861] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.188236] ================================================================== [ 14.444892] ================================================================== [ 14.445286] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 14.445572] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.445845] [ 14.445974] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.446019] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.446033] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.446057] Call Trace: [ 14.446073] <TASK> [ 14.446090] dump_stack_lvl+0x73/0xb0 [ 14.446119] print_report+0xd1/0x650 [ 14.446143] ? __virt_addr_valid+0x1db/0x2d0 [ 14.446167] ? kasan_atomics_helper+0xac7/0x5450 [ 14.446189] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.446258] ? kasan_atomics_helper+0xac7/0x5450 [ 14.446286] kasan_report+0x141/0x180 [ 14.446310] ? kasan_atomics_helper+0xac7/0x5450 [ 14.446337] kasan_check_range+0x10c/0x1c0 [ 14.446362] __kasan_check_write+0x18/0x20 [ 14.446382] kasan_atomics_helper+0xac7/0x5450 [ 14.446406] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.446430] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.446468] ? kasan_atomics+0x152/0x310 [ 14.446496] kasan_atomics+0x1dc/0x310 [ 14.446520] ? __pfx_kasan_atomics+0x10/0x10 [ 14.446546] ? __pfx_read_tsc+0x10/0x10 [ 14.446569] ? ktime_get_ts64+0x86/0x230 [ 14.446593] kunit_try_run_case+0x1a5/0x480 [ 14.446619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.446642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.446666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.446691] ? __kthread_parkme+0x82/0x180 [ 14.446712] ? preempt_count_sub+0x50/0x80 [ 14.446736] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.446761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.446785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.446809] kthread+0x337/0x6f0 [ 14.446831] ? trace_preempt_on+0x20/0xc0 [ 14.446855] ? __pfx_kthread+0x10/0x10 [ 14.446877] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.446898] ? calculate_sigpending+0x7b/0xa0 [ 14.446923] ? __pfx_kthread+0x10/0x10 [ 14.446945] ret_from_fork+0x116/0x1d0 [ 14.446965] ? __pfx_kthread+0x10/0x10 [ 14.446988] ret_from_fork_asm+0x1a/0x30 [ 14.447020] </TASK> [ 14.447034] [ 14.455029] Allocated by task 283: [ 14.455363] kasan_save_stack+0x45/0x70 [ 14.455580] kasan_save_track+0x18/0x40 [ 14.455818] kasan_save_alloc_info+0x3b/0x50 [ 14.456004] __kasan_kmalloc+0xb7/0xc0 [ 14.456142] __kmalloc_cache_noprof+0x189/0x420 [ 14.456483] kasan_atomics+0x95/0x310 [ 14.456671] kunit_try_run_case+0x1a5/0x480 [ 14.456895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.457074] kthread+0x337/0x6f0 [ 14.457198] ret_from_fork+0x116/0x1d0 [ 14.457333] ret_from_fork_asm+0x1a/0x30 [ 14.457548] [ 14.457648] The buggy address belongs to the object at ffff8881031c4500 [ 14.457648] which belongs to the cache kmalloc-64 of size 64 [ 14.458411] The buggy address is located 0 bytes to the right of [ 14.458411] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.458836] [ 14.458914] The buggy address belongs to the physical page: [ 14.459087] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.459929] flags: 0x200000000000000(node=0|zone=2) [ 14.460181] page_type: f5(slab) [ 14.460353] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.460746] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.461037] page dumped because: kasan: bad access detected [ 14.461239] [ 14.461314] Memory state around the buggy address: [ 14.461489] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.461805] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.462110] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.462536] ^ [ 14.462765] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.463044] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.463655] ================================================================== [ 15.290855] ================================================================== [ 15.291150] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 15.291617] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.292120] [ 15.292276] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.292321] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.292335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.292359] Call Trace: [ 15.292373] <TASK> [ 15.292390] dump_stack_lvl+0x73/0xb0 [ 15.292421] print_report+0xd1/0x650 [ 15.292444] ? __virt_addr_valid+0x1db/0x2d0 [ 15.292509] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.292532] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.292584] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.292632] kasan_report+0x141/0x180 [ 15.292657] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.292703] kasan_check_range+0x10c/0x1c0 [ 15.292729] __kasan_check_write+0x18/0x20 [ 15.292749] kasan_atomics_helper+0x1f43/0x5450 [ 15.292790] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.292827] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.292878] ? kasan_atomics+0x152/0x310 [ 15.292905] kasan_atomics+0x1dc/0x310 [ 15.292941] ? __pfx_kasan_atomics+0x10/0x10 [ 15.292967] ? __pfx_read_tsc+0x10/0x10 [ 15.292988] ? ktime_get_ts64+0x86/0x230 [ 15.293014] kunit_try_run_case+0x1a5/0x480 [ 15.293039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.293063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.293088] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.293112] ? __kthread_parkme+0x82/0x180 [ 15.293134] ? preempt_count_sub+0x50/0x80 [ 15.293159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.293184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.293208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.293233] kthread+0x337/0x6f0 [ 15.293254] ? trace_preempt_on+0x20/0xc0 [ 15.293296] ? __pfx_kthread+0x10/0x10 [ 15.293328] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.293349] ? calculate_sigpending+0x7b/0xa0 [ 15.293391] ? __pfx_kthread+0x10/0x10 [ 15.293414] ret_from_fork+0x116/0x1d0 [ 15.293434] ? __pfx_kthread+0x10/0x10 [ 15.293488] ret_from_fork_asm+0x1a/0x30 [ 15.293534] </TASK> [ 15.293568] [ 15.301981] Allocated by task 283: [ 15.302211] kasan_save_stack+0x45/0x70 [ 15.302436] kasan_save_track+0x18/0x40 [ 15.302695] kasan_save_alloc_info+0x3b/0x50 [ 15.302926] __kasan_kmalloc+0xb7/0xc0 [ 15.303114] __kmalloc_cache_noprof+0x189/0x420 [ 15.303333] kasan_atomics+0x95/0x310 [ 15.303478] kunit_try_run_case+0x1a5/0x480 [ 15.303662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.304066] kthread+0x337/0x6f0 [ 15.304232] ret_from_fork+0x116/0x1d0 [ 15.304368] ret_from_fork_asm+0x1a/0x30 [ 15.304522] [ 15.304596] The buggy address belongs to the object at ffff8881031c4500 [ 15.304596] which belongs to the cache kmalloc-64 of size 64 [ 15.305096] The buggy address is located 0 bytes to the right of [ 15.305096] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.305687] [ 15.305788] The buggy address belongs to the physical page: [ 15.306104] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.306352] flags: 0x200000000000000(node=0|zone=2) [ 15.306629] page_type: f5(slab) [ 15.306801] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.307278] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.307780] page dumped because: kasan: bad access detected [ 15.307999] [ 15.308074] Memory state around the buggy address: [ 15.308248] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.308653] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.309033] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.309327] ^ [ 15.309567] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.309910] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.310241] ================================================================== [ 15.330747] ================================================================== [ 15.331139] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 15.331532] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.331965] [ 15.332087] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.332164] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.332191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.332228] Call Trace: [ 15.332244] <TASK> [ 15.332274] dump_stack_lvl+0x73/0xb0 [ 15.332317] print_report+0xd1/0x650 [ 15.332342] ? __virt_addr_valid+0x1db/0x2d0 [ 15.332377] ? kasan_atomics_helper+0x2006/0x5450 [ 15.332400] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.332424] ? kasan_atomics_helper+0x2006/0x5450 [ 15.332469] kasan_report+0x141/0x180 [ 15.332493] ? kasan_atomics_helper+0x2006/0x5450 [ 15.332521] kasan_check_range+0x10c/0x1c0 [ 15.332546] __kasan_check_write+0x18/0x20 [ 15.332567] kasan_atomics_helper+0x2006/0x5450 [ 15.332591] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.332615] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.332643] ? kasan_atomics+0x152/0x310 [ 15.332672] kasan_atomics+0x1dc/0x310 [ 15.332695] ? __pfx_kasan_atomics+0x10/0x10 [ 15.332722] ? __pfx_read_tsc+0x10/0x10 [ 15.332746] ? ktime_get_ts64+0x86/0x230 [ 15.332800] kunit_try_run_case+0x1a5/0x480 [ 15.332826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.332860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.332885] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.332909] ? __kthread_parkme+0x82/0x180 [ 15.332931] ? preempt_count_sub+0x50/0x80 [ 15.332955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.332980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.333005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.333030] kthread+0x337/0x6f0 [ 15.333078] ? trace_preempt_on+0x20/0xc0 [ 15.333103] ? __pfx_kthread+0x10/0x10 [ 15.333125] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.333159] ? calculate_sigpending+0x7b/0xa0 [ 15.333184] ? __pfx_kthread+0x10/0x10 [ 15.333232] ret_from_fork+0x116/0x1d0 [ 15.333252] ? __pfx_kthread+0x10/0x10 [ 15.333274] ret_from_fork_asm+0x1a/0x30 [ 15.333316] </TASK> [ 15.333330] [ 15.341791] Allocated by task 283: [ 15.341987] kasan_save_stack+0x45/0x70 [ 15.342207] kasan_save_track+0x18/0x40 [ 15.342418] kasan_save_alloc_info+0x3b/0x50 [ 15.342641] __kasan_kmalloc+0xb7/0xc0 [ 15.342865] __kmalloc_cache_noprof+0x189/0x420 [ 15.343156] kasan_atomics+0x95/0x310 [ 15.343338] kunit_try_run_case+0x1a5/0x480 [ 15.343587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.343892] kthread+0x337/0x6f0 [ 15.344196] ret_from_fork+0x116/0x1d0 [ 15.344371] ret_from_fork_asm+0x1a/0x30 [ 15.344535] [ 15.344634] The buggy address belongs to the object at ffff8881031c4500 [ 15.344634] which belongs to the cache kmalloc-64 of size 64 [ 15.345256] The buggy address is located 0 bytes to the right of [ 15.345256] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.345868] [ 15.346011] The buggy address belongs to the physical page: [ 15.346278] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.346630] flags: 0x200000000000000(node=0|zone=2) [ 15.346911] page_type: f5(slab) [ 15.347105] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.347466] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.347864] page dumped because: kasan: bad access detected [ 15.348038] [ 15.348109] Memory state around the buggy address: [ 15.348262] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.348522] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.348842] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.349283] ^ [ 15.349475] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.349688] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.349898] ================================================================== [ 14.381628] ================================================================== [ 14.381988] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 14.382328] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.382713] [ 14.382832] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.382878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.382912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.382936] Call Trace: [ 14.382953] <TASK> [ 14.382970] dump_stack_lvl+0x73/0xb0 [ 14.383000] print_report+0xd1/0x650 [ 14.383024] ? __virt_addr_valid+0x1db/0x2d0 [ 14.383047] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.383090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.383117] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.383141] kasan_report+0x141/0x180 [ 14.383164] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.383273] kasan_check_range+0x10c/0x1c0 [ 14.383300] __kasan_check_write+0x18/0x20 [ 14.383321] kasan_atomics_helper+0x8f9/0x5450 [ 14.383345] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.383369] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.383396] ? kasan_atomics+0x152/0x310 [ 14.383443] kasan_atomics+0x1dc/0x310 [ 14.383478] ? __pfx_kasan_atomics+0x10/0x10 [ 14.383503] ? __pfx_read_tsc+0x10/0x10 [ 14.383525] ? ktime_get_ts64+0x86/0x230 [ 14.383550] kunit_try_run_case+0x1a5/0x480 [ 14.383575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.383601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.383626] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.383651] ? __kthread_parkme+0x82/0x180 [ 14.383672] ? preempt_count_sub+0x50/0x80 [ 14.383696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.383739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.383764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.383810] kthread+0x337/0x6f0 [ 14.383831] ? trace_preempt_on+0x20/0xc0 [ 14.383856] ? __pfx_kthread+0x10/0x10 [ 14.383878] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.383901] ? calculate_sigpending+0x7b/0xa0 [ 14.383926] ? __pfx_kthread+0x10/0x10 [ 14.383949] ret_from_fork+0x116/0x1d0 [ 14.383987] ? __pfx_kthread+0x10/0x10 [ 14.384009] ret_from_fork_asm+0x1a/0x30 [ 14.384040] </TASK> [ 14.384054] [ 14.392470] Allocated by task 283: [ 14.392684] kasan_save_stack+0x45/0x70 [ 14.392906] kasan_save_track+0x18/0x40 [ 14.393089] kasan_save_alloc_info+0x3b/0x50 [ 14.393408] __kasan_kmalloc+0xb7/0xc0 [ 14.393596] __kmalloc_cache_noprof+0x189/0x420 [ 14.393856] kasan_atomics+0x95/0x310 [ 14.394041] kunit_try_run_case+0x1a5/0x480 [ 14.394287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.394481] kthread+0x337/0x6f0 [ 14.394669] ret_from_fork+0x116/0x1d0 [ 14.394878] ret_from_fork_asm+0x1a/0x30 [ 14.395075] [ 14.395176] The buggy address belongs to the object at ffff8881031c4500 [ 14.395176] which belongs to the cache kmalloc-64 of size 64 [ 14.395743] The buggy address is located 0 bytes to the right of [ 14.395743] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.396357] [ 14.396471] The buggy address belongs to the physical page: [ 14.396741] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.397073] flags: 0x200000000000000(node=0|zone=2) [ 14.397519] page_type: f5(slab) [ 14.397701] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.398063] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.398472] page dumped because: kasan: bad access detected [ 14.398762] [ 14.398839] Memory state around the buggy address: [ 14.399015] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.399410] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.399767] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.400083] ^ [ 14.400376] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.400721] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.401028] ================================================================== [ 15.009516] ================================================================== [ 15.009787] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 15.010488] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.011021] [ 15.011227] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.011270] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.011284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.011307] Call Trace: [ 15.011323] <TASK> [ 15.011339] dump_stack_lvl+0x73/0xb0 [ 15.011368] print_report+0xd1/0x650 [ 15.011392] ? __virt_addr_valid+0x1db/0x2d0 [ 15.011415] ? kasan_atomics_helper+0x177f/0x5450 [ 15.011437] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.011472] ? kasan_atomics_helper+0x177f/0x5450 [ 15.011495] kasan_report+0x141/0x180 [ 15.011520] ? kasan_atomics_helper+0x177f/0x5450 [ 15.011547] kasan_check_range+0x10c/0x1c0 [ 15.011573] __kasan_check_write+0x18/0x20 [ 15.011594] kasan_atomics_helper+0x177f/0x5450 [ 15.011617] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.011641] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.011686] ? kasan_atomics+0x152/0x310 [ 15.011714] kasan_atomics+0x1dc/0x310 [ 15.011741] ? __pfx_kasan_atomics+0x10/0x10 [ 15.011768] ? __pfx_read_tsc+0x10/0x10 [ 15.011790] ? ktime_get_ts64+0x86/0x230 [ 15.011814] kunit_try_run_case+0x1a5/0x480 [ 15.011839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.011882] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.011906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.011931] ? __kthread_parkme+0x82/0x180 [ 15.011952] ? preempt_count_sub+0x50/0x80 [ 15.011976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.012002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.012025] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.012049] kthread+0x337/0x6f0 [ 15.012071] ? trace_preempt_on+0x20/0xc0 [ 15.012094] ? __pfx_kthread+0x10/0x10 [ 15.012116] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.012140] ? calculate_sigpending+0x7b/0xa0 [ 15.012164] ? __pfx_kthread+0x10/0x10 [ 15.012187] ret_from_fork+0x116/0x1d0 [ 15.012207] ? __pfx_kthread+0x10/0x10 [ 15.012229] ret_from_fork_asm+0x1a/0x30 [ 15.012261] </TASK> [ 15.012274] [ 15.022828] Allocated by task 283: [ 15.023003] kasan_save_stack+0x45/0x70 [ 15.023214] kasan_save_track+0x18/0x40 [ 15.023382] kasan_save_alloc_info+0x3b/0x50 [ 15.023607] __kasan_kmalloc+0xb7/0xc0 [ 15.024023] __kmalloc_cache_noprof+0x189/0x420 [ 15.024337] kasan_atomics+0x95/0x310 [ 15.024597] kunit_try_run_case+0x1a5/0x480 [ 15.024898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.025157] kthread+0x337/0x6f0 [ 15.025438] ret_from_fork+0x116/0x1d0 [ 15.025637] ret_from_fork_asm+0x1a/0x30 [ 15.025965] [ 15.026067] The buggy address belongs to the object at ffff8881031c4500 [ 15.026067] which belongs to the cache kmalloc-64 of size 64 [ 15.026684] The buggy address is located 0 bytes to the right of [ 15.026684] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.027334] [ 15.027434] The buggy address belongs to the physical page: [ 15.027883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.028242] flags: 0x200000000000000(node=0|zone=2) [ 15.028480] page_type: f5(slab) [ 15.028636] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.029151] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.029511] page dumped because: kasan: bad access detected [ 15.029878] [ 15.029983] Memory state around the buggy address: [ 15.030294] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.030690] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.031049] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.031350] ^ [ 15.031583] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.032112] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.032499] ================================================================== [ 15.271104] ================================================================== [ 15.271538] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 15.271991] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.272342] [ 15.272498] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.272546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.272571] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.272595] Call Trace: [ 15.272612] <TASK> [ 15.272657] dump_stack_lvl+0x73/0xb0 [ 15.272689] print_report+0xd1/0x650 [ 15.272737] ? __virt_addr_valid+0x1db/0x2d0 [ 15.272761] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.272811] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.272835] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.272897] kasan_report+0x141/0x180 [ 15.272921] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.272971] kasan_check_range+0x10c/0x1c0 [ 15.272997] __kasan_check_write+0x18/0x20 [ 15.273018] kasan_atomics_helper+0x1eaa/0x5450 [ 15.273054] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.273078] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.273115] ? kasan_atomics+0x152/0x310 [ 15.273144] kasan_atomics+0x1dc/0x310 [ 15.273168] ? __pfx_kasan_atomics+0x10/0x10 [ 15.273194] ? __pfx_read_tsc+0x10/0x10 [ 15.273217] ? ktime_get_ts64+0x86/0x230 [ 15.273242] kunit_try_run_case+0x1a5/0x480 [ 15.273267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.273292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.273317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.273342] ? __kthread_parkme+0x82/0x180 [ 15.273386] ? preempt_count_sub+0x50/0x80 [ 15.273419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.273444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.273486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.273510] kthread+0x337/0x6f0 [ 15.273533] ? trace_preempt_on+0x20/0xc0 [ 15.273581] ? __pfx_kthread+0x10/0x10 [ 15.273604] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.273649] ? calculate_sigpending+0x7b/0xa0 [ 15.273674] ? __pfx_kthread+0x10/0x10 [ 15.273722] ret_from_fork+0x116/0x1d0 [ 15.273756] ? __pfx_kthread+0x10/0x10 [ 15.273790] ret_from_fork_asm+0x1a/0x30 [ 15.273821] </TASK> [ 15.273836] [ 15.282033] Allocated by task 283: [ 15.282260] kasan_save_stack+0x45/0x70 [ 15.282493] kasan_save_track+0x18/0x40 [ 15.282686] kasan_save_alloc_info+0x3b/0x50 [ 15.282953] __kasan_kmalloc+0xb7/0xc0 [ 15.283205] __kmalloc_cache_noprof+0x189/0x420 [ 15.283459] kasan_atomics+0x95/0x310 [ 15.283646] kunit_try_run_case+0x1a5/0x480 [ 15.283890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.284145] kthread+0x337/0x6f0 [ 15.284290] ret_from_fork+0x116/0x1d0 [ 15.284429] ret_from_fork_asm+0x1a/0x30 [ 15.284581] [ 15.284662] The buggy address belongs to the object at ffff8881031c4500 [ 15.284662] which belongs to the cache kmalloc-64 of size 64 [ 15.285192] The buggy address is located 0 bytes to the right of [ 15.285192] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.285728] [ 15.285806] The buggy address belongs to the physical page: [ 15.285983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.286401] flags: 0x200000000000000(node=0|zone=2) [ 15.286693] page_type: f5(slab) [ 15.286926] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.287358] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.287800] page dumped because: kasan: bad access detected [ 15.288032] [ 15.288106] Memory state around the buggy address: [ 15.288284] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.288695] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.289031] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.289391] ^ [ 15.289611] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.289972] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.290315] ================================================================== [ 14.361543] ================================================================== [ 14.361862] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 14.362313] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.362633] [ 14.362813] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.362857] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.362895] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.362919] Call Trace: [ 14.362935] <TASK> [ 14.362952] dump_stack_lvl+0x73/0xb0 [ 14.362983] print_report+0xd1/0x650 [ 14.363007] ? __virt_addr_valid+0x1db/0x2d0 [ 14.363030] ? kasan_atomics_helper+0x860/0x5450 [ 14.363073] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.363096] ? kasan_atomics_helper+0x860/0x5450 [ 14.363119] kasan_report+0x141/0x180 [ 14.363142] ? kasan_atomics_helper+0x860/0x5450 [ 14.363170] kasan_check_range+0x10c/0x1c0 [ 14.363258] __kasan_check_write+0x18/0x20 [ 14.363284] kasan_atomics_helper+0x860/0x5450 [ 14.363308] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.363332] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.363359] ? kasan_atomics+0x152/0x310 [ 14.363387] kasan_atomics+0x1dc/0x310 [ 14.363411] ? __pfx_kasan_atomics+0x10/0x10 [ 14.363475] ? __pfx_read_tsc+0x10/0x10 [ 14.363498] ? ktime_get_ts64+0x86/0x230 [ 14.363524] kunit_try_run_case+0x1a5/0x480 [ 14.363551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.363574] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.363598] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.363624] ? __kthread_parkme+0x82/0x180 [ 14.363646] ? preempt_count_sub+0x50/0x80 [ 14.363670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.363712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.363736] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.363782] kthread+0x337/0x6f0 [ 14.363803] ? trace_preempt_on+0x20/0xc0 [ 14.363829] ? __pfx_kthread+0x10/0x10 [ 14.363851] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.363874] ? calculate_sigpending+0x7b/0xa0 [ 14.363899] ? __pfx_kthread+0x10/0x10 [ 14.363921] ret_from_fork+0x116/0x1d0 [ 14.363941] ? __pfx_kthread+0x10/0x10 [ 14.363963] ret_from_fork_asm+0x1a/0x30 [ 14.363995] </TASK> [ 14.364009] [ 14.372572] Allocated by task 283: [ 14.372756] kasan_save_stack+0x45/0x70 [ 14.372906] kasan_save_track+0x18/0x40 [ 14.373094] kasan_save_alloc_info+0x3b/0x50 [ 14.373550] __kasan_kmalloc+0xb7/0xc0 [ 14.373784] __kmalloc_cache_noprof+0x189/0x420 [ 14.374006] kasan_atomics+0x95/0x310 [ 14.374169] kunit_try_run_case+0x1a5/0x480 [ 14.374476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.374690] kthread+0x337/0x6f0 [ 14.374863] ret_from_fork+0x116/0x1d0 [ 14.375056] ret_from_fork_asm+0x1a/0x30 [ 14.375299] [ 14.375378] The buggy address belongs to the object at ffff8881031c4500 [ 14.375378] which belongs to the cache kmalloc-64 of size 64 [ 14.375971] The buggy address is located 0 bytes to the right of [ 14.375971] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.376540] [ 14.376641] The buggy address belongs to the physical page: [ 14.376902] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.377219] flags: 0x200000000000000(node=0|zone=2) [ 14.377462] page_type: f5(slab) [ 14.377632] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.378025] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.378517] page dumped because: kasan: bad access detected [ 14.378852] [ 14.378971] Memory state around the buggy address: [ 14.379279] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.379608] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.379904] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.380298] ^ [ 14.380540] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.380864] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.381133] ================================================================== [ 14.660363] ================================================================== [ 14.660667] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.660972] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.661262] [ 14.661351] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.661400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.661414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.661437] Call Trace: [ 14.661469] <TASK> [ 14.661532] dump_stack_lvl+0x73/0xb0 [ 14.661566] print_report+0xd1/0x650 [ 14.661589] ? __virt_addr_valid+0x1db/0x2d0 [ 14.661613] ? kasan_atomics_helper+0x1079/0x5450 [ 14.661637] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.661662] ? kasan_atomics_helper+0x1079/0x5450 [ 14.661686] kasan_report+0x141/0x180 [ 14.661709] ? kasan_atomics_helper+0x1079/0x5450 [ 14.661737] kasan_check_range+0x10c/0x1c0 [ 14.661776] __kasan_check_write+0x18/0x20 [ 14.661797] kasan_atomics_helper+0x1079/0x5450 [ 14.661821] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.661845] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.661871] ? kasan_atomics+0x152/0x310 [ 14.661900] kasan_atomics+0x1dc/0x310 [ 14.661923] ? __pfx_kasan_atomics+0x10/0x10 [ 14.661949] ? __pfx_read_tsc+0x10/0x10 [ 14.661971] ? ktime_get_ts64+0x86/0x230 [ 14.661996] kunit_try_run_case+0x1a5/0x480 [ 14.662020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.662044] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.662068] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.662093] ? __kthread_parkme+0x82/0x180 [ 14.662114] ? preempt_count_sub+0x50/0x80 [ 14.662138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.662163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.662187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.662251] kthread+0x337/0x6f0 [ 14.662272] ? trace_preempt_on+0x20/0xc0 [ 14.662297] ? __pfx_kthread+0x10/0x10 [ 14.662319] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.662342] ? calculate_sigpending+0x7b/0xa0 [ 14.662366] ? __pfx_kthread+0x10/0x10 [ 14.662389] ret_from_fork+0x116/0x1d0 [ 14.662408] ? __pfx_kthread+0x10/0x10 [ 14.662430] ret_from_fork_asm+0x1a/0x30 [ 14.662473] </TASK> [ 14.662486] [ 14.670553] Allocated by task 283: [ 14.670796] kasan_save_stack+0x45/0x70 [ 14.670951] kasan_save_track+0x18/0x40 [ 14.671092] kasan_save_alloc_info+0x3b/0x50 [ 14.671525] __kasan_kmalloc+0xb7/0xc0 [ 14.671760] __kmalloc_cache_noprof+0x189/0x420 [ 14.671996] kasan_atomics+0x95/0x310 [ 14.672249] kunit_try_run_case+0x1a5/0x480 [ 14.672493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.672767] kthread+0x337/0x6f0 [ 14.672894] ret_from_fork+0x116/0x1d0 [ 14.673069] ret_from_fork_asm+0x1a/0x30 [ 14.673320] [ 14.673430] The buggy address belongs to the object at ffff8881031c4500 [ 14.673430] which belongs to the cache kmalloc-64 of size 64 [ 14.673962] The buggy address is located 0 bytes to the right of [ 14.673962] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.674352] [ 14.674429] The buggy address belongs to the physical page: [ 14.674626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.675083] flags: 0x200000000000000(node=0|zone=2) [ 14.675520] page_type: f5(slab) [ 14.675707] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.675993] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.676465] page dumped because: kasan: bad access detected [ 14.676835] [ 14.676933] Memory state around the buggy address: [ 14.677160] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.677515] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.677740] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.678231] ^ [ 14.678479] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.678802] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.679044] ================================================================== [ 14.793659] ================================================================== [ 14.794007] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.794762] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.795066] [ 14.795181] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.795482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.795497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.795520] Call Trace: [ 14.795538] <TASK> [ 14.795554] dump_stack_lvl+0x73/0xb0 [ 14.795585] print_report+0xd1/0x650 [ 14.795608] ? __virt_addr_valid+0x1db/0x2d0 [ 14.795632] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.795654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.795679] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.795714] kasan_report+0x141/0x180 [ 14.795739] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.795766] kasan_check_range+0x10c/0x1c0 [ 14.795791] __kasan_check_write+0x18/0x20 [ 14.795811] kasan_atomics_helper+0x12e6/0x5450 [ 14.795836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.795859] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.795885] ? kasan_atomics+0x152/0x310 [ 14.795913] kasan_atomics+0x1dc/0x310 [ 14.795936] ? __pfx_kasan_atomics+0x10/0x10 [ 14.795962] ? __pfx_read_tsc+0x10/0x10 [ 14.795984] ? ktime_get_ts64+0x86/0x230 [ 14.796008] kunit_try_run_case+0x1a5/0x480 [ 14.796033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.796057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.796081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.796105] ? __kthread_parkme+0x82/0x180 [ 14.796126] ? preempt_count_sub+0x50/0x80 [ 14.796151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.796175] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.796200] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.796224] kthread+0x337/0x6f0 [ 14.796245] ? trace_preempt_on+0x20/0xc0 [ 14.796269] ? __pfx_kthread+0x10/0x10 [ 14.796291] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.796313] ? calculate_sigpending+0x7b/0xa0 [ 14.796337] ? __pfx_kthread+0x10/0x10 [ 14.796360] ret_from_fork+0x116/0x1d0 [ 14.796378] ? __pfx_kthread+0x10/0x10 [ 14.796400] ret_from_fork_asm+0x1a/0x30 [ 14.796432] </TASK> [ 14.796444] [ 14.803790] Allocated by task 283: [ 14.803985] kasan_save_stack+0x45/0x70 [ 14.804185] kasan_save_track+0x18/0x40 [ 14.804583] kasan_save_alloc_info+0x3b/0x50 [ 14.804817] __kasan_kmalloc+0xb7/0xc0 [ 14.804954] __kmalloc_cache_noprof+0x189/0x420 [ 14.805113] kasan_atomics+0x95/0x310 [ 14.805250] kunit_try_run_case+0x1a5/0x480 [ 14.805405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.805594] kthread+0x337/0x6f0 [ 14.805741] ret_from_fork+0x116/0x1d0 [ 14.805933] ret_from_fork_asm+0x1a/0x30 [ 14.806168] [ 14.806267] The buggy address belongs to the object at ffff8881031c4500 [ 14.806267] which belongs to the cache kmalloc-64 of size 64 [ 14.806860] The buggy address is located 0 bytes to the right of [ 14.806860] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.807228] [ 14.807305] The buggy address belongs to the physical page: [ 14.807488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.808223] flags: 0x200000000000000(node=0|zone=2) [ 14.808496] page_type: f5(slab) [ 14.808802] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.809429] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.811241] page dumped because: kasan: bad access detected [ 14.811894] [ 14.812339] Memory state around the buggy address: [ 14.813125] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.813863] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.814097] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.814318] ^ [ 14.814489] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.814857] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.815230] ================================================================== [ 14.401583] ================================================================== [ 14.401918] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 14.402519] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.402853] [ 14.402945] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.402992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.403006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.403029] Call Trace: [ 14.403046] <TASK> [ 14.403063] dump_stack_lvl+0x73/0xb0 [ 14.403093] print_report+0xd1/0x650 [ 14.403117] ? __virt_addr_valid+0x1db/0x2d0 [ 14.403141] ? kasan_atomics_helper+0x992/0x5450 [ 14.403209] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.403235] ? kasan_atomics_helper+0x992/0x5450 [ 14.403258] kasan_report+0x141/0x180 [ 14.403281] ? kasan_atomics_helper+0x992/0x5450 [ 14.403309] kasan_check_range+0x10c/0x1c0 [ 14.403334] __kasan_check_write+0x18/0x20 [ 14.403415] kasan_atomics_helper+0x992/0x5450 [ 14.403440] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.403475] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.403502] ? kasan_atomics+0x152/0x310 [ 14.403531] kasan_atomics+0x1dc/0x310 [ 14.403555] ? __pfx_kasan_atomics+0x10/0x10 [ 14.403581] ? __pfx_read_tsc+0x10/0x10 [ 14.403603] ? ktime_get_ts64+0x86/0x230 [ 14.403628] kunit_try_run_case+0x1a5/0x480 [ 14.403653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.403695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.403720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.403744] ? __kthread_parkme+0x82/0x180 [ 14.403764] ? preempt_count_sub+0x50/0x80 [ 14.403813] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.403838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.403862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.403886] kthread+0x337/0x6f0 [ 14.403907] ? trace_preempt_on+0x20/0xc0 [ 14.403931] ? __pfx_kthread+0x10/0x10 [ 14.403953] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.403975] ? calculate_sigpending+0x7b/0xa0 [ 14.403999] ? __pfx_kthread+0x10/0x10 [ 14.404023] ret_from_fork+0x116/0x1d0 [ 14.404043] ? __pfx_kthread+0x10/0x10 [ 14.404065] ret_from_fork_asm+0x1a/0x30 [ 14.404098] </TASK> [ 14.404111] [ 14.412309] Allocated by task 283: [ 14.412460] kasan_save_stack+0x45/0x70 [ 14.412713] kasan_save_track+0x18/0x40 [ 14.412898] kasan_save_alloc_info+0x3b/0x50 [ 14.413095] __kasan_kmalloc+0xb7/0xc0 [ 14.413582] __kmalloc_cache_noprof+0x189/0x420 [ 14.413788] kasan_atomics+0x95/0x310 [ 14.413953] kunit_try_run_case+0x1a5/0x480 [ 14.414250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.414543] kthread+0x337/0x6f0 [ 14.414709] ret_from_fork+0x116/0x1d0 [ 14.414843] ret_from_fork_asm+0x1a/0x30 [ 14.414989] [ 14.415089] The buggy address belongs to the object at ffff8881031c4500 [ 14.415089] which belongs to the cache kmalloc-64 of size 64 [ 14.415643] The buggy address is located 0 bytes to the right of [ 14.415643] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.416243] [ 14.416349] The buggy address belongs to the physical page: [ 14.416613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.416960] flags: 0x200000000000000(node=0|zone=2) [ 14.417131] page_type: f5(slab) [ 14.417353] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.417800] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.418144] page dumped because: kasan: bad access detected [ 14.418585] [ 14.418714] Memory state around the buggy address: [ 14.418964] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.419375] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.419692] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.420030] ^ [ 14.420321] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.420596] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.420950] ================================================================== [ 14.921062] ================================================================== [ 14.921782] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.922064] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.922396] [ 14.922499] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.922542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.922557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.922581] Call Trace: [ 14.922597] <TASK> [ 14.922615] dump_stack_lvl+0x73/0xb0 [ 14.922654] print_report+0xd1/0x650 [ 14.922683] ? __virt_addr_valid+0x1db/0x2d0 [ 14.922707] ? kasan_atomics_helper+0x151d/0x5450 [ 14.922729] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.922753] ? kasan_atomics_helper+0x151d/0x5450 [ 14.922776] kasan_report+0x141/0x180 [ 14.922811] ? kasan_atomics_helper+0x151d/0x5450 [ 14.922840] kasan_check_range+0x10c/0x1c0 [ 14.922878] __kasan_check_write+0x18/0x20 [ 14.922899] kasan_atomics_helper+0x151d/0x5450 [ 14.922924] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.922958] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.922985] ? kasan_atomics+0x152/0x310 [ 14.923013] kasan_atomics+0x1dc/0x310 [ 14.923038] ? __pfx_kasan_atomics+0x10/0x10 [ 14.923063] ? __pfx_read_tsc+0x10/0x10 [ 14.923084] ? ktime_get_ts64+0x86/0x230 [ 14.923109] kunit_try_run_case+0x1a5/0x480 [ 14.923133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.923157] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.923181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.923206] ? __kthread_parkme+0x82/0x180 [ 14.923227] ? preempt_count_sub+0x50/0x80 [ 14.923251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.923276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.923301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.923325] kthread+0x337/0x6f0 [ 14.923346] ? trace_preempt_on+0x20/0xc0 [ 14.923371] ? __pfx_kthread+0x10/0x10 [ 14.923394] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.923418] ? calculate_sigpending+0x7b/0xa0 [ 14.923462] ? __pfx_kthread+0x10/0x10 [ 14.923485] ret_from_fork+0x116/0x1d0 [ 14.923505] ? __pfx_kthread+0x10/0x10 [ 14.923537] ret_from_fork_asm+0x1a/0x30 [ 14.923569] </TASK> [ 14.923582] [ 14.933502] Allocated by task 283: [ 14.933696] kasan_save_stack+0x45/0x70 [ 14.934022] kasan_save_track+0x18/0x40 [ 14.934313] kasan_save_alloc_info+0x3b/0x50 [ 14.934501] __kasan_kmalloc+0xb7/0xc0 [ 14.934856] __kmalloc_cache_noprof+0x189/0x420 [ 14.935083] kasan_atomics+0x95/0x310 [ 14.935363] kunit_try_run_case+0x1a5/0x480 [ 14.935560] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.935961] kthread+0x337/0x6f0 [ 14.936250] ret_from_fork+0x116/0x1d0 [ 14.936397] ret_from_fork_asm+0x1a/0x30 [ 14.936760] [ 14.936867] The buggy address belongs to the object at ffff8881031c4500 [ 14.936867] which belongs to the cache kmalloc-64 of size 64 [ 14.937370] The buggy address is located 0 bytes to the right of [ 14.937370] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.938235] [ 14.938336] The buggy address belongs to the physical page: [ 14.938529] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.939040] flags: 0x200000000000000(node=0|zone=2) [ 14.939355] page_type: f5(slab) [ 14.939514] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.939976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.940394] page dumped because: kasan: bad access detected [ 14.940657] [ 14.940933] Memory state around the buggy address: [ 14.941132] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.941664] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.942378] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.943152] ^ [ 14.943660] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.944330] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.945008] ================================================================== [ 14.970687] ================================================================== [ 14.971057] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.971613] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.972038] [ 14.972157] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.972266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.972284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.972370] Call Trace: [ 14.972387] <TASK> [ 14.972476] dump_stack_lvl+0x73/0xb0 [ 14.972549] print_report+0xd1/0x650 [ 14.972629] ? __virt_addr_valid+0x1db/0x2d0 [ 14.972654] ? kasan_atomics_helper+0x164f/0x5450 [ 14.972697] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.972721] ? kasan_atomics_helper+0x164f/0x5450 [ 14.972744] kasan_report+0x141/0x180 [ 14.972768] ? kasan_atomics_helper+0x164f/0x5450 [ 14.972795] kasan_check_range+0x10c/0x1c0 [ 14.972821] __kasan_check_write+0x18/0x20 [ 14.972841] kasan_atomics_helper+0x164f/0x5450 [ 14.972865] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.972888] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.972914] ? kasan_atomics+0x152/0x310 [ 14.972943] kasan_atomics+0x1dc/0x310 [ 14.972967] ? __pfx_kasan_atomics+0x10/0x10 [ 14.972993] ? __pfx_read_tsc+0x10/0x10 [ 14.973015] ? ktime_get_ts64+0x86/0x230 [ 14.973040] kunit_try_run_case+0x1a5/0x480 [ 14.973066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.973090] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.973115] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.973140] ? __kthread_parkme+0x82/0x180 [ 14.973161] ? preempt_count_sub+0x50/0x80 [ 14.973187] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.973212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.973236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.973261] kthread+0x337/0x6f0 [ 14.973283] ? trace_preempt_on+0x20/0xc0 [ 14.973309] ? __pfx_kthread+0x10/0x10 [ 14.973331] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.973354] ? calculate_sigpending+0x7b/0xa0 [ 14.973385] ? __pfx_kthread+0x10/0x10 [ 14.973408] ret_from_fork+0x116/0x1d0 [ 14.973428] ? __pfx_kthread+0x10/0x10 [ 14.973450] ret_from_fork_asm+0x1a/0x30 [ 14.973495] </TASK> [ 14.973508] [ 14.984121] Allocated by task 283: [ 14.984327] kasan_save_stack+0x45/0x70 [ 14.984545] kasan_save_track+0x18/0x40 [ 14.984733] kasan_save_alloc_info+0x3b/0x50 [ 14.984886] __kasan_kmalloc+0xb7/0xc0 [ 14.985096] __kmalloc_cache_noprof+0x189/0x420 [ 14.985342] kasan_atomics+0x95/0x310 [ 14.985535] kunit_try_run_case+0x1a5/0x480 [ 14.985764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.985947] kthread+0x337/0x6f0 [ 14.986121] ret_from_fork+0x116/0x1d0 [ 14.986310] ret_from_fork_asm+0x1a/0x30 [ 14.986538] [ 14.986637] The buggy address belongs to the object at ffff8881031c4500 [ 14.986637] which belongs to the cache kmalloc-64 of size 64 [ 14.987114] The buggy address is located 0 bytes to the right of [ 14.987114] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.987692] [ 14.987795] The buggy address belongs to the physical page: [ 14.988021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.988339] flags: 0x200000000000000(node=0|zone=2) [ 14.988570] page_type: f5(slab) [ 14.988754] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.989071] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.989328] page dumped because: kasan: bad access detected [ 14.989524] [ 14.989598] Memory state around the buggy address: [ 14.989783] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.990111] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.990441] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.990797] ^ [ 14.991031] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.991288] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.991593] ================================================================== [ 15.209351] ================================================================== [ 15.209781] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 15.210175] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.210543] [ 15.210710] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.210756] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.210769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.210792] Call Trace: [ 15.210837] <TASK> [ 15.210854] dump_stack_lvl+0x73/0xb0 [ 15.210913] print_report+0xd1/0x650 [ 15.210938] ? __virt_addr_valid+0x1db/0x2d0 [ 15.210962] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.210984] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.211007] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.211030] kasan_report+0x141/0x180 [ 15.211054] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.211107] kasan_check_range+0x10c/0x1c0 [ 15.211133] __kasan_check_write+0x18/0x20 [ 15.211171] kasan_atomics_helper+0x1ce1/0x5450 [ 15.211207] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.211230] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.211257] ? kasan_atomics+0x152/0x310 [ 15.211285] kasan_atomics+0x1dc/0x310 [ 15.211310] ? __pfx_kasan_atomics+0x10/0x10 [ 15.211335] ? __pfx_read_tsc+0x10/0x10 [ 15.211357] ? ktime_get_ts64+0x86/0x230 [ 15.211382] kunit_try_run_case+0x1a5/0x480 [ 15.211407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.211430] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.211492] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.211516] ? __kthread_parkme+0x82/0x180 [ 15.211537] ? preempt_count_sub+0x50/0x80 [ 15.211571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.211595] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.211646] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.211671] kthread+0x337/0x6f0 [ 15.211703] ? trace_preempt_on+0x20/0xc0 [ 15.211766] ? __pfx_kthread+0x10/0x10 [ 15.211788] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.211810] ? calculate_sigpending+0x7b/0xa0 [ 15.211845] ? __pfx_kthread+0x10/0x10 [ 15.211868] ret_from_fork+0x116/0x1d0 [ 15.211887] ? __pfx_kthread+0x10/0x10 [ 15.211924] ret_from_fork_asm+0x1a/0x30 [ 15.211956] </TASK> [ 15.211969] [ 15.220178] Allocated by task 283: [ 15.220316] kasan_save_stack+0x45/0x70 [ 15.220467] kasan_save_track+0x18/0x40 [ 15.220689] kasan_save_alloc_info+0x3b/0x50 [ 15.220953] __kasan_kmalloc+0xb7/0xc0 [ 15.221188] __kmalloc_cache_noprof+0x189/0x420 [ 15.221432] kasan_atomics+0x95/0x310 [ 15.221594] kunit_try_run_case+0x1a5/0x480 [ 15.221846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.222119] kthread+0x337/0x6f0 [ 15.222345] ret_from_fork+0x116/0x1d0 [ 15.222556] ret_from_fork_asm+0x1a/0x30 [ 15.222772] [ 15.222906] The buggy address belongs to the object at ffff8881031c4500 [ 15.222906] which belongs to the cache kmalloc-64 of size 64 [ 15.223620] The buggy address is located 0 bytes to the right of [ 15.223620] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.224170] [ 15.224291] The buggy address belongs to the physical page: [ 15.224616] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.225035] flags: 0x200000000000000(node=0|zone=2) [ 15.225336] page_type: f5(slab) [ 15.225511] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.225926] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.226287] page dumped because: kasan: bad access detected [ 15.226571] [ 15.226682] Memory state around the buggy address: [ 15.226979] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.227311] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.227648] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.227994] ^ [ 15.228253] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.228607] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.228965] ================================================================== [ 14.508103] ================================================================== [ 14.508662] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.509019] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.509532] [ 14.509640] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.509684] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.509699] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.509721] Call Trace: [ 14.509738] <TASK> [ 14.509754] dump_stack_lvl+0x73/0xb0 [ 14.509784] print_report+0xd1/0x650 [ 14.509818] ? __virt_addr_valid+0x1db/0x2d0 [ 14.509842] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.509864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.509888] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.509911] kasan_report+0x141/0x180 [ 14.509935] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.509963] __asan_report_load4_noabort+0x18/0x20 [ 14.509989] kasan_atomics_helper+0x4a84/0x5450 [ 14.510013] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.510036] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.510063] ? kasan_atomics+0x152/0x310 [ 14.510091] kasan_atomics+0x1dc/0x310 [ 14.510114] ? __pfx_kasan_atomics+0x10/0x10 [ 14.510140] ? __pfx_read_tsc+0x10/0x10 [ 14.510162] ? ktime_get_ts64+0x86/0x230 [ 14.510186] kunit_try_run_case+0x1a5/0x480 [ 14.510211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.510235] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.510259] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.510284] ? __kthread_parkme+0x82/0x180 [ 14.510304] ? preempt_count_sub+0x50/0x80 [ 14.510329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.510353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.510378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.510402] kthread+0x337/0x6f0 [ 14.510423] ? trace_preempt_on+0x20/0xc0 [ 14.510448] ? __pfx_kthread+0x10/0x10 [ 14.510481] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.510504] ? calculate_sigpending+0x7b/0xa0 [ 14.510528] ? __pfx_kthread+0x10/0x10 [ 14.510551] ret_from_fork+0x116/0x1d0 [ 14.510570] ? __pfx_kthread+0x10/0x10 [ 14.510592] ret_from_fork_asm+0x1a/0x30 [ 14.510623] </TASK> [ 14.510636] [ 14.518840] Allocated by task 283: [ 14.519016] kasan_save_stack+0x45/0x70 [ 14.519233] kasan_save_track+0x18/0x40 [ 14.519387] kasan_save_alloc_info+0x3b/0x50 [ 14.519597] __kasan_kmalloc+0xb7/0xc0 [ 14.519811] __kmalloc_cache_noprof+0x189/0x420 [ 14.520015] kasan_atomics+0x95/0x310 [ 14.520208] kunit_try_run_case+0x1a5/0x480 [ 14.520614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.520859] kthread+0x337/0x6f0 [ 14.521036] ret_from_fork+0x116/0x1d0 [ 14.521279] ret_from_fork_asm+0x1a/0x30 [ 14.521478] [ 14.521564] The buggy address belongs to the object at ffff8881031c4500 [ 14.521564] which belongs to the cache kmalloc-64 of size 64 [ 14.522070] The buggy address is located 0 bytes to the right of [ 14.522070] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.522610] [ 14.522721] The buggy address belongs to the physical page: [ 14.522936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.523180] flags: 0x200000000000000(node=0|zone=2) [ 14.523345] page_type: f5(slab) [ 14.523478] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.524051] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.524387] page dumped because: kasan: bad access detected [ 14.524663] [ 14.524760] Memory state around the buggy address: [ 14.524984] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.525239] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.525474] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.526835] ^ [ 14.527055] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.527356] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.527657] ================================================================== [ 14.300713] ================================================================== [ 14.301032] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 14.301817] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.302138] [ 14.302319] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.302369] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.302384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.302410] Call Trace: [ 14.302427] <TASK> [ 14.302445] dump_stack_lvl+0x73/0xb0 [ 14.302489] print_report+0xd1/0x650 [ 14.302512] ? __virt_addr_valid+0x1db/0x2d0 [ 14.302537] ? kasan_atomics_helper+0x72f/0x5450 [ 14.302559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.302583] ? kasan_atomics_helper+0x72f/0x5450 [ 14.302606] kasan_report+0x141/0x180 [ 14.302629] ? kasan_atomics_helper+0x72f/0x5450 [ 14.302657] kasan_check_range+0x10c/0x1c0 [ 14.302682] __kasan_check_write+0x18/0x20 [ 14.302703] kasan_atomics_helper+0x72f/0x5450 [ 14.302727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.302751] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.302778] ? kasan_atomics+0x152/0x310 [ 14.302806] kasan_atomics+0x1dc/0x310 [ 14.302830] ? __pfx_kasan_atomics+0x10/0x10 [ 14.302857] ? __pfx_read_tsc+0x10/0x10 [ 14.302878] ? ktime_get_ts64+0x86/0x230 [ 14.302903] kunit_try_run_case+0x1a5/0x480 [ 14.302928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.302952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.302977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.303001] ? __kthread_parkme+0x82/0x180 [ 14.303022] ? preempt_count_sub+0x50/0x80 [ 14.303047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.303073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.303096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.303120] kthread+0x337/0x6f0 [ 14.303141] ? trace_preempt_on+0x20/0xc0 [ 14.303165] ? __pfx_kthread+0x10/0x10 [ 14.303538] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.303576] ? calculate_sigpending+0x7b/0xa0 [ 14.303604] ? __pfx_kthread+0x10/0x10 [ 14.303628] ret_from_fork+0x116/0x1d0 [ 14.303650] ? __pfx_kthread+0x10/0x10 [ 14.303674] ret_from_fork_asm+0x1a/0x30 [ 14.303746] </TASK> [ 14.303760] [ 14.316976] Allocated by task 283: [ 14.317145] kasan_save_stack+0x45/0x70 [ 14.317402] kasan_save_track+0x18/0x40 [ 14.317609] kasan_save_alloc_info+0x3b/0x50 [ 14.318225] __kasan_kmalloc+0xb7/0xc0 [ 14.318550] __kmalloc_cache_noprof+0x189/0x420 [ 14.318971] kasan_atomics+0x95/0x310 [ 14.319289] kunit_try_run_case+0x1a5/0x480 [ 14.319812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.320074] kthread+0x337/0x6f0 [ 14.320446] ret_from_fork+0x116/0x1d0 [ 14.320658] ret_from_fork_asm+0x1a/0x30 [ 14.321011] [ 14.321111] The buggy address belongs to the object at ffff8881031c4500 [ 14.321111] which belongs to the cache kmalloc-64 of size 64 [ 14.322125] The buggy address is located 0 bytes to the right of [ 14.322125] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.323421] [ 14.323550] The buggy address belongs to the physical page: [ 14.324093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.324822] flags: 0x200000000000000(node=0|zone=2) [ 14.325058] page_type: f5(slab) [ 14.325270] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.325607] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.326676] page dumped because: kasan: bad access detected [ 14.327016] [ 14.327313] Memory state around the buggy address: [ 14.327804] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.328137] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.328491] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.329142] ^ [ 14.329623] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.330128] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.330568] ================================================================== [ 14.465309] ================================================================== [ 14.465805] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 14.466078] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.466603] [ 14.466823] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.466871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.466885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.466908] Call Trace: [ 14.466926] <TASK> [ 14.466943] dump_stack_lvl+0x73/0xb0 [ 14.466977] print_report+0xd1/0x650 [ 14.467004] ? __virt_addr_valid+0x1db/0x2d0 [ 14.467027] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.467050] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.467073] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.467097] kasan_report+0x141/0x180 [ 14.467120] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.467146] kasan_check_range+0x10c/0x1c0 [ 14.467171] __kasan_check_write+0x18/0x20 [ 14.467191] kasan_atomics_helper+0xb6a/0x5450 [ 14.467215] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.467238] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.467265] ? kasan_atomics+0x152/0x310 [ 14.467292] kasan_atomics+0x1dc/0x310 [ 14.467328] ? __pfx_kasan_atomics+0x10/0x10 [ 14.467354] ? __pfx_read_tsc+0x10/0x10 [ 14.467375] ? ktime_get_ts64+0x86/0x230 [ 14.467400] kunit_try_run_case+0x1a5/0x480 [ 14.467425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.467484] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.467509] ? __kthread_parkme+0x82/0x180 [ 14.467530] ? preempt_count_sub+0x50/0x80 [ 14.467554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.467603] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.467628] kthread+0x337/0x6f0 [ 14.467649] ? trace_preempt_on+0x20/0xc0 [ 14.467673] ? __pfx_kthread+0x10/0x10 [ 14.467737] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.467760] ? calculate_sigpending+0x7b/0xa0 [ 14.467784] ? __pfx_kthread+0x10/0x10 [ 14.467807] ret_from_fork+0x116/0x1d0 [ 14.467827] ? __pfx_kthread+0x10/0x10 [ 14.467848] ret_from_fork_asm+0x1a/0x30 [ 14.467879] </TASK> [ 14.467892] [ 14.478877] Allocated by task 283: [ 14.479015] kasan_save_stack+0x45/0x70 [ 14.479354] kasan_save_track+0x18/0x40 [ 14.479565] kasan_save_alloc_info+0x3b/0x50 [ 14.479847] __kasan_kmalloc+0xb7/0xc0 [ 14.479985] __kmalloc_cache_noprof+0x189/0x420 [ 14.480145] kasan_atomics+0x95/0x310 [ 14.480285] kunit_try_run_case+0x1a5/0x480 [ 14.480586] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.481042] kthread+0x337/0x6f0 [ 14.481220] ret_from_fork+0x116/0x1d0 [ 14.481521] ret_from_fork_asm+0x1a/0x30 [ 14.481911] [ 14.482014] The buggy address belongs to the object at ffff8881031c4500 [ 14.482014] which belongs to the cache kmalloc-64 of size 64 [ 14.482500] The buggy address is located 0 bytes to the right of [ 14.482500] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.483190] [ 14.483269] The buggy address belongs to the physical page: [ 14.483446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.484046] flags: 0x200000000000000(node=0|zone=2) [ 14.484256] page_type: f5(slab) [ 14.484381] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.484771] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.485117] page dumped because: kasan: bad access detected [ 14.485372] [ 14.485484] Memory state around the buggy address: [ 14.485739] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.485965] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.486522] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.486824] ^ [ 14.486986] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.487205] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.487887] ================================================================== [ 14.566025] ================================================================== [ 14.566417] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.566733] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.567010] [ 14.567125] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.567169] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.567241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.567267] Call Trace: [ 14.567283] <TASK> [ 14.567299] dump_stack_lvl+0x73/0xb0 [ 14.567328] print_report+0xd1/0x650 [ 14.567352] ? __virt_addr_valid+0x1db/0x2d0 [ 14.567375] ? kasan_atomics_helper+0xe78/0x5450 [ 14.567397] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.567421] ? kasan_atomics_helper+0xe78/0x5450 [ 14.567443] kasan_report+0x141/0x180 [ 14.567477] ? kasan_atomics_helper+0xe78/0x5450 [ 14.567505] kasan_check_range+0x10c/0x1c0 [ 14.567529] __kasan_check_write+0x18/0x20 [ 14.567549] kasan_atomics_helper+0xe78/0x5450 [ 14.567574] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.567598] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.567624] ? kasan_atomics+0x152/0x310 [ 14.567653] kasan_atomics+0x1dc/0x310 [ 14.567677] ? __pfx_kasan_atomics+0x10/0x10 [ 14.567720] ? __pfx_read_tsc+0x10/0x10 [ 14.567743] ? ktime_get_ts64+0x86/0x230 [ 14.567768] kunit_try_run_case+0x1a5/0x480 [ 14.567794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.567818] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.567842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.567867] ? __kthread_parkme+0x82/0x180 [ 14.567888] ? preempt_count_sub+0x50/0x80 [ 14.567913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.567938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.567962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.567986] kthread+0x337/0x6f0 [ 14.568007] ? trace_preempt_on+0x20/0xc0 [ 14.568031] ? __pfx_kthread+0x10/0x10 [ 14.568053] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.568076] ? calculate_sigpending+0x7b/0xa0 [ 14.568102] ? __pfx_kthread+0x10/0x10 [ 14.568125] ret_from_fork+0x116/0x1d0 [ 14.568144] ? __pfx_kthread+0x10/0x10 [ 14.568167] ret_from_fork_asm+0x1a/0x30 [ 14.568254] </TASK> [ 14.568269] [ 14.576011] Allocated by task 283: [ 14.576176] kasan_save_stack+0x45/0x70 [ 14.576368] kasan_save_track+0x18/0x40 [ 14.576536] kasan_save_alloc_info+0x3b/0x50 [ 14.576742] __kasan_kmalloc+0xb7/0xc0 [ 14.576890] __kmalloc_cache_noprof+0x189/0x420 [ 14.577115] kasan_atomics+0x95/0x310 [ 14.577289] kunit_try_run_case+0x1a5/0x480 [ 14.577563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.577776] kthread+0x337/0x6f0 [ 14.577907] ret_from_fork+0x116/0x1d0 [ 14.578044] ret_from_fork_asm+0x1a/0x30 [ 14.578486] [ 14.578606] The buggy address belongs to the object at ffff8881031c4500 [ 14.578606] which belongs to the cache kmalloc-64 of size 64 [ 14.579163] The buggy address is located 0 bytes to the right of [ 14.579163] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.579818] [ 14.579918] The buggy address belongs to the physical page: [ 14.580229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.580568] flags: 0x200000000000000(node=0|zone=2) [ 14.580814] page_type: f5(slab) [ 14.580964] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.581259] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.581514] page dumped because: kasan: bad access detected [ 14.581776] [ 14.581875] Memory state around the buggy address: [ 14.582105] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.582432] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.582755] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.583024] ^ [ 14.583181] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.583414] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.583751] ================================================================== [ 14.205698] ================================================================== [ 14.206099] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 14.206506] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.206868] [ 14.207009] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.207054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.207068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.207091] Call Trace: [ 14.207107] <TASK> [ 14.207123] dump_stack_lvl+0x73/0xb0 [ 14.207152] print_report+0xd1/0x650 [ 14.207251] ? __virt_addr_valid+0x1db/0x2d0 [ 14.207299] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.207323] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.207348] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.207371] kasan_report+0x141/0x180 [ 14.207396] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.207424] __asan_report_store4_noabort+0x1b/0x30 [ 14.207446] kasan_atomics_helper+0x4b3a/0x5450 [ 14.207480] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.207504] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.207530] ? kasan_atomics+0x152/0x310 [ 14.207558] kasan_atomics+0x1dc/0x310 [ 14.207583] ? __pfx_kasan_atomics+0x10/0x10 [ 14.207609] ? __pfx_read_tsc+0x10/0x10 [ 14.207630] ? ktime_get_ts64+0x86/0x230 [ 14.207654] kunit_try_run_case+0x1a5/0x480 [ 14.207698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.207721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.207764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.207788] ? __kthread_parkme+0x82/0x180 [ 14.207825] ? preempt_count_sub+0x50/0x80 [ 14.207862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.207901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.207925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.207950] kthread+0x337/0x6f0 [ 14.207988] ? trace_preempt_on+0x20/0xc0 [ 14.208027] ? __pfx_kthread+0x10/0x10 [ 14.208049] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.208072] ? calculate_sigpending+0x7b/0xa0 [ 14.208096] ? __pfx_kthread+0x10/0x10 [ 14.208119] ret_from_fork+0x116/0x1d0 [ 14.208139] ? __pfx_kthread+0x10/0x10 [ 14.208162] ret_from_fork_asm+0x1a/0x30 [ 14.208250] </TASK> [ 14.208265] [ 14.216908] Allocated by task 283: [ 14.217047] kasan_save_stack+0x45/0x70 [ 14.217265] kasan_save_track+0x18/0x40 [ 14.217487] kasan_save_alloc_info+0x3b/0x50 [ 14.217750] __kasan_kmalloc+0xb7/0xc0 [ 14.217949] __kmalloc_cache_noprof+0x189/0x420 [ 14.218183] kasan_atomics+0x95/0x310 [ 14.218356] kunit_try_run_case+0x1a5/0x480 [ 14.218537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.218799] kthread+0x337/0x6f0 [ 14.218960] ret_from_fork+0x116/0x1d0 [ 14.219144] ret_from_fork_asm+0x1a/0x30 [ 14.219307] [ 14.219410] The buggy address belongs to the object at ffff8881031c4500 [ 14.219410] which belongs to the cache kmalloc-64 of size 64 [ 14.219979] The buggy address is located 0 bytes to the right of [ 14.219979] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.220432] [ 14.220570] The buggy address belongs to the physical page: [ 14.220888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.221533] flags: 0x200000000000000(node=0|zone=2) [ 14.221837] page_type: f5(slab) [ 14.222007] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.222419] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.222759] page dumped because: kasan: bad access detected [ 14.222941] [ 14.223038] Memory state around the buggy address: [ 14.223379] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.223743] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.224074] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.224473] ^ [ 14.224671] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.225032] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.225402] ================================================================== [ 14.717492] ================================================================== [ 14.717736] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.718218] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.718569] [ 14.718686] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.718734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.718747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.718770] Call Trace: [ 14.718788] <TASK> [ 14.718804] dump_stack_lvl+0x73/0xb0 [ 14.718833] print_report+0xd1/0x650 [ 14.718857] ? __virt_addr_valid+0x1db/0x2d0 [ 14.718880] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.718901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.718925] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.718948] kasan_report+0x141/0x180 [ 14.719027] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.719057] __asan_report_load4_noabort+0x18/0x20 [ 14.719084] kasan_atomics_helper+0x4a02/0x5450 [ 14.719108] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.719133] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.719160] ? kasan_atomics+0x152/0x310 [ 14.719189] kasan_atomics+0x1dc/0x310 [ 14.719212] ? __pfx_kasan_atomics+0x10/0x10 [ 14.719238] ? __pfx_read_tsc+0x10/0x10 [ 14.719259] ? ktime_get_ts64+0x86/0x230 [ 14.719283] kunit_try_run_case+0x1a5/0x480 [ 14.719308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.719332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.719355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.719379] ? __kthread_parkme+0x82/0x180 [ 14.719400] ? preempt_count_sub+0x50/0x80 [ 14.719425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.719449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.719485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.719509] kthread+0x337/0x6f0 [ 14.719529] ? trace_preempt_on+0x20/0xc0 [ 14.719583] ? __pfx_kthread+0x10/0x10 [ 14.719607] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.719628] ? calculate_sigpending+0x7b/0xa0 [ 14.719654] ? __pfx_kthread+0x10/0x10 [ 14.719676] ret_from_fork+0x116/0x1d0 [ 14.719696] ? __pfx_kthread+0x10/0x10 [ 14.719719] ret_from_fork_asm+0x1a/0x30 [ 14.719752] </TASK> [ 14.719765] [ 14.733872] Allocated by task 283: [ 14.734021] kasan_save_stack+0x45/0x70 [ 14.734656] kasan_save_track+0x18/0x40 [ 14.735187] kasan_save_alloc_info+0x3b/0x50 [ 14.735824] __kasan_kmalloc+0xb7/0xc0 [ 14.736176] __kmalloc_cache_noprof+0x189/0x420 [ 14.736669] kasan_atomics+0x95/0x310 [ 14.736819] kunit_try_run_case+0x1a5/0x480 [ 14.736976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.737160] kthread+0x337/0x6f0 [ 14.737797] ret_from_fork+0x116/0x1d0 [ 14.738426] ret_from_fork_asm+0x1a/0x30 [ 14.739042] [ 14.739373] The buggy address belongs to the object at ffff8881031c4500 [ 14.739373] which belongs to the cache kmalloc-64 of size 64 [ 14.740938] The buggy address is located 0 bytes to the right of [ 14.740938] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.742003] [ 14.742092] The buggy address belongs to the physical page: [ 14.742307] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.743550] flags: 0x200000000000000(node=0|zone=2) [ 14.744248] page_type: f5(slab) [ 14.744789] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.745105] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.745340] page dumped because: kasan: bad access detected [ 14.745535] [ 14.745619] Memory state around the buggy address: [ 14.746084] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.747113] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.747833] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.748615] ^ [ 14.749216] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.750040] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.750855] ================================================================== [ 14.584546] ================================================================== [ 14.584923] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.585314] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.585656] [ 14.585793] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.585838] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.585852] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.585875] Call Trace: [ 14.585891] <TASK> [ 14.585908] dump_stack_lvl+0x73/0xb0 [ 14.585938] print_report+0xd1/0x650 [ 14.585962] ? __virt_addr_valid+0x1db/0x2d0 [ 14.585985] ? kasan_atomics_helper+0xf10/0x5450 [ 14.586007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.586030] ? kasan_atomics_helper+0xf10/0x5450 [ 14.586053] kasan_report+0x141/0x180 [ 14.586077] ? kasan_atomics_helper+0xf10/0x5450 [ 14.586104] kasan_check_range+0x10c/0x1c0 [ 14.586129] __kasan_check_write+0x18/0x20 [ 14.586149] kasan_atomics_helper+0xf10/0x5450 [ 14.586173] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.586263] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.586289] ? kasan_atomics+0x152/0x310 [ 14.586317] kasan_atomics+0x1dc/0x310 [ 14.586342] ? __pfx_kasan_atomics+0x10/0x10 [ 14.586367] ? __pfx_read_tsc+0x10/0x10 [ 14.586388] ? ktime_get_ts64+0x86/0x230 [ 14.586413] kunit_try_run_case+0x1a5/0x480 [ 14.586439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.586472] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.586496] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.586521] ? __kthread_parkme+0x82/0x180 [ 14.586543] ? preempt_count_sub+0x50/0x80 [ 14.586568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.586594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.586618] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.586644] kthread+0x337/0x6f0 [ 14.586664] ? trace_preempt_on+0x20/0xc0 [ 14.586689] ? __pfx_kthread+0x10/0x10 [ 14.586730] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.586753] ? calculate_sigpending+0x7b/0xa0 [ 14.586778] ? __pfx_kthread+0x10/0x10 [ 14.586800] ret_from_fork+0x116/0x1d0 [ 14.586821] ? __pfx_kthread+0x10/0x10 [ 14.586843] ret_from_fork_asm+0x1a/0x30 [ 14.586876] </TASK> [ 14.586888] [ 14.594768] Allocated by task 283: [ 14.594956] kasan_save_stack+0x45/0x70 [ 14.595161] kasan_save_track+0x18/0x40 [ 14.595554] kasan_save_alloc_info+0x3b/0x50 [ 14.595780] __kasan_kmalloc+0xb7/0xc0 [ 14.595963] __kmalloc_cache_noprof+0x189/0x420 [ 14.596166] kasan_atomics+0x95/0x310 [ 14.596437] kunit_try_run_case+0x1a5/0x480 [ 14.596621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.596876] kthread+0x337/0x6f0 [ 14.597047] ret_from_fork+0x116/0x1d0 [ 14.597271] ret_from_fork_asm+0x1a/0x30 [ 14.597493] [ 14.597586] The buggy address belongs to the object at ffff8881031c4500 [ 14.597586] which belongs to the cache kmalloc-64 of size 64 [ 14.598041] The buggy address is located 0 bytes to the right of [ 14.598041] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.598617] [ 14.598716] The buggy address belongs to the physical page: [ 14.598894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.599141] flags: 0x200000000000000(node=0|zone=2) [ 14.599429] page_type: f5(slab) [ 14.599611] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.599977] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.602748] page dumped because: kasan: bad access detected [ 14.603499] [ 14.604059] Memory state around the buggy address: [ 14.605024] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.606260] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.607546] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.607914] ^ [ 14.608191] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.608702] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.608964] ================================================================== [ 14.679552] ================================================================== [ 14.680110] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.680535] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.680767] [ 14.680854] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.680896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.680910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.680932] Call Trace: [ 14.680948] <TASK> [ 14.680965] dump_stack_lvl+0x73/0xb0 [ 14.680993] print_report+0xd1/0x650 [ 14.681016] ? __virt_addr_valid+0x1db/0x2d0 [ 14.681039] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.681061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.681084] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.681107] kasan_report+0x141/0x180 [ 14.681130] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.681158] __asan_report_load4_noabort+0x18/0x20 [ 14.681184] kasan_atomics_helper+0x4a1c/0x5450 [ 14.681208] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.681230] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.681257] ? kasan_atomics+0x152/0x310 [ 14.681285] kasan_atomics+0x1dc/0x310 [ 14.681308] ? __pfx_kasan_atomics+0x10/0x10 [ 14.681334] ? __pfx_read_tsc+0x10/0x10 [ 14.681356] ? ktime_get_ts64+0x86/0x230 [ 14.681386] kunit_try_run_case+0x1a5/0x480 [ 14.681411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.681435] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.681468] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.681492] ? __kthread_parkme+0x82/0x180 [ 14.681513] ? preempt_count_sub+0x50/0x80 [ 14.681538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.681562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.681586] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.681611] kthread+0x337/0x6f0 [ 14.681632] ? trace_preempt_on+0x20/0xc0 [ 14.681656] ? __pfx_kthread+0x10/0x10 [ 14.681678] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.681701] ? calculate_sigpending+0x7b/0xa0 [ 14.681724] ? __pfx_kthread+0x10/0x10 [ 14.681747] ret_from_fork+0x116/0x1d0 [ 14.681767] ? __pfx_kthread+0x10/0x10 [ 14.681789] ret_from_fork_asm+0x1a/0x30 [ 14.681821] </TASK> [ 14.681834] [ 14.689231] Allocated by task 283: [ 14.689419] kasan_save_stack+0x45/0x70 [ 14.689646] kasan_save_track+0x18/0x40 [ 14.690126] kasan_save_alloc_info+0x3b/0x50 [ 14.690374] __kasan_kmalloc+0xb7/0xc0 [ 14.690536] __kmalloc_cache_noprof+0x189/0x420 [ 14.690707] kasan_atomics+0x95/0x310 [ 14.690845] kunit_try_run_case+0x1a5/0x480 [ 14.691039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.691439] kthread+0x337/0x6f0 [ 14.691630] ret_from_fork+0x116/0x1d0 [ 14.691817] ret_from_fork_asm+0x1a/0x30 [ 14.692112] [ 14.692251] The buggy address belongs to the object at ffff8881031c4500 [ 14.692251] which belongs to the cache kmalloc-64 of size 64 [ 14.692676] The buggy address is located 0 bytes to the right of [ 14.692676] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.693263] [ 14.693370] The buggy address belongs to the physical page: [ 14.693600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.693926] flags: 0x200000000000000(node=0|zone=2) [ 14.694138] page_type: f5(slab) [ 14.694309] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.694606] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.694837] page dumped because: kasan: bad access detected [ 14.695012] [ 14.695086] Memory state around the buggy address: [ 14.695245] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.695521] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.695904] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.696388] ^ [ 14.696648] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.696974] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.697477] ================================================================== [ 14.078082] ================================================================== [ 14.078782] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 14.079122] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.079855] [ 14.079963] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.080009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.080024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.080045] Call Trace: [ 14.080058] <TASK> [ 14.080074] dump_stack_lvl+0x73/0xb0 [ 14.080104] print_report+0xd1/0x650 [ 14.080126] ? __virt_addr_valid+0x1db/0x2d0 [ 14.080149] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.080169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.080364] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.080395] kasan_report+0x141/0x180 [ 14.080418] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.080445] __asan_report_store4_noabort+0x1b/0x30 [ 14.080482] kasan_atomics_helper+0x4ba2/0x5450 [ 14.080505] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.080527] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.080552] ? kasan_atomics+0x152/0x310 [ 14.080578] kasan_atomics+0x1dc/0x310 [ 14.080601] ? __pfx_kasan_atomics+0x10/0x10 [ 14.080624] ? __pfx_read_tsc+0x10/0x10 [ 14.080646] ? ktime_get_ts64+0x86/0x230 [ 14.080668] kunit_try_run_case+0x1a5/0x480 [ 14.080692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.080714] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.080738] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.080760] ? __kthread_parkme+0x82/0x180 [ 14.080781] ? preempt_count_sub+0x50/0x80 [ 14.080804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.080828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.080851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.080874] kthread+0x337/0x6f0 [ 14.080894] ? trace_preempt_on+0x20/0xc0 [ 14.080917] ? __pfx_kthread+0x10/0x10 [ 14.080937] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.080958] ? calculate_sigpending+0x7b/0xa0 [ 14.080981] ? __pfx_kthread+0x10/0x10 [ 14.081003] ret_from_fork+0x116/0x1d0 [ 14.081021] ? __pfx_kthread+0x10/0x10 [ 14.081042] ret_from_fork_asm+0x1a/0x30 [ 14.081071] </TASK> [ 14.081083] [ 14.096134] Allocated by task 283: [ 14.096389] kasan_save_stack+0x45/0x70 [ 14.096875] kasan_save_track+0x18/0x40 [ 14.097150] kasan_save_alloc_info+0x3b/0x50 [ 14.097510] __kasan_kmalloc+0xb7/0xc0 [ 14.097701] __kmalloc_cache_noprof+0x189/0x420 [ 14.098084] kasan_atomics+0x95/0x310 [ 14.098338] kunit_try_run_case+0x1a5/0x480 [ 14.098697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.098939] kthread+0x337/0x6f0 [ 14.099399] ret_from_fork+0x116/0x1d0 [ 14.099622] ret_from_fork_asm+0x1a/0x30 [ 14.099954] [ 14.100038] The buggy address belongs to the object at ffff8881031c4500 [ 14.100038] which belongs to the cache kmalloc-64 of size 64 [ 14.100807] The buggy address is located 0 bytes to the right of [ 14.100807] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.101543] [ 14.101626] The buggy address belongs to the physical page: [ 14.101961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.102298] flags: 0x200000000000000(node=0|zone=2) [ 14.102640] page_type: f5(slab) [ 14.102800] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.103170] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.103581] page dumped because: kasan: bad access detected [ 14.103806] [ 14.103898] Memory state around the buggy address: [ 14.104104] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.104590] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.104927] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.105252] ^ [ 14.105419] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.105746] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.106140] ================================================================== [ 14.251256] ================================================================== [ 14.252509] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 14.252991] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.254104] [ 14.254293] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.254344] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.254359] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.254382] Call Trace: [ 14.254397] <TASK> [ 14.254414] dump_stack_lvl+0x73/0xb0 [ 14.254445] print_report+0xd1/0x650 [ 14.254482] ? __virt_addr_valid+0x1db/0x2d0 [ 14.254507] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.254530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.254553] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.254576] kasan_report+0x141/0x180 [ 14.254600] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.254628] kasan_check_range+0x10c/0x1c0 [ 14.254653] __kasan_check_write+0x18/0x20 [ 14.254673] kasan_atomics_helper+0x5fe/0x5450 [ 14.254708] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.254731] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.254759] ? kasan_atomics+0x152/0x310 [ 14.254787] kasan_atomics+0x1dc/0x310 [ 14.254811] ? __pfx_kasan_atomics+0x10/0x10 [ 14.254837] ? __pfx_read_tsc+0x10/0x10 [ 14.254859] ? ktime_get_ts64+0x86/0x230 [ 14.254885] kunit_try_run_case+0x1a5/0x480 [ 14.254910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.254933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.254959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.254983] ? __kthread_parkme+0x82/0x180 [ 14.255005] ? preempt_count_sub+0x50/0x80 [ 14.255030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.255055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.255080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.255103] kthread+0x337/0x6f0 [ 14.255125] ? trace_preempt_on+0x20/0xc0 [ 14.255148] ? __pfx_kthread+0x10/0x10 [ 14.255170] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.255235] ? calculate_sigpending+0x7b/0xa0 [ 14.255263] ? __pfx_kthread+0x10/0x10 [ 14.255286] ret_from_fork+0x116/0x1d0 [ 14.255306] ? __pfx_kthread+0x10/0x10 [ 14.255328] ret_from_fork_asm+0x1a/0x30 [ 14.255359] </TASK> [ 14.255372] [ 14.265589] Allocated by task 283: [ 14.265758] kasan_save_stack+0x45/0x70 [ 14.265957] kasan_save_track+0x18/0x40 [ 14.266131] kasan_save_alloc_info+0x3b/0x50 [ 14.266692] __kasan_kmalloc+0xb7/0xc0 [ 14.266927] __kmalloc_cache_noprof+0x189/0x420 [ 14.267234] kasan_atomics+0x95/0x310 [ 14.267585] kunit_try_run_case+0x1a5/0x480 [ 14.267938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.268153] kthread+0x337/0x6f0 [ 14.268537] ret_from_fork+0x116/0x1d0 [ 14.268862] ret_from_fork_asm+0x1a/0x30 [ 14.269126] [ 14.269214] The buggy address belongs to the object at ffff8881031c4500 [ 14.269214] which belongs to the cache kmalloc-64 of size 64 [ 14.269774] The buggy address is located 0 bytes to the right of [ 14.269774] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.270266] [ 14.270422] The buggy address belongs to the physical page: [ 14.270676] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.271044] flags: 0x200000000000000(node=0|zone=2) [ 14.271243] page_type: f5(slab) [ 14.271415] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.271951] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.272277] page dumped because: kasan: bad access detected [ 14.272581] [ 14.272688] Memory state around the buggy address: [ 14.272893] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.273243] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.273524] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.273826] ^ [ 14.274040] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.274268] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.274722] ================================================================== [ 14.816036] ================================================================== [ 14.816419] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.816810] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.817144] [ 14.817262] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.817307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.817321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.817356] Call Trace: [ 14.817374] <TASK> [ 14.817395] dump_stack_lvl+0x73/0xb0 [ 14.817430] print_report+0xd1/0x650 [ 14.817463] ? __virt_addr_valid+0x1db/0x2d0 [ 14.817486] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.817509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.817532] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.817555] kasan_report+0x141/0x180 [ 14.817579] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.817606] __asan_report_load4_noabort+0x18/0x20 [ 14.817633] kasan_atomics_helper+0x49ce/0x5450 [ 14.817657] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.817705] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.817731] ? kasan_atomics+0x152/0x310 [ 14.817760] kasan_atomics+0x1dc/0x310 [ 14.817784] ? __pfx_kasan_atomics+0x10/0x10 [ 14.817810] ? __pfx_read_tsc+0x10/0x10 [ 14.817832] ? ktime_get_ts64+0x86/0x230 [ 14.817857] kunit_try_run_case+0x1a5/0x480 [ 14.817884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.817908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.817943] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.817967] ? __kthread_parkme+0x82/0x180 [ 14.817988] ? preempt_count_sub+0x50/0x80 [ 14.818026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.818051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.818085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.818110] kthread+0x337/0x6f0 [ 14.818131] ? trace_preempt_on+0x20/0xc0 [ 14.818155] ? __pfx_kthread+0x10/0x10 [ 14.818177] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.818198] ? calculate_sigpending+0x7b/0xa0 [ 14.818223] ? __pfx_kthread+0x10/0x10 [ 14.818246] ret_from_fork+0x116/0x1d0 [ 14.818265] ? __pfx_kthread+0x10/0x10 [ 14.818287] ret_from_fork_asm+0x1a/0x30 [ 14.818319] </TASK> [ 14.818332] [ 14.825813] Allocated by task 283: [ 14.825970] kasan_save_stack+0x45/0x70 [ 14.826119] kasan_save_track+0x18/0x40 [ 14.826257] kasan_save_alloc_info+0x3b/0x50 [ 14.826506] __kasan_kmalloc+0xb7/0xc0 [ 14.826734] __kmalloc_cache_noprof+0x189/0x420 [ 14.826957] kasan_atomics+0x95/0x310 [ 14.827146] kunit_try_run_case+0x1a5/0x480 [ 14.827332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.827561] kthread+0x337/0x6f0 [ 14.827759] ret_from_fork+0x116/0x1d0 [ 14.827982] ret_from_fork_asm+0x1a/0x30 [ 14.828162] [ 14.828236] The buggy address belongs to the object at ffff8881031c4500 [ 14.828236] which belongs to the cache kmalloc-64 of size 64 [ 14.828637] The buggy address is located 0 bytes to the right of [ 14.828637] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.829232] [ 14.829325] The buggy address belongs to the physical page: [ 14.829520] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.829805] flags: 0x200000000000000(node=0|zone=2) [ 14.830043] page_type: f5(slab) [ 14.830239] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.830609] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.831000] page dumped because: kasan: bad access detected [ 14.831264] [ 14.831376] Memory state around the buggy address: [ 14.831604] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.831933] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.832260] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.832596] ^ [ 14.832873] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.833213] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.833442] ================================================================== [ 14.225897] ================================================================== [ 14.226422] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 14.226811] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.227159] [ 14.227275] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.227387] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.227405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.227429] Call Trace: [ 14.227446] <TASK> [ 14.227474] dump_stack_lvl+0x73/0xb0 [ 14.227505] print_report+0xd1/0x650 [ 14.227529] ? __virt_addr_valid+0x1db/0x2d0 [ 14.227575] ? kasan_atomics_helper+0x565/0x5450 [ 14.227598] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.227624] ? kasan_atomics_helper+0x565/0x5450 [ 14.227647] kasan_report+0x141/0x180 [ 14.227689] ? kasan_atomics_helper+0x565/0x5450 [ 14.227736] kasan_check_range+0x10c/0x1c0 [ 14.227761] __kasan_check_write+0x18/0x20 [ 14.227782] kasan_atomics_helper+0x565/0x5450 [ 14.227806] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.227830] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.227856] ? kasan_atomics+0x152/0x310 [ 14.227900] kasan_atomics+0x1dc/0x310 [ 14.227925] ? __pfx_kasan_atomics+0x10/0x10 [ 14.227965] ? __pfx_read_tsc+0x10/0x10 [ 14.227987] ? ktime_get_ts64+0x86/0x230 [ 14.228012] kunit_try_run_case+0x1a5/0x480 [ 14.228038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.228064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.228089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.228114] ? __kthread_parkme+0x82/0x180 [ 14.228151] ? preempt_count_sub+0x50/0x80 [ 14.228238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.228269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.228294] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.228318] kthread+0x337/0x6f0 [ 14.228339] ? trace_preempt_on+0x20/0xc0 [ 14.228364] ? __pfx_kthread+0x10/0x10 [ 14.228386] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.228409] ? calculate_sigpending+0x7b/0xa0 [ 14.228433] ? __pfx_kthread+0x10/0x10 [ 14.228468] ret_from_fork+0x116/0x1d0 [ 14.228487] ? __pfx_kthread+0x10/0x10 [ 14.228510] ret_from_fork_asm+0x1a/0x30 [ 14.228543] </TASK> [ 14.228557] [ 14.239921] Allocated by task 283: [ 14.240112] kasan_save_stack+0x45/0x70 [ 14.240580] kasan_save_track+0x18/0x40 [ 14.240797] kasan_save_alloc_info+0x3b/0x50 [ 14.241002] __kasan_kmalloc+0xb7/0xc0 [ 14.241180] __kmalloc_cache_noprof+0x189/0x420 [ 14.241655] kasan_atomics+0x95/0x310 [ 14.241881] kunit_try_run_case+0x1a5/0x480 [ 14.242285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.242634] kthread+0x337/0x6f0 [ 14.242829] ret_from_fork+0x116/0x1d0 [ 14.243014] ret_from_fork_asm+0x1a/0x30 [ 14.243470] [ 14.243577] The buggy address belongs to the object at ffff8881031c4500 [ 14.243577] which belongs to the cache kmalloc-64 of size 64 [ 14.244317] The buggy address is located 0 bytes to the right of [ 14.244317] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.245018] [ 14.245102] The buggy address belongs to the physical page: [ 14.245497] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.245951] flags: 0x200000000000000(node=0|zone=2) [ 14.246267] page_type: f5(slab) [ 14.246470] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.246800] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.247111] page dumped because: kasan: bad access detected [ 14.247356] [ 14.247445] Memory state around the buggy address: [ 14.247666] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.248510] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.248979] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.249300] ^ [ 14.249646] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.250143] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.250720] ================================================================== [ 14.488448] ================================================================== [ 14.488830] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.489082] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.489334] [ 14.489469] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.489515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.489529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.489552] Call Trace: [ 14.489570] <TASK> [ 14.489638] dump_stack_lvl+0x73/0xb0 [ 14.489669] print_report+0xd1/0x650 [ 14.489707] ? __virt_addr_valid+0x1db/0x2d0 [ 14.489731] ? kasan_atomics_helper+0xc70/0x5450 [ 14.489753] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.489777] ? kasan_atomics_helper+0xc70/0x5450 [ 14.489800] kasan_report+0x141/0x180 [ 14.489824] ? kasan_atomics_helper+0xc70/0x5450 [ 14.489852] kasan_check_range+0x10c/0x1c0 [ 14.489877] __kasan_check_write+0x18/0x20 [ 14.489898] kasan_atomics_helper+0xc70/0x5450 [ 14.489922] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.489946] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.489972] ? kasan_atomics+0x152/0x310 [ 14.490000] kasan_atomics+0x1dc/0x310 [ 14.490024] ? __pfx_kasan_atomics+0x10/0x10 [ 14.490049] ? __pfx_read_tsc+0x10/0x10 [ 14.490071] ? ktime_get_ts64+0x86/0x230 [ 14.490096] kunit_try_run_case+0x1a5/0x480 [ 14.490121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.490145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.490169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.490192] ? __kthread_parkme+0x82/0x180 [ 14.490251] ? preempt_count_sub+0x50/0x80 [ 14.490275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.490300] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.490325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.490348] kthread+0x337/0x6f0 [ 14.490370] ? trace_preempt_on+0x20/0xc0 [ 14.490394] ? __pfx_kthread+0x10/0x10 [ 14.490416] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.490437] ? calculate_sigpending+0x7b/0xa0 [ 14.490472] ? __pfx_kthread+0x10/0x10 [ 14.490494] ret_from_fork+0x116/0x1d0 [ 14.490514] ? __pfx_kthread+0x10/0x10 [ 14.490536] ret_from_fork_asm+0x1a/0x30 [ 14.490569] </TASK> [ 14.490581] [ 14.499000] Allocated by task 283: [ 14.499135] kasan_save_stack+0x45/0x70 [ 14.499712] kasan_save_track+0x18/0x40 [ 14.499930] kasan_save_alloc_info+0x3b/0x50 [ 14.500153] __kasan_kmalloc+0xb7/0xc0 [ 14.500439] __kmalloc_cache_noprof+0x189/0x420 [ 14.500617] kasan_atomics+0x95/0x310 [ 14.500758] kunit_try_run_case+0x1a5/0x480 [ 14.500972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.501297] kthread+0x337/0x6f0 [ 14.501515] ret_from_fork+0x116/0x1d0 [ 14.501913] ret_from_fork_asm+0x1a/0x30 [ 14.502089] [ 14.502188] The buggy address belongs to the object at ffff8881031c4500 [ 14.502188] which belongs to the cache kmalloc-64 of size 64 [ 14.502668] The buggy address is located 0 bytes to the right of [ 14.502668] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.503144] [ 14.503228] The buggy address belongs to the physical page: [ 14.503463] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.503833] flags: 0x200000000000000(node=0|zone=2) [ 14.504042] page_type: f5(slab) [ 14.504252] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.504520] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.504755] page dumped because: kasan: bad access detected [ 14.504933] [ 14.505008] Memory state around the buggy address: [ 14.505204] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.505976] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.506393] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.506624] ^ [ 14.506783] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.507001] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.507649] ================================================================== [ 14.858279] ================================================================== [ 14.858597] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.858840] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.859128] [ 14.860198] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.860252] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.860267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.860292] Call Trace: [ 14.860310] <TASK> [ 14.860326] dump_stack_lvl+0x73/0xb0 [ 14.860360] print_report+0xd1/0x650 [ 14.860384] ? __virt_addr_valid+0x1db/0x2d0 [ 14.860407] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.860429] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.860468] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.860490] kasan_report+0x141/0x180 [ 14.860514] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.860542] __asan_report_load8_noabort+0x18/0x20 [ 14.860566] kasan_atomics_helper+0x4eae/0x5450 [ 14.860590] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.860614] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.860639] ? kasan_atomics+0x152/0x310 [ 14.860690] kasan_atomics+0x1dc/0x310 [ 14.860715] ? __pfx_kasan_atomics+0x10/0x10 [ 14.860741] ? __pfx_read_tsc+0x10/0x10 [ 14.860762] ? ktime_get_ts64+0x86/0x230 [ 14.860787] kunit_try_run_case+0x1a5/0x480 [ 14.860811] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.860834] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.860859] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.860883] ? __kthread_parkme+0x82/0x180 [ 14.860904] ? preempt_count_sub+0x50/0x80 [ 14.860928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.860952] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.860976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.861001] kthread+0x337/0x6f0 [ 14.861021] ? trace_preempt_on+0x20/0xc0 [ 14.861045] ? __pfx_kthread+0x10/0x10 [ 14.861067] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.861089] ? calculate_sigpending+0x7b/0xa0 [ 14.861113] ? __pfx_kthread+0x10/0x10 [ 14.861136] ret_from_fork+0x116/0x1d0 [ 14.861157] ? __pfx_kthread+0x10/0x10 [ 14.861178] ret_from_fork_asm+0x1a/0x30 [ 14.861211] </TASK> [ 14.861224] [ 14.874313] Allocated by task 283: [ 14.874539] kasan_save_stack+0x45/0x70 [ 14.874757] kasan_save_track+0x18/0x40 [ 14.874978] kasan_save_alloc_info+0x3b/0x50 [ 14.875184] __kasan_kmalloc+0xb7/0xc0 [ 14.875349] __kmalloc_cache_noprof+0x189/0x420 [ 14.875590] kasan_atomics+0x95/0x310 [ 14.875836] kunit_try_run_case+0x1a5/0x480 [ 14.876001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.876253] kthread+0x337/0x6f0 [ 14.876438] ret_from_fork+0x116/0x1d0 [ 14.876600] ret_from_fork_asm+0x1a/0x30 [ 14.876768] [ 14.876939] The buggy address belongs to the object at ffff8881031c4500 [ 14.876939] which belongs to the cache kmalloc-64 of size 64 [ 14.877446] The buggy address is located 0 bytes to the right of [ 14.877446] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.878039] [ 14.878141] The buggy address belongs to the physical page: [ 14.878356] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.878699] flags: 0x200000000000000(node=0|zone=2) [ 14.879026] page_type: f5(slab) [ 14.879176] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.879497] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.879899] page dumped because: kasan: bad access detected [ 14.880185] [ 14.880285] Memory state around the buggy address: [ 14.880538] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.880824] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.881179] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.881480] ^ [ 14.881692] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.882022] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.882332] ================================================================== [ 14.992088] ================================================================== [ 14.992490] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.992879] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.993258] [ 14.993363] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.993413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.993427] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.993450] Call Trace: [ 14.993480] <TASK> [ 14.993497] dump_stack_lvl+0x73/0xb0 [ 14.993525] print_report+0xd1/0x650 [ 14.993549] ? __virt_addr_valid+0x1db/0x2d0 [ 14.993573] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.993595] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.993618] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.993641] kasan_report+0x141/0x180 [ 14.993665] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.993692] kasan_check_range+0x10c/0x1c0 [ 14.993717] __kasan_check_write+0x18/0x20 [ 14.993738] kasan_atomics_helper+0x16e7/0x5450 [ 14.993761] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.993784] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.993811] ? kasan_atomics+0x152/0x310 [ 14.993838] kasan_atomics+0x1dc/0x310 [ 14.993862] ? __pfx_kasan_atomics+0x10/0x10 [ 14.993887] ? __pfx_read_tsc+0x10/0x10 [ 14.993910] ? ktime_get_ts64+0x86/0x230 [ 14.993935] kunit_try_run_case+0x1a5/0x480 [ 14.993959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.993982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.994007] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.994030] ? __kthread_parkme+0x82/0x180 [ 14.994052] ? preempt_count_sub+0x50/0x80 [ 14.994077] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.994102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.994127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.994151] kthread+0x337/0x6f0 [ 14.994172] ? trace_preempt_on+0x20/0xc0 [ 14.994197] ? __pfx_kthread+0x10/0x10 [ 14.994219] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.994241] ? calculate_sigpending+0x7b/0xa0 [ 14.994266] ? __pfx_kthread+0x10/0x10 [ 14.994289] ret_from_fork+0x116/0x1d0 [ 14.994308] ? __pfx_kthread+0x10/0x10 [ 14.994331] ret_from_fork_asm+0x1a/0x30 [ 14.994362] </TASK> [ 14.994375] [ 15.001642] Allocated by task 283: [ 15.001871] kasan_save_stack+0x45/0x70 [ 15.002078] kasan_save_track+0x18/0x40 [ 15.002272] kasan_save_alloc_info+0x3b/0x50 [ 15.002499] __kasan_kmalloc+0xb7/0xc0 [ 15.002715] __kmalloc_cache_noprof+0x189/0x420 [ 15.002940] kasan_atomics+0x95/0x310 [ 15.003133] kunit_try_run_case+0x1a5/0x480 [ 15.003299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.003567] kthread+0x337/0x6f0 [ 15.003722] ret_from_fork+0x116/0x1d0 [ 15.003859] ret_from_fork_asm+0x1a/0x30 [ 15.004062] [ 15.004162] The buggy address belongs to the object at ffff8881031c4500 [ 15.004162] which belongs to the cache kmalloc-64 of size 64 [ 15.004683] The buggy address is located 0 bytes to the right of [ 15.004683] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.005175] [ 15.005268] The buggy address belongs to the physical page: [ 15.005507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.005844] flags: 0x200000000000000(node=0|zone=2) [ 15.006071] page_type: f5(slab) [ 15.006234] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.006547] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.006871] page dumped because: kasan: bad access detected [ 15.007104] [ 15.007182] Memory state around the buggy address: [ 15.007372] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.007605] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.007852] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.008084] ^ [ 15.008313] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.008643] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.008978] ================================================================== [ 15.078820] ================================================================== [ 15.079234] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 15.079736] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.080158] [ 15.080280] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.080328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.080343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.080366] Call Trace: [ 15.080383] <TASK> [ 15.080401] dump_stack_lvl+0x73/0xb0 [ 15.080430] print_report+0xd1/0x650 [ 15.080466] ? __virt_addr_valid+0x1db/0x2d0 [ 15.080489] ? kasan_atomics_helper+0x194a/0x5450 [ 15.080513] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.080538] ? kasan_atomics_helper+0x194a/0x5450 [ 15.080562] kasan_report+0x141/0x180 [ 15.080585] ? kasan_atomics_helper+0x194a/0x5450 [ 15.080612] kasan_check_range+0x10c/0x1c0 [ 15.080637] __kasan_check_write+0x18/0x20 [ 15.080657] kasan_atomics_helper+0x194a/0x5450 [ 15.080682] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.080705] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.080732] ? kasan_atomics+0x152/0x310 [ 15.080761] kasan_atomics+0x1dc/0x310 [ 15.080786] ? __pfx_kasan_atomics+0x10/0x10 [ 15.080813] ? __pfx_read_tsc+0x10/0x10 [ 15.080834] ? ktime_get_ts64+0x86/0x230 [ 15.080858] kunit_try_run_case+0x1a5/0x480 [ 15.080884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.080908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.080932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.080958] ? __kthread_parkme+0x82/0x180 [ 15.080980] ? preempt_count_sub+0x50/0x80 [ 15.081004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.081029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.081055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.081081] kthread+0x337/0x6f0 [ 15.081103] ? trace_preempt_on+0x20/0xc0 [ 15.081127] ? __pfx_kthread+0x10/0x10 [ 15.081150] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.081172] ? calculate_sigpending+0x7b/0xa0 [ 15.081197] ? __pfx_kthread+0x10/0x10 [ 15.081220] ret_from_fork+0x116/0x1d0 [ 15.081239] ? __pfx_kthread+0x10/0x10 [ 15.081261] ret_from_fork_asm+0x1a/0x30 [ 15.081291] </TASK> [ 15.081304] [ 15.088725] Allocated by task 283: [ 15.088925] kasan_save_stack+0x45/0x70 [ 15.089119] kasan_save_track+0x18/0x40 [ 15.089307] kasan_save_alloc_info+0x3b/0x50 [ 15.089516] __kasan_kmalloc+0xb7/0xc0 [ 15.089700] __kmalloc_cache_noprof+0x189/0x420 [ 15.089861] kasan_atomics+0x95/0x310 [ 15.089999] kunit_try_run_case+0x1a5/0x480 [ 15.090201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.090469] kthread+0x337/0x6f0 [ 15.090643] ret_from_fork+0x116/0x1d0 [ 15.090906] ret_from_fork_asm+0x1a/0x30 [ 15.091050] [ 15.091125] The buggy address belongs to the object at ffff8881031c4500 [ 15.091125] which belongs to the cache kmalloc-64 of size 64 [ 15.091644] The buggy address is located 0 bytes to the right of [ 15.091644] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.092150] [ 15.092258] The buggy address belongs to the physical page: [ 15.092490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.092822] flags: 0x200000000000000(node=0|zone=2) [ 15.093046] page_type: f5(slab) [ 15.093196] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.093507] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.093832] page dumped because: kasan: bad access detected [ 15.094057] [ 15.094160] Memory state around the buggy address: [ 15.094363] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.094676] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.094969] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.095188] ^ [ 15.095347] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.095636] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.096300] ================================================================== [ 14.528109] ================================================================== [ 14.528410] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 14.528985] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.529328] [ 14.529446] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.529501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.529514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.529538] Call Trace: [ 14.529555] <TASK> [ 14.529571] dump_stack_lvl+0x73/0xb0 [ 14.529603] print_report+0xd1/0x650 [ 14.529627] ? __virt_addr_valid+0x1db/0x2d0 [ 14.529651] ? kasan_atomics_helper+0xd47/0x5450 [ 14.529757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.529785] ? kasan_atomics_helper+0xd47/0x5450 [ 14.529809] kasan_report+0x141/0x180 [ 14.529834] ? kasan_atomics_helper+0xd47/0x5450 [ 14.529862] kasan_check_range+0x10c/0x1c0 [ 14.529888] __kasan_check_write+0x18/0x20 [ 14.529909] kasan_atomics_helper+0xd47/0x5450 [ 14.529934] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.529958] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.529985] ? kasan_atomics+0x152/0x310 [ 14.530013] kasan_atomics+0x1dc/0x310 [ 14.530038] ? __pfx_kasan_atomics+0x10/0x10 [ 14.530063] ? __pfx_read_tsc+0x10/0x10 [ 14.530086] ? ktime_get_ts64+0x86/0x230 [ 14.530112] kunit_try_run_case+0x1a5/0x480 [ 14.530138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.530162] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.530240] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.530267] ? __kthread_parkme+0x82/0x180 [ 14.530289] ? preempt_count_sub+0x50/0x80 [ 14.530314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.530339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.530364] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.530389] kthread+0x337/0x6f0 [ 14.530411] ? trace_preempt_on+0x20/0xc0 [ 14.530435] ? __pfx_kthread+0x10/0x10 [ 14.530469] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.530491] ? calculate_sigpending+0x7b/0xa0 [ 14.530516] ? __pfx_kthread+0x10/0x10 [ 14.530540] ret_from_fork+0x116/0x1d0 [ 14.530560] ? __pfx_kthread+0x10/0x10 [ 14.530582] ret_from_fork_asm+0x1a/0x30 [ 14.530615] </TASK> [ 14.530628] [ 14.538392] Allocated by task 283: [ 14.538571] kasan_save_stack+0x45/0x70 [ 14.538748] kasan_save_track+0x18/0x40 [ 14.538904] kasan_save_alloc_info+0x3b/0x50 [ 14.539121] __kasan_kmalloc+0xb7/0xc0 [ 14.539513] __kmalloc_cache_noprof+0x189/0x420 [ 14.539753] kasan_atomics+0x95/0x310 [ 14.539975] kunit_try_run_case+0x1a5/0x480 [ 14.540248] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.540517] kthread+0x337/0x6f0 [ 14.540645] ret_from_fork+0x116/0x1d0 [ 14.540808] ret_from_fork_asm+0x1a/0x30 [ 14.540953] [ 14.541053] The buggy address belongs to the object at ffff8881031c4500 [ 14.541053] which belongs to the cache kmalloc-64 of size 64 [ 14.541654] The buggy address is located 0 bytes to the right of [ 14.541654] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.542061] [ 14.542159] The buggy address belongs to the physical page: [ 14.542483] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.542874] flags: 0x200000000000000(node=0|zone=2) [ 14.543113] page_type: f5(slab) [ 14.543312] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.543566] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.543872] page dumped because: kasan: bad access detected [ 14.544123] [ 14.544423] Memory state around the buggy address: [ 14.544668] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.545027] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.545408] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.545732] ^ [ 14.545937] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.546275] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.546550] ================================================================== [ 15.351027] ================================================================== [ 15.351792] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 15.352174] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.352558] [ 15.352674] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.352749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.352764] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.352787] Call Trace: [ 15.352805] <TASK> [ 15.352833] dump_stack_lvl+0x73/0xb0 [ 15.352864] print_report+0xd1/0x650 [ 15.352888] ? __virt_addr_valid+0x1db/0x2d0 [ 15.352911] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.352934] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.352958] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.352981] kasan_report+0x141/0x180 [ 15.353005] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.353060] __asan_report_load8_noabort+0x18/0x20 [ 15.353086] kasan_atomics_helper+0x4f98/0x5450 [ 15.353110] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.353144] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.353171] ? kasan_atomics+0x152/0x310 [ 15.353226] kasan_atomics+0x1dc/0x310 [ 15.353251] ? __pfx_kasan_atomics+0x10/0x10 [ 15.353277] ? __pfx_read_tsc+0x10/0x10 [ 15.353310] ? ktime_get_ts64+0x86/0x230 [ 15.353335] kunit_try_run_case+0x1a5/0x480 [ 15.353391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.353415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.353440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.353479] ? __kthread_parkme+0x82/0x180 [ 15.353500] ? preempt_count_sub+0x50/0x80 [ 15.353525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.353550] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.353574] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.353598] kthread+0x337/0x6f0 [ 15.353620] ? trace_preempt_on+0x20/0xc0 [ 15.353644] ? __pfx_kthread+0x10/0x10 [ 15.353666] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.353699] ? calculate_sigpending+0x7b/0xa0 [ 15.353724] ? __pfx_kthread+0x10/0x10 [ 15.353748] ret_from_fork+0x116/0x1d0 [ 15.353768] ? __pfx_kthread+0x10/0x10 [ 15.353820] ret_from_fork_asm+0x1a/0x30 [ 15.353852] </TASK> [ 15.353865] [ 15.361962] Allocated by task 283: [ 15.362147] kasan_save_stack+0x45/0x70 [ 15.362351] kasan_save_track+0x18/0x40 [ 15.362554] kasan_save_alloc_info+0x3b/0x50 [ 15.362844] __kasan_kmalloc+0xb7/0xc0 [ 15.362985] __kmalloc_cache_noprof+0x189/0x420 [ 15.363143] kasan_atomics+0x95/0x310 [ 15.363280] kunit_try_run_case+0x1a5/0x480 [ 15.363507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.363822] kthread+0x337/0x6f0 [ 15.364081] ret_from_fork+0x116/0x1d0 [ 15.364447] ret_from_fork_asm+0x1a/0x30 [ 15.364764] [ 15.364873] The buggy address belongs to the object at ffff8881031c4500 [ 15.364873] which belongs to the cache kmalloc-64 of size 64 [ 15.365291] The buggy address is located 0 bytes to the right of [ 15.365291] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.365922] [ 15.366077] The buggy address belongs to the physical page: [ 15.366373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.366804] flags: 0x200000000000000(node=0|zone=2) [ 15.367019] page_type: f5(slab) [ 15.367182] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.367550] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.367929] page dumped because: kasan: bad access detected [ 15.368210] [ 15.368337] Memory state around the buggy address: [ 15.368577] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.368948] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.369283] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.369648] ^ [ 15.369922] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.370238] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.370581] ================================================================== [ 15.441036] ================================================================== [ 15.441381] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 15.441774] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.442074] [ 15.442178] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.442222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.442236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.442260] Call Trace: [ 15.442276] <TASK> [ 15.442293] dump_stack_lvl+0x73/0xb0 [ 15.442325] print_report+0xd1/0x650 [ 15.442348] ? __virt_addr_valid+0x1db/0x2d0 [ 15.442370] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.442393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.442416] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.442439] kasan_report+0x141/0x180 [ 15.442475] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.442503] __asan_report_load8_noabort+0x18/0x20 [ 15.442529] kasan_atomics_helper+0x4fa5/0x5450 [ 15.442553] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.442576] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.442603] ? kasan_atomics+0x152/0x310 [ 15.442631] kasan_atomics+0x1dc/0x310 [ 15.442655] ? __pfx_kasan_atomics+0x10/0x10 [ 15.442702] ? __pfx_read_tsc+0x10/0x10 [ 15.442724] ? ktime_get_ts64+0x86/0x230 [ 15.442749] kunit_try_run_case+0x1a5/0x480 [ 15.442774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.442798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.442822] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.442847] ? __kthread_parkme+0x82/0x180 [ 15.442869] ? preempt_count_sub+0x50/0x80 [ 15.442893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.442919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.442943] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.442967] kthread+0x337/0x6f0 [ 15.442989] ? trace_preempt_on+0x20/0xc0 [ 15.443014] ? __pfx_kthread+0x10/0x10 [ 15.443036] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.443059] ? calculate_sigpending+0x7b/0xa0 [ 15.443084] ? __pfx_kthread+0x10/0x10 [ 15.443106] ret_from_fork+0x116/0x1d0 [ 15.443126] ? __pfx_kthread+0x10/0x10 [ 15.443147] ret_from_fork_asm+0x1a/0x30 [ 15.443180] </TASK> [ 15.443193] [ 15.450308] Allocated by task 283: [ 15.450442] kasan_save_stack+0x45/0x70 [ 15.450596] kasan_save_track+0x18/0x40 [ 15.450819] kasan_save_alloc_info+0x3b/0x50 [ 15.451040] __kasan_kmalloc+0xb7/0xc0 [ 15.451230] __kmalloc_cache_noprof+0x189/0x420 [ 15.451466] kasan_atomics+0x95/0x310 [ 15.451627] kunit_try_run_case+0x1a5/0x480 [ 15.451852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.452089] kthread+0x337/0x6f0 [ 15.452241] ret_from_fork+0x116/0x1d0 [ 15.452406] ret_from_fork_asm+0x1a/0x30 [ 15.452615] [ 15.452735] The buggy address belongs to the object at ffff8881031c4500 [ 15.452735] which belongs to the cache kmalloc-64 of size 64 [ 15.453186] The buggy address is located 0 bytes to the right of [ 15.453186] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.453707] [ 15.453808] The buggy address belongs to the physical page: [ 15.454055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.454400] flags: 0x200000000000000(node=0|zone=2) [ 15.454616] page_type: f5(slab) [ 15.454796] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.455092] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.455397] page dumped because: kasan: bad access detected [ 15.455644] [ 15.455761] Memory state around the buggy address: [ 15.455971] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.456251] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.456517] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.456760] ^ [ 15.456920] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.457147] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.457478] ================================================================== [ 15.144389] ================================================================== [ 15.144752] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 15.145067] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.145909] [ 15.146151] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.146307] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.146326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.146350] Call Trace: [ 15.146381] <TASK> [ 15.146401] dump_stack_lvl+0x73/0xb0 [ 15.146480] print_report+0xd1/0x650 [ 15.146507] ? __virt_addr_valid+0x1db/0x2d0 [ 15.146531] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.146554] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.146578] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.146601] kasan_report+0x141/0x180 [ 15.146624] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.146651] kasan_check_range+0x10c/0x1c0 [ 15.146690] __kasan_check_write+0x18/0x20 [ 15.146711] kasan_atomics_helper+0x1b22/0x5450 [ 15.146734] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.146758] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.146784] ? kasan_atomics+0x152/0x310 [ 15.146812] kasan_atomics+0x1dc/0x310 [ 15.146835] ? __pfx_kasan_atomics+0x10/0x10 [ 15.146860] ? __pfx_read_tsc+0x10/0x10 [ 15.146881] ? ktime_get_ts64+0x86/0x230 [ 15.146906] kunit_try_run_case+0x1a5/0x480 [ 15.146931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.146955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.146979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.147003] ? __kthread_parkme+0x82/0x180 [ 15.147025] ? preempt_count_sub+0x50/0x80 [ 15.147049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.147073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.147096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.147121] kthread+0x337/0x6f0 [ 15.147142] ? trace_preempt_on+0x20/0xc0 [ 15.147166] ? __pfx_kthread+0x10/0x10 [ 15.147187] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.147209] ? calculate_sigpending+0x7b/0xa0 [ 15.147234] ? __pfx_kthread+0x10/0x10 [ 15.147257] ret_from_fork+0x116/0x1d0 [ 15.147276] ? __pfx_kthread+0x10/0x10 [ 15.147297] ret_from_fork_asm+0x1a/0x30 [ 15.147329] </TASK> [ 15.147342] [ 15.156618] Allocated by task 283: [ 15.157169] kasan_save_stack+0x45/0x70 [ 15.157493] kasan_save_track+0x18/0x40 [ 15.157827] kasan_save_alloc_info+0x3b/0x50 [ 15.158127] __kasan_kmalloc+0xb7/0xc0 [ 15.158409] __kmalloc_cache_noprof+0x189/0x420 [ 15.158759] kasan_atomics+0x95/0x310 [ 15.159041] kunit_try_run_case+0x1a5/0x480 [ 15.159334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.159677] kthread+0x337/0x6f0 [ 15.159992] ret_from_fork+0x116/0x1d0 [ 15.160276] ret_from_fork_asm+0x1a/0x30 [ 15.160525] [ 15.160630] The buggy address belongs to the object at ffff8881031c4500 [ 15.160630] which belongs to the cache kmalloc-64 of size 64 [ 15.161485] The buggy address is located 0 bytes to the right of [ 15.161485] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.162250] [ 15.162333] The buggy address belongs to the physical page: [ 15.162784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.163222] flags: 0x200000000000000(node=0|zone=2) [ 15.163558] page_type: f5(slab) [ 15.163909] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.164268] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.164785] page dumped because: kasan: bad access detected [ 15.165126] [ 15.165338] Memory state around the buggy address: [ 15.165711] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.166110] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.166523] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.167038] ^ [ 15.167351] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.167771] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.168170] ================================================================== [ 15.310905] ================================================================== [ 15.311280] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 15.311625] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.311984] [ 15.312102] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.312174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.312188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.312222] Call Trace: [ 15.312241] <TASK> [ 15.312257] dump_stack_lvl+0x73/0xb0 [ 15.312314] print_report+0xd1/0x650 [ 15.312338] ? __virt_addr_valid+0x1db/0x2d0 [ 15.312389] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.312412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.312436] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.312468] kasan_report+0x141/0x180 [ 15.312492] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.312520] __asan_report_load8_noabort+0x18/0x20 [ 15.312572] kasan_atomics_helper+0x4f71/0x5450 [ 15.312597] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.312659] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.312686] ? kasan_atomics+0x152/0x310 [ 15.312724] kasan_atomics+0x1dc/0x310 [ 15.312748] ? __pfx_kasan_atomics+0x10/0x10 [ 15.312784] ? __pfx_read_tsc+0x10/0x10 [ 15.312805] ? ktime_get_ts64+0x86/0x230 [ 15.312830] kunit_try_run_case+0x1a5/0x480 [ 15.312854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.312879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.312903] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.312954] ? __kthread_parkme+0x82/0x180 [ 15.312975] ? preempt_count_sub+0x50/0x80 [ 15.313028] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.313078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.313103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.313128] kthread+0x337/0x6f0 [ 15.313161] ? trace_preempt_on+0x20/0xc0 [ 15.313186] ? __pfx_kthread+0x10/0x10 [ 15.313208] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.313230] ? calculate_sigpending+0x7b/0xa0 [ 15.313255] ? __pfx_kthread+0x10/0x10 [ 15.313277] ret_from_fork+0x116/0x1d0 [ 15.313297] ? __pfx_kthread+0x10/0x10 [ 15.313319] ret_from_fork_asm+0x1a/0x30 [ 15.313350] </TASK> [ 15.313392] [ 15.321288] Allocated by task 283: [ 15.321504] kasan_save_stack+0x45/0x70 [ 15.321740] kasan_save_track+0x18/0x40 [ 15.321932] kasan_save_alloc_info+0x3b/0x50 [ 15.322172] __kasan_kmalloc+0xb7/0xc0 [ 15.322406] __kmalloc_cache_noprof+0x189/0x420 [ 15.322675] kasan_atomics+0x95/0x310 [ 15.322895] kunit_try_run_case+0x1a5/0x480 [ 15.323044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.323551] kthread+0x337/0x6f0 [ 15.323701] ret_from_fork+0x116/0x1d0 [ 15.323963] ret_from_fork_asm+0x1a/0x30 [ 15.324143] [ 15.324232] The buggy address belongs to the object at ffff8881031c4500 [ 15.324232] which belongs to the cache kmalloc-64 of size 64 [ 15.324678] The buggy address is located 0 bytes to the right of [ 15.324678] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.325231] [ 15.325306] The buggy address belongs to the physical page: [ 15.325538] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.325998] flags: 0x200000000000000(node=0|zone=2) [ 15.326162] page_type: f5(slab) [ 15.326282] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.326517] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.326862] page dumped because: kasan: bad access detected [ 15.327361] [ 15.327505] Memory state around the buggy address: [ 15.327919] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.328252] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.328498] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.329086] ^ [ 15.329283] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.329640] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.329992] ================================================================== [ 14.047651] ================================================================== [ 14.049488] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 14.049748] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.049976] [ 14.050068] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.050115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.050127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.050150] Call Trace: [ 14.050163] <TASK> [ 14.050178] dump_stack_lvl+0x73/0xb0 [ 14.050206] print_report+0xd1/0x650 [ 14.050227] ? __virt_addr_valid+0x1db/0x2d0 [ 14.050249] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.050270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.050291] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.050315] kasan_report+0x141/0x180 [ 14.050338] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.050363] __asan_report_load4_noabort+0x18/0x20 [ 14.050387] kasan_atomics_helper+0x4bbc/0x5450 [ 14.050409] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.050431] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.050731] ? kasan_atomics+0x152/0x310 [ 14.050829] kasan_atomics+0x1dc/0x310 [ 14.051066] ? __pfx_kasan_atomics+0x10/0x10 [ 14.051095] ? __pfx_read_tsc+0x10/0x10 [ 14.051117] ? ktime_get_ts64+0x86/0x230 [ 14.051168] kunit_try_run_case+0x1a5/0x480 [ 14.051221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.051243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.051267] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.051289] ? __kthread_parkme+0x82/0x180 [ 14.051309] ? preempt_count_sub+0x50/0x80 [ 14.051334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.051357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.051380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.051403] kthread+0x337/0x6f0 [ 14.051422] ? trace_preempt_on+0x20/0xc0 [ 14.051444] ? __pfx_kthread+0x10/0x10 [ 14.051474] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.051494] ? calculate_sigpending+0x7b/0xa0 [ 14.051517] ? __pfx_kthread+0x10/0x10 [ 14.051539] ret_from_fork+0x116/0x1d0 [ 14.051557] ? __pfx_kthread+0x10/0x10 [ 14.051577] ret_from_fork_asm+0x1a/0x30 [ 14.051607] </TASK> [ 14.051619] [ 14.065173] Allocated by task 283: [ 14.065551] kasan_save_stack+0x45/0x70 [ 14.065761] kasan_save_track+0x18/0x40 [ 14.066127] kasan_save_alloc_info+0x3b/0x50 [ 14.066422] __kasan_kmalloc+0xb7/0xc0 [ 14.066732] __kmalloc_cache_noprof+0x189/0x420 [ 14.066982] kasan_atomics+0x95/0x310 [ 14.067157] kunit_try_run_case+0x1a5/0x480 [ 14.067609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.067983] kthread+0x337/0x6f0 [ 14.068253] ret_from_fork+0x116/0x1d0 [ 14.068611] ret_from_fork_asm+0x1a/0x30 [ 14.068869] [ 14.068971] The buggy address belongs to the object at ffff8881031c4500 [ 14.068971] which belongs to the cache kmalloc-64 of size 64 [ 14.069712] The buggy address is located 0 bytes to the right of [ 14.069712] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.070443] [ 14.070569] The buggy address belongs to the physical page: [ 14.071020] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.071509] flags: 0x200000000000000(node=0|zone=2) [ 14.071845] page_type: f5(slab) [ 14.072141] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.072637] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.073242] page dumped because: kasan: bad access detected [ 14.073604] [ 14.073695] Memory state around the buggy address: [ 14.074057] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.074632] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.075052] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.075512] ^ [ 14.075871] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.076261] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.076765] ================================================================== [ 15.055880] ================================================================== [ 15.056194] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 15.057029] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.057404] [ 15.057517] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.057714] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.057799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.057825] Call Trace: [ 15.057839] <TASK> [ 15.057857] dump_stack_lvl+0x73/0xb0 [ 15.057889] print_report+0xd1/0x650 [ 15.057914] ? __virt_addr_valid+0x1db/0x2d0 [ 15.057938] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.057961] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.057984] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.058007] kasan_report+0x141/0x180 [ 15.058030] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.058057] kasan_check_range+0x10c/0x1c0 [ 15.058083] __kasan_check_write+0x18/0x20 [ 15.058104] kasan_atomics_helper+0x18b1/0x5450 [ 15.058127] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.058151] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.058177] ? kasan_atomics+0x152/0x310 [ 15.058205] kasan_atomics+0x1dc/0x310 [ 15.058229] ? __pfx_kasan_atomics+0x10/0x10 [ 15.058255] ? __pfx_read_tsc+0x10/0x10 [ 15.058276] ? ktime_get_ts64+0x86/0x230 [ 15.058301] kunit_try_run_case+0x1a5/0x480 [ 15.058326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.058350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.058374] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.058399] ? __kthread_parkme+0x82/0x180 [ 15.058419] ? preempt_count_sub+0x50/0x80 [ 15.058445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.058483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.058507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.058532] kthread+0x337/0x6f0 [ 15.058552] ? trace_preempt_on+0x20/0xc0 [ 15.058578] ? __pfx_kthread+0x10/0x10 [ 15.058600] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.058622] ? calculate_sigpending+0x7b/0xa0 [ 15.058648] ? __pfx_kthread+0x10/0x10 [ 15.058671] ret_from_fork+0x116/0x1d0 [ 15.058699] ? __pfx_kthread+0x10/0x10 [ 15.058721] ret_from_fork_asm+0x1a/0x30 [ 15.058753] </TASK> [ 15.058767] [ 15.068588] Allocated by task 283: [ 15.068934] kasan_save_stack+0x45/0x70 [ 15.069106] kasan_save_track+0x18/0x40 [ 15.069309] kasan_save_alloc_info+0x3b/0x50 [ 15.069698] __kasan_kmalloc+0xb7/0xc0 [ 15.069874] __kmalloc_cache_noprof+0x189/0x420 [ 15.070076] kasan_atomics+0x95/0x310 [ 15.070259] kunit_try_run_case+0x1a5/0x480 [ 15.070450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.070698] kthread+0x337/0x6f0 [ 15.071129] ret_from_fork+0x116/0x1d0 [ 15.071286] ret_from_fork_asm+0x1a/0x30 [ 15.071577] [ 15.071772] The buggy address belongs to the object at ffff8881031c4500 [ 15.071772] which belongs to the cache kmalloc-64 of size 64 [ 15.072314] The buggy address is located 0 bytes to the right of [ 15.072314] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.072976] [ 15.073198] The buggy address belongs to the physical page: [ 15.073537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.074008] flags: 0x200000000000000(node=0|zone=2) [ 15.074281] page_type: f5(slab) [ 15.074469] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.074976] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.075342] page dumped because: kasan: bad access detected [ 15.075691] [ 15.075776] Memory state around the buggy address: [ 15.075993] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.076288] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.076626] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.077197] ^ [ 15.077400] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.077847] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.078211] ================================================================== [ 14.421527] ================================================================== [ 14.421892] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 14.422274] Write of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.422602] [ 14.422733] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.422777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.422791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.422832] Call Trace: [ 14.422849] <TASK> [ 14.422865] dump_stack_lvl+0x73/0xb0 [ 14.422896] print_report+0xd1/0x650 [ 14.422919] ? __virt_addr_valid+0x1db/0x2d0 [ 14.422943] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.422966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.422989] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.423032] kasan_report+0x141/0x180 [ 14.423056] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.423084] kasan_check_range+0x10c/0x1c0 [ 14.423108] __kasan_check_write+0x18/0x20 [ 14.423129] kasan_atomics_helper+0xa2b/0x5450 [ 14.423153] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.423175] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.423268] ? kasan_atomics+0x152/0x310 [ 14.423295] kasan_atomics+0x1dc/0x310 [ 14.423320] ? __pfx_kasan_atomics+0x10/0x10 [ 14.423345] ? __pfx_read_tsc+0x10/0x10 [ 14.423367] ? ktime_get_ts64+0x86/0x230 [ 14.423390] kunit_try_run_case+0x1a5/0x480 [ 14.423416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.423439] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.423473] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.423498] ? __kthread_parkme+0x82/0x180 [ 14.423538] ? preempt_count_sub+0x50/0x80 [ 14.423563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.423587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.423611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.423635] kthread+0x337/0x6f0 [ 14.423656] ? trace_preempt_on+0x20/0xc0 [ 14.423681] ? __pfx_kthread+0x10/0x10 [ 14.423721] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.423744] ? calculate_sigpending+0x7b/0xa0 [ 14.423769] ? __pfx_kthread+0x10/0x10 [ 14.423792] ret_from_fork+0x116/0x1d0 [ 14.423811] ? __pfx_kthread+0x10/0x10 [ 14.423832] ret_from_fork_asm+0x1a/0x30 [ 14.423864] </TASK> [ 14.423877] [ 14.433447] Allocated by task 283: [ 14.433635] kasan_save_stack+0x45/0x70 [ 14.433948] kasan_save_track+0x18/0x40 [ 14.434300] kasan_save_alloc_info+0x3b/0x50 [ 14.434636] __kasan_kmalloc+0xb7/0xc0 [ 14.434942] __kmalloc_cache_noprof+0x189/0x420 [ 14.435267] kasan_atomics+0x95/0x310 [ 14.435433] kunit_try_run_case+0x1a5/0x480 [ 14.435650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.436173] kthread+0x337/0x6f0 [ 14.436499] ret_from_fork+0x116/0x1d0 [ 14.436823] ret_from_fork_asm+0x1a/0x30 [ 14.437020] [ 14.437114] The buggy address belongs to the object at ffff8881031c4500 [ 14.437114] which belongs to the cache kmalloc-64 of size 64 [ 14.438138] The buggy address is located 0 bytes to the right of [ 14.438138] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.438729] [ 14.438822] The buggy address belongs to the physical page: [ 14.439063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.439743] flags: 0x200000000000000(node=0|zone=2) [ 14.439980] page_type: f5(slab) [ 14.440328] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.440698] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.441085] page dumped because: kasan: bad access detected [ 14.441554] [ 14.441652] Memory state around the buggy address: [ 14.442021] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.442615] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.443133] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.443695] ^ [ 14.443917] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.444167] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.444461] ================================================================== [ 14.946152] ================================================================== [ 14.946835] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.947650] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.948097] [ 14.948191] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.948235] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.948249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.948272] Call Trace: [ 14.948288] <TASK> [ 14.948304] dump_stack_lvl+0x73/0xb0 [ 14.948336] print_report+0xd1/0x650 [ 14.948359] ? __virt_addr_valid+0x1db/0x2d0 [ 14.948381] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.948404] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.948427] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.948464] kasan_report+0x141/0x180 [ 14.948489] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.948518] kasan_check_range+0x10c/0x1c0 [ 14.948543] __kasan_check_write+0x18/0x20 [ 14.948564] kasan_atomics_helper+0x15b6/0x5450 [ 14.948588] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.948612] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.948638] ? kasan_atomics+0x152/0x310 [ 14.948668] kasan_atomics+0x1dc/0x310 [ 14.948710] ? __pfx_kasan_atomics+0x10/0x10 [ 14.948736] ? __pfx_read_tsc+0x10/0x10 [ 14.948758] ? ktime_get_ts64+0x86/0x230 [ 14.948784] kunit_try_run_case+0x1a5/0x480 [ 14.948810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.948833] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.948857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.948882] ? __kthread_parkme+0x82/0x180 [ 14.948904] ? preempt_count_sub+0x50/0x80 [ 14.948928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.948953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.948977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.949001] kthread+0x337/0x6f0 [ 14.949023] ? trace_preempt_on+0x20/0xc0 [ 14.949048] ? __pfx_kthread+0x10/0x10 [ 14.949070] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.949091] ? calculate_sigpending+0x7b/0xa0 [ 14.949116] ? __pfx_kthread+0x10/0x10 [ 14.949140] ret_from_fork+0x116/0x1d0 [ 14.949161] ? __pfx_kthread+0x10/0x10 [ 14.949183] ret_from_fork_asm+0x1a/0x30 [ 14.949216] </TASK> [ 14.949229] [ 14.959210] Allocated by task 283: [ 14.959344] kasan_save_stack+0x45/0x70 [ 14.959575] kasan_save_track+0x18/0x40 [ 14.959767] kasan_save_alloc_info+0x3b/0x50 [ 14.960030] __kasan_kmalloc+0xb7/0xc0 [ 14.960229] __kmalloc_cache_noprof+0x189/0x420 [ 14.960468] kasan_atomics+0x95/0x310 [ 14.960651] kunit_try_run_case+0x1a5/0x480 [ 14.961182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.961435] kthread+0x337/0x6f0 [ 14.961605] ret_from_fork+0x116/0x1d0 [ 14.961804] ret_from_fork_asm+0x1a/0x30 [ 14.962567] [ 14.962658] The buggy address belongs to the object at ffff8881031c4500 [ 14.962658] which belongs to the cache kmalloc-64 of size 64 [ 14.963024] The buggy address is located 0 bytes to the right of [ 14.963024] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.963388] [ 14.963472] The buggy address belongs to the physical page: [ 14.963983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.964238] flags: 0x200000000000000(node=0|zone=2) [ 14.964407] page_type: f5(slab) [ 14.964815] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.965524] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.966240] page dumped because: kasan: bad access detected [ 14.966804] [ 14.966968] Memory state around the buggy address: [ 14.967318] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.967553] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.968076] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.968759] ^ [ 14.969236] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.969896] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.970118] ================================================================== [ 14.775538] ================================================================== [ 14.776239] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.776548] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.777009] [ 14.777131] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.777175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.777190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.777213] Call Trace: [ 14.777229] <TASK> [ 14.777245] dump_stack_lvl+0x73/0xb0 [ 14.777276] print_report+0xd1/0x650 [ 14.777299] ? __virt_addr_valid+0x1db/0x2d0 [ 14.777323] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.777347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.777371] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.777400] kasan_report+0x141/0x180 [ 14.777424] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.777465] __asan_report_load4_noabort+0x18/0x20 [ 14.777491] kasan_atomics_helper+0x49e8/0x5450 [ 14.777516] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.777538] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.777565] ? kasan_atomics+0x152/0x310 [ 14.777593] kasan_atomics+0x1dc/0x310 [ 14.777617] ? __pfx_kasan_atomics+0x10/0x10 [ 14.777643] ? __pfx_read_tsc+0x10/0x10 [ 14.777665] ? ktime_get_ts64+0x86/0x230 [ 14.777701] kunit_try_run_case+0x1a5/0x480 [ 14.777726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.777749] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.777774] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.777798] ? __kthread_parkme+0x82/0x180 [ 14.777819] ? preempt_count_sub+0x50/0x80 [ 14.777843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.777868] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.777892] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.777917] kthread+0x337/0x6f0 [ 14.777938] ? trace_preempt_on+0x20/0xc0 [ 14.777963] ? __pfx_kthread+0x10/0x10 [ 14.777985] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.778007] ? calculate_sigpending+0x7b/0xa0 [ 14.778032] ? __pfx_kthread+0x10/0x10 [ 14.778054] ret_from_fork+0x116/0x1d0 [ 14.778074] ? __pfx_kthread+0x10/0x10 [ 14.778095] ret_from_fork_asm+0x1a/0x30 [ 14.778129] </TASK> [ 14.778142] [ 14.785420] Allocated by task 283: [ 14.785582] kasan_save_stack+0x45/0x70 [ 14.785911] kasan_save_track+0x18/0x40 [ 14.786113] kasan_save_alloc_info+0x3b/0x50 [ 14.786330] __kasan_kmalloc+0xb7/0xc0 [ 14.786533] __kmalloc_cache_noprof+0x189/0x420 [ 14.786867] kasan_atomics+0x95/0x310 [ 14.787051] kunit_try_run_case+0x1a5/0x480 [ 14.787233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.787477] kthread+0x337/0x6f0 [ 14.787642] ret_from_fork+0x116/0x1d0 [ 14.787850] ret_from_fork_asm+0x1a/0x30 [ 14.787995] [ 14.788071] The buggy address belongs to the object at ffff8881031c4500 [ 14.788071] which belongs to the cache kmalloc-64 of size 64 [ 14.788603] The buggy address is located 0 bytes to the right of [ 14.788603] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.789205] [ 14.789286] The buggy address belongs to the physical page: [ 14.789514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.790010] flags: 0x200000000000000(node=0|zone=2) [ 14.790218] page_type: f5(slab) [ 14.790370] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.790672] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.790967] page dumped because: kasan: bad access detected [ 14.791211] [ 14.791308] Memory state around the buggy address: [ 14.791524] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.791746] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.791967] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.792201] ^ [ 14.792441] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.792876] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.793193] ================================================================== [ 14.634317] ================================================================== [ 14.635913] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.636270] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.636571] [ 14.636674] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.636899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.636914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.636938] Call Trace: [ 14.636956] <TASK> [ 14.636972] dump_stack_lvl+0x73/0xb0 [ 14.637002] print_report+0xd1/0x650 [ 14.637026] ? __virt_addr_valid+0x1db/0x2d0 [ 14.638268] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.638311] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.638337] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.638360] kasan_report+0x141/0x180 [ 14.638387] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.638415] __asan_report_load4_noabort+0x18/0x20 [ 14.638442] kasan_atomics_helper+0x4a36/0x5450 [ 14.638479] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.638503] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.638531] ? kasan_atomics+0x152/0x310 [ 14.638559] kasan_atomics+0x1dc/0x310 [ 14.638582] ? __pfx_kasan_atomics+0x10/0x10 [ 14.638608] ? __pfx_read_tsc+0x10/0x10 [ 14.638629] ? ktime_get_ts64+0x86/0x230 [ 14.638654] kunit_try_run_case+0x1a5/0x480 [ 14.638705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.638738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.638763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.638788] ? __kthread_parkme+0x82/0x180 [ 14.638809] ? preempt_count_sub+0x50/0x80 [ 14.638835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.638901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.638927] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.638952] kthread+0x337/0x6f0 [ 14.638973] ? trace_preempt_on+0x20/0xc0 [ 14.638998] ? __pfx_kthread+0x10/0x10 [ 14.639020] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.639042] ? calculate_sigpending+0x7b/0xa0 [ 14.639067] ? __pfx_kthread+0x10/0x10 [ 14.639090] ret_from_fork+0x116/0x1d0 [ 14.639109] ? __pfx_kthread+0x10/0x10 [ 14.639131] ret_from_fork_asm+0x1a/0x30 [ 14.639163] </TASK> [ 14.639233] [ 14.649373] Allocated by task 283: [ 14.649555] kasan_save_stack+0x45/0x70 [ 14.650076] kasan_save_track+0x18/0x40 [ 14.650332] kasan_save_alloc_info+0x3b/0x50 [ 14.650548] __kasan_kmalloc+0xb7/0xc0 [ 14.650737] __kmalloc_cache_noprof+0x189/0x420 [ 14.650954] kasan_atomics+0x95/0x310 [ 14.651120] kunit_try_run_case+0x1a5/0x480 [ 14.651577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.651791] kthread+0x337/0x6f0 [ 14.652109] ret_from_fork+0x116/0x1d0 [ 14.652604] ret_from_fork_asm+0x1a/0x30 [ 14.652885] [ 14.653199] The buggy address belongs to the object at ffff8881031c4500 [ 14.653199] which belongs to the cache kmalloc-64 of size 64 [ 14.653806] The buggy address is located 0 bytes to the right of [ 14.653806] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.654621] [ 14.654793] The buggy address belongs to the physical page: [ 14.655145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.655595] flags: 0x200000000000000(node=0|zone=2) [ 14.656042] page_type: f5(slab) [ 14.656207] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.656683] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.657015] page dumped because: kasan: bad access detected [ 14.657577] [ 14.657676] Memory state around the buggy address: [ 14.657911] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.658175] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.658553] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.658972] ^ [ 14.659186] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.659531] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.659816] ================================================================== [ 14.883594] ================================================================== [ 14.884052] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.884550] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.884957] [ 14.885079] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.885134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.885148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.885173] Call Trace: [ 14.885202] <TASK> [ 14.885219] dump_stack_lvl+0x73/0xb0 [ 14.885249] print_report+0xd1/0x650 [ 14.885273] ? __virt_addr_valid+0x1db/0x2d0 [ 14.885297] ? kasan_atomics_helper+0x1467/0x5450 [ 14.885319] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.885353] ? kasan_atomics_helper+0x1467/0x5450 [ 14.885375] kasan_report+0x141/0x180 [ 14.885403] ? kasan_atomics_helper+0x1467/0x5450 [ 14.885442] kasan_check_range+0x10c/0x1c0 [ 14.885476] __kasan_check_write+0x18/0x20 [ 14.885496] kasan_atomics_helper+0x1467/0x5450 [ 14.885520] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.885543] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.885569] ? kasan_atomics+0x152/0x310 [ 14.885606] kasan_atomics+0x1dc/0x310 [ 14.885629] ? __pfx_kasan_atomics+0x10/0x10 [ 14.885666] ? __pfx_read_tsc+0x10/0x10 [ 14.885688] ? ktime_get_ts64+0x86/0x230 [ 14.885712] kunit_try_run_case+0x1a5/0x480 [ 14.885737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.885761] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.885794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.885818] ? __kthread_parkme+0x82/0x180 [ 14.885840] ? preempt_count_sub+0x50/0x80 [ 14.885875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.885900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.885925] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.885949] kthread+0x337/0x6f0 [ 14.885971] ? trace_preempt_on+0x20/0xc0 [ 14.885996] ? __pfx_kthread+0x10/0x10 [ 14.886018] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.886040] ? calculate_sigpending+0x7b/0xa0 [ 14.886065] ? __pfx_kthread+0x10/0x10 [ 14.886087] ret_from_fork+0x116/0x1d0 [ 14.886106] ? __pfx_kthread+0x10/0x10 [ 14.886129] ret_from_fork_asm+0x1a/0x30 [ 14.886161] </TASK> [ 14.886173] [ 14.894232] Allocated by task 283: [ 14.894443] kasan_save_stack+0x45/0x70 [ 14.894659] kasan_save_track+0x18/0x40 [ 14.894850] kasan_save_alloc_info+0x3b/0x50 [ 14.895061] __kasan_kmalloc+0xb7/0xc0 [ 14.895233] __kmalloc_cache_noprof+0x189/0x420 [ 14.895462] kasan_atomics+0x95/0x310 [ 14.895650] kunit_try_run_case+0x1a5/0x480 [ 14.895882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.896068] kthread+0x337/0x6f0 [ 14.896193] ret_from_fork+0x116/0x1d0 [ 14.896361] ret_from_fork_asm+0x1a/0x30 [ 14.896585] [ 14.896681] The buggy address belongs to the object at ffff8881031c4500 [ 14.896681] which belongs to the cache kmalloc-64 of size 64 [ 14.897214] The buggy address is located 0 bytes to the right of [ 14.897214] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.897674] [ 14.897851] The buggy address belongs to the physical page: [ 14.898132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.898469] flags: 0x200000000000000(node=0|zone=2) [ 14.898660] page_type: f5(slab) [ 14.898856] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.899233] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.899550] page dumped because: kasan: bad access detected [ 14.899851] [ 14.899965] Memory state around the buggy address: [ 14.900167] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.900488] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.900814] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.901125] ^ [ 14.901366] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901602] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901818] ================================================================== [ 14.165560] ================================================================== [ 14.165876] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 14.166264] Read of size 4 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.166542] [ 14.166659] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.166722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.166736] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.166758] Call Trace: [ 14.166774] <TASK> [ 14.166791] dump_stack_lvl+0x73/0xb0 [ 14.166823] print_report+0xd1/0x650 [ 14.166847] ? __virt_addr_valid+0x1db/0x2d0 [ 14.166870] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.166892] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.166916] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.166939] kasan_report+0x141/0x180 [ 14.166962] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.166990] __asan_report_load4_noabort+0x18/0x20 [ 14.167015] kasan_atomics_helper+0x4b54/0x5450 [ 14.167038] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.167063] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.167089] ? kasan_atomics+0x152/0x310 [ 14.167117] kasan_atomics+0x1dc/0x310 [ 14.167141] ? __pfx_kasan_atomics+0x10/0x10 [ 14.167166] ? __pfx_read_tsc+0x10/0x10 [ 14.167249] ? ktime_get_ts64+0x86/0x230 [ 14.167274] kunit_try_run_case+0x1a5/0x480 [ 14.167301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.167324] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.167349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.167373] ? __kthread_parkme+0x82/0x180 [ 14.167394] ? preempt_count_sub+0x50/0x80 [ 14.167418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.167443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.167478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.167502] kthread+0x337/0x6f0 [ 14.167522] ? trace_preempt_on+0x20/0xc0 [ 14.167547] ? __pfx_kthread+0x10/0x10 [ 14.167568] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.167590] ? calculate_sigpending+0x7b/0xa0 [ 14.167614] ? __pfx_kthread+0x10/0x10 [ 14.167637] ret_from_fork+0x116/0x1d0 [ 14.167656] ? __pfx_kthread+0x10/0x10 [ 14.167677] ret_from_fork_asm+0x1a/0x30 [ 14.167727] </TASK> [ 14.167741] [ 14.175680] Allocated by task 283: [ 14.175869] kasan_save_stack+0x45/0x70 [ 14.176076] kasan_save_track+0x18/0x40 [ 14.176311] kasan_save_alloc_info+0x3b/0x50 [ 14.176530] __kasan_kmalloc+0xb7/0xc0 [ 14.176686] __kmalloc_cache_noprof+0x189/0x420 [ 14.176886] kasan_atomics+0x95/0x310 [ 14.177078] kunit_try_run_case+0x1a5/0x480 [ 14.177543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.177751] kthread+0x337/0x6f0 [ 14.177973] ret_from_fork+0x116/0x1d0 [ 14.178167] ret_from_fork_asm+0x1a/0x30 [ 14.178424] [ 14.178513] The buggy address belongs to the object at ffff8881031c4500 [ 14.178513] which belongs to the cache kmalloc-64 of size 64 [ 14.179041] The buggy address is located 0 bytes to the right of [ 14.179041] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.179686] [ 14.179775] The buggy address belongs to the physical page: [ 14.179951] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.180286] flags: 0x200000000000000(node=0|zone=2) [ 14.180532] page_type: f5(slab) [ 14.180701] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.181056] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.181337] page dumped because: kasan: bad access detected [ 14.181715] [ 14.181818] Memory state around the buggy address: [ 14.182055] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.182427] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.182742] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.182963] ^ [ 14.183123] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.183693] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.184081] ================================================================== [ 15.250701] ================================================================== [ 15.251056] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 15.251508] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.251863] [ 15.252006] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.252051] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.252077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.252099] Call Trace: [ 15.252142] <TASK> [ 15.252161] dump_stack_lvl+0x73/0xb0 [ 15.252191] print_report+0xd1/0x650 [ 15.252224] ? __virt_addr_valid+0x1db/0x2d0 [ 15.252247] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.252271] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.252295] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.252318] kasan_report+0x141/0x180 [ 15.252340] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.252368] kasan_check_range+0x10c/0x1c0 [ 15.252392] __kasan_check_write+0x18/0x20 [ 15.252414] kasan_atomics_helper+0x1e12/0x5450 [ 15.252438] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.252471] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.252497] ? kasan_atomics+0x152/0x310 [ 15.252526] kasan_atomics+0x1dc/0x310 [ 15.252550] ? __pfx_kasan_atomics+0x10/0x10 [ 15.252576] ? __pfx_read_tsc+0x10/0x10 [ 15.252598] ? ktime_get_ts64+0x86/0x230 [ 15.252622] kunit_try_run_case+0x1a5/0x480 [ 15.252648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.252673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.252727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.252752] ? __kthread_parkme+0x82/0x180 [ 15.252774] ? preempt_count_sub+0x50/0x80 [ 15.252809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.252834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.252860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.252885] kthread+0x337/0x6f0 [ 15.252906] ? trace_preempt_on+0x20/0xc0 [ 15.252930] ? __pfx_kthread+0x10/0x10 [ 15.252952] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.252974] ? calculate_sigpending+0x7b/0xa0 [ 15.252999] ? __pfx_kthread+0x10/0x10 [ 15.253022] ret_from_fork+0x116/0x1d0 [ 15.253069] ? __pfx_kthread+0x10/0x10 [ 15.253091] ret_from_fork_asm+0x1a/0x30 [ 15.253122] </TASK> [ 15.253146] [ 15.261584] Allocated by task 283: [ 15.261814] kasan_save_stack+0x45/0x70 [ 15.262043] kasan_save_track+0x18/0x40 [ 15.262235] kasan_save_alloc_info+0x3b/0x50 [ 15.262474] __kasan_kmalloc+0xb7/0xc0 [ 15.262673] __kmalloc_cache_noprof+0x189/0x420 [ 15.262962] kasan_atomics+0x95/0x310 [ 15.263142] kunit_try_run_case+0x1a5/0x480 [ 15.263371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.263624] kthread+0x337/0x6f0 [ 15.263964] ret_from_fork+0x116/0x1d0 [ 15.264145] ret_from_fork_asm+0x1a/0x30 [ 15.264355] [ 15.264489] The buggy address belongs to the object at ffff8881031c4500 [ 15.264489] which belongs to the cache kmalloc-64 of size 64 [ 15.265049] The buggy address is located 0 bytes to the right of [ 15.265049] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.265644] [ 15.265785] The buggy address belongs to the physical page: [ 15.266132] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.266518] flags: 0x200000000000000(node=0|zone=2) [ 15.266791] page_type: f5(slab) [ 15.267023] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.267404] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.267788] page dumped because: kasan: bad access detected [ 15.268085] [ 15.268184] Memory state around the buggy address: [ 15.268464] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.268780] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.269002] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.269217] ^ [ 15.269476] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.269957] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.270389] ================================================================== [ 14.834063] ================================================================== [ 14.834782] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.835104] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 14.835331] [ 14.835421] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.835474] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.835488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.835511] Call Trace: [ 14.835529] <TASK> [ 14.835546] dump_stack_lvl+0x73/0xb0 [ 14.835575] print_report+0xd1/0x650 [ 14.835599] ? __virt_addr_valid+0x1db/0x2d0 [ 14.835622] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.835645] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.835728] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.835753] kasan_report+0x141/0x180 [ 14.835788] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.835816] kasan_check_range+0x10c/0x1c0 [ 14.835841] __kasan_check_read+0x15/0x20 [ 14.835862] kasan_atomics_helper+0x13b5/0x5450 [ 14.835885] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.835909] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.835935] ? kasan_atomics+0x152/0x310 [ 14.835963] kasan_atomics+0x1dc/0x310 [ 14.835986] ? __pfx_kasan_atomics+0x10/0x10 [ 14.836012] ? __pfx_read_tsc+0x10/0x10 [ 14.836033] ? ktime_get_ts64+0x86/0x230 [ 14.836058] kunit_try_run_case+0x1a5/0x480 [ 14.836082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.836106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.836130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.836154] ? __kthread_parkme+0x82/0x180 [ 14.836176] ? preempt_count_sub+0x50/0x80 [ 14.836232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.836257] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.836319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.836344] kthread+0x337/0x6f0 [ 14.836365] ? trace_preempt_on+0x20/0xc0 [ 14.836400] ? __pfx_kthread+0x10/0x10 [ 14.836422] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.836445] ? calculate_sigpending+0x7b/0xa0 [ 14.836476] ? __pfx_kthread+0x10/0x10 [ 14.836500] ret_from_fork+0x116/0x1d0 [ 14.836519] ? __pfx_kthread+0x10/0x10 [ 14.836541] ret_from_fork_asm+0x1a/0x30 [ 14.836572] </TASK> [ 14.836584] [ 14.845515] Allocated by task 283: [ 14.846006] kasan_save_stack+0x45/0x70 [ 14.846274] kasan_save_track+0x18/0x40 [ 14.846601] kasan_save_alloc_info+0x3b/0x50 [ 14.846971] __kasan_kmalloc+0xb7/0xc0 [ 14.847154] __kmalloc_cache_noprof+0x189/0x420 [ 14.847369] kasan_atomics+0x95/0x310 [ 14.847557] kunit_try_run_case+0x1a5/0x480 [ 14.848088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.848385] kthread+0x337/0x6f0 [ 14.848817] ret_from_fork+0x116/0x1d0 [ 14.849082] ret_from_fork_asm+0x1a/0x30 [ 14.849282] [ 14.849381] The buggy address belongs to the object at ffff8881031c4500 [ 14.849381] which belongs to the cache kmalloc-64 of size 64 [ 14.850190] The buggy address is located 0 bytes to the right of [ 14.850190] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 14.851067] [ 14.851174] The buggy address belongs to the physical page: [ 14.851418] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 14.851681] flags: 0x200000000000000(node=0|zone=2) [ 14.852054] page_type: f5(slab) [ 14.852328] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.852764] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.853156] page dumped because: kasan: bad access detected [ 14.853514] [ 14.853971] Memory state around the buggy address: [ 14.854202] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.854604] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.855008] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.855381] ^ [ 14.855717] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.856120] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.856400] ================================================================== [ 15.114959] ================================================================== [ 15.115324] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 15.115690] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.115983] [ 15.116665] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.116711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.116725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.116748] Call Trace: [ 15.116821] <TASK> [ 15.116837] dump_stack_lvl+0x73/0xb0 [ 15.116866] print_report+0xd1/0x650 [ 15.116890] ? __virt_addr_valid+0x1db/0x2d0 [ 15.116913] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.116937] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.116960] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.116984] kasan_report+0x141/0x180 [ 15.117008] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.117674] kasan_check_range+0x10c/0x1c0 [ 15.117705] __kasan_check_write+0x18/0x20 [ 15.117727] kasan_atomics_helper+0x1a7f/0x5450 [ 15.117752] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.117776] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.117803] ? kasan_atomics+0x152/0x310 [ 15.117831] kasan_atomics+0x1dc/0x310 [ 15.117854] ? __pfx_kasan_atomics+0x10/0x10 [ 15.117881] ? __pfx_read_tsc+0x10/0x10 [ 15.117902] ? ktime_get_ts64+0x86/0x230 [ 15.117928] kunit_try_run_case+0x1a5/0x480 [ 15.117952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.117976] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.118001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.118024] ? __kthread_parkme+0x82/0x180 [ 15.118217] ? preempt_count_sub+0x50/0x80 [ 15.118243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.118269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.118295] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.118319] kthread+0x337/0x6f0 [ 15.118340] ? trace_preempt_on+0x20/0xc0 [ 15.118365] ? __pfx_kthread+0x10/0x10 [ 15.118387] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.118409] ? calculate_sigpending+0x7b/0xa0 [ 15.118434] ? __pfx_kthread+0x10/0x10 [ 15.118471] ret_from_fork+0x116/0x1d0 [ 15.118491] ? __pfx_kthread+0x10/0x10 [ 15.118514] ret_from_fork_asm+0x1a/0x30 [ 15.118546] </TASK> [ 15.118559] [ 15.132836] Allocated by task 283: [ 15.133110] kasan_save_stack+0x45/0x70 [ 15.133429] kasan_save_track+0x18/0x40 [ 15.133582] kasan_save_alloc_info+0x3b/0x50 [ 15.133913] __kasan_kmalloc+0xb7/0xc0 [ 15.134279] __kmalloc_cache_noprof+0x189/0x420 [ 15.134725] kasan_atomics+0x95/0x310 [ 15.134865] kunit_try_run_case+0x1a5/0x480 [ 15.135017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.135195] kthread+0x337/0x6f0 [ 15.135317] ret_from_fork+0x116/0x1d0 [ 15.135462] ret_from_fork_asm+0x1a/0x30 [ 15.135648] [ 15.135745] The buggy address belongs to the object at ffff8881031c4500 [ 15.135745] which belongs to the cache kmalloc-64 of size 64 [ 15.136270] The buggy address is located 0 bytes to the right of [ 15.136270] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.137116] [ 15.137202] The buggy address belongs to the physical page: [ 15.137439] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.137698] flags: 0x200000000000000(node=0|zone=2) [ 15.138053] page_type: f5(slab) [ 15.138535] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.139063] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.139551] page dumped because: kasan: bad access detected [ 15.140144] [ 15.140401] Memory state around the buggy address: [ 15.140889] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.141225] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.141544] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.142137] ^ [ 15.142439] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.143058] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.143363] ================================================================== [ 15.188932] ================================================================== [ 15.189484] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 15.189964] Read of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.190291] [ 15.190434] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.190522] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.190537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.190587] Call Trace: [ 15.190604] <TASK> [ 15.190621] dump_stack_lvl+0x73/0xb0 [ 15.190653] print_report+0xd1/0x650 [ 15.190677] ? __virt_addr_valid+0x1db/0x2d0 [ 15.190700] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.190723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.190756] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.190780] kasan_report+0x141/0x180 [ 15.190822] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.190859] __asan_report_load8_noabort+0x18/0x20 [ 15.190884] kasan_atomics_helper+0x4f30/0x5450 [ 15.190919] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.190944] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.190996] ? kasan_atomics+0x152/0x310 [ 15.191024] kasan_atomics+0x1dc/0x310 [ 15.191048] ? __pfx_kasan_atomics+0x10/0x10 [ 15.191084] ? __pfx_read_tsc+0x10/0x10 [ 15.191107] ? ktime_get_ts64+0x86/0x230 [ 15.191157] kunit_try_run_case+0x1a5/0x480 [ 15.191182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.191205] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.191240] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.191289] ? __kthread_parkme+0x82/0x180 [ 15.191310] ? preempt_count_sub+0x50/0x80 [ 15.191336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.191371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.191394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.191443] kthread+0x337/0x6f0 [ 15.191480] ? trace_preempt_on+0x20/0xc0 [ 15.191504] ? __pfx_kthread+0x10/0x10 [ 15.191527] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.191548] ? calculate_sigpending+0x7b/0xa0 [ 15.191599] ? __pfx_kthread+0x10/0x10 [ 15.191621] ret_from_fork+0x116/0x1d0 [ 15.191642] ? __pfx_kthread+0x10/0x10 [ 15.191674] ret_from_fork_asm+0x1a/0x30 [ 15.191712] </TASK> [ 15.191725] [ 15.200054] Allocated by task 283: [ 15.200298] kasan_save_stack+0x45/0x70 [ 15.200466] kasan_save_track+0x18/0x40 [ 15.200602] kasan_save_alloc_info+0x3b/0x50 [ 15.200933] __kasan_kmalloc+0xb7/0xc0 [ 15.201125] __kmalloc_cache_noprof+0x189/0x420 [ 15.201417] kasan_atomics+0x95/0x310 [ 15.201685] kunit_try_run_case+0x1a5/0x480 [ 15.201943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.202192] kthread+0x337/0x6f0 [ 15.202319] ret_from_fork+0x116/0x1d0 [ 15.202566] ret_from_fork_asm+0x1a/0x30 [ 15.202889] [ 15.203029] The buggy address belongs to the object at ffff8881031c4500 [ 15.203029] which belongs to the cache kmalloc-64 of size 64 [ 15.203541] The buggy address is located 0 bytes to the right of [ 15.203541] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.204138] [ 15.204237] The buggy address belongs to the physical page: [ 15.204537] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.204881] flags: 0x200000000000000(node=0|zone=2) [ 15.205050] page_type: f5(slab) [ 15.205175] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.205525] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.206138] page dumped because: kasan: bad access detected [ 15.206391] [ 15.206479] Memory state around the buggy address: [ 15.206639] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.206860] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.207166] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.207603] ^ [ 15.207953] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.208379] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.208719] ================================================================== [ 15.371352] ================================================================== [ 15.371889] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 15.372282] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.372630] [ 15.372746] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.372819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.372833] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.372868] Call Trace: [ 15.372884] <TASK> [ 15.372900] dump_stack_lvl+0x73/0xb0 [ 15.372931] print_report+0xd1/0x650 [ 15.372982] ? __virt_addr_valid+0x1db/0x2d0 [ 15.373005] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.373027] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.373084] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.373107] kasan_report+0x141/0x180 [ 15.373131] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.373170] kasan_check_range+0x10c/0x1c0 [ 15.373195] __kasan_check_write+0x18/0x20 [ 15.373215] kasan_atomics_helper+0x20c8/0x5450 [ 15.373240] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.373263] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.373316] ? kasan_atomics+0x152/0x310 [ 15.373344] kasan_atomics+0x1dc/0x310 [ 15.373384] ? __pfx_kasan_atomics+0x10/0x10 [ 15.373411] ? __pfx_read_tsc+0x10/0x10 [ 15.373432] ? ktime_get_ts64+0x86/0x230 [ 15.373465] kunit_try_run_case+0x1a5/0x480 [ 15.373491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.373515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.373539] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.373564] ? __kthread_parkme+0x82/0x180 [ 15.373585] ? preempt_count_sub+0x50/0x80 [ 15.373609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.373635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.373659] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.373712] kthread+0x337/0x6f0 [ 15.373735] ? trace_preempt_on+0x20/0xc0 [ 15.373758] ? __pfx_kthread+0x10/0x10 [ 15.373791] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.373814] ? calculate_sigpending+0x7b/0xa0 [ 15.373838] ? __pfx_kthread+0x10/0x10 [ 15.373861] ret_from_fork+0x116/0x1d0 [ 15.373881] ? __pfx_kthread+0x10/0x10 [ 15.373903] ret_from_fork_asm+0x1a/0x30 [ 15.373937] </TASK> [ 15.373950] [ 15.381907] Allocated by task 283: [ 15.382041] kasan_save_stack+0x45/0x70 [ 15.382184] kasan_save_track+0x18/0x40 [ 15.382321] kasan_save_alloc_info+0x3b/0x50 [ 15.382486] __kasan_kmalloc+0xb7/0xc0 [ 15.382622] __kmalloc_cache_noprof+0x189/0x420 [ 15.383590] kasan_atomics+0x95/0x310 [ 15.383822] kunit_try_run_case+0x1a5/0x480 [ 15.384035] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.384293] kthread+0x337/0x6f0 [ 15.384427] ret_from_fork+0x116/0x1d0 [ 15.384575] ret_from_fork_asm+0x1a/0x30 [ 15.384718] [ 15.384794] The buggy address belongs to the object at ffff8881031c4500 [ 15.384794] which belongs to the cache kmalloc-64 of size 64 [ 15.385340] The buggy address is located 0 bytes to the right of [ 15.385340] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.385739] [ 15.385849] The buggy address belongs to the physical page: [ 15.386136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.386558] flags: 0x200000000000000(node=0|zone=2) [ 15.387423] page_type: f5(slab) [ 15.387582] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.387873] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.388212] page dumped because: kasan: bad access detected [ 15.388835] [ 15.388988] Memory state around the buggy address: [ 15.389149] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.389365] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.389606] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.390445] ^ [ 15.390690] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.390927] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.391149] ================================================================== [ 15.419920] ================================================================== [ 15.420222] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 15.420913] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.421262] [ 15.421370] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.421423] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.421437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.421472] Call Trace: [ 15.421490] <TASK> [ 15.421507] dump_stack_lvl+0x73/0xb0 [ 15.421538] print_report+0xd1/0x650 [ 15.421563] ? __virt_addr_valid+0x1db/0x2d0 [ 15.421587] ? kasan_atomics_helper+0x218a/0x5450 [ 15.421609] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.421634] ? kasan_atomics_helper+0x218a/0x5450 [ 15.421657] kasan_report+0x141/0x180 [ 15.421681] ? kasan_atomics_helper+0x218a/0x5450 [ 15.421709] kasan_check_range+0x10c/0x1c0 [ 15.421734] __kasan_check_write+0x18/0x20 [ 15.421755] kasan_atomics_helper+0x218a/0x5450 [ 15.421779] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.421803] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.421847] ? kasan_atomics+0x152/0x310 [ 15.421876] kasan_atomics+0x1dc/0x310 [ 15.421900] ? __pfx_kasan_atomics+0x10/0x10 [ 15.421925] ? __pfx_read_tsc+0x10/0x10 [ 15.421947] ? ktime_get_ts64+0x86/0x230 [ 15.421972] kunit_try_run_case+0x1a5/0x480 [ 15.421998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.422021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.422045] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.422070] ? __kthread_parkme+0x82/0x180 [ 15.422091] ? preempt_count_sub+0x50/0x80 [ 15.422115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.422141] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.422165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.422192] kthread+0x337/0x6f0 [ 15.422213] ? trace_preempt_on+0x20/0xc0 [ 15.422238] ? __pfx_kthread+0x10/0x10 [ 15.422261] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.422283] ? calculate_sigpending+0x7b/0xa0 [ 15.422308] ? __pfx_kthread+0x10/0x10 [ 15.422330] ret_from_fork+0x116/0x1d0 [ 15.422350] ? __pfx_kthread+0x10/0x10 [ 15.422371] ret_from_fork_asm+0x1a/0x30 [ 15.422403] </TASK> [ 15.422416] [ 15.432297] Allocated by task 283: [ 15.432472] kasan_save_stack+0x45/0x70 [ 15.432620] kasan_save_track+0x18/0x40 [ 15.432981] kasan_save_alloc_info+0x3b/0x50 [ 15.433191] __kasan_kmalloc+0xb7/0xc0 [ 15.433361] __kmalloc_cache_noprof+0x189/0x420 [ 15.433588] kasan_atomics+0x95/0x310 [ 15.433810] kunit_try_run_case+0x1a5/0x480 [ 15.433979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.434255] kthread+0x337/0x6f0 [ 15.434424] ret_from_fork+0x116/0x1d0 [ 15.434581] ret_from_fork_asm+0x1a/0x30 [ 15.434764] [ 15.434841] The buggy address belongs to the object at ffff8881031c4500 [ 15.434841] which belongs to the cache kmalloc-64 of size 64 [ 15.435345] The buggy address is located 0 bytes to the right of [ 15.435345] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.435729] [ 15.435809] The buggy address belongs to the physical page: [ 15.436066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.436419] flags: 0x200000000000000(node=0|zone=2) [ 15.437179] page_type: f5(slab) [ 15.437357] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.437610] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.438178] page dumped because: kasan: bad access detected [ 15.438439] [ 15.438530] Memory state around the buggy address: [ 15.438777] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.439081] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.439396] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.439710] ^ [ 15.439929] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.440251] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.440510] ================================================================== [ 15.033340] ================================================================== [ 15.033657] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 15.034304] Write of size 8 at addr ffff8881031c4530 by task kunit_try_catch/283 [ 15.034845] [ 15.034958] CPU: 0 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 15.035162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.035178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.035203] Call Trace: [ 15.035220] <TASK> [ 15.035239] dump_stack_lvl+0x73/0xb0 [ 15.035270] print_report+0xd1/0x650 [ 15.035293] ? __virt_addr_valid+0x1db/0x2d0 [ 15.035317] ? kasan_atomics_helper+0x1818/0x5450 [ 15.035339] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.035363] ? kasan_atomics_helper+0x1818/0x5450 [ 15.035386] kasan_report+0x141/0x180 [ 15.035410] ? kasan_atomics_helper+0x1818/0x5450 [ 15.035438] kasan_check_range+0x10c/0x1c0 [ 15.035477] __kasan_check_write+0x18/0x20 [ 15.035499] kasan_atomics_helper+0x1818/0x5450 [ 15.035522] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.035546] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.035571] ? kasan_atomics+0x152/0x310 [ 15.035600] kasan_atomics+0x1dc/0x310 [ 15.035624] ? __pfx_kasan_atomics+0x10/0x10 [ 15.035650] ? __pfx_read_tsc+0x10/0x10 [ 15.035695] ? ktime_get_ts64+0x86/0x230 [ 15.035720] kunit_try_run_case+0x1a5/0x480 [ 15.035745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.035769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.035793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.035818] ? __kthread_parkme+0x82/0x180 [ 15.035840] ? preempt_count_sub+0x50/0x80 [ 15.035863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.035888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.035913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.035937] kthread+0x337/0x6f0 [ 15.035959] ? trace_preempt_on+0x20/0xc0 [ 15.035982] ? __pfx_kthread+0x10/0x10 [ 15.036005] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.036027] ? calculate_sigpending+0x7b/0xa0 [ 15.036052] ? __pfx_kthread+0x10/0x10 [ 15.036074] ret_from_fork+0x116/0x1d0 [ 15.036094] ? __pfx_kthread+0x10/0x10 [ 15.036116] ret_from_fork_asm+0x1a/0x30 [ 15.036148] </TASK> [ 15.036161] [ 15.045461] Allocated by task 283: [ 15.045604] kasan_save_stack+0x45/0x70 [ 15.046249] kasan_save_track+0x18/0x40 [ 15.046436] kasan_save_alloc_info+0x3b/0x50 [ 15.046606] __kasan_kmalloc+0xb7/0xc0 [ 15.046957] __kmalloc_cache_noprof+0x189/0x420 [ 15.047287] kasan_atomics+0x95/0x310 [ 15.047533] kunit_try_run_case+0x1a5/0x480 [ 15.047866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.048172] kthread+0x337/0x6f0 [ 15.048300] ret_from_fork+0x116/0x1d0 [ 15.048620] ret_from_fork_asm+0x1a/0x30 [ 15.048784] [ 15.049005] The buggy address belongs to the object at ffff8881031c4500 [ 15.049005] which belongs to the cache kmalloc-64 of size 64 [ 15.049477] The buggy address is located 0 bytes to the right of [ 15.049477] allocated 48-byte region [ffff8881031c4500, ffff8881031c4530) [ 15.050155] [ 15.050327] The buggy address belongs to the physical page: [ 15.050697] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c4 [ 15.051102] flags: 0x200000000000000(node=0|zone=2) [ 15.051297] page_type: f5(slab) [ 15.051593] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.052018] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.052445] page dumped because: kasan: bad access detected [ 15.052820] [ 15.052922] Memory state around the buggy address: [ 15.053223] ffff8881031c4400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.053553] ffff8881031c4480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.054049] >ffff8881031c4500: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.054344] ^ [ 15.054668] ffff8881031c4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.054993] ffff8881031c4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.055282] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.876165] ================================================================== [ 13.876715] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.877054] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.877443] [ 13.877580] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.877625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.877636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.877658] Call Trace: [ 13.877673] <TASK> [ 13.877691] dump_stack_lvl+0x73/0xb0 [ 13.877717] print_report+0xd1/0x650 [ 13.877740] ? __virt_addr_valid+0x1db/0x2d0 [ 13.877761] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.877787] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.877809] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.877835] kasan_report+0x141/0x180 [ 13.877856] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.877887] kasan_check_range+0x10c/0x1c0 [ 13.877911] __kasan_check_write+0x18/0x20 [ 13.877929] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.877956] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.877983] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.878007] ? trace_hardirqs_on+0x37/0xe0 [ 13.878028] ? kasan_bitops_generic+0x92/0x1c0 [ 13.878056] kasan_bitops_generic+0x121/0x1c0 [ 13.878078] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.878101] ? __pfx_read_tsc+0x10/0x10 [ 13.878121] ? ktime_get_ts64+0x86/0x230 [ 13.878145] kunit_try_run_case+0x1a5/0x480 [ 13.878167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.878189] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.878226] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.878249] ? __kthread_parkme+0x82/0x180 [ 13.878268] ? preempt_count_sub+0x50/0x80 [ 13.878292] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.878314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.878337] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.878359] kthread+0x337/0x6f0 [ 13.878378] ? trace_preempt_on+0x20/0xc0 [ 13.878400] ? __pfx_kthread+0x10/0x10 [ 13.878421] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.878441] ? calculate_sigpending+0x7b/0xa0 [ 13.878474] ? __pfx_kthread+0x10/0x10 [ 13.878494] ret_from_fork+0x116/0x1d0 [ 13.878512] ? __pfx_kthread+0x10/0x10 [ 13.878532] ret_from_fork_asm+0x1a/0x30 [ 13.878562] </TASK> [ 13.878573] [ 13.886685] Allocated by task 279: [ 13.886888] kasan_save_stack+0x45/0x70 [ 13.887111] kasan_save_track+0x18/0x40 [ 13.887305] kasan_save_alloc_info+0x3b/0x50 [ 13.887528] __kasan_kmalloc+0xb7/0xc0 [ 13.887667] __kmalloc_cache_noprof+0x189/0x420 [ 13.888144] kasan_bitops_generic+0x92/0x1c0 [ 13.888307] kunit_try_run_case+0x1a5/0x480 [ 13.888469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.888913] kthread+0x337/0x6f0 [ 13.889086] ret_from_fork+0x116/0x1d0 [ 13.889408] ret_from_fork_asm+0x1a/0x30 [ 13.889591] [ 13.889699] The buggy address belongs to the object at ffff88810274c280 [ 13.889699] which belongs to the cache kmalloc-16 of size 16 [ 13.890130] The buggy address is located 8 bytes inside of [ 13.890130] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.890615] [ 13.890716] The buggy address belongs to the physical page: [ 13.891116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.891667] flags: 0x200000000000000(node=0|zone=2) [ 13.891877] page_type: f5(slab) [ 13.892036] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.892294] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.892653] page dumped because: kasan: bad access detected [ 13.892991] [ 13.893083] Memory state around the buggy address: [ 13.893367] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.893626] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.894166] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.894380] ^ [ 13.894588] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.895205] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.895489] ================================================================== [ 13.957999] ================================================================== [ 13.958419] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.958894] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.959189] [ 13.959327] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.959371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.959383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.959404] Call Trace: [ 13.959420] <TASK> [ 13.959435] dump_stack_lvl+0x73/0xb0 [ 13.959486] print_report+0xd1/0x650 [ 13.959507] ? __virt_addr_valid+0x1db/0x2d0 [ 13.959529] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.959556] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.959578] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.959604] kasan_report+0x141/0x180 [ 13.959626] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.959657] kasan_check_range+0x10c/0x1c0 [ 13.959680] __kasan_check_write+0x18/0x20 [ 13.959700] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.959726] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.959754] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.959777] ? trace_hardirqs_on+0x37/0xe0 [ 13.959800] ? kasan_bitops_generic+0x92/0x1c0 [ 13.959826] kasan_bitops_generic+0x121/0x1c0 [ 13.959849] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.959873] ? __pfx_read_tsc+0x10/0x10 [ 13.959893] ? ktime_get_ts64+0x86/0x230 [ 13.959917] kunit_try_run_case+0x1a5/0x480 [ 13.959940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.959962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.959984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.960006] ? __kthread_parkme+0x82/0x180 [ 13.960025] ? preempt_count_sub+0x50/0x80 [ 13.960048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.960072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.960093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.960116] kthread+0x337/0x6f0 [ 13.960135] ? trace_preempt_on+0x20/0xc0 [ 13.960156] ? __pfx_kthread+0x10/0x10 [ 13.960176] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.960373] ? calculate_sigpending+0x7b/0xa0 [ 13.960403] ? __pfx_kthread+0x10/0x10 [ 13.960426] ret_from_fork+0x116/0x1d0 [ 13.960444] ? __pfx_kthread+0x10/0x10 [ 13.960480] ret_from_fork_asm+0x1a/0x30 [ 13.960510] </TASK> [ 13.960522] [ 13.969499] Allocated by task 279: [ 13.969660] kasan_save_stack+0x45/0x70 [ 13.969835] kasan_save_track+0x18/0x40 [ 13.969986] kasan_save_alloc_info+0x3b/0x50 [ 13.970255] __kasan_kmalloc+0xb7/0xc0 [ 13.970462] __kmalloc_cache_noprof+0x189/0x420 [ 13.970661] kasan_bitops_generic+0x92/0x1c0 [ 13.970856] kunit_try_run_case+0x1a5/0x480 [ 13.971037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.971395] kthread+0x337/0x6f0 [ 13.971545] ret_from_fork+0x116/0x1d0 [ 13.971781] ret_from_fork_asm+0x1a/0x30 [ 13.971941] [ 13.972040] The buggy address belongs to the object at ffff88810274c280 [ 13.972040] which belongs to the cache kmalloc-16 of size 16 [ 13.972473] The buggy address is located 8 bytes inside of [ 13.972473] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.972822] [ 13.972892] The buggy address belongs to the physical page: [ 13.973064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.973498] flags: 0x200000000000000(node=0|zone=2) [ 13.974209] page_type: f5(slab) [ 13.974385] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.974851] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.975089] page dumped because: kasan: bad access detected [ 13.975517] [ 13.975621] Memory state around the buggy address: [ 13.975985] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.976322] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.976576] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.976792] ^ [ 13.976920] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.977609] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.977942] ================================================================== [ 14.000840] ================================================================== [ 14.001245] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.001880] Read of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 14.002260] [ 14.002378] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.002420] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.002433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.002466] Call Trace: [ 14.002483] <TASK> [ 14.002500] dump_stack_lvl+0x73/0xb0 [ 14.002528] print_report+0xd1/0x650 [ 14.002550] ? __virt_addr_valid+0x1db/0x2d0 [ 14.002570] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.002597] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.002619] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.002646] kasan_report+0x141/0x180 [ 14.002667] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.002698] kasan_check_range+0x10c/0x1c0 [ 14.002722] __kasan_check_read+0x15/0x20 [ 14.002741] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.002779] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.002806] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.002830] ? trace_hardirqs_on+0x37/0xe0 [ 14.002852] ? kasan_bitops_generic+0x92/0x1c0 [ 14.002878] kasan_bitops_generic+0x121/0x1c0 [ 14.002901] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.002926] ? __pfx_read_tsc+0x10/0x10 [ 14.002945] ? ktime_get_ts64+0x86/0x230 [ 14.002969] kunit_try_run_case+0x1a5/0x480 [ 14.002991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.003013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.003035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.003058] ? __kthread_parkme+0x82/0x180 [ 14.003077] ? preempt_count_sub+0x50/0x80 [ 14.003099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.003123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.003145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.003167] kthread+0x337/0x6f0 [ 14.003186] ? trace_preempt_on+0x20/0xc0 [ 14.003207] ? __pfx_kthread+0x10/0x10 [ 14.003227] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.003247] ? calculate_sigpending+0x7b/0xa0 [ 14.003271] ? __pfx_kthread+0x10/0x10 [ 14.003293] ret_from_fork+0x116/0x1d0 [ 14.003311] ? __pfx_kthread+0x10/0x10 [ 14.003332] ret_from_fork_asm+0x1a/0x30 [ 14.003362] </TASK> [ 14.003372] [ 14.012346] Allocated by task 279: [ 14.012549] kasan_save_stack+0x45/0x70 [ 14.012846] kasan_save_track+0x18/0x40 [ 14.013033] kasan_save_alloc_info+0x3b/0x50 [ 14.013192] __kasan_kmalloc+0xb7/0xc0 [ 14.013327] __kmalloc_cache_noprof+0x189/0x420 [ 14.013516] kasan_bitops_generic+0x92/0x1c0 [ 14.013729] kunit_try_run_case+0x1a5/0x480 [ 14.014212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.014589] kthread+0x337/0x6f0 [ 14.014719] ret_from_fork+0x116/0x1d0 [ 14.014855] ret_from_fork_asm+0x1a/0x30 [ 14.015060] [ 14.015158] The buggy address belongs to the object at ffff88810274c280 [ 14.015158] which belongs to the cache kmalloc-16 of size 16 [ 14.015811] The buggy address is located 8 bytes inside of [ 14.015811] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 14.016285] [ 14.016358] The buggy address belongs to the physical page: [ 14.016585] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 14.016942] flags: 0x200000000000000(node=0|zone=2) [ 14.017439] page_type: f5(slab) [ 14.017619] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.018019] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.018404] page dumped because: kasan: bad access detected [ 14.018659] [ 14.018813] Memory state around the buggy address: [ 14.018982] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.019379] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.019724] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.019975] ^ [ 14.020153] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.020537] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.020900] ================================================================== [ 13.846685] ================================================================== [ 13.847021] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.847473] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.848130] [ 13.848304] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.848348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.848361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.848384] Call Trace: [ 13.848401] <TASK> [ 13.848417] dump_stack_lvl+0x73/0xb0 [ 13.848446] print_report+0xd1/0x650 [ 13.848481] ? __virt_addr_valid+0x1db/0x2d0 [ 13.848503] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.848530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.848552] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.848579] kasan_report+0x141/0x180 [ 13.848602] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.848633] kasan_check_range+0x10c/0x1c0 [ 13.848656] __kasan_check_write+0x18/0x20 [ 13.848675] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.848702] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.848729] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.848752] ? trace_hardirqs_on+0x37/0xe0 [ 13.848774] ? kasan_bitops_generic+0x92/0x1c0 [ 13.848801] kasan_bitops_generic+0x121/0x1c0 [ 13.848823] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.848849] ? __pfx_read_tsc+0x10/0x10 [ 13.848869] ? ktime_get_ts64+0x86/0x230 [ 13.848891] kunit_try_run_case+0x1a5/0x480 [ 13.848914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.848935] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.848958] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.848980] ? __kthread_parkme+0x82/0x180 [ 13.848999] ? preempt_count_sub+0x50/0x80 [ 13.849023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.849045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.849067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.849090] kthread+0x337/0x6f0 [ 13.849108] ? trace_preempt_on+0x20/0xc0 [ 13.849129] ? __pfx_kthread+0x10/0x10 [ 13.849150] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.849171] ? calculate_sigpending+0x7b/0xa0 [ 13.849217] ? __pfx_kthread+0x10/0x10 [ 13.849239] ret_from_fork+0x116/0x1d0 [ 13.849256] ? __pfx_kthread+0x10/0x10 [ 13.849276] ret_from_fork_asm+0x1a/0x30 [ 13.849306] </TASK> [ 13.849317] [ 13.861114] Allocated by task 279: [ 13.861782] kasan_save_stack+0x45/0x70 [ 13.861997] kasan_save_track+0x18/0x40 [ 13.862165] kasan_save_alloc_info+0x3b/0x50 [ 13.862579] __kasan_kmalloc+0xb7/0xc0 [ 13.863034] __kmalloc_cache_noprof+0x189/0x420 [ 13.863471] kasan_bitops_generic+0x92/0x1c0 [ 13.863931] kunit_try_run_case+0x1a5/0x480 [ 13.864153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.864959] kthread+0x337/0x6f0 [ 13.865270] ret_from_fork+0x116/0x1d0 [ 13.865628] ret_from_fork_asm+0x1a/0x30 [ 13.866123] [ 13.866385] The buggy address belongs to the object at ffff88810274c280 [ 13.866385] which belongs to the cache kmalloc-16 of size 16 [ 13.867422] The buggy address is located 8 bytes inside of [ 13.867422] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.868219] [ 13.868487] The buggy address belongs to the physical page: [ 13.869009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.869697] flags: 0x200000000000000(node=0|zone=2) [ 13.869933] page_type: f5(slab) [ 13.870093] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.870718] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.871031] page dumped because: kasan: bad access detected [ 13.871522] [ 13.871785] Memory state around the buggy address: [ 13.872117] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.872619] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.873522] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.874124] ^ [ 13.874438] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.874987] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.875677] ================================================================== [ 14.021211] ================================================================== [ 14.021614] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.022126] Read of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 14.022535] [ 14.022643] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 14.022686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.022697] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.022719] Call Trace: [ 14.022733] <TASK> [ 14.022748] dump_stack_lvl+0x73/0xb0 [ 14.022775] print_report+0xd1/0x650 [ 14.022797] ? __virt_addr_valid+0x1db/0x2d0 [ 14.022818] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.022845] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.022867] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.022894] kasan_report+0x141/0x180 [ 14.022917] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.022948] __asan_report_load8_noabort+0x18/0x20 [ 14.022971] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.022998] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.023026] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.023050] ? trace_hardirqs_on+0x37/0xe0 [ 14.023071] ? kasan_bitops_generic+0x92/0x1c0 [ 14.023098] kasan_bitops_generic+0x121/0x1c0 [ 14.023121] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.023145] ? __pfx_read_tsc+0x10/0x10 [ 14.023165] ? ktime_get_ts64+0x86/0x230 [ 14.023188] kunit_try_run_case+0x1a5/0x480 [ 14.023211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.023233] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.023256] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.023277] ? __kthread_parkme+0x82/0x180 [ 14.023297] ? preempt_count_sub+0x50/0x80 [ 14.023320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.023343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.023365] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.023389] kthread+0x337/0x6f0 [ 14.023408] ? trace_preempt_on+0x20/0xc0 [ 14.023430] ? __pfx_kthread+0x10/0x10 [ 14.023463] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.023485] ? calculate_sigpending+0x7b/0xa0 [ 14.023508] ? __pfx_kthread+0x10/0x10 [ 14.023529] ret_from_fork+0x116/0x1d0 [ 14.023547] ? __pfx_kthread+0x10/0x10 [ 14.023567] ret_from_fork_asm+0x1a/0x30 [ 14.023611] </TASK> [ 14.023623] [ 14.032523] Allocated by task 279: [ 14.032671] kasan_save_stack+0x45/0x70 [ 14.032871] kasan_save_track+0x18/0x40 [ 14.033061] kasan_save_alloc_info+0x3b/0x50 [ 14.033392] __kasan_kmalloc+0xb7/0xc0 [ 14.033576] __kmalloc_cache_noprof+0x189/0x420 [ 14.033815] kasan_bitops_generic+0x92/0x1c0 [ 14.033994] kunit_try_run_case+0x1a5/0x480 [ 14.034199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.034399] kthread+0x337/0x6f0 [ 14.034706] ret_from_fork+0x116/0x1d0 [ 14.034908] ret_from_fork_asm+0x1a/0x30 [ 14.035110] [ 14.035207] The buggy address belongs to the object at ffff88810274c280 [ 14.035207] which belongs to the cache kmalloc-16 of size 16 [ 14.035636] The buggy address is located 8 bytes inside of [ 14.035636] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 14.036262] [ 14.036412] The buggy address belongs to the physical page: [ 14.036653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 14.036998] flags: 0x200000000000000(node=0|zone=2) [ 14.037168] page_type: f5(slab) [ 14.037292] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.037582] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.037917] page dumped because: kasan: bad access detected [ 14.038560] [ 14.038652] Memory state around the buggy address: [ 14.038914] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.039136] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.039657] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.039967] ^ [ 14.040207] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.040624] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.040878] ================================================================== [ 13.895888] ================================================================== [ 13.896232] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.896979] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.897413] [ 13.897544] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.897588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.897600] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.897621] Call Trace: [ 13.897636] <TASK> [ 13.897651] dump_stack_lvl+0x73/0xb0 [ 13.897680] print_report+0xd1/0x650 [ 13.897702] ? __virt_addr_valid+0x1db/0x2d0 [ 13.897724] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.897750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.897772] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.897798] kasan_report+0x141/0x180 [ 13.897820] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.897851] kasan_check_range+0x10c/0x1c0 [ 13.897874] __kasan_check_write+0x18/0x20 [ 13.897893] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.897920] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.897948] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.897972] ? trace_hardirqs_on+0x37/0xe0 [ 13.897993] ? kasan_bitops_generic+0x92/0x1c0 [ 13.898022] kasan_bitops_generic+0x121/0x1c0 [ 13.898048] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.898074] ? __pfx_read_tsc+0x10/0x10 [ 13.898095] ? ktime_get_ts64+0x86/0x230 [ 13.898118] kunit_try_run_case+0x1a5/0x480 [ 13.898141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.898162] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.898186] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.898209] ? __kthread_parkme+0x82/0x180 [ 13.898229] ? preempt_count_sub+0x50/0x80 [ 13.898252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.898275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.898297] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.898320] kthread+0x337/0x6f0 [ 13.898339] ? trace_preempt_on+0x20/0xc0 [ 13.898360] ? __pfx_kthread+0x10/0x10 [ 13.898380] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.898401] ? calculate_sigpending+0x7b/0xa0 [ 13.898423] ? __pfx_kthread+0x10/0x10 [ 13.898445] ret_from_fork+0x116/0x1d0 [ 13.898475] ? __pfx_kthread+0x10/0x10 [ 13.898495] ret_from_fork_asm+0x1a/0x30 [ 13.898526] </TASK> [ 13.898536] [ 13.907304] Allocated by task 279: [ 13.907440] kasan_save_stack+0x45/0x70 [ 13.907597] kasan_save_track+0x18/0x40 [ 13.907732] kasan_save_alloc_info+0x3b/0x50 [ 13.907882] __kasan_kmalloc+0xb7/0xc0 [ 13.908071] __kmalloc_cache_noprof+0x189/0x420 [ 13.908311] kasan_bitops_generic+0x92/0x1c0 [ 13.908531] kunit_try_run_case+0x1a5/0x480 [ 13.908788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.909279] kthread+0x337/0x6f0 [ 13.909491] ret_from_fork+0x116/0x1d0 [ 13.909691] ret_from_fork_asm+0x1a/0x30 [ 13.909891] [ 13.909988] The buggy address belongs to the object at ffff88810274c280 [ 13.909988] which belongs to the cache kmalloc-16 of size 16 [ 13.910651] The buggy address is located 8 bytes inside of [ 13.910651] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.911057] [ 13.911134] The buggy address belongs to the physical page: [ 13.911688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.912051] flags: 0x200000000000000(node=0|zone=2) [ 13.912500] page_type: f5(slab) [ 13.912663] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.912976] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.913371] page dumped because: kasan: bad access detected [ 13.913625] [ 13.913719] Memory state around the buggy address: [ 13.913947] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.914186] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.914536] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.914903] ^ [ 13.915033] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.915518] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.915864] ================================================================== [ 13.916242] ================================================================== [ 13.916518] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.916916] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.917483] [ 13.917595] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.917638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.917650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.917671] Call Trace: [ 13.917686] <TASK> [ 13.917703] dump_stack_lvl+0x73/0xb0 [ 13.917907] print_report+0xd1/0x650 [ 13.917938] ? __virt_addr_valid+0x1db/0x2d0 [ 13.917959] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.917986] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.918006] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.918034] kasan_report+0x141/0x180 [ 13.918055] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.918087] kasan_check_range+0x10c/0x1c0 [ 13.918110] __kasan_check_write+0x18/0x20 [ 13.918131] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.918158] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.918186] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.918256] ? trace_hardirqs_on+0x37/0xe0 [ 13.918277] ? kasan_bitops_generic+0x92/0x1c0 [ 13.918304] kasan_bitops_generic+0x121/0x1c0 [ 13.918327] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.918352] ? __pfx_read_tsc+0x10/0x10 [ 13.918371] ? ktime_get_ts64+0x86/0x230 [ 13.918394] kunit_try_run_case+0x1a5/0x480 [ 13.918416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.918438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.918472] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.918495] ? __kthread_parkme+0x82/0x180 [ 13.918515] ? preempt_count_sub+0x50/0x80 [ 13.918538] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.918561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.918584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.918607] kthread+0x337/0x6f0 [ 13.918625] ? trace_preempt_on+0x20/0xc0 [ 13.918647] ? __pfx_kthread+0x10/0x10 [ 13.918667] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.918702] ? calculate_sigpending+0x7b/0xa0 [ 13.918724] ? __pfx_kthread+0x10/0x10 [ 13.918746] ret_from_fork+0x116/0x1d0 [ 13.918763] ? __pfx_kthread+0x10/0x10 [ 13.918783] ret_from_fork_asm+0x1a/0x30 [ 13.918813] </TASK> [ 13.918824] [ 13.927818] Allocated by task 279: [ 13.928008] kasan_save_stack+0x45/0x70 [ 13.928278] kasan_save_track+0x18/0x40 [ 13.928446] kasan_save_alloc_info+0x3b/0x50 [ 13.928611] __kasan_kmalloc+0xb7/0xc0 [ 13.928745] __kmalloc_cache_noprof+0x189/0x420 [ 13.928900] kasan_bitops_generic+0x92/0x1c0 [ 13.929060] kunit_try_run_case+0x1a5/0x480 [ 13.929276] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.929903] kthread+0x337/0x6f0 [ 13.930381] ret_from_fork+0x116/0x1d0 [ 13.930602] ret_from_fork_asm+0x1a/0x30 [ 13.930758] [ 13.930830] The buggy address belongs to the object at ffff88810274c280 [ 13.930830] which belongs to the cache kmalloc-16 of size 16 [ 13.931184] The buggy address is located 8 bytes inside of [ 13.931184] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.931708] [ 13.931807] The buggy address belongs to the physical page: [ 13.932204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.932568] flags: 0x200000000000000(node=0|zone=2) [ 13.932768] page_type: f5(slab) [ 13.932889] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.933121] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.933350] page dumped because: kasan: bad access detected [ 13.933793] [ 13.933889] Memory state around the buggy address: [ 13.934118] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.934437] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.934777] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.935103] ^ [ 13.935268] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.936123] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.936693] ================================================================== [ 13.937046] ================================================================== [ 13.937525] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.938012] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.938276] [ 13.938405] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.938446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.938469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.938490] Call Trace: [ 13.938502] <TASK> [ 13.938518] dump_stack_lvl+0x73/0xb0 [ 13.938544] print_report+0xd1/0x650 [ 13.938566] ? __virt_addr_valid+0x1db/0x2d0 [ 13.938589] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.938615] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.938637] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.938663] kasan_report+0x141/0x180 [ 13.938687] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.938718] kasan_check_range+0x10c/0x1c0 [ 13.938742] __kasan_check_write+0x18/0x20 [ 13.938761] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.938788] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.938815] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.938839] ? trace_hardirqs_on+0x37/0xe0 [ 13.938859] ? kasan_bitops_generic+0x92/0x1c0 [ 13.938886] kasan_bitops_generic+0x121/0x1c0 [ 13.938910] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.938934] ? __pfx_read_tsc+0x10/0x10 [ 13.938954] ? ktime_get_ts64+0x86/0x230 [ 13.938977] kunit_try_run_case+0x1a5/0x480 [ 13.939000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.939022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.939044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.939067] ? __kthread_parkme+0x82/0x180 [ 13.939087] ? preempt_count_sub+0x50/0x80 [ 13.939110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.939132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.939155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.939177] kthread+0x337/0x6f0 [ 13.939196] ? trace_preempt_on+0x20/0xc0 [ 13.939217] ? __pfx_kthread+0x10/0x10 [ 13.939237] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.939258] ? calculate_sigpending+0x7b/0xa0 [ 13.939280] ? __pfx_kthread+0x10/0x10 [ 13.939302] ret_from_fork+0x116/0x1d0 [ 13.939320] ? __pfx_kthread+0x10/0x10 [ 13.939339] ret_from_fork_asm+0x1a/0x30 [ 13.939369] </TASK> [ 13.939381] [ 13.948857] Allocated by task 279: [ 13.949016] kasan_save_stack+0x45/0x70 [ 13.949189] kasan_save_track+0x18/0x40 [ 13.949414] kasan_save_alloc_info+0x3b/0x50 [ 13.949600] __kasan_kmalloc+0xb7/0xc0 [ 13.949736] __kmalloc_cache_noprof+0x189/0x420 [ 13.950045] kasan_bitops_generic+0x92/0x1c0 [ 13.950259] kunit_try_run_case+0x1a5/0x480 [ 13.950478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.950853] kthread+0x337/0x6f0 [ 13.951000] ret_from_fork+0x116/0x1d0 [ 13.951134] ret_from_fork_asm+0x1a/0x30 [ 13.951550] [ 13.951650] The buggy address belongs to the object at ffff88810274c280 [ 13.951650] which belongs to the cache kmalloc-16 of size 16 [ 13.952161] The buggy address is located 8 bytes inside of [ 13.952161] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.952786] [ 13.952867] The buggy address belongs to the physical page: [ 13.953085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.953444] flags: 0x200000000000000(node=0|zone=2) [ 13.953690] page_type: f5(slab) [ 13.953817] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.954052] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.954279] page dumped because: kasan: bad access detected [ 13.954450] [ 13.954545] Memory state around the buggy address: [ 13.954974] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.955505] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.956024] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.956694] ^ [ 13.956888] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.957270] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.957596] ================================================================== [ 13.978407] ================================================================== [ 13.978955] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.979440] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.979689] [ 13.979775] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.979817] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.979829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.979850] Call Trace: [ 13.979868] <TASK> [ 13.979882] dump_stack_lvl+0x73/0xb0 [ 13.979909] print_report+0xd1/0x650 [ 13.979931] ? __virt_addr_valid+0x1db/0x2d0 [ 13.979953] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.979979] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.980001] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.980028] kasan_report+0x141/0x180 [ 13.980049] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.980081] kasan_check_range+0x10c/0x1c0 [ 13.980116] __kasan_check_write+0x18/0x20 [ 13.980134] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.980161] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.980189] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.980213] ? trace_hardirqs_on+0x37/0xe0 [ 13.980233] ? kasan_bitops_generic+0x92/0x1c0 [ 13.980260] kasan_bitops_generic+0x121/0x1c0 [ 13.980283] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.980307] ? __pfx_read_tsc+0x10/0x10 [ 13.980328] ? ktime_get_ts64+0x86/0x230 [ 13.980350] kunit_try_run_case+0x1a5/0x480 [ 13.980374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.980396] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.980418] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.980441] ? __kthread_parkme+0x82/0x180 [ 13.980472] ? preempt_count_sub+0x50/0x80 [ 13.980494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.980517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.980540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.980611] kthread+0x337/0x6f0 [ 13.980633] ? trace_preempt_on+0x20/0xc0 [ 13.980655] ? __pfx_kthread+0x10/0x10 [ 13.980674] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.980696] ? calculate_sigpending+0x7b/0xa0 [ 13.980719] ? __pfx_kthread+0x10/0x10 [ 13.980740] ret_from_fork+0x116/0x1d0 [ 13.980758] ? __pfx_kthread+0x10/0x10 [ 13.980779] ret_from_fork_asm+0x1a/0x30 [ 13.980808] </TASK> [ 13.980819] [ 13.991097] Allocated by task 279: [ 13.991317] kasan_save_stack+0x45/0x70 [ 13.991514] kasan_save_track+0x18/0x40 [ 13.991703] kasan_save_alloc_info+0x3b/0x50 [ 13.992327] __kasan_kmalloc+0xb7/0xc0 [ 13.992534] __kmalloc_cache_noprof+0x189/0x420 [ 13.992750] kasan_bitops_generic+0x92/0x1c0 [ 13.993115] kunit_try_run_case+0x1a5/0x480 [ 13.993524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.993788] kthread+0x337/0x6f0 [ 13.993983] ret_from_fork+0x116/0x1d0 [ 13.994248] ret_from_fork_asm+0x1a/0x30 [ 13.994619] [ 13.994771] The buggy address belongs to the object at ffff88810274c280 [ 13.994771] which belongs to the cache kmalloc-16 of size 16 [ 13.995325] The buggy address is located 8 bytes inside of [ 13.995325] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.995827] [ 13.996003] The buggy address belongs to the physical page: [ 13.996216] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.996658] flags: 0x200000000000000(node=0|zone=2) [ 13.996895] page_type: f5(slab) [ 13.997036] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.997367] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.997966] page dumped because: kasan: bad access detected [ 13.998251] [ 13.998342] Memory state around the buggy address: [ 13.998555] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.998904] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.999173] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.999551] ^ [ 13.999732] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.999989] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.000304] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.614164] ================================================================== [ 13.615234] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.616171] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.616848] [ 13.616947] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.616996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.617009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.617033] Call Trace: [ 13.617048] <TASK> [ 13.617066] dump_stack_lvl+0x73/0xb0 [ 13.617099] print_report+0xd1/0x650 [ 13.617120] ? __virt_addr_valid+0x1db/0x2d0 [ 13.617144] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617169] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.617219] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617245] kasan_report+0x141/0x180 [ 13.617266] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617297] kasan_check_range+0x10c/0x1c0 [ 13.617321] __kasan_check_write+0x18/0x20 [ 13.617340] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.617365] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.617396] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.617421] ? trace_hardirqs_on+0x37/0xe0 [ 13.617444] ? kasan_bitops_generic+0x92/0x1c0 [ 13.617481] kasan_bitops_generic+0x116/0x1c0 [ 13.617505] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.617529] ? __pfx_read_tsc+0x10/0x10 [ 13.617550] ? ktime_get_ts64+0x86/0x230 [ 13.617693] kunit_try_run_case+0x1a5/0x480 [ 13.617721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.617767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.617790] ? __kthread_parkme+0x82/0x180 [ 13.617811] ? preempt_count_sub+0x50/0x80 [ 13.617835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.617859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.617882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.617904] kthread+0x337/0x6f0 [ 13.617923] ? trace_preempt_on+0x20/0xc0 [ 13.617944] ? __pfx_kthread+0x10/0x10 [ 13.617964] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.617985] ? calculate_sigpending+0x7b/0xa0 [ 13.618009] ? __pfx_kthread+0x10/0x10 [ 13.618030] ret_from_fork+0x116/0x1d0 [ 13.618047] ? __pfx_kthread+0x10/0x10 [ 13.618068] ret_from_fork_asm+0x1a/0x30 [ 13.618098] </TASK> [ 13.618109] [ 13.630970] Allocated by task 279: [ 13.631169] kasan_save_stack+0x45/0x70 [ 13.631450] kasan_save_track+0x18/0x40 [ 13.631658] kasan_save_alloc_info+0x3b/0x50 [ 13.631861] __kasan_kmalloc+0xb7/0xc0 [ 13.632045] __kmalloc_cache_noprof+0x189/0x420 [ 13.632306] kasan_bitops_generic+0x92/0x1c0 [ 13.632525] kunit_try_run_case+0x1a5/0x480 [ 13.632677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.632873] kthread+0x337/0x6f0 [ 13.633041] ret_from_fork+0x116/0x1d0 [ 13.633297] ret_from_fork_asm+0x1a/0x30 [ 13.633514] [ 13.633612] The buggy address belongs to the object at ffff88810274c280 [ 13.633612] which belongs to the cache kmalloc-16 of size 16 [ 13.634154] The buggy address is located 8 bytes inside of [ 13.634154] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.634832] [ 13.634922] The buggy address belongs to the physical page: [ 13.635148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.635484] flags: 0x200000000000000(node=0|zone=2) [ 13.635656] page_type: f5(slab) [ 13.635829] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.636181] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.636540] page dumped because: kasan: bad access detected [ 13.636776] [ 13.636873] Memory state around the buggy address: [ 13.637100] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.637462] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.637747] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.638064] ^ [ 13.638416] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.638739] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.639058] ================================================================== [ 13.749039] ================================================================== [ 13.749548] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.750334] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.751040] [ 13.751133] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.751176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.751200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.751221] Call Trace: [ 13.751238] <TASK> [ 13.751256] dump_stack_lvl+0x73/0xb0 [ 13.751284] print_report+0xd1/0x650 [ 13.751359] ? __virt_addr_valid+0x1db/0x2d0 [ 13.751395] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.751420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.751442] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.751478] kasan_report+0x141/0x180 [ 13.751499] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.751529] kasan_check_range+0x10c/0x1c0 [ 13.751552] __kasan_check_write+0x18/0x20 [ 13.751571] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.751597] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.751624] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.751649] ? trace_hardirqs_on+0x37/0xe0 [ 13.751670] ? kasan_bitops_generic+0x92/0x1c0 [ 13.751706] kasan_bitops_generic+0x116/0x1c0 [ 13.751730] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.751755] ? __pfx_read_tsc+0x10/0x10 [ 13.751777] ? ktime_get_ts64+0x86/0x230 [ 13.751800] kunit_try_run_case+0x1a5/0x480 [ 13.751823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.751845] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.751867] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.751890] ? __kthread_parkme+0x82/0x180 [ 13.751910] ? preempt_count_sub+0x50/0x80 [ 13.751933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.751956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.751979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.752001] kthread+0x337/0x6f0 [ 13.752020] ? trace_preempt_on+0x20/0xc0 [ 13.752041] ? __pfx_kthread+0x10/0x10 [ 13.752061] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.752082] ? calculate_sigpending+0x7b/0xa0 [ 13.752104] ? __pfx_kthread+0x10/0x10 [ 13.752126] ret_from_fork+0x116/0x1d0 [ 13.752143] ? __pfx_kthread+0x10/0x10 [ 13.752163] ret_from_fork_asm+0x1a/0x30 [ 13.752357] </TASK> [ 13.752376] [ 13.767194] Allocated by task 279: [ 13.767571] kasan_save_stack+0x45/0x70 [ 13.768003] kasan_save_track+0x18/0x40 [ 13.768218] kasan_save_alloc_info+0x3b/0x50 [ 13.768647] __kasan_kmalloc+0xb7/0xc0 [ 13.769123] __kmalloc_cache_noprof+0x189/0x420 [ 13.769616] kasan_bitops_generic+0x92/0x1c0 [ 13.769822] kunit_try_run_case+0x1a5/0x480 [ 13.770073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.770637] kthread+0x337/0x6f0 [ 13.771013] ret_from_fork+0x116/0x1d0 [ 13.771248] ret_from_fork_asm+0x1a/0x30 [ 13.771669] [ 13.771933] The buggy address belongs to the object at ffff88810274c280 [ 13.771933] which belongs to the cache kmalloc-16 of size 16 [ 13.772768] The buggy address is located 8 bytes inside of [ 13.772768] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.773686] [ 13.773898] The buggy address belongs to the physical page: [ 13.774535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.774876] flags: 0x200000000000000(node=0|zone=2) [ 13.775423] page_type: f5(slab) [ 13.775819] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.776186] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.776956] page dumped because: kasan: bad access detected [ 13.777126] [ 13.777382] Memory state around the buggy address: [ 13.777769] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.777982] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.778193] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.778398] ^ [ 13.778827] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.779261] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.779834] ================================================================== [ 13.810642] ================================================================== [ 13.811373] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.812088] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.812370] [ 13.812733] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.812782] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.812794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.812816] Call Trace: [ 13.812843] <TASK> [ 13.812861] dump_stack_lvl+0x73/0xb0 [ 13.812888] print_report+0xd1/0x650 [ 13.812911] ? __virt_addr_valid+0x1db/0x2d0 [ 13.812932] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.812958] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.812980] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.813006] kasan_report+0x141/0x180 [ 13.813027] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.813057] kasan_check_range+0x10c/0x1c0 [ 13.813080] __kasan_check_write+0x18/0x20 [ 13.813100] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.813125] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.813152] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.813175] ? trace_hardirqs_on+0x37/0xe0 [ 13.813218] ? kasan_bitops_generic+0x92/0x1c0 [ 13.813247] kasan_bitops_generic+0x116/0x1c0 [ 13.813270] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.813295] ? __pfx_read_tsc+0x10/0x10 [ 13.813316] ? ktime_get_ts64+0x86/0x230 [ 13.813339] kunit_try_run_case+0x1a5/0x480 [ 13.813363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.813399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.813421] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.813444] ? __kthread_parkme+0x82/0x180 [ 13.813478] ? preempt_count_sub+0x50/0x80 [ 13.813501] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.813525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.813547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.813570] kthread+0x337/0x6f0 [ 13.813589] ? trace_preempt_on+0x20/0xc0 [ 13.813611] ? __pfx_kthread+0x10/0x10 [ 13.813631] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.813652] ? calculate_sigpending+0x7b/0xa0 [ 13.813675] ? __pfx_kthread+0x10/0x10 [ 13.813698] ret_from_fork+0x116/0x1d0 [ 13.813716] ? __pfx_kthread+0x10/0x10 [ 13.813737] ret_from_fork_asm+0x1a/0x30 [ 13.813767] </TASK> [ 13.813778] [ 13.830379] Allocated by task 279: [ 13.830941] kasan_save_stack+0x45/0x70 [ 13.831809] kasan_save_track+0x18/0x40 [ 13.832318] kasan_save_alloc_info+0x3b/0x50 [ 13.832887] __kasan_kmalloc+0xb7/0xc0 [ 13.833576] __kmalloc_cache_noprof+0x189/0x420 [ 13.834150] kasan_bitops_generic+0x92/0x1c0 [ 13.834818] kunit_try_run_case+0x1a5/0x480 [ 13.835599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.836242] kthread+0x337/0x6f0 [ 13.836552] ret_from_fork+0x116/0x1d0 [ 13.837034] ret_from_fork_asm+0x1a/0x30 [ 13.837589] [ 13.837808] The buggy address belongs to the object at ffff88810274c280 [ 13.837808] which belongs to the cache kmalloc-16 of size 16 [ 13.838938] The buggy address is located 8 bytes inside of [ 13.838938] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.839695] [ 13.839905] The buggy address belongs to the physical page: [ 13.840476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.841481] flags: 0x200000000000000(node=0|zone=2) [ 13.841659] page_type: f5(slab) [ 13.841969] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.842674] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.842907] page dumped because: kasan: bad access detected [ 13.843081] [ 13.843153] Memory state around the buggy address: [ 13.843338] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.843800] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.844104] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.845047] ^ [ 13.845368] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.845809] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.846028] ================================================================== [ 13.639564] ================================================================== [ 13.639935] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.640376] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.640696] [ 13.640820] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.640863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.640875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.640896] Call Trace: [ 13.640910] <TASK> [ 13.640927] dump_stack_lvl+0x73/0xb0 [ 13.640953] print_report+0xd1/0x650 [ 13.640975] ? __virt_addr_valid+0x1db/0x2d0 [ 13.640998] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.641022] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.641044] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.641069] kasan_report+0x141/0x180 [ 13.641091] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.641122] kasan_check_range+0x10c/0x1c0 [ 13.641145] __kasan_check_write+0x18/0x20 [ 13.641164] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.641256] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.641285] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.641308] ? trace_hardirqs_on+0x37/0xe0 [ 13.641331] ? kasan_bitops_generic+0x92/0x1c0 [ 13.641358] kasan_bitops_generic+0x116/0x1c0 [ 13.641386] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.641411] ? __pfx_read_tsc+0x10/0x10 [ 13.641431] ? ktime_get_ts64+0x86/0x230 [ 13.641465] kunit_try_run_case+0x1a5/0x480 [ 13.641489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.641512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.641535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.641557] ? __kthread_parkme+0x82/0x180 [ 13.641577] ? preempt_count_sub+0x50/0x80 [ 13.641601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.641624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.641646] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.641669] kthread+0x337/0x6f0 [ 13.641690] ? trace_preempt_on+0x20/0xc0 [ 13.641730] ? __pfx_kthread+0x10/0x10 [ 13.641750] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.641771] ? calculate_sigpending+0x7b/0xa0 [ 13.641797] ? __pfx_kthread+0x10/0x10 [ 13.641818] ret_from_fork+0x116/0x1d0 [ 13.641835] ? __pfx_kthread+0x10/0x10 [ 13.641856] ret_from_fork_asm+0x1a/0x30 [ 13.641885] </TASK> [ 13.641896] [ 13.650274] Allocated by task 279: [ 13.650435] kasan_save_stack+0x45/0x70 [ 13.650866] kasan_save_track+0x18/0x40 [ 13.651070] kasan_save_alloc_info+0x3b/0x50 [ 13.651356] __kasan_kmalloc+0xb7/0xc0 [ 13.651511] __kmalloc_cache_noprof+0x189/0x420 [ 13.651693] kasan_bitops_generic+0x92/0x1c0 [ 13.651907] kunit_try_run_case+0x1a5/0x480 [ 13.652092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.652330] kthread+0x337/0x6f0 [ 13.652468] ret_from_fork+0x116/0x1d0 [ 13.652627] ret_from_fork_asm+0x1a/0x30 [ 13.652846] [ 13.652943] The buggy address belongs to the object at ffff88810274c280 [ 13.652943] which belongs to the cache kmalloc-16 of size 16 [ 13.653553] The buggy address is located 8 bytes inside of [ 13.653553] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.654054] [ 13.654129] The buggy address belongs to the physical page: [ 13.654557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.654924] flags: 0x200000000000000(node=0|zone=2) [ 13.655167] page_type: f5(slab) [ 13.655306] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.655628] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.655920] page dumped because: kasan: bad access detected [ 13.656147] [ 13.656245] Memory state around the buggy address: [ 13.656435] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.656737] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.657092] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.657393] ^ [ 13.657584] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.657923] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.658408] ================================================================== [ 13.680143] ================================================================== [ 13.680490] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.680786] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.682097] [ 13.682549] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.682597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.682609] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.682630] Call Trace: [ 13.682643] <TASK> [ 13.682657] dump_stack_lvl+0x73/0xb0 [ 13.682739] print_report+0xd1/0x650 [ 13.682762] ? __virt_addr_valid+0x1db/0x2d0 [ 13.682891] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.682917] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.682939] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.682965] kasan_report+0x141/0x180 [ 13.682987] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.683018] kasan_check_range+0x10c/0x1c0 [ 13.683041] __kasan_check_write+0x18/0x20 [ 13.683060] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.683086] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.683114] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.683139] ? trace_hardirqs_on+0x37/0xe0 [ 13.683161] ? kasan_bitops_generic+0x92/0x1c0 [ 13.683365] kasan_bitops_generic+0x116/0x1c0 [ 13.683400] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.683426] ? __pfx_read_tsc+0x10/0x10 [ 13.683447] ? ktime_get_ts64+0x86/0x230 [ 13.683484] kunit_try_run_case+0x1a5/0x480 [ 13.683508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.683529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.683552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.683576] ? __kthread_parkme+0x82/0x180 [ 13.683596] ? preempt_count_sub+0x50/0x80 [ 13.683620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.683643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.683665] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.683690] kthread+0x337/0x6f0 [ 13.683709] ? trace_preempt_on+0x20/0xc0 [ 13.683731] ? __pfx_kthread+0x10/0x10 [ 13.683752] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.683773] ? calculate_sigpending+0x7b/0xa0 [ 13.683796] ? __pfx_kthread+0x10/0x10 [ 13.683817] ret_from_fork+0x116/0x1d0 [ 13.683835] ? __pfx_kthread+0x10/0x10 [ 13.683856] ret_from_fork_asm+0x1a/0x30 [ 13.683886] </TASK> [ 13.683898] [ 13.699715] Allocated by task 279: [ 13.700128] kasan_save_stack+0x45/0x70 [ 13.700562] kasan_save_track+0x18/0x40 [ 13.700757] kasan_save_alloc_info+0x3b/0x50 [ 13.700909] __kasan_kmalloc+0xb7/0xc0 [ 13.701044] __kmalloc_cache_noprof+0x189/0x420 [ 13.701273] kasan_bitops_generic+0x92/0x1c0 [ 13.701676] kunit_try_run_case+0x1a5/0x480 [ 13.702103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.702693] kthread+0x337/0x6f0 [ 13.703065] ret_from_fork+0x116/0x1d0 [ 13.703440] ret_from_fork_asm+0x1a/0x30 [ 13.704110] [ 13.704356] The buggy address belongs to the object at ffff88810274c280 [ 13.704356] which belongs to the cache kmalloc-16 of size 16 [ 13.705532] The buggy address is located 8 bytes inside of [ 13.705532] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.706340] [ 13.706517] The buggy address belongs to the physical page: [ 13.707037] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.707716] flags: 0x200000000000000(node=0|zone=2) [ 13.707890] page_type: f5(slab) [ 13.708016] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.708391] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.709088] page dumped because: kasan: bad access detected [ 13.709639] [ 13.709805] Memory state around the buggy address: [ 13.710402] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.711041] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.711906] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.712621] ^ [ 13.712812] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.713429] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.713662] ================================================================== [ 13.714610] ================================================================== [ 13.715587] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.716058] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.716288] [ 13.716499] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.716547] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.716559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.716581] Call Trace: [ 13.716598] <TASK> [ 13.716615] dump_stack_lvl+0x73/0xb0 [ 13.716641] print_report+0xd1/0x650 [ 13.716663] ? __virt_addr_valid+0x1db/0x2d0 [ 13.716688] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.716712] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.716735] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.716760] kasan_report+0x141/0x180 [ 13.716782] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.716812] kasan_check_range+0x10c/0x1c0 [ 13.716836] __kasan_check_write+0x18/0x20 [ 13.716854] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.716880] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.716906] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.716930] ? trace_hardirqs_on+0x37/0xe0 [ 13.716952] ? kasan_bitops_generic+0x92/0x1c0 [ 13.716979] kasan_bitops_generic+0x116/0x1c0 [ 13.717002] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.717026] ? __pfx_read_tsc+0x10/0x10 [ 13.717047] ? ktime_get_ts64+0x86/0x230 [ 13.717071] kunit_try_run_case+0x1a5/0x480 [ 13.717095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.717117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.717140] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.717163] ? __kthread_parkme+0x82/0x180 [ 13.717183] ? preempt_count_sub+0x50/0x80 [ 13.717225] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.717249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.717272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.717294] kthread+0x337/0x6f0 [ 13.717313] ? trace_preempt_on+0x20/0xc0 [ 13.717334] ? __pfx_kthread+0x10/0x10 [ 13.717355] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.717375] ? calculate_sigpending+0x7b/0xa0 [ 13.717404] ? __pfx_kthread+0x10/0x10 [ 13.717424] ret_from_fork+0x116/0x1d0 [ 13.717443] ? __pfx_kthread+0x10/0x10 [ 13.717471] ret_from_fork_asm+0x1a/0x30 [ 13.717502] </TASK> [ 13.717513] [ 13.733560] Allocated by task 279: [ 13.733752] kasan_save_stack+0x45/0x70 [ 13.734163] kasan_save_track+0x18/0x40 [ 13.734645] kasan_save_alloc_info+0x3b/0x50 [ 13.735055] __kasan_kmalloc+0xb7/0xc0 [ 13.735598] __kmalloc_cache_noprof+0x189/0x420 [ 13.736106] kasan_bitops_generic+0x92/0x1c0 [ 13.736263] kunit_try_run_case+0x1a5/0x480 [ 13.736795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.737323] kthread+0x337/0x6f0 [ 13.737469] ret_from_fork+0x116/0x1d0 [ 13.737605] ret_from_fork_asm+0x1a/0x30 [ 13.737889] [ 13.738068] The buggy address belongs to the object at ffff88810274c280 [ 13.738068] which belongs to the cache kmalloc-16 of size 16 [ 13.739486] The buggy address is located 8 bytes inside of [ 13.739486] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.740519] [ 13.740597] The buggy address belongs to the physical page: [ 13.740948] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.741798] flags: 0x200000000000000(node=0|zone=2) [ 13.742345] page_type: f5(slab) [ 13.742682] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.743379] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.743960] page dumped because: kasan: bad access detected [ 13.744177] [ 13.744342] Memory state around the buggy address: [ 13.745033] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.745487] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.746179] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.746752] ^ [ 13.747055] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.747470] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.748180] ================================================================== [ 13.780339] ================================================================== [ 13.780657] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.781058] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.781321] [ 13.781433] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.781650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.781663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.781697] Call Trace: [ 13.781708] <TASK> [ 13.781723] dump_stack_lvl+0x73/0xb0 [ 13.781752] print_report+0xd1/0x650 [ 13.781774] ? __virt_addr_valid+0x1db/0x2d0 [ 13.781796] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.781821] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.781843] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.781869] kasan_report+0x141/0x180 [ 13.781891] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.781923] kasan_check_range+0x10c/0x1c0 [ 13.781947] __kasan_check_write+0x18/0x20 [ 13.781966] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.781990] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.782016] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.782039] ? trace_hardirqs_on+0x37/0xe0 [ 13.782060] ? kasan_bitops_generic+0x92/0x1c0 [ 13.782088] kasan_bitops_generic+0x116/0x1c0 [ 13.782110] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.782135] ? __pfx_read_tsc+0x10/0x10 [ 13.782154] ? ktime_get_ts64+0x86/0x230 [ 13.782178] kunit_try_run_case+0x1a5/0x480 [ 13.782251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.782276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.782298] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.782320] ? __kthread_parkme+0x82/0x180 [ 13.782341] ? preempt_count_sub+0x50/0x80 [ 13.782363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.782386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.782410] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.782433] kthread+0x337/0x6f0 [ 13.782466] ? trace_preempt_on+0x20/0xc0 [ 13.782488] ? __pfx_kthread+0x10/0x10 [ 13.782508] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.782529] ? calculate_sigpending+0x7b/0xa0 [ 13.782551] ? __pfx_kthread+0x10/0x10 [ 13.782573] ret_from_fork+0x116/0x1d0 [ 13.782591] ? __pfx_kthread+0x10/0x10 [ 13.782611] ret_from_fork_asm+0x1a/0x30 [ 13.782641] </TASK> [ 13.782654] [ 13.795080] Allocated by task 279: [ 13.795519] kasan_save_stack+0x45/0x70 [ 13.795714] kasan_save_track+0x18/0x40 [ 13.795898] kasan_save_alloc_info+0x3b/0x50 [ 13.796475] __kasan_kmalloc+0xb7/0xc0 [ 13.796835] __kmalloc_cache_noprof+0x189/0x420 [ 13.797151] kasan_bitops_generic+0x92/0x1c0 [ 13.797774] kunit_try_run_case+0x1a5/0x480 [ 13.798329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.799013] kthread+0x337/0x6f0 [ 13.799440] ret_from_fork+0x116/0x1d0 [ 13.799843] ret_from_fork_asm+0x1a/0x30 [ 13.800118] [ 13.800348] The buggy address belongs to the object at ffff88810274c280 [ 13.800348] which belongs to the cache kmalloc-16 of size 16 [ 13.801553] The buggy address is located 8 bytes inside of [ 13.801553] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.802053] [ 13.802473] The buggy address belongs to the physical page: [ 13.803062] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.803780] flags: 0x200000000000000(node=0|zone=2) [ 13.804418] page_type: f5(slab) [ 13.804631] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.805151] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.805826] page dumped because: kasan: bad access detected [ 13.806007] [ 13.806081] Memory state around the buggy address: [ 13.806348] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.807100] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.807863] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.808730] ^ [ 13.809067] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.809314] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.809758] ================================================================== [ 13.658831] ================================================================== [ 13.659171] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.659636] Write of size 8 at addr ffff88810274c288 by task kunit_try_catch/279 [ 13.660001] [ 13.660113] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.660156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.660168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.660249] Call Trace: [ 13.660265] <TASK> [ 13.660281] dump_stack_lvl+0x73/0xb0 [ 13.660308] print_report+0xd1/0x650 [ 13.660329] ? __virt_addr_valid+0x1db/0x2d0 [ 13.660350] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.660375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.660397] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.660422] kasan_report+0x141/0x180 [ 13.660444] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.660483] kasan_check_range+0x10c/0x1c0 [ 13.660507] __kasan_check_write+0x18/0x20 [ 13.660526] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.660551] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.660577] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.660601] ? trace_hardirqs_on+0x37/0xe0 [ 13.660622] ? kasan_bitops_generic+0x92/0x1c0 [ 13.660649] kasan_bitops_generic+0x116/0x1c0 [ 13.660672] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.660696] ? __pfx_read_tsc+0x10/0x10 [ 13.660716] ? ktime_get_ts64+0x86/0x230 [ 13.660739] kunit_try_run_case+0x1a5/0x480 [ 13.660762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.660784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.660806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.660829] ? __kthread_parkme+0x82/0x180 [ 13.660849] ? preempt_count_sub+0x50/0x80 [ 13.660872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.660895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.660920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.660946] kthread+0x337/0x6f0 [ 13.660964] ? trace_preempt_on+0x20/0xc0 [ 13.660986] ? __pfx_kthread+0x10/0x10 [ 13.661006] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.661027] ? calculate_sigpending+0x7b/0xa0 [ 13.661051] ? __pfx_kthread+0x10/0x10 [ 13.661072] ret_from_fork+0x116/0x1d0 [ 13.661089] ? __pfx_kthread+0x10/0x10 [ 13.661109] ret_from_fork_asm+0x1a/0x30 [ 13.661139] </TASK> [ 13.661150] [ 13.669738] Allocated by task 279: [ 13.669916] kasan_save_stack+0x45/0x70 [ 13.670088] kasan_save_track+0x18/0x40 [ 13.670399] kasan_save_alloc_info+0x3b/0x50 [ 13.670592] __kasan_kmalloc+0xb7/0xc0 [ 13.670780] __kmalloc_cache_noprof+0x189/0x420 [ 13.671024] kasan_bitops_generic+0x92/0x1c0 [ 13.671316] kunit_try_run_case+0x1a5/0x480 [ 13.671539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.671824] kthread+0x337/0x6f0 [ 13.671977] ret_from_fork+0x116/0x1d0 [ 13.672154] ret_from_fork_asm+0x1a/0x30 [ 13.672354] [ 13.672428] The buggy address belongs to the object at ffff88810274c280 [ 13.672428] which belongs to the cache kmalloc-16 of size 16 [ 13.673001] The buggy address is located 8 bytes inside of [ 13.673001] allocated 9-byte region [ffff88810274c280, ffff88810274c289) [ 13.673534] [ 13.673626] The buggy address belongs to the physical page: [ 13.673882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 13.674174] flags: 0x200000000000000(node=0|zone=2) [ 13.674592] page_type: f5(slab) [ 13.674739] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.675089] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.675446] page dumped because: kasan: bad access detected [ 13.675705] [ 13.675801] Memory state around the buggy address: [ 13.675986] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.676362] ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.676657] >ffff88810274c280: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.676915] ^ [ 13.677039] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.677356] ffff88810274c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.677723] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.574766] ================================================================== [ 13.575966] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.576440] Read of size 1 at addr ffff8881031c3250 by task kunit_try_catch/277 [ 13.577290] [ 13.577476] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.577523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.577536] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.577560] Call Trace: [ 13.577579] <TASK> [ 13.577597] dump_stack_lvl+0x73/0xb0 [ 13.577626] print_report+0xd1/0x650 [ 13.577649] ? __virt_addr_valid+0x1db/0x2d0 [ 13.577670] ? strnlen+0x73/0x80 [ 13.577843] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.577869] ? strnlen+0x73/0x80 [ 13.577888] kasan_report+0x141/0x180 [ 13.577911] ? strnlen+0x73/0x80 [ 13.577933] __asan_report_load1_noabort+0x18/0x20 [ 13.577957] strnlen+0x73/0x80 [ 13.578010] kasan_strings+0x615/0xe80 [ 13.578032] ? trace_hardirqs_on+0x37/0xe0 [ 13.578055] ? __pfx_kasan_strings+0x10/0x10 [ 13.578076] ? finish_task_switch.isra.0+0x153/0x700 [ 13.578097] ? __switch_to+0x47/0xf50 [ 13.578122] ? __schedule+0x10cc/0x2b60 [ 13.578144] ? __pfx_read_tsc+0x10/0x10 [ 13.578165] ? ktime_get_ts64+0x86/0x230 [ 13.578188] kunit_try_run_case+0x1a5/0x480 [ 13.578276] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.578300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.578324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.578347] ? __kthread_parkme+0x82/0x180 [ 13.578366] ? preempt_count_sub+0x50/0x80 [ 13.578389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.578413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.578435] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.578471] kthread+0x337/0x6f0 [ 13.578491] ? trace_preempt_on+0x20/0xc0 [ 13.578513] ? __pfx_kthread+0x10/0x10 [ 13.578533] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.578555] ? calculate_sigpending+0x7b/0xa0 [ 13.578577] ? __pfx_kthread+0x10/0x10 [ 13.578598] ret_from_fork+0x116/0x1d0 [ 13.578616] ? __pfx_kthread+0x10/0x10 [ 13.578635] ret_from_fork_asm+0x1a/0x30 [ 13.578664] </TASK> [ 13.578677] [ 13.593212] Allocated by task 277: [ 13.593712] kasan_save_stack+0x45/0x70 [ 13.594041] kasan_save_track+0x18/0x40 [ 13.594577] kasan_save_alloc_info+0x3b/0x50 [ 13.594940] __kasan_kmalloc+0xb7/0xc0 [ 13.595126] __kmalloc_cache_noprof+0x189/0x420 [ 13.595538] kasan_strings+0xc0/0xe80 [ 13.595822] kunit_try_run_case+0x1a5/0x480 [ 13.596127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.596393] kthread+0x337/0x6f0 [ 13.596566] ret_from_fork+0x116/0x1d0 [ 13.597254] ret_from_fork_asm+0x1a/0x30 [ 13.597657] [ 13.597771] Freed by task 277: [ 13.597921] kasan_save_stack+0x45/0x70 [ 13.598104] kasan_save_track+0x18/0x40 [ 13.598645] kasan_save_free_info+0x3f/0x60 [ 13.598905] __kasan_slab_free+0x56/0x70 [ 13.599213] kfree+0x222/0x3f0 [ 13.599541] kasan_strings+0x2aa/0xe80 [ 13.599864] kunit_try_run_case+0x1a5/0x480 [ 13.600162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.600418] kthread+0x337/0x6f0 [ 13.600748] ret_from_fork+0x116/0x1d0 [ 13.601292] ret_from_fork_asm+0x1a/0x30 [ 13.601513] [ 13.601615] The buggy address belongs to the object at ffff8881031c3240 [ 13.601615] which belongs to the cache kmalloc-32 of size 32 [ 13.602594] The buggy address is located 16 bytes inside of [ 13.602594] freed 32-byte region [ffff8881031c3240, ffff8881031c3260) [ 13.603420] [ 13.603674] The buggy address belongs to the physical page: [ 13.604239] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c3 [ 13.604729] flags: 0x200000000000000(node=0|zone=2) [ 13.605085] page_type: f5(slab) [ 13.605404] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.605880] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.606403] page dumped because: kasan: bad access detected [ 13.606842] [ 13.606947] Memory state around the buggy address: [ 13.607160] ffff8881031c3100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.607748] ffff8881031c3180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.608305] >ffff8881031c3200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.608984] ^ [ 13.609463] ffff8881031c3280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.610025] ffff8881031c3300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.610820] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.535110] ================================================================== [ 13.535657] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.536093] Read of size 1 at addr ffff8881031c3250 by task kunit_try_catch/277 [ 13.536571] [ 13.536698] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.536784] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.536797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.536834] Call Trace: [ 13.536848] <TASK> [ 13.536864] dump_stack_lvl+0x73/0xb0 [ 13.536894] print_report+0xd1/0x650 [ 13.536918] ? __virt_addr_valid+0x1db/0x2d0 [ 13.536941] ? strlen+0x8f/0xb0 [ 13.536958] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.537011] ? strlen+0x8f/0xb0 [ 13.537029] kasan_report+0x141/0x180 [ 13.537051] ? strlen+0x8f/0xb0 [ 13.537085] __asan_report_load1_noabort+0x18/0x20 [ 13.537108] strlen+0x8f/0xb0 [ 13.537126] kasan_strings+0x57b/0xe80 [ 13.537146] ? trace_hardirqs_on+0x37/0xe0 [ 13.537170] ? __pfx_kasan_strings+0x10/0x10 [ 13.537190] ? finish_task_switch.isra.0+0x153/0x700 [ 13.537211] ? __switch_to+0x47/0xf50 [ 13.537236] ? __schedule+0x10cc/0x2b60 [ 13.537258] ? __pfx_read_tsc+0x10/0x10 [ 13.537277] ? ktime_get_ts64+0x86/0x230 [ 13.537301] kunit_try_run_case+0x1a5/0x480 [ 13.537326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.537348] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.537371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.537397] ? __kthread_parkme+0x82/0x180 [ 13.537526] ? preempt_count_sub+0x50/0x80 [ 13.537564] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.537588] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.537611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.537634] kthread+0x337/0x6f0 [ 13.537655] ? trace_preempt_on+0x20/0xc0 [ 13.537677] ? __pfx_kthread+0x10/0x10 [ 13.537698] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.537718] ? calculate_sigpending+0x7b/0xa0 [ 13.537741] ? __pfx_kthread+0x10/0x10 [ 13.537762] ret_from_fork+0x116/0x1d0 [ 13.537779] ? __pfx_kthread+0x10/0x10 [ 13.537799] ret_from_fork_asm+0x1a/0x30 [ 13.537829] </TASK> [ 13.537841] [ 13.551482] Allocated by task 277: [ 13.551838] kasan_save_stack+0x45/0x70 [ 13.552031] kasan_save_track+0x18/0x40 [ 13.552490] kasan_save_alloc_info+0x3b/0x50 [ 13.553046] __kasan_kmalloc+0xb7/0xc0 [ 13.553238] __kmalloc_cache_noprof+0x189/0x420 [ 13.553701] kasan_strings+0xc0/0xe80 [ 13.554061] kunit_try_run_case+0x1a5/0x480 [ 13.554531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.554921] kthread+0x337/0x6f0 [ 13.555261] ret_from_fork+0x116/0x1d0 [ 13.555565] ret_from_fork_asm+0x1a/0x30 [ 13.555720] [ 13.555793] Freed by task 277: [ 13.556102] kasan_save_stack+0x45/0x70 [ 13.556641] kasan_save_track+0x18/0x40 [ 13.556896] kasan_save_free_info+0x3f/0x60 [ 13.557357] __kasan_slab_free+0x56/0x70 [ 13.557659] kfree+0x222/0x3f0 [ 13.557923] kasan_strings+0x2aa/0xe80 [ 13.558171] kunit_try_run_case+0x1a5/0x480 [ 13.558584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.559005] kthread+0x337/0x6f0 [ 13.559130] ret_from_fork+0x116/0x1d0 [ 13.559496] ret_from_fork_asm+0x1a/0x30 [ 13.559870] [ 13.560028] The buggy address belongs to the object at ffff8881031c3240 [ 13.560028] which belongs to the cache kmalloc-32 of size 32 [ 13.562352] The buggy address is located 16 bytes inside of [ 13.562352] freed 32-byte region [ffff8881031c3240, ffff8881031c3260) [ 13.562746] [ 13.562827] The buggy address belongs to the physical page: [ 13.563002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c3 [ 13.563247] flags: 0x200000000000000(node=0|zone=2) [ 13.563410] page_type: f5(slab) [ 13.563545] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.564928] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.566426] page dumped because: kasan: bad access detected [ 13.566943] [ 13.567106] Memory state around the buggy address: [ 13.568272] ffff8881031c3100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.570074] ffff8881031c3180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.571144] >ffff8881031c3200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.571817] ^ [ 13.572368] ffff8881031c3280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.572610] ffff8881031c3300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.573577] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.511571] ================================================================== [ 13.512073] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.512500] Read of size 1 at addr ffff8881031c3250 by task kunit_try_catch/277 [ 13.512918] [ 13.513050] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.513094] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.513107] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.513127] Call Trace: [ 13.513144] <TASK> [ 13.513159] dump_stack_lvl+0x73/0xb0 [ 13.513238] print_report+0xd1/0x650 [ 13.513266] ? __virt_addr_valid+0x1db/0x2d0 [ 13.513289] ? kasan_strings+0xcbc/0xe80 [ 13.513321] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.513343] ? kasan_strings+0xcbc/0xe80 [ 13.513364] kasan_report+0x141/0x180 [ 13.513403] ? kasan_strings+0xcbc/0xe80 [ 13.513428] __asan_report_load1_noabort+0x18/0x20 [ 13.513463] kasan_strings+0xcbc/0xe80 [ 13.513482] ? trace_hardirqs_on+0x37/0xe0 [ 13.513514] ? __pfx_kasan_strings+0x10/0x10 [ 13.513534] ? finish_task_switch.isra.0+0x153/0x700 [ 13.513555] ? __switch_to+0x47/0xf50 [ 13.513590] ? __schedule+0x10cc/0x2b60 [ 13.513611] ? __pfx_read_tsc+0x10/0x10 [ 13.513632] ? ktime_get_ts64+0x86/0x230 [ 13.513655] kunit_try_run_case+0x1a5/0x480 [ 13.513679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.513701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.513723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.513745] ? __kthread_parkme+0x82/0x180 [ 13.513765] ? preempt_count_sub+0x50/0x80 [ 13.513788] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.513811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.513833] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.513856] kthread+0x337/0x6f0 [ 13.513876] ? trace_preempt_on+0x20/0xc0 [ 13.513898] ? __pfx_kthread+0x10/0x10 [ 13.513917] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.513947] ? calculate_sigpending+0x7b/0xa0 [ 13.513969] ? __pfx_kthread+0x10/0x10 [ 13.513990] ret_from_fork+0x116/0x1d0 [ 13.514019] ? __pfx_kthread+0x10/0x10 [ 13.514039] ret_from_fork_asm+0x1a/0x30 [ 13.514069] </TASK> [ 13.514080] [ 13.522236] Allocated by task 277: [ 13.522368] kasan_save_stack+0x45/0x70 [ 13.522672] kasan_save_track+0x18/0x40 [ 13.522870] kasan_save_alloc_info+0x3b/0x50 [ 13.523081] __kasan_kmalloc+0xb7/0xc0 [ 13.523266] __kmalloc_cache_noprof+0x189/0x420 [ 13.523497] kasan_strings+0xc0/0xe80 [ 13.523835] kunit_try_run_case+0x1a5/0x480 [ 13.524013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.524429] kthread+0x337/0x6f0 [ 13.524594] ret_from_fork+0x116/0x1d0 [ 13.524913] ret_from_fork_asm+0x1a/0x30 [ 13.525141] [ 13.525289] Freed by task 277: [ 13.525471] kasan_save_stack+0x45/0x70 [ 13.525668] kasan_save_track+0x18/0x40 [ 13.525854] kasan_save_free_info+0x3f/0x60 [ 13.526061] __kasan_slab_free+0x56/0x70 [ 13.526315] kfree+0x222/0x3f0 [ 13.526501] kasan_strings+0x2aa/0xe80 [ 13.526679] kunit_try_run_case+0x1a5/0x480 [ 13.526898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.527076] kthread+0x337/0x6f0 [ 13.527199] ret_from_fork+0x116/0x1d0 [ 13.527332] ret_from_fork_asm+0x1a/0x30 [ 13.527511] [ 13.527640] The buggy address belongs to the object at ffff8881031c3240 [ 13.527640] which belongs to the cache kmalloc-32 of size 32 [ 13.528595] The buggy address is located 16 bytes inside of [ 13.528595] freed 32-byte region [ffff8881031c3240, ffff8881031c3260) [ 13.529533] [ 13.529638] The buggy address belongs to the physical page: [ 13.529913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c3 [ 13.530267] flags: 0x200000000000000(node=0|zone=2) [ 13.530570] page_type: f5(slab) [ 13.530818] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.531129] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.531500] page dumped because: kasan: bad access detected [ 13.531918] [ 13.532090] Memory state around the buggy address: [ 13.532405] ffff8881031c3100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.532683] ffff8881031c3180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.532986] >ffff8881031c3200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.533618] ^ [ 13.533829] ffff8881031c3280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.534199] ffff8881031c3300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.534678] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.486291] ================================================================== [ 13.487433] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.488072] Read of size 1 at addr ffff8881031c3250 by task kunit_try_catch/277 [ 13.488325] [ 13.488526] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.488690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.488705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.488728] Call Trace: [ 13.488754] <TASK> [ 13.488771] dump_stack_lvl+0x73/0xb0 [ 13.488801] print_report+0xd1/0x650 [ 13.488839] ? __virt_addr_valid+0x1db/0x2d0 [ 13.488861] ? strcmp+0xb0/0xc0 [ 13.488881] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.488903] ? strcmp+0xb0/0xc0 [ 13.488924] kasan_report+0x141/0x180 [ 13.488946] ? strcmp+0xb0/0xc0 [ 13.488972] __asan_report_load1_noabort+0x18/0x20 [ 13.488996] strcmp+0xb0/0xc0 [ 13.489018] kasan_strings+0x431/0xe80 [ 13.489038] ? trace_hardirqs_on+0x37/0xe0 [ 13.489061] ? __pfx_kasan_strings+0x10/0x10 [ 13.489081] ? finish_task_switch.isra.0+0x153/0x700 [ 13.489102] ? __switch_to+0x47/0xf50 [ 13.489128] ? __schedule+0x10cc/0x2b60 [ 13.489150] ? __pfx_read_tsc+0x10/0x10 [ 13.489171] ? ktime_get_ts64+0x86/0x230 [ 13.489248] kunit_try_run_case+0x1a5/0x480 [ 13.489278] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.489301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.489325] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.489348] ? __kthread_parkme+0x82/0x180 [ 13.489367] ? preempt_count_sub+0x50/0x80 [ 13.489400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.489423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.489446] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.489482] kthread+0x337/0x6f0 [ 13.489501] ? trace_preempt_on+0x20/0xc0 [ 13.489522] ? __pfx_kthread+0x10/0x10 [ 13.489542] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.489562] ? calculate_sigpending+0x7b/0xa0 [ 13.489585] ? __pfx_kthread+0x10/0x10 [ 13.489607] ret_from_fork+0x116/0x1d0 [ 13.489624] ? __pfx_kthread+0x10/0x10 [ 13.489645] ret_from_fork_asm+0x1a/0x30 [ 13.489674] </TASK> [ 13.489686] [ 13.498914] Allocated by task 277: [ 13.499090] kasan_save_stack+0x45/0x70 [ 13.499404] kasan_save_track+0x18/0x40 [ 13.499643] kasan_save_alloc_info+0x3b/0x50 [ 13.499887] __kasan_kmalloc+0xb7/0xc0 [ 13.500049] __kmalloc_cache_noprof+0x189/0x420 [ 13.500541] kasan_strings+0xc0/0xe80 [ 13.500771] kunit_try_run_case+0x1a5/0x480 [ 13.500930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.501122] kthread+0x337/0x6f0 [ 13.501284] ret_from_fork+0x116/0x1d0 [ 13.501513] ret_from_fork_asm+0x1a/0x30 [ 13.501780] [ 13.501857] Freed by task 277: [ 13.501967] kasan_save_stack+0x45/0x70 [ 13.502302] kasan_save_track+0x18/0x40 [ 13.502603] kasan_save_free_info+0x3f/0x60 [ 13.502878] __kasan_slab_free+0x56/0x70 [ 13.503015] kfree+0x222/0x3f0 [ 13.503178] kasan_strings+0x2aa/0xe80 [ 13.503510] kunit_try_run_case+0x1a5/0x480 [ 13.503787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.504023] kthread+0x337/0x6f0 [ 13.504323] ret_from_fork+0x116/0x1d0 [ 13.504515] ret_from_fork_asm+0x1a/0x30 [ 13.504799] [ 13.504881] The buggy address belongs to the object at ffff8881031c3240 [ 13.504881] which belongs to the cache kmalloc-32 of size 32 [ 13.505473] The buggy address is located 16 bytes inside of [ 13.505473] freed 32-byte region [ffff8881031c3240, ffff8881031c3260) [ 13.506111] [ 13.506214] The buggy address belongs to the physical page: [ 13.506626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c3 [ 13.507009] flags: 0x200000000000000(node=0|zone=2) [ 13.507259] page_type: f5(slab) [ 13.507398] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.507870] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.508308] page dumped because: kasan: bad access detected [ 13.508638] [ 13.508766] Memory state around the buggy address: [ 13.509021] ffff8881031c3100: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.509370] ffff8881031c3180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.509768] >ffff8881031c3200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.510133] ^ [ 13.510426] ffff8881031c3280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.510772] ffff8881031c3300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.511052] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.452652] ================================================================== [ 13.453101] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.453349] Read of size 1 at addr ffff8881038e97d8 by task kunit_try_catch/275 [ 13.453957] [ 13.454054] CPU: 1 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.454100] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.454113] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.454134] Call Trace: [ 13.454146] <TASK> [ 13.454162] dump_stack_lvl+0x73/0xb0 [ 13.454189] print_report+0xd1/0x650 [ 13.454212] ? __virt_addr_valid+0x1db/0x2d0 [ 13.454235] ? memcmp+0x1b4/0x1d0 [ 13.454252] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.454274] ? memcmp+0x1b4/0x1d0 [ 13.454294] kasan_report+0x141/0x180 [ 13.454316] ? memcmp+0x1b4/0x1d0 [ 13.454338] __asan_report_load1_noabort+0x18/0x20 [ 13.454363] memcmp+0x1b4/0x1d0 [ 13.454383] kasan_memcmp+0x18f/0x390 [ 13.454404] ? trace_hardirqs_on+0x37/0xe0 [ 13.454426] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.454447] ? finish_task_switch.isra.0+0x153/0x700 [ 13.454483] ? __switch_to+0x47/0xf50 [ 13.454514] ? __pfx_read_tsc+0x10/0x10 [ 13.454534] ? ktime_get_ts64+0x86/0x230 [ 13.454558] kunit_try_run_case+0x1a5/0x480 [ 13.454582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.454604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.454627] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.454650] ? __kthread_parkme+0x82/0x180 [ 13.454671] ? preempt_count_sub+0x50/0x80 [ 13.454694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.454718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.454740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.454764] kthread+0x337/0x6f0 [ 13.454783] ? trace_preempt_on+0x20/0xc0 [ 13.454805] ? __pfx_kthread+0x10/0x10 [ 13.454825] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.454847] ? calculate_sigpending+0x7b/0xa0 [ 13.454871] ? __pfx_kthread+0x10/0x10 [ 13.454891] ret_from_fork+0x116/0x1d0 [ 13.454909] ? __pfx_kthread+0x10/0x10 [ 13.454930] ret_from_fork_asm+0x1a/0x30 [ 13.454961] </TASK> [ 13.454972] [ 13.466154] Allocated by task 275: [ 13.466575] kasan_save_stack+0x45/0x70 [ 13.466912] kasan_save_track+0x18/0x40 [ 13.467110] kasan_save_alloc_info+0x3b/0x50 [ 13.467525] __kasan_kmalloc+0xb7/0xc0 [ 13.467905] __kmalloc_cache_noprof+0x189/0x420 [ 13.468251] kasan_memcmp+0xb7/0x390 [ 13.468436] kunit_try_run_case+0x1a5/0x480 [ 13.468635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.469110] kthread+0x337/0x6f0 [ 13.469450] ret_from_fork+0x116/0x1d0 [ 13.469953] ret_from_fork_asm+0x1a/0x30 [ 13.470161] [ 13.470482] The buggy address belongs to the object at ffff8881038e97c0 [ 13.470482] which belongs to the cache kmalloc-32 of size 32 [ 13.471090] The buggy address is located 0 bytes to the right of [ 13.471090] allocated 24-byte region [ffff8881038e97c0, ffff8881038e97d8) [ 13.472302] [ 13.472560] The buggy address belongs to the physical page: [ 13.473054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e9 [ 13.473596] flags: 0x200000000000000(node=0|zone=2) [ 13.474139] page_type: f5(slab) [ 13.474411] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.475075] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.475528] page dumped because: kasan: bad access detected [ 13.475891] [ 13.475991] Memory state around the buggy address: [ 13.476400] ffff8881038e9680: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.476837] ffff8881038e9700: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.477133] >ffff8881038e9780: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.477671] ^ [ 13.478125] ffff8881038e9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.478692] ffff8881038e9880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.479012] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.429810] ================================================================== [ 13.430434] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.430779] Read of size 1 at addr ffff888102b17c4a by task kunit_try_catch/271 [ 13.431080] [ 13.431193] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.431431] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.431446] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.431483] Call Trace: [ 13.431496] <TASK> [ 13.431513] dump_stack_lvl+0x73/0xb0 [ 13.431542] print_report+0xd1/0x650 [ 13.431564] ? __virt_addr_valid+0x1db/0x2d0 [ 13.431588] ? kasan_alloca_oob_right+0x329/0x390 [ 13.431610] ? kasan_addr_to_slab+0x11/0xa0 [ 13.431630] ? kasan_alloca_oob_right+0x329/0x390 [ 13.431653] kasan_report+0x141/0x180 [ 13.431686] ? kasan_alloca_oob_right+0x329/0x390 [ 13.431714] __asan_report_load1_noabort+0x18/0x20 [ 13.431739] kasan_alloca_oob_right+0x329/0x390 [ 13.431763] ? finish_task_switch.isra.0+0x153/0x700 [ 13.431787] ? ww_mutex_unlock+0x6e/0x150 [ 13.431809] ? trace_hardirqs_on+0x37/0xe0 [ 13.431835] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.431860] ? __schedule+0x10cc/0x2b60 [ 13.431881] ? __pfx_read_tsc+0x10/0x10 [ 13.431903] ? ktime_get_ts64+0x86/0x230 [ 13.431926] kunit_try_run_case+0x1a5/0x480 [ 13.431951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.431973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.431997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.432019] ? __kthread_parkme+0x82/0x180 [ 13.432040] ? preempt_count_sub+0x50/0x80 [ 13.432063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.432087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.432109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.432133] kthread+0x337/0x6f0 [ 13.432152] ? trace_preempt_on+0x20/0xc0 [ 13.432174] ? __pfx_kthread+0x10/0x10 [ 13.432237] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.432260] ? calculate_sigpending+0x7b/0xa0 [ 13.432284] ? __pfx_kthread+0x10/0x10 [ 13.432306] ret_from_fork+0x116/0x1d0 [ 13.432325] ? __pfx_kthread+0x10/0x10 [ 13.432346] ret_from_fork_asm+0x1a/0x30 [ 13.432377] </TASK> [ 13.432388] [ 13.440138] The buggy address belongs to stack of task kunit_try_catch/271 [ 13.440944] [ 13.441054] The buggy address belongs to the physical page: [ 13.441388] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b17 [ 13.441724] flags: 0x200000000000000(node=0|zone=2) [ 13.441969] raw: 0200000000000000 0000000000000000 ffffea00040ac5c8 0000000000000000 [ 13.442257] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.442496] page dumped because: kasan: bad access detected [ 13.442705] [ 13.442799] Memory state around the buggy address: [ 13.443020] ffff888102b17b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.443479] ffff888102b17b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.443851] >ffff888102b17c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.444079] ^ [ 13.444295] ffff888102b17c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.444641] ffff888102b17d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.445039] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 13.411870] ================================================================== [ 13.412406] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.412737] Read of size 1 at addr ffff8881039e7c3f by task kunit_try_catch/269 [ 13.413131] [ 13.413248] CPU: 0 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.413291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.413305] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.413325] Call Trace: [ 13.413339] <TASK> [ 13.413355] dump_stack_lvl+0x73/0xb0 [ 13.413390] print_report+0xd1/0x650 [ 13.413411] ? __virt_addr_valid+0x1db/0x2d0 [ 13.413433] ? kasan_alloca_oob_left+0x320/0x380 [ 13.413468] ? kasan_addr_to_slab+0x11/0xa0 [ 13.413489] ? kasan_alloca_oob_left+0x320/0x380 [ 13.413511] kasan_report+0x141/0x180 [ 13.413533] ? kasan_alloca_oob_left+0x320/0x380 [ 13.413560] __asan_report_load1_noabort+0x18/0x20 [ 13.413584] kasan_alloca_oob_left+0x320/0x380 [ 13.413607] ? finish_task_switch.isra.0+0x153/0x700 [ 13.413630] ? ww_mutex_unlock+0x6e/0x150 [ 13.413652] ? trace_hardirqs_on+0x37/0xe0 [ 13.413676] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.413701] ? __schedule+0x10cc/0x2b60 [ 13.413724] ? __pfx_read_tsc+0x10/0x10 [ 13.413745] ? ktime_get_ts64+0x86/0x230 [ 13.413768] kunit_try_run_case+0x1a5/0x480 [ 13.413793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.413815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.413838] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.413861] ? __kthread_parkme+0x82/0x180 [ 13.413881] ? preempt_count_sub+0x50/0x80 [ 13.413904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.413927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.413950] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.413973] kthread+0x337/0x6f0 [ 13.413993] ? trace_preempt_on+0x20/0xc0 [ 13.414015] ? __pfx_kthread+0x10/0x10 [ 13.414048] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.414069] ? calculate_sigpending+0x7b/0xa0 [ 13.414109] ? __pfx_kthread+0x10/0x10 [ 13.414131] ret_from_fork+0x116/0x1d0 [ 13.414149] ? __pfx_kthread+0x10/0x10 [ 13.414170] ret_from_fork_asm+0x1a/0x30 [ 13.414257] </TASK> [ 13.414273] [ 13.421938] The buggy address belongs to stack of task kunit_try_catch/269 [ 13.422182] [ 13.422256] The buggy address belongs to the physical page: [ 13.422437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e7 [ 13.422971] flags: 0x200000000000000(node=0|zone=2) [ 13.423212] raw: 0200000000000000 ffffea00040e79c8 ffffea00040e79c8 0000000000000000 [ 13.423562] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.423906] page dumped because: kasan: bad access detected [ 13.424109] [ 13.424199] Memory state around the buggy address: [ 13.424424] ffff8881039e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.424789] ffff8881039e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.425069] >ffff8881039e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.425423] ^ [ 13.425679] ffff8881039e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.425972] ffff8881039e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.426326] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 13.365901] ================================================================== [ 13.366444] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 13.366960] Read of size 1 at addr ffffffffbe061e8d by task kunit_try_catch/263 [ 13.367493] [ 13.367630] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.367677] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.367689] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.367712] Call Trace: [ 13.367724] <TASK> [ 13.367741] dump_stack_lvl+0x73/0xb0 [ 13.367770] print_report+0xd1/0x650 [ 13.367792] ? __virt_addr_valid+0x1db/0x2d0 [ 13.367814] ? kasan_global_oob_right+0x286/0x2d0 [ 13.367836] ? kasan_addr_to_slab+0x11/0xa0 [ 13.367856] ? kasan_global_oob_right+0x286/0x2d0 [ 13.367878] kasan_report+0x141/0x180 [ 13.367909] ? kasan_global_oob_right+0x286/0x2d0 [ 13.367935] __asan_report_load1_noabort+0x18/0x20 [ 13.367959] kasan_global_oob_right+0x286/0x2d0 [ 13.367981] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 13.368005] ? __schedule+0x10cc/0x2b60 [ 13.368026] ? __pfx_read_tsc+0x10/0x10 [ 13.368047] ? ktime_get_ts64+0x86/0x230 [ 13.368070] kunit_try_run_case+0x1a5/0x480 [ 13.368095] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.368116] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.368140] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.368163] ? __kthread_parkme+0x82/0x180 [ 13.368183] ? preempt_count_sub+0x50/0x80 [ 13.368226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.368251] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.368274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.368297] kthread+0x337/0x6f0 [ 13.368317] ? trace_preempt_on+0x20/0xc0 [ 13.368340] ? __pfx_kthread+0x10/0x10 [ 13.368360] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.368381] ? calculate_sigpending+0x7b/0xa0 [ 13.368404] ? __pfx_kthread+0x10/0x10 [ 13.368425] ret_from_fork+0x116/0x1d0 [ 13.368443] ? __pfx_kthread+0x10/0x10 [ 13.368475] ret_from_fork_asm+0x1a/0x30 [ 13.368505] </TASK> [ 13.368516] [ 13.375541] The buggy address belongs to the variable: [ 13.375721] global_array+0xd/0x40 [ 13.375918] [ 13.376029] The buggy address belongs to the physical page: [ 13.376282] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x3a861 [ 13.377126] flags: 0x100000000002000(reserved|node=0|zone=1) [ 13.377557] raw: 0100000000002000 ffffea0000ea1848 ffffea0000ea1848 0000000000000000 [ 13.377972] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.378390] page dumped because: kasan: bad access detected [ 13.378661] [ 13.378761] Memory state around the buggy address: [ 13.378941] ffffffffbe061d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.379299] ffffffffbe061e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.379603] >ffffffffbe061e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 13.379910] ^ [ 13.380039] ffffffffbe061f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 13.380289] ffffffffbe061f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 13.380871] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 13.340876] ================================================================== [ 13.342120] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.342918] Free of addr ffff888103960001 by task kunit_try_catch/261 [ 13.343626] [ 13.343814] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.343861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.343874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.343897] Call Trace: [ 13.343910] <TASK> [ 13.343929] dump_stack_lvl+0x73/0xb0 [ 13.343959] print_report+0xd1/0x650 [ 13.343981] ? __virt_addr_valid+0x1db/0x2d0 [ 13.344006] ? kasan_addr_to_slab+0x11/0xa0 [ 13.344026] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.344052] kasan_report_invalid_free+0x10a/0x130 [ 13.344076] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.344104] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.344128] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.344152] mempool_free+0x2ec/0x380 [ 13.344175] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.344211] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.344236] ? update_curr+0x5c1/0x810 [ 13.344265] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.344290] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.344313] ? schedule+0x7c/0x2e0 [ 13.344336] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.344358] ? __pfx_mempool_kfree+0x10/0x10 [ 13.344383] ? __pfx_read_tsc+0x10/0x10 [ 13.344405] ? ktime_get_ts64+0x86/0x230 [ 13.344429] kunit_try_run_case+0x1a5/0x480 [ 13.344465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.344489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.344513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.344535] ? __kthread_parkme+0x82/0x180 [ 13.344556] ? preempt_count_sub+0x50/0x80 [ 13.344580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.344602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.344625] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.344647] kthread+0x337/0x6f0 [ 13.344667] ? trace_preempt_on+0x20/0xc0 [ 13.344690] ? __pfx_kthread+0x10/0x10 [ 13.344711] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.344732] ? calculate_sigpending+0x7b/0xa0 [ 13.344755] ? __pfx_kthread+0x10/0x10 [ 13.344776] ret_from_fork+0x116/0x1d0 [ 13.344794] ? __pfx_kthread+0x10/0x10 [ 13.344814] ret_from_fork_asm+0x1a/0x30 [ 13.344844] </TASK> [ 13.344855] [ 13.356768] The buggy address belongs to the physical page: [ 13.356996] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103960 [ 13.357534] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.357887] flags: 0x200000000000040(head|node=0|zone=2) [ 13.358164] page_type: f8(unknown) [ 13.358342] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.358593] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.359007] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.359357] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.359664] head: 0200000000000002 ffffea00040e5801 00000000ffffffff 00000000ffffffff [ 13.360022] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.360490] page dumped because: kasan: bad access detected [ 13.360744] [ 13.360844] Memory state around the buggy address: [ 13.361043] ffff88810395ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.361337] ffff88810395ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.361828] >ffff888103960000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.362170] ^ [ 13.362330] ffff888103960080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.362632] ffff888103960100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.362995] ================================================================== [ 13.299959] ================================================================== [ 13.300701] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.301031] Free of addr ffff8881031c1501 by task kunit_try_catch/259 [ 13.301236] [ 13.302359] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.302413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.302425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.302447] Call Trace: [ 13.302475] <TASK> [ 13.302491] dump_stack_lvl+0x73/0xb0 [ 13.302522] print_report+0xd1/0x650 [ 13.302547] ? __virt_addr_valid+0x1db/0x2d0 [ 13.302570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.302593] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.302619] kasan_report_invalid_free+0x10a/0x130 [ 13.302642] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.302953] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.303856] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.303958] check_slab_allocation+0x11f/0x130 [ 13.303983] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.304008] mempool_free+0x2ec/0x380 [ 13.304032] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.304058] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.304083] ? update_load_avg+0x1be/0x21b0 [ 13.304110] ? finish_task_switch.isra.0+0x153/0x700 [ 13.304135] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.304158] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.304206] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.304229] ? __pfx_mempool_kfree+0x10/0x10 [ 13.304253] ? __pfx_read_tsc+0x10/0x10 [ 13.304274] ? ktime_get_ts64+0x86/0x230 [ 13.304297] kunit_try_run_case+0x1a5/0x480 [ 13.304321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.304343] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.304366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.304389] ? __kthread_parkme+0x82/0x180 [ 13.304408] ? preempt_count_sub+0x50/0x80 [ 13.304431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.304473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.304495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.304519] kthread+0x337/0x6f0 [ 13.304538] ? trace_preempt_on+0x20/0xc0 [ 13.304561] ? __pfx_kthread+0x10/0x10 [ 13.304582] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.304603] ? calculate_sigpending+0x7b/0xa0 [ 13.304627] ? __pfx_kthread+0x10/0x10 [ 13.304649] ret_from_fork+0x116/0x1d0 [ 13.304683] ? __pfx_kthread+0x10/0x10 [ 13.304703] ret_from_fork_asm+0x1a/0x30 [ 13.304733] </TASK> [ 13.304745] [ 13.321157] Allocated by task 259: [ 13.322087] kasan_save_stack+0x45/0x70 [ 13.322647] kasan_save_track+0x18/0x40 [ 13.323104] kasan_save_alloc_info+0x3b/0x50 [ 13.323575] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.324138] remove_element+0x11e/0x190 [ 13.324751] mempool_alloc_preallocated+0x4d/0x90 [ 13.325154] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.325671] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.325969] kunit_try_run_case+0x1a5/0x480 [ 13.326119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.326367] kthread+0x337/0x6f0 [ 13.326677] ret_from_fork+0x116/0x1d0 [ 13.327058] ret_from_fork_asm+0x1a/0x30 [ 13.327511] [ 13.327696] The buggy address belongs to the object at ffff8881031c1500 [ 13.327696] which belongs to the cache kmalloc-128 of size 128 [ 13.329090] The buggy address is located 1 bytes inside of [ 13.329090] 128-byte region [ffff8881031c1500, ffff8881031c1580) [ 13.329833] [ 13.330002] The buggy address belongs to the physical page: [ 13.330535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 13.330994] flags: 0x200000000000000(node=0|zone=2) [ 13.331166] page_type: f5(slab) [ 13.331530] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.332384] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.333102] page dumped because: kasan: bad access detected [ 13.333641] [ 13.333786] Memory state around the buggy address: [ 13.334192] ffff8881031c1400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.334605] ffff8881031c1480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.335160] >ffff8881031c1500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.335911] ^ [ 13.336223] ffff8881031c1580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.336765] ffff8881031c1600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.336996] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 13.254053] ================================================================== [ 13.254667] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.254966] Free of addr ffff888102a40000 by task kunit_try_catch/255 [ 13.255264] [ 13.255438] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.255498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.255511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.255534] Call Trace: [ 13.255546] <TASK> [ 13.255563] dump_stack_lvl+0x73/0xb0 [ 13.255592] print_report+0xd1/0x650 [ 13.255613] ? __virt_addr_valid+0x1db/0x2d0 [ 13.255636] ? kasan_addr_to_slab+0x11/0xa0 [ 13.255657] ? mempool_double_free_helper+0x184/0x370 [ 13.255682] kasan_report_invalid_free+0x10a/0x130 [ 13.255706] ? mempool_double_free_helper+0x184/0x370 [ 13.255734] ? mempool_double_free_helper+0x184/0x370 [ 13.255757] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.255781] mempool_free+0x2ec/0x380 [ 13.255804] mempool_double_free_helper+0x184/0x370 [ 13.255828] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.255856] ? finish_task_switch.isra.0+0x153/0x700 [ 13.255881] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.255906] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.255934] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.255956] ? __pfx_mempool_kfree+0x10/0x10 [ 13.255981] ? __pfx_read_tsc+0x10/0x10 [ 13.256002] ? ktime_get_ts64+0x86/0x230 [ 13.256025] kunit_try_run_case+0x1a5/0x480 [ 13.256049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.256071] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.256095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.256118] ? __kthread_parkme+0x82/0x180 [ 13.256138] ? preempt_count_sub+0x50/0x80 [ 13.256161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.256183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.256255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.256278] kthread+0x337/0x6f0 [ 13.256299] ? trace_preempt_on+0x20/0xc0 [ 13.256321] ? __pfx_kthread+0x10/0x10 [ 13.256342] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.256362] ? calculate_sigpending+0x7b/0xa0 [ 13.256387] ? __pfx_kthread+0x10/0x10 [ 13.256409] ret_from_fork+0x116/0x1d0 [ 13.256428] ? __pfx_kthread+0x10/0x10 [ 13.256449] ret_from_fork_asm+0x1a/0x30 [ 13.256490] </TASK> [ 13.256502] [ 13.264988] The buggy address belongs to the physical page: [ 13.265431] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a40 [ 13.265992] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.266230] flags: 0x200000000000040(head|node=0|zone=2) [ 13.266498] page_type: f8(unknown) [ 13.266755] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.267169] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.267627] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.267954] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.268283] head: 0200000000000002 ffffea00040a9001 00000000ffffffff 00000000ffffffff [ 13.268621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.268993] page dumped because: kasan: bad access detected [ 13.269211] [ 13.269482] Memory state around the buggy address: [ 13.269676] ffff888102a3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.269990] ffff888102a3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.270206] >ffff888102a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.270574] ^ [ 13.270779] ffff888102a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.271101] ffff888102a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.271484] ================================================================== [ 13.276803] ================================================================== [ 13.277569] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.277928] Free of addr ffff888102a40000 by task kunit_try_catch/257 [ 13.278165] [ 13.278411] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.278472] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.278486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.278509] Call Trace: [ 13.278522] <TASK> [ 13.278538] dump_stack_lvl+0x73/0xb0 [ 13.278567] print_report+0xd1/0x650 [ 13.278590] ? __virt_addr_valid+0x1db/0x2d0 [ 13.278641] ? kasan_addr_to_slab+0x11/0xa0 [ 13.278663] ? mempool_double_free_helper+0x184/0x370 [ 13.278697] kasan_report_invalid_free+0x10a/0x130 [ 13.278722] ? mempool_double_free_helper+0x184/0x370 [ 13.278764] ? mempool_double_free_helper+0x184/0x370 [ 13.278789] __kasan_mempool_poison_pages+0x115/0x130 [ 13.278814] mempool_free+0x290/0x380 [ 13.278852] mempool_double_free_helper+0x184/0x370 [ 13.278876] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.278904] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.278926] ? finish_task_switch.isra.0+0x153/0x700 [ 13.278951] mempool_page_alloc_double_free+0xe8/0x140 [ 13.278978] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.279003] ? __kasan_check_write+0x18/0x20 [ 13.279025] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.279044] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.279067] ? __pfx_read_tsc+0x10/0x10 [ 13.279088] ? ktime_get_ts64+0x86/0x230 [ 13.279108] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.279135] kunit_try_run_case+0x1a5/0x480 [ 13.279160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.279184] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.279277] ? __kthread_parkme+0x82/0x180 [ 13.279299] ? preempt_count_sub+0x50/0x80 [ 13.279322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.279346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.279369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.279392] kthread+0x337/0x6f0 [ 13.279412] ? trace_preempt_on+0x20/0xc0 [ 13.279435] ? __pfx_kthread+0x10/0x10 [ 13.279468] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.279489] ? calculate_sigpending+0x7b/0xa0 [ 13.279513] ? __pfx_kthread+0x10/0x10 [ 13.279535] ret_from_fork+0x116/0x1d0 [ 13.279553] ? __pfx_kthread+0x10/0x10 [ 13.279574] ret_from_fork_asm+0x1a/0x30 [ 13.279605] </TASK> [ 13.279616] [ 13.290019] The buggy address belongs to the physical page: [ 13.290394] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a40 [ 13.290857] flags: 0x200000000000000(node=0|zone=2) [ 13.291090] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.291492] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.291975] page dumped because: kasan: bad access detected [ 13.292568] [ 13.292677] Memory state around the buggy address: [ 13.292875] ffff888102a3ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.293123] ffff888102a3ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.293750] >ffff888102a40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.294266] ^ [ 13.294405] ffff888102a40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.294845] ffff888102a40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.295248] ================================================================== [ 13.225955] ================================================================== [ 13.226504] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.226783] Free of addr ffff8881031c1100 by task kunit_try_catch/253 [ 13.227447] [ 13.227659] CPU: 0 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.227705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.227718] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.227741] Call Trace: [ 13.227755] <TASK> [ 13.227772] dump_stack_lvl+0x73/0xb0 [ 13.227803] print_report+0xd1/0x650 [ 13.227826] ? __virt_addr_valid+0x1db/0x2d0 [ 13.227851] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.227874] ? mempool_double_free_helper+0x184/0x370 [ 13.227910] kasan_report_invalid_free+0x10a/0x130 [ 13.227934] ? mempool_double_free_helper+0x184/0x370 [ 13.227960] ? mempool_double_free_helper+0x184/0x370 [ 13.227983] ? mempool_double_free_helper+0x184/0x370 [ 13.228005] check_slab_allocation+0x101/0x130 [ 13.228027] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.228052] mempool_free+0x2ec/0x380 [ 13.228075] mempool_double_free_helper+0x184/0x370 [ 13.228099] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.228122] ? update_load_avg+0x1be/0x21b0 [ 13.228146] ? dequeue_entities+0x27e/0x1740 [ 13.228172] ? finish_task_switch.isra.0+0x153/0x700 [ 13.228198] mempool_kmalloc_double_free+0xed/0x140 [ 13.228238] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.228267] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.228290] ? __pfx_mempool_kfree+0x10/0x10 [ 13.228316] ? __pfx_read_tsc+0x10/0x10 [ 13.228337] ? ktime_get_ts64+0x86/0x230 [ 13.228363] kunit_try_run_case+0x1a5/0x480 [ 13.228388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.228411] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.228435] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.228470] ? __kthread_parkme+0x82/0x180 [ 13.228492] ? preempt_count_sub+0x50/0x80 [ 13.228516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.228540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.228563] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.228587] kthread+0x337/0x6f0 [ 13.228606] ? trace_preempt_on+0x20/0xc0 [ 13.228630] ? __pfx_kthread+0x10/0x10 [ 13.228651] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.228672] ? calculate_sigpending+0x7b/0xa0 [ 13.228697] ? __pfx_kthread+0x10/0x10 [ 13.228719] ret_from_fork+0x116/0x1d0 [ 13.228738] ? __pfx_kthread+0x10/0x10 [ 13.228759] ret_from_fork_asm+0x1a/0x30 [ 13.228791] </TASK> [ 13.228804] [ 13.238373] Allocated by task 253: [ 13.238587] kasan_save_stack+0x45/0x70 [ 13.238912] kasan_save_track+0x18/0x40 [ 13.239092] kasan_save_alloc_info+0x3b/0x50 [ 13.239391] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.239618] remove_element+0x11e/0x190 [ 13.239758] mempool_alloc_preallocated+0x4d/0x90 [ 13.239915] mempool_double_free_helper+0x8a/0x370 [ 13.240115] mempool_kmalloc_double_free+0xed/0x140 [ 13.240503] kunit_try_run_case+0x1a5/0x480 [ 13.240787] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.241028] kthread+0x337/0x6f0 [ 13.241152] ret_from_fork+0x116/0x1d0 [ 13.241512] ret_from_fork_asm+0x1a/0x30 [ 13.241702] [ 13.241811] Freed by task 253: [ 13.241974] kasan_save_stack+0x45/0x70 [ 13.242150] kasan_save_track+0x18/0x40 [ 13.242318] kasan_save_free_info+0x3f/0x60 [ 13.242523] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.242787] mempool_free+0x2ec/0x380 [ 13.242955] mempool_double_free_helper+0x109/0x370 [ 13.243173] mempool_kmalloc_double_free+0xed/0x140 [ 13.243342] kunit_try_run_case+0x1a5/0x480 [ 13.243512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.243764] kthread+0x337/0x6f0 [ 13.244022] ret_from_fork+0x116/0x1d0 [ 13.244297] ret_from_fork_asm+0x1a/0x30 [ 13.244562] [ 13.244638] The buggy address belongs to the object at ffff8881031c1100 [ 13.244638] which belongs to the cache kmalloc-128 of size 128 [ 13.245291] The buggy address is located 0 bytes inside of [ 13.245291] 128-byte region [ffff8881031c1100, ffff8881031c1180) [ 13.245771] [ 13.245847] The buggy address belongs to the physical page: [ 13.246248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031c1 [ 13.246633] flags: 0x200000000000000(node=0|zone=2) [ 13.246850] page_type: f5(slab) [ 13.247041] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.247288] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.247638] page dumped because: kasan: bad access detected [ 13.247918] [ 13.247995] Memory state around the buggy address: [ 13.248346] ffff8881031c1000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.248693] ffff8881031c1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.248968] >ffff8881031c1100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.249184] ^ [ 13.249301] ffff8881031c1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.249559] ffff8881031c1200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.249874] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 13.136378] ================================================================== [ 13.136921] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.137211] Read of size 1 at addr ffff88810395c000 by task kunit_try_catch/247 [ 13.137665] [ 13.137774] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.137819] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.137832] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.137854] Call Trace: [ 13.137866] <TASK> [ 13.137883] dump_stack_lvl+0x73/0xb0 [ 13.137912] print_report+0xd1/0x650 [ 13.137934] ? __virt_addr_valid+0x1db/0x2d0 [ 13.137958] ? mempool_uaf_helper+0x392/0x400 [ 13.137980] ? kasan_addr_to_slab+0x11/0xa0 [ 13.138002] ? mempool_uaf_helper+0x392/0x400 [ 13.138025] kasan_report+0x141/0x180 [ 13.138048] ? mempool_uaf_helper+0x392/0x400 [ 13.138075] __asan_report_load1_noabort+0x18/0x20 [ 13.138099] mempool_uaf_helper+0x392/0x400 [ 13.138123] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.138144] ? update_load_avg+0x1be/0x21b0 [ 13.138167] ? update_load_avg+0x1be/0x21b0 [ 13.138187] ? update_curr+0x80/0x810 [ 13.138210] ? finish_task_switch.isra.0+0x153/0x700 [ 13.138235] mempool_kmalloc_large_uaf+0xef/0x140 [ 13.138327] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 13.138357] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.138382] ? __pfx_mempool_kfree+0x10/0x10 [ 13.138407] ? __pfx_read_tsc+0x10/0x10 [ 13.138428] ? ktime_get_ts64+0x86/0x230 [ 13.138463] kunit_try_run_case+0x1a5/0x480 [ 13.138488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.138512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.138535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.138558] ? __kthread_parkme+0x82/0x180 [ 13.138579] ? preempt_count_sub+0x50/0x80 [ 13.138602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.138625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.138649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.138672] kthread+0x337/0x6f0 [ 13.138691] ? trace_preempt_on+0x20/0xc0 [ 13.138713] ? __pfx_kthread+0x10/0x10 [ 13.138734] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.138755] ? calculate_sigpending+0x7b/0xa0 [ 13.138779] ? __pfx_kthread+0x10/0x10 [ 13.138801] ret_from_fork+0x116/0x1d0 [ 13.138819] ? __pfx_kthread+0x10/0x10 [ 13.138839] ret_from_fork_asm+0x1a/0x30 [ 13.138870] </TASK> [ 13.138882] [ 13.147602] The buggy address belongs to the physical page: [ 13.148542] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10395c [ 13.149174] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.149428] flags: 0x200000000000040(head|node=0|zone=2) [ 13.150157] page_type: f8(unknown) [ 13.150440] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.151211] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.151449] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.151713] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.152590] head: 0200000000000002 ffffea00040e5701 00000000ffffffff 00000000ffffffff [ 13.153485] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.154170] page dumped because: kasan: bad access detected [ 13.154785] [ 13.155059] Memory state around the buggy address: [ 13.155478] ffff88810395bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.155919] ffff88810395bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.156598] >ffff88810395c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.157246] ^ [ 13.157449] ffff88810395c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.158180] ffff88810395c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.158668] ================================================================== [ 13.204860] ================================================================== [ 13.205590] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.206189] Read of size 1 at addr ffff888103960000 by task kunit_try_catch/251 [ 13.206689] [ 13.206811] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.206858] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.206871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.206894] Call Trace: [ 13.206907] <TASK> [ 13.206923] dump_stack_lvl+0x73/0xb0 [ 13.206953] print_report+0xd1/0x650 [ 13.206975] ? __virt_addr_valid+0x1db/0x2d0 [ 13.206997] ? mempool_uaf_helper+0x392/0x400 [ 13.207019] ? kasan_addr_to_slab+0x11/0xa0 [ 13.207040] ? mempool_uaf_helper+0x392/0x400 [ 13.207062] kasan_report+0x141/0x180 [ 13.207084] ? mempool_uaf_helper+0x392/0x400 [ 13.207111] __asan_report_load1_noabort+0x18/0x20 [ 13.207135] mempool_uaf_helper+0x392/0x400 [ 13.207158] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.207181] ? __kasan_check_write+0x18/0x20 [ 13.207201] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.207222] ? finish_task_switch.isra.0+0x153/0x700 [ 13.207247] mempool_page_alloc_uaf+0xed/0x140 [ 13.207289] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 13.207316] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.207336] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.207359] ? __pfx_read_tsc+0x10/0x10 [ 13.207380] ? ktime_get_ts64+0x86/0x230 [ 13.207403] kunit_try_run_case+0x1a5/0x480 [ 13.207428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.207450] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.207485] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.207508] ? __kthread_parkme+0x82/0x180 [ 13.207528] ? preempt_count_sub+0x50/0x80 [ 13.207551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.207575] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.207598] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.207621] kthread+0x337/0x6f0 [ 13.207640] ? trace_preempt_on+0x20/0xc0 [ 13.207663] ? __pfx_kthread+0x10/0x10 [ 13.207732] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.207754] ? calculate_sigpending+0x7b/0xa0 [ 13.207778] ? __pfx_kthread+0x10/0x10 [ 13.207801] ret_from_fork+0x116/0x1d0 [ 13.207818] ? __pfx_kthread+0x10/0x10 [ 13.207838] ret_from_fork_asm+0x1a/0x30 [ 13.207869] </TASK> [ 13.207881] [ 13.218086] The buggy address belongs to the physical page: [ 13.218440] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103960 [ 13.218800] flags: 0x200000000000000(node=0|zone=2) [ 13.218984] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.219378] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.219647] page dumped because: kasan: bad access detected [ 13.219818] [ 13.219913] Memory state around the buggy address: [ 13.220134] ffff88810395ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.220537] ffff88810395ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.220896] >ffff888103960000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.221188] ^ [ 13.221414] ffff888103960080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.221702] ffff888103960100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.222078] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 13.109422] ================================================================== [ 13.109899] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.110255] Read of size 1 at addr ffff8881031a0d00 by task kunit_try_catch/245 [ 13.111064] [ 13.111195] CPU: 0 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.111244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.111257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.111280] Call Trace: [ 13.111292] <TASK> [ 13.111307] dump_stack_lvl+0x73/0xb0 [ 13.111338] print_report+0xd1/0x650 [ 13.111360] ? __virt_addr_valid+0x1db/0x2d0 [ 13.111383] ? mempool_uaf_helper+0x392/0x400 [ 13.111405] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.111428] ? mempool_uaf_helper+0x392/0x400 [ 13.111450] kasan_report+0x141/0x180 [ 13.111487] ? mempool_uaf_helper+0x392/0x400 [ 13.111514] __asan_report_load1_noabort+0x18/0x20 [ 13.111538] mempool_uaf_helper+0x392/0x400 [ 13.111561] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.111582] ? update_load_avg+0x1be/0x21b0 [ 13.111606] ? update_load_avg+0x1be/0x21b0 [ 13.111627] ? update_curr+0x80/0x810 [ 13.111649] ? finish_task_switch.isra.0+0x153/0x700 [ 13.111674] mempool_kmalloc_uaf+0xef/0x140 [ 13.111697] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 13.111722] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.111746] ? __pfx_mempool_kfree+0x10/0x10 [ 13.111772] ? __pfx_read_tsc+0x10/0x10 [ 13.111792] ? ktime_get_ts64+0x86/0x230 [ 13.111817] kunit_try_run_case+0x1a5/0x480 [ 13.111840] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.111862] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.111886] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.111911] ? __kthread_parkme+0x82/0x180 [ 13.111941] ? preempt_count_sub+0x50/0x80 [ 13.111964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.112012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.112035] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.112058] kthread+0x337/0x6f0 [ 13.112077] ? trace_preempt_on+0x20/0xc0 [ 13.112100] ? __pfx_kthread+0x10/0x10 [ 13.112121] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.112141] ? calculate_sigpending+0x7b/0xa0 [ 13.112166] ? __pfx_kthread+0x10/0x10 [ 13.112188] ret_from_fork+0x116/0x1d0 [ 13.112205] ? __pfx_kthread+0x10/0x10 [ 13.112226] ret_from_fork_asm+0x1a/0x30 [ 13.112257] </TASK> [ 13.112268] [ 13.121175] Allocated by task 245: [ 13.121386] kasan_save_stack+0x45/0x70 [ 13.121612] kasan_save_track+0x18/0x40 [ 13.121947] kasan_save_alloc_info+0x3b/0x50 [ 13.122162] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.122435] remove_element+0x11e/0x190 [ 13.122591] mempool_alloc_preallocated+0x4d/0x90 [ 13.122749] mempool_uaf_helper+0x96/0x400 [ 13.122900] mempool_kmalloc_uaf+0xef/0x140 [ 13.123121] kunit_try_run_case+0x1a5/0x480 [ 13.123328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.123751] kthread+0x337/0x6f0 [ 13.123875] ret_from_fork+0x116/0x1d0 [ 13.124008] ret_from_fork_asm+0x1a/0x30 [ 13.124147] [ 13.124219] Freed by task 245: [ 13.124483] kasan_save_stack+0x45/0x70 [ 13.124682] kasan_save_track+0x18/0x40 [ 13.124880] kasan_save_free_info+0x3f/0x60 [ 13.125391] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.125664] mempool_free+0x2ec/0x380 [ 13.125867] mempool_uaf_helper+0x11a/0x400 [ 13.126032] mempool_kmalloc_uaf+0xef/0x140 [ 13.126242] kunit_try_run_case+0x1a5/0x480 [ 13.126643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.126876] kthread+0x337/0x6f0 [ 13.127052] ret_from_fork+0x116/0x1d0 [ 13.127197] ret_from_fork_asm+0x1a/0x30 [ 13.127466] [ 13.127559] The buggy address belongs to the object at ffff8881031a0d00 [ 13.127559] which belongs to the cache kmalloc-128 of size 128 [ 13.127921] The buggy address is located 0 bytes inside of [ 13.127921] freed 128-byte region [ffff8881031a0d00, ffff8881031a0d80) [ 13.128738] [ 13.128943] The buggy address belongs to the physical page: [ 13.129325] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 13.129739] flags: 0x200000000000000(node=0|zone=2) [ 13.129957] page_type: f5(slab) [ 13.130109] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.130466] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.130817] page dumped because: kasan: bad access detected [ 13.130995] [ 13.131067] Memory state around the buggy address: [ 13.131437] ffff8881031a0c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.131743] ffff8881031a0c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.132048] >ffff8881031a0d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.132420] ^ [ 13.132595] ffff8881031a0d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.132937] ffff8881031a0e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.133153] ================================================================== [ 13.162342] ================================================================== [ 13.163656] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.164133] Read of size 1 at addr ffff8881031bf240 by task kunit_try_catch/249 [ 13.164792] [ 13.164909] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.164989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.165002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.165108] Call Trace: [ 13.165125] <TASK> [ 13.165142] dump_stack_lvl+0x73/0xb0 [ 13.165172] print_report+0xd1/0x650 [ 13.165373] ? __virt_addr_valid+0x1db/0x2d0 [ 13.165408] ? mempool_uaf_helper+0x392/0x400 [ 13.165431] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.165467] ? mempool_uaf_helper+0x392/0x400 [ 13.165490] kasan_report+0x141/0x180 [ 13.165513] ? mempool_uaf_helper+0x392/0x400 [ 13.165541] __asan_report_load1_noabort+0x18/0x20 [ 13.165565] mempool_uaf_helper+0x392/0x400 [ 13.165588] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.165612] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.165634] ? finish_task_switch.isra.0+0x153/0x700 [ 13.165659] mempool_slab_uaf+0xea/0x140 [ 13.165682] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.165707] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.165727] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.165749] ? __pfx_read_tsc+0x10/0x10 [ 13.165770] ? ktime_get_ts64+0x86/0x230 [ 13.165794] kunit_try_run_case+0x1a5/0x480 [ 13.165819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.165841] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.165866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.165888] ? __kthread_parkme+0x82/0x180 [ 13.165909] ? preempt_count_sub+0x50/0x80 [ 13.165931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.165955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.165978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.166000] kthread+0x337/0x6f0 [ 13.166020] ? trace_preempt_on+0x20/0xc0 [ 13.166042] ? __pfx_kthread+0x10/0x10 [ 13.166062] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.166083] ? calculate_sigpending+0x7b/0xa0 [ 13.166106] ? __pfx_kthread+0x10/0x10 [ 13.166128] ret_from_fork+0x116/0x1d0 [ 13.166147] ? __pfx_kthread+0x10/0x10 [ 13.166168] ret_from_fork_asm+0x1a/0x30 [ 13.166218] </TASK> [ 13.166234] [ 13.178629] Allocated by task 249: [ 13.178928] kasan_save_stack+0x45/0x70 [ 13.179215] kasan_save_track+0x18/0x40 [ 13.179366] kasan_save_alloc_info+0x3b/0x50 [ 13.179745] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.180125] remove_element+0x11e/0x190 [ 13.180394] mempool_alloc_preallocated+0x4d/0x90 [ 13.180772] mempool_uaf_helper+0x96/0x400 [ 13.181102] mempool_slab_uaf+0xea/0x140 [ 13.181345] kunit_try_run_case+0x1a5/0x480 [ 13.181916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.182171] kthread+0x337/0x6f0 [ 13.182650] ret_from_fork+0x116/0x1d0 [ 13.182863] ret_from_fork_asm+0x1a/0x30 [ 13.183015] [ 13.183357] Freed by task 249: [ 13.183649] kasan_save_stack+0x45/0x70 [ 13.183931] kasan_save_track+0x18/0x40 [ 13.184173] kasan_save_free_info+0x3f/0x60 [ 13.184577] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.184979] mempool_free+0x2ec/0x380 [ 13.185483] mempool_uaf_helper+0x11a/0x400 [ 13.185698] mempool_slab_uaf+0xea/0x140 [ 13.186116] kunit_try_run_case+0x1a5/0x480 [ 13.186540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.186958] kthread+0x337/0x6f0 [ 13.187129] ret_from_fork+0x116/0x1d0 [ 13.187539] ret_from_fork_asm+0x1a/0x30 [ 13.187754] [ 13.187837] The buggy address belongs to the object at ffff8881031bf240 [ 13.187837] which belongs to the cache test_cache of size 123 [ 13.188634] The buggy address is located 0 bytes inside of [ 13.188634] freed 123-byte region [ffff8881031bf240, ffff8881031bf2bb) [ 13.189335] [ 13.189597] The buggy address belongs to the physical page: [ 13.190063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031bf [ 13.190669] flags: 0x200000000000000(node=0|zone=2) [ 13.191041] page_type: f5(slab) [ 13.191219] raw: 0200000000000000 ffff888100a55640 dead000000000122 0000000000000000 [ 13.191658] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.192134] page dumped because: kasan: bad access detected [ 13.192563] [ 13.192668] Memory state around the buggy address: [ 13.192998] ffff8881031bf100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.193680] ffff8881031bf180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.193976] >ffff8881031bf200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.194332] ^ [ 13.194741] ffff8881031bf280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.195096] ffff8881031bf300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.195532] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 13.080762] ================================================================== [ 13.081281] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.081831] Read of size 1 at addr ffff8881038e72bb by task kunit_try_catch/243 [ 13.082072] [ 13.082189] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.082233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.082245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.082268] Call Trace: [ 13.082282] <TASK> [ 13.082298] dump_stack_lvl+0x73/0xb0 [ 13.082329] print_report+0xd1/0x650 [ 13.082352] ? __virt_addr_valid+0x1db/0x2d0 [ 13.082376] ? mempool_oob_right_helper+0x318/0x380 [ 13.082400] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.082422] ? mempool_oob_right_helper+0x318/0x380 [ 13.082446] kasan_report+0x141/0x180 [ 13.082481] ? mempool_oob_right_helper+0x318/0x380 [ 13.082509] __asan_report_load1_noabort+0x18/0x20 [ 13.082532] mempool_oob_right_helper+0x318/0x380 [ 13.082556] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.082582] ? irqentry_exit+0x2a/0x60 [ 13.082603] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.082629] mempool_slab_oob_right+0xed/0x140 [ 13.082652] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.082678] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.082698] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.082719] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.082744] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.082769] kunit_try_run_case+0x1a5/0x480 [ 13.082794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.082815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.082839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.082861] ? __kthread_parkme+0x82/0x180 [ 13.082882] ? preempt_count_sub+0x50/0x80 [ 13.082905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.082929] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.082952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.082975] kthread+0x337/0x6f0 [ 13.082994] ? trace_preempt_on+0x20/0xc0 [ 13.083017] ? __pfx_kthread+0x10/0x10 [ 13.083037] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.083058] ? calculate_sigpending+0x7b/0xa0 [ 13.083082] ? __pfx_kthread+0x10/0x10 [ 13.083102] ret_from_fork+0x116/0x1d0 [ 13.083121] ? __pfx_kthread+0x10/0x10 [ 13.083141] ret_from_fork_asm+0x1a/0x30 [ 13.083172] </TASK> [ 13.083182] [ 13.091158] Allocated by task 243: [ 13.091305] kasan_save_stack+0x45/0x70 [ 13.091514] kasan_save_track+0x18/0x40 [ 13.091705] kasan_save_alloc_info+0x3b/0x50 [ 13.091876] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.092054] remove_element+0x11e/0x190 [ 13.092211] mempool_alloc_preallocated+0x4d/0x90 [ 13.092406] mempool_oob_right_helper+0x8a/0x380 [ 13.092600] mempool_slab_oob_right+0xed/0x140 [ 13.092796] kunit_try_run_case+0x1a5/0x480 [ 13.093053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.093277] kthread+0x337/0x6f0 [ 13.093437] ret_from_fork+0x116/0x1d0 [ 13.093580] ret_from_fork_asm+0x1a/0x30 [ 13.093900] [ 13.093998] The buggy address belongs to the object at ffff8881038e7240 [ 13.093998] which belongs to the cache test_cache of size 123 [ 13.094383] The buggy address is located 0 bytes to the right of [ 13.094383] allocated 123-byte region [ffff8881038e7240, ffff8881038e72bb) [ 13.094815] [ 13.094914] The buggy address belongs to the physical page: [ 13.095167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e7 [ 13.095533] flags: 0x200000000000000(node=0|zone=2) [ 13.095854] page_type: f5(slab) [ 13.096005] raw: 0200000000000000 ffff888101690a00 dead000000000122 0000000000000000 [ 13.096240] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.096522] page dumped because: kasan: bad access detected [ 13.096903] [ 13.096998] Memory state around the buggy address: [ 13.097223] ffff8881038e7180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.097557] ffff8881038e7200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.097886] >ffff8881038e7280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.098155] ^ [ 13.098355] ffff8881038e7300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.098647] ffff8881038e7380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.098994] ================================================================== [ 13.053254] ================================================================== [ 13.054594] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.055146] Read of size 1 at addr ffff88810395a001 by task kunit_try_catch/241 [ 13.055842] [ 13.056142] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.056195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.056208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.056230] Call Trace: [ 13.056244] <TASK> [ 13.056262] dump_stack_lvl+0x73/0xb0 [ 13.056294] print_report+0xd1/0x650 [ 13.056317] ? __virt_addr_valid+0x1db/0x2d0 [ 13.056341] ? mempool_oob_right_helper+0x318/0x380 [ 13.056363] ? kasan_addr_to_slab+0x11/0xa0 [ 13.056384] ? mempool_oob_right_helper+0x318/0x380 [ 13.056407] kasan_report+0x141/0x180 [ 13.056428] ? mempool_oob_right_helper+0x318/0x380 [ 13.056470] __asan_report_load1_noabort+0x18/0x20 [ 13.056494] mempool_oob_right_helper+0x318/0x380 [ 13.056518] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.056545] ? mempool_alloc_preallocated+0x5b/0x90 [ 13.056570] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.056594] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.056620] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.056643] ? __pfx_mempool_kfree+0x10/0x10 [ 13.056667] ? __pfx_read_tsc+0x10/0x10 [ 13.056689] ? ktime_get_ts64+0x86/0x230 [ 13.056714] kunit_try_run_case+0x1a5/0x480 [ 13.056738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.056760] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.056783] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.056806] ? __kthread_parkme+0x82/0x180 [ 13.056826] ? preempt_count_sub+0x50/0x80 [ 13.056850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.056873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.056895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.056918] kthread+0x337/0x6f0 [ 13.056938] ? trace_preempt_on+0x20/0xc0 [ 13.056960] ? __pfx_kthread+0x10/0x10 [ 13.056981] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.057002] ? calculate_sigpending+0x7b/0xa0 [ 13.057027] ? __pfx_kthread+0x10/0x10 [ 13.057047] ret_from_fork+0x116/0x1d0 [ 13.057066] ? __pfx_kthread+0x10/0x10 [ 13.057085] ret_from_fork_asm+0x1a/0x30 [ 13.057117] </TASK> [ 13.057128] [ 13.067077] The buggy address belongs to the physical page: [ 13.067705] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 13.068665] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.069192] flags: 0x200000000000040(head|node=0|zone=2) [ 13.069594] page_type: f8(unknown) [ 13.069797] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.070111] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.070585] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.070908] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.071195] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 13.071553] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.071900] page dumped because: kasan: bad access detected [ 13.072137] [ 13.072226] Memory state around the buggy address: [ 13.072427] ffff888103959f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.072706] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.073093] >ffff88810395a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.073581] ^ [ 13.073792] ffff88810395a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.074107] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.074413] ================================================================== [ 13.024600] ================================================================== [ 13.025094] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.025661] Read of size 1 at addr ffff8881031a0973 by task kunit_try_catch/239 [ 13.025979] [ 13.026222] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 13.026295] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.026312] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.026352] Call Trace: [ 13.026368] <TASK> [ 13.026390] dump_stack_lvl+0x73/0xb0 [ 13.026427] print_report+0xd1/0x650 [ 13.026471] ? __virt_addr_valid+0x1db/0x2d0 [ 13.026503] ? mempool_oob_right_helper+0x318/0x380 [ 13.026532] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.026561] ? mempool_oob_right_helper+0x318/0x380 [ 13.026589] kasan_report+0x141/0x180 [ 13.026613] ? mempool_oob_right_helper+0x318/0x380 [ 13.026647] __asan_report_load1_noabort+0x18/0x20 [ 13.026725] mempool_oob_right_helper+0x318/0x380 [ 13.026756] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.026786] ? __kasan_check_write+0x18/0x20 [ 13.026809] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.026837] ? finish_task_switch.isra.0+0x153/0x700 [ 13.026868] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.026895] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.026927] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.026955] ? __pfx_mempool_kfree+0x10/0x10 [ 13.026983] ? __pfx_read_tsc+0x10/0x10 [ 13.027008] ? ktime_get_ts64+0x86/0x230 [ 13.027037] kunit_try_run_case+0x1a5/0x480 [ 13.027067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.027094] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.027123] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.027151] ? __kthread_parkme+0x82/0x180 [ 13.027176] ? preempt_count_sub+0x50/0x80 [ 13.027262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.027295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.027323] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.027353] kthread+0x337/0x6f0 [ 13.027374] ? trace_preempt_on+0x20/0xc0 [ 13.027401] ? __pfx_kthread+0x10/0x10 [ 13.027425] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.027450] ? calculate_sigpending+0x7b/0xa0 [ 13.027490] ? __pfx_kthread+0x10/0x10 [ 13.027515] ret_from_fork+0x116/0x1d0 [ 13.027535] ? __pfx_kthread+0x10/0x10 [ 13.027558] ret_from_fork_asm+0x1a/0x30 [ 13.027593] </TASK> [ 13.027606] [ 13.038383] Allocated by task 239: [ 13.038694] kasan_save_stack+0x45/0x70 [ 13.038971] kasan_save_track+0x18/0x40 [ 13.039154] kasan_save_alloc_info+0x3b/0x50 [ 13.039593] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.039886] remove_element+0x11e/0x190 [ 13.040068] mempool_alloc_preallocated+0x4d/0x90 [ 13.040674] mempool_oob_right_helper+0x8a/0x380 [ 13.040868] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.041662] kunit_try_run_case+0x1a5/0x480 [ 13.041833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.042018] kthread+0x337/0x6f0 [ 13.042142] ret_from_fork+0x116/0x1d0 [ 13.042280] ret_from_fork_asm+0x1a/0x30 [ 13.042422] [ 13.042605] The buggy address belongs to the object at ffff8881031a0900 [ 13.042605] which belongs to the cache kmalloc-128 of size 128 [ 13.042981] The buggy address is located 0 bytes to the right of [ 13.042981] allocated 115-byte region [ffff8881031a0900, ffff8881031a0973) [ 13.043987] [ 13.044083] The buggy address belongs to the physical page: [ 13.044265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 13.044953] flags: 0x200000000000000(node=0|zone=2) [ 13.045139] page_type: f5(slab) [ 13.045318] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.045606] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.046018] page dumped because: kasan: bad access detected [ 13.046784] [ 13.047136] Memory state around the buggy address: [ 13.047525] ffff8881031a0800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.047775] ffff8881031a0880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.048008] >ffff8881031a0900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.048233] ^ [ 13.048464] ffff8881031a0980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.048690] ffff8881031a0a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.048915] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 12.452054] ================================================================== [ 12.453193] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 12.453478] Read of size 1 at addr ffff888101690780 by task kunit_try_catch/233 [ 12.453721] [ 12.453835] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.453885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.453898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.453921] Call Trace: [ 12.453935] <TASK> [ 12.453979] dump_stack_lvl+0x73/0xb0 [ 12.454010] print_report+0xd1/0x650 [ 12.454033] ? __virt_addr_valid+0x1db/0x2d0 [ 12.454057] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.454081] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.454103] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.454127] kasan_report+0x141/0x180 [ 12.454148] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.454175] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.454200] __kasan_check_byte+0x3d/0x50 [ 12.454221] kmem_cache_destroy+0x25/0x1d0 [ 12.454244] kmem_cache_double_destroy+0x1bf/0x380 [ 12.454268] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 12.454291] ? finish_task_switch.isra.0+0x153/0x700 [ 12.454313] ? __switch_to+0x47/0xf50 [ 12.454342] ? __pfx_read_tsc+0x10/0x10 [ 12.454364] ? ktime_get_ts64+0x86/0x230 [ 12.454547] kunit_try_run_case+0x1a5/0x480 [ 12.454661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.454685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.454709] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.454732] ? __kthread_parkme+0x82/0x180 [ 12.454753] ? preempt_count_sub+0x50/0x80 [ 12.454776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.454799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.454822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.454844] kthread+0x337/0x6f0 [ 12.454864] ? trace_preempt_on+0x20/0xc0 [ 12.454886] ? __pfx_kthread+0x10/0x10 [ 12.454906] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.454927] ? calculate_sigpending+0x7b/0xa0 [ 12.454951] ? __pfx_kthread+0x10/0x10 [ 12.454973] ret_from_fork+0x116/0x1d0 [ 12.454990] ? __pfx_kthread+0x10/0x10 [ 12.455010] ret_from_fork_asm+0x1a/0x30 [ 12.455041] </TASK> [ 12.455053] [ 12.468023] Allocated by task 233: [ 12.468384] kasan_save_stack+0x45/0x70 [ 12.468699] kasan_save_track+0x18/0x40 [ 12.469093] kasan_save_alloc_info+0x3b/0x50 [ 12.469364] __kasan_slab_alloc+0x91/0xa0 [ 12.469938] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.470293] __kmem_cache_create_args+0x169/0x240 [ 12.470657] kmem_cache_double_destroy+0xd5/0x380 [ 12.471043] kunit_try_run_case+0x1a5/0x480 [ 12.471192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.471734] kthread+0x337/0x6f0 [ 12.472034] ret_from_fork+0x116/0x1d0 [ 12.472377] ret_from_fork_asm+0x1a/0x30 [ 12.472657] [ 12.472746] Freed by task 233: [ 12.473026] kasan_save_stack+0x45/0x70 [ 12.473399] kasan_save_track+0x18/0x40 [ 12.473580] kasan_save_free_info+0x3f/0x60 [ 12.473961] __kasan_slab_free+0x56/0x70 [ 12.474415] kmem_cache_free+0x249/0x420 [ 12.474861] slab_kmem_cache_release+0x2e/0x40 [ 12.475088] kmem_cache_release+0x16/0x20 [ 12.475471] kobject_put+0x181/0x450 [ 12.475840] sysfs_slab_release+0x16/0x20 [ 12.476255] kmem_cache_destroy+0xf0/0x1d0 [ 12.476551] kmem_cache_double_destroy+0x14e/0x380 [ 12.476777] kunit_try_run_case+0x1a5/0x480 [ 12.477149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.477841] kthread+0x337/0x6f0 [ 12.477980] ret_from_fork+0x116/0x1d0 [ 12.478116] ret_from_fork_asm+0x1a/0x30 [ 12.478409] [ 12.478587] The buggy address belongs to the object at ffff888101690780 [ 12.478587] which belongs to the cache kmem_cache of size 208 [ 12.479863] The buggy address is located 0 bytes inside of [ 12.479863] freed 208-byte region [ffff888101690780, ffff888101690850) [ 12.480918] [ 12.481061] The buggy address belongs to the physical page: [ 12.481400] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101690 [ 12.482326] flags: 0x200000000000000(node=0|zone=2) [ 12.482743] page_type: f5(slab) [ 12.482873] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 12.483105] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.483354] page dumped because: kasan: bad access detected [ 12.483776] [ 12.483857] Memory state around the buggy address: [ 12.484010] ffff888101690680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.484331] ffff888101690700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.484637] >ffff888101690780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.485529] ^ [ 12.485707] ffff888101690800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.486000] ffff888101690880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.486407] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 12.397578] ================================================================== [ 12.398157] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.398816] Read of size 1 at addr ffff8881031ba000 by task kunit_try_catch/231 [ 12.399129] [ 12.399545] CPU: 0 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.399598] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.399610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.399732] Call Trace: [ 12.399751] <TASK> [ 12.399771] dump_stack_lvl+0x73/0xb0 [ 12.399804] print_report+0xd1/0x650 [ 12.399827] ? __virt_addr_valid+0x1db/0x2d0 [ 12.399851] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.399880] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.399901] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.399925] kasan_report+0x141/0x180 [ 12.399947] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.399973] __asan_report_load1_noabort+0x18/0x20 [ 12.399996] kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.400018] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.400040] ? finish_task_switch.isra.0+0x153/0x700 [ 12.400063] ? __switch_to+0x47/0xf50 [ 12.400092] ? __pfx_read_tsc+0x10/0x10 [ 12.400114] ? ktime_get_ts64+0x86/0x230 [ 12.400138] kunit_try_run_case+0x1a5/0x480 [ 12.400394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.400416] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.400440] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.400476] ? __kthread_parkme+0x82/0x180 [ 12.400496] ? preempt_count_sub+0x50/0x80 [ 12.400519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.400542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.400565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.400587] kthread+0x337/0x6f0 [ 12.400606] ? trace_preempt_on+0x20/0xc0 [ 12.400630] ? __pfx_kthread+0x10/0x10 [ 12.400650] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.400670] ? calculate_sigpending+0x7b/0xa0 [ 12.400695] ? __pfx_kthread+0x10/0x10 [ 12.400716] ret_from_fork+0x116/0x1d0 [ 12.400733] ? __pfx_kthread+0x10/0x10 [ 12.400753] ret_from_fork_asm+0x1a/0x30 [ 12.400784] </TASK> [ 12.400796] [ 12.408426] Allocated by task 231: [ 12.408632] kasan_save_stack+0x45/0x70 [ 12.409017] kasan_save_track+0x18/0x40 [ 12.409160] kasan_save_alloc_info+0x3b/0x50 [ 12.409308] __kasan_slab_alloc+0x91/0xa0 [ 12.409463] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.409806] kmem_cache_rcu_uaf+0x155/0x510 [ 12.410023] kunit_try_run_case+0x1a5/0x480 [ 12.410299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.410593] kthread+0x337/0x6f0 [ 12.410829] ret_from_fork+0x116/0x1d0 [ 12.411004] ret_from_fork_asm+0x1a/0x30 [ 12.411162] [ 12.411376] Freed by task 0: [ 12.411531] kasan_save_stack+0x45/0x70 [ 12.411729] kasan_save_track+0x18/0x40 [ 12.411920] kasan_save_free_info+0x3f/0x60 [ 12.412067] __kasan_slab_free+0x56/0x70 [ 12.412219] slab_free_after_rcu_debug+0xe4/0x310 [ 12.412445] rcu_core+0x66f/0x1c40 [ 12.412639] rcu_core_si+0x12/0x20 [ 12.412999] handle_softirqs+0x209/0x730 [ 12.413184] __irq_exit_rcu+0xc9/0x110 [ 12.413390] irq_exit_rcu+0x12/0x20 [ 12.413531] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.413696] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.413863] [ 12.413961] Last potentially related work creation: [ 12.414193] kasan_save_stack+0x45/0x70 [ 12.414446] kasan_record_aux_stack+0xb2/0xc0 [ 12.415303] kmem_cache_free+0x131/0x420 [ 12.415811] kmem_cache_rcu_uaf+0x194/0x510 [ 12.416537] kunit_try_run_case+0x1a5/0x480 [ 12.417116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.417313] kthread+0x337/0x6f0 [ 12.417445] ret_from_fork+0x116/0x1d0 [ 12.418233] ret_from_fork_asm+0x1a/0x30 [ 12.418843] [ 12.419018] The buggy address belongs to the object at ffff8881031ba000 [ 12.419018] which belongs to the cache test_cache of size 200 [ 12.420590] The buggy address is located 0 bytes inside of [ 12.420590] freed 200-byte region [ffff8881031ba000, ffff8881031ba0c8) [ 12.421604] [ 12.421816] The buggy address belongs to the physical page: [ 12.422371] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031ba [ 12.423000] flags: 0x200000000000000(node=0|zone=2) [ 12.423341] page_type: f5(slab) [ 12.423641] raw: 0200000000000000 ffff888100a553c0 dead000000000122 0000000000000000 [ 12.424160] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.424721] page dumped because: kasan: bad access detected [ 12.425060] [ 12.425158] Memory state around the buggy address: [ 12.425363] ffff8881031b9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.425842] ffff8881031b9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.426163] >ffff8881031ba000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.426758] ^ [ 12.427030] ffff8881031ba080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.427513] ffff8881031ba100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.427984] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 12.327098] ================================================================== [ 12.328469] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 12.329225] Free of addr ffff8881038e0001 by task kunit_try_catch/229 [ 12.330161] [ 12.330368] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.330418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.330431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.330467] Call Trace: [ 12.330482] <TASK> [ 12.330500] dump_stack_lvl+0x73/0xb0 [ 12.330531] print_report+0xd1/0x650 [ 12.330553] ? __virt_addr_valid+0x1db/0x2d0 [ 12.330578] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.330600] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.330625] kasan_report_invalid_free+0x10a/0x130 [ 12.330648] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.330673] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.330697] check_slab_allocation+0x11f/0x130 [ 12.330718] __kasan_slab_pre_free+0x28/0x40 [ 12.330738] kmem_cache_free+0xed/0x420 [ 12.330757] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.330777] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.330803] kmem_cache_invalid_free+0x1d8/0x460 [ 12.330827] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.330849] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.330879] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.330906] kunit_try_run_case+0x1a5/0x480 [ 12.330931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.330952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.330975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.330997] ? __kthread_parkme+0x82/0x180 [ 12.331018] ? preempt_count_sub+0x50/0x80 [ 12.331042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.331065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.331086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.331108] kthread+0x337/0x6f0 [ 12.331127] ? trace_preempt_on+0x20/0xc0 [ 12.331150] ? __pfx_kthread+0x10/0x10 [ 12.331169] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.331296] ? calculate_sigpending+0x7b/0xa0 [ 12.331329] ? __pfx_kthread+0x10/0x10 [ 12.331350] ret_from_fork+0x116/0x1d0 [ 12.331369] ? __pfx_kthread+0x10/0x10 [ 12.331388] ret_from_fork_asm+0x1a/0x30 [ 12.331419] </TASK> [ 12.331431] [ 12.345133] Allocated by task 229: [ 12.345703] kasan_save_stack+0x45/0x70 [ 12.345935] kasan_save_track+0x18/0x40 [ 12.346264] kasan_save_alloc_info+0x3b/0x50 [ 12.346606] __kasan_slab_alloc+0x91/0xa0 [ 12.346981] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.347443] kmem_cache_invalid_free+0x157/0x460 [ 12.347968] kunit_try_run_case+0x1a5/0x480 [ 12.348360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.348623] kthread+0x337/0x6f0 [ 12.348893] ret_from_fork+0x116/0x1d0 [ 12.349184] ret_from_fork_asm+0x1a/0x30 [ 12.349435] [ 12.349542] The buggy address belongs to the object at ffff8881038e0000 [ 12.349542] which belongs to the cache test_cache of size 200 [ 12.350548] The buggy address is located 1 bytes inside of [ 12.350548] 200-byte region [ffff8881038e0000, ffff8881038e00c8) [ 12.351167] [ 12.351487] The buggy address belongs to the physical page: [ 12.351959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e0 [ 12.352574] flags: 0x200000000000000(node=0|zone=2) [ 12.352932] page_type: f5(slab) [ 12.353359] raw: 0200000000000000 ffff888101690640 dead000000000122 0000000000000000 [ 12.353814] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.354319] page dumped because: kasan: bad access detected [ 12.354563] [ 12.354654] Memory state around the buggy address: [ 12.355027] ffff8881038dff00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 12.355441] ffff8881038dff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.356168] >ffff8881038e0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.356964] ^ [ 12.357131] ffff8881038e0080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.357625] ffff8881038e0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.358320] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 12.279580] ================================================================== [ 12.280138] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.281524] Free of addr ffff8881031b9000 by task kunit_try_catch/227 [ 12.282496] [ 12.282670] CPU: 0 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.282717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.282729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.282752] Call Trace: [ 12.282765] <TASK> [ 12.282783] dump_stack_lvl+0x73/0xb0 [ 12.282814] print_report+0xd1/0x650 [ 12.282836] ? __virt_addr_valid+0x1db/0x2d0 [ 12.282860] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.282882] ? kmem_cache_double_free+0x1e5/0x480 [ 12.282907] kasan_report_invalid_free+0x10a/0x130 [ 12.282930] ? kmem_cache_double_free+0x1e5/0x480 [ 12.282955] ? kmem_cache_double_free+0x1e5/0x480 [ 12.282978] check_slab_allocation+0x101/0x130 [ 12.282998] __kasan_slab_pre_free+0x28/0x40 [ 12.283019] kmem_cache_free+0xed/0x420 [ 12.283038] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.283057] ? kmem_cache_double_free+0x1e5/0x480 [ 12.283083] kmem_cache_double_free+0x1e5/0x480 [ 12.283107] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.283129] ? finish_task_switch.isra.0+0x153/0x700 [ 12.283150] ? __switch_to+0x47/0xf50 [ 12.283177] ? __pfx_read_tsc+0x10/0x10 [ 12.283198] ? ktime_get_ts64+0x86/0x230 [ 12.283221] kunit_try_run_case+0x1a5/0x480 [ 12.283245] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.283266] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.283288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.283310] ? __kthread_parkme+0x82/0x180 [ 12.283330] ? preempt_count_sub+0x50/0x80 [ 12.283352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.283375] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.283396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.283418] kthread+0x337/0x6f0 [ 12.283436] ? trace_preempt_on+0x20/0xc0 [ 12.283473] ? __pfx_kthread+0x10/0x10 [ 12.283492] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.283512] ? calculate_sigpending+0x7b/0xa0 [ 12.283535] ? __pfx_kthread+0x10/0x10 [ 12.283556] ret_from_fork+0x116/0x1d0 [ 12.283573] ? __pfx_kthread+0x10/0x10 [ 12.283592] ret_from_fork_asm+0x1a/0x30 [ 12.283640] </TASK> [ 12.283651] [ 12.300890] Allocated by task 227: [ 12.301318] kasan_save_stack+0x45/0x70 [ 12.301700] kasan_save_track+0x18/0x40 [ 12.301987] kasan_save_alloc_info+0x3b/0x50 [ 12.302137] __kasan_slab_alloc+0x91/0xa0 [ 12.302512] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.302817] kmem_cache_double_free+0x14f/0x480 [ 12.303363] kunit_try_run_case+0x1a5/0x480 [ 12.303847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.304345] kthread+0x337/0x6f0 [ 12.304586] ret_from_fork+0x116/0x1d0 [ 12.304996] ret_from_fork_asm+0x1a/0x30 [ 12.305177] [ 12.305409] Freed by task 227: [ 12.305961] kasan_save_stack+0x45/0x70 [ 12.306322] kasan_save_track+0x18/0x40 [ 12.306477] kasan_save_free_info+0x3f/0x60 [ 12.306627] __kasan_slab_free+0x56/0x70 [ 12.306960] kmem_cache_free+0x249/0x420 [ 12.307327] kmem_cache_double_free+0x16a/0x480 [ 12.307844] kunit_try_run_case+0x1a5/0x480 [ 12.308378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.308980] kthread+0x337/0x6f0 [ 12.309105] ret_from_fork+0x116/0x1d0 [ 12.309411] ret_from_fork_asm+0x1a/0x30 [ 12.309841] [ 12.310002] The buggy address belongs to the object at ffff8881031b9000 [ 12.310002] which belongs to the cache test_cache of size 200 [ 12.311032] The buggy address is located 0 bytes inside of [ 12.311032] 200-byte region [ffff8881031b9000, ffff8881031b90c8) [ 12.312358] [ 12.312540] The buggy address belongs to the physical page: [ 12.312720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031b9 [ 12.313439] flags: 0x200000000000000(node=0|zone=2) [ 12.313941] page_type: f5(slab) [ 12.314228] raw: 0200000000000000 ffff888100a55280 dead000000000122 0000000000000000 [ 12.314476] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.314708] page dumped because: kasan: bad access detected [ 12.314940] [ 12.315095] Memory state around the buggy address: [ 12.315867] ffff8881031b8f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.316665] ffff8881031b8f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.317411] >ffff8881031b9000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.318137] ^ [ 12.318551] ffff8881031b9080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.319285] ffff8881031b9100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.319862] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 12.236926] ================================================================== [ 12.238161] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.238816] Read of size 1 at addr ffff8881031b50c8 by task kunit_try_catch/225 [ 12.239049] [ 12.239144] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.239189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.239201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.239223] Call Trace: [ 12.239238] <TASK> [ 12.239257] dump_stack_lvl+0x73/0xb0 [ 12.239287] print_report+0xd1/0x650 [ 12.239309] ? __virt_addr_valid+0x1db/0x2d0 [ 12.239332] ? kmem_cache_oob+0x402/0x530 [ 12.239354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.239375] ? kmem_cache_oob+0x402/0x530 [ 12.239397] kasan_report+0x141/0x180 [ 12.239418] ? kmem_cache_oob+0x402/0x530 [ 12.239445] __asan_report_load1_noabort+0x18/0x20 [ 12.239481] kmem_cache_oob+0x402/0x530 [ 12.239501] ? trace_hardirqs_on+0x37/0xe0 [ 12.239524] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.239546] ? finish_task_switch.isra.0+0x153/0x700 [ 12.239567] ? __switch_to+0x47/0xf50 [ 12.239596] ? __pfx_read_tsc+0x10/0x10 [ 12.239617] ? ktime_get_ts64+0x86/0x230 [ 12.239641] kunit_try_run_case+0x1a5/0x480 [ 12.239665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.239687] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.239764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.239790] ? __kthread_parkme+0x82/0x180 [ 12.239811] ? preempt_count_sub+0x50/0x80 [ 12.239833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.239856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.239878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.239900] kthread+0x337/0x6f0 [ 12.239920] ? trace_preempt_on+0x20/0xc0 [ 12.239941] ? __pfx_kthread+0x10/0x10 [ 12.239961] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.239981] ? calculate_sigpending+0x7b/0xa0 [ 12.240004] ? __pfx_kthread+0x10/0x10 [ 12.240025] ret_from_fork+0x116/0x1d0 [ 12.240043] ? __pfx_kthread+0x10/0x10 [ 12.240065] ret_from_fork_asm+0x1a/0x30 [ 12.240095] </TASK> [ 12.240108] [ 12.249921] Allocated by task 225: [ 12.250230] kasan_save_stack+0x45/0x70 [ 12.250628] kasan_save_track+0x18/0x40 [ 12.250838] kasan_save_alloc_info+0x3b/0x50 [ 12.251147] __kasan_slab_alloc+0x91/0xa0 [ 12.251645] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.251882] kmem_cache_oob+0x157/0x530 [ 12.252067] kunit_try_run_case+0x1a5/0x480 [ 12.252260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.252868] kthread+0x337/0x6f0 [ 12.253016] ret_from_fork+0x116/0x1d0 [ 12.253192] ret_from_fork_asm+0x1a/0x30 [ 12.253468] [ 12.253558] The buggy address belongs to the object at ffff8881031b5000 [ 12.253558] which belongs to the cache test_cache of size 200 [ 12.254440] The buggy address is located 0 bytes to the right of [ 12.254440] allocated 200-byte region [ffff8881031b5000, ffff8881031b50c8) [ 12.255127] [ 12.255212] The buggy address belongs to the physical page: [ 12.255603] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031b5 [ 12.256158] flags: 0x200000000000000(node=0|zone=2) [ 12.256432] page_type: f5(slab) [ 12.256922] raw: 0200000000000000 ffff888100a55140 dead000000000122 0000000000000000 [ 12.257419] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.257905] page dumped because: kasan: bad access detected [ 12.258134] [ 12.258229] Memory state around the buggy address: [ 12.258421] ffff8881031b4f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.258744] ffff8881031b5000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.259391] >ffff8881031b5080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.259655] ^ [ 12.260049] ffff8881031b5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.260586] ffff8881031b5180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.261112] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 12.190076] ================================================================== [ 12.190824] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.191433] Read of size 8 at addr ffff8881038dc100 by task kunit_try_catch/218 [ 12.192164] [ 12.192360] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.192406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.192418] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.192440] Call Trace: [ 12.192463] <TASK> [ 12.192480] dump_stack_lvl+0x73/0xb0 [ 12.192509] print_report+0xd1/0x650 [ 12.192530] ? __virt_addr_valid+0x1db/0x2d0 [ 12.192552] ? workqueue_uaf+0x4d6/0x560 [ 12.192573] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.192595] ? workqueue_uaf+0x4d6/0x560 [ 12.192616] kasan_report+0x141/0x180 [ 12.192637] ? workqueue_uaf+0x4d6/0x560 [ 12.192663] __asan_report_load8_noabort+0x18/0x20 [ 12.192727] workqueue_uaf+0x4d6/0x560 [ 12.192751] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.192773] ? __schedule+0x10cc/0x2b60 [ 12.192794] ? __pfx_read_tsc+0x10/0x10 [ 12.192815] ? ktime_get_ts64+0x86/0x230 [ 12.192838] kunit_try_run_case+0x1a5/0x480 [ 12.192862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.192883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.192906] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.192928] ? __kthread_parkme+0x82/0x180 [ 12.192947] ? preempt_count_sub+0x50/0x80 [ 12.192970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.192993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.193015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.193037] kthread+0x337/0x6f0 [ 12.193056] ? trace_preempt_on+0x20/0xc0 [ 12.193078] ? __pfx_kthread+0x10/0x10 [ 12.193098] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.193119] ? calculate_sigpending+0x7b/0xa0 [ 12.193141] ? __pfx_kthread+0x10/0x10 [ 12.193162] ret_from_fork+0x116/0x1d0 [ 12.193179] ? __pfx_kthread+0x10/0x10 [ 12.193227] ret_from_fork_asm+0x1a/0x30 [ 12.193258] </TASK> [ 12.193269] [ 12.206066] Allocated by task 218: [ 12.206445] kasan_save_stack+0x45/0x70 [ 12.206859] kasan_save_track+0x18/0x40 [ 12.207128] kasan_save_alloc_info+0x3b/0x50 [ 12.207414] __kasan_kmalloc+0xb7/0xc0 [ 12.207793] __kmalloc_cache_noprof+0x189/0x420 [ 12.208191] workqueue_uaf+0x152/0x560 [ 12.208422] kunit_try_run_case+0x1a5/0x480 [ 12.208585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.208918] kthread+0x337/0x6f0 [ 12.209213] ret_from_fork+0x116/0x1d0 [ 12.209656] ret_from_fork_asm+0x1a/0x30 [ 12.210048] [ 12.210205] Freed by task 41: [ 12.210659] kasan_save_stack+0x45/0x70 [ 12.211028] kasan_save_track+0x18/0x40 [ 12.211301] kasan_save_free_info+0x3f/0x60 [ 12.211467] __kasan_slab_free+0x56/0x70 [ 12.211614] kfree+0x222/0x3f0 [ 12.211759] workqueue_uaf_work+0x12/0x20 [ 12.212109] process_one_work+0x5ee/0xf60 [ 12.212530] worker_thread+0x758/0x1220 [ 12.212975] kthread+0x337/0x6f0 [ 12.213355] ret_from_fork+0x116/0x1d0 [ 12.213722] ret_from_fork_asm+0x1a/0x30 [ 12.214090] [ 12.214284] Last potentially related work creation: [ 12.214729] kasan_save_stack+0x45/0x70 [ 12.215086] kasan_record_aux_stack+0xb2/0xc0 [ 12.215405] __queue_work+0x626/0xeb0 [ 12.215764] queue_work_on+0xb6/0xc0 [ 12.216156] workqueue_uaf+0x26d/0x560 [ 12.216363] kunit_try_run_case+0x1a5/0x480 [ 12.216772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.217035] kthread+0x337/0x6f0 [ 12.217157] ret_from_fork+0x116/0x1d0 [ 12.217522] ret_from_fork_asm+0x1a/0x30 [ 12.217903] [ 12.218072] The buggy address belongs to the object at ffff8881038dc100 [ 12.218072] which belongs to the cache kmalloc-32 of size 32 [ 12.219107] The buggy address is located 0 bytes inside of [ 12.219107] freed 32-byte region [ffff8881038dc100, ffff8881038dc120) [ 12.219944] [ 12.220124] The buggy address belongs to the physical page: [ 12.220845] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038dc [ 12.221102] flags: 0x200000000000000(node=0|zone=2) [ 12.221465] page_type: f5(slab) [ 12.221778] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.222498] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.223294] page dumped because: kasan: bad access detected [ 12.223896] [ 12.224015] Memory state around the buggy address: [ 12.224175] ffff8881038dc000: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 12.224849] ffff8881038dc080: 00 00 07 fc fc fc fc fc 00 00 00 07 fc fc fc fc [ 12.225685] >ffff8881038dc100: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 12.226042] ^ [ 12.226161] ffff8881038dc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.226878] ffff8881038dc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.227570] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 12.146418] ================================================================== [ 12.146907] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.147179] Read of size 4 at addr ffff8881038d4f80 by task swapper/1/0 [ 12.147503] [ 12.147640] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.147686] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.147698] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.147720] Call Trace: [ 12.147745] <IRQ> [ 12.147764] dump_stack_lvl+0x73/0xb0 [ 12.147795] print_report+0xd1/0x650 [ 12.147817] ? __virt_addr_valid+0x1db/0x2d0 [ 12.147839] ? rcu_uaf_reclaim+0x50/0x60 [ 12.147859] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.147880] ? rcu_uaf_reclaim+0x50/0x60 [ 12.147900] kasan_report+0x141/0x180 [ 12.147922] ? rcu_uaf_reclaim+0x50/0x60 [ 12.147947] __asan_report_load4_noabort+0x18/0x20 [ 12.147970] rcu_uaf_reclaim+0x50/0x60 [ 12.147990] rcu_core+0x66f/0x1c40 [ 12.148017] ? __pfx_rcu_core+0x10/0x10 [ 12.148038] ? ktime_get+0x6b/0x150 [ 12.148059] ? handle_softirqs+0x18e/0x730 [ 12.148083] rcu_core_si+0x12/0x20 [ 12.148102] handle_softirqs+0x209/0x730 [ 12.148120] ? hrtimer_interrupt+0x2fe/0x780 [ 12.148142] ? __pfx_handle_softirqs+0x10/0x10 [ 12.148166] __irq_exit_rcu+0xc9/0x110 [ 12.148186] irq_exit_rcu+0x12/0x20 [ 12.148205] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.148229] </IRQ> [ 12.148252] <TASK> [ 12.148264] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.148348] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.148582] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 03 9a 21 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.148662] RSP: 0000:ffff888100877dc8 EFLAGS: 00010212 [ 12.148772] RAX: ffff88819d174000 RBX: ffff888100853000 RCX: ffffffffbba720e5 [ 12.148817] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 000000000001902c [ 12.148860] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 12.148902] R10: ffff88815b130c53 R11: 000000000001e400 R12: 0000000000000001 [ 12.148944] R13: ffffed102010a600 R14: ffffffffbd7b0e90 R15: 0000000000000000 [ 12.149001] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.149053] ? default_idle+0xd/0x20 [ 12.149075] arch_cpu_idle+0xd/0x20 [ 12.149096] default_idle_call+0x48/0x80 [ 12.149114] do_idle+0x379/0x4f0 [ 12.149136] ? complete+0x15b/0x1d0 [ 12.149154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.149179] ? __pfx_do_idle+0x10/0x10 [ 12.149199] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 12.149221] ? complete+0x15b/0x1d0 [ 12.149242] cpu_startup_entry+0x5c/0x70 [ 12.149264] start_secondary+0x211/0x290 [ 12.149285] ? __pfx_start_secondary+0x10/0x10 [ 12.149310] common_startup_64+0x13e/0x148 [ 12.149341] </TASK> [ 12.149353] [ 12.163566] Allocated by task 216: [ 12.163764] kasan_save_stack+0x45/0x70 [ 12.163961] kasan_save_track+0x18/0x40 [ 12.164141] kasan_save_alloc_info+0x3b/0x50 [ 12.164580] __kasan_kmalloc+0xb7/0xc0 [ 12.165049] __kmalloc_cache_noprof+0x189/0x420 [ 12.165532] rcu_uaf+0xb0/0x330 [ 12.165810] kunit_try_run_case+0x1a5/0x480 [ 12.166021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.166724] kthread+0x337/0x6f0 [ 12.166966] ret_from_fork+0x116/0x1d0 [ 12.167136] ret_from_fork_asm+0x1a/0x30 [ 12.167620] [ 12.167867] Freed by task 0: [ 12.168058] kasan_save_stack+0x45/0x70 [ 12.168302] kasan_save_track+0x18/0x40 [ 12.168500] kasan_save_free_info+0x3f/0x60 [ 12.168959] __kasan_slab_free+0x56/0x70 [ 12.169292] kfree+0x222/0x3f0 [ 12.169608] rcu_uaf_reclaim+0x1f/0x60 [ 12.170116] rcu_core+0x66f/0x1c40 [ 12.170363] rcu_core_si+0x12/0x20 [ 12.170672] handle_softirqs+0x209/0x730 [ 12.170862] __irq_exit_rcu+0xc9/0x110 [ 12.171038] irq_exit_rcu+0x12/0x20 [ 12.171432] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.171745] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.172143] [ 12.172391] Last potentially related work creation: [ 12.172808] kasan_save_stack+0x45/0x70 [ 12.173001] kasan_record_aux_stack+0xb2/0xc0 [ 12.173208] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.173436] call_rcu+0x12/0x20 [ 12.173569] rcu_uaf+0x168/0x330 [ 12.173734] kunit_try_run_case+0x1a5/0x480 [ 12.174062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.174633] kthread+0x337/0x6f0 [ 12.174864] ret_from_fork+0x116/0x1d0 [ 12.175096] ret_from_fork_asm+0x1a/0x30 [ 12.175499] [ 12.175593] The buggy address belongs to the object at ffff8881038d4f80 [ 12.175593] which belongs to the cache kmalloc-32 of size 32 [ 12.176318] The buggy address is located 0 bytes inside of [ 12.176318] freed 32-byte region [ffff8881038d4f80, ffff8881038d4fa0) [ 12.177273] [ 12.177497] The buggy address belongs to the physical page: [ 12.177725] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d4 [ 12.178069] flags: 0x200000000000000(node=0|zone=2) [ 12.178516] page_type: f5(slab) [ 12.178694] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.179085] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.179563] page dumped because: kasan: bad access detected [ 12.179823] [ 12.179920] Memory state around the buggy address: [ 12.180123] ffff8881038d4e80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.180436] ffff8881038d4f00: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 12.181100] >ffff8881038d4f80: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 12.181714] ^ [ 12.181895] ffff8881038d5000: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc [ 12.182470] ffff8881038d5080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.182759] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 12.111675] ================================================================== [ 12.112000] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 12.112463] Read of size 1 at addr ffff8881031a0678 by task kunit_try_catch/214 [ 12.112893] [ 12.112996] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.113038] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.113050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.113070] Call Trace: [ 12.113083] <TASK> [ 12.113098] dump_stack_lvl+0x73/0xb0 [ 12.113146] print_report+0xd1/0x650 [ 12.113168] ? __virt_addr_valid+0x1db/0x2d0 [ 12.113205] ? ksize_uaf+0x5e4/0x6c0 [ 12.113224] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.113367] ? ksize_uaf+0x5e4/0x6c0 [ 12.113400] kasan_report+0x141/0x180 [ 12.113422] ? ksize_uaf+0x5e4/0x6c0 [ 12.113447] __asan_report_load1_noabort+0x18/0x20 [ 12.113484] ksize_uaf+0x5e4/0x6c0 [ 12.113504] ? __pfx_ksize_uaf+0x10/0x10 [ 12.113525] ? __schedule+0x10cc/0x2b60 [ 12.113571] ? __pfx_read_tsc+0x10/0x10 [ 12.113591] ? ktime_get_ts64+0x86/0x230 [ 12.113614] kunit_try_run_case+0x1a5/0x480 [ 12.113637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.113658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.113680] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.113702] ? __kthread_parkme+0x82/0x180 [ 12.113736] ? preempt_count_sub+0x50/0x80 [ 12.113758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.113780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.113803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.113827] kthread+0x337/0x6f0 [ 12.113846] ? trace_preempt_on+0x20/0xc0 [ 12.113869] ? __pfx_kthread+0x10/0x10 [ 12.113905] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.113925] ? calculate_sigpending+0x7b/0xa0 [ 12.113961] ? __pfx_kthread+0x10/0x10 [ 12.113982] ret_from_fork+0x116/0x1d0 [ 12.113999] ? __pfx_kthread+0x10/0x10 [ 12.114033] ret_from_fork_asm+0x1a/0x30 [ 12.114075] </TASK> [ 12.114086] [ 12.123011] Allocated by task 214: [ 12.123217] kasan_save_stack+0x45/0x70 [ 12.123463] kasan_save_track+0x18/0x40 [ 12.123694] kasan_save_alloc_info+0x3b/0x50 [ 12.124001] __kasan_kmalloc+0xb7/0xc0 [ 12.124226] __kmalloc_cache_noprof+0x189/0x420 [ 12.124495] ksize_uaf+0xaa/0x6c0 [ 12.124724] kunit_try_run_case+0x1a5/0x480 [ 12.124930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.125159] kthread+0x337/0x6f0 [ 12.125280] ret_from_fork+0x116/0x1d0 [ 12.125584] ret_from_fork_asm+0x1a/0x30 [ 12.126020] [ 12.126142] Freed by task 214: [ 12.126477] kasan_save_stack+0x45/0x70 [ 12.126699] kasan_save_track+0x18/0x40 [ 12.126912] kasan_save_free_info+0x3f/0x60 [ 12.127136] __kasan_slab_free+0x56/0x70 [ 12.127481] kfree+0x222/0x3f0 [ 12.127647] ksize_uaf+0x12c/0x6c0 [ 12.127826] kunit_try_run_case+0x1a5/0x480 [ 12.127976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.128151] kthread+0x337/0x6f0 [ 12.128517] ret_from_fork+0x116/0x1d0 [ 12.128738] ret_from_fork_asm+0x1a/0x30 [ 12.128969] [ 12.129083] The buggy address belongs to the object at ffff8881031a0600 [ 12.129083] which belongs to the cache kmalloc-128 of size 128 [ 12.129898] The buggy address is located 120 bytes inside of [ 12.129898] freed 128-byte region [ffff8881031a0600, ffff8881031a0680) [ 12.130277] [ 12.130351] The buggy address belongs to the physical page: [ 12.130675] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 12.131094] flags: 0x200000000000000(node=0|zone=2) [ 12.131606] page_type: f5(slab) [ 12.131760] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.132277] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.132526] page dumped because: kasan: bad access detected [ 12.132717] [ 12.132813] Memory state around the buggy address: [ 12.133078] ffff8881031a0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.133818] ffff8881031a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.134143] >ffff8881031a0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.134562] ^ [ 12.134853] ffff8881031a0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.135086] ffff8881031a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.135427] ================================================================== [ 12.055044] ================================================================== [ 12.056268] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 12.056512] Read of size 1 at addr ffff8881031a0600 by task kunit_try_catch/214 [ 12.056743] [ 12.056834] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.056877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.056888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.056909] Call Trace: [ 12.056922] <TASK> [ 12.056938] dump_stack_lvl+0x73/0xb0 [ 12.056965] print_report+0xd1/0x650 [ 12.056986] ? __virt_addr_valid+0x1db/0x2d0 [ 12.057007] ? ksize_uaf+0x19d/0x6c0 [ 12.057026] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.057047] ? ksize_uaf+0x19d/0x6c0 [ 12.057067] kasan_report+0x141/0x180 [ 12.057088] ? ksize_uaf+0x19d/0x6c0 [ 12.057111] ? ksize_uaf+0x19d/0x6c0 [ 12.057132] __kasan_check_byte+0x3d/0x50 [ 12.057153] ksize+0x20/0x60 [ 12.057173] ksize_uaf+0x19d/0x6c0 [ 12.057193] ? __pfx_ksize_uaf+0x10/0x10 [ 12.057213] ? __schedule+0x10cc/0x2b60 [ 12.057234] ? __pfx_read_tsc+0x10/0x10 [ 12.057255] ? ktime_get_ts64+0x86/0x230 [ 12.057278] kunit_try_run_case+0x1a5/0x480 [ 12.057301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.057322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.057345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.057367] ? __kthread_parkme+0x82/0x180 [ 12.057391] ? preempt_count_sub+0x50/0x80 [ 12.057413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.057436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.057466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.057487] kthread+0x337/0x6f0 [ 12.057506] ? trace_preempt_on+0x20/0xc0 [ 12.057527] ? __pfx_kthread+0x10/0x10 [ 12.057547] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.057567] ? calculate_sigpending+0x7b/0xa0 [ 12.057589] ? __pfx_kthread+0x10/0x10 [ 12.057609] ret_from_fork+0x116/0x1d0 [ 12.057627] ? __pfx_kthread+0x10/0x10 [ 12.057646] ret_from_fork_asm+0x1a/0x30 [ 12.057676] </TASK> [ 12.057686] [ 12.071599] Allocated by task 214: [ 12.071966] kasan_save_stack+0x45/0x70 [ 12.072435] kasan_save_track+0x18/0x40 [ 12.072846] kasan_save_alloc_info+0x3b/0x50 [ 12.073303] __kasan_kmalloc+0xb7/0xc0 [ 12.073619] __kmalloc_cache_noprof+0x189/0x420 [ 12.073983] ksize_uaf+0xaa/0x6c0 [ 12.074371] kunit_try_run_case+0x1a5/0x480 [ 12.074651] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.074939] kthread+0x337/0x6f0 [ 12.075381] ret_from_fork+0x116/0x1d0 [ 12.075629] ret_from_fork_asm+0x1a/0x30 [ 12.075925] [ 12.076105] Freed by task 214: [ 12.076476] kasan_save_stack+0x45/0x70 [ 12.076856] kasan_save_track+0x18/0x40 [ 12.077036] kasan_save_free_info+0x3f/0x60 [ 12.077181] __kasan_slab_free+0x56/0x70 [ 12.077656] kfree+0x222/0x3f0 [ 12.078014] ksize_uaf+0x12c/0x6c0 [ 12.078417] kunit_try_run_case+0x1a5/0x480 [ 12.078861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.079152] kthread+0x337/0x6f0 [ 12.079436] ret_from_fork+0x116/0x1d0 [ 12.079891] ret_from_fork_asm+0x1a/0x30 [ 12.080259] [ 12.080503] The buggy address belongs to the object at ffff8881031a0600 [ 12.080503] which belongs to the cache kmalloc-128 of size 128 [ 12.081035] The buggy address is located 0 bytes inside of [ 12.081035] freed 128-byte region [ffff8881031a0600, ffff8881031a0680) [ 12.081410] [ 12.081489] The buggy address belongs to the physical page: [ 12.082052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 12.082416] flags: 0x200000000000000(node=0|zone=2) [ 12.082679] page_type: f5(slab) [ 12.082855] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.083147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.083755] page dumped because: kasan: bad access detected [ 12.084085] [ 12.084217] Memory state around the buggy address: [ 12.084546] ffff8881031a0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.084903] ffff8881031a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.085190] >ffff8881031a0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.085492] ^ [ 12.085632] ffff8881031a0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.086100] ffff8881031a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.086418] ================================================================== [ 12.087110] ================================================================== [ 12.087514] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 12.088079] Read of size 1 at addr ffff8881031a0600 by task kunit_try_catch/214 [ 12.088533] [ 12.088642] CPU: 0 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.088683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.088694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.088714] Call Trace: [ 12.088729] <TASK> [ 12.088743] dump_stack_lvl+0x73/0xb0 [ 12.088956] print_report+0xd1/0x650 [ 12.088983] ? __virt_addr_valid+0x1db/0x2d0 [ 12.089005] ? ksize_uaf+0x5fe/0x6c0 [ 12.089025] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.089045] ? ksize_uaf+0x5fe/0x6c0 [ 12.089066] kasan_report+0x141/0x180 [ 12.089107] ? ksize_uaf+0x5fe/0x6c0 [ 12.089132] __asan_report_load1_noabort+0x18/0x20 [ 12.089156] ksize_uaf+0x5fe/0x6c0 [ 12.089193] ? __pfx_ksize_uaf+0x10/0x10 [ 12.089214] ? __schedule+0x10cc/0x2b60 [ 12.089235] ? __pfx_read_tsc+0x10/0x10 [ 12.089257] ? ktime_get_ts64+0x86/0x230 [ 12.089354] kunit_try_run_case+0x1a5/0x480 [ 12.089390] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.089411] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.089433] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.089466] ? __kthread_parkme+0x82/0x180 [ 12.089510] ? preempt_count_sub+0x50/0x80 [ 12.089532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.089555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.089576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.089598] kthread+0x337/0x6f0 [ 12.089616] ? trace_preempt_on+0x20/0xc0 [ 12.089639] ? __pfx_kthread+0x10/0x10 [ 12.089677] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.089697] ? calculate_sigpending+0x7b/0xa0 [ 12.089719] ? __pfx_kthread+0x10/0x10 [ 12.089739] ret_from_fork+0x116/0x1d0 [ 12.089757] ? __pfx_kthread+0x10/0x10 [ 12.089776] ret_from_fork_asm+0x1a/0x30 [ 12.089806] </TASK> [ 12.089817] [ 12.097987] Allocated by task 214: [ 12.098173] kasan_save_stack+0x45/0x70 [ 12.098348] kasan_save_track+0x18/0x40 [ 12.098497] kasan_save_alloc_info+0x3b/0x50 [ 12.098648] __kasan_kmalloc+0xb7/0xc0 [ 12.098986] __kmalloc_cache_noprof+0x189/0x420 [ 12.099523] ksize_uaf+0xaa/0x6c0 [ 12.099749] kunit_try_run_case+0x1a5/0x480 [ 12.099959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.100284] kthread+0x337/0x6f0 [ 12.100438] ret_from_fork+0x116/0x1d0 [ 12.100585] ret_from_fork_asm+0x1a/0x30 [ 12.100725] [ 12.100811] Freed by task 214: [ 12.100989] kasan_save_stack+0x45/0x70 [ 12.101246] kasan_save_track+0x18/0x40 [ 12.101644] kasan_save_free_info+0x3f/0x60 [ 12.102073] __kasan_slab_free+0x56/0x70 [ 12.102441] kfree+0x222/0x3f0 [ 12.102630] ksize_uaf+0x12c/0x6c0 [ 12.102911] kunit_try_run_case+0x1a5/0x480 [ 12.103128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.103595] kthread+0x337/0x6f0 [ 12.103796] ret_from_fork+0x116/0x1d0 [ 12.103933] ret_from_fork_asm+0x1a/0x30 [ 12.104072] [ 12.104146] The buggy address belongs to the object at ffff8881031a0600 [ 12.104146] which belongs to the cache kmalloc-128 of size 128 [ 12.105127] The buggy address is located 0 bytes inside of [ 12.105127] freed 128-byte region [ffff8881031a0600, ffff8881031a0680) [ 12.106149] [ 12.106257] The buggy address belongs to the physical page: [ 12.106467] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 12.106711] flags: 0x200000000000000(node=0|zone=2) [ 12.107074] page_type: f5(slab) [ 12.107371] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.107739] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.108121] page dumped because: kasan: bad access detected [ 12.108476] [ 12.108591] Memory state around the buggy address: [ 12.108813] ffff8881031a0500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.109064] ffff8881031a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.109688] >ffff8881031a0600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.110039] ^ [ 12.110214] ffff8881031a0680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.110660] ffff8881031a0700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.111056] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 12.014081] ================================================================== [ 12.014492] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.014876] Read of size 1 at addr ffff8881031d4878 by task kunit_try_catch/212 [ 12.015106] [ 12.015263] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.015310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.015323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.015346] Call Trace: [ 12.015360] <TASK> [ 12.015376] dump_stack_lvl+0x73/0xb0 [ 12.015406] print_report+0xd1/0x650 [ 12.015430] ? __virt_addr_valid+0x1db/0x2d0 [ 12.015471] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.015496] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.015519] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.015543] kasan_report+0x141/0x180 [ 12.015566] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.015595] __asan_report_load1_noabort+0x18/0x20 [ 12.015619] ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.015644] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.015667] ? finish_task_switch.isra.0+0x153/0x700 [ 12.015690] ? __switch_to+0x47/0xf50 [ 12.015716] ? __schedule+0x10cc/0x2b60 [ 12.015739] ? __pfx_read_tsc+0x10/0x10 [ 12.015760] ? ktime_get_ts64+0x86/0x230 [ 12.015785] kunit_try_run_case+0x1a5/0x480 [ 12.015810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.015832] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.015857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.015880] ? __kthread_parkme+0x82/0x180 [ 12.015903] ? preempt_count_sub+0x50/0x80 [ 12.015927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.015951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.015974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.015998] kthread+0x337/0x6f0 [ 12.016019] ? trace_preempt_on+0x20/0xc0 [ 12.016042] ? __pfx_kthread+0x10/0x10 [ 12.016063] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.016084] ? calculate_sigpending+0x7b/0xa0 [ 12.016118] ? __pfx_kthread+0x10/0x10 [ 12.016140] ret_from_fork+0x116/0x1d0 [ 12.016160] ? __pfx_kthread+0x10/0x10 [ 12.016181] ret_from_fork_asm+0x1a/0x30 [ 12.016213] </TASK> [ 12.016224] [ 12.023933] Allocated by task 212: [ 12.024084] kasan_save_stack+0x45/0x70 [ 12.024509] kasan_save_track+0x18/0x40 [ 12.024741] kasan_save_alloc_info+0x3b/0x50 [ 12.024927] __kasan_kmalloc+0xb7/0xc0 [ 12.025093] __kmalloc_cache_noprof+0x189/0x420 [ 12.025253] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.025419] kunit_try_run_case+0x1a5/0x480 [ 12.025590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.025850] kthread+0x337/0x6f0 [ 12.026021] ret_from_fork+0x116/0x1d0 [ 12.026255] ret_from_fork_asm+0x1a/0x30 [ 12.026591] [ 12.026698] The buggy address belongs to the object at ffff8881031d4800 [ 12.026698] which belongs to the cache kmalloc-128 of size 128 [ 12.027100] The buggy address is located 5 bytes to the right of [ 12.027100] allocated 115-byte region [ffff8881031d4800, ffff8881031d4873) [ 12.027917] [ 12.028019] The buggy address belongs to the physical page: [ 12.028298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 12.028633] flags: 0x200000000000000(node=0|zone=2) [ 12.028878] page_type: f5(slab) [ 12.029004] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.029240] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.029671] page dumped because: kasan: bad access detected [ 12.029921] [ 12.030018] Memory state around the buggy address: [ 12.030395] ffff8881031d4700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.030715] ffff8881031d4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.030936] >ffff8881031d4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.031204] ^ [ 12.031528] ffff8881031d4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.031840] ffff8881031d4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.032395] ================================================================== [ 12.032812] ================================================================== [ 12.033388] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.033820] Read of size 1 at addr ffff8881031d487f by task kunit_try_catch/212 [ 12.034048] [ 12.034137] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 12.034181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.034194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.034215] Call Trace: [ 12.034230] <TASK> [ 12.034247] dump_stack_lvl+0x73/0xb0 [ 12.034278] print_report+0xd1/0x650 [ 12.034301] ? __virt_addr_valid+0x1db/0x2d0 [ 12.034323] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.034347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.034370] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.034394] kasan_report+0x141/0x180 [ 12.034417] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.034446] __asan_report_load1_noabort+0x18/0x20 [ 12.034484] ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.034509] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.034533] ? finish_task_switch.isra.0+0x153/0x700 [ 12.034555] ? __switch_to+0x47/0xf50 [ 12.034580] ? __schedule+0x10cc/0x2b60 [ 12.034603] ? __pfx_read_tsc+0x10/0x10 [ 12.034624] ? ktime_get_ts64+0x86/0x230 [ 12.034690] kunit_try_run_case+0x1a5/0x480 [ 12.034717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.034740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.034764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.034788] ? __kthread_parkme+0x82/0x180 [ 12.034809] ? preempt_count_sub+0x50/0x80 [ 12.034833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.034857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.034881] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.034905] kthread+0x337/0x6f0 [ 12.034925] ? trace_preempt_on+0x20/0xc0 [ 12.034949] ? __pfx_kthread+0x10/0x10 [ 12.034971] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.034992] ? calculate_sigpending+0x7b/0xa0 [ 12.035017] ? __pfx_kthread+0x10/0x10 [ 12.035039] ret_from_fork+0x116/0x1d0 [ 12.035058] ? __pfx_kthread+0x10/0x10 [ 12.035079] ret_from_fork_asm+0x1a/0x30 [ 12.035111] </TASK> [ 12.035122] [ 12.043162] Allocated by task 212: [ 12.043344] kasan_save_stack+0x45/0x70 [ 12.043739] kasan_save_track+0x18/0x40 [ 12.043945] kasan_save_alloc_info+0x3b/0x50 [ 12.044139] __kasan_kmalloc+0xb7/0xc0 [ 12.044314] __kmalloc_cache_noprof+0x189/0x420 [ 12.044556] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.044711] kunit_try_run_case+0x1a5/0x480 [ 12.044860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.045159] kthread+0x337/0x6f0 [ 12.045559] ret_from_fork+0x116/0x1d0 [ 12.045786] ret_from_fork_asm+0x1a/0x30 [ 12.045959] [ 12.046035] The buggy address belongs to the object at ffff8881031d4800 [ 12.046035] which belongs to the cache kmalloc-128 of size 128 [ 12.046721] The buggy address is located 12 bytes to the right of [ 12.046721] allocated 115-byte region [ffff8881031d4800, ffff8881031d4873) [ 12.047089] [ 12.047210] The buggy address belongs to the physical page: [ 12.047524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 12.048158] flags: 0x200000000000000(node=0|zone=2) [ 12.048403] page_type: f5(slab) [ 12.048574] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.048809] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.049189] page dumped because: kasan: bad access detected [ 12.049540] [ 12.049624] Memory state around the buggy address: [ 12.049873] ffff8881031d4700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.050164] ffff8881031d4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.050497] >ffff8881031d4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.050827] ^ [ 12.051097] ffff8881031d4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.051347] ffff8881031d4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.051977] ================================================================== [ 11.991718] ================================================================== [ 11.992201] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.992572] Read of size 1 at addr ffff8881031d4873 by task kunit_try_catch/212 [ 11.992929] [ 11.993044] CPU: 1 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.993089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.993102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.993124] Call Trace: [ 11.993136] <TASK> [ 11.993153] dump_stack_lvl+0x73/0xb0 [ 11.993182] print_report+0xd1/0x650 [ 11.993205] ? __virt_addr_valid+0x1db/0x2d0 [ 11.993227] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.993251] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.993274] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.993298] kasan_report+0x141/0x180 [ 11.993321] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.993350] __asan_report_load1_noabort+0x18/0x20 [ 11.993375] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.993405] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.993428] ? finish_task_switch.isra.0+0x153/0x700 [ 11.993450] ? __switch_to+0x47/0xf50 [ 11.993489] ? __schedule+0x10cc/0x2b60 [ 11.993511] ? __pfx_read_tsc+0x10/0x10 [ 11.993532] ? ktime_get_ts64+0x86/0x230 [ 11.993556] kunit_try_run_case+0x1a5/0x480 [ 11.993581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.993604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.993628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.993652] ? __kthread_parkme+0x82/0x180 [ 11.993672] ? preempt_count_sub+0x50/0x80 [ 11.993696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.993721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.993744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.993769] kthread+0x337/0x6f0 [ 11.993789] ? trace_preempt_on+0x20/0xc0 [ 11.993813] ? __pfx_kthread+0x10/0x10 [ 11.993862] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.993884] ? calculate_sigpending+0x7b/0xa0 [ 11.993909] ? __pfx_kthread+0x10/0x10 [ 11.993932] ret_from_fork+0x116/0x1d0 [ 11.993952] ? __pfx_kthread+0x10/0x10 [ 11.993974] ret_from_fork_asm+0x1a/0x30 [ 11.994005] </TASK> [ 11.994016] [ 12.001706] Allocated by task 212: [ 12.001842] kasan_save_stack+0x45/0x70 [ 12.002051] kasan_save_track+0x18/0x40 [ 12.002252] kasan_save_alloc_info+0x3b/0x50 [ 12.002549] __kasan_kmalloc+0xb7/0xc0 [ 12.002758] __kmalloc_cache_noprof+0x189/0x420 [ 12.002978] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.003135] kunit_try_run_case+0x1a5/0x480 [ 12.003342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.003613] kthread+0x337/0x6f0 [ 12.003897] ret_from_fork+0x116/0x1d0 [ 12.004060] ret_from_fork_asm+0x1a/0x30 [ 12.004327] [ 12.004432] The buggy address belongs to the object at ffff8881031d4800 [ 12.004432] which belongs to the cache kmalloc-128 of size 128 [ 12.004948] The buggy address is located 0 bytes to the right of [ 12.004948] allocated 115-byte region [ffff8881031d4800, ffff8881031d4873) [ 12.005515] [ 12.005614] The buggy address belongs to the physical page: [ 12.005827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 12.006072] flags: 0x200000000000000(node=0|zone=2) [ 12.006239] page_type: f5(slab) [ 12.006362] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.006608] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.006849] page dumped because: kasan: bad access detected [ 12.007101] [ 12.009007] Memory state around the buggy address: [ 12.009392] ffff8881031d4700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.009751] ffff8881031d4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.009972] >ffff8881031d4800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.010186] ^ [ 12.010662] ffff8881031d4880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.010919] ffff8881031d4900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.011230] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.964837] ================================================================== [ 11.965120] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.965655] Free of addr ffff88810274c260 by task kunit_try_catch/210 [ 11.966001] [ 11.966112] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.966154] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.966165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.966185] Call Trace: [ 11.966243] <TASK> [ 11.966259] dump_stack_lvl+0x73/0xb0 [ 11.966288] print_report+0xd1/0x650 [ 11.966310] ? __virt_addr_valid+0x1db/0x2d0 [ 11.966332] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.966353] ? kfree_sensitive+0x2e/0x90 [ 11.966373] kasan_report_invalid_free+0x10a/0x130 [ 11.966397] ? kfree_sensitive+0x2e/0x90 [ 11.966418] ? kfree_sensitive+0x2e/0x90 [ 11.966436] check_slab_allocation+0x101/0x130 [ 11.966473] __kasan_slab_pre_free+0x28/0x40 [ 11.966494] kfree+0xf0/0x3f0 [ 11.966516] ? kfree_sensitive+0x2e/0x90 [ 11.966537] kfree_sensitive+0x2e/0x90 [ 11.966556] kmalloc_double_kzfree+0x19c/0x350 [ 11.966578] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.966601] ? __schedule+0x10cc/0x2b60 [ 11.966623] ? __pfx_read_tsc+0x10/0x10 [ 11.966643] ? ktime_get_ts64+0x86/0x230 [ 11.966665] kunit_try_run_case+0x1a5/0x480 [ 11.966689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.966710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.966732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.966754] ? __kthread_parkme+0x82/0x180 [ 11.966772] ? preempt_count_sub+0x50/0x80 [ 11.966795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.966817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.966838] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.966860] kthread+0x337/0x6f0 [ 11.966879] ? trace_preempt_on+0x20/0xc0 [ 11.966900] ? __pfx_kthread+0x10/0x10 [ 11.966920] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.966940] ? calculate_sigpending+0x7b/0xa0 [ 11.966962] ? __pfx_kthread+0x10/0x10 [ 11.966983] ret_from_fork+0x116/0x1d0 [ 11.967000] ? __pfx_kthread+0x10/0x10 [ 11.967019] ret_from_fork_asm+0x1a/0x30 [ 11.967049] </TASK> [ 11.967061] [ 11.975273] Allocated by task 210: [ 11.975444] kasan_save_stack+0x45/0x70 [ 11.975597] kasan_save_track+0x18/0x40 [ 11.975755] kasan_save_alloc_info+0x3b/0x50 [ 11.975969] __kasan_kmalloc+0xb7/0xc0 [ 11.976152] __kmalloc_cache_noprof+0x189/0x420 [ 11.976377] kmalloc_double_kzfree+0xa9/0x350 [ 11.976782] kunit_try_run_case+0x1a5/0x480 [ 11.976940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.977245] kthread+0x337/0x6f0 [ 11.977441] ret_from_fork+0x116/0x1d0 [ 11.977632] ret_from_fork_asm+0x1a/0x30 [ 11.977825] [ 11.977898] Freed by task 210: [ 11.978054] kasan_save_stack+0x45/0x70 [ 11.978298] kasan_save_track+0x18/0x40 [ 11.978490] kasan_save_free_info+0x3f/0x60 [ 11.978644] __kasan_slab_free+0x56/0x70 [ 11.978955] kfree+0x222/0x3f0 [ 11.979098] kfree_sensitive+0x67/0x90 [ 11.979331] kmalloc_double_kzfree+0x12b/0x350 [ 11.979521] kunit_try_run_case+0x1a5/0x480 [ 11.979725] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.980080] kthread+0x337/0x6f0 [ 11.980203] ret_from_fork+0x116/0x1d0 [ 11.980336] ret_from_fork_asm+0x1a/0x30 [ 11.980530] [ 11.980629] The buggy address belongs to the object at ffff88810274c260 [ 11.980629] which belongs to the cache kmalloc-16 of size 16 [ 11.981633] The buggy address is located 0 bytes inside of [ 11.981633] 16-byte region [ffff88810274c260, ffff88810274c270) [ 11.981976] [ 11.982051] The buggy address belongs to the physical page: [ 11.982224] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 11.982568] flags: 0x200000000000000(node=0|zone=2) [ 11.982801] page_type: f5(slab) [ 11.982973] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.983598] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.984181] page dumped because: kasan: bad access detected [ 11.984353] [ 11.984424] Memory state around the buggy address: [ 11.984590] ffff88810274c100: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.984805] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.985024] >ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.985669] ^ [ 11.985964] ffff88810274c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986286] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.986631] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.942930] ================================================================== [ 11.943651] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.943984] Read of size 1 at addr ffff88810274c260 by task kunit_try_catch/210 [ 11.944555] [ 11.944653] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.944697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.944709] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.944730] Call Trace: [ 11.944741] <TASK> [ 11.944756] dump_stack_lvl+0x73/0xb0 [ 11.944784] print_report+0xd1/0x650 [ 11.944805] ? __virt_addr_valid+0x1db/0x2d0 [ 11.944827] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.944850] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.944871] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.944894] kasan_report+0x141/0x180 [ 11.944916] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.944940] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.944962] __kasan_check_byte+0x3d/0x50 [ 11.944983] kfree_sensitive+0x22/0x90 [ 11.945005] kmalloc_double_kzfree+0x19c/0x350 [ 11.945027] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.945050] ? __schedule+0x10cc/0x2b60 [ 11.945071] ? __pfx_read_tsc+0x10/0x10 [ 11.945091] ? ktime_get_ts64+0x86/0x230 [ 11.945114] kunit_try_run_case+0x1a5/0x480 [ 11.945137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.945157] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.945179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.945244] ? __kthread_parkme+0x82/0x180 [ 11.945267] ? preempt_count_sub+0x50/0x80 [ 11.945289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.945312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.945334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.945356] kthread+0x337/0x6f0 [ 11.945381] ? trace_preempt_on+0x20/0xc0 [ 11.945403] ? __pfx_kthread+0x10/0x10 [ 11.945423] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.945443] ? calculate_sigpending+0x7b/0xa0 [ 11.945477] ? __pfx_kthread+0x10/0x10 [ 11.945498] ret_from_fork+0x116/0x1d0 [ 11.945515] ? __pfx_kthread+0x10/0x10 [ 11.945535] ret_from_fork_asm+0x1a/0x30 [ 11.945565] </TASK> [ 11.945577] [ 11.953314] Allocated by task 210: [ 11.953520] kasan_save_stack+0x45/0x70 [ 11.953720] kasan_save_track+0x18/0x40 [ 11.953912] kasan_save_alloc_info+0x3b/0x50 [ 11.954130] __kasan_kmalloc+0xb7/0xc0 [ 11.954481] __kmalloc_cache_noprof+0x189/0x420 [ 11.954640] kmalloc_double_kzfree+0xa9/0x350 [ 11.955003] kunit_try_run_case+0x1a5/0x480 [ 11.955219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.955495] kthread+0x337/0x6f0 [ 11.955666] ret_from_fork+0x116/0x1d0 [ 11.955812] ret_from_fork_asm+0x1a/0x30 [ 11.955953] [ 11.956026] Freed by task 210: [ 11.956138] kasan_save_stack+0x45/0x70 [ 11.956305] kasan_save_track+0x18/0x40 [ 11.956504] kasan_save_free_info+0x3f/0x60 [ 11.956708] __kasan_slab_free+0x56/0x70 [ 11.956907] kfree+0x222/0x3f0 [ 11.957128] kfree_sensitive+0x67/0x90 [ 11.957313] kmalloc_double_kzfree+0x12b/0x350 [ 11.957515] kunit_try_run_case+0x1a5/0x480 [ 11.957661] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.958169] kthread+0x337/0x6f0 [ 11.958389] ret_from_fork+0x116/0x1d0 [ 11.958596] ret_from_fork_asm+0x1a/0x30 [ 11.958850] [ 11.958923] The buggy address belongs to the object at ffff88810274c260 [ 11.958923] which belongs to the cache kmalloc-16 of size 16 [ 11.959301] The buggy address is located 0 bytes inside of [ 11.959301] freed 16-byte region [ffff88810274c260, ffff88810274c270) [ 11.959845] [ 11.959939] The buggy address belongs to the physical page: [ 11.960219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 11.960554] flags: 0x200000000000000(node=0|zone=2) [ 11.960813] page_type: f5(slab) [ 11.960938] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.961284] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.961645] page dumped because: kasan: bad access detected [ 11.961961] [ 11.962039] Memory state around the buggy address: [ 11.962217] ffff88810274c100: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.962433] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.962757] >ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.963302] ^ [ 11.963593] ffff88810274c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.964011] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.964357] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.913674] ================================================================== [ 11.914136] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.914656] Read of size 1 at addr ffff8881031aac28 by task kunit_try_catch/206 [ 11.915098] [ 11.915210] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.915255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.915267] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.915287] Call Trace: [ 11.915300] <TASK> [ 11.915315] dump_stack_lvl+0x73/0xb0 [ 11.915345] print_report+0xd1/0x650 [ 11.915367] ? __virt_addr_valid+0x1db/0x2d0 [ 11.915388] ? kmalloc_uaf2+0x4a8/0x520 [ 11.915407] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.915428] ? kmalloc_uaf2+0x4a8/0x520 [ 11.915447] kasan_report+0x141/0x180 [ 11.915482] ? kmalloc_uaf2+0x4a8/0x520 [ 11.915506] __asan_report_load1_noabort+0x18/0x20 [ 11.915529] kmalloc_uaf2+0x4a8/0x520 [ 11.915549] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.915567] ? finish_task_switch.isra.0+0x153/0x700 [ 11.915588] ? __switch_to+0x47/0xf50 [ 11.915694] ? __schedule+0x10cc/0x2b60 [ 11.915718] ? __pfx_read_tsc+0x10/0x10 [ 11.915737] ? ktime_get_ts64+0x86/0x230 [ 11.915759] kunit_try_run_case+0x1a5/0x480 [ 11.915783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.915805] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.915827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.915852] ? __kthread_parkme+0x82/0x180 [ 11.915875] ? preempt_count_sub+0x50/0x80 [ 11.915898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.915921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.915942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.915964] kthread+0x337/0x6f0 [ 11.915982] ? trace_preempt_on+0x20/0xc0 [ 11.916004] ? __pfx_kthread+0x10/0x10 [ 11.916023] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.916044] ? calculate_sigpending+0x7b/0xa0 [ 11.916066] ? __pfx_kthread+0x10/0x10 [ 11.916086] ret_from_fork+0x116/0x1d0 [ 11.916103] ? __pfx_kthread+0x10/0x10 [ 11.916123] ret_from_fork_asm+0x1a/0x30 [ 11.916152] </TASK> [ 11.916163] [ 11.924049] Allocated by task 206: [ 11.924179] kasan_save_stack+0x45/0x70 [ 11.924382] kasan_save_track+0x18/0x40 [ 11.924592] kasan_save_alloc_info+0x3b/0x50 [ 11.925044] __kasan_kmalloc+0xb7/0xc0 [ 11.925247] __kmalloc_cache_noprof+0x189/0x420 [ 11.925473] kmalloc_uaf2+0xc6/0x520 [ 11.925603] kunit_try_run_case+0x1a5/0x480 [ 11.925782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.926059] kthread+0x337/0x6f0 [ 11.926384] ret_from_fork+0x116/0x1d0 [ 11.926574] ret_from_fork_asm+0x1a/0x30 [ 11.926859] [ 11.926943] Freed by task 206: [ 11.927066] kasan_save_stack+0x45/0x70 [ 11.927259] kasan_save_track+0x18/0x40 [ 11.927424] kasan_save_free_info+0x3f/0x60 [ 11.927795] __kasan_slab_free+0x56/0x70 [ 11.928018] kfree+0x222/0x3f0 [ 11.928149] kmalloc_uaf2+0x14c/0x520 [ 11.928278] kunit_try_run_case+0x1a5/0x480 [ 11.928419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.928641] kthread+0x337/0x6f0 [ 11.928805] ret_from_fork+0x116/0x1d0 [ 11.928990] ret_from_fork_asm+0x1a/0x30 [ 11.929409] [ 11.929522] The buggy address belongs to the object at ffff8881031aac00 [ 11.929522] which belongs to the cache kmalloc-64 of size 64 [ 11.930029] The buggy address is located 40 bytes inside of [ 11.930029] freed 64-byte region [ffff8881031aac00, ffff8881031aac40) [ 11.930662] [ 11.930854] The buggy address belongs to the physical page: [ 11.931072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031aa [ 11.931308] flags: 0x200000000000000(node=0|zone=2) [ 11.931525] page_type: f5(slab) [ 11.931810] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.932146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.932464] page dumped because: kasan: bad access detected [ 11.932634] [ 11.932799] Memory state around the buggy address: [ 11.933293] ffff8881031aab00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.933655] ffff8881031aab80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.933962] >ffff8881031aac00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.934356] ^ [ 11.934531] ffff8881031aac80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.934870] ffff8881031aad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.935177] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.888769] ================================================================== [ 11.889296] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.889646] Write of size 33 at addr ffff8881038d5880 by task kunit_try_catch/204 [ 11.890102] [ 11.890196] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.890240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.890251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.890291] Call Trace: [ 11.890303] <TASK> [ 11.890334] dump_stack_lvl+0x73/0xb0 [ 11.890361] print_report+0xd1/0x650 [ 11.890384] ? __virt_addr_valid+0x1db/0x2d0 [ 11.890405] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.890425] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.890503] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.890524] kasan_report+0x141/0x180 [ 11.890545] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.890570] kasan_check_range+0x10c/0x1c0 [ 11.890593] __asan_memset+0x27/0x50 [ 11.890613] kmalloc_uaf_memset+0x1a3/0x360 [ 11.890634] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.890687] ? __schedule+0x10cc/0x2b60 [ 11.890709] ? __pfx_read_tsc+0x10/0x10 [ 11.890730] ? ktime_get_ts64+0x86/0x230 [ 11.890754] kunit_try_run_case+0x1a5/0x480 [ 11.890777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.890799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.890821] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.890861] ? __kthread_parkme+0x82/0x180 [ 11.890880] ? preempt_count_sub+0x50/0x80 [ 11.890903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.890926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.890947] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.890969] kthread+0x337/0x6f0 [ 11.890988] ? trace_preempt_on+0x20/0xc0 [ 11.891011] ? __pfx_kthread+0x10/0x10 [ 11.891031] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.891051] ? calculate_sigpending+0x7b/0xa0 [ 11.891074] ? __pfx_kthread+0x10/0x10 [ 11.891094] ret_from_fork+0x116/0x1d0 [ 11.891112] ? __pfx_kthread+0x10/0x10 [ 11.891132] ret_from_fork_asm+0x1a/0x30 [ 11.891161] </TASK> [ 11.891172] [ 11.899378] Allocated by task 204: [ 11.899586] kasan_save_stack+0x45/0x70 [ 11.899790] kasan_save_track+0x18/0x40 [ 11.900170] kasan_save_alloc_info+0x3b/0x50 [ 11.900622] __kasan_kmalloc+0xb7/0xc0 [ 11.900930] __kmalloc_cache_noprof+0x189/0x420 [ 11.901092] kmalloc_uaf_memset+0xa9/0x360 [ 11.901500] kunit_try_run_case+0x1a5/0x480 [ 11.901749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.901989] kthread+0x337/0x6f0 [ 11.902139] ret_from_fork+0x116/0x1d0 [ 11.902396] ret_from_fork_asm+0x1a/0x30 [ 11.902585] [ 11.902657] Freed by task 204: [ 11.902768] kasan_save_stack+0x45/0x70 [ 11.902901] kasan_save_track+0x18/0x40 [ 11.903080] kasan_save_free_info+0x3f/0x60 [ 11.903485] __kasan_slab_free+0x56/0x70 [ 11.903681] kfree+0x222/0x3f0 [ 11.903839] kmalloc_uaf_memset+0x12b/0x360 [ 11.904040] kunit_try_run_case+0x1a5/0x480 [ 11.904413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.904698] kthread+0x337/0x6f0 [ 11.904893] ret_from_fork+0x116/0x1d0 [ 11.905081] ret_from_fork_asm+0x1a/0x30 [ 11.905371] [ 11.905469] The buggy address belongs to the object at ffff8881038d5880 [ 11.905469] which belongs to the cache kmalloc-64 of size 64 [ 11.906024] The buggy address is located 0 bytes inside of [ 11.906024] freed 64-byte region [ffff8881038d5880, ffff8881038d58c0) [ 11.906360] [ 11.906521] The buggy address belongs to the physical page: [ 11.906992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 11.907395] flags: 0x200000000000000(node=0|zone=2) [ 11.907697] page_type: f5(slab) [ 11.907918] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.908342] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.908712] page dumped because: kasan: bad access detected [ 11.908977] [ 11.909046] Memory state around the buggy address: [ 11.909199] ffff8881038d5780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.909718] ffff8881038d5800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.910039] >ffff8881038d5880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.910549] ^ [ 11.910775] ffff8881038d5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.911000] ffff8881038d5980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.911226] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.851434] ================================================================== [ 11.852672] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.853130] Read of size 1 at addr ffff88810274c248 by task kunit_try_catch/202 [ 11.853628] [ 11.853894] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.853986] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.853998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.854021] Call Trace: [ 11.854047] <TASK> [ 11.854065] dump_stack_lvl+0x73/0xb0 [ 11.854097] print_report+0xd1/0x650 [ 11.854120] ? __virt_addr_valid+0x1db/0x2d0 [ 11.854143] ? kmalloc_uaf+0x320/0x380 [ 11.854163] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.854184] ? kmalloc_uaf+0x320/0x380 [ 11.854215] kasan_report+0x141/0x180 [ 11.854238] ? kmalloc_uaf+0x320/0x380 [ 11.854262] __asan_report_load1_noabort+0x18/0x20 [ 11.854285] kmalloc_uaf+0x320/0x380 [ 11.854304] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.854324] ? __schedule+0x10cc/0x2b60 [ 11.854345] ? __pfx_read_tsc+0x10/0x10 [ 11.854365] ? ktime_get_ts64+0x86/0x230 [ 11.854390] kunit_try_run_case+0x1a5/0x480 [ 11.854414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.854436] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.854468] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.854490] ? __kthread_parkme+0x82/0x180 [ 11.854510] ? preempt_count_sub+0x50/0x80 [ 11.854532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.854555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.854576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.854598] kthread+0x337/0x6f0 [ 11.854617] ? trace_preempt_on+0x20/0xc0 [ 11.854639] ? __pfx_kthread+0x10/0x10 [ 11.854659] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.854679] ? calculate_sigpending+0x7b/0xa0 [ 11.854702] ? __pfx_kthread+0x10/0x10 [ 11.854723] ret_from_fork+0x116/0x1d0 [ 11.854740] ? __pfx_kthread+0x10/0x10 [ 11.854759] ret_from_fork_asm+0x1a/0x30 [ 11.854790] </TASK> [ 11.854801] [ 11.868529] Allocated by task 202: [ 11.868672] kasan_save_stack+0x45/0x70 [ 11.868817] kasan_save_track+0x18/0x40 [ 11.868949] kasan_save_alloc_info+0x3b/0x50 [ 11.869092] __kasan_kmalloc+0xb7/0xc0 [ 11.869221] __kmalloc_cache_noprof+0x189/0x420 [ 11.869449] kmalloc_uaf+0xaa/0x380 [ 11.869949] kunit_try_run_case+0x1a5/0x480 [ 11.870555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.870868] kthread+0x337/0x6f0 [ 11.871182] ret_from_fork+0x116/0x1d0 [ 11.871644] ret_from_fork_asm+0x1a/0x30 [ 11.872178] [ 11.872439] Freed by task 202: [ 11.872568] kasan_save_stack+0x45/0x70 [ 11.873011] kasan_save_track+0x18/0x40 [ 11.873179] kasan_save_free_info+0x3f/0x60 [ 11.873716] __kasan_slab_free+0x56/0x70 [ 11.874094] kfree+0x222/0x3f0 [ 11.874342] kmalloc_uaf+0x12c/0x380 [ 11.874487] kunit_try_run_case+0x1a5/0x480 [ 11.874631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.875083] kthread+0x337/0x6f0 [ 11.875434] ret_from_fork+0x116/0x1d0 [ 11.875838] ret_from_fork_asm+0x1a/0x30 [ 11.876244] [ 11.876408] The buggy address belongs to the object at ffff88810274c240 [ 11.876408] which belongs to the cache kmalloc-16 of size 16 [ 11.877070] The buggy address is located 8 bytes inside of [ 11.877070] freed 16-byte region [ffff88810274c240, ffff88810274c250) [ 11.878046] [ 11.878429] The buggy address belongs to the physical page: [ 11.878726] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 11.878970] flags: 0x200000000000000(node=0|zone=2) [ 11.879133] page_type: f5(slab) [ 11.879269] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.879845] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.880248] page dumped because: kasan: bad access detected [ 11.880530] [ 11.880631] Memory state around the buggy address: [ 11.880894] ffff88810274c100: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.881152] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.881712] >ffff88810274c200: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 11.882102] ^ [ 11.882319] ffff88810274c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.882659] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.883001] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.817398] ================================================================== [ 11.818043] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.818662] Read of size 64 at addr ffff8881031aa804 by task kunit_try_catch/200 [ 11.819425] [ 11.819601] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.819650] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.819663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.819685] Call Trace: [ 11.819701] <TASK> [ 11.819720] dump_stack_lvl+0x73/0xb0 [ 11.820206] print_report+0xd1/0x650 [ 11.820237] ? __virt_addr_valid+0x1db/0x2d0 [ 11.820261] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.820284] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.820305] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.820329] kasan_report+0x141/0x180 [ 11.820350] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.820378] kasan_check_range+0x10c/0x1c0 [ 11.820401] __asan_memmove+0x27/0x70 [ 11.820420] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.820444] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.820480] ? __schedule+0x10cc/0x2b60 [ 11.820502] ? __pfx_read_tsc+0x10/0x10 [ 11.820522] ? ktime_get_ts64+0x86/0x230 [ 11.820546] kunit_try_run_case+0x1a5/0x480 [ 11.820571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.820592] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.820615] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.820638] ? __kthread_parkme+0x82/0x180 [ 11.820658] ? preempt_count_sub+0x50/0x80 [ 11.821195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.821222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.821244] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.821266] kthread+0x337/0x6f0 [ 11.821285] ? trace_preempt_on+0x20/0xc0 [ 11.821308] ? __pfx_kthread+0x10/0x10 [ 11.821328] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.821348] ? calculate_sigpending+0x7b/0xa0 [ 11.821371] ? __pfx_kthread+0x10/0x10 [ 11.821400] ret_from_fork+0x116/0x1d0 [ 11.821418] ? __pfx_kthread+0x10/0x10 [ 11.821438] ret_from_fork_asm+0x1a/0x30 [ 11.821480] </TASK> [ 11.821492] [ 11.836214] Allocated by task 200: [ 11.837351] kasan_save_stack+0x45/0x70 [ 11.837523] kasan_save_track+0x18/0x40 [ 11.837725] kasan_save_alloc_info+0x3b/0x50 [ 11.837964] __kasan_kmalloc+0xb7/0xc0 [ 11.838132] __kmalloc_cache_noprof+0x189/0x420 [ 11.838321] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.838574] kunit_try_run_case+0x1a5/0x480 [ 11.838753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.838966] kthread+0x337/0x6f0 [ 11.839200] ret_from_fork+0x116/0x1d0 [ 11.839337] ret_from_fork_asm+0x1a/0x30 [ 11.840846] [ 11.840944] The buggy address belongs to the object at ffff8881031aa800 [ 11.840944] which belongs to the cache kmalloc-64 of size 64 [ 11.841436] The buggy address is located 4 bytes inside of [ 11.841436] allocated 64-byte region [ffff8881031aa800, ffff8881031aa840) [ 11.842000] [ 11.842089] The buggy address belongs to the physical page: [ 11.842291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031aa [ 11.842625] flags: 0x200000000000000(node=0|zone=2) [ 11.842955] page_type: f5(slab) [ 11.843102] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.843415] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.843724] page dumped because: kasan: bad access detected [ 11.843949] [ 11.844043] Memory state around the buggy address: [ 11.844265] ffff8881031aa700: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 11.844567] ffff8881031aa780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.844908] >ffff8881031aa800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.845179] ^ [ 11.846891] ffff8881031aa880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.847185] ffff8881031aa900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.847526] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.785144] ================================================================== [ 11.786240] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.787047] Read of size 18446744073709551614 at addr ffff8881038d5804 by task kunit_try_catch/198 [ 11.788094] [ 11.788267] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.788325] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.788337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.788359] Call Trace: [ 11.788373] <TASK> [ 11.788389] dump_stack_lvl+0x73/0xb0 [ 11.788417] print_report+0xd1/0x650 [ 11.788439] ? __virt_addr_valid+0x1db/0x2d0 [ 11.788471] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.788495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.788516] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.788561] kasan_report+0x141/0x180 [ 11.788583] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.788612] kasan_check_range+0x10c/0x1c0 [ 11.788634] __asan_memmove+0x27/0x70 [ 11.788654] kmalloc_memmove_negative_size+0x171/0x330 [ 11.788711] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.788737] ? __schedule+0x10cc/0x2b60 [ 11.788759] ? __pfx_read_tsc+0x10/0x10 [ 11.788791] ? ktime_get_ts64+0x86/0x230 [ 11.788814] kunit_try_run_case+0x1a5/0x480 [ 11.788838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.788859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.788882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.788904] ? __kthread_parkme+0x82/0x180 [ 11.788923] ? preempt_count_sub+0x50/0x80 [ 11.788946] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.788969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.788990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.789012] kthread+0x337/0x6f0 [ 11.789031] ? trace_preempt_on+0x20/0xc0 [ 11.789053] ? __pfx_kthread+0x10/0x10 [ 11.789073] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.789093] ? calculate_sigpending+0x7b/0xa0 [ 11.789116] ? __pfx_kthread+0x10/0x10 [ 11.789136] ret_from_fork+0x116/0x1d0 [ 11.789154] ? __pfx_kthread+0x10/0x10 [ 11.789173] ret_from_fork_asm+0x1a/0x30 [ 11.789230] </TASK> [ 11.789242] [ 11.800714] Allocated by task 198: [ 11.801240] kasan_save_stack+0x45/0x70 [ 11.801613] kasan_save_track+0x18/0x40 [ 11.801804] kasan_save_alloc_info+0x3b/0x50 [ 11.802253] __kasan_kmalloc+0xb7/0xc0 [ 11.802572] __kmalloc_cache_noprof+0x189/0x420 [ 11.802930] kmalloc_memmove_negative_size+0xac/0x330 [ 11.803437] kunit_try_run_case+0x1a5/0x480 [ 11.803670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.803992] kthread+0x337/0x6f0 [ 11.804348] ret_from_fork+0x116/0x1d0 [ 11.804660] ret_from_fork_asm+0x1a/0x30 [ 11.804987] [ 11.805206] The buggy address belongs to the object at ffff8881038d5800 [ 11.805206] which belongs to the cache kmalloc-64 of size 64 [ 11.806085] The buggy address is located 4 bytes inside of [ 11.806085] 64-byte region [ffff8881038d5800, ffff8881038d5840) [ 11.806946] [ 11.807058] The buggy address belongs to the physical page: [ 11.807446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d5 [ 11.808020] flags: 0x200000000000000(node=0|zone=2) [ 11.808467] page_type: f5(slab) [ 11.808605] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.809241] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.809762] page dumped because: kasan: bad access detected [ 11.810131] [ 11.810272] Memory state around the buggy address: [ 11.810850] ffff8881038d5700: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 11.811300] ffff8881038d5780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.811632] >ffff8881038d5800: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.812247] ^ [ 11.812529] ffff8881038d5880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.813050] ffff8881038d5900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.813440] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.747202] ================================================================== [ 11.747755] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.748008] Write of size 16 at addr ffff8881031d4769 by task kunit_try_catch/196 [ 11.748246] [ 11.748337] CPU: 1 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.748380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.748392] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.748414] Call Trace: [ 11.748428] <TASK> [ 11.748444] dump_stack_lvl+0x73/0xb0 [ 11.749082] print_report+0xd1/0x650 [ 11.749121] ? __virt_addr_valid+0x1db/0x2d0 [ 11.749145] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.749168] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.749615] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.749644] kasan_report+0x141/0x180 [ 11.749736] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.749766] kasan_check_range+0x10c/0x1c0 [ 11.749790] __asan_memset+0x27/0x50 [ 11.749809] kmalloc_oob_memset_16+0x166/0x330 [ 11.749831] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.749853] ? __schedule+0x10cc/0x2b60 [ 11.749875] ? __pfx_read_tsc+0x10/0x10 [ 11.749896] ? ktime_get_ts64+0x86/0x230 [ 11.749919] kunit_try_run_case+0x1a5/0x480 [ 11.749943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.749964] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.749988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.750010] ? __kthread_parkme+0x82/0x180 [ 11.750030] ? preempt_count_sub+0x50/0x80 [ 11.750052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.750074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.750096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.750118] kthread+0x337/0x6f0 [ 11.750136] ? trace_preempt_on+0x20/0xc0 [ 11.750159] ? __pfx_kthread+0x10/0x10 [ 11.750201] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.750223] ? calculate_sigpending+0x7b/0xa0 [ 11.750247] ? __pfx_kthread+0x10/0x10 [ 11.750267] ret_from_fork+0x116/0x1d0 [ 11.750284] ? __pfx_kthread+0x10/0x10 [ 11.750304] ret_from_fork_asm+0x1a/0x30 [ 11.750333] </TASK> [ 11.750344] [ 11.766671] Allocated by task 196: [ 11.767482] kasan_save_stack+0x45/0x70 [ 11.768027] kasan_save_track+0x18/0x40 [ 11.768474] kasan_save_alloc_info+0x3b/0x50 [ 11.768926] __kasan_kmalloc+0xb7/0xc0 [ 11.769415] __kmalloc_cache_noprof+0x189/0x420 [ 11.769906] kmalloc_oob_memset_16+0xac/0x330 [ 11.770108] kunit_try_run_case+0x1a5/0x480 [ 11.770566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.771118] kthread+0x337/0x6f0 [ 11.771239] ret_from_fork+0x116/0x1d0 [ 11.771367] ret_from_fork_asm+0x1a/0x30 [ 11.771582] [ 11.771775] The buggy address belongs to the object at ffff8881031d4700 [ 11.771775] which belongs to the cache kmalloc-128 of size 128 [ 11.772972] The buggy address is located 105 bytes inside of [ 11.772972] allocated 120-byte region [ffff8881031d4700, ffff8881031d4778) [ 11.775032] [ 11.775273] The buggy address belongs to the physical page: [ 11.775677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 11.776142] flags: 0x200000000000000(node=0|zone=2) [ 11.776599] page_type: f5(slab) [ 11.776939] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.777559] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.778022] page dumped because: kasan: bad access detected [ 11.778481] [ 11.778672] Memory state around the buggy address: [ 11.779054] ffff8881031d4600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.779610] ffff8881031d4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.780429] >ffff8881031d4700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.780891] ^ [ 11.781388] ffff8881031d4780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.781804] ffff8881031d4800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.782014] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.711965] ================================================================== [ 11.712929] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.713843] Write of size 8 at addr ffff8881031a0571 by task kunit_try_catch/194 [ 11.714146] [ 11.714240] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.714284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.714296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.714317] Call Trace: [ 11.714330] <TASK> [ 11.714346] dump_stack_lvl+0x73/0xb0 [ 11.714376] print_report+0xd1/0x650 [ 11.714398] ? __virt_addr_valid+0x1db/0x2d0 [ 11.714419] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.714439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.714471] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.714492] kasan_report+0x141/0x180 [ 11.714514] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.714553] kasan_check_range+0x10c/0x1c0 [ 11.714576] __asan_memset+0x27/0x50 [ 11.714595] kmalloc_oob_memset_8+0x166/0x330 [ 11.714623] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.714645] ? __schedule+0x10cc/0x2b60 [ 11.714666] ? __pfx_read_tsc+0x10/0x10 [ 11.714686] ? ktime_get_ts64+0x86/0x230 [ 11.714717] kunit_try_run_case+0x1a5/0x480 [ 11.714741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.714762] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.714784] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.714806] ? __kthread_parkme+0x82/0x180 [ 11.714825] ? preempt_count_sub+0x50/0x80 [ 11.714847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.714869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.714891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.714913] kthread+0x337/0x6f0 [ 11.714931] ? trace_preempt_on+0x20/0xc0 [ 11.714953] ? __pfx_kthread+0x10/0x10 [ 11.714973] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.714992] ? calculate_sigpending+0x7b/0xa0 [ 11.715014] ? __pfx_kthread+0x10/0x10 [ 11.715035] ret_from_fork+0x116/0x1d0 [ 11.715052] ? __pfx_kthread+0x10/0x10 [ 11.715071] ret_from_fork_asm+0x1a/0x30 [ 11.715101] </TASK> [ 11.715112] [ 11.730517] Allocated by task 194: [ 11.730773] kasan_save_stack+0x45/0x70 [ 11.731175] kasan_save_track+0x18/0x40 [ 11.731654] kasan_save_alloc_info+0x3b/0x50 [ 11.731815] __kasan_kmalloc+0xb7/0xc0 [ 11.731948] __kmalloc_cache_noprof+0x189/0x420 [ 11.732105] kmalloc_oob_memset_8+0xac/0x330 [ 11.732355] kunit_try_run_case+0x1a5/0x480 [ 11.732671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.733183] kthread+0x337/0x6f0 [ 11.733437] ret_from_fork+0x116/0x1d0 [ 11.733829] ret_from_fork_asm+0x1a/0x30 [ 11.733977] [ 11.734053] The buggy address belongs to the object at ffff8881031a0500 [ 11.734053] which belongs to the cache kmalloc-128 of size 128 [ 11.734985] The buggy address is located 113 bytes inside of [ 11.734985] allocated 120-byte region [ffff8881031a0500, ffff8881031a0578) [ 11.736354] [ 11.736539] The buggy address belongs to the physical page: [ 11.736966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 11.737277] flags: 0x200000000000000(node=0|zone=2) [ 11.737779] page_type: f5(slab) [ 11.738103] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.738858] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.739444] page dumped because: kasan: bad access detected [ 11.739973] [ 11.740049] Memory state around the buggy address: [ 11.740220] ffff8881031a0400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.740952] ffff8881031a0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.741662] >ffff8881031a0500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.742026] ^ [ 11.742304] ffff8881031a0580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.742967] ffff8881031a0600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.743827] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.683581] ================================================================== [ 11.684269] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.684595] Write of size 4 at addr ffff8881031d4675 by task kunit_try_catch/192 [ 11.684950] [ 11.685064] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.685107] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.685119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.685140] Call Trace: [ 11.685152] <TASK> [ 11.685166] dump_stack_lvl+0x73/0xb0 [ 11.685194] print_report+0xd1/0x650 [ 11.685217] ? __virt_addr_valid+0x1db/0x2d0 [ 11.685238] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.685259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.685282] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.685303] kasan_report+0x141/0x180 [ 11.685324] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.685350] kasan_check_range+0x10c/0x1c0 [ 11.685372] __asan_memset+0x27/0x50 [ 11.685398] kmalloc_oob_memset_4+0x166/0x330 [ 11.685419] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.685477] ? __schedule+0x10cc/0x2b60 [ 11.685498] ? __pfx_read_tsc+0x10/0x10 [ 11.685517] ? ktime_get_ts64+0x86/0x230 [ 11.685540] kunit_try_run_case+0x1a5/0x480 [ 11.685563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.685584] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.685606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.685628] ? __kthread_parkme+0x82/0x180 [ 11.685646] ? preempt_count_sub+0x50/0x80 [ 11.685675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.685708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.685730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.685752] kthread+0x337/0x6f0 [ 11.685771] ? trace_preempt_on+0x20/0xc0 [ 11.685793] ? __pfx_kthread+0x10/0x10 [ 11.685812] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.685832] ? calculate_sigpending+0x7b/0xa0 [ 11.685854] ? __pfx_kthread+0x10/0x10 [ 11.685875] ret_from_fork+0x116/0x1d0 [ 11.685892] ? __pfx_kthread+0x10/0x10 [ 11.685911] ret_from_fork_asm+0x1a/0x30 [ 11.685940] </TASK> [ 11.685951] [ 11.698246] Allocated by task 192: [ 11.698468] kasan_save_stack+0x45/0x70 [ 11.698859] kasan_save_track+0x18/0x40 [ 11.699047] kasan_save_alloc_info+0x3b/0x50 [ 11.699251] __kasan_kmalloc+0xb7/0xc0 [ 11.699424] __kmalloc_cache_noprof+0x189/0x420 [ 11.699649] kmalloc_oob_memset_4+0xac/0x330 [ 11.700237] kunit_try_run_case+0x1a5/0x480 [ 11.700441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.700873] kthread+0x337/0x6f0 [ 11.701128] ret_from_fork+0x116/0x1d0 [ 11.701283] ret_from_fork_asm+0x1a/0x30 [ 11.701623] [ 11.701727] The buggy address belongs to the object at ffff8881031d4600 [ 11.701727] which belongs to the cache kmalloc-128 of size 128 [ 11.702488] The buggy address is located 117 bytes inside of [ 11.702488] allocated 120-byte region [ffff8881031d4600, ffff8881031d4678) [ 11.703260] [ 11.703351] The buggy address belongs to the physical page: [ 11.703789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 11.704223] flags: 0x200000000000000(node=0|zone=2) [ 11.704533] page_type: f5(slab) [ 11.704673] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.704971] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.705281] page dumped because: kasan: bad access detected [ 11.705769] [ 11.705857] Memory state around the buggy address: [ 11.706197] ffff8881031d4500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.706588] ffff8881031d4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.706987] >ffff8881031d4600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.707365] ^ [ 11.707818] ffff8881031d4680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.708188] ffff8881031d4700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.708585] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.662169] ================================================================== [ 11.662764] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.663054] Write of size 2 at addr ffff8881031d4577 by task kunit_try_catch/190 [ 11.663404] [ 11.663535] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.663577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.663590] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.663610] Call Trace: [ 11.663623] <TASK> [ 11.663639] dump_stack_lvl+0x73/0xb0 [ 11.663668] print_report+0xd1/0x650 [ 11.663698] ? __virt_addr_valid+0x1db/0x2d0 [ 11.663722] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.663743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.663764] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.663785] kasan_report+0x141/0x180 [ 11.663806] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.663832] kasan_check_range+0x10c/0x1c0 [ 11.663855] __asan_memset+0x27/0x50 [ 11.663874] kmalloc_oob_memset_2+0x166/0x330 [ 11.663895] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.663918] ? __schedule+0x10cc/0x2b60 [ 11.663939] ? __pfx_read_tsc+0x10/0x10 [ 11.663959] ? ktime_get_ts64+0x86/0x230 [ 11.663983] kunit_try_run_case+0x1a5/0x480 [ 11.664007] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.664028] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.664050] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.664072] ? __kthread_parkme+0x82/0x180 [ 11.664092] ? preempt_count_sub+0x50/0x80 [ 11.664115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.664138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.664159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.664182] kthread+0x337/0x6f0 [ 11.664204] ? trace_preempt_on+0x20/0xc0 [ 11.664228] ? __pfx_kthread+0x10/0x10 [ 11.664249] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.664269] ? calculate_sigpending+0x7b/0xa0 [ 11.664291] ? __pfx_kthread+0x10/0x10 [ 11.664312] ret_from_fork+0x116/0x1d0 [ 11.664330] ? __pfx_kthread+0x10/0x10 [ 11.664349] ret_from_fork_asm+0x1a/0x30 [ 11.664379] </TASK> [ 11.664390] [ 11.671689] Allocated by task 190: [ 11.671960] kasan_save_stack+0x45/0x70 [ 11.672167] kasan_save_track+0x18/0x40 [ 11.672312] kasan_save_alloc_info+0x3b/0x50 [ 11.672471] __kasan_kmalloc+0xb7/0xc0 [ 11.672618] __kmalloc_cache_noprof+0x189/0x420 [ 11.672989] kmalloc_oob_memset_2+0xac/0x330 [ 11.673206] kunit_try_run_case+0x1a5/0x480 [ 11.673420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.673669] kthread+0x337/0x6f0 [ 11.673823] ret_from_fork+0x116/0x1d0 [ 11.673957] ret_from_fork_asm+0x1a/0x30 [ 11.674096] [ 11.674194] The buggy address belongs to the object at ffff8881031d4500 [ 11.674194] which belongs to the cache kmalloc-128 of size 128 [ 11.674738] The buggy address is located 119 bytes inside of [ 11.674738] allocated 120-byte region [ffff8881031d4500, ffff8881031d4578) [ 11.675159] [ 11.675258] The buggy address belongs to the physical page: [ 11.675519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 11.675987] flags: 0x200000000000000(node=0|zone=2) [ 11.676195] page_type: f5(slab) [ 11.676348] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.676669] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.676946] page dumped because: kasan: bad access detected [ 11.677194] [ 11.677281] Memory state around the buggy address: [ 11.677535] ffff8881031d4400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.677869] ffff8881031d4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.678083] >ffff8881031d4500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.678293] ^ [ 11.678516] ffff8881031d4580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.679239] ffff8881031d4600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.679833] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.638951] ================================================================== [ 11.639653] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.639958] Write of size 128 at addr ffff8881031d4400 by task kunit_try_catch/188 [ 11.640259] [ 11.640366] CPU: 1 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.640409] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.640421] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.640441] Call Trace: [ 11.640477] <TASK> [ 11.640492] dump_stack_lvl+0x73/0xb0 [ 11.640517] print_report+0xd1/0x650 [ 11.640539] ? __virt_addr_valid+0x1db/0x2d0 [ 11.640560] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.640581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.640603] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.640624] kasan_report+0x141/0x180 [ 11.640646] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.640672] kasan_check_range+0x10c/0x1c0 [ 11.640694] __asan_memset+0x27/0x50 [ 11.640713] kmalloc_oob_in_memset+0x15f/0x320 [ 11.640735] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.640757] ? __schedule+0x10cc/0x2b60 [ 11.640777] ? __pfx_read_tsc+0x10/0x10 [ 11.640798] ? ktime_get_ts64+0x86/0x230 [ 11.640821] kunit_try_run_case+0x1a5/0x480 [ 11.640844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.640865] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.640888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.640910] ? __kthread_parkme+0x82/0x180 [ 11.640928] ? preempt_count_sub+0x50/0x80 [ 11.640951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.640973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.640995] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.641017] kthread+0x337/0x6f0 [ 11.641035] ? trace_preempt_on+0x20/0xc0 [ 11.641059] ? __pfx_kthread+0x10/0x10 [ 11.641100] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.641120] ? calculate_sigpending+0x7b/0xa0 [ 11.641142] ? __pfx_kthread+0x10/0x10 [ 11.641163] ret_from_fork+0x116/0x1d0 [ 11.641180] ? __pfx_kthread+0x10/0x10 [ 11.641200] ret_from_fork_asm+0x1a/0x30 [ 11.641230] </TASK> [ 11.641240] [ 11.648914] Allocated by task 188: [ 11.649049] kasan_save_stack+0x45/0x70 [ 11.649263] kasan_save_track+0x18/0x40 [ 11.649750] kasan_save_alloc_info+0x3b/0x50 [ 11.649931] __kasan_kmalloc+0xb7/0xc0 [ 11.650079] __kmalloc_cache_noprof+0x189/0x420 [ 11.650474] kmalloc_oob_in_memset+0xac/0x320 [ 11.650649] kunit_try_run_case+0x1a5/0x480 [ 11.650802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.650978] kthread+0x337/0x6f0 [ 11.651146] ret_from_fork+0x116/0x1d0 [ 11.651330] ret_from_fork_asm+0x1a/0x30 [ 11.651605] [ 11.651813] The buggy address belongs to the object at ffff8881031d4400 [ 11.651813] which belongs to the cache kmalloc-128 of size 128 [ 11.652336] The buggy address is located 0 bytes inside of [ 11.652336] allocated 120-byte region [ffff8881031d4400, ffff8881031d4478) [ 11.652866] [ 11.652941] The buggy address belongs to the physical page: [ 11.653116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031d4 [ 11.653428] flags: 0x200000000000000(node=0|zone=2) [ 11.653669] page_type: f5(slab) [ 11.653838] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.654351] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.654653] page dumped because: kasan: bad access detected [ 11.654829] [ 11.654938] Memory state around the buggy address: [ 11.655161] ffff8881031d4300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.655532] ffff8881031d4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.655746] >ffff8881031d4400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.655957] ^ [ 11.656557] ffff8881031d4480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.656896] ffff8881031d4500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.657267] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.614400] ================================================================== [ 11.615182] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.615561] Read of size 16 at addr ffff88810274c220 by task kunit_try_catch/186 [ 11.615874] [ 11.615986] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.616029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.616040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.616061] Call Trace: [ 11.616073] <TASK> [ 11.616088] dump_stack_lvl+0x73/0xb0 [ 11.616114] print_report+0xd1/0x650 [ 11.616135] ? __virt_addr_valid+0x1db/0x2d0 [ 11.616157] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.616176] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.616247] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.616270] kasan_report+0x141/0x180 [ 11.616291] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.616316] __asan_report_load16_noabort+0x18/0x20 [ 11.616340] kmalloc_uaf_16+0x47b/0x4c0 [ 11.616360] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.616381] ? __schedule+0x10cc/0x2b60 [ 11.616402] ? __pfx_read_tsc+0x10/0x10 [ 11.616423] ? ktime_get_ts64+0x86/0x230 [ 11.616448] kunit_try_run_case+0x1a5/0x480 [ 11.616485] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.616506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.616528] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.616550] ? __kthread_parkme+0x82/0x180 [ 11.616569] ? preempt_count_sub+0x50/0x80 [ 11.616591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.616614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.616636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.616657] kthread+0x337/0x6f0 [ 11.616676] ? trace_preempt_on+0x20/0xc0 [ 11.616698] ? __pfx_kthread+0x10/0x10 [ 11.616718] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.616738] ? calculate_sigpending+0x7b/0xa0 [ 11.616763] ? __pfx_kthread+0x10/0x10 [ 11.616787] ret_from_fork+0x116/0x1d0 [ 11.616806] ? __pfx_kthread+0x10/0x10 [ 11.616825] ret_from_fork_asm+0x1a/0x30 [ 11.616855] </TASK> [ 11.616866] [ 11.625738] Allocated by task 186: [ 11.625945] kasan_save_stack+0x45/0x70 [ 11.626112] kasan_save_track+0x18/0x40 [ 11.626265] kasan_save_alloc_info+0x3b/0x50 [ 11.626620] __kasan_kmalloc+0xb7/0xc0 [ 11.626763] __kmalloc_cache_noprof+0x189/0x420 [ 11.626955] kmalloc_uaf_16+0x15b/0x4c0 [ 11.627143] kunit_try_run_case+0x1a5/0x480 [ 11.627485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.627755] kthread+0x337/0x6f0 [ 11.627899] ret_from_fork+0x116/0x1d0 [ 11.628030] ret_from_fork_asm+0x1a/0x30 [ 11.628278] [ 11.628376] Freed by task 186: [ 11.628533] kasan_save_stack+0x45/0x70 [ 11.628668] kasan_save_track+0x18/0x40 [ 11.628870] kasan_save_free_info+0x3f/0x60 [ 11.629070] __kasan_slab_free+0x56/0x70 [ 11.629243] kfree+0x222/0x3f0 [ 11.629386] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.629529] kunit_try_run_case+0x1a5/0x480 [ 11.629671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.629918] kthread+0x337/0x6f0 [ 11.630305] ret_from_fork+0x116/0x1d0 [ 11.630523] ret_from_fork_asm+0x1a/0x30 [ 11.630677] [ 11.630787] The buggy address belongs to the object at ffff88810274c220 [ 11.630787] which belongs to the cache kmalloc-16 of size 16 [ 11.631269] The buggy address is located 0 bytes inside of [ 11.631269] freed 16-byte region [ffff88810274c220, ffff88810274c230) [ 11.631821] [ 11.631913] The buggy address belongs to the physical page: [ 11.632129] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 11.632481] flags: 0x200000000000000(node=0|zone=2) [ 11.632644] page_type: f5(slab) [ 11.632785] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.633286] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.633523] page dumped because: kasan: bad access detected [ 11.633688] [ 11.633835] Memory state around the buggy address: [ 11.634063] ffff88810274c100: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.634376] ffff88810274c180: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.634703] >ffff88810274c200: 00 00 fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.635239] ^ [ 11.635425] ffff88810274c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.635737] ffff88810274c300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.636006] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.595190] ================================================================== [ 11.595709] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.596095] Write of size 16 at addr ffff88810274c1c0 by task kunit_try_catch/184 [ 11.596581] [ 11.596807] CPU: 1 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.596853] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.596865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.596886] Call Trace: [ 11.596898] <TASK> [ 11.596912] dump_stack_lvl+0x73/0xb0 [ 11.596940] print_report+0xd1/0x650 [ 11.596962] ? __virt_addr_valid+0x1db/0x2d0 [ 11.596983] ? kmalloc_oob_16+0x452/0x4a0 [ 11.597003] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.597024] ? kmalloc_oob_16+0x452/0x4a0 [ 11.597045] kasan_report+0x141/0x180 [ 11.597066] ? kmalloc_oob_16+0x452/0x4a0 [ 11.597090] __asan_report_store16_noabort+0x1b/0x30 [ 11.597110] kmalloc_oob_16+0x452/0x4a0 [ 11.597131] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.597152] ? __schedule+0x10cc/0x2b60 [ 11.597173] ? __pfx_read_tsc+0x10/0x10 [ 11.597194] ? ktime_get_ts64+0x86/0x230 [ 11.597217] kunit_try_run_case+0x1a5/0x480 [ 11.597241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.597262] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.597284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.597306] ? __kthread_parkme+0x82/0x180 [ 11.597325] ? preempt_count_sub+0x50/0x80 [ 11.597347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.597370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.597397] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.597419] kthread+0x337/0x6f0 [ 11.597438] ? trace_preempt_on+0x20/0xc0 [ 11.597471] ? __pfx_kthread+0x10/0x10 [ 11.597491] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.597511] ? calculate_sigpending+0x7b/0xa0 [ 11.597535] ? __pfx_kthread+0x10/0x10 [ 11.597555] ret_from_fork+0x116/0x1d0 [ 11.597573] ? __pfx_kthread+0x10/0x10 [ 11.597593] ret_from_fork_asm+0x1a/0x30 [ 11.597622] </TASK> [ 11.597633] [ 11.604357] Allocated by task 184: [ 11.604536] kasan_save_stack+0x45/0x70 [ 11.604719] kasan_save_track+0x18/0x40 [ 11.604888] kasan_save_alloc_info+0x3b/0x50 [ 11.605037] __kasan_kmalloc+0xb7/0xc0 [ 11.605171] __kmalloc_cache_noprof+0x189/0x420 [ 11.605401] kmalloc_oob_16+0xa8/0x4a0 [ 11.605600] kunit_try_run_case+0x1a5/0x480 [ 11.605889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.606143] kthread+0x337/0x6f0 [ 11.606294] ret_from_fork+0x116/0x1d0 [ 11.606430] ret_from_fork_asm+0x1a/0x30 [ 11.606638] [ 11.606732] The buggy address belongs to the object at ffff88810274c1c0 [ 11.606732] which belongs to the cache kmalloc-16 of size 16 [ 11.607318] The buggy address is located 0 bytes inside of [ 11.607318] allocated 13-byte region [ffff88810274c1c0, ffff88810274c1cd) [ 11.607756] [ 11.607854] The buggy address belongs to the physical page: [ 11.608109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10274c [ 11.608435] flags: 0x200000000000000(node=0|zone=2) [ 11.608619] page_type: f5(slab) [ 11.608740] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.608972] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.609340] page dumped because: kasan: bad access detected [ 11.609606] [ 11.609710] Memory state around the buggy address: [ 11.609936] ffff88810274c080: 00 03 fc fc fa fb fc fc 00 02 fc fc 00 05 fc fc [ 11.610259] ffff88810274c100: 00 02 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.610541] >ffff88810274c180: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 11.610753] ^ [ 11.611085] ffff88810274c200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.611401] ffff88810274c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.611774] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.538972] ================================================================== [ 11.539785] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.540126] Read of size 1 at addr ffff888100ab4200 by task kunit_try_catch/182 [ 11.540449] [ 11.540588] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.540648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.540727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.540750] Call Trace: [ 11.540763] <TASK> [ 11.540779] dump_stack_lvl+0x73/0xb0 [ 11.540808] print_report+0xd1/0x650 [ 11.540831] ? __virt_addr_valid+0x1db/0x2d0 [ 11.540874] ? krealloc_uaf+0x1b8/0x5e0 [ 11.540896] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.540931] ? krealloc_uaf+0x1b8/0x5e0 [ 11.540952] kasan_report+0x141/0x180 [ 11.540973] ? krealloc_uaf+0x1b8/0x5e0 [ 11.540997] ? krealloc_uaf+0x1b8/0x5e0 [ 11.541018] __kasan_check_byte+0x3d/0x50 [ 11.541039] krealloc_noprof+0x3f/0x340 [ 11.541061] krealloc_uaf+0x1b8/0x5e0 [ 11.541082] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.541102] ? finish_task_switch.isra.0+0x153/0x700 [ 11.541124] ? __switch_to+0x47/0xf50 [ 11.541150] ? __schedule+0x10cc/0x2b60 [ 11.541171] ? __pfx_read_tsc+0x10/0x10 [ 11.541240] ? ktime_get_ts64+0x86/0x230 [ 11.541268] kunit_try_run_case+0x1a5/0x480 [ 11.541293] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.541314] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.541336] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.541358] ? __kthread_parkme+0x82/0x180 [ 11.541383] ? preempt_count_sub+0x50/0x80 [ 11.541405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.541427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.541449] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.541481] kthread+0x337/0x6f0 [ 11.541500] ? trace_preempt_on+0x20/0xc0 [ 11.541523] ? __pfx_kthread+0x10/0x10 [ 11.541542] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.541562] ? calculate_sigpending+0x7b/0xa0 [ 11.541586] ? __pfx_kthread+0x10/0x10 [ 11.541606] ret_from_fork+0x116/0x1d0 [ 11.541623] ? __pfx_kthread+0x10/0x10 [ 11.541643] ret_from_fork_asm+0x1a/0x30 [ 11.541673] </TASK> [ 11.541683] [ 11.550257] Allocated by task 182: [ 11.550448] kasan_save_stack+0x45/0x70 [ 11.550682] kasan_save_track+0x18/0x40 [ 11.550886] kasan_save_alloc_info+0x3b/0x50 [ 11.551130] __kasan_kmalloc+0xb7/0xc0 [ 11.551326] __kmalloc_cache_noprof+0x189/0x420 [ 11.551557] krealloc_uaf+0xbb/0x5e0 [ 11.551737] kunit_try_run_case+0x1a5/0x480 [ 11.551987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.552165] kthread+0x337/0x6f0 [ 11.552281] ret_from_fork+0x116/0x1d0 [ 11.552598] ret_from_fork_asm+0x1a/0x30 [ 11.552995] [ 11.553136] Freed by task 182: [ 11.553559] kasan_save_stack+0x45/0x70 [ 11.553788] kasan_save_track+0x18/0x40 [ 11.553954] kasan_save_free_info+0x3f/0x60 [ 11.554098] __kasan_slab_free+0x56/0x70 [ 11.554364] kfree+0x222/0x3f0 [ 11.554547] krealloc_uaf+0x13d/0x5e0 [ 11.554783] kunit_try_run_case+0x1a5/0x480 [ 11.554995] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.555317] kthread+0x337/0x6f0 [ 11.555444] ret_from_fork+0x116/0x1d0 [ 11.555585] ret_from_fork_asm+0x1a/0x30 [ 11.555762] [ 11.555932] The buggy address belongs to the object at ffff888100ab4200 [ 11.555932] which belongs to the cache kmalloc-256 of size 256 [ 11.556690] The buggy address is located 0 bytes inside of [ 11.556690] freed 256-byte region [ffff888100ab4200, ffff888100ab4300) [ 11.557093] [ 11.557166] The buggy address belongs to the physical page: [ 11.557340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 11.557710] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.558057] flags: 0x200000000000040(head|node=0|zone=2) [ 11.558600] page_type: f5(slab) [ 11.558784] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.559164] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.559517] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.559746] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.560189] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 11.560810] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.561188] page dumped because: kasan: bad access detected [ 11.561555] [ 11.561674] Memory state around the buggy address: [ 11.561830] ffff888100ab4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.562153] ffff888100ab4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.562632] >ffff888100ab4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.562967] ^ [ 11.563085] ffff888100ab4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.563616] ffff888100ab4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.563968] ================================================================== [ 11.564714] ================================================================== [ 11.565059] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.565664] Read of size 1 at addr ffff888100ab4200 by task kunit_try_catch/182 [ 11.566009] [ 11.566115] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.566156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.566168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.566188] Call Trace: [ 11.566475] <TASK> [ 11.566494] dump_stack_lvl+0x73/0xb0 [ 11.566524] print_report+0xd1/0x650 [ 11.566567] ? __virt_addr_valid+0x1db/0x2d0 [ 11.566589] ? krealloc_uaf+0x53c/0x5e0 [ 11.566610] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.566631] ? krealloc_uaf+0x53c/0x5e0 [ 11.566651] kasan_report+0x141/0x180 [ 11.566673] ? krealloc_uaf+0x53c/0x5e0 [ 11.566698] __asan_report_load1_noabort+0x18/0x20 [ 11.566722] krealloc_uaf+0x53c/0x5e0 [ 11.566761] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.566782] ? finish_task_switch.isra.0+0x153/0x700 [ 11.566803] ? __switch_to+0x47/0xf50 [ 11.566828] ? __schedule+0x10cc/0x2b60 [ 11.566850] ? __pfx_read_tsc+0x10/0x10 [ 11.566870] ? ktime_get_ts64+0x86/0x230 [ 11.566908] kunit_try_run_case+0x1a5/0x480 [ 11.566931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.566952] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.566974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.566996] ? __kthread_parkme+0x82/0x180 [ 11.567015] ? preempt_count_sub+0x50/0x80 [ 11.567036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.567059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.567080] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.567102] kthread+0x337/0x6f0 [ 11.567121] ? trace_preempt_on+0x20/0xc0 [ 11.567143] ? __pfx_kthread+0x10/0x10 [ 11.567163] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.567183] ? calculate_sigpending+0x7b/0xa0 [ 11.567205] ? __pfx_kthread+0x10/0x10 [ 11.567225] ret_from_fork+0x116/0x1d0 [ 11.567303] ? __pfx_kthread+0x10/0x10 [ 11.567326] ret_from_fork_asm+0x1a/0x30 [ 11.567356] </TASK> [ 11.567368] [ 11.575995] Allocated by task 182: [ 11.576160] kasan_save_stack+0x45/0x70 [ 11.576441] kasan_save_track+0x18/0x40 [ 11.576594] kasan_save_alloc_info+0x3b/0x50 [ 11.576960] __kasan_kmalloc+0xb7/0xc0 [ 11.577144] __kmalloc_cache_noprof+0x189/0x420 [ 11.577466] krealloc_uaf+0xbb/0x5e0 [ 11.577643] kunit_try_run_case+0x1a5/0x480 [ 11.577913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.578106] kthread+0x337/0x6f0 [ 11.578306] ret_from_fork+0x116/0x1d0 [ 11.578536] ret_from_fork_asm+0x1a/0x30 [ 11.578729] [ 11.578825] Freed by task 182: [ 11.579065] kasan_save_stack+0x45/0x70 [ 11.579250] kasan_save_track+0x18/0x40 [ 11.579435] kasan_save_free_info+0x3f/0x60 [ 11.579721] __kasan_slab_free+0x56/0x70 [ 11.579885] kfree+0x222/0x3f0 [ 11.579999] krealloc_uaf+0x13d/0x5e0 [ 11.580132] kunit_try_run_case+0x1a5/0x480 [ 11.580341] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.581024] kthread+0x337/0x6f0 [ 11.581176] ret_from_fork+0x116/0x1d0 [ 11.581448] ret_from_fork_asm+0x1a/0x30 [ 11.581637] [ 11.581771] The buggy address belongs to the object at ffff888100ab4200 [ 11.581771] which belongs to the cache kmalloc-256 of size 256 [ 11.582303] The buggy address is located 0 bytes inside of [ 11.582303] freed 256-byte region [ffff888100ab4200, ffff888100ab4300) [ 11.582847] [ 11.582944] The buggy address belongs to the physical page: [ 11.583164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 11.583573] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.584028] flags: 0x200000000000040(head|node=0|zone=2) [ 11.584326] page_type: f5(slab) [ 11.584504] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.584792] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.585021] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.585710] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.586334] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 11.586739] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.587078] page dumped because: kasan: bad access detected [ 11.587492] [ 11.587568] Memory state around the buggy address: [ 11.587724] ffff888100ab4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.588294] ffff888100ab4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.588702] >ffff888100ab4200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.589018] ^ [ 11.589139] ffff888100ab4280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.589795] ffff888100ab4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.590095] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 11.458308] ================================================================== [ 11.458580] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.459070] Write of size 1 at addr ffff888102a2a0d0 by task kunit_try_catch/180 [ 11.459570] [ 11.459661] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.459702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.459714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.459733] Call Trace: [ 11.459747] <TASK> [ 11.459761] dump_stack_lvl+0x73/0xb0 [ 11.459800] print_report+0xd1/0x650 [ 11.459822] ? __virt_addr_valid+0x1db/0x2d0 [ 11.459844] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.459879] ? kasan_addr_to_slab+0x11/0xa0 [ 11.459899] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.459923] kasan_report+0x141/0x180 [ 11.459956] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.459984] __asan_report_store1_noabort+0x1b/0x30 [ 11.460004] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.460040] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.460066] ? __kasan_check_write+0x18/0x20 [ 11.460085] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.460106] ? irqentry_exit+0x2a/0x60 [ 11.460127] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.460151] ? trace_hardirqs_on+0x37/0xe0 [ 11.460173] ? __pfx_read_tsc+0x10/0x10 [ 11.460197] krealloc_large_less_oob+0x1c/0x30 [ 11.460219] kunit_try_run_case+0x1a5/0x480 [ 11.460243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.460266] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.460288] ? __kthread_parkme+0x82/0x180 [ 11.460308] ? preempt_count_sub+0x50/0x80 [ 11.460331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.460364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.460387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.460409] kthread+0x337/0x6f0 [ 11.460439] ? trace_preempt_on+0x20/0xc0 [ 11.460469] ? __pfx_kthread+0x10/0x10 [ 11.460490] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.460510] ? calculate_sigpending+0x7b/0xa0 [ 11.460541] ? __pfx_kthread+0x10/0x10 [ 11.460562] ret_from_fork+0x116/0x1d0 [ 11.460580] ? __pfx_kthread+0x10/0x10 [ 11.460600] ret_from_fork_asm+0x1a/0x30 [ 11.460641] </TASK> [ 11.460652] [ 11.468640] The buggy address belongs to the physical page: [ 11.469070] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28 [ 11.469837] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.470541] flags: 0x200000000000040(head|node=0|zone=2) [ 11.471262] page_type: f8(unknown) [ 11.471521] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.471986] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.472404] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.472868] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.473285] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff [ 11.473718] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.474134] page dumped because: kasan: bad access detected [ 11.474476] [ 11.474580] Memory state around the buggy address: [ 11.474986] ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.475398] ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.475861] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.476175] ^ [ 11.476517] ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.476901] ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.477249] ================================================================== [ 11.516382] ================================================================== [ 11.516923] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.517163] Write of size 1 at addr ffff888102a2a0eb by task kunit_try_catch/180 [ 11.517385] [ 11.517482] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.517523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.517535] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.517555] Call Trace: [ 11.517568] <TASK> [ 11.517582] dump_stack_lvl+0x73/0xb0 [ 11.517607] print_report+0xd1/0x650 [ 11.517628] ? __virt_addr_valid+0x1db/0x2d0 [ 11.517650] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.517694] ? kasan_addr_to_slab+0x11/0xa0 [ 11.517714] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.517737] kasan_report+0x141/0x180 [ 11.517758] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.517786] __asan_report_store1_noabort+0x1b/0x30 [ 11.517806] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.517831] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.517855] ? __kasan_check_write+0x18/0x20 [ 11.517893] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.517914] ? irqentry_exit+0x2a/0x60 [ 11.517934] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.517956] ? trace_hardirqs_on+0x37/0xe0 [ 11.517978] ? __pfx_read_tsc+0x10/0x10 [ 11.518001] krealloc_large_less_oob+0x1c/0x30 [ 11.518022] kunit_try_run_case+0x1a5/0x480 [ 11.518045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.518086] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.518107] ? __kthread_parkme+0x82/0x180 [ 11.518127] ? preempt_count_sub+0x50/0x80 [ 11.518166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.518189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.518210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.518232] kthread+0x337/0x6f0 [ 11.518251] ? trace_preempt_on+0x20/0xc0 [ 11.518271] ? __pfx_kthread+0x10/0x10 [ 11.518291] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.518328] ? calculate_sigpending+0x7b/0xa0 [ 11.518350] ? __pfx_kthread+0x10/0x10 [ 11.518371] ret_from_fork+0x116/0x1d0 [ 11.518388] ? __pfx_kthread+0x10/0x10 [ 11.518408] ret_from_fork_asm+0x1a/0x30 [ 11.518437] </TASK> [ 11.518448] [ 11.526229] The buggy address belongs to the physical page: [ 11.526551] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28 [ 11.527119] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.527489] flags: 0x200000000000040(head|node=0|zone=2) [ 11.527772] page_type: f8(unknown) [ 11.527935] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.528160] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.528443] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.528945] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.529283] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff [ 11.529654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.529950] page dumped because: kasan: bad access detected [ 11.530238] [ 11.530364] Memory state around the buggy address: [ 11.530619] ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.530927] ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.531249] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.531566] ^ [ 11.531935] ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.532140] ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.532343] ================================================================== [ 11.270891] ================================================================== [ 11.271451] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.271807] Write of size 1 at addr ffff88810033e4d0 by task kunit_try_catch/176 [ 11.272095] [ 11.272252] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.272296] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.272308] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.272328] Call Trace: [ 11.272340] <TASK> [ 11.272355] dump_stack_lvl+0x73/0xb0 [ 11.272380] print_report+0xd1/0x650 [ 11.272401] ? __virt_addr_valid+0x1db/0x2d0 [ 11.272422] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.272444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.272477] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.272499] kasan_report+0x141/0x180 [ 11.272521] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.272548] __asan_report_store1_noabort+0x1b/0x30 [ 11.272567] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.272592] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.272614] ? finish_task_switch.isra.0+0x153/0x700 [ 11.272635] ? __switch_to+0x47/0xf50 [ 11.272659] ? __schedule+0x10cc/0x2b60 [ 11.272679] ? __pfx_read_tsc+0x10/0x10 [ 11.272702] krealloc_less_oob+0x1c/0x30 [ 11.272723] kunit_try_run_case+0x1a5/0x480 [ 11.272746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.272767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.272789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.272811] ? __kthread_parkme+0x82/0x180 [ 11.272830] ? preempt_count_sub+0x50/0x80 [ 11.272851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.272874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.272895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.272917] kthread+0x337/0x6f0 [ 11.272935] ? trace_preempt_on+0x20/0xc0 [ 11.272957] ? __pfx_kthread+0x10/0x10 [ 11.272977] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.272997] ? calculate_sigpending+0x7b/0xa0 [ 11.273019] ? __pfx_kthread+0x10/0x10 [ 11.273040] ret_from_fork+0x116/0x1d0 [ 11.273057] ? __pfx_kthread+0x10/0x10 [ 11.273077] ret_from_fork_asm+0x1a/0x30 [ 11.273106] </TASK> [ 11.273116] [ 11.281218] Allocated by task 176: [ 11.281356] kasan_save_stack+0x45/0x70 [ 11.281546] kasan_save_track+0x18/0x40 [ 11.281797] kasan_save_alloc_info+0x3b/0x50 [ 11.282030] __kasan_krealloc+0x190/0x1f0 [ 11.282286] krealloc_noprof+0xf3/0x340 [ 11.282476] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.282660] krealloc_less_oob+0x1c/0x30 [ 11.282858] kunit_try_run_case+0x1a5/0x480 [ 11.283046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.283438] kthread+0x337/0x6f0 [ 11.283621] ret_from_fork+0x116/0x1d0 [ 11.283842] ret_from_fork_asm+0x1a/0x30 [ 11.284027] [ 11.284127] The buggy address belongs to the object at ffff88810033e400 [ 11.284127] which belongs to the cache kmalloc-256 of size 256 [ 11.284677] The buggy address is located 7 bytes to the right of [ 11.284677] allocated 201-byte region [ffff88810033e400, ffff88810033e4c9) [ 11.285170] [ 11.285349] The buggy address belongs to the physical page: [ 11.285609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e [ 11.285983] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.286368] flags: 0x200000000000040(head|node=0|zone=2) [ 11.286579] page_type: f5(slab) [ 11.286702] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.286932] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.287163] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.287548] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.288223] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff [ 11.288578] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.288931] page dumped because: kasan: bad access detected [ 11.289135] [ 11.289361] Memory state around the buggy address: [ 11.289620] ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.289987] ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.290227] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.290438] ^ [ 11.290715] ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.291170] ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.291560] ================================================================== [ 11.292134] ================================================================== [ 11.292513] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.292984] Write of size 1 at addr ffff88810033e4da by task kunit_try_catch/176 [ 11.293371] [ 11.293490] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.293531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.293543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.293563] Call Trace: [ 11.293575] <TASK> [ 11.293590] dump_stack_lvl+0x73/0xb0 [ 11.293616] print_report+0xd1/0x650 [ 11.293637] ? __virt_addr_valid+0x1db/0x2d0 [ 11.293658] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.293680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.293701] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.293724] kasan_report+0x141/0x180 [ 11.293745] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.293772] __asan_report_store1_noabort+0x1b/0x30 [ 11.293792] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.293816] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.293839] ? finish_task_switch.isra.0+0x153/0x700 [ 11.293860] ? __switch_to+0x47/0xf50 [ 11.293884] ? __schedule+0x10cc/0x2b60 [ 11.293905] ? __pfx_read_tsc+0x10/0x10 [ 11.293927] krealloc_less_oob+0x1c/0x30 [ 11.293948] kunit_try_run_case+0x1a5/0x480 [ 11.293970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.293991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.294013] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.294035] ? __kthread_parkme+0x82/0x180 [ 11.294053] ? preempt_count_sub+0x50/0x80 [ 11.294075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.294097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.294119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.294140] kthread+0x337/0x6f0 [ 11.294159] ? trace_preempt_on+0x20/0xc0 [ 11.294180] ? __pfx_kthread+0x10/0x10 [ 11.294200] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.294220] ? calculate_sigpending+0x7b/0xa0 [ 11.294242] ? __pfx_kthread+0x10/0x10 [ 11.294262] ret_from_fork+0x116/0x1d0 [ 11.294280] ? __pfx_kthread+0x10/0x10 [ 11.294299] ret_from_fork_asm+0x1a/0x30 [ 11.294328] </TASK> [ 11.294338] [ 11.302304] Allocated by task 176: [ 11.302966] kasan_save_stack+0x45/0x70 [ 11.303558] kasan_save_track+0x18/0x40 [ 11.304196] kasan_save_alloc_info+0x3b/0x50 [ 11.304800] __kasan_krealloc+0x190/0x1f0 [ 11.305048] krealloc_noprof+0xf3/0x340 [ 11.305433] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.306027] krealloc_less_oob+0x1c/0x30 [ 11.306800] kunit_try_run_case+0x1a5/0x480 [ 11.307057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.307586] kthread+0x337/0x6f0 [ 11.308134] ret_from_fork+0x116/0x1d0 [ 11.308878] ret_from_fork_asm+0x1a/0x30 [ 11.309341] [ 11.309439] The buggy address belongs to the object at ffff88810033e400 [ 11.309439] which belongs to the cache kmalloc-256 of size 256 [ 11.310384] The buggy address is located 17 bytes to the right of [ 11.310384] allocated 201-byte region [ffff88810033e400, ffff88810033e4c9) [ 11.312013] [ 11.312414] The buggy address belongs to the physical page: [ 11.313038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e [ 11.313313] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.314210] flags: 0x200000000000040(head|node=0|zone=2) [ 11.314709] page_type: f5(slab) [ 11.315079] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.315615] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.316380] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.316888] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.317123] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff [ 11.317807] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.318565] page dumped because: kasan: bad access detected [ 11.319076] [ 11.319279] Memory state around the buggy address: [ 11.319824] ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.320544] ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.321094] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.321681] ^ [ 11.322304] ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.322938] ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.323488] ================================================================== [ 11.241135] ================================================================== [ 11.241878] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.242591] Write of size 1 at addr ffff88810033e4c9 by task kunit_try_catch/176 [ 11.243314] [ 11.243480] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.243525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.243537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.243558] Call Trace: [ 11.243571] <TASK> [ 11.243586] dump_stack_lvl+0x73/0xb0 [ 11.243613] print_report+0xd1/0x650 [ 11.243635] ? __virt_addr_valid+0x1db/0x2d0 [ 11.243656] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.243678] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.243699] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.243722] kasan_report+0x141/0x180 [ 11.243743] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.243770] __asan_report_store1_noabort+0x1b/0x30 [ 11.243789] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.243814] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.243837] ? finish_task_switch.isra.0+0x153/0x700 [ 11.243857] ? __switch_to+0x47/0xf50 [ 11.243882] ? __schedule+0x10cc/0x2b60 [ 11.243903] ? __pfx_read_tsc+0x10/0x10 [ 11.243926] krealloc_less_oob+0x1c/0x30 [ 11.243946] kunit_try_run_case+0x1a5/0x480 [ 11.243969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.243990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.244011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.244033] ? __kthread_parkme+0x82/0x180 [ 11.244053] ? preempt_count_sub+0x50/0x80 [ 11.244075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.244097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.244118] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.244140] kthread+0x337/0x6f0 [ 11.244158] ? trace_preempt_on+0x20/0xc0 [ 11.244180] ? __pfx_kthread+0x10/0x10 [ 11.244200] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.244220] ? calculate_sigpending+0x7b/0xa0 [ 11.244242] ? __pfx_kthread+0x10/0x10 [ 11.244262] ret_from_fork+0x116/0x1d0 [ 11.244279] ? __pfx_kthread+0x10/0x10 [ 11.244299] ret_from_fork_asm+0x1a/0x30 [ 11.244328] </TASK> [ 11.244339] [ 11.257730] Allocated by task 176: [ 11.258098] kasan_save_stack+0x45/0x70 [ 11.258536] kasan_save_track+0x18/0x40 [ 11.258928] kasan_save_alloc_info+0x3b/0x50 [ 11.259111] __kasan_krealloc+0x190/0x1f0 [ 11.259302] krealloc_noprof+0xf3/0x340 [ 11.259672] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.260153] krealloc_less_oob+0x1c/0x30 [ 11.260568] kunit_try_run_case+0x1a5/0x480 [ 11.260955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.261165] kthread+0x337/0x6f0 [ 11.261710] ret_from_fork+0x116/0x1d0 [ 11.262090] ret_from_fork_asm+0x1a/0x30 [ 11.262503] [ 11.262630] The buggy address belongs to the object at ffff88810033e400 [ 11.262630] which belongs to the cache kmalloc-256 of size 256 [ 11.263027] The buggy address is located 0 bytes to the right of [ 11.263027] allocated 201-byte region [ffff88810033e400, ffff88810033e4c9) [ 11.263506] [ 11.263611] The buggy address belongs to the physical page: [ 11.263988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e [ 11.264320] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.264668] flags: 0x200000000000040(head|node=0|zone=2) [ 11.264940] page_type: f5(slab) [ 11.265101] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.265601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.265868] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.266394] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.266738] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff [ 11.267030] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.267318] page dumped because: kasan: bad access detected [ 11.267626] [ 11.267722] Memory state around the buggy address: [ 11.267952] ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.268227] ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.268544] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.268807] ^ [ 11.269124] ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.269506] ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.269876] ================================================================== [ 11.477822] ================================================================== [ 11.478088] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.479023] Write of size 1 at addr ffff888102a2a0da by task kunit_try_catch/180 [ 11.479266] [ 11.479359] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.479401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.479414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.479435] Call Trace: [ 11.479463] <TASK> [ 11.479479] dump_stack_lvl+0x73/0xb0 [ 11.479508] print_report+0xd1/0x650 [ 11.479529] ? __virt_addr_valid+0x1db/0x2d0 [ 11.479550] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.479572] ? kasan_addr_to_slab+0x11/0xa0 [ 11.479592] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.479614] kasan_report+0x141/0x180 [ 11.479635] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.479685] __asan_report_store1_noabort+0x1b/0x30 [ 11.479706] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.479731] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.479756] ? __kasan_check_write+0x18/0x20 [ 11.479774] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.479795] ? irqentry_exit+0x2a/0x60 [ 11.479815] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.479838] ? trace_hardirqs_on+0x37/0xe0 [ 11.479860] ? __pfx_read_tsc+0x10/0x10 [ 11.479883] krealloc_large_less_oob+0x1c/0x30 [ 11.479904] kunit_try_run_case+0x1a5/0x480 [ 11.479928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.479951] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.479973] ? __kthread_parkme+0x82/0x180 [ 11.479992] ? preempt_count_sub+0x50/0x80 [ 11.480014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.480036] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.480058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.480079] kthread+0x337/0x6f0 [ 11.480098] ? trace_preempt_on+0x20/0xc0 [ 11.480118] ? __pfx_kthread+0x10/0x10 [ 11.480138] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.480157] ? calculate_sigpending+0x7b/0xa0 [ 11.480179] ? __pfx_kthread+0x10/0x10 [ 11.480200] ret_from_fork+0x116/0x1d0 [ 11.480217] ? __pfx_kthread+0x10/0x10 [ 11.480237] ret_from_fork_asm+0x1a/0x30 [ 11.480266] </TASK> [ 11.480277] [ 11.488415] The buggy address belongs to the physical page: [ 11.488621] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28 [ 11.488903] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.489406] flags: 0x200000000000040(head|node=0|zone=2) [ 11.489893] page_type: f8(unknown) [ 11.490217] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.491186] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.491619] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.492632] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.493358] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff [ 11.494035] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.494280] page dumped because: kasan: bad access detected [ 11.494466] [ 11.494541] Memory state around the buggy address: [ 11.494773] ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.495361] ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.495979] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.496575] ^ [ 11.497206] ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.497906] ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.498529] ================================================================== [ 11.499156] ================================================================== [ 11.499391] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.500080] Write of size 1 at addr ffff888102a2a0ea by task kunit_try_catch/180 [ 11.500580] [ 11.500694] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.500733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.500746] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.500766] Call Trace: [ 11.500781] <TASK> [ 11.500796] dump_stack_lvl+0x73/0xb0 [ 11.500823] print_report+0xd1/0x650 [ 11.500844] ? __virt_addr_valid+0x1db/0x2d0 [ 11.500865] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.500887] ? kasan_addr_to_slab+0x11/0xa0 [ 11.500907] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.500930] kasan_report+0x141/0x180 [ 11.500951] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.500979] __asan_report_store1_noabort+0x1b/0x30 [ 11.500999] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.501024] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.501049] ? __kasan_check_write+0x18/0x20 [ 11.501068] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.501089] ? irqentry_exit+0x2a/0x60 [ 11.501110] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.501133] ? trace_hardirqs_on+0x37/0xe0 [ 11.501154] ? __pfx_read_tsc+0x10/0x10 [ 11.501177] krealloc_large_less_oob+0x1c/0x30 [ 11.501199] kunit_try_run_case+0x1a5/0x480 [ 11.501222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.501245] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.501301] ? __kthread_parkme+0x82/0x180 [ 11.501323] ? preempt_count_sub+0x50/0x80 [ 11.501346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.501368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.501396] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.501418] kthread+0x337/0x6f0 [ 11.501437] ? trace_preempt_on+0x20/0xc0 [ 11.501476] ? __pfx_kthread+0x10/0x10 [ 11.501496] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.501517] ? calculate_sigpending+0x7b/0xa0 [ 11.501540] ? __pfx_kthread+0x10/0x10 [ 11.501560] ret_from_fork+0x116/0x1d0 [ 11.501578] ? __pfx_kthread+0x10/0x10 [ 11.501597] ret_from_fork_asm+0x1a/0x30 [ 11.501627] </TASK> [ 11.501638] [ 11.509797] The buggy address belongs to the physical page: [ 11.510047] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28 [ 11.510375] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.510705] flags: 0x200000000000040(head|node=0|zone=2) [ 11.510919] page_type: f8(unknown) [ 11.511093] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.511431] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.511787] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.512074] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.512607] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff [ 11.512941] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.513279] page dumped because: kasan: bad access detected [ 11.513513] [ 11.513584] Memory state around the buggy address: [ 11.513839] ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.514152] ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.514387] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.514741] ^ [ 11.515049] ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.515379] ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.515694] ================================================================== [ 11.324118] ================================================================== [ 11.324527] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.325284] Write of size 1 at addr ffff88810033e4ea by task kunit_try_catch/176 [ 11.325887] [ 11.326068] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.326122] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.326133] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.326153] Call Trace: [ 11.326170] <TASK> [ 11.326187] dump_stack_lvl+0x73/0xb0 [ 11.326214] print_report+0xd1/0x650 [ 11.326235] ? __virt_addr_valid+0x1db/0x2d0 [ 11.326256] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.326288] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.326309] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.326332] kasan_report+0x141/0x180 [ 11.326364] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.326391] __asan_report_store1_noabort+0x1b/0x30 [ 11.326410] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.326435] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.326466] ? finish_task_switch.isra.0+0x153/0x700 [ 11.326486] ? __switch_to+0x47/0xf50 [ 11.326510] ? __schedule+0x10cc/0x2b60 [ 11.326531] ? __pfx_read_tsc+0x10/0x10 [ 11.326554] krealloc_less_oob+0x1c/0x30 [ 11.326575] kunit_try_run_case+0x1a5/0x480 [ 11.326597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.326618] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.326640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.326671] ? __kthread_parkme+0x82/0x180 [ 11.326691] ? preempt_count_sub+0x50/0x80 [ 11.326713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.326745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.326767] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.326789] kthread+0x337/0x6f0 [ 11.326807] ? trace_preempt_on+0x20/0xc0 [ 11.326829] ? __pfx_kthread+0x10/0x10 [ 11.326848] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.326868] ? calculate_sigpending+0x7b/0xa0 [ 11.326890] ? __pfx_kthread+0x10/0x10 [ 11.326911] ret_from_fork+0x116/0x1d0 [ 11.326928] ? __pfx_kthread+0x10/0x10 [ 11.326947] ret_from_fork_asm+0x1a/0x30 [ 11.326977] </TASK> [ 11.326988] [ 11.341230] Allocated by task 176: [ 11.341660] kasan_save_stack+0x45/0x70 [ 11.342067] kasan_save_track+0x18/0x40 [ 11.342633] kasan_save_alloc_info+0x3b/0x50 [ 11.342835] __kasan_krealloc+0x190/0x1f0 [ 11.343507] krealloc_noprof+0xf3/0x340 [ 11.343915] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.344372] krealloc_less_oob+0x1c/0x30 [ 11.344532] kunit_try_run_case+0x1a5/0x480 [ 11.344690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.345260] kthread+0x337/0x6f0 [ 11.345675] ret_from_fork+0x116/0x1d0 [ 11.346035] ret_from_fork_asm+0x1a/0x30 [ 11.346443] [ 11.346703] The buggy address belongs to the object at ffff88810033e400 [ 11.346703] which belongs to the cache kmalloc-256 of size 256 [ 11.347757] The buggy address is located 33 bytes to the right of [ 11.347757] allocated 201-byte region [ffff88810033e400, ffff88810033e4c9) [ 11.348575] [ 11.348654] The buggy address belongs to the physical page: [ 11.349171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e [ 11.349920] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.350150] flags: 0x200000000000040(head|node=0|zone=2) [ 11.350369] page_type: f5(slab) [ 11.350745] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.351531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.352279] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.353157] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.353706] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff [ 11.354425] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.354933] page dumped because: kasan: bad access detected [ 11.355349] [ 11.355424] Memory state around the buggy address: [ 11.355593] ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.355868] ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.356611] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.357355] ^ [ 11.358150] ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.358875] ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.359516] ================================================================== [ 11.441545] ================================================================== [ 11.442066] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.442475] Write of size 1 at addr ffff888102a2a0c9 by task kunit_try_catch/180 [ 11.442837] [ 11.442972] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.443027] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.443048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.443070] Call Trace: [ 11.443084] <TASK> [ 11.443100] dump_stack_lvl+0x73/0xb0 [ 11.443137] print_report+0xd1/0x650 [ 11.443159] ? __virt_addr_valid+0x1db/0x2d0 [ 11.443180] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.443203] ? kasan_addr_to_slab+0x11/0xa0 [ 11.443223] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.443246] kasan_report+0x141/0x180 [ 11.443268] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.443304] __asan_report_store1_noabort+0x1b/0x30 [ 11.443324] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.443349] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.443385] ? __kasan_check_write+0x18/0x20 [ 11.443403] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.443424] ? irqentry_exit+0x2a/0x60 [ 11.443447] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.443478] ? trace_hardirqs_on+0x37/0xe0 [ 11.443500] ? __pfx_read_tsc+0x10/0x10 [ 11.443524] krealloc_large_less_oob+0x1c/0x30 [ 11.443554] kunit_try_run_case+0x1a5/0x480 [ 11.443579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.443612] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.443635] ? __kthread_parkme+0x82/0x180 [ 11.443654] ? preempt_count_sub+0x50/0x80 [ 11.443677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.443700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.443722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.443753] kthread+0x337/0x6f0 [ 11.443772] ? trace_preempt_on+0x20/0xc0 [ 11.443794] ? __pfx_kthread+0x10/0x10 [ 11.443825] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.443847] ? calculate_sigpending+0x7b/0xa0 [ 11.443870] ? __pfx_kthread+0x10/0x10 [ 11.443893] ret_from_fork+0x116/0x1d0 [ 11.443911] ? __pfx_kthread+0x10/0x10 [ 11.443931] ret_from_fork_asm+0x1a/0x30 [ 11.443961] </TASK> [ 11.443972] [ 11.452034] The buggy address belongs to the physical page: [ 11.452306] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a28 [ 11.452569] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.453057] flags: 0x200000000000040(head|node=0|zone=2) [ 11.453284] page_type: f8(unknown) [ 11.453477] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.453824] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.454089] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.454464] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.454775] head: 0200000000000002 ffffea00040a8a01 00000000ffffffff 00000000ffffffff [ 11.455102] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.455330] page dumped because: kasan: bad access detected [ 11.455518] [ 11.455610] Memory state around the buggy address: [ 11.455848] ffff888102a29f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.456174] ffff888102a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.456500] >ffff888102a2a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.456870] ^ [ 11.457049] ffff888102a2a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.457324] ffff888102a2a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.457685] ================================================================== [ 11.360065] ================================================================== [ 11.360800] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.361418] Write of size 1 at addr ffff88810033e4eb by task kunit_try_catch/176 [ 11.362141] [ 11.362247] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.362290] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.362301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.362328] Call Trace: [ 11.362344] <TASK> [ 11.362360] dump_stack_lvl+0x73/0xb0 [ 11.362387] print_report+0xd1/0x650 [ 11.362408] ? __virt_addr_valid+0x1db/0x2d0 [ 11.362429] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362460] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.362482] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362504] kasan_report+0x141/0x180 [ 11.362525] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362562] __asan_report_store1_noabort+0x1b/0x30 [ 11.362582] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.362606] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.362629] ? finish_task_switch.isra.0+0x153/0x700 [ 11.362649] ? __switch_to+0x47/0xf50 [ 11.362673] ? __schedule+0x10cc/0x2b60 [ 11.362694] ? __pfx_read_tsc+0x10/0x10 [ 11.362717] krealloc_less_oob+0x1c/0x30 [ 11.362737] kunit_try_run_case+0x1a5/0x480 [ 11.362760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.362781] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.362803] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.362826] ? __kthread_parkme+0x82/0x180 [ 11.362844] ? preempt_count_sub+0x50/0x80 [ 11.362866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.362888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.362909] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.362931] kthread+0x337/0x6f0 [ 11.362949] ? trace_preempt_on+0x20/0xc0 [ 11.362971] ? __pfx_kthread+0x10/0x10 [ 11.362991] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.363011] ? calculate_sigpending+0x7b/0xa0 [ 11.363033] ? __pfx_kthread+0x10/0x10 [ 11.363054] ret_from_fork+0x116/0x1d0 [ 11.363071] ? __pfx_kthread+0x10/0x10 [ 11.363090] ret_from_fork_asm+0x1a/0x30 [ 11.363120] </TASK> [ 11.363130] [ 11.377265] Allocated by task 176: [ 11.377685] kasan_save_stack+0x45/0x70 [ 11.378115] kasan_save_track+0x18/0x40 [ 11.378449] kasan_save_alloc_info+0x3b/0x50 [ 11.378870] __kasan_krealloc+0x190/0x1f0 [ 11.379013] krealloc_noprof+0xf3/0x340 [ 11.379148] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.379353] krealloc_less_oob+0x1c/0x30 [ 11.379794] kunit_try_run_case+0x1a5/0x480 [ 11.380234] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.381059] kthread+0x337/0x6f0 [ 11.381483] ret_from_fork+0x116/0x1d0 [ 11.381887] ret_from_fork_asm+0x1a/0x30 [ 11.382281] [ 11.382558] The buggy address belongs to the object at ffff88810033e400 [ 11.382558] which belongs to the cache kmalloc-256 of size 256 [ 11.383240] The buggy address is located 34 bytes to the right of [ 11.383240] allocated 201-byte region [ffff88810033e400, ffff88810033e4c9) [ 11.384467] [ 11.384673] The buggy address belongs to the physical page: [ 11.384971] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10033e [ 11.385770] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.386262] flags: 0x200000000000040(head|node=0|zone=2) [ 11.386833] page_type: f5(slab) [ 11.386972] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.387769] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.388003] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.388347] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.389104] head: 0200000000000001 ffffea000400cf81 00000000ffffffff 00000000ffffffff [ 11.389927] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.390986] page dumped because: kasan: bad access detected [ 11.391363] [ 11.391439] Memory state around the buggy address: [ 11.391611] ffff88810033e380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.392169] ffff88810033e400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.392918] >ffff88810033e480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.393574] ^ [ 11.394197] ffff88810033e500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.394796] ffff88810033e580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.395099] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 11.420314] ================================================================== [ 11.420820] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.421245] Write of size 1 at addr ffff888102a260f0 by task kunit_try_catch/178 [ 11.421639] [ 11.421785] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.421827] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.421838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.421858] Call Trace: [ 11.421871] <TASK> [ 11.421886] dump_stack_lvl+0x73/0xb0 [ 11.421912] print_report+0xd1/0x650 [ 11.421933] ? __virt_addr_valid+0x1db/0x2d0 [ 11.421954] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.421978] ? kasan_addr_to_slab+0x11/0xa0 [ 11.422009] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.422032] kasan_report+0x141/0x180 [ 11.422053] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.422092] __asan_report_store1_noabort+0x1b/0x30 [ 11.422112] krealloc_more_oob_helper+0x7eb/0x930 [ 11.422134] ? __schedule+0x10cc/0x2b60 [ 11.422155] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.422180] ? finish_task_switch.isra.0+0x153/0x700 [ 11.422200] ? __switch_to+0x47/0xf50 [ 11.422224] ? __schedule+0x10cc/0x2b60 [ 11.422245] ? __pfx_read_tsc+0x10/0x10 [ 11.422268] krealloc_large_more_oob+0x1c/0x30 [ 11.422290] kunit_try_run_case+0x1a5/0x480 [ 11.422313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.422344] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.422365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.422387] ? __kthread_parkme+0x82/0x180 [ 11.422418] ? preempt_count_sub+0x50/0x80 [ 11.422440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.422472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.422494] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.422525] kthread+0x337/0x6f0 [ 11.422544] ? trace_preempt_on+0x20/0xc0 [ 11.422566] ? __pfx_kthread+0x10/0x10 [ 11.422586] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.422617] ? calculate_sigpending+0x7b/0xa0 [ 11.422640] ? __pfx_kthread+0x10/0x10 [ 11.422662] ret_from_fork+0x116/0x1d0 [ 11.422680] ? __pfx_kthread+0x10/0x10 [ 11.422700] ret_from_fork_asm+0x1a/0x30 [ 11.422738] </TASK> [ 11.422748] [ 11.430124] The buggy address belongs to the physical page: [ 11.430405] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a24 [ 11.430797] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.431043] flags: 0x200000000000040(head|node=0|zone=2) [ 11.431307] page_type: f8(unknown) [ 11.431508] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.431924] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.432201] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.432561] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.432929] head: 0200000000000002 ffffea00040a8901 00000000ffffffff 00000000ffffffff [ 11.433262] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.433591] page dumped because: kasan: bad access detected [ 11.433877] [ 11.433948] Memory state around the buggy address: [ 11.434103] ffff888102a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.434316] ffff888102a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.434898] >ffff888102a26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.435157] ^ [ 11.435363] ffff888102a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.435590] ffff888102a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.436156] ================================================================== [ 11.181294] ================================================================== [ 11.182381] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.183028] Write of size 1 at addr ffff888100ab40eb by task kunit_try_catch/174 [ 11.183746] [ 11.183861] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.184007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.184020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.184041] Call Trace: [ 11.184055] <TASK> [ 11.184072] dump_stack_lvl+0x73/0xb0 [ 11.184112] print_report+0xd1/0x650 [ 11.184135] ? __virt_addr_valid+0x1db/0x2d0 [ 11.184158] ? krealloc_more_oob_helper+0x821/0x930 [ 11.184181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.184202] ? krealloc_more_oob_helper+0x821/0x930 [ 11.184225] kasan_report+0x141/0x180 [ 11.184246] ? krealloc_more_oob_helper+0x821/0x930 [ 11.184274] __asan_report_store1_noabort+0x1b/0x30 [ 11.184294] krealloc_more_oob_helper+0x821/0x930 [ 11.184315] ? __schedule+0x10cc/0x2b60 [ 11.184336] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.184360] ? finish_task_switch.isra.0+0x153/0x700 [ 11.184381] ? __switch_to+0x47/0xf50 [ 11.184407] ? __schedule+0x10cc/0x2b60 [ 11.184428] ? __pfx_read_tsc+0x10/0x10 [ 11.184451] krealloc_more_oob+0x1c/0x30 [ 11.184482] kunit_try_run_case+0x1a5/0x480 [ 11.184506] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.184527] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.184549] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.184571] ? __kthread_parkme+0x82/0x180 [ 11.184591] ? preempt_count_sub+0x50/0x80 [ 11.184613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.184636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.184657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.184680] kthread+0x337/0x6f0 [ 11.184699] ? trace_preempt_on+0x20/0xc0 [ 11.184722] ? __pfx_kthread+0x10/0x10 [ 11.184741] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.184761] ? calculate_sigpending+0x7b/0xa0 [ 11.184784] ? __pfx_kthread+0x10/0x10 [ 11.184805] ret_from_fork+0x116/0x1d0 [ 11.184822] ? __pfx_kthread+0x10/0x10 [ 11.184842] ret_from_fork_asm+0x1a/0x30 [ 11.184872] </TASK> [ 11.184884] [ 11.196079] Allocated by task 174: [ 11.196320] kasan_save_stack+0x45/0x70 [ 11.196517] kasan_save_track+0x18/0x40 [ 11.196712] kasan_save_alloc_info+0x3b/0x50 [ 11.197171] __kasan_krealloc+0x190/0x1f0 [ 11.197607] krealloc_noprof+0xf3/0x340 [ 11.197963] krealloc_more_oob_helper+0x1a9/0x930 [ 11.198448] krealloc_more_oob+0x1c/0x30 [ 11.198649] kunit_try_run_case+0x1a5/0x480 [ 11.199025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.199415] kthread+0x337/0x6f0 [ 11.199705] ret_from_fork+0x116/0x1d0 [ 11.199861] ret_from_fork_asm+0x1a/0x30 [ 11.200129] [ 11.200231] The buggy address belongs to the object at ffff888100ab4000 [ 11.200231] which belongs to the cache kmalloc-256 of size 256 [ 11.201103] The buggy address is located 0 bytes to the right of [ 11.201103] allocated 235-byte region [ffff888100ab4000, ffff888100ab40eb) [ 11.201929] [ 11.202133] The buggy address belongs to the physical page: [ 11.202589] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 11.202946] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.203245] flags: 0x200000000000040(head|node=0|zone=2) [ 11.203556] page_type: f5(slab) [ 11.203714] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.203999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.204362] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.204668] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.204962] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 11.205487] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.205832] page dumped because: kasan: bad access detected [ 11.206035] [ 11.206133] Memory state around the buggy address: [ 11.206350] ffff888100ab3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.206743] ffff888100ab4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.207021] >ffff888100ab4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.207301] ^ [ 11.207641] ffff888100ab4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.207953] ffff888100ab4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.208513] ================================================================== [ 11.400179] ================================================================== [ 11.401057] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.401872] Write of size 1 at addr ffff888102a260eb by task kunit_try_catch/178 [ 11.402340] [ 11.402432] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.402489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.402501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.402521] Call Trace: [ 11.402534] <TASK> [ 11.402549] dump_stack_lvl+0x73/0xb0 [ 11.402577] print_report+0xd1/0x650 [ 11.402598] ? __virt_addr_valid+0x1db/0x2d0 [ 11.402619] ? krealloc_more_oob_helper+0x821/0x930 [ 11.402641] ? kasan_addr_to_slab+0x11/0xa0 [ 11.402661] ? krealloc_more_oob_helper+0x821/0x930 [ 11.402695] kasan_report+0x141/0x180 [ 11.402717] ? krealloc_more_oob_helper+0x821/0x930 [ 11.402745] __asan_report_store1_noabort+0x1b/0x30 [ 11.402765] krealloc_more_oob_helper+0x821/0x930 [ 11.402787] ? __schedule+0x10cc/0x2b60 [ 11.402808] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.402832] ? finish_task_switch.isra.0+0x153/0x700 [ 11.402864] ? __switch_to+0x47/0xf50 [ 11.402888] ? __schedule+0x10cc/0x2b60 [ 11.402909] ? __pfx_read_tsc+0x10/0x10 [ 11.402944] krealloc_large_more_oob+0x1c/0x30 [ 11.402966] kunit_try_run_case+0x1a5/0x480 [ 11.402990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.403011] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.403033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.403055] ? __kthread_parkme+0x82/0x180 [ 11.403074] ? preempt_count_sub+0x50/0x80 [ 11.403097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.403120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.403142] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.403164] kthread+0x337/0x6f0 [ 11.403182] ? trace_preempt_on+0x20/0xc0 [ 11.403204] ? __pfx_kthread+0x10/0x10 [ 11.403224] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.403244] ? calculate_sigpending+0x7b/0xa0 [ 11.403266] ? __pfx_kthread+0x10/0x10 [ 11.403287] ret_from_fork+0x116/0x1d0 [ 11.403304] ? __pfx_kthread+0x10/0x10 [ 11.403324] ret_from_fork_asm+0x1a/0x30 [ 11.403353] </TASK> [ 11.403365] [ 11.413562] The buggy address belongs to the physical page: [ 11.413880] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a24 [ 11.414426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.414664] flags: 0x200000000000040(head|node=0|zone=2) [ 11.414866] page_type: f8(unknown) [ 11.415117] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.415433] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.415676] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.416024] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.416374] head: 0200000000000002 ffffea00040a8901 00000000ffffffff 00000000ffffffff [ 11.416632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.417008] page dumped because: kasan: bad access detected [ 11.417251] [ 11.417320] Memory state around the buggy address: [ 11.417608] ffff888102a25f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.418111] ffff888102a26000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.418445] >ffff888102a26080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.418712] ^ [ 11.419113] ffff888102a26100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.419482] ffff888102a26180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.419798] ================================================================== [ 11.208997] ================================================================== [ 11.209273] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.209791] Write of size 1 at addr ffff888100ab40f0 by task kunit_try_catch/174 [ 11.210349] [ 11.210450] CPU: 1 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.210506] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.210518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.210538] Call Trace: [ 11.210554] <TASK> [ 11.210569] dump_stack_lvl+0x73/0xb0 [ 11.210596] print_report+0xd1/0x650 [ 11.210618] ? __virt_addr_valid+0x1db/0x2d0 [ 11.210639] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.210661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.210682] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.210705] kasan_report+0x141/0x180 [ 11.210726] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.210754] __asan_report_store1_noabort+0x1b/0x30 [ 11.210774] krealloc_more_oob_helper+0x7eb/0x930 [ 11.210795] ? __schedule+0x10cc/0x2b60 [ 11.210817] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.210840] ? finish_task_switch.isra.0+0x153/0x700 [ 11.210860] ? __switch_to+0x47/0xf50 [ 11.210885] ? __schedule+0x10cc/0x2b60 [ 11.210905] ? __pfx_read_tsc+0x10/0x10 [ 11.210928] krealloc_more_oob+0x1c/0x30 [ 11.210948] kunit_try_run_case+0x1a5/0x480 [ 11.210971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.210992] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.211014] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.211035] ? __kthread_parkme+0x82/0x180 [ 11.211054] ? preempt_count_sub+0x50/0x80 [ 11.211076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.211098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.211119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.211141] kthread+0x337/0x6f0 [ 11.211159] ? trace_preempt_on+0x20/0xc0 [ 11.211181] ? __pfx_kthread+0x10/0x10 [ 11.211201] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.211221] ? calculate_sigpending+0x7b/0xa0 [ 11.211243] ? __pfx_kthread+0x10/0x10 [ 11.211263] ret_from_fork+0x116/0x1d0 [ 11.211281] ? __pfx_kthread+0x10/0x10 [ 11.211300] ret_from_fork_asm+0x1a/0x30 [ 11.211386] </TASK> [ 11.211400] [ 11.219875] Allocated by task 174: [ 11.220067] kasan_save_stack+0x45/0x70 [ 11.220356] kasan_save_track+0x18/0x40 [ 11.220597] kasan_save_alloc_info+0x3b/0x50 [ 11.220864] __kasan_krealloc+0x190/0x1f0 [ 11.221060] krealloc_noprof+0xf3/0x340 [ 11.221383] krealloc_more_oob_helper+0x1a9/0x930 [ 11.221604] krealloc_more_oob+0x1c/0x30 [ 11.221937] kunit_try_run_case+0x1a5/0x480 [ 11.222151] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.222520] kthread+0x337/0x6f0 [ 11.222713] ret_from_fork+0x116/0x1d0 [ 11.222874] ret_from_fork_asm+0x1a/0x30 [ 11.223012] [ 11.223084] The buggy address belongs to the object at ffff888100ab4000 [ 11.223084] which belongs to the cache kmalloc-256 of size 256 [ 11.223911] The buggy address is located 5 bytes to the right of [ 11.223911] allocated 235-byte region [ffff888100ab4000, ffff888100ab40eb) [ 11.224639] [ 11.224807] The buggy address belongs to the physical page: [ 11.225021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab4 [ 11.225887] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.226242] flags: 0x200000000000040(head|node=0|zone=2) [ 11.226435] page_type: f5(slab) [ 11.226610] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.228400] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.229089] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.229345] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.229599] head: 0200000000000001 ffffea000402ad01 00000000ffffffff 00000000ffffffff [ 11.229833] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.230067] page dumped because: kasan: bad access detected [ 11.230246] [ 11.230319] Memory state around the buggy address: [ 11.231784] ffff888100ab3f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.232960] ffff888100ab4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.234404] >ffff888100ab4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.234752] ^ [ 11.235489] ffff888100ab4100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.235793] ffff888100ab4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.236189] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 11.163336] ================================================================== [ 11.163949] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 11.164206] Read of size 1 at addr ffff888103980000 by task kunit_try_catch/172 [ 11.164581] [ 11.164687] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.164730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.164743] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.164766] Call Trace: [ 11.164779] <TASK> [ 11.164795] dump_stack_lvl+0x73/0xb0 [ 11.164833] print_report+0xd1/0x650 [ 11.164855] ? __virt_addr_valid+0x1db/0x2d0 [ 11.164877] ? page_alloc_uaf+0x356/0x3d0 [ 11.164898] ? kasan_addr_to_slab+0x11/0xa0 [ 11.164918] ? page_alloc_uaf+0x356/0x3d0 [ 11.164941] kasan_report+0x141/0x180 [ 11.164962] ? page_alloc_uaf+0x356/0x3d0 [ 11.164988] __asan_report_load1_noabort+0x18/0x20 [ 11.165012] page_alloc_uaf+0x356/0x3d0 [ 11.165033] ? __pfx_page_alloc_uaf+0x10/0x10 [ 11.165055] ? __schedule+0x10cc/0x2b60 [ 11.165076] ? __pfx_read_tsc+0x10/0x10 [ 11.165096] ? ktime_get_ts64+0x86/0x230 [ 11.165119] kunit_try_run_case+0x1a5/0x480 [ 11.165144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.165165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.165187] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.165210] ? __kthread_parkme+0x82/0x180 [ 11.165229] ? preempt_count_sub+0x50/0x80 [ 11.165252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.165274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.165296] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.165318] kthread+0x337/0x6f0 [ 11.165336] ? trace_preempt_on+0x20/0xc0 [ 11.165359] ? __pfx_kthread+0x10/0x10 [ 11.165385] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.165405] ? calculate_sigpending+0x7b/0xa0 [ 11.165428] ? __pfx_kthread+0x10/0x10 [ 11.165448] ret_from_fork+0x116/0x1d0 [ 11.165489] ? __pfx_kthread+0x10/0x10 [ 11.165509] ret_from_fork_asm+0x1a/0x30 [ 11.165538] </TASK> [ 11.165549] [ 11.173560] The buggy address belongs to the physical page: [ 11.173826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103980 [ 11.174187] flags: 0x200000000000000(node=0|zone=2) [ 11.174357] page_type: f0(buddy) [ 11.174492] raw: 0200000000000000 ffff88817fffb538 ffff88817fffb538 0000000000000000 [ 11.174770] raw: 0000000000000000 0000000000000007 00000000f0000000 0000000000000000 [ 11.175106] page dumped because: kasan: bad access detected [ 11.175370] [ 11.175480] Memory state around the buggy address: [ 11.175642] ffff88810397ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.176127] ffff88810397ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.176521] >ffff888103980000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.176813] ^ [ 11.176991] ffff888103980080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.177210] ffff888103980100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.177503] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 11.126268] ================================================================== [ 11.127424] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 11.127695] Free of addr ffff88810390c001 by task kunit_try_catch/168 [ 11.128292] [ 11.128408] CPU: 1 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.128478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.128490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.128521] Call Trace: [ 11.128533] <TASK> [ 11.128549] dump_stack_lvl+0x73/0xb0 [ 11.128576] print_report+0xd1/0x650 [ 11.128606] ? __virt_addr_valid+0x1db/0x2d0 [ 11.128628] ? kasan_addr_to_slab+0x11/0xa0 [ 11.128647] ? kfree+0x274/0x3f0 [ 11.128693] kasan_report_invalid_free+0x10a/0x130 [ 11.128718] ? kfree+0x274/0x3f0 [ 11.128741] ? kfree+0x274/0x3f0 [ 11.128761] __kasan_kfree_large+0x86/0xd0 [ 11.128782] free_large_kmalloc+0x4b/0x110 [ 11.128804] kfree+0x274/0x3f0 [ 11.128830] kmalloc_large_invalid_free+0x120/0x2b0 [ 11.128852] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 11.128875] ? __schedule+0x10cc/0x2b60 [ 11.128896] ? __pfx_read_tsc+0x10/0x10 [ 11.128916] ? ktime_get_ts64+0x86/0x230 [ 11.128939] kunit_try_run_case+0x1a5/0x480 [ 11.128962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.128983] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.129006] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.129028] ? __kthread_parkme+0x82/0x180 [ 11.129046] ? preempt_count_sub+0x50/0x80 [ 11.129069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.129091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.129113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.129134] kthread+0x337/0x6f0 [ 11.129153] ? trace_preempt_on+0x20/0xc0 [ 11.129174] ? __pfx_kthread+0x10/0x10 [ 11.129212] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.129233] ? calculate_sigpending+0x7b/0xa0 [ 11.129255] ? __pfx_kthread+0x10/0x10 [ 11.129276] ret_from_fork+0x116/0x1d0 [ 11.129293] ? __pfx_kthread+0x10/0x10 [ 11.129312] ret_from_fork_asm+0x1a/0x30 [ 11.129342] </TASK> [ 11.129353] [ 11.142898] The buggy address belongs to the physical page: [ 11.143388] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10390c [ 11.143654] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.144433] flags: 0x200000000000040(head|node=0|zone=2) [ 11.144993] page_type: f8(unknown) [ 11.145370] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.145790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.146517] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.147298] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.147802] head: 0200000000000002 ffffea00040e4301 00000000ffffffff 00000000ffffffff [ 11.148149] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.148833] page dumped because: kasan: bad access detected [ 11.149407] [ 11.149518] Memory state around the buggy address: [ 11.149914] ffff88810390bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.150134] ffff88810390bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.150887] >ffff88810390c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.151637] ^ [ 11.151992] ffff88810390c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.152674] ffff88810390c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.152949] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 11.103567] ================================================================== [ 11.104148] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 11.104599] Read of size 1 at addr ffff88810390c000 by task kunit_try_catch/166 [ 11.105072] [ 11.105197] CPU: 1 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.105240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.105252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.105272] Call Trace: [ 11.105284] <TASK> [ 11.105299] dump_stack_lvl+0x73/0xb0 [ 11.105327] print_report+0xd1/0x650 [ 11.105348] ? __virt_addr_valid+0x1db/0x2d0 [ 11.105370] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.105396] ? kasan_addr_to_slab+0x11/0xa0 [ 11.105416] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.105436] kasan_report+0x141/0x180 [ 11.105469] ? kmalloc_large_uaf+0x2f1/0x340 [ 11.105495] __asan_report_load1_noabort+0x18/0x20 [ 11.105518] kmalloc_large_uaf+0x2f1/0x340 [ 11.105538] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 11.105561] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 11.105585] kunit_try_run_case+0x1a5/0x480 [ 11.105609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.105629] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.105652] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.105674] ? __kthread_parkme+0x82/0x180 [ 11.105693] ? preempt_count_sub+0x50/0x80 [ 11.105715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.105738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.105759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.105781] kthread+0x337/0x6f0 [ 11.105799] ? trace_preempt_on+0x20/0xc0 [ 11.105821] ? __pfx_kthread+0x10/0x10 [ 11.105841] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.105861] ? calculate_sigpending+0x7b/0xa0 [ 11.105883] ? __pfx_kthread+0x10/0x10 [ 11.105904] ret_from_fork+0x116/0x1d0 [ 11.105921] ? __pfx_kthread+0x10/0x10 [ 11.105941] ret_from_fork_asm+0x1a/0x30 [ 11.105971] </TASK> [ 11.105981] [ 11.116695] The buggy address belongs to the physical page: [ 11.116939] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10390c [ 11.117635] flags: 0x200000000000000(node=0|zone=2) [ 11.118064] raw: 0200000000000000 ffffea00040e5208 ffff88815b139f80 0000000000000000 [ 11.118770] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 11.119094] page dumped because: kasan: bad access detected [ 11.119648] [ 11.119896] Memory state around the buggy address: [ 11.120121] ffff88810390bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.120816] ffff88810390bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.121138] >ffff88810390c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.121959] ^ [ 11.122161] ffff88810390c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.122609] ffff88810390c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 11.122909] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 11.079291] ================================================================== [ 11.079785] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 11.080106] Write of size 1 at addr ffff88810390e00a by task kunit_try_catch/164 [ 11.080425] [ 11.080572] CPU: 1 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.080614] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.080640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.080661] Call Trace: [ 11.080673] <TASK> [ 11.080688] dump_stack_lvl+0x73/0xb0 [ 11.080716] print_report+0xd1/0x650 [ 11.080738] ? __virt_addr_valid+0x1db/0x2d0 [ 11.080759] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.080780] ? kasan_addr_to_slab+0x11/0xa0 [ 11.080800] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.080822] kasan_report+0x141/0x180 [ 11.080843] ? kmalloc_large_oob_right+0x2e9/0x330 [ 11.080869] __asan_report_store1_noabort+0x1b/0x30 [ 11.080889] kmalloc_large_oob_right+0x2e9/0x330 [ 11.080910] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 11.080933] ? __schedule+0x10cc/0x2b60 [ 11.080954] ? __pfx_read_tsc+0x10/0x10 [ 11.080973] ? ktime_get_ts64+0x86/0x230 [ 11.080995] kunit_try_run_case+0x1a5/0x480 [ 11.081018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.081039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.081061] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.081083] ? __kthread_parkme+0x82/0x180 [ 11.081102] ? preempt_count_sub+0x50/0x80 [ 11.081124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.081148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.081169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.081204] kthread+0x337/0x6f0 [ 11.081223] ? trace_preempt_on+0x20/0xc0 [ 11.081245] ? __pfx_kthread+0x10/0x10 [ 11.081265] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.081285] ? calculate_sigpending+0x7b/0xa0 [ 11.081307] ? __pfx_kthread+0x10/0x10 [ 11.081328] ret_from_fork+0x116/0x1d0 [ 11.081345] ? __pfx_kthread+0x10/0x10 [ 11.081364] ret_from_fork_asm+0x1a/0x30 [ 11.081399] </TASK> [ 11.081410] [ 11.091555] The buggy address belongs to the physical page: [ 11.091822] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10390c [ 11.092150] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.092650] flags: 0x200000000000040(head|node=0|zone=2) [ 11.093078] page_type: f8(unknown) [ 11.093406] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.093898] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.094323] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.094912] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.095227] head: 0200000000000002 ffffea00040e4301 00000000ffffffff 00000000ffffffff [ 11.095523] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.096029] page dumped because: kasan: bad access detected [ 11.096501] [ 11.096740] Memory state around the buggy address: [ 11.097141] ffff88810390df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.097859] ffff88810390df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.098185] >ffff88810390e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.098880] ^ [ 11.099339] ffff88810390e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.099830] ffff88810390e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.100430] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 11.047200] ================================================================== [ 11.049109] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 11.049758] Write of size 1 at addr ffff888102a9df00 by task kunit_try_catch/162 [ 11.050883] [ 11.050989] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.051039] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.051052] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.051077] Call Trace: [ 11.051091] <TASK> [ 11.051109] dump_stack_lvl+0x73/0xb0 [ 11.051139] print_report+0xd1/0x650 [ 11.051162] ? __virt_addr_valid+0x1db/0x2d0 [ 11.051185] ? kmalloc_big_oob_right+0x316/0x370 [ 11.051207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.051229] ? kmalloc_big_oob_right+0x316/0x370 [ 11.051251] kasan_report+0x141/0x180 [ 11.051272] ? kmalloc_big_oob_right+0x316/0x370 [ 11.051299] __asan_report_store1_noabort+0x1b/0x30 [ 11.051320] kmalloc_big_oob_right+0x316/0x370 [ 11.051342] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 11.051365] ? __schedule+0x10cc/0x2b60 [ 11.051387] ? __pfx_read_tsc+0x10/0x10 [ 11.051408] ? ktime_get_ts64+0x86/0x230 [ 11.051432] kunit_try_run_case+0x1a5/0x480 [ 11.051561] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.051588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.051612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.051635] ? __kthread_parkme+0x82/0x180 [ 11.051655] ? preempt_count_sub+0x50/0x80 [ 11.051753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.051779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.051801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.051824] kthread+0x337/0x6f0 [ 11.051843] ? trace_preempt_on+0x20/0xc0 [ 11.051867] ? __pfx_kthread+0x10/0x10 [ 11.051887] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.051907] ? calculate_sigpending+0x7b/0xa0 [ 11.051931] ? __pfx_kthread+0x10/0x10 [ 11.051952] ret_from_fork+0x116/0x1d0 [ 11.051970] ? __pfx_kthread+0x10/0x10 [ 11.051990] ret_from_fork_asm+0x1a/0x30 [ 11.052020] </TASK> [ 11.052032] [ 11.063007] Allocated by task 162: [ 11.063540] kasan_save_stack+0x45/0x70 [ 11.063741] kasan_save_track+0x18/0x40 [ 11.063975] kasan_save_alloc_info+0x3b/0x50 [ 11.064476] __kasan_kmalloc+0xb7/0xc0 [ 11.064700] __kmalloc_cache_noprof+0x189/0x420 [ 11.064913] kmalloc_big_oob_right+0xa9/0x370 [ 11.065296] kunit_try_run_case+0x1a5/0x480 [ 11.065608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.065967] kthread+0x337/0x6f0 [ 11.066098] ret_from_fork+0x116/0x1d0 [ 11.066654] ret_from_fork_asm+0x1a/0x30 [ 11.066916] [ 11.066992] The buggy address belongs to the object at ffff888102a9c000 [ 11.066992] which belongs to the cache kmalloc-8k of size 8192 [ 11.067849] The buggy address is located 0 bytes to the right of [ 11.067849] allocated 7936-byte region [ffff888102a9c000, ffff888102a9df00) [ 11.068714] [ 11.068842] The buggy address belongs to the physical page: [ 11.069128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a98 [ 11.069708] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.070089] flags: 0x200000000000040(head|node=0|zone=2) [ 11.070399] page_type: f5(slab) [ 11.071010] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.071261] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.071521] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 11.072068] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 11.072439] head: 0200000000000003 ffffea00040aa601 00000000ffffffff 00000000ffffffff [ 11.072957] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.073226] page dumped because: kasan: bad access detected [ 11.073693] [ 11.073917] Memory state around the buggy address: [ 11.074134] ffff888102a9de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.074629] ffff888102a9de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.074900] >ffff888102a9df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.075356] ^ [ 11.075709] ffff888102a9df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.076081] ffff888102a9e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.076547] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 11.015375] ================================================================== [ 11.016015] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.016815] Write of size 1 at addr ffff8881031a0478 by task kunit_try_catch/160 [ 11.017585] [ 11.017759] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 11.017800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.017812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.017833] Call Trace: [ 11.017845] <TASK> [ 11.017860] dump_stack_lvl+0x73/0xb0 [ 11.017886] print_report+0xd1/0x650 [ 11.017907] ? __virt_addr_valid+0x1db/0x2d0 [ 11.017928] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.017951] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.017972] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.017996] kasan_report+0x141/0x180 [ 11.018017] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.018046] __asan_report_store1_noabort+0x1b/0x30 [ 11.018065] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.018089] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.018113] ? __schedule+0x10cc/0x2b60 [ 11.018134] ? __pfx_read_tsc+0x10/0x10 [ 11.018153] ? ktime_get_ts64+0x86/0x230 [ 11.018176] kunit_try_run_case+0x1a5/0x480 [ 11.018199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.018220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.018241] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.018262] ? __kthread_parkme+0x82/0x180 [ 11.018281] ? preempt_count_sub+0x50/0x80 [ 11.018303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.018338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.018359] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.018381] kthread+0x337/0x6f0 [ 11.018399] ? trace_preempt_on+0x20/0xc0 [ 11.018421] ? __pfx_kthread+0x10/0x10 [ 11.018441] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.018472] ? calculate_sigpending+0x7b/0xa0 [ 11.018494] ? __pfx_kthread+0x10/0x10 [ 11.018515] ret_from_fork+0x116/0x1d0 [ 11.018532] ? __pfx_kthread+0x10/0x10 [ 11.018552] ret_from_fork_asm+0x1a/0x30 [ 11.018581] </TASK> [ 11.018591] [ 11.029993] Allocated by task 160: [ 11.030133] kasan_save_stack+0x45/0x70 [ 11.030372] kasan_save_track+0x18/0x40 [ 11.030743] kasan_save_alloc_info+0x3b/0x50 [ 11.031128] __kasan_kmalloc+0xb7/0xc0 [ 11.031530] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.032099] kmalloc_track_caller_oob_right+0x19a/0x520 [ 11.032636] kunit_try_run_case+0x1a5/0x480 [ 11.033082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.033639] kthread+0x337/0x6f0 [ 11.034043] ret_from_fork+0x116/0x1d0 [ 11.034209] ret_from_fork_asm+0x1a/0x30 [ 11.034585] [ 11.034749] The buggy address belongs to the object at ffff8881031a0400 [ 11.034749] which belongs to the cache kmalloc-128 of size 128 [ 11.035697] The buggy address is located 0 bytes to the right of [ 11.035697] allocated 120-byte region [ffff8881031a0400, ffff8881031a0478) [ 11.036403] [ 11.036486] The buggy address belongs to the physical page: [ 11.037138] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 11.037450] flags: 0x200000000000000(node=0|zone=2) [ 11.038130] page_type: f5(slab) [ 11.038521] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.039484] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.040290] page dumped because: kasan: bad access detected [ 11.040511] [ 11.040583] Memory state around the buggy address: [ 11.040742] ffff8881031a0300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.041415] ffff8881031a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.042069] >ffff8881031a0400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.042769] ^ [ 11.043277] ffff8881031a0480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.043501] ffff8881031a0500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.043768] ================================================================== [ 10.984564] ================================================================== [ 10.985685] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.987151] Write of size 1 at addr ffff8881031a0378 by task kunit_try_catch/160 [ 10.987888] [ 10.988190] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.988240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.988252] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.988273] Call Trace: [ 10.988288] <TASK> [ 10.988305] dump_stack_lvl+0x73/0xb0 [ 10.988335] print_report+0xd1/0x650 [ 10.988356] ? __virt_addr_valid+0x1db/0x2d0 [ 10.988379] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988402] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.988423] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988447] kasan_report+0x141/0x180 [ 10.988481] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988509] __asan_report_store1_noabort+0x1b/0x30 [ 10.988529] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.988552] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.988576] ? __schedule+0x10cc/0x2b60 [ 10.988598] ? __pfx_read_tsc+0x10/0x10 [ 10.988618] ? ktime_get_ts64+0x86/0x230 [ 10.988643] kunit_try_run_case+0x1a5/0x480 [ 10.988668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.988689] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.988711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.988734] ? __kthread_parkme+0x82/0x180 [ 10.988754] ? preempt_count_sub+0x50/0x80 [ 10.988777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.988800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.988821] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.988842] kthread+0x337/0x6f0 [ 10.988861] ? trace_preempt_on+0x20/0xc0 [ 10.988883] ? __pfx_kthread+0x10/0x10 [ 10.988902] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.988922] ? calculate_sigpending+0x7b/0xa0 [ 10.988945] ? __pfx_kthread+0x10/0x10 [ 10.988965] ret_from_fork+0x116/0x1d0 [ 10.988982] ? __pfx_kthread+0x10/0x10 [ 10.989001] ret_from_fork_asm+0x1a/0x30 [ 10.989031] </TASK> [ 10.989041] [ 11.001636] Allocated by task 160: [ 11.001903] kasan_save_stack+0x45/0x70 [ 11.002296] kasan_save_track+0x18/0x40 [ 11.002777] kasan_save_alloc_info+0x3b/0x50 [ 11.003032] __kasan_kmalloc+0xb7/0xc0 [ 11.003164] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.003741] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.004232] kunit_try_run_case+0x1a5/0x480 [ 11.004617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.004913] kthread+0x337/0x6f0 [ 11.005275] ret_from_fork+0x116/0x1d0 [ 11.005634] ret_from_fork_asm+0x1a/0x30 [ 11.005835] [ 11.005907] The buggy address belongs to the object at ffff8881031a0300 [ 11.005907] which belongs to the cache kmalloc-128 of size 128 [ 11.006311] The buggy address is located 0 bytes to the right of [ 11.006311] allocated 120-byte region [ffff8881031a0300, ffff8881031a0378) [ 11.007555] [ 11.007719] The buggy address belongs to the physical page: [ 11.008244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 11.009032] flags: 0x200000000000000(node=0|zone=2) [ 11.009435] page_type: f5(slab) [ 11.009571] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.009872] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.010615] page dumped because: kasan: bad access detected [ 11.011108] [ 11.011297] Memory state around the buggy address: [ 11.011739] ffff8881031a0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.012446] ffff8881031a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.012673] >ffff8881031a0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.012879] ^ [ 11.013087] ffff8881031a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.013567] ffff8881031a0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.014249] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.948906] ================================================================== [ 10.949773] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.950518] Read of size 1 at addr ffff888102955000 by task kunit_try_catch/158 [ 10.951175] [ 10.951343] CPU: 1 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.951405] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.951417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.951438] Call Trace: [ 10.951472] <TASK> [ 10.951491] dump_stack_lvl+0x73/0xb0 [ 10.951521] print_report+0xd1/0x650 [ 10.951542] ? __virt_addr_valid+0x1db/0x2d0 [ 10.951574] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.951596] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.951617] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.951650] kasan_report+0x141/0x180 [ 10.951689] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.951716] __asan_report_load1_noabort+0x18/0x20 [ 10.951749] kmalloc_node_oob_right+0x369/0x3c0 [ 10.951772] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.951797] ? __schedule+0x10cc/0x2b60 [ 10.951830] ? __pfx_read_tsc+0x10/0x10 [ 10.951850] ? ktime_get_ts64+0x86/0x230 [ 10.951874] kunit_try_run_case+0x1a5/0x480 [ 10.951908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.951928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.951951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.951983] ? __kthread_parkme+0x82/0x180 [ 10.952003] ? preempt_count_sub+0x50/0x80 [ 10.952027] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.952049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.952070] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.952092] kthread+0x337/0x6f0 [ 10.952119] ? trace_preempt_on+0x20/0xc0 [ 10.952142] ? __pfx_kthread+0x10/0x10 [ 10.952162] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.952220] ? calculate_sigpending+0x7b/0xa0 [ 10.952253] ? __pfx_kthread+0x10/0x10 [ 10.952274] ret_from_fork+0x116/0x1d0 [ 10.952292] ? __pfx_kthread+0x10/0x10 [ 10.952311] ret_from_fork_asm+0x1a/0x30 [ 10.952341] </TASK> [ 10.952361] [ 10.964228] Allocated by task 158: [ 10.964586] kasan_save_stack+0x45/0x70 [ 10.965035] kasan_save_track+0x18/0x40 [ 10.965561] kasan_save_alloc_info+0x3b/0x50 [ 10.965874] __kasan_kmalloc+0xb7/0xc0 [ 10.966009] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.966180] kmalloc_node_oob_right+0xab/0x3c0 [ 10.966343] kunit_try_run_case+0x1a5/0x480 [ 10.966507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.966759] kthread+0x337/0x6f0 [ 10.966881] ret_from_fork+0x116/0x1d0 [ 10.967066] ret_from_fork_asm+0x1a/0x30 [ 10.967288] [ 10.967360] The buggy address belongs to the object at ffff888102954000 [ 10.967360] which belongs to the cache kmalloc-4k of size 4096 [ 10.968954] The buggy address is located 0 bytes to the right of [ 10.968954] allocated 4096-byte region [ffff888102954000, ffff888102955000) [ 10.969348] [ 10.969435] The buggy address belongs to the physical page: [ 10.969687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 10.970102] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.970338] flags: 0x200000000000040(head|node=0|zone=2) [ 10.972168] page_type: f5(slab) [ 10.973054] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.974389] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.975559] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.976174] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.976755] head: 0200000000000003 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 10.977589] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.978120] page dumped because: kasan: bad access detected [ 10.978320] [ 10.978565] Memory state around the buggy address: [ 10.979048] ffff888102954f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.979505] ffff888102954f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.979817] >ffff888102955000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.980201] ^ [ 10.980445] ffff888102955080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.980706] ffff888102955100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.981147] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.923522] ================================================================== [ 10.924009] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.924317] Read of size 1 at addr ffff888102251dbf by task kunit_try_catch/156 [ 10.924670] [ 10.924821] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.924863] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.924876] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.924899] Call Trace: [ 10.924911] <TASK> [ 10.924927] dump_stack_lvl+0x73/0xb0 [ 10.924954] print_report+0xd1/0x650 [ 10.924976] ? __virt_addr_valid+0x1db/0x2d0 [ 10.924997] ? kmalloc_oob_left+0x361/0x3c0 [ 10.925028] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.925049] ? kmalloc_oob_left+0x361/0x3c0 [ 10.925070] kasan_report+0x141/0x180 [ 10.925102] ? kmalloc_oob_left+0x361/0x3c0 [ 10.925128] __asan_report_load1_noabort+0x18/0x20 [ 10.925151] kmalloc_oob_left+0x361/0x3c0 [ 10.925172] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.925193] ? __schedule+0x10cc/0x2b60 [ 10.925214] ? __pfx_read_tsc+0x10/0x10 [ 10.925233] ? ktime_get_ts64+0x86/0x230 [ 10.925256] kunit_try_run_case+0x1a5/0x480 [ 10.925279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.925300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.925322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.925344] ? __kthread_parkme+0x82/0x180 [ 10.925364] ? preempt_count_sub+0x50/0x80 [ 10.925391] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.925414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.925436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.925468] kthread+0x337/0x6f0 [ 10.925487] ? trace_preempt_on+0x20/0xc0 [ 10.925509] ? __pfx_kthread+0x10/0x10 [ 10.925529] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.925549] ? calculate_sigpending+0x7b/0xa0 [ 10.925571] ? __pfx_kthread+0x10/0x10 [ 10.925592] ret_from_fork+0x116/0x1d0 [ 10.925609] ? __pfx_kthread+0x10/0x10 [ 10.925628] ret_from_fork_asm+0x1a/0x30 [ 10.925658] </TASK> [ 10.925668] [ 10.934206] Allocated by task 1: [ 10.934425] kasan_save_stack+0x45/0x70 [ 10.934765] kasan_save_track+0x18/0x40 [ 10.934917] kasan_save_alloc_info+0x3b/0x50 [ 10.935250] __kasan_kmalloc+0xb7/0xc0 [ 10.935523] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.935757] kvasprintf+0xc5/0x150 [ 10.936006] __kthread_create_on_node+0x18b/0x3a0 [ 10.936271] kthread_create_on_node+0xab/0xe0 [ 10.936484] create_worker+0x3e5/0x7b0 [ 10.936675] alloc_unbound_pwq+0x8ea/0xdb0 [ 10.936834] apply_wqattrs_prepare+0x332/0xd20 [ 10.937057] apply_workqueue_attrs_locked+0x4d/0xa0 [ 10.937271] alloc_workqueue+0xcc7/0x1ad0 [ 10.937844] latency_fsnotify_init+0x1b/0x50 [ 10.938110] do_one_initcall+0xd8/0x370 [ 10.938377] kernel_init_freeable+0x420/0x6f0 [ 10.938657] kernel_init+0x23/0x1e0 [ 10.938887] ret_from_fork+0x116/0x1d0 [ 10.939179] ret_from_fork_asm+0x1a/0x30 [ 10.939412] [ 10.939594] The buggy address belongs to the object at ffff888102251da0 [ 10.939594] which belongs to the cache kmalloc-16 of size 16 [ 10.940216] The buggy address is located 18 bytes to the right of [ 10.940216] allocated 13-byte region [ffff888102251da0, ffff888102251dad) [ 10.940783] [ 10.940951] The buggy address belongs to the physical page: [ 10.941238] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102251 [ 10.941681] flags: 0x200000000000000(node=0|zone=2) [ 10.941995] page_type: f5(slab) [ 10.942128] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.942582] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.942891] page dumped because: kasan: bad access detected [ 10.943136] [ 10.943215] Memory state around the buggy address: [ 10.943419] ffff888102251c80: 00 04 fc fc 00 00 fc fc 00 02 fc fc 00 02 fc fc [ 10.943996] ffff888102251d00: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 10.944284] >ffff888102251d80: fa fb fc fc 00 05 fc fc 00 07 fc fc fc fc fc fc [ 10.944665] ^ [ 10.944854] ffff888102251e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.945275] ffff888102251e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.945653] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.839792] ================================================================== [ 10.840916] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.841868] Write of size 1 at addr ffff8881031a0273 by task kunit_try_catch/154 [ 10.842818] [ 10.844006] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.844366] Tainted: [N]=TEST [ 10.844399] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.844732] Call Trace: [ 10.844799] <TASK> [ 10.844935] dump_stack_lvl+0x73/0xb0 [ 10.845020] print_report+0xd1/0x650 [ 10.845049] ? __virt_addr_valid+0x1db/0x2d0 [ 10.845073] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.845094] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.845116] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.845137] kasan_report+0x141/0x180 [ 10.845158] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.845184] __asan_report_store1_noabort+0x1b/0x30 [ 10.845204] kmalloc_oob_right+0x6f0/0x7f0 [ 10.845225] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.845247] ? __schedule+0x10cc/0x2b60 [ 10.845269] ? __pfx_read_tsc+0x10/0x10 [ 10.845290] ? ktime_get_ts64+0x86/0x230 [ 10.845316] kunit_try_run_case+0x1a5/0x480 [ 10.845342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.845364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.845396] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.845420] ? __kthread_parkme+0x82/0x180 [ 10.845442] ? preempt_count_sub+0x50/0x80 [ 10.845477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.845499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.845521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.845543] kthread+0x337/0x6f0 [ 10.845562] ? trace_preempt_on+0x20/0xc0 [ 10.845586] ? __pfx_kthread+0x10/0x10 [ 10.845605] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.845625] ? calculate_sigpending+0x7b/0xa0 [ 10.845650] ? __pfx_kthread+0x10/0x10 [ 10.845671] ret_from_fork+0x116/0x1d0 [ 10.845689] ? __pfx_kthread+0x10/0x10 [ 10.845708] ret_from_fork_asm+0x1a/0x30 [ 10.845760] </TASK> [ 10.845823] [ 10.856262] Allocated by task 154: [ 10.856657] kasan_save_stack+0x45/0x70 [ 10.856960] kasan_save_track+0x18/0x40 [ 10.857169] kasan_save_alloc_info+0x3b/0x50 [ 10.857586] __kasan_kmalloc+0xb7/0xc0 [ 10.857814] __kmalloc_cache_noprof+0x189/0x420 [ 10.858018] kmalloc_oob_right+0xa9/0x7f0 [ 10.858156] kunit_try_run_case+0x1a5/0x480 [ 10.858299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.858641] kthread+0x337/0x6f0 [ 10.858851] ret_from_fork+0x116/0x1d0 [ 10.859055] ret_from_fork_asm+0x1a/0x30 [ 10.859333] [ 10.859549] The buggy address belongs to the object at ffff8881031a0200 [ 10.859549] which belongs to the cache kmalloc-128 of size 128 [ 10.860116] The buggy address is located 0 bytes to the right of [ 10.860116] allocated 115-byte region [ffff8881031a0200, ffff8881031a0273) [ 10.861058] [ 10.861297] The buggy address belongs to the physical page: [ 10.863380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 10.864015] flags: 0x200000000000000(node=0|zone=2) [ 10.864710] page_type: f5(slab) [ 10.865325] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.865854] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.866233] page dumped because: kasan: bad access detected [ 10.866782] [ 10.866965] Memory state around the buggy address: [ 10.867548] ffff8881031a0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.867987] ffff8881031a0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.868423] >ffff8881031a0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.868764] ^ [ 10.869119] ffff8881031a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.869519] ffff8881031a0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.869979] ================================================================== [ 10.871322] ================================================================== [ 10.871712] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.872324] Write of size 1 at addr ffff8881031a0278 by task kunit_try_catch/154 [ 10.872709] [ 10.872827] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.872869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.872881] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.872912] Call Trace: [ 10.872924] <TASK> [ 10.872940] dump_stack_lvl+0x73/0xb0 [ 10.872967] print_report+0xd1/0x650 [ 10.873002] ? __virt_addr_valid+0x1db/0x2d0 [ 10.873023] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.873043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.873065] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.873086] kasan_report+0x141/0x180 [ 10.873117] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.873143] __asan_report_store1_noabort+0x1b/0x30 [ 10.873163] kmalloc_oob_right+0x6bd/0x7f0 [ 10.873196] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.873271] ? __schedule+0x10cc/0x2b60 [ 10.873294] ? __pfx_read_tsc+0x10/0x10 [ 10.873314] ? ktime_get_ts64+0x86/0x230 [ 10.873337] kunit_try_run_case+0x1a5/0x480 [ 10.873361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.873388] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.873409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.873432] ? __kthread_parkme+0x82/0x180 [ 10.873459] ? preempt_count_sub+0x50/0x80 [ 10.873482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.873505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.873527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.873549] kthread+0x337/0x6f0 [ 10.873568] ? trace_preempt_on+0x20/0xc0 [ 10.873590] ? __pfx_kthread+0x10/0x10 [ 10.873610] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.873630] ? calculate_sigpending+0x7b/0xa0 [ 10.873653] ? __pfx_kthread+0x10/0x10 [ 10.873674] ret_from_fork+0x116/0x1d0 [ 10.873691] ? __pfx_kthread+0x10/0x10 [ 10.873711] ret_from_fork_asm+0x1a/0x30 [ 10.873741] </TASK> [ 10.873752] [ 10.882232] Allocated by task 154: [ 10.882376] kasan_save_stack+0x45/0x70 [ 10.882589] kasan_save_track+0x18/0x40 [ 10.882997] kasan_save_alloc_info+0x3b/0x50 [ 10.883284] __kasan_kmalloc+0xb7/0xc0 [ 10.883480] __kmalloc_cache_noprof+0x189/0x420 [ 10.883743] kmalloc_oob_right+0xa9/0x7f0 [ 10.883883] kunit_try_run_case+0x1a5/0x480 [ 10.884027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.884196] kthread+0x337/0x6f0 [ 10.884327] ret_from_fork+0x116/0x1d0 [ 10.884722] ret_from_fork_asm+0x1a/0x30 [ 10.885008] [ 10.885139] The buggy address belongs to the object at ffff8881031a0200 [ 10.885139] which belongs to the cache kmalloc-128 of size 128 [ 10.886050] The buggy address is located 5 bytes to the right of [ 10.886050] allocated 115-byte region [ffff8881031a0200, ffff8881031a0273) [ 10.886619] [ 10.886696] The buggy address belongs to the physical page: [ 10.886960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 10.887371] flags: 0x200000000000000(node=0|zone=2) [ 10.888117] page_type: f5(slab) [ 10.888510] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.888921] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.889430] page dumped because: kasan: bad access detected [ 10.889626] [ 10.889714] Memory state around the buggy address: [ 10.890068] ffff8881031a0100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.890504] ffff8881031a0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.890837] >ffff8881031a0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.891283] ^ [ 10.891671] ffff8881031a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.891991] ffff8881031a0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.892492] ================================================================== [ 10.893060] ================================================================== [ 10.893543] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.893982] Read of size 1 at addr ffff8881031a0280 by task kunit_try_catch/154 [ 10.894410] [ 10.894534] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 10.894577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.894589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.894609] Call Trace: [ 10.894624] <TASK> [ 10.894639] dump_stack_lvl+0x73/0xb0 [ 10.894665] print_report+0xd1/0x650 [ 10.894686] ? __virt_addr_valid+0x1db/0x2d0 [ 10.894707] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.894727] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.894748] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.894769] kasan_report+0x141/0x180 [ 10.894790] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.894816] __asan_report_load1_noabort+0x18/0x20 [ 10.894839] kmalloc_oob_right+0x68a/0x7f0 [ 10.894860] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.894881] ? __schedule+0x10cc/0x2b60 [ 10.894902] ? __pfx_read_tsc+0x10/0x10 [ 10.894922] ? ktime_get_ts64+0x86/0x230 [ 10.894944] kunit_try_run_case+0x1a5/0x480 [ 10.894967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.894988] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.895010] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.895031] ? __kthread_parkme+0x82/0x180 [ 10.895090] ? preempt_count_sub+0x50/0x80 [ 10.895113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.895135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.895169] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.895190] kthread+0x337/0x6f0 [ 10.895209] ? trace_preempt_on+0x20/0xc0 [ 10.895231] ? __pfx_kthread+0x10/0x10 [ 10.895251] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.895271] ? calculate_sigpending+0x7b/0xa0 [ 10.895293] ? __pfx_kthread+0x10/0x10 [ 10.895314] ret_from_fork+0x116/0x1d0 [ 10.895331] ? __pfx_kthread+0x10/0x10 [ 10.895351] ret_from_fork_asm+0x1a/0x30 [ 10.895380] </TASK> [ 10.895399] [ 10.906083] Allocated by task 154: [ 10.906571] kasan_save_stack+0x45/0x70 [ 10.907073] kasan_save_track+0x18/0x40 [ 10.907521] kasan_save_alloc_info+0x3b/0x50 [ 10.907997] __kasan_kmalloc+0xb7/0xc0 [ 10.908373] __kmalloc_cache_noprof+0x189/0x420 [ 10.908616] kmalloc_oob_right+0xa9/0x7f0 [ 10.908915] kunit_try_run_case+0x1a5/0x480 [ 10.909667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.909932] kthread+0x337/0x6f0 [ 10.910091] ret_from_fork+0x116/0x1d0 [ 10.910611] ret_from_fork_asm+0x1a/0x30 [ 10.910895] [ 10.911131] The buggy address belongs to the object at ffff8881031a0200 [ 10.911131] which belongs to the cache kmalloc-128 of size 128 [ 10.912017] The buggy address is located 13 bytes to the right of [ 10.912017] allocated 115-byte region [ffff8881031a0200, ffff8881031a0273) [ 10.913067] [ 10.913366] The buggy address belongs to the physical page: [ 10.913647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1031a0 [ 10.914184] flags: 0x200000000000000(node=0|zone=2) [ 10.914402] page_type: f5(slab) [ 10.914878] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.915321] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.915855] page dumped because: kasan: bad access detected [ 10.916103] [ 10.916387] Memory state around the buggy address: [ 10.916614] ffff8881031a0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.917221] ffff8881031a0200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.918081] >ffff8881031a0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.918532] ^ [ 10.918842] ffff8881031a0300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.919504] ffff8881031a0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.920191] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 145.603390] WARNING: CPU: 0 PID: 2765 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 145.603933] Modules linked in: [ 145.604135] CPU: 0 UID: 0 PID: 2765 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 145.604847] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.605795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.606177] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 145.606581] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.607650] RSP: 0000:ffff8881097f7c78 EFLAGS: 00010286 [ 145.607943] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 145.608297] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffbc032ebc [ 145.608763] RBP: ffff8881097f7ca0 R08: 0000000000000000 R09: ffffed10208977a0 [ 145.609134] R10: ffff8881044bbd07 R11: 0000000000000000 R12: ffffffffbc032ea8 [ 145.609629] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881097f7d38 [ 145.610054] FS: 0000000000000000(0000) GS:ffff88819d074000(0000) knlGS:0000000000000000 [ 145.610423] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.610699] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 145.610980] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050442 [ 145.611444] DR3: ffffffffbe050443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.611747] Call Trace: [ 145.611915] <TASK> [ 145.612036] drm_test_rect_calc_vscale+0x108/0x270 [ 145.612333] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 145.612561] ? __schedule+0x10cc/0x2b60 [ 145.612927] ? __pfx_read_tsc+0x10/0x10 [ 145.613143] ? ktime_get_ts64+0x86/0x230 [ 145.613332] kunit_try_run_case+0x1a5/0x480 [ 145.613613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.613928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.614124] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.614332] ? __kthread_parkme+0x82/0x180 [ 145.614611] ? preempt_count_sub+0x50/0x80 [ 145.615046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.615289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.615733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.616044] kthread+0x337/0x6f0 [ 145.616279] ? trace_preempt_on+0x20/0xc0 [ 145.616543] ? __pfx_kthread+0x10/0x10 [ 145.616793] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.617018] ? calculate_sigpending+0x7b/0xa0 [ 145.617386] ? __pfx_kthread+0x10/0x10 [ 145.617617] ret_from_fork+0x116/0x1d0 [ 145.617838] ? __pfx_kthread+0x10/0x10 [ 145.618064] ret_from_fork_asm+0x1a/0x30 [ 145.618442] </TASK> [ 145.618620] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 145.622712] WARNING: CPU: 1 PID: 2767 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 145.623147] Modules linked in: [ 145.623554] CPU: 1 UID: 0 PID: 2767 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 145.624006] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.624385] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.624837] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 145.625076] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.627771] RSP: 0000:ffff888109637c78 EFLAGS: 00010286 [ 145.627980] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 145.628199] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffbc032ef4 [ 145.628414] RBP: ffff888109637ca0 R08: 0000000000000000 R09: ffffed1020623340 [ 145.629416] R10: ffff888103119a07 R11: 0000000000000000 R12: ffffffffbc032ee0 [ 145.630008] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888109637d38 [ 145.630396] FS: 0000000000000000(0000) GS:ffff88819d174000(0000) knlGS:0000000000000000 [ 145.630655] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.631040] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 145.631765] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050443 [ 145.632407] DR3: ffffffffbe050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.632646] Call Trace: [ 145.632751] <TASK> [ 145.632853] drm_test_rect_calc_vscale+0x108/0x270 [ 145.633031] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 145.633209] ? __schedule+0x10cc/0x2b60 [ 145.633353] ? __pfx_read_tsc+0x10/0x10 [ 145.634098] ? ktime_get_ts64+0x86/0x230 [ 145.634437] kunit_try_run_case+0x1a5/0x480 [ 145.634965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.635431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.636080] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.636673] ? __kthread_parkme+0x82/0x180 [ 145.636919] ? preempt_count_sub+0x50/0x80 [ 145.637405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.638015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.638221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.638794] kthread+0x337/0x6f0 [ 145.638943] ? trace_preempt_on+0x20/0xc0 [ 145.639099] ? __pfx_kthread+0x10/0x10 [ 145.639239] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.639538] ? calculate_sigpending+0x7b/0xa0 [ 145.639811] ? __pfx_kthread+0x10/0x10 [ 145.640061] ret_from_fork+0x116/0x1d0 [ 145.640652] ? __pfx_kthread+0x10/0x10 [ 145.640844] ret_from_fork_asm+0x1a/0x30 [ 145.641054] </TASK> [ 145.641179] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 145.551850] WARNING: CPU: 1 PID: 2753 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 145.552570] Modules linked in: [ 145.552987] CPU: 1 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 145.553430] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.554008] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.555009] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 145.555650] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.556670] RSP: 0000:ffff888109b87c78 EFLAGS: 00010286 [ 145.557142] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 145.557946] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffbc032ec0 [ 145.558580] RBP: ffff888109b87ca0 R08: 0000000000000000 R09: ffffed1020897700 [ 145.559063] R10: ffff8881044bb807 R11: 0000000000000000 R12: ffffffffbc032ea8 [ 145.560037] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888109b87d38 [ 145.560620] FS: 0000000000000000(0000) GS:ffff88819d174000(0000) knlGS:0000000000000000 [ 145.561228] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.561661] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 145.561877] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050443 [ 145.562092] DR3: ffffffffbe050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.562328] Call Trace: [ 145.562527] <TASK> [ 145.562677] drm_test_rect_calc_hscale+0x108/0x270 [ 145.562910] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 145.563117] ? __schedule+0x10cc/0x2b60 [ 145.563548] ? __pfx_read_tsc+0x10/0x10 [ 145.563703] ? ktime_get_ts64+0x86/0x230 [ 145.564119] kunit_try_run_case+0x1a5/0x480 [ 145.564286] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.564538] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.564836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.565561] ? __kthread_parkme+0x82/0x180 [ 145.565814] ? preempt_count_sub+0x50/0x80 [ 145.566021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.566495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.566770] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.567035] kthread+0x337/0x6f0 [ 145.567197] ? trace_preempt_on+0x20/0xc0 [ 145.568548] ? __pfx_kthread+0x10/0x10 [ 145.568732] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.568929] ? calculate_sigpending+0x7b/0xa0 [ 145.569146] ? __pfx_kthread+0x10/0x10 [ 145.569684] ret_from_fork+0x116/0x1d0 [ 145.569887] ? __pfx_kthread+0x10/0x10 [ 145.570036] ret_from_fork_asm+0x1a/0x30 [ 145.570500] </TASK> [ 145.570718] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 145.573048] WARNING: CPU: 1 PID: 2755 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 145.573341] Modules linked in: [ 145.573662] CPU: 1 UID: 0 PID: 2755 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 145.574023] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.574199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.575058] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 145.575869] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b cf 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.577495] RSP: 0000:ffff888109717c78 EFLAGS: 00010286 [ 145.577827] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 145.578539] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffbc032ef8 [ 145.578756] RBP: ffff888109717ca0 R08: 0000000000000000 R09: ffffed1020623280 [ 145.579529] R10: ffff888103119407 R11: 0000000000000000 R12: ffffffffbc032ee0 [ 145.580331] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888109717d38 [ 145.581026] FS: 0000000000000000(0000) GS:ffff88819d174000(0000) knlGS:0000000000000000 [ 145.581574] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.581785] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 145.581994] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050443 [ 145.582256] DR3: ffffffffbe050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.582550] Call Trace: [ 145.582771] <TASK> [ 145.583274] drm_test_rect_calc_hscale+0x108/0x270 [ 145.583492] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 145.583669] ? __schedule+0x10cc/0x2b60 [ 145.583809] ? __pfx_read_tsc+0x10/0x10 [ 145.583946] ? ktime_get_ts64+0x86/0x230 [ 145.584091] kunit_try_run_case+0x1a5/0x480 [ 145.584243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.584471] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.584700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.585078] ? __kthread_parkme+0x82/0x180 [ 145.585222] ? preempt_count_sub+0x50/0x80 [ 145.585487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.585867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.586099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.586658] kthread+0x337/0x6f0 [ 145.586828] ? trace_preempt_on+0x20/0xc0 [ 145.587025] ? __pfx_kthread+0x10/0x10 [ 145.587612] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.587872] ? calculate_sigpending+0x7b/0xa0 [ 145.588053] ? __pfx_kthread+0x10/0x10 [ 145.588380] ret_from_fork+0x116/0x1d0 [ 145.588735] ? __pfx_kthread+0x10/0x10 [ 145.589119] ret_from_fork_asm+0x1a/0x30 [ 145.589349] </TASK> [ 145.589810] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 144.952515] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 144.952622] WARNING: CPU: 0 PID: 2570 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 144.953832] Modules linked in: [ 144.954420] CPU: 0 UID: 0 PID: 2570 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 144.954920] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 144.955409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 144.955971] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 144.956623] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 6d 1d 80 00 48 c7 c1 a0 7d fe bb 4c 89 f2 48 c7 c7 60 7a fe bb 48 89 c6 e8 a4 d2 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 144.957723] RSP: 0000:ffff88810955fd18 EFLAGS: 00010286 [ 144.957981] RAX: 0000000000000000 RBX: ffff888108a3d400 RCX: 1ffffffff79a4c80 [ 144.958375] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 144.958740] RBP: ffff88810955fd48 R08: 0000000000000000 R09: fffffbfff79a4c80 [ 144.959038] R10: 0000000000000003 R11: 0000000000039198 R12: ffff8881095d9800 [ 144.959474] R13: ffff888108a3d4f8 R14: ffff88810863bd80 R15: ffff88810039fb40 [ 144.959790] FS: 0000000000000000(0000) GS:ffff88819d074000(0000) knlGS:0000000000000000 [ 144.960338] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.960659] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 144.961005] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050442 [ 144.961438] DR3: ffffffffbe050443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 144.961803] Call Trace: [ 144.961908] <TASK> [ 144.962133] ? trace_preempt_on+0x20/0xc0 [ 144.962509] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 144.962845] drm_gem_shmem_free_wrapper+0x12/0x20 [ 144.963075] __kunit_action_free+0x57/0x70 [ 144.963403] kunit_remove_resource+0x133/0x200 [ 144.963608] ? preempt_count_sub+0x50/0x80 [ 144.963924] kunit_cleanup+0x7a/0x120 [ 144.964098] kunit_try_run_case_cleanup+0xbd/0xf0 [ 144.964289] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 144.964637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 144.965023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 144.965343] kthread+0x337/0x6f0 [ 144.965548] ? trace_preempt_on+0x20/0xc0 [ 144.965811] ? __pfx_kthread+0x10/0x10 [ 144.965971] ? _raw_spin_unlock_irq+0x47/0x80 [ 144.966319] ? calculate_sigpending+0x7b/0xa0 [ 144.966566] ? __pfx_kthread+0x10/0x10 [ 144.966817] ret_from_fork+0x116/0x1d0 [ 144.966972] ? __pfx_kthread+0x10/0x10 [ 144.967215] ret_from_fork_asm+0x1a/0x30 [ 144.967434] </TASK> [ 144.967760] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 144.821051] WARNING: CPU: 1 PID: 2551 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 144.821587] Modules linked in: [ 144.821873] CPU: 1 UID: 0 PID: 2551 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 144.822590] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 144.822873] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 144.823348] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 144.823591] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 144.824906] RSP: 0000:ffff888109307b30 EFLAGS: 00010246 [ 144.825475] RAX: dffffc0000000000 RBX: ffff888109307c28 RCX: 0000000000000000 [ 144.825701] RDX: 1ffff11021260f8e RSI: ffff888109307c28 RDI: ffff888109307c70 [ 144.825908] RBP: ffff888109307b70 R08: ffff888109543000 R09: ffffffffbbfd80e0 [ 144.826112] R10: 0000000000000003 R11: 00000000ff30d81d R12: ffff888109543000 [ 144.826488] R13: ffff88810039fae8 R14: ffff888109307ba8 R15: 0000000000000000 [ 144.826877] FS: 0000000000000000(0000) GS:ffff88819d174000(0000) knlGS:0000000000000000 [ 144.827257] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.827609] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 144.827981] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050443 [ 144.828267] DR3: ffffffffbe050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 144.828861] Call Trace: [ 144.828991] <TASK> [ 144.829127] ? add_dr+0xc1/0x1d0 [ 144.829422] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 144.829918] ? add_dr+0x148/0x1d0 [ 144.830117] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 144.830583] ? __drmm_add_action+0x1a4/0x280 [ 144.830852] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 144.831131] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 144.831549] ? __drmm_add_action_or_reset+0x22/0x50 [ 144.831765] ? __schedule+0x10cc/0x2b60 [ 144.831975] ? __pfx_read_tsc+0x10/0x10 [ 144.832156] ? ktime_get_ts64+0x86/0x230 [ 144.832540] kunit_try_run_case+0x1a5/0x480 [ 144.832828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 144.833008] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 144.833271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 144.833611] ? __kthread_parkme+0x82/0x180 [ 144.833926] ? preempt_count_sub+0x50/0x80 [ 144.834116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 144.834322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 144.834630] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 144.834914] kthread+0x337/0x6f0 [ 144.835156] ? trace_preempt_on+0x20/0xc0 [ 144.835469] ? __pfx_kthread+0x10/0x10 [ 144.835774] ? _raw_spin_unlock_irq+0x47/0x80 [ 144.836384] ? calculate_sigpending+0x7b/0xa0 [ 144.836999] ? __pfx_kthread+0x10/0x10 [ 144.837428] ret_from_fork+0x116/0x1d0 [ 144.837613] ? __pfx_kthread+0x10/0x10 [ 144.837969] ret_from_fork_asm+0x1a/0x30 [ 144.838476] </TASK> [ 144.838629] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 144.788670] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 144.788804] WARNING: CPU: 0 PID: 2547 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 144.790728] Modules linked in: [ 144.791321] CPU: 0 UID: 0 PID: 2547 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 144.792500] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 144.792921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 144.793488] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 144.793746] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 3b 3a 87 00 48 c7 c1 c0 2f fd bb 4c 89 fa 48 c7 c7 20 30 fd bb 48 89 c6 e8 72 ef 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 144.794599] RSP: 0000:ffff888109307b68 EFLAGS: 00010282 [ 144.794874] RAX: 0000000000000000 RBX: ffff888109307c40 RCX: 1ffffffff79a4c80 [ 144.795157] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 144.795442] RBP: ffff888109307b90 R08: 0000000000000000 R09: fffffbfff79a4c80 [ 144.795806] R10: 0000000000000003 R11: 00000000000377c8 R12: ffff888109307c18 [ 144.796083] R13: ffff888108f22800 R14: ffff88810908c000 R15: ffff888107ee7380 [ 144.796532] FS: 0000000000000000(0000) GS:ffff88819d074000(0000) knlGS:0000000000000000 [ 144.796836] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 144.797084] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 144.797544] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050442 [ 144.797876] DR3: ffffffffbe050443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 144.798130] Call Trace: [ 144.798390] <TASK> [ 144.798556] drm_test_framebuffer_free+0x1ab/0x610 [ 144.798760] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 144.799074] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 144.799400] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 144.799667] ? __drmm_add_action_or_reset+0x22/0x50 [ 144.799898] ? __schedule+0x10cc/0x2b60 [ 144.800092] ? __pfx_read_tsc+0x10/0x10 [ 144.800429] ? ktime_get_ts64+0x86/0x230 [ 144.800641] kunit_try_run_case+0x1a5/0x480 [ 144.800838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 144.801086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 144.801560] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 144.801832] ? __kthread_parkme+0x82/0x180 [ 144.802018] ? preempt_count_sub+0x50/0x80 [ 144.802207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 144.802516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 144.802971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 144.803297] kthread+0x337/0x6f0 [ 144.803826] ? trace_preempt_on+0x20/0xc0 [ 144.804084] ? __pfx_kthread+0x10/0x10 [ 144.804259] ? _raw_spin_unlock_irq+0x47/0x80 [ 144.804573] ? calculate_sigpending+0x7b/0xa0 [ 144.804817] ? __pfx_kthread+0x10/0x10 [ 144.805097] ret_from_fork+0x116/0x1d0 [ 144.805445] ? __pfx_kthread+0x10/0x10 [ 144.805671] ret_from_fork_asm+0x1a/0x30 [ 144.805872] </TASK> [ 144.806000] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 143.567339] WARNING: CPU: 1 PID: 1985 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 143.567992] Modules linked in: [ 143.568280] CPU: 1 UID: 0 PID: 1985 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 143.568955] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 143.569212] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 143.569655] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 143.569973] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 18 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 143.570744] RSP: 0000:ffff888101bffc90 EFLAGS: 00010246 [ 143.570980] RAX: dffffc0000000000 RBX: ffff8881084c8000 RCX: 0000000000000000 [ 143.571666] RDX: 1ffff11021099032 RSI: ffffffffb9204648 RDI: ffff8881084c8190 [ 143.572004] RBP: ffff888101bffca0 R08: 1ffff11020073f69 R09: ffffed102037ff65 [ 143.572512] R10: 0000000000000003 R11: ffffffffb8786fa8 R12: 0000000000000000 [ 143.573079] R13: ffff888101bffd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 143.573726] FS: 0000000000000000(0000) GS:ffff88819d174000(0000) knlGS:0000000000000000 [ 143.574594] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.574901] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 143.575127] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050443 [ 143.575720] DR3: ffffffffbe050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 143.576409] Call Trace: [ 143.576710] <TASK> [ 143.576973] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 143.577694] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 143.577943] ? __schedule+0x10cc/0x2b60 [ 143.578098] ? __pfx_read_tsc+0x10/0x10 [ 143.578388] ? ktime_get_ts64+0x86/0x230 [ 143.578777] kunit_try_run_case+0x1a5/0x480 [ 143.579285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.579746] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 143.580159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 143.580696] ? __kthread_parkme+0x82/0x180 [ 143.581094] ? preempt_count_sub+0x50/0x80 [ 143.581566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.581970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 143.582160] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 143.582756] kthread+0x337/0x6f0 [ 143.583177] ? trace_preempt_on+0x20/0xc0 [ 143.583622] ? __pfx_kthread+0x10/0x10 [ 143.584038] ? _raw_spin_unlock_irq+0x47/0x80 [ 143.584347] ? calculate_sigpending+0x7b/0xa0 [ 143.584531] ? __pfx_kthread+0x10/0x10 [ 143.584677] ret_from_fork+0x116/0x1d0 [ 143.584819] ? __pfx_kthread+0x10/0x10 [ 143.584962] ret_from_fork_asm+0x1a/0x30 [ 143.585120] </TASK> [ 143.585232] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 143.486935] WARNING: CPU: 0 PID: 1977 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 143.487965] Modules linked in: [ 143.488134] CPU: 0 UID: 0 PID: 1977 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 143.489322] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 143.489806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 143.490068] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 143.490296] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 18 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 143.491364] RSP: 0000:ffff8881084e7c90 EFLAGS: 00010246 [ 143.491648] RAX: dffffc0000000000 RBX: ffff8881084b0000 RCX: 0000000000000000 [ 143.492090] RDX: 1ffff11021096032 RSI: ffffffffb9204648 RDI: ffff8881084b0190 [ 143.493474] RBP: ffff8881084e7ca0 R08: 1ffff11020073f69 R09: ffffed102109cf65 [ 143.493859] R10: 0000000000000003 R11: ffffffffb8786fa8 R12: 0000000000000000 [ 143.494158] R13: ffff8881084e7d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 143.495114] FS: 0000000000000000(0000) GS:ffff88819d074000(0000) knlGS:0000000000000000 [ 143.495788] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.496042] CR2: 00007ffff7ffe000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 143.496861] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050442 [ 143.497709] DR3: ffffffffbe050443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 143.498082] Call Trace: [ 143.498643] <TASK> [ 143.498911] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 143.499451] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 143.499817] ? __schedule+0x10cc/0x2b60 [ 143.499984] ? __pfx_read_tsc+0x10/0x10 [ 143.500185] ? ktime_get_ts64+0x86/0x230 [ 143.500499] kunit_try_run_case+0x1a5/0x480 [ 143.500762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.500970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 143.501190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 143.501448] ? __kthread_parkme+0x82/0x180 [ 143.501673] ? preempt_count_sub+0x50/0x80 [ 143.501941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.502108] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 143.502608] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 143.502939] kthread+0x337/0x6f0 [ 143.503084] ? trace_preempt_on+0x20/0xc0 [ 143.503345] ? __pfx_kthread+0x10/0x10 [ 143.503565] ? _raw_spin_unlock_irq+0x47/0x80 [ 143.503726] ? calculate_sigpending+0x7b/0xa0 [ 143.503899] ? __pfx_kthread+0x10/0x10 [ 143.504099] ret_from_fork+0x116/0x1d0 [ 143.504383] ? __pfx_kthread+0x10/0x10 [ 143.504605] ret_from_fork_asm+0x1a/0x30 [ 143.504935] </TASK> [ 143.505045] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 113.081757] WARNING: CPU: 1 PID: 675 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 113.082024] Modules linked in: [ 113.082757] CPU: 1 UID: 0 PID: 675 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 113.084396] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 113.085318] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 113.085952] RIP: 0010:intlog10+0x2a/0x40 [ 113.086113] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 113.087728] RSP: 0000:ffff88810a41fcb0 EFLAGS: 00010246 [ 113.087931] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021483fb4 [ 113.088165] RDX: 1ffffffff77d2c94 RSI: 1ffff11021483fb3 RDI: 0000000000000000 [ 113.088795] RBP: ffff88810a41fd60 R08: 0000000000000000 R09: ffffed102039fc60 [ 113.089369] R10: ffff888101cfe307 R11: 0000000000000000 R12: 1ffff11021483f97 [ 113.089969] R13: ffffffffbbe964a0 R14: 0000000000000000 R15: ffff88810a41fd38 [ 113.090339] FS: 0000000000000000(0000) GS:ffff88819d174000(0000) knlGS:0000000000000000 [ 113.090681] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.090936] CR2: dffffc0000000000 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 113.091230] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050443 [ 113.091626] DR3: ffffffffbe050445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 113.091912] Call Trace: [ 113.092115] <TASK> [ 113.092377] ? intlog10_test+0xf2/0x220 [ 113.092616] ? __pfx_intlog10_test+0x10/0x10 [ 113.092789] ? __schedule+0x10cc/0x2b60 [ 113.092994] ? __pfx_read_tsc+0x10/0x10 [ 113.093163] ? ktime_get_ts64+0x86/0x230 [ 113.093396] kunit_try_run_case+0x1a5/0x480 [ 113.093642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.093851] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 113.094153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 113.094417] ? __kthread_parkme+0x82/0x180 [ 113.094617] ? preempt_count_sub+0x50/0x80 [ 113.094832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.095050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 113.095303] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 113.095509] kthread+0x337/0x6f0 [ 113.095711] ? trace_preempt_on+0x20/0xc0 [ 113.096003] ? __pfx_kthread+0x10/0x10 [ 113.096339] ? _raw_spin_unlock_irq+0x47/0x80 [ 113.096547] ? calculate_sigpending+0x7b/0xa0 [ 113.096858] ? __pfx_kthread+0x10/0x10 [ 113.097020] ret_from_fork+0x116/0x1d0 [ 113.097191] ? __pfx_kthread+0x10/0x10 [ 113.097444] ret_from_fork_asm+0x1a/0x30 [ 113.097638] </TASK> [ 113.097829] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 113.032135] WARNING: CPU: 0 PID: 657 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 113.033829] Modules linked in: [ 113.034566] CPU: 0 UID: 0 PID: 657 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc4 #1 PREEMPT(voluntary) [ 113.035428] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 113.035604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 113.035868] RIP: 0010:intlog2+0xdf/0x110 [ 113.036028] Code: e9 bb c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 e9 17 9c 86 02 89 45 e4 e8 0f 10 56 ff 8b 45 e4 eb [ 113.036934] RSP: 0000:ffff88810a377cb0 EFLAGS: 00010246 [ 113.037891] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff1102146efb4 [ 113.038797] RDX: 1ffffffff77d2ce8 RSI: 1ffff1102146efb3 RDI: 0000000000000000 [ 113.039564] RBP: ffff88810a377d60 R08: 0000000000000000 R09: ffffed102039f160 [ 113.040544] R10: ffff888101cf8b07 R11: 0000000000000000 R12: 1ffff1102146ef97 [ 113.041490] R13: ffffffffbbe96740 R14: 0000000000000000 R15: ffff88810a377d38 [ 113.042433] FS: 0000000000000000(0000) GS:ffff88819d074000(0000) knlGS:0000000000000000 [ 113.043154] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.043745] CR2: ffff88815a91efe0 CR3: 00000000394bc000 CR4: 00000000000006f0 [ 113.044110] DR0: ffffffffbe050440 DR1: ffffffffbe050441 DR2: ffffffffbe050442 [ 113.044599] DR3: ffffffffbe050443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 113.045306] Call Trace: [ 113.045549] <TASK> [ 113.045776] ? intlog2_test+0xf2/0x220 [ 113.046077] ? __pfx_intlog2_test+0x10/0x10 [ 113.046625] ? __schedule+0x10cc/0x2b60 [ 113.046998] ? __pfx_read_tsc+0x10/0x10 [ 113.047150] ? ktime_get_ts64+0x86/0x230 [ 113.047450] kunit_try_run_case+0x1a5/0x480 [ 113.047952] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.048451] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 113.048974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 113.049154] ? __kthread_parkme+0x82/0x180 [ 113.049629] ? preempt_count_sub+0x50/0x80 [ 113.050082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.050700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 113.050895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 113.051091] kthread+0x337/0x6f0 [ 113.051291] ? trace_preempt_on+0x20/0xc0 [ 113.051703] ? __pfx_kthread+0x10/0x10 [ 113.052086] ? _raw_spin_unlock_irq+0x47/0x80 [ 113.052620] ? calculate_sigpending+0x7b/0xa0 [ 113.053069] ? __pfx_kthread+0x10/0x10 [ 113.053481] ret_from_fork+0x116/0x1d0 [ 113.053909] ? __pfx_kthread+0x10/0x10 [ 113.054368] ret_from_fork_asm+0x1a/0x30 [ 113.054549] </TASK> [ 113.054673] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 112.468514] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI