Date
July 9, 2025, 2:07 p.m.
Failure - log-parser-boot/internal-error-oops-oops-smp
[ 94.565812] Internal error: Oops: 0000000096000005 [#1] SMP [ 94.571172] Modules linked in: [ 94.571990] CPU: 1 UID: 0 PID: 532 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 94.573066] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 94.573727] Hardware name: linux,dummy-virt (DT) [ 94.574402] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 94.575260] pc : kunit_test_null_dereference+0x70/0x170 [ 94.575865] lr : kunit_generic_run_threadfn_adapter+0x88/0x100 [ 94.576411] sp : ffff800080f77d30 [ 94.576583] x29: ffff800080f77d90 x28: 0000000000000000 x27: 0000000000000000 [ 94.576943] x26: 1ffe000018caef81 x25: 0000000000000000 x24: 0000000000000004 [ 94.577576] x23: fff00000c6577c0c x22: ffffa8ee940225f8 x21: fff00000c145d508 [ 94.578054] x20: 1ffff000101eefa6 x19: ffff800080087990 x18: 00000000ee5dcca0 [ 94.578611] x17: 0000000000000001 x16: fff00000da474d28 x15: fff00000ff616b08 [ 94.579026] x14: 0000000000018fff x13: 1ffe00001b48e989 x12: fffd80001957362c [ 94.579498] x11: 1ffe00001957362b x10: fffd80001957362b x9 : ffffa8ee94019a60 [ 94.580213] x8 : ffff800080f77c18 x7 : 0000000000000001 x6 : 0000000041b58ab3 [ 94.581002] x5 : ffff7000101eefa6 x4 : 00000000f1f1f1f1 x3 : 0000000000000003 [ 94.581524] x2 : dfff800000000000 x1 : fff00000cab9a880 x0 : ffff800080087990 [ 94.582613] Call trace: [ 94.582856] kunit_test_null_dereference+0x70/0x170 (P) [ 94.583427] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 94.583678] kthread+0x328/0x630 [ 94.583863] ret_from_fork+0x10/0x20 [ 94.584322] Code: b90004a3 d5384101 52800063 aa0003f3 (39c00042) [ 94.584883] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 50.822589] ================================================================== [ 50.822648] BUG: KFENCE: use-after-free read in test_krealloc+0x51c/0x830 [ 50.822648] [ 50.822736] Use-after-free read at 0x0000000022fb041e (in kfence-#152): [ 50.822788] test_krealloc+0x51c/0x830 [ 50.822833] kunit_try_run_case+0x170/0x3f0 [ 50.822878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.822926] kthread+0x328/0x630 [ 50.822966] ret_from_fork+0x10/0x20 [ 50.823008] [ 50.823032] kfence-#152: 0x0000000022fb041e-0x00000000316fbe94, size=32, cache=kmalloc-32 [ 50.823032] [ 50.823104] allocated by task 337 on cpu 0 at 50.821986s (0.001114s ago): [ 50.823174] test_alloc+0x29c/0x628 [ 50.823214] test_krealloc+0xc0/0x830 [ 50.823254] kunit_try_run_case+0x170/0x3f0 [ 50.823294] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.823336] kthread+0x328/0x630 [ 50.823373] ret_from_fork+0x10/0x20 [ 50.823411] [ 50.823433] freed by task 337 on cpu 0 at 50.822203s (0.001226s ago): [ 50.823495] krealloc_noprof+0x148/0x360 [ 50.823536] test_krealloc+0x1dc/0x830 [ 50.823575] kunit_try_run_case+0x170/0x3f0 [ 50.823614] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.823657] kthread+0x328/0x630 [ 50.823691] ret_from_fork+0x10/0x20 [ 50.823731] [ 50.823778] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 50.823865] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 50.823896] Hardware name: linux,dummy-virt (DT) [ 50.823931] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 50.759824] ================================================================== [ 50.759932] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x280/0x560 [ 50.759932] [ 50.760044] Use-after-free read at 0x000000003e66963e (in kfence-#151): [ 50.760114] test_memcache_typesafe_by_rcu+0x280/0x560 [ 50.760167] kunit_try_run_case+0x170/0x3f0 [ 50.760214] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.760260] kthread+0x328/0x630 [ 50.760301] ret_from_fork+0x10/0x20 [ 50.760342] [ 50.760368] kfence-#151: 0x000000003e66963e-0x000000009d43f5ed, size=32, cache=test [ 50.760368] [ 50.760424] allocated by task 335 on cpu 1 at 50.713965s (0.046455s ago): [ 50.760495] test_alloc+0x230/0x628 [ 50.760538] test_memcache_typesafe_by_rcu+0x15c/0x560 [ 50.760582] kunit_try_run_case+0x170/0x3f0 [ 50.760623] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.760667] kthread+0x328/0x630 [ 50.760703] ret_from_fork+0x10/0x20 [ 50.760743] [ 50.760766] freed by task 335 on cpu 1 at 50.714119s (0.046644s ago): [ 50.760825] test_memcache_typesafe_by_rcu+0x1a8/0x560 [ 50.760869] kunit_try_run_case+0x170/0x3f0 [ 50.760908] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 50.760952] kthread+0x328/0x630 [ 50.760989] ret_from_fork+0x10/0x20 [ 50.761027] [ 50.761074] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 50.761174] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 50.761208] Hardware name: linux,dummy-virt (DT) [ 50.761243] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 27.543189] ================================================================== [ 27.543346] BUG: KFENCE: invalid read in test_invalid_access+0xdc/0x1f0 [ 27.543346] [ 27.543453] Invalid read at 0x000000002897dec7: [ 27.543519] test_invalid_access+0xdc/0x1f0 [ 27.543665] kunit_try_run_case+0x170/0x3f0 [ 27.543767] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.543867] kthread+0x328/0x630 [ 27.543919] ret_from_fork+0x10/0x20 [ 27.543975] [ 27.544458] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 27.544585] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.544623] Hardware name: linux,dummy-virt (DT) [ 27.544667] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 27.306304] ================================================================== [ 27.306398] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 27.306398] [ 27.306463] Corrupted memory at 0x00000000121fcecc [ ! . . . . . . . . . . . . . . . ] (in kfence-#146): [ 27.306773] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 27.306823] kunit_try_run_case+0x170/0x3f0 [ 27.306866] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.306909] kthread+0x328/0x630 [ 27.306949] ret_from_fork+0x10/0x20 [ 27.306988] [ 27.307014] kfence-#146: 0x00000000b3b47124-0x000000007106f35c, size=73, cache=kmalloc-96 [ 27.307014] [ 27.307069] allocated by task 325 on cpu 0 at 27.306058s (0.001008s ago): [ 27.307147] test_alloc+0x29c/0x628 [ 27.307189] test_kmalloc_aligned_oob_write+0xbc/0x2c0 [ 27.307232] kunit_try_run_case+0x170/0x3f0 [ 27.307273] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.307316] kthread+0x328/0x630 [ 27.307353] ret_from_fork+0x10/0x20 [ 27.307393] [ 27.307418] freed by task 325 on cpu 0 at 27.306216s (0.001198s ago): [ 27.307481] test_kmalloc_aligned_oob_write+0x214/0x2c0 [ 27.307525] kunit_try_run_case+0x170/0x3f0 [ 27.307566] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.307610] kthread+0x328/0x630 [ 27.307647] ret_from_fork+0x10/0x20 [ 27.307688] [ 27.307729] CPU: 0 UID: 0 PID: 325 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 27.307812] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.307843] Hardware name: linux,dummy-virt (DT) [ 27.307877] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 27.202324] ================================================================== [ 27.202427] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x238/0x468 [ 27.202427] [ 27.202531] Out-of-bounds read at 0x000000000670f5b2 (105B right of kfence-#145): [ 27.202592] test_kmalloc_aligned_oob_read+0x238/0x468 [ 27.202644] kunit_try_run_case+0x170/0x3f0 [ 27.202689] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.202733] kthread+0x328/0x630 [ 27.202774] ret_from_fork+0x10/0x20 [ 27.202815] [ 27.202840] kfence-#145: 0x0000000044640e5e-0x00000000dd715642, size=73, cache=kmalloc-96 [ 27.202840] [ 27.202897] allocated by task 323 on cpu 0 at 27.202055s (0.000838s ago): [ 27.202972] test_alloc+0x29c/0x628 [ 27.203014] test_kmalloc_aligned_oob_read+0x100/0x468 [ 27.203059] kunit_try_run_case+0x170/0x3f0 [ 27.203114] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 27.203159] kthread+0x328/0x630 [ 27.203195] ret_from_fork+0x10/0x20 [ 27.203235] [ 27.203284] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 27.203372] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 27.203404] Hardware name: linux,dummy-virt (DT) [ 27.203440] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 22.108559] ================================================================== [ 22.108653] BUG: KFENCE: memory corruption in test_corruption+0x284/0x378 [ 22.108653] [ 22.108718] Corrupted memory at 0x000000007e92fa71 [ ! ] (in kfence-#96): [ 22.108848] test_corruption+0x284/0x378 [ 22.108897] kunit_try_run_case+0x170/0x3f0 [ 22.108940] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.108987] kthread+0x328/0x630 [ 22.109027] ret_from_fork+0x10/0x20 [ 22.109067] [ 22.109107] kfence-#96: 0x00000000880d4a1a-0x000000002344d83a, size=32, cache=kmalloc-32 [ 22.109107] [ 22.109163] allocated by task 311 on cpu 0 at 22.108247s (0.000912s ago): [ 22.109227] test_alloc+0x29c/0x628 [ 22.109267] test_corruption+0x198/0x378 [ 22.109309] kunit_try_run_case+0x170/0x3f0 [ 22.109348] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.109393] kthread+0x328/0x630 [ 22.109428] ret_from_fork+0x10/0x20 [ 22.109469] [ 22.109492] freed by task 311 on cpu 0 at 22.108388s (0.001100s ago): [ 22.109554] test_corruption+0x284/0x378 [ 22.109618] kunit_try_run_case+0x170/0x3f0 [ 22.109661] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.109706] kthread+0x328/0x630 [ 22.109741] ret_from_fork+0x10/0x20 [ 22.109782] [ 22.109826] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 22.109908] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 22.109940] Hardware name: linux,dummy-virt (DT) [ 22.109974] ================================================================== [ 22.314237] ================================================================== [ 22.314328] BUG: KFENCE: memory corruption in test_corruption+0x1d8/0x378 [ 22.314328] [ 22.314392] Corrupted memory at 0x000000004000af77 [ ! ] (in kfence-#98): [ 22.314507] test_corruption+0x1d8/0x378 [ 22.314555] kunit_try_run_case+0x170/0x3f0 [ 22.314599] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.314645] kthread+0x328/0x630 [ 22.314683] ret_from_fork+0x10/0x20 [ 22.314725] [ 22.314748] kfence-#98: 0x000000002468c895-0x00000000cf0394e3, size=32, cache=test [ 22.314748] [ 22.314802] allocated by task 313 on cpu 0 at 22.314077s (0.000721s ago): [ 22.314865] test_alloc+0x230/0x628 [ 22.314906] test_corruption+0x198/0x378 [ 22.314946] kunit_try_run_case+0x170/0x3f0 [ 22.314986] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.315030] kthread+0x328/0x630 [ 22.315066] ret_from_fork+0x10/0x20 [ 22.315122] [ 22.315146] freed by task 313 on cpu 0 at 22.314151s (0.000991s ago): [ 22.315210] test_corruption+0x1d8/0x378 [ 22.315252] kunit_try_run_case+0x170/0x3f0 [ 22.315295] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.315339] kthread+0x328/0x630 [ 22.315375] ret_from_fork+0x10/0x20 [ 22.315415] [ 22.315456] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 22.315540] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 22.315571] Hardware name: linux,dummy-virt (DT) [ 22.315605] ================================================================== [ 22.210171] ================================================================== [ 22.210264] BUG: KFENCE: memory corruption in test_corruption+0x120/0x378 [ 22.210264] [ 22.210329] Corrupted memory at 0x00000000ba1ef7fb [ ! . . . . . . . . . . . . . . . ] (in kfence-#97): [ 22.210638] test_corruption+0x120/0x378 [ 22.210686] kunit_try_run_case+0x170/0x3f0 [ 22.210731] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.210777] kthread+0x328/0x630 [ 22.210816] ret_from_fork+0x10/0x20 [ 22.210857] [ 22.210880] kfence-#97: 0x00000000cfc0537b-0x000000000e6bb1b3, size=32, cache=test [ 22.210880] [ 22.210937] allocated by task 313 on cpu 0 at 22.210010s (0.000923s ago): [ 22.210999] test_alloc+0x230/0x628 [ 22.211041] test_corruption+0xdc/0x378 [ 22.211093] kunit_try_run_case+0x170/0x3f0 [ 22.211134] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.211179] kthread+0x328/0x630 [ 22.211215] ret_from_fork+0x10/0x20 [ 22.211253] [ 22.211276] freed by task 313 on cpu 0 at 22.210075s (0.001197s ago): [ 22.211338] test_corruption+0x120/0x378 [ 22.211377] kunit_try_run_case+0x170/0x3f0 [ 22.211419] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.211463] kthread+0x328/0x630 [ 22.211498] ret_from_fork+0x10/0x20 [ 22.211536] [ 22.211580] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 22.211663] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 22.211693] Hardware name: linux,dummy-virt (DT) [ 22.211727] ================================================================== [ 22.002270] ================================================================== [ 22.002364] BUG: KFENCE: memory corruption in test_corruption+0x278/0x378 [ 22.002364] [ 22.002427] Corrupted memory at 0x0000000069d86c61 [ ! . . . . . . . . . . . . . . . ] (in kfence-#95): [ 22.002734] test_corruption+0x278/0x378 [ 22.002782] kunit_try_run_case+0x170/0x3f0 [ 22.002826] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.002871] kthread+0x328/0x630 [ 22.002912] ret_from_fork+0x10/0x20 [ 22.002953] [ 22.002976] kfence-#95: 0x000000004577645f-0x0000000059d184a1, size=32, cache=kmalloc-32 [ 22.002976] [ 22.003034] allocated by task 311 on cpu 0 at 22.002062s (0.000968s ago): [ 22.003110] test_alloc+0x29c/0x628 [ 22.003152] test_corruption+0xdc/0x378 [ 22.003193] kunit_try_run_case+0x170/0x3f0 [ 22.003233] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.003278] kthread+0x328/0x630 [ 22.003313] ret_from_fork+0x10/0x20 [ 22.003353] [ 22.003376] freed by task 311 on cpu 0 at 22.002181s (0.001191s ago): [ 22.003435] test_corruption+0x278/0x378 [ 22.003475] kunit_try_run_case+0x170/0x3f0 [ 22.003514] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 22.003557] kthread+0x328/0x630 [ 22.003594] ret_from_fork+0x10/0x20 [ 22.003633] [ 22.003677] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 22.003760] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 22.003791] Hardware name: linux,dummy-virt (DT) [ 22.003826] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 21.794224] ================================================================== [ 21.794317] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1ac/0x238 [ 21.794317] [ 21.794382] Invalid free of 0x00000000307d343e (in kfence-#93): [ 21.794435] test_invalid_addr_free+0x1ac/0x238 [ 21.794482] kunit_try_run_case+0x170/0x3f0 [ 21.794528] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.794571] kthread+0x328/0x630 [ 21.794611] ret_from_fork+0x10/0x20 [ 21.794651] [ 21.794676] kfence-#93: 0x00000000ae7ddc11-0x000000003f968809, size=32, cache=kmalloc-32 [ 21.794676] [ 21.794736] allocated by task 307 on cpu 0 at 21.794046s (0.000687s ago): [ 21.794803] test_alloc+0x29c/0x628 [ 21.794843] test_invalid_addr_free+0xd4/0x238 [ 21.794886] kunit_try_run_case+0x170/0x3f0 [ 21.794925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.794970] kthread+0x328/0x630 [ 21.795005] ret_from_fork+0x10/0x20 [ 21.795046] [ 21.795109] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.795200] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.795231] Hardware name: linux,dummy-virt (DT) [ 21.795267] ================================================================== [ 21.898199] ================================================================== [ 21.898286] BUG: KFENCE: invalid free in test_invalid_addr_free+0xec/0x238 [ 21.898286] [ 21.898353] Invalid free of 0x00000000311bee1e (in kfence-#94): [ 21.898406] test_invalid_addr_free+0xec/0x238 [ 21.898454] kunit_try_run_case+0x170/0x3f0 [ 21.898500] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.898543] kthread+0x328/0x630 [ 21.898585] ret_from_fork+0x10/0x20 [ 21.898625] [ 21.898651] kfence-#94: 0x000000000294e244-0x000000008ed306dd, size=32, cache=test [ 21.898651] [ 21.898705] allocated by task 309 on cpu 1 at 21.898050s (0.000651s ago): [ 21.898769] test_alloc+0x230/0x628 [ 21.898810] test_invalid_addr_free+0xd4/0x238 [ 21.898853] kunit_try_run_case+0x170/0x3f0 [ 21.898894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.898940] kthread+0x328/0x630 [ 21.898977] ret_from_fork+0x10/0x20 [ 21.899018] [ 21.899064] CPU: 1 UID: 0 PID: 309 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.899162] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.899194] Hardware name: linux,dummy-virt (DT) [ 21.899229] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 21.690200] ================================================================== [ 21.690295] BUG: KFENCE: invalid free in test_double_free+0x100/0x238 [ 21.690295] [ 21.690360] Invalid free of 0x000000007e824d38 (in kfence-#92): [ 21.690414] test_double_free+0x100/0x238 [ 21.690461] kunit_try_run_case+0x170/0x3f0 [ 21.690507] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.690553] kthread+0x328/0x630 [ 21.690591] ret_from_fork+0x10/0x20 [ 21.690633] [ 21.690658] kfence-#92: 0x000000007e824d38-0x0000000098aec72b, size=32, cache=test [ 21.690658] [ 21.690713] allocated by task 305 on cpu 1 at 21.689971s (0.000738s ago): [ 21.690778] test_alloc+0x230/0x628 [ 21.690820] test_double_free+0xd4/0x238 [ 21.690862] kunit_try_run_case+0x170/0x3f0 [ 21.690903] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.690947] kthread+0x328/0x630 [ 21.690983] ret_from_fork+0x10/0x20 [ 21.691024] [ 21.691047] freed by task 305 on cpu 1 at 21.690040s (0.001004s ago): [ 21.691125] test_double_free+0xf0/0x238 [ 21.691168] kunit_try_run_case+0x170/0x3f0 [ 21.691210] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.691254] kthread+0x328/0x630 [ 21.691291] ret_from_fork+0x10/0x20 [ 21.691330] [ 21.691377] CPU: 1 UID: 0 PID: 305 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.691463] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.691495] Hardware name: linux,dummy-virt (DT) [ 21.691530] ================================================================== [ 21.587223] ================================================================== [ 21.587354] BUG: KFENCE: invalid free in test_double_free+0x1bc/0x238 [ 21.587354] [ 21.587427] Invalid free of 0x0000000006197827 (in kfence-#91): [ 21.587490] test_double_free+0x1bc/0x238 [ 21.587537] kunit_try_run_case+0x170/0x3f0 [ 21.587585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.587630] kthread+0x328/0x630 [ 21.587670] ret_from_fork+0x10/0x20 [ 21.587710] [ 21.587736] kfence-#91: 0x0000000006197827-0x0000000094c8fe06, size=32, cache=kmalloc-32 [ 21.587736] [ 21.587792] allocated by task 303 on cpu 1 at 21.586240s (0.001548s ago): [ 21.587859] test_alloc+0x29c/0x628 [ 21.587902] test_double_free+0xd4/0x238 [ 21.587942] kunit_try_run_case+0x170/0x3f0 [ 21.587983] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.588037] kthread+0x328/0x630 [ 21.588073] ret_from_fork+0x10/0x20 [ 21.588127] [ 21.588151] freed by task 303 on cpu 1 at 21.586316s (0.001831s ago): [ 21.588216] test_double_free+0x1ac/0x238 [ 21.588257] kunit_try_run_case+0x170/0x3f0 [ 21.588297] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.588341] kthread+0x328/0x630 [ 21.588377] ret_from_fork+0x10/0x20 [ 21.588417] [ 21.588464] CPU: 1 UID: 0 PID: 303 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.588549] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.588579] Hardware name: linux,dummy-virt (DT) [ 21.588615] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 21.170440] ================================================================== [ 21.170556] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 21.170556] [ 21.170663] Use-after-free read at 0x00000000ba64b1f9 (in kfence-#87): [ 21.170717] test_use_after_free_read+0x114/0x248 [ 21.170768] kunit_try_run_case+0x170/0x3f0 [ 21.170815] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.170860] kthread+0x328/0x630 [ 21.170900] ret_from_fork+0x10/0x20 [ 21.170941] [ 21.170965] kfence-#87: 0x00000000ba64b1f9-0x00000000b6ea57d3, size=32, cache=kmalloc-32 [ 21.170965] [ 21.171019] allocated by task 295 on cpu 0 at 21.170111s (0.000904s ago): [ 21.171108] test_alloc+0x29c/0x628 [ 21.171151] test_use_after_free_read+0xd0/0x248 [ 21.171194] kunit_try_run_case+0x170/0x3f0 [ 21.171237] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.171283] kthread+0x328/0x630 [ 21.171321] ret_from_fork+0x10/0x20 [ 21.171361] [ 21.171385] freed by task 295 on cpu 0 at 21.170217s (0.001164s ago): [ 21.171450] test_use_after_free_read+0x1c0/0x248 [ 21.171493] kunit_try_run_case+0x170/0x3f0 [ 21.171535] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.171579] kthread+0x328/0x630 [ 21.171616] ret_from_fork+0x10/0x20 [ 21.171658] [ 21.171706] CPU: 0 UID: 0 PID: 295 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.171791] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.171823] Hardware name: linux,dummy-virt (DT) [ 21.171858] ================================================================== [ 21.274184] ================================================================== [ 21.274287] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x114/0x248 [ 21.274287] [ 21.274381] Use-after-free read at 0x000000008c8d3acd (in kfence-#88): [ 21.274433] test_use_after_free_read+0x114/0x248 [ 21.274483] kunit_try_run_case+0x170/0x3f0 [ 21.274525] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.274571] kthread+0x328/0x630 [ 21.274610] ret_from_fork+0x10/0x20 [ 21.274651] [ 21.274676] kfence-#88: 0x000000008c8d3acd-0x0000000074e35e1b, size=32, cache=test [ 21.274676] [ 21.274728] allocated by task 297 on cpu 0 at 21.273959s (0.000766s ago): [ 21.274800] test_alloc+0x230/0x628 [ 21.274843] test_use_after_free_read+0xd0/0x248 [ 21.274884] kunit_try_run_case+0x170/0x3f0 [ 21.274925] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.274969] kthread+0x328/0x630 [ 21.275004] ret_from_fork+0x10/0x20 [ 21.275045] [ 21.275068] freed by task 297 on cpu 0 at 21.274022s (0.001042s ago): [ 21.275183] test_use_after_free_read+0xf0/0x248 [ 21.275226] kunit_try_run_case+0x170/0x3f0 [ 21.275267] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.275311] kthread+0x328/0x630 [ 21.275348] ret_from_fork+0x10/0x20 [ 21.275387] [ 21.275430] CPU: 0 UID: 0 PID: 297 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.275514] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.275544] Hardware name: linux,dummy-virt (DT) [ 21.275579] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 21.066771] ================================================================== [ 21.066853] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 21.066853] [ 21.066943] Out-of-bounds write at 0x00000000e563b02f (1B left of kfence-#86): [ 21.066999] test_out_of_bounds_write+0x100/0x240 [ 21.067051] kunit_try_run_case+0x170/0x3f0 [ 21.067113] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.067159] kthread+0x328/0x630 [ 21.067200] ret_from_fork+0x10/0x20 [ 21.067242] [ 21.067268] kfence-#86: 0x000000006483277d-0x000000007e404f45, size=32, cache=test [ 21.067268] [ 21.067321] allocated by task 293 on cpu 1 at 21.066689s (0.000629s ago): [ 21.067392] test_alloc+0x230/0x628 [ 21.067433] test_out_of_bounds_write+0xc8/0x240 [ 21.067476] kunit_try_run_case+0x170/0x3f0 [ 21.067515] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 21.067560] kthread+0x328/0x630 [ 21.067597] ret_from_fork+0x10/0x20 [ 21.067636] [ 21.067680] CPU: 1 UID: 0 PID: 293 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 21.067762] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 21.067793] Hardware name: linux,dummy-virt (DT) [ 21.067825] ================================================================== [ 20.756793] ================================================================== [ 20.756913] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x100/0x240 [ 20.756913] [ 20.757019] Out-of-bounds write at 0x00000000d3149fb3 (1B left of kfence-#83): [ 20.757100] test_out_of_bounds_write+0x100/0x240 [ 20.757151] kunit_try_run_case+0x170/0x3f0 [ 20.757198] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.757242] kthread+0x328/0x630 [ 20.757506] ret_from_fork+0x10/0x20 [ 20.757893] [ 20.758383] kfence-#83: 0x000000005c01d891-0x00000000d109f9e3, size=32, cache=kmalloc-32 [ 20.758383] [ 20.758446] allocated by task 291 on cpu 1 at 20.756583s (0.001859s ago): [ 20.758519] test_alloc+0x29c/0x628 [ 20.759106] test_out_of_bounds_write+0xc8/0x240 [ 20.759288] kunit_try_run_case+0x170/0x3f0 [ 20.759442] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.759599] kthread+0x328/0x630 [ 20.759684] ret_from_fork+0x10/0x20 [ 20.759727] [ 20.760043] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 20.760174] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 20.760217] Hardware name: linux,dummy-virt (DT) [ 20.760261] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 20.132468] ================================================================== [ 20.132577] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 20.132577] [ 20.132707] Out-of-bounds read at 0x00000000cc9c64cc (1B left of kfence-#77): [ 20.132785] test_out_of_bounds_read+0x114/0x3e0 [ 20.132840] kunit_try_run_case+0x170/0x3f0 [ 20.132886] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.132933] kthread+0x328/0x630 [ 20.132973] ret_from_fork+0x10/0x20 [ 20.133014] [ 20.133386] kfence-#77: 0x0000000090b6984d-0x00000000d07e5494, size=32, cache=kmalloc-32 [ 20.133386] [ 20.133592] allocated by task 287 on cpu 1 at 20.130544s (0.003042s ago): [ 20.133796] test_alloc+0x29c/0x628 [ 20.133840] test_out_of_bounds_read+0xdc/0x3e0 [ 20.133881] kunit_try_run_case+0x170/0x3f0 [ 20.133922] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.134003] kthread+0x328/0x630 [ 20.134045] ret_from_fork+0x10/0x20 [ 20.134124] [ 20.134987] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 20.135485] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 20.135569] Hardware name: linux,dummy-virt (DT) [ 20.135643] ================================================================== [ 20.443176] ================================================================== [ 20.443298] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x114/0x3e0 [ 20.443298] [ 20.443653] Out-of-bounds read at 0x0000000028c922d6 (1B left of kfence-#80): [ 20.443849] test_out_of_bounds_read+0x114/0x3e0 [ 20.443914] kunit_try_run_case+0x170/0x3f0 [ 20.443961] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.444220] kthread+0x328/0x630 [ 20.444681] ret_from_fork+0x10/0x20 [ 20.444733] [ 20.444759] kfence-#80: 0x000000008ed59899-0x00000000d2a279cd, size=32, cache=test [ 20.444759] [ 20.444971] allocated by task 289 on cpu 1 at 20.442875s (0.002043s ago): [ 20.445105] test_alloc+0x230/0x628 [ 20.445648] test_out_of_bounds_read+0xdc/0x3e0 [ 20.445961] kunit_try_run_case+0x170/0x3f0 [ 20.446129] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.446310] kthread+0x328/0x630 [ 20.446439] ret_from_fork+0x10/0x20 [ 20.446609] [ 20.446664] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 20.447186] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 20.447239] Hardware name: linux,dummy-virt (DT) [ 20.447331] ================================================================== [ 20.552693] ================================================================== [ 20.552927] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 20.552927] [ 20.553064] Out-of-bounds read at 0x000000007b7a105c (32B right of kfence-#81): [ 20.553144] test_out_of_bounds_read+0x1c8/0x3e0 [ 20.553215] kunit_try_run_case+0x170/0x3f0 [ 20.553261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.553314] kthread+0x328/0x630 [ 20.553362] ret_from_fork+0x10/0x20 [ 20.553403] [ 20.553428] kfence-#81: 0x0000000055e70a12-0x00000000cc62459d, size=32, cache=test [ 20.553428] [ 20.553481] allocated by task 289 on cpu 1 at 20.552534s (0.000943s ago): [ 20.553552] test_alloc+0x230/0x628 [ 20.553594] test_out_of_bounds_read+0x198/0x3e0 [ 20.553638] kunit_try_run_case+0x170/0x3f0 [ 20.553679] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.553734] kthread+0x328/0x630 [ 20.553770] ret_from_fork+0x10/0x20 [ 20.553809] [ 20.553850] CPU: 1 UID: 0 PID: 289 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 20.553936] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 20.553977] Hardware name: linux,dummy-virt (DT) [ 20.554011] ================================================================== [ 20.235066] ================================================================== [ 20.235162] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x1c8/0x3e0 [ 20.235162] [ 20.235392] Out-of-bounds read at 0x00000000748bb05e (32B right of kfence-#78): [ 20.235463] test_out_of_bounds_read+0x1c8/0x3e0 [ 20.235547] kunit_try_run_case+0x170/0x3f0 [ 20.235616] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.235681] kthread+0x328/0x630 [ 20.235745] ret_from_fork+0x10/0x20 [ 20.235787] [ 20.235916] kfence-#78: 0x0000000098987003-0x00000000d25a677b, size=32, cache=kmalloc-32 [ 20.235916] [ 20.236077] allocated by task 287 on cpu 1 at 20.234782s (0.001187s ago): [ 20.236171] test_alloc+0x29c/0x628 [ 20.236277] test_out_of_bounds_read+0x198/0x3e0 [ 20.236320] kunit_try_run_case+0x170/0x3f0 [ 20.236379] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 20.236492] kthread+0x328/0x630 [ 20.236548] ret_from_fork+0x10/0x20 [ 20.236616] [ 20.236689] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 20.236776] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 20.236808] Hardware name: linux,dummy-virt (DT) [ 20.236848] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kasan_atomics
[ 19.781316] ================================================================== [ 19.781447] BUG: KFENCE: memory corruption in kasan_atomics+0x1a0/0x2e0 [ 19.781447] [ 19.781543] Corrupted memory at 0x0000000027a40805 [ ! ! ! ! ! ! ! ! . . . . . . . . ] (in kfence-#73): [ 19.785174] kasan_atomics+0x1a0/0x2e0 [ 19.785575] kunit_try_run_case+0x170/0x3f0 [ 19.785785] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.785963] kthread+0x328/0x630 [ 19.786600] ret_from_fork+0x10/0x20 [ 19.786728] [ 19.787702] kfence-#73: 0x00000000d0c7e08c-0x000000007350cf8f, size=48, cache=kmalloc-64 [ 19.787702] [ 19.788528] allocated by task 265 on cpu 1 at 19.711458s (0.076897s ago): [ 19.788758] kasan_atomics+0xb8/0x2e0 [ 19.788842] kunit_try_run_case+0x170/0x3f0 [ 19.788887] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.788934] kthread+0x328/0x630 [ 19.788970] ret_from_fork+0x10/0x20 [ 19.789103] [ 19.789273] freed by task 265 on cpu 1 at 19.780540s (0.008620s ago): [ 19.789374] kasan_atomics+0x1a0/0x2e0 [ 19.789432] kunit_try_run_case+0x170/0x3f0 [ 19.789474] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.789533] kthread+0x328/0x630 [ 19.789568] ret_from_fork+0x10/0x20 [ 19.789868] [ 19.790501] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.790623] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.790791] Hardware name: linux,dummy-virt (DT) [ 19.790921] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 19.984665] ================================================================== [ 19.984729] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x3c/0x2a0 [ 19.985173] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.985261] [ 19.985305] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.985442] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.985477] Hardware name: linux,dummy-virt (DT) [ 19.985522] Call trace: [ 19.985551] show_stack+0x20/0x38 (C) [ 19.985968] dump_stack_lvl+0x8c/0xd0 [ 19.986195] print_report+0x118/0x608 [ 19.986292] kasan_report+0xdc/0x128 [ 19.986350] kasan_check_range+0x100/0x1a8 [ 19.986402] __kasan_check_write+0x20/0x30 [ 19.986449] strncpy_from_user+0x3c/0x2a0 [ 19.986938] copy_user_test_oob+0x5c0/0xec8 [ 19.987112] kunit_try_run_case+0x170/0x3f0 [ 19.987232] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.987319] kthread+0x328/0x630 [ 19.987751] ret_from_fork+0x10/0x20 [ 19.987985] [ 19.988161] Allocated by task 285: [ 19.988252] kasan_save_stack+0x3c/0x68 [ 19.988297] kasan_save_track+0x20/0x40 [ 19.988366] kasan_save_alloc_info+0x40/0x58 [ 19.988835] __kasan_kmalloc+0xd4/0xd8 [ 19.988997] __kmalloc_noprof+0x198/0x4c8 [ 19.989159] kunit_kmalloc_array+0x34/0x88 [ 19.989201] copy_user_test_oob+0xac/0xec8 [ 19.989244] kunit_try_run_case+0x170/0x3f0 [ 19.989340] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.989389] kthread+0x328/0x630 [ 19.989426] ret_from_fork+0x10/0x20 [ 19.989464] [ 19.989487] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.989487] which belongs to the cache kmalloc-128 of size 128 [ 19.989549] The buggy address is located 0 bytes inside of [ 19.989549] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.989778] [ 19.989912] The buggy address belongs to the physical page: [ 19.990462] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.990561] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.991241] page_type: f5(slab) [ 19.991329] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.991659] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.992004] page dumped because: kasan: bad access detected [ 19.992063] [ 19.992329] Memory state around the buggy address: [ 19.992400] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.992528] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.992595] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.992756] ^ [ 19.992823] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.992877] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.993180] ================================================================== [ 19.996080] ================================================================== [ 19.997104] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x270/0x2a0 [ 19.997166] Write of size 1 at addr fff00000c6c2cc78 by task kunit_try_catch/285 [ 19.997416] [ 19.997547] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.997681] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.997750] Hardware name: linux,dummy-virt (DT) [ 19.997797] Call trace: [ 19.997856] show_stack+0x20/0x38 (C) [ 19.998001] dump_stack_lvl+0x8c/0xd0 [ 19.998074] print_report+0x118/0x608 [ 19.998136] kasan_report+0xdc/0x128 [ 19.998185] __asan_report_store1_noabort+0x20/0x30 [ 19.998241] strncpy_from_user+0x270/0x2a0 [ 19.998292] copy_user_test_oob+0x5c0/0xec8 [ 19.998531] kunit_try_run_case+0x170/0x3f0 [ 19.998640] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.998725] kthread+0x328/0x630 [ 19.998823] ret_from_fork+0x10/0x20 [ 19.998910] [ 19.998987] Allocated by task 285: [ 19.999032] kasan_save_stack+0x3c/0x68 [ 19.999075] kasan_save_track+0x20/0x40 [ 19.999128] kasan_save_alloc_info+0x40/0x58 [ 19.999316] __kasan_kmalloc+0xd4/0xd8 [ 19.999411] __kmalloc_noprof+0x198/0x4c8 [ 19.999501] kunit_kmalloc_array+0x34/0x88 [ 19.999638] copy_user_test_oob+0xac/0xec8 [ 19.999733] kunit_try_run_case+0x170/0x3f0 [ 19.999808] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.999854] kthread+0x328/0x630 [ 19.999889] ret_from_fork+0x10/0x20 [ 19.999928] [ 20.000133] The buggy address belongs to the object at fff00000c6c2cc00 [ 20.000133] which belongs to the cache kmalloc-128 of size 128 [ 20.000258] The buggy address is located 0 bytes to the right of [ 20.000258] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 20.000366] [ 20.000436] The buggy address belongs to the physical page: [ 20.000563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 20.000678] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 20.000765] page_type: f5(slab) [ 20.000807] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 20.000862] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.001054] page dumped because: kasan: bad access detected [ 20.001155] [ 20.001216] Memory state around the buggy address: [ 20.001251] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.001329] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.001636] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 20.001720] ^ [ 20.001838] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.001915] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.001966] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 19.948247] ================================================================== [ 19.948771] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3c8/0xec8 [ 19.949160] Read of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.949782] [ 19.949830] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.950713] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.950756] Hardware name: linux,dummy-virt (DT) [ 19.951240] Call trace: [ 19.951308] show_stack+0x20/0x38 (C) [ 19.951680] dump_stack_lvl+0x8c/0xd0 [ 19.952278] print_report+0x118/0x608 [ 19.953018] kasan_report+0xdc/0x128 [ 19.953543] kasan_check_range+0x100/0x1a8 [ 19.954098] __kasan_check_read+0x20/0x30 [ 19.954161] copy_user_test_oob+0x3c8/0xec8 [ 19.954799] kunit_try_run_case+0x170/0x3f0 [ 19.955150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.955475] kthread+0x328/0x630 [ 19.956004] ret_from_fork+0x10/0x20 [ 19.956615] [ 19.956643] Allocated by task 285: [ 19.957200] kasan_save_stack+0x3c/0x68 [ 19.957962] kasan_save_track+0x20/0x40 [ 19.958026] kasan_save_alloc_info+0x40/0x58 [ 19.958072] __kasan_kmalloc+0xd4/0xd8 [ 19.958125] __kmalloc_noprof+0x198/0x4c8 [ 19.959057] kunit_kmalloc_array+0x34/0x88 [ 19.959117] copy_user_test_oob+0xac/0xec8 [ 19.959159] kunit_try_run_case+0x170/0x3f0 [ 19.959202] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.959249] kthread+0x328/0x630 [ 19.960133] ret_from_fork+0x10/0x20 [ 19.960836] [ 19.961243] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.961243] which belongs to the cache kmalloc-128 of size 128 [ 19.961346] The buggy address is located 0 bytes inside of [ 19.961346] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.961459] [ 19.961516] The buggy address belongs to the physical page: [ 19.961580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.961933] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.962179] page_type: f5(slab) [ 19.962636] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.962853] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.962925] page dumped because: kasan: bad access detected [ 19.962960] [ 19.963143] Memory state around the buggy address: [ 19.963359] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.963449] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.963559] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.963905] ^ [ 19.964065] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.964252] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.964344] ================================================================== [ 19.918503] ================================================================== [ 19.918598] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x728/0xec8 [ 19.918657] Read of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.918711] [ 19.918746] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.918878] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.918913] Hardware name: linux,dummy-virt (DT) [ 19.918974] Call trace: [ 19.919045] show_stack+0x20/0x38 (C) [ 19.919159] dump_stack_lvl+0x8c/0xd0 [ 19.919240] print_report+0x118/0x608 [ 19.919307] kasan_report+0xdc/0x128 [ 19.919363] kasan_check_range+0x100/0x1a8 [ 19.919414] __kasan_check_read+0x20/0x30 [ 19.919461] copy_user_test_oob+0x728/0xec8 [ 19.919648] kunit_try_run_case+0x170/0x3f0 [ 19.919723] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.919853] kthread+0x328/0x630 [ 19.919919] ret_from_fork+0x10/0x20 [ 19.919972] [ 19.920060] Allocated by task 285: [ 19.920115] kasan_save_stack+0x3c/0x68 [ 19.920160] kasan_save_track+0x20/0x40 [ 19.920452] kasan_save_alloc_info+0x40/0x58 [ 19.920574] __kasan_kmalloc+0xd4/0xd8 [ 19.920618] __kmalloc_noprof+0x198/0x4c8 [ 19.920683] kunit_kmalloc_array+0x34/0x88 [ 19.920783] copy_user_test_oob+0xac/0xec8 [ 19.920829] kunit_try_run_case+0x170/0x3f0 [ 19.920878] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.920969] kthread+0x328/0x630 [ 19.921037] ret_from_fork+0x10/0x20 [ 19.921094] [ 19.921155] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.921155] which belongs to the cache kmalloc-128 of size 128 [ 19.921236] The buggy address is located 0 bytes inside of [ 19.921236] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.921328] [ 19.921356] The buggy address belongs to the physical page: [ 19.921390] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.921445] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.921607] page_type: f5(slab) [ 19.921677] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.921915] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.922025] page dumped because: kasan: bad access detected [ 19.922121] [ 19.922209] Memory state around the buggy address: [ 19.922279] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.922388] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.922521] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.922629] ^ [ 19.922774] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.922821] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.922885] ================================================================== [ 19.928989] ================================================================== [ 19.929362] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x35c/0xec8 [ 19.929439] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.929496] [ 19.929533] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.929624] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.929657] Hardware name: linux,dummy-virt (DT) [ 19.929691] Call trace: [ 19.929715] show_stack+0x20/0x38 (C) [ 19.929767] dump_stack_lvl+0x8c/0xd0 [ 19.929819] print_report+0x118/0x608 [ 19.929869] kasan_report+0xdc/0x128 [ 19.930022] kasan_check_range+0x100/0x1a8 [ 19.930209] __kasan_check_write+0x20/0x30 [ 19.930256] copy_user_test_oob+0x35c/0xec8 [ 19.930307] kunit_try_run_case+0x170/0x3f0 [ 19.930358] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.931043] kthread+0x328/0x630 [ 19.932258] ret_from_fork+0x10/0x20 [ 19.932313] [ 19.933284] Allocated by task 285: [ 19.933618] kasan_save_stack+0x3c/0x68 [ 19.934249] kasan_save_track+0x20/0x40 [ 19.934305] kasan_save_alloc_info+0x40/0x58 [ 19.934872] __kasan_kmalloc+0xd4/0xd8 [ 19.935326] __kmalloc_noprof+0x198/0x4c8 [ 19.935496] kunit_kmalloc_array+0x34/0x88 [ 19.935757] copy_user_test_oob+0xac/0xec8 [ 19.935805] kunit_try_run_case+0x170/0x3f0 [ 19.936985] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.937203] kthread+0x328/0x630 [ 19.937264] ret_from_fork+0x10/0x20 [ 19.937304] [ 19.937927] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.937927] which belongs to the cache kmalloc-128 of size 128 [ 19.938205] The buggy address is located 0 bytes inside of [ 19.938205] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.939118] [ 19.939476] The buggy address belongs to the physical page: [ 19.939576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.939639] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.939699] page_type: f5(slab) [ 19.939744] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.939799] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.939843] page dumped because: kasan: bad access detected [ 19.939879] [ 19.940906] Memory state around the buggy address: [ 19.941946] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.942036] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.942096] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.942404] ^ [ 19.942911] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.943679] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.943868] ================================================================== [ 19.975613] ================================================================== [ 19.975723] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4a0/0xec8 [ 19.975818] Read of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.976052] [ 19.976214] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.976320] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.976441] Hardware name: linux,dummy-virt (DT) [ 19.976517] Call trace: [ 19.976544] show_stack+0x20/0x38 (C) [ 19.976883] dump_stack_lvl+0x8c/0xd0 [ 19.977278] print_report+0x118/0x608 [ 19.977356] kasan_report+0xdc/0x128 [ 19.977447] kasan_check_range+0x100/0x1a8 [ 19.977542] __kasan_check_read+0x20/0x30 [ 19.977725] copy_user_test_oob+0x4a0/0xec8 [ 19.977965] kunit_try_run_case+0x170/0x3f0 [ 19.978138] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.978247] kthread+0x328/0x630 [ 19.978294] ret_from_fork+0x10/0x20 [ 19.978409] [ 19.978433] Allocated by task 285: [ 19.978473] kasan_save_stack+0x3c/0x68 [ 19.978519] kasan_save_track+0x20/0x40 [ 19.978691] kasan_save_alloc_info+0x40/0x58 [ 19.978744] __kasan_kmalloc+0xd4/0xd8 [ 19.978791] __kmalloc_noprof+0x198/0x4c8 [ 19.978832] kunit_kmalloc_array+0x34/0x88 [ 19.979077] copy_user_test_oob+0xac/0xec8 [ 19.979174] kunit_try_run_case+0x170/0x3f0 [ 19.979335] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.979477] kthread+0x328/0x630 [ 19.979830] ret_from_fork+0x10/0x20 [ 19.979898] [ 19.979973] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.979973] which belongs to the cache kmalloc-128 of size 128 [ 19.980114] The buggy address is located 0 bytes inside of [ 19.980114] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.980480] [ 19.980536] The buggy address belongs to the physical page: [ 19.980645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.980884] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.980960] page_type: f5(slab) [ 19.981308] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.981577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.981713] page dumped because: kasan: bad access detected [ 19.981813] [ 19.981926] Memory state around the buggy address: [ 19.982035] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.982105] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982151] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.982325] ^ [ 19.982377] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982615] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.982684] ================================================================== [ 19.965808] ================================================================== [ 19.966133] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x434/0xec8 [ 19.966206] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.966434] [ 19.966520] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.966698] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.966732] Hardware name: linux,dummy-virt (DT) [ 19.967019] Call trace: [ 19.967274] show_stack+0x20/0x38 (C) [ 19.967372] dump_stack_lvl+0x8c/0xd0 [ 19.967429] print_report+0x118/0x608 [ 19.967760] kasan_report+0xdc/0x128 [ 19.967871] kasan_check_range+0x100/0x1a8 [ 19.968203] __kasan_check_write+0x20/0x30 [ 19.968343] copy_user_test_oob+0x434/0xec8 [ 19.968456] kunit_try_run_case+0x170/0x3f0 [ 19.968841] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.969029] kthread+0x328/0x630 [ 19.969099] ret_from_fork+0x10/0x20 [ 19.969447] [ 19.969558] Allocated by task 285: [ 19.969614] kasan_save_stack+0x3c/0x68 [ 19.969677] kasan_save_track+0x20/0x40 [ 19.969995] kasan_save_alloc_info+0x40/0x58 [ 19.970071] __kasan_kmalloc+0xd4/0xd8 [ 19.970223] __kmalloc_noprof+0x198/0x4c8 [ 19.970427] kunit_kmalloc_array+0x34/0x88 [ 19.970634] copy_user_test_oob+0xac/0xec8 [ 19.970747] kunit_try_run_case+0x170/0x3f0 [ 19.970854] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.970913] kthread+0x328/0x630 [ 19.971112] ret_from_fork+0x10/0x20 [ 19.971369] [ 19.971429] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.971429] which belongs to the cache kmalloc-128 of size 128 [ 19.971802] The buggy address is located 0 bytes inside of [ 19.971802] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.971997] [ 19.972074] The buggy address belongs to the physical page: [ 19.972425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.972594] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.972668] page_type: f5(slab) [ 19.972719] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.973033] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.973143] page dumped because: kasan: bad access detected [ 19.973217] [ 19.973457] Memory state around the buggy address: [ 19.973545] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.973777] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.973861] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.974022] ^ [ 19.974148] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.974250] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.974470] ================================================================== [ 19.907335] ================================================================== [ 19.907762] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x234/0xec8 [ 19.907869] Write of size 121 at addr fff00000c6c2cc00 by task kunit_try_catch/285 [ 19.907988] [ 19.908081] CPU: 1 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.908197] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.908228] Hardware name: linux,dummy-virt (DT) [ 19.908404] Call trace: [ 19.908444] show_stack+0x20/0x38 (C) [ 19.908502] dump_stack_lvl+0x8c/0xd0 [ 19.908556] print_report+0x118/0x608 [ 19.908606] kasan_report+0xdc/0x128 [ 19.908751] kasan_check_range+0x100/0x1a8 [ 19.908842] __kasan_check_write+0x20/0x30 [ 19.908895] copy_user_test_oob+0x234/0xec8 [ 19.909016] kunit_try_run_case+0x170/0x3f0 [ 19.909080] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.909148] kthread+0x328/0x630 [ 19.909194] ret_from_fork+0x10/0x20 [ 19.909266] [ 19.909289] Allocated by task 285: [ 19.909321] kasan_save_stack+0x3c/0x68 [ 19.909368] kasan_save_track+0x20/0x40 [ 19.909566] kasan_save_alloc_info+0x40/0x58 [ 19.909644] __kasan_kmalloc+0xd4/0xd8 [ 19.909720] __kmalloc_noprof+0x198/0x4c8 [ 19.909801] kunit_kmalloc_array+0x34/0x88 [ 19.909864] copy_user_test_oob+0xac/0xec8 [ 19.909903] kunit_try_run_case+0x170/0x3f0 [ 19.909944] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.909991] kthread+0x328/0x630 [ 19.910164] ret_from_fork+0x10/0x20 [ 19.910207] [ 19.910275] The buggy address belongs to the object at fff00000c6c2cc00 [ 19.910275] which belongs to the cache kmalloc-128 of size 128 [ 19.910431] The buggy address is located 0 bytes inside of [ 19.910431] allocated 120-byte region [fff00000c6c2cc00, fff00000c6c2cc78) [ 19.910556] [ 19.910633] The buggy address belongs to the physical page: [ 19.910678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.910754] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.911100] page_type: f5(slab) [ 19.911187] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.911422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.911529] page dumped because: kasan: bad access detected [ 19.911661] [ 19.911760] Memory state around the buggy address: [ 19.911858] fff00000c6c2cb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.911973] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.912109] >fff00000c6c2cc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.912193] ^ [ 19.912274] fff00000c6c2cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.912626] fff00000c6c2cd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.912749] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 19.876519] ================================================================== [ 19.876573] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x8c/0x250 [ 19.876626] Write of size 8 at addr fff00000c6c2cb78 by task kunit_try_catch/281 [ 19.876679] [ 19.876710] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.876800] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.876833] Hardware name: linux,dummy-virt (DT) [ 19.876865] Call trace: [ 19.876889] show_stack+0x20/0x38 (C) [ 19.876942] dump_stack_lvl+0x8c/0xd0 [ 19.876993] print_report+0x118/0x608 [ 19.877044] kasan_report+0xdc/0x128 [ 19.877256] kasan_check_range+0x100/0x1a8 [ 19.877731] __kasan_check_write+0x20/0x30 [ 19.877782] copy_to_kernel_nofault+0x8c/0x250 [ 19.877842] copy_to_kernel_nofault_oob+0x1bc/0x418 [ 19.877894] kunit_try_run_case+0x170/0x3f0 [ 19.878667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.879187] kthread+0x328/0x630 [ 19.879494] ret_from_fork+0x10/0x20 [ 19.879751] [ 19.879845] Allocated by task 281: [ 19.880004] kasan_save_stack+0x3c/0x68 [ 19.880065] kasan_save_track+0x20/0x40 [ 19.880117] kasan_save_alloc_info+0x40/0x58 [ 19.880158] __kasan_kmalloc+0xd4/0xd8 [ 19.880198] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.880359] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.881136] kunit_try_run_case+0x170/0x3f0 [ 19.881185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.881271] kthread+0x328/0x630 [ 19.881305] ret_from_fork+0x10/0x20 [ 19.881345] [ 19.881654] The buggy address belongs to the object at fff00000c6c2cb00 [ 19.881654] which belongs to the cache kmalloc-128 of size 128 [ 19.881721] The buggy address is located 0 bytes to the right of [ 19.881721] allocated 120-byte region [fff00000c6c2cb00, fff00000c6c2cb78) [ 19.881788] [ 19.881843] The buggy address belongs to the physical page: [ 19.881897] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.882108] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.882188] page_type: f5(slab) [ 19.882263] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.882467] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.882566] page dumped because: kasan: bad access detected [ 19.882677] [ 19.882736] Memory state around the buggy address: [ 19.882777] fff00000c6c2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.882824] fff00000c6c2ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.882905] >fff00000c6c2cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.883050] ^ [ 19.883196] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.883255] fff00000c6c2cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.883320] ================================================================== [ 19.869168] ================================================================== [ 19.869617] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x204/0x250 [ 19.869716] Read of size 8 at addr fff00000c6c2cb78 by task kunit_try_catch/281 [ 19.869882] [ 19.869931] CPU: 1 UID: 0 PID: 281 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.870118] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.870186] Hardware name: linux,dummy-virt (DT) [ 19.870235] Call trace: [ 19.870264] show_stack+0x20/0x38 (C) [ 19.870563] dump_stack_lvl+0x8c/0xd0 [ 19.870782] print_report+0x118/0x608 [ 19.870838] kasan_report+0xdc/0x128 [ 19.870888] __asan_report_load8_noabort+0x20/0x30 [ 19.870940] copy_to_kernel_nofault+0x204/0x250 [ 19.870992] copy_to_kernel_nofault_oob+0x158/0x418 [ 19.871273] kunit_try_run_case+0x170/0x3f0 [ 19.871397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.871454] kthread+0x328/0x630 [ 19.871758] ret_from_fork+0x10/0x20 [ 19.871825] [ 19.871845] Allocated by task 281: [ 19.871879] kasan_save_stack+0x3c/0x68 [ 19.871958] kasan_save_track+0x20/0x40 [ 19.871999] kasan_save_alloc_info+0x40/0x58 [ 19.872047] __kasan_kmalloc+0xd4/0xd8 [ 19.872105] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.872148] copy_to_kernel_nofault_oob+0xc8/0x418 [ 19.872235] kunit_try_run_case+0x170/0x3f0 [ 19.872631] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.872827] kthread+0x328/0x630 [ 19.872864] ret_from_fork+0x10/0x20 [ 19.872905] [ 19.872927] The buggy address belongs to the object at fff00000c6c2cb00 [ 19.872927] which belongs to the cache kmalloc-128 of size 128 [ 19.873001] The buggy address is located 0 bytes to the right of [ 19.873001] allocated 120-byte region [fff00000c6c2cb00, fff00000c6c2cb78) [ 19.873068] [ 19.873437] The buggy address belongs to the physical page: [ 19.873486] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c2c [ 19.873608] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.873665] page_type: f5(slab) [ 19.873899] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.873958] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.874002] page dumped because: kasan: bad access detected [ 19.874065] [ 19.874096] Memory state around the buggy address: [ 19.874243] fff00000c6c2ca00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.874305] fff00000c6c2ca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874379] >fff00000c6c2cb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 19.874625] ^ [ 19.874713] fff00000c6c2cb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874765] fff00000c6c2cc00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.874841] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-vmalloc-out-of-bounds-in-vmalloc_oob
[ 19.819445] ================================================================== [ 19.819497] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x51c/0x5d0 [ 19.819551] Read of size 1 at addr ffff8000800fe7f8 by task kunit_try_catch/269 [ 19.820217] [ 19.820270] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.820373] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.820702] Hardware name: linux,dummy-virt (DT) [ 19.820765] Call trace: [ 19.820798] show_stack+0x20/0x38 (C) [ 19.820859] dump_stack_lvl+0x8c/0xd0 [ 19.820914] print_report+0x310/0x608 [ 19.821417] kasan_report+0xdc/0x128 [ 19.821870] __asan_report_load1_noabort+0x20/0x30 [ 19.821958] vmalloc_oob+0x51c/0x5d0 [ 19.822118] kunit_try_run_case+0x170/0x3f0 [ 19.822224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.822285] kthread+0x328/0x630 [ 19.822354] ret_from_fork+0x10/0x20 [ 19.822682] [ 19.822737] The buggy address belongs to the virtual mapping at [ 19.822737] [ffff8000800fe000, ffff800080100000) created by: [ 19.822737] vmalloc_oob+0x98/0x5d0 [ 19.823191] [ 19.823255] The buggy address belongs to the physical page: [ 19.823341] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107759 [ 19.823520] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.823636] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.823752] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.823827] page dumped because: kasan: bad access detected [ 19.823869] [ 19.824172] Memory state around the buggy address: [ 19.824238] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.824388] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.824464] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 19.824533] ^ [ 19.824591] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 19.824643] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 19.824687] ================================================================== [ 19.811355] ================================================================== [ 19.811517] BUG: KASAN: vmalloc-out-of-bounds in vmalloc_oob+0x578/0x5d0 [ 19.811889] Read of size 1 at addr ffff8000800fe7f3 by task kunit_try_catch/269 [ 19.812315] [ 19.812435] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.812535] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.812606] Hardware name: linux,dummy-virt (DT) [ 19.812683] Call trace: [ 19.813015] show_stack+0x20/0x38 (C) [ 19.813205] dump_stack_lvl+0x8c/0xd0 [ 19.813308] print_report+0x310/0x608 [ 19.813446] kasan_report+0xdc/0x128 [ 19.813630] __asan_report_load1_noabort+0x20/0x30 [ 19.813961] vmalloc_oob+0x578/0x5d0 [ 19.814161] kunit_try_run_case+0x170/0x3f0 [ 19.814314] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.814528] kthread+0x328/0x630 [ 19.814611] ret_from_fork+0x10/0x20 [ 19.815113] [ 19.815199] The buggy address belongs to the virtual mapping at [ 19.815199] [ffff8000800fe000, ffff800080100000) created by: [ 19.815199] vmalloc_oob+0x98/0x5d0 [ 19.815356] [ 19.815428] The buggy address belongs to the physical page: [ 19.815778] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107759 [ 19.815922] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.816246] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.816319] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.816385] page dumped because: kasan: bad access detected [ 19.816590] [ 19.816785] Memory state around the buggy address: [ 19.816904] ffff8000800fe680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.817051] ffff8000800fe700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.817222] >ffff8000800fe780: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 f8 [ 19.817314] ^ [ 19.817730] ffff8000800fe800: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 19.817835] ffff8000800fe880: f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 f8 [ 19.817921] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 19.664229] ================================================================== [ 19.664284] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 19.664340] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.664701] [ 19.665013] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.665235] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.665278] Hardware name: linux,dummy-virt (DT) [ 19.665422] Call trace: [ 19.665470] show_stack+0x20/0x38 (C) [ 19.665665] dump_stack_lvl+0x8c/0xd0 [ 19.665734] print_report+0x118/0x608 [ 19.665786] kasan_report+0xdc/0x128 [ 19.665969] kasan_check_range+0x100/0x1a8 [ 19.666173] __kasan_check_write+0x20/0x30 [ 19.666370] kasan_bitops_test_and_modify.constprop.0+0x334/0xbc0 [ 19.666489] kasan_bitops_generic+0x11c/0x1c8 [ 19.666657] kunit_try_run_case+0x170/0x3f0 [ 19.666714] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.667147] kthread+0x328/0x630 [ 19.667268] ret_from_fork+0x10/0x20 [ 19.667513] [ 19.667603] Allocated by task 261: [ 19.667960] kasan_save_stack+0x3c/0x68 [ 19.668063] kasan_save_track+0x20/0x40 [ 19.668737] kasan_save_alloc_info+0x40/0x58 [ 19.668820] __kasan_kmalloc+0xd4/0xd8 [ 19.668896] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.668958] kasan_bitops_generic+0xa0/0x1c8 [ 19.669347] kunit_try_run_case+0x170/0x3f0 [ 19.669615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.669890] kthread+0x328/0x630 [ 19.670111] ret_from_fork+0x10/0x20 [ 19.670250] [ 19.670319] The buggy address belongs to the object at fff00000c58cac60 [ 19.670319] which belongs to the cache kmalloc-16 of size 16 [ 19.670441] The buggy address is located 8 bytes inside of [ 19.670441] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.670505] [ 19.670527] The buggy address belongs to the physical page: [ 19.671022] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.671218] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.671399] page_type: f5(slab) [ 19.671477] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.671577] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.671695] page dumped because: kasan: bad access detected [ 19.671836] [ 19.671926] Memory state around the buggy address: [ 19.672040] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.672312] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.672420] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.672488] ^ [ 19.672538] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.672595] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.672652] ================================================================== [ 19.655322] ================================================================== [ 19.655377] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 19.655470] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.655526] [ 19.655562] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.655651] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.655684] Hardware name: linux,dummy-virt (DT) [ 19.655717] Call trace: [ 19.655744] show_stack+0x20/0x38 (C) [ 19.655807] dump_stack_lvl+0x8c/0xd0 [ 19.655874] print_report+0x118/0x608 [ 19.655930] kasan_report+0xdc/0x128 [ 19.655980] __asan_report_load8_noabort+0x20/0x30 [ 19.656039] kasan_bitops_test_and_modify.constprop.0+0xacc/0xbc0 [ 19.656904] kasan_bitops_generic+0x11c/0x1c8 [ 19.657061] kunit_try_run_case+0x170/0x3f0 [ 19.657145] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.657568] kthread+0x328/0x630 [ 19.657622] ret_from_fork+0x10/0x20 [ 19.658060] [ 19.658197] Allocated by task 261: [ 19.658284] kasan_save_stack+0x3c/0x68 [ 19.658444] kasan_save_track+0x20/0x40 [ 19.658534] kasan_save_alloc_info+0x40/0x58 [ 19.658682] __kasan_kmalloc+0xd4/0xd8 [ 19.658725] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.659061] kasan_bitops_generic+0xa0/0x1c8 [ 19.659151] kunit_try_run_case+0x170/0x3f0 [ 19.659304] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.659462] kthread+0x328/0x630 [ 19.659551] ret_from_fork+0x10/0x20 [ 19.659659] [ 19.659683] The buggy address belongs to the object at fff00000c58cac60 [ 19.659683] which belongs to the cache kmalloc-16 of size 16 [ 19.660027] The buggy address is located 8 bytes inside of [ 19.660027] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.660189] [ 19.660258] The buggy address belongs to the physical page: [ 19.660644] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.660731] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.661103] page_type: f5(slab) [ 19.661303] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.661378] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.661602] page dumped because: kasan: bad access detected [ 19.661824] [ 19.661924] Memory state around the buggy address: [ 19.662058] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.662220] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.662295] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.662340] ^ [ 19.662384] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.662859] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.662952] ================================================================== [ 19.675463] ================================================================== [ 19.675799] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 19.675989] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.676064] [ 19.676109] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.676199] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.676233] Hardware name: linux,dummy-virt (DT) [ 19.676268] Call trace: [ 19.676309] show_stack+0x20/0x38 (C) [ 19.676367] dump_stack_lvl+0x8c/0xd0 [ 19.676419] print_report+0x118/0x608 [ 19.676470] kasan_report+0xdc/0x128 [ 19.676520] __asan_report_load8_noabort+0x20/0x30 [ 19.676575] kasan_bitops_test_and_modify.constprop.0+0xa3c/0xbc0 [ 19.676634] kasan_bitops_generic+0x11c/0x1c8 [ 19.676686] kunit_try_run_case+0x170/0x3f0 [ 19.676738] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.676795] kthread+0x328/0x630 [ 19.676851] ret_from_fork+0x10/0x20 [ 19.676912] [ 19.676942] Allocated by task 261: [ 19.676979] kasan_save_stack+0x3c/0x68 [ 19.677024] kasan_save_track+0x20/0x40 [ 19.677073] kasan_save_alloc_info+0x40/0x58 [ 19.677136] __kasan_kmalloc+0xd4/0xd8 [ 19.677177] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.677219] kasan_bitops_generic+0xa0/0x1c8 [ 19.677259] kunit_try_run_case+0x170/0x3f0 [ 19.677300] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.677347] kthread+0x328/0x630 [ 19.677382] ret_from_fork+0x10/0x20 [ 19.677421] [ 19.677452] The buggy address belongs to the object at fff00000c58cac60 [ 19.677452] which belongs to the cache kmalloc-16 of size 16 [ 19.677512] The buggy address is located 8 bytes inside of [ 19.677512] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.677577] [ 19.678421] The buggy address belongs to the physical page: [ 19.678517] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.679034] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.679108] page_type: f5(slab) [ 19.679465] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.679597] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.679799] page dumped because: kasan: bad access detected [ 19.679942] [ 19.680129] Memory state around the buggy address: [ 19.680403] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.680612] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.680676] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.680727] ^ [ 19.681066] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.681217] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.681329] ================================================================== [ 19.607182] ================================================================== [ 19.607238] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 19.607298] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.607351] [ 19.607384] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.607474] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.607505] Hardware name: linux,dummy-virt (DT) [ 19.607549] Call trace: [ 19.607602] show_stack+0x20/0x38 (C) [ 19.607664] dump_stack_lvl+0x8c/0xd0 [ 19.607717] print_report+0x118/0x608 [ 19.607766] kasan_report+0xdc/0x128 [ 19.607821] kasan_check_range+0x100/0x1a8 [ 19.607873] __kasan_check_write+0x20/0x30 [ 19.607921] kasan_bitops_test_and_modify.constprop.0+0xfc/0xbc0 [ 19.607987] kasan_bitops_generic+0x11c/0x1c8 [ 19.608047] kunit_try_run_case+0x170/0x3f0 [ 19.608915] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.608987] kthread+0x328/0x630 [ 19.609436] ret_from_fork+0x10/0x20 [ 19.609513] [ 19.609605] Allocated by task 261: [ 19.609693] kasan_save_stack+0x3c/0x68 [ 19.609850] kasan_save_track+0x20/0x40 [ 19.609929] kasan_save_alloc_info+0x40/0x58 [ 19.609981] __kasan_kmalloc+0xd4/0xd8 [ 19.610022] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.610066] kasan_bitops_generic+0xa0/0x1c8 [ 19.610297] kunit_try_run_case+0x170/0x3f0 [ 19.610718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.610911] kthread+0x328/0x630 [ 19.611152] ret_from_fork+0x10/0x20 [ 19.611315] [ 19.611422] The buggy address belongs to the object at fff00000c58cac60 [ 19.611422] which belongs to the cache kmalloc-16 of size 16 [ 19.611613] The buggy address is located 8 bytes inside of [ 19.611613] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.611772] [ 19.611830] The buggy address belongs to the physical page: [ 19.611943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.612361] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.612503] page_type: f5(slab) [ 19.612707] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.612834] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.612889] page dumped because: kasan: bad access detected [ 19.613243] [ 19.613288] Memory state around the buggy address: [ 19.613336] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.613540] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.613724] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.613850] ^ [ 19.614041] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.614195] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.614311] ================================================================== [ 19.624580] ================================================================== [ 19.624695] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 19.624885] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.624989] [ 19.625024] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.625294] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.625329] Hardware name: linux,dummy-virt (DT) [ 19.625374] Call trace: [ 19.625440] show_stack+0x20/0x38 (C) [ 19.625675] dump_stack_lvl+0x8c/0xd0 [ 19.625795] print_report+0x118/0x608 [ 19.625894] kasan_report+0xdc/0x128 [ 19.626400] kasan_check_range+0x100/0x1a8 [ 19.626515] __kasan_check_write+0x20/0x30 [ 19.626709] kasan_bitops_test_and_modify.constprop.0+0x1d8/0xbc0 [ 19.626932] kasan_bitops_generic+0x11c/0x1c8 [ 19.627012] kunit_try_run_case+0x170/0x3f0 [ 19.627098] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.627489] kthread+0x328/0x630 [ 19.627619] ret_from_fork+0x10/0x20 [ 19.627810] [ 19.627889] Allocated by task 261: [ 19.628077] kasan_save_stack+0x3c/0x68 [ 19.628206] kasan_save_track+0x20/0x40 [ 19.628526] kasan_save_alloc_info+0x40/0x58 [ 19.628638] __kasan_kmalloc+0xd4/0xd8 [ 19.628792] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.628948] kasan_bitops_generic+0xa0/0x1c8 [ 19.629044] kunit_try_run_case+0x170/0x3f0 [ 19.629229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.629294] kthread+0x328/0x630 [ 19.629599] ret_from_fork+0x10/0x20 [ 19.629754] [ 19.629966] The buggy address belongs to the object at fff00000c58cac60 [ 19.629966] which belongs to the cache kmalloc-16 of size 16 [ 19.630110] The buggy address is located 8 bytes inside of [ 19.630110] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.630559] [ 19.630607] The buggy address belongs to the physical page: [ 19.630660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.630850] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.631310] page_type: f5(slab) [ 19.631561] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.631657] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.631705] page dumped because: kasan: bad access detected [ 19.631738] [ 19.631759] Memory state around the buggy address: [ 19.631797] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.631843] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.631890] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.631932] ^ [ 19.631974] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.632019] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.632115] ================================================================== [ 19.644208] ================================================================== [ 19.644312] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 19.644686] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.644848] [ 19.644893] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.645231] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.645282] Hardware name: linux,dummy-virt (DT) [ 19.645318] Call trace: [ 19.645429] show_stack+0x20/0x38 (C) [ 19.645490] dump_stack_lvl+0x8c/0xd0 [ 19.645544] print_report+0x118/0x608 [ 19.645820] kasan_report+0xdc/0x128 [ 19.645992] kasan_check_range+0x100/0x1a8 [ 19.646053] __kasan_check_write+0x20/0x30 [ 19.646233] kasan_bitops_test_and_modify.constprop.0+0x25c/0xbc0 [ 19.646466] kasan_bitops_generic+0x11c/0x1c8 [ 19.646639] kunit_try_run_case+0x170/0x3f0 [ 19.647051] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.647146] kthread+0x328/0x630 [ 19.647194] ret_from_fork+0x10/0x20 [ 19.647764] [ 19.647933] Allocated by task 261: [ 19.648182] kasan_save_stack+0x3c/0x68 [ 19.648332] kasan_save_track+0x20/0x40 [ 19.648401] kasan_save_alloc_info+0x40/0x58 [ 19.648584] __kasan_kmalloc+0xd4/0xd8 [ 19.648836] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.649099] kasan_bitops_generic+0xa0/0x1c8 [ 19.649315] kunit_try_run_case+0x170/0x3f0 [ 19.649471] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.649523] kthread+0x328/0x630 [ 19.649883] ret_from_fork+0x10/0x20 [ 19.650110] [ 19.650138] The buggy address belongs to the object at fff00000c58cac60 [ 19.650138] which belongs to the cache kmalloc-16 of size 16 [ 19.650301] The buggy address is located 8 bytes inside of [ 19.650301] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.650468] [ 19.650530] The buggy address belongs to the physical page: [ 19.650883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.650984] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.651167] page_type: f5(slab) [ 19.651217] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.651280] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.651618] page dumped because: kasan: bad access detected [ 19.651775] [ 19.651982] Memory state around the buggy address: [ 19.652047] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.652166] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.652520] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.652653] ^ [ 19.652728] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.652793] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.653061] ================================================================== [ 19.682584] ================================================================== [ 19.682637] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 19.682691] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.682745] [ 19.683045] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.683226] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.683262] Hardware name: linux,dummy-virt (DT) [ 19.683577] Call trace: [ 19.683645] show_stack+0x20/0x38 (C) [ 19.684063] dump_stack_lvl+0x8c/0xd0 [ 19.684278] print_report+0x118/0x608 [ 19.684471] kasan_report+0xdc/0x128 [ 19.684660] __asan_report_load8_noabort+0x20/0x30 [ 19.684730] kasan_bitops_test_and_modify.constprop.0+0xa84/0xbc0 [ 19.685053] kasan_bitops_generic+0x11c/0x1c8 [ 19.685228] kunit_try_run_case+0x170/0x3f0 [ 19.685291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.685350] kthread+0x328/0x630 [ 19.685396] ret_from_fork+0x10/0x20 [ 19.685671] [ 19.685836] Allocated by task 261: [ 19.685908] kasan_save_stack+0x3c/0x68 [ 19.686211] kasan_save_track+0x20/0x40 [ 19.686353] kasan_save_alloc_info+0x40/0x58 [ 19.686450] __kasan_kmalloc+0xd4/0xd8 [ 19.686705] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.686962] kasan_bitops_generic+0xa0/0x1c8 [ 19.687127] kunit_try_run_case+0x170/0x3f0 [ 19.687244] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.687453] kthread+0x328/0x630 [ 19.687653] ret_from_fork+0x10/0x20 [ 19.687730] [ 19.687903] The buggy address belongs to the object at fff00000c58cac60 [ 19.687903] which belongs to the cache kmalloc-16 of size 16 [ 19.688133] The buggy address is located 8 bytes inside of [ 19.688133] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.688495] [ 19.688569] The buggy address belongs to the physical page: [ 19.688682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.688752] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.688856] page_type: f5(slab) [ 19.689219] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.689411] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.689488] page dumped because: kasan: bad access detected [ 19.689652] [ 19.689811] Memory state around the buggy address: [ 19.690029] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.690214] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.690352] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.690485] ^ [ 19.690556] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.690657] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.690914] ================================================================== [ 19.615490] ================================================================== [ 19.615737] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 19.615801] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.615855] [ 19.615889] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.616355] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.616727] Hardware name: linux,dummy-virt (DT) [ 19.616779] Call trace: [ 19.616842] show_stack+0x20/0x38 (C) [ 19.616980] dump_stack_lvl+0x8c/0xd0 [ 19.617134] print_report+0x118/0x608 [ 19.617403] kasan_report+0xdc/0x128 [ 19.617660] __asan_report_load8_noabort+0x20/0x30 [ 19.618213] kasan_bitops_test_and_modify.constprop.0+0xa00/0xbc0 [ 19.618777] kasan_bitops_generic+0x11c/0x1c8 [ 19.619038] kunit_try_run_case+0x170/0x3f0 [ 19.619258] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.619320] kthread+0x328/0x630 [ 19.619563] ret_from_fork+0x10/0x20 [ 19.619826] [ 19.619927] Allocated by task 261: [ 19.620081] kasan_save_stack+0x3c/0x68 [ 19.620483] kasan_save_track+0x20/0x40 [ 19.620610] kasan_save_alloc_info+0x40/0x58 [ 19.620706] __kasan_kmalloc+0xd4/0xd8 [ 19.620975] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.621255] kasan_bitops_generic+0xa0/0x1c8 [ 19.621455] kunit_try_run_case+0x170/0x3f0 [ 19.621615] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.621733] kthread+0x328/0x630 [ 19.621818] ret_from_fork+0x10/0x20 [ 19.621911] [ 19.621935] The buggy address belongs to the object at fff00000c58cac60 [ 19.621935] which belongs to the cache kmalloc-16 of size 16 [ 19.621999] The buggy address is located 8 bytes inside of [ 19.621999] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.622067] [ 19.622098] The buggy address belongs to the physical page: [ 19.622155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.622212] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.622281] page_type: f5(slab) [ 19.622330] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.622384] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.622438] page dumped because: kasan: bad access detected [ 19.622481] [ 19.622501] Memory state around the buggy address: [ 19.622535] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.622597] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.622643] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.622684] ^ [ 19.622726] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.622770] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.622819] ================================================================== [ 19.633620] ================================================================== [ 19.633824] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 19.634143] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.634304] [ 19.634389] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.634743] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.634782] Hardware name: linux,dummy-virt (DT) [ 19.634968] Call trace: [ 19.635110] show_stack+0x20/0x38 (C) [ 19.635259] dump_stack_lvl+0x8c/0xd0 [ 19.635371] print_report+0x118/0x608 [ 19.635726] kasan_report+0xdc/0x128 [ 19.635876] __asan_report_load8_noabort+0x20/0x30 [ 19.636550] kasan_bitops_test_and_modify.constprop.0+0xa48/0xbc0 [ 19.636649] kasan_bitops_generic+0x11c/0x1c8 [ 19.636796] kunit_try_run_case+0x170/0x3f0 [ 19.637038] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.637310] kthread+0x328/0x630 [ 19.637423] ret_from_fork+0x10/0x20 [ 19.637745] [ 19.637996] Allocated by task 261: [ 19.638045] kasan_save_stack+0x3c/0x68 [ 19.638111] kasan_save_track+0x20/0x40 [ 19.638492] kasan_save_alloc_info+0x40/0x58 [ 19.638629] __kasan_kmalloc+0xd4/0xd8 [ 19.638684] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.638877] kasan_bitops_generic+0xa0/0x1c8 [ 19.639122] kunit_try_run_case+0x170/0x3f0 [ 19.639181] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.639514] kthread+0x328/0x630 [ 19.639620] ret_from_fork+0x10/0x20 [ 19.639818] [ 19.639858] The buggy address belongs to the object at fff00000c58cac60 [ 19.639858] which belongs to the cache kmalloc-16 of size 16 [ 19.640155] The buggy address is located 8 bytes inside of [ 19.640155] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.640238] [ 19.640589] The buggy address belongs to the physical page: [ 19.640637] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.640699] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.640914] page_type: f5(slab) [ 19.641305] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.641742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.641903] page dumped because: kasan: bad access detected [ 19.641941] [ 19.641961] Memory state around the buggy address: [ 19.642126] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.642339] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.642388] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.642466] ^ [ 19.642520] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.642566] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.642606] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 19.530913] ================================================================== [ 19.531382] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 19.531560] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.531780] [ 19.531815] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.531908] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.532010] Hardware name: linux,dummy-virt (DT) [ 19.532053] Call trace: [ 19.532076] show_stack+0x20/0x38 (C) [ 19.532467] dump_stack_lvl+0x8c/0xd0 [ 19.532551] print_report+0x118/0x608 [ 19.532605] kasan_report+0xdc/0x128 [ 19.532743] __asan_report_load8_noabort+0x20/0x30 [ 19.532817] kasan_bitops_modify.constprop.0+0xa44/0xbc0 [ 19.532934] kasan_bitops_generic+0x110/0x1c8 [ 19.532986] kunit_try_run_case+0x170/0x3f0 [ 19.533056] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.533291] kthread+0x328/0x630 [ 19.533354] ret_from_fork+0x10/0x20 [ 19.533563] [ 19.533611] Allocated by task 261: [ 19.533696] kasan_save_stack+0x3c/0x68 [ 19.533834] kasan_save_track+0x20/0x40 [ 19.533876] kasan_save_alloc_info+0x40/0x58 [ 19.533918] __kasan_kmalloc+0xd4/0xd8 [ 19.533965] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.534161] kasan_bitops_generic+0xa0/0x1c8 [ 19.534378] kunit_try_run_case+0x170/0x3f0 [ 19.534427] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.534730] kthread+0x328/0x630 [ 19.534818] ret_from_fork+0x10/0x20 [ 19.534930] [ 19.535020] The buggy address belongs to the object at fff00000c58cac60 [ 19.535020] which belongs to the cache kmalloc-16 of size 16 [ 19.535239] The buggy address is located 8 bytes inside of [ 19.535239] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.535358] [ 19.535382] The buggy address belongs to the physical page: [ 19.535586] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.535780] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.535907] page_type: f5(slab) [ 19.536329] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.536518] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.536725] page dumped because: kasan: bad access detected [ 19.537000] [ 19.537126] Memory state around the buggy address: [ 19.537215] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.537565] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.537641] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.537917] ^ [ 19.538053] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.538192] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.538323] ================================================================== [ 19.539288] ================================================================== [ 19.539469] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 19.539542] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.539846] [ 19.539899] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.540053] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.540127] Hardware name: linux,dummy-virt (DT) [ 19.540163] Call trace: [ 19.540466] show_stack+0x20/0x38 (C) [ 19.540537] dump_stack_lvl+0x8c/0xd0 [ 19.540781] print_report+0x118/0x608 [ 19.540972] kasan_report+0xdc/0x128 [ 19.541036] kasan_check_range+0x100/0x1a8 [ 19.541104] __kasan_check_write+0x20/0x30 [ 19.541307] kasan_bitops_modify.constprop.0+0x1dc/0xbc0 [ 19.541498] kasan_bitops_generic+0x110/0x1c8 [ 19.541904] kunit_try_run_case+0x170/0x3f0 [ 19.542104] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.542179] kthread+0x328/0x630 [ 19.542522] ret_from_fork+0x10/0x20 [ 19.542656] [ 19.542718] Allocated by task 261: [ 19.542748] kasan_save_stack+0x3c/0x68 [ 19.543164] kasan_save_track+0x20/0x40 [ 19.543293] kasan_save_alloc_info+0x40/0x58 [ 19.543381] __kasan_kmalloc+0xd4/0xd8 [ 19.543441] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.543606] kasan_bitops_generic+0xa0/0x1c8 [ 19.543818] kunit_try_run_case+0x170/0x3f0 [ 19.543951] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.544004] kthread+0x328/0x630 [ 19.544295] ret_from_fork+0x10/0x20 [ 19.544431] [ 19.544488] The buggy address belongs to the object at fff00000c58cac60 [ 19.544488] which belongs to the cache kmalloc-16 of size 16 [ 19.544883] The buggy address is located 8 bytes inside of [ 19.544883] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.545103] [ 19.545154] The buggy address belongs to the physical page: [ 19.545247] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.545308] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.545370] page_type: f5(slab) [ 19.545427] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.545791] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.546152] page dumped because: kasan: bad access detected [ 19.546290] [ 19.546327] Memory state around the buggy address: [ 19.546365] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.546423] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.546477] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.546519] ^ [ 19.546560] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.546606] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.546649] ================================================================== [ 19.555498] ================================================================== [ 19.555559] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 19.555760] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.555874] [ 19.555994] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.556261] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.556308] Hardware name: linux,dummy-virt (DT) [ 19.556343] Call trace: [ 19.556501] show_stack+0x20/0x38 (C) [ 19.556617] dump_stack_lvl+0x8c/0xd0 [ 19.556702] print_report+0x118/0x608 [ 19.556891] kasan_report+0xdc/0x128 [ 19.557041] kasan_check_range+0x100/0x1a8 [ 19.557135] __kasan_check_write+0x20/0x30 [ 19.557202] kasan_bitops_modify.constprop.0+0x2b4/0xbc0 [ 19.557564] kasan_bitops_generic+0x110/0x1c8 [ 19.557654] kunit_try_run_case+0x170/0x3f0 [ 19.557818] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.558183] kthread+0x328/0x630 [ 19.558289] ret_from_fork+0x10/0x20 [ 19.558533] [ 19.558778] Allocated by task 261: [ 19.558909] kasan_save_stack+0x3c/0x68 [ 19.558984] kasan_save_track+0x20/0x40 [ 19.559202] kasan_save_alloc_info+0x40/0x58 [ 19.559419] __kasan_kmalloc+0xd4/0xd8 [ 19.559503] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.559647] kasan_bitops_generic+0xa0/0x1c8 [ 19.559815] kunit_try_run_case+0x170/0x3f0 [ 19.559894] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.560132] kthread+0x328/0x630 [ 19.560353] ret_from_fork+0x10/0x20 [ 19.560428] [ 19.560472] The buggy address belongs to the object at fff00000c58cac60 [ 19.560472] which belongs to the cache kmalloc-16 of size 16 [ 19.560674] The buggy address is located 8 bytes inside of [ 19.560674] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.561043] [ 19.561101] The buggy address belongs to the physical page: [ 19.561833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.561912] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.561992] page_type: f5(slab) [ 19.562135] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.562249] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.562295] page dumped because: kasan: bad access detected [ 19.562330] [ 19.562548] Memory state around the buggy address: [ 19.562705] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.563182] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.563368] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.563815] ^ [ 19.563918] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.564053] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.564234] ================================================================== [ 19.548964] ================================================================== [ 19.549293] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 19.549367] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.549694] [ 19.550035] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.550293] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.550470] Hardware name: linux,dummy-virt (DT) [ 19.550513] Call trace: [ 19.550697] show_stack+0x20/0x38 (C) [ 19.550853] dump_stack_lvl+0x8c/0xd0 [ 19.550994] print_report+0x118/0x608 [ 19.551122] kasan_report+0xdc/0x128 [ 19.551256] __asan_report_load8_noabort+0x20/0x30 [ 19.551355] kasan_bitops_modify.constprop.0+0xa80/0xbc0 [ 19.551417] kasan_bitops_generic+0x110/0x1c8 [ 19.551500] kunit_try_run_case+0x170/0x3f0 [ 19.551562] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.551630] kthread+0x328/0x630 [ 19.551676] ret_from_fork+0x10/0x20 [ 19.551738] [ 19.551767] Allocated by task 261: [ 19.551798] kasan_save_stack+0x3c/0x68 [ 19.551841] kasan_save_track+0x20/0x40 [ 19.551896] kasan_save_alloc_info+0x40/0x58 [ 19.551940] __kasan_kmalloc+0xd4/0xd8 [ 19.551989] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.552034] kasan_bitops_generic+0xa0/0x1c8 [ 19.552075] kunit_try_run_case+0x170/0x3f0 [ 19.552127] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.552173] kthread+0x328/0x630 [ 19.552219] ret_from_fork+0x10/0x20 [ 19.552268] [ 19.552298] The buggy address belongs to the object at fff00000c58cac60 [ 19.552298] which belongs to the cache kmalloc-16 of size 16 [ 19.552359] The buggy address is located 8 bytes inside of [ 19.552359] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.552434] [ 19.552470] The buggy address belongs to the physical page: [ 19.552518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.552574] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.552626] page_type: f5(slab) [ 19.552673] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.552737] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.552790] page dumped because: kasan: bad access detected [ 19.552824] [ 19.552848] Memory state around the buggy address: [ 19.552903] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.552950] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.552996] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.553037] ^ [ 19.553079] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.553805] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.553876] ================================================================== [ 19.585432] ================================================================== [ 19.585484] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 19.585538] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.585591] [ 19.585889] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.587022] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.587079] Hardware name: linux,dummy-virt (DT) [ 19.587178] Call trace: [ 19.587275] show_stack+0x20/0x38 (C) [ 19.587382] dump_stack_lvl+0x8c/0xd0 [ 19.587473] print_report+0x118/0x608 [ 19.587657] kasan_report+0xdc/0x128 [ 19.587930] kasan_check_range+0x100/0x1a8 [ 19.588053] __kasan_check_write+0x20/0x30 [ 19.588231] kasan_bitops_modify.constprop.0+0x3b0/0xbc0 [ 19.588455] kasan_bitops_generic+0x110/0x1c8 [ 19.588620] kunit_try_run_case+0x170/0x3f0 [ 19.588869] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.588988] kthread+0x328/0x630 [ 19.589155] ret_from_fork+0x10/0x20 [ 19.589593] [ 19.589646] Allocated by task 261: [ 19.589787] kasan_save_stack+0x3c/0x68 [ 19.589917] kasan_save_track+0x20/0x40 [ 19.590057] kasan_save_alloc_info+0x40/0x58 [ 19.590117] __kasan_kmalloc+0xd4/0xd8 [ 19.590455] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.590620] kasan_bitops_generic+0xa0/0x1c8 [ 19.591076] kunit_try_run_case+0x170/0x3f0 [ 19.591161] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.591370] kthread+0x328/0x630 [ 19.591539] ret_from_fork+0x10/0x20 [ 19.591952] [ 19.592100] The buggy address belongs to the object at fff00000c58cac60 [ 19.592100] which belongs to the cache kmalloc-16 of size 16 [ 19.592692] The buggy address is located 8 bytes inside of [ 19.592692] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.592794] [ 19.592881] The buggy address belongs to the physical page: [ 19.592943] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.593130] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.593347] page_type: f5(slab) [ 19.593497] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.593554] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.593796] page dumped because: kasan: bad access detected [ 19.593979] [ 19.594143] Memory state around the buggy address: [ 19.594221] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.594270] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.594317] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.594632] ^ [ 19.594847] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.594924] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.595075] ================================================================== [ 19.524595] ================================================================== [ 19.524680] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 19.524981] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.525053] [ 19.525273] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.525380] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.525416] Hardware name: linux,dummy-virt (DT) [ 19.525639] Call trace: [ 19.525764] show_stack+0x20/0x38 (C) [ 19.525963] dump_stack_lvl+0x8c/0xd0 [ 19.526185] print_report+0x118/0x608 [ 19.526349] kasan_report+0xdc/0x128 [ 19.526479] kasan_check_range+0x100/0x1a8 [ 19.526535] __kasan_check_write+0x20/0x30 [ 19.526724] kasan_bitops_modify.constprop.0+0x100/0xbc0 [ 19.526991] kasan_bitops_generic+0x110/0x1c8 [ 19.527145] kunit_try_run_case+0x170/0x3f0 [ 19.527254] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.527315] kthread+0x328/0x630 [ 19.527362] ret_from_fork+0x10/0x20 [ 19.527416] [ 19.527436] Allocated by task 261: [ 19.527480] kasan_save_stack+0x3c/0x68 [ 19.527544] kasan_save_track+0x20/0x40 [ 19.527585] kasan_save_alloc_info+0x40/0x58 [ 19.527638] __kasan_kmalloc+0xd4/0xd8 [ 19.527686] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.527740] kasan_bitops_generic+0xa0/0x1c8 [ 19.527782] kunit_try_run_case+0x170/0x3f0 [ 19.527830] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.527876] kthread+0x328/0x630 [ 19.527911] ret_from_fork+0x10/0x20 [ 19.527951] [ 19.527974] The buggy address belongs to the object at fff00000c58cac60 [ 19.527974] which belongs to the cache kmalloc-16 of size 16 [ 19.528049] The buggy address is located 8 bytes inside of [ 19.528049] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.528135] [ 19.528176] The buggy address belongs to the physical page: [ 19.528214] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.528273] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.528328] page_type: f5(slab) [ 19.528379] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.528432] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.528490] page dumped because: kasan: bad access detected [ 19.528534] [ 19.528554] Memory state around the buggy address: [ 19.528589] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.528644] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.528690] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.528731] ^ [ 19.528772] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.528826] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.528869] ================================================================== [ 19.565599] ================================================================== [ 19.565755] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 19.565817] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.565882] [ 19.565916] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.566362] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.566492] Hardware name: linux,dummy-virt (DT) [ 19.566546] Call trace: [ 19.566571] show_stack+0x20/0x38 (C) [ 19.566660] dump_stack_lvl+0x8c/0xd0 [ 19.567123] print_report+0x118/0x608 [ 19.567189] kasan_report+0xdc/0x128 [ 19.567557] kasan_check_range+0x100/0x1a8 [ 19.567682] __kasan_check_write+0x20/0x30 [ 19.567845] kasan_bitops_modify.constprop.0+0x320/0xbc0 [ 19.568046] kasan_bitops_generic+0x110/0x1c8 [ 19.568414] kunit_try_run_case+0x170/0x3f0 [ 19.568538] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.568644] kthread+0x328/0x630 [ 19.568975] ret_from_fork+0x10/0x20 [ 19.569445] [ 19.569552] Allocated by task 261: [ 19.569588] kasan_save_stack+0x3c/0x68 [ 19.569645] kasan_save_track+0x20/0x40 [ 19.569961] kasan_save_alloc_info+0x40/0x58 [ 19.570046] __kasan_kmalloc+0xd4/0xd8 [ 19.570221] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.570265] kasan_bitops_generic+0xa0/0x1c8 [ 19.570307] kunit_try_run_case+0x170/0x3f0 [ 19.570629] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.570710] kthread+0x328/0x630 [ 19.570865] ret_from_fork+0x10/0x20 [ 19.571203] [ 19.571250] The buggy address belongs to the object at fff00000c58cac60 [ 19.571250] which belongs to the cache kmalloc-16 of size 16 [ 19.571382] The buggy address is located 8 bytes inside of [ 19.571382] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.571450] [ 19.571472] The buggy address belongs to the physical page: [ 19.571536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.571594] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.571672] page_type: f5(slab) [ 19.571726] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.571804] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.571850] page dumped because: kasan: bad access detected [ 19.571884] [ 19.571906] Memory state around the buggy address: [ 19.571949] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.571997] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.572050] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.572130] ^ [ 19.572190] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.572238] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.572278] ================================================================== [ 19.596985] ================================================================== [ 19.597047] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 19.597253] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.597316] [ 19.597349] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.597715] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.597817] Hardware name: linux,dummy-virt (DT) [ 19.597897] Call trace: [ 19.597959] show_stack+0x20/0x38 (C) [ 19.598024] dump_stack_lvl+0x8c/0xd0 [ 19.598207] print_report+0x118/0x608 [ 19.598425] kasan_report+0xdc/0x128 [ 19.598490] __asan_report_load8_noabort+0x20/0x30 [ 19.598671] kasan_bitops_modify.constprop.0+0xa20/0xbc0 [ 19.598936] kasan_bitops_generic+0x110/0x1c8 [ 19.599001] kunit_try_run_case+0x170/0x3f0 [ 19.599281] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.599468] kthread+0x328/0x630 [ 19.599540] ret_from_fork+0x10/0x20 [ 19.599790] [ 19.600060] Allocated by task 261: [ 19.600208] kasan_save_stack+0x3c/0x68 [ 19.600420] kasan_save_track+0x20/0x40 [ 19.600645] kasan_save_alloc_info+0x40/0x58 [ 19.600765] __kasan_kmalloc+0xd4/0xd8 [ 19.600852] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.601129] kasan_bitops_generic+0xa0/0x1c8 [ 19.601542] kunit_try_run_case+0x170/0x3f0 [ 19.601663] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.601972] kthread+0x328/0x630 [ 19.602158] ret_from_fork+0x10/0x20 [ 19.602241] [ 19.602419] The buggy address belongs to the object at fff00000c58cac60 [ 19.602419] which belongs to the cache kmalloc-16 of size 16 [ 19.602678] The buggy address is located 8 bytes inside of [ 19.602678] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.602899] [ 19.603066] The buggy address belongs to the physical page: [ 19.603130] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.603417] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.603606] page_type: f5(slab) [ 19.603769] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.603857] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.604115] page dumped because: kasan: bad access detected [ 19.604262] [ 19.604368] Memory state around the buggy address: [ 19.604409] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.604782] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.604900] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.605151] ^ [ 19.605344] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.605493] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.605538] ================================================================== [ 19.581845] ================================================================== [ 19.581901] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 19.581956] Write of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.582010] [ 19.582044] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.582466] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.582521] Hardware name: linux,dummy-virt (DT) [ 19.582556] Call trace: [ 19.582624] show_stack+0x20/0x38 (C) [ 19.582725] dump_stack_lvl+0x8c/0xd0 [ 19.582782] print_report+0x118/0x608 [ 19.582849] kasan_report+0xdc/0x128 [ 19.583056] kasan_check_range+0x100/0x1a8 [ 19.583139] __kasan_check_write+0x20/0x30 [ 19.583290] kasan_bitops_modify.constprop.0+0x344/0xbc0 [ 19.583356] kasan_bitops_generic+0x110/0x1c8 [ 19.583408] kunit_try_run_case+0x170/0x3f0 [ 19.583458] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.583514] kthread+0x328/0x630 [ 19.583559] ret_from_fork+0x10/0x20 [ 19.583609] [ 19.583643] Allocated by task 261: [ 19.583676] kasan_save_stack+0x3c/0x68 [ 19.583722] kasan_save_track+0x20/0x40 [ 19.583762] kasan_save_alloc_info+0x40/0x58 [ 19.583817] __kasan_kmalloc+0xd4/0xd8 [ 19.583864] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.583905] kasan_bitops_generic+0xa0/0x1c8 [ 19.583951] kunit_try_run_case+0x170/0x3f0 [ 19.583991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.584048] kthread+0x328/0x630 [ 19.584097] ret_from_fork+0x10/0x20 [ 19.584135] [ 19.584167] The buggy address belongs to the object at fff00000c58cac60 [ 19.584167] which belongs to the cache kmalloc-16 of size 16 [ 19.584226] The buggy address is located 8 bytes inside of [ 19.584226] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.584290] [ 19.584312] The buggy address belongs to the physical page: [ 19.584344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.584397] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.584448] page_type: f5(slab) [ 19.584490] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.584543] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.584586] page dumped because: kasan: bad access detected [ 19.584622] [ 19.584651] Memory state around the buggy address: [ 19.584694] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.584740] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.584790] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.584831] ^ [ 19.584874] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.584919] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.584960] ================================================================== [ 19.572733] ================================================================== [ 19.572789] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 19.572870] Read of size 8 at addr fff00000c58cac68 by task kunit_try_catch/261 [ 19.572925] [ 19.572968] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.573059] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.573460] Hardware name: linux,dummy-virt (DT) [ 19.573548] Call trace: [ 19.573575] show_stack+0x20/0x38 (C) [ 19.574040] dump_stack_lvl+0x8c/0xd0 [ 19.574123] print_report+0x118/0x608 [ 19.574219] kasan_report+0xdc/0x128 [ 19.574291] __asan_report_load8_noabort+0x20/0x30 [ 19.574766] kasan_bitops_modify.constprop.0+0xaec/0xbc0 [ 19.575025] kasan_bitops_generic+0x110/0x1c8 [ 19.575265] kunit_try_run_case+0x170/0x3f0 [ 19.575602] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.575697] kthread+0x328/0x630 [ 19.575887] ret_from_fork+0x10/0x20 [ 19.576119] [ 19.576175] Allocated by task 261: [ 19.576428] kasan_save_stack+0x3c/0x68 [ 19.576564] kasan_save_track+0x20/0x40 [ 19.576672] kasan_save_alloc_info+0x40/0x58 [ 19.576788] __kasan_kmalloc+0xd4/0xd8 [ 19.576877] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.577000] kasan_bitops_generic+0xa0/0x1c8 [ 19.577064] kunit_try_run_case+0x170/0x3f0 [ 19.577117] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.577287] kthread+0x328/0x630 [ 19.577502] ret_from_fork+0x10/0x20 [ 19.577703] [ 19.577884] The buggy address belongs to the object at fff00000c58cac60 [ 19.577884] which belongs to the cache kmalloc-16 of size 16 [ 19.577987] The buggy address is located 8 bytes inside of [ 19.577987] allocated 9-byte region [fff00000c58cac60, fff00000c58cac69) [ 19.578188] [ 19.578381] The buggy address belongs to the physical page: [ 19.578429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1058ca [ 19.578572] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.578639] page_type: f5(slab) [ 19.578799] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 19.578886] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 19.579041] page dumped because: kasan: bad access detected [ 19.579108] [ 19.579260] Memory state around the buggy address: [ 19.579470] fff00000c58cab00: 00 02 fc fc 00 02 fc fc 00 05 fc fc fa fb fc fc [ 19.579548] fff00000c58cab80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 19.579637] >fff00000c58cac00: fa fb fc fc fa fb fc fc 00 04 fc fc 00 01 fc fc [ 19.579774] ^ [ 19.579851] fff00000c58cac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.579993] fff00000c58cad00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.580043] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 19.501346] ================================================================== [ 19.501408] BUG: KASAN: slab-use-after-free in strnlen+0x80/0x88 [ 19.501464] Read of size 1 at addr fff00000c7753290 by task kunit_try_catch/259 [ 19.501519] [ 19.501551] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.501890] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.501969] Hardware name: linux,dummy-virt (DT) [ 19.502295] Call trace: [ 19.504150] show_stack+0x20/0x38 (C) [ 19.504388] dump_stack_lvl+0x8c/0xd0 [ 19.505115] print_report+0x118/0x608 [ 19.505192] kasan_report+0xdc/0x128 [ 19.505242] __asan_report_load1_noabort+0x20/0x30 [ 19.505764] strnlen+0x80/0x88 [ 19.505966] kasan_strings+0x478/0xb00 [ 19.506019] kunit_try_run_case+0x170/0x3f0 [ 19.506658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.506955] kthread+0x328/0x630 [ 19.507291] ret_from_fork+0x10/0x20 [ 19.507535] [ 19.508152] Allocated by task 259: [ 19.508438] kasan_save_stack+0x3c/0x68 [ 19.509188] kasan_save_track+0x20/0x40 [ 19.509262] kasan_save_alloc_info+0x40/0x58 [ 19.509308] __kasan_kmalloc+0xd4/0xd8 [ 19.509665] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.509789] kasan_strings+0xc8/0xb00 [ 19.509848] kunit_try_run_case+0x170/0x3f0 [ 19.509933] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.510017] kthread+0x328/0x630 [ 19.510056] ret_from_fork+0x10/0x20 [ 19.510120] [ 19.510144] Freed by task 259: [ 19.510174] kasan_save_stack+0x3c/0x68 [ 19.510510] kasan_save_track+0x20/0x40 [ 19.510559] kasan_save_free_info+0x4c/0x78 [ 19.510602] __kasan_slab_free+0x6c/0x98 [ 19.510641] kfree+0x214/0x3c8 [ 19.510676] kasan_strings+0x24c/0xb00 [ 19.510714] kunit_try_run_case+0x170/0x3f0 [ 19.510755] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.510800] kthread+0x328/0x630 [ 19.510835] ret_from_fork+0x10/0x20 [ 19.510873] [ 19.510893] The buggy address belongs to the object at fff00000c7753280 [ 19.510893] which belongs to the cache kmalloc-32 of size 32 [ 19.510959] The buggy address is located 16 bytes inside of [ 19.510959] freed 32-byte region [fff00000c7753280, fff00000c77532a0) [ 19.511026] [ 19.511049] The buggy address belongs to the physical page: [ 19.511099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107753 [ 19.511181] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.511269] page_type: f5(slab) [ 19.511368] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.511463] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.511649] page dumped because: kasan: bad access detected [ 19.511685] [ 19.511876] Memory state around the buggy address: [ 19.511975] fff00000c7753180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.512057] fff00000c7753200: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.512155] >fff00000c7753280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.512222] ^ [ 19.512309] fff00000c7753300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.512437] fff00000c7753380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.512491] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 19.486907] ================================================================== [ 19.486964] BUG: KASAN: slab-use-after-free in strlen+0xa8/0xb0 [ 19.487838] Read of size 1 at addr fff00000c7753290 by task kunit_try_catch/259 [ 19.487917] [ 19.488078] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.488290] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.488327] Hardware name: linux,dummy-virt (DT) [ 19.488556] Call trace: [ 19.488735] show_stack+0x20/0x38 (C) [ 19.488905] dump_stack_lvl+0x8c/0xd0 [ 19.488989] print_report+0x118/0x608 [ 19.489042] kasan_report+0xdc/0x128 [ 19.489173] __asan_report_load1_noabort+0x20/0x30 [ 19.489231] strlen+0xa8/0xb0 [ 19.489294] kasan_strings+0x418/0xb00 [ 19.489484] kunit_try_run_case+0x170/0x3f0 [ 19.489553] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.489847] kthread+0x328/0x630 [ 19.490045] ret_from_fork+0x10/0x20 [ 19.490164] [ 19.490186] Allocated by task 259: [ 19.490218] kasan_save_stack+0x3c/0x68 [ 19.490261] kasan_save_track+0x20/0x40 [ 19.490568] kasan_save_alloc_info+0x40/0x58 [ 19.490749] __kasan_kmalloc+0xd4/0xd8 [ 19.490818] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.491028] kasan_strings+0xc8/0xb00 [ 19.491248] kunit_try_run_case+0x170/0x3f0 [ 19.491374] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.491529] kthread+0x328/0x630 [ 19.491792] ret_from_fork+0x10/0x20 [ 19.491921] [ 19.492061] Freed by task 259: [ 19.492224] kasan_save_stack+0x3c/0x68 [ 19.492302] kasan_save_track+0x20/0x40 [ 19.492365] kasan_save_free_info+0x4c/0x78 [ 19.492673] __kasan_slab_free+0x6c/0x98 [ 19.492719] kfree+0x214/0x3c8 [ 19.493058] kasan_strings+0x24c/0xb00 [ 19.493219] kunit_try_run_case+0x170/0x3f0 [ 19.493310] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.493462] kthread+0x328/0x630 [ 19.493540] ret_from_fork+0x10/0x20 [ 19.493976] [ 19.494028] The buggy address belongs to the object at fff00000c7753280 [ 19.494028] which belongs to the cache kmalloc-32 of size 32 [ 19.494708] The buggy address is located 16 bytes inside of [ 19.494708] freed 32-byte region [fff00000c7753280, fff00000c77532a0) [ 19.494818] [ 19.494862] The buggy address belongs to the physical page: [ 19.494929] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107753 [ 19.495421] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.495538] page_type: f5(slab) [ 19.495671] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.495753] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.495867] page dumped because: kasan: bad access detected [ 19.495938] [ 19.495959] Memory state around the buggy address: [ 19.496200] fff00000c7753180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.496386] fff00000c7753200: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.497378] >fff00000c7753280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.497445] ^ [ 19.497612] fff00000c7753300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.498275] fff00000c7753380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.498330] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 19.474800] ================================================================== [ 19.475114] BUG: KASAN: slab-use-after-free in kasan_strings+0x95c/0xb00 [ 19.475183] Read of size 1 at addr fff00000c7753290 by task kunit_try_catch/259 [ 19.475238] [ 19.475514] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.475628] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.475696] Hardware name: linux,dummy-virt (DT) [ 19.475732] Call trace: [ 19.475953] show_stack+0x20/0x38 (C) [ 19.476173] dump_stack_lvl+0x8c/0xd0 [ 19.476271] print_report+0x118/0x608 [ 19.476414] kasan_report+0xdc/0x128 [ 19.476800] __asan_report_load1_noabort+0x20/0x30 [ 19.476894] kasan_strings+0x95c/0xb00 [ 19.476955] kunit_try_run_case+0x170/0x3f0 [ 19.477170] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.477350] kthread+0x328/0x630 [ 19.477406] ret_from_fork+0x10/0x20 [ 19.477628] [ 19.477679] Allocated by task 259: [ 19.478174] kasan_save_stack+0x3c/0x68 [ 19.478336] kasan_save_track+0x20/0x40 [ 19.478471] kasan_save_alloc_info+0x40/0x58 [ 19.478551] __kasan_kmalloc+0xd4/0xd8 [ 19.478883] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.479230] kasan_strings+0xc8/0xb00 [ 19.479545] kunit_try_run_case+0x170/0x3f0 [ 19.479800] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.479981] kthread+0x328/0x630 [ 19.480186] ret_from_fork+0x10/0x20 [ 19.480414] [ 19.480474] Freed by task 259: [ 19.480564] kasan_save_stack+0x3c/0x68 [ 19.480730] kasan_save_track+0x20/0x40 [ 19.481138] kasan_save_free_info+0x4c/0x78 [ 19.481486] __kasan_slab_free+0x6c/0x98 [ 19.481590] kfree+0x214/0x3c8 [ 19.481966] kasan_strings+0x24c/0xb00 [ 19.482077] kunit_try_run_case+0x170/0x3f0 [ 19.482223] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.482313] kthread+0x328/0x630 [ 19.482643] ret_from_fork+0x10/0x20 [ 19.482748] [ 19.482849] The buggy address belongs to the object at fff00000c7753280 [ 19.482849] which belongs to the cache kmalloc-32 of size 32 [ 19.482986] The buggy address is located 16 bytes inside of [ 19.482986] freed 32-byte region [fff00000c7753280, fff00000c77532a0) [ 19.483166] [ 19.483226] The buggy address belongs to the physical page: [ 19.483372] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107753 [ 19.483765] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.483848] page_type: f5(slab) [ 19.484012] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.484218] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.484346] page dumped because: kasan: bad access detected [ 19.484383] [ 19.484564] Memory state around the buggy address: [ 19.484719] fff00000c7753180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.484912] fff00000c7753200: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.485043] >fff00000c7753280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.485141] ^ [ 19.485327] fff00000c7753300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.485380] fff00000c7753380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.486027] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 19.464899] ================================================================== [ 19.464975] BUG: KASAN: slab-use-after-free in strcmp+0xc0/0xc8 [ 19.465180] Read of size 1 at addr fff00000c7753290 by task kunit_try_catch/259 [ 19.465242] [ 19.465546] CPU: 1 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.465728] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.466074] Hardware name: linux,dummy-virt (DT) [ 19.466123] Call trace: [ 19.466154] show_stack+0x20/0x38 (C) [ 19.466214] dump_stack_lvl+0x8c/0xd0 [ 19.466585] print_report+0x118/0x608 [ 19.466786] kasan_report+0xdc/0x128 [ 19.466903] __asan_report_load1_noabort+0x20/0x30 [ 19.467255] strcmp+0xc0/0xc8 [ 19.467365] kasan_strings+0x340/0xb00 [ 19.467520] kunit_try_run_case+0x170/0x3f0 [ 19.467719] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.467813] kthread+0x328/0x630 [ 19.468168] ret_from_fork+0x10/0x20 [ 19.468285] [ 19.468373] Allocated by task 259: [ 19.468883] kasan_save_stack+0x3c/0x68 [ 19.468989] kasan_save_track+0x20/0x40 [ 19.469283] kasan_save_alloc_info+0x40/0x58 [ 19.469421] __kasan_kmalloc+0xd4/0xd8 [ 19.469540] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.469609] kasan_strings+0xc8/0xb00 [ 19.469749] kunit_try_run_case+0x170/0x3f0 [ 19.469808] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.469867] kthread+0x328/0x630 [ 19.470167] ret_from_fork+0x10/0x20 [ 19.470512] [ 19.470577] Freed by task 259: [ 19.470705] kasan_save_stack+0x3c/0x68 [ 19.470799] kasan_save_track+0x20/0x40 [ 19.470922] kasan_save_free_info+0x4c/0x78 [ 19.471116] __kasan_slab_free+0x6c/0x98 [ 19.471271] kfree+0x214/0x3c8 [ 19.471381] kasan_strings+0x24c/0xb00 [ 19.471584] kunit_try_run_case+0x170/0x3f0 [ 19.471761] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.471816] kthread+0x328/0x630 [ 19.471876] ret_from_fork+0x10/0x20 [ 19.471925] [ 19.471947] The buggy address belongs to the object at fff00000c7753280 [ 19.471947] which belongs to the cache kmalloc-32 of size 32 [ 19.472050] The buggy address is located 16 bytes inside of [ 19.472050] freed 32-byte region [fff00000c7753280, fff00000c77532a0) [ 19.472142] [ 19.472198] The buggy address belongs to the physical page: [ 19.472235] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107753 [ 19.472313] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.472368] page_type: f5(slab) [ 19.472426] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.472486] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.472544] page dumped because: kasan: bad access detected [ 19.472588] [ 19.472608] Memory state around the buggy address: [ 19.472656] fff00000c7753180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.472707] fff00000c7753200: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.472770] >fff00000c7753280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.472816] ^ [ 19.472850] fff00000c7753300: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.472923] fff00000c7753380: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.472969] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 19.441304] ================================================================== [ 19.441373] BUG: KASAN: slab-out-of-bounds in memcmp+0x198/0x1d8 [ 19.441440] Read of size 1 at addr fff00000c77530d8 by task kunit_try_catch/257 [ 19.441499] [ 19.441543] CPU: 1 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.442630] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.442706] Hardware name: linux,dummy-virt (DT) [ 19.442750] Call trace: [ 19.443145] show_stack+0x20/0x38 (C) [ 19.443245] dump_stack_lvl+0x8c/0xd0 [ 19.443587] print_report+0x118/0x608 [ 19.443714] kasan_report+0xdc/0x128 [ 19.443836] __asan_report_load1_noabort+0x20/0x30 [ 19.444211] memcmp+0x198/0x1d8 [ 19.444360] kasan_memcmp+0x16c/0x300 [ 19.444514] kunit_try_run_case+0x170/0x3f0 [ 19.444821] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.444944] kthread+0x328/0x630 [ 19.445022] ret_from_fork+0x10/0x20 [ 19.445363] [ 19.445428] Allocated by task 257: [ 19.445494] kasan_save_stack+0x3c/0x68 [ 19.445620] kasan_save_track+0x20/0x40 [ 19.445791] kasan_save_alloc_info+0x40/0x58 [ 19.445838] __kasan_kmalloc+0xd4/0xd8 [ 19.445888] __kmalloc_cache_noprof+0x16c/0x3c0 [ 19.445935] kasan_memcmp+0xbc/0x300 [ 19.446301] kunit_try_run_case+0x170/0x3f0 [ 19.446426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.446513] kthread+0x328/0x630 [ 19.446880] ret_from_fork+0x10/0x20 [ 19.446960] [ 19.447017] The buggy address belongs to the object at fff00000c77530c0 [ 19.447017] which belongs to the cache kmalloc-32 of size 32 [ 19.447175] The buggy address is located 0 bytes to the right of [ 19.447175] allocated 24-byte region [fff00000c77530c0, fff00000c77530d8) [ 19.447251] [ 19.447275] The buggy address belongs to the physical page: [ 19.447609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107753 [ 19.447704] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.447922] page_type: f5(slab) [ 19.448010] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 19.448445] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.448660] page dumped because: kasan: bad access detected [ 19.448898] [ 19.448927] Memory state around the buggy address: [ 19.449165] fff00000c7752f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.449543] fff00000c7753000: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 19.449691] >fff00000c7753080: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.449890] ^ [ 19.449969] fff00000c7753100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.450162] fff00000c7753180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.450398] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 19.409677] ================================================================== [ 19.409743] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x2dc/0x340 [ 19.409812] Read of size 1 at addr ffff800080a77b4a by task kunit_try_catch/253 [ 19.409867] [ 19.409909] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.410003] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.410035] Hardware name: linux,dummy-virt (DT) [ 19.410071] Call trace: [ 19.411451] show_stack+0x20/0x38 (C) [ 19.411760] dump_stack_lvl+0x8c/0xd0 [ 19.411856] print_report+0x310/0x608 [ 19.411927] kasan_report+0xdc/0x128 [ 19.411979] __asan_report_load1_noabort+0x20/0x30 [ 19.412075] kasan_alloca_oob_right+0x2dc/0x340 [ 19.412161] kunit_try_run_case+0x170/0x3f0 [ 19.412224] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.412289] kthread+0x328/0x630 [ 19.412345] ret_from_fork+0x10/0x20 [ 19.412403] [ 19.412434] The buggy address belongs to stack of task kunit_try_catch/253 [ 19.412499] [ 19.412538] The buggy address belongs to the virtual mapping at [ 19.412538] [ffff800080a70000, ffff800080a79000) created by: [ 19.412538] kernel_clone+0x150/0x7a8 [ 19.412623] [ 19.412650] The buggy address belongs to the physical page: [ 19.412686] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c15 [ 19.412764] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.412843] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.412910] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.412970] page dumped because: kasan: bad access detected [ 19.413013] [ 19.413042] Memory state around the buggy address: [ 19.413081] ffff800080a77a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.413970] ffff800080a77a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.414025] >ffff800080a77b00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 19.414100] ^ [ 19.414144] ffff800080a77b80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 19.414529] ffff800080a77c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 19.414620] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 19.392797] ================================================================== [ 19.392894] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x2b8/0x310 [ 19.392968] Read of size 1 at addr ffff800080a77b5f by task kunit_try_catch/251 [ 19.393025] [ 19.393067] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.393178] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.393215] Hardware name: linux,dummy-virt (DT) [ 19.393249] Call trace: [ 19.393275] show_stack+0x20/0x38 (C) [ 19.393331] dump_stack_lvl+0x8c/0xd0 [ 19.393383] print_report+0x310/0x608 [ 19.393432] kasan_report+0xdc/0x128 [ 19.393483] __asan_report_load1_noabort+0x20/0x30 [ 19.394099] kasan_alloca_oob_left+0x2b8/0x310 [ 19.394179] kunit_try_run_case+0x170/0x3f0 [ 19.394235] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.394835] kthread+0x328/0x630 [ 19.394997] ret_from_fork+0x10/0x20 [ 19.395116] [ 19.395230] The buggy address belongs to stack of task kunit_try_catch/251 [ 19.395608] [ 19.395699] The buggy address belongs to the virtual mapping at [ 19.395699] [ffff800080a70000, ffff800080a79000) created by: [ 19.395699] kernel_clone+0x150/0x7a8 [ 19.395843] [ 19.395957] The buggy address belongs to the physical page: [ 19.396012] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c15 [ 19.396156] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.396254] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.396337] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.396658] page dumped because: kasan: bad access detected [ 19.396830] [ 19.396989] Memory state around the buggy address: [ 19.397094] ffff800080a77a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.397555] ffff800080a77a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.397750] >ffff800080a77b00: 00 00 00 00 00 00 00 00 ca ca ca ca 00 02 cb cb [ 19.397970] ^ [ 19.398107] ffff800080a77b80: cb cb cb cb 00 00 00 00 f1 f1 f1 f1 01 f2 04 f2 [ 19.398183] ffff800080a77c00: 00 f2 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 19.398286] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 19.372469] ================================================================== [ 19.372560] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x238/0x270 [ 19.372662] Read of size 1 at addr ffff800080a77c2a by task kunit_try_catch/249 [ 19.372719] [ 19.372760] CPU: 1 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.372854] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.372887] Hardware name: linux,dummy-virt (DT) [ 19.372929] Call trace: [ 19.372962] show_stack+0x20/0x38 (C) [ 19.373017] dump_stack_lvl+0x8c/0xd0 [ 19.373072] print_report+0x310/0x608 [ 19.373136] kasan_report+0xdc/0x128 [ 19.373184] __asan_report_load1_noabort+0x20/0x30 [ 19.373239] kasan_stack_oob+0x238/0x270 [ 19.373285] kunit_try_run_case+0x170/0x3f0 [ 19.373337] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.373396] kthread+0x328/0x630 [ 19.373441] ret_from_fork+0x10/0x20 [ 19.373496] [ 19.373558] The buggy address belongs to stack of task kunit_try_catch/249 [ 19.374611] and is located at offset 138 in frame: [ 19.375732] kasan_stack_oob+0x0/0x270 [ 19.376064] [ 19.376178] This frame has 4 objects: [ 19.377323] [48, 49) '__assertion' [ 19.377518] [64, 72) 'array' [ 19.377592] [96, 112) '__assertion' [ 19.377802] [128, 138) 'stack_array' [ 19.377877] [ 19.377918] The buggy address belongs to the virtual mapping at [ 19.377918] [ffff800080a70000, ffff800080a79000) created by: [ 19.377918] kernel_clone+0x150/0x7a8 [ 19.378465] [ 19.378609] The buggy address belongs to the physical page: [ 19.378684] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c15 [ 19.378841] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.379071] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.379231] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.379316] page dumped because: kasan: bad access detected [ 19.379444] [ 19.379473] Memory state around the buggy address: [ 19.379790] ffff800080a77b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.379915] ffff800080a77b80: 00 00 00 00 f1 f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 [ 19.380096] >ffff800080a77c00: 00 00 f2 f2 00 02 f3 f3 00 00 00 00 00 00 00 00 [ 19.380143] ^ [ 19.380460] ffff800080a77c80: 00 00 00 00 00 00 00 00 f1 f1 f1 f1 00 00 f2 f2 [ 19.380596] ffff800080a77d00: 00 00 f2 f2 00 00 f3 f3 00 00 00 00 00 00 00 00 [ 19.380673] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 19.349442] ================================================================== [ 19.349866] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x230/0x270 [ 19.350002] Read of size 1 at addr ffffa8ee9a94f58d by task kunit_try_catch/245 [ 19.350239] [ 19.350396] CPU: 1 UID: 0 PID: 245 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.350578] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.350626] Hardware name: linux,dummy-virt (DT) [ 19.350660] Call trace: [ 19.350694] show_stack+0x20/0x38 (C) [ 19.350757] dump_stack_lvl+0x8c/0xd0 [ 19.351078] print_report+0x310/0x608 [ 19.351223] kasan_report+0xdc/0x128 [ 19.351560] __asan_report_load1_noabort+0x20/0x30 [ 19.351725] kasan_global_oob_right+0x230/0x270 [ 19.351830] kunit_try_run_case+0x170/0x3f0 [ 19.351886] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.351961] kthread+0x328/0x630 [ 19.352028] ret_from_fork+0x10/0x20 [ 19.352117] [ 19.352608] The buggy address belongs to the variable: [ 19.352972] global_array+0xd/0x40 [ 19.353122] [ 19.353565] The buggy address belongs to the virtual mapping at [ 19.353565] [ffffa8ee98b00000, ffffa8ee9aa01000) created by: [ 19.353565] paging_init+0x66c/0x7d0 [ 19.353688] [ 19.354153] The buggy address belongs to the physical page: [ 19.354200] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x47d4f [ 19.354352] flags: 0x3fffe0000002000(reserved|node=0|zone=0|lastcpupid=0x1ffff) [ 19.354453] raw: 03fffe0000002000 ffffc1ffc01f53c8 ffffc1ffc01f53c8 0000000000000000 [ 19.354813] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.354893] page dumped because: kasan: bad access detected [ 19.355135] [ 19.355320] Memory state around the buggy address: [ 19.355419] ffffa8ee9a94f480: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.355827] ffffa8ee9a94f500: 00 00 00 00 00 00 00 00 02 f9 f9 f9 f9 f9 f9 f9 [ 19.355915] >ffffa8ee9a94f580: 00 02 f9 f9 f9 f9 f9 f9 04 f9 f9 f9 f9 f9 f9 f9 [ 19.356016] ^ [ 19.356152] ffffa8ee9a94f600: 00 f9 f9 f9 f9 f9 f9 f9 01 f9 f9 f9 f9 f9 f9 f9 [ 19.356266] ffffa8ee9a94f680: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.356330] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 19.335463] ================================================================== [ 19.335624] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.335714] Free of addr fff00000c78b8001 by task kunit_try_catch/243 [ 19.335782] [ 19.335848] CPU: 1 UID: 0 PID: 243 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.336046] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.336438] Hardware name: linux,dummy-virt (DT) [ 19.336543] Call trace: [ 19.336621] show_stack+0x20/0x38 (C) [ 19.336717] dump_stack_lvl+0x8c/0xd0 [ 19.336916] print_report+0x118/0x608 [ 19.336976] kasan_report_invalid_free+0xc0/0xe8 [ 19.337031] __kasan_mempool_poison_object+0xfc/0x150 [ 19.337102] mempool_free+0x28c/0x328 [ 19.337292] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.337607] mempool_kmalloc_large_invalid_free+0xc0/0x118 [ 19.337735] kunit_try_run_case+0x170/0x3f0 [ 19.337951] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.338066] kthread+0x328/0x630 [ 19.338411] ret_from_fork+0x10/0x20 [ 19.338564] [ 19.338612] The buggy address belongs to the physical page: [ 19.338649] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1078b8 [ 19.338725] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.338790] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.338859] page_type: f8(unknown) [ 19.338909] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.338968] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.339025] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.339114] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.339426] head: 0bfffe0000000002 ffffc1ffc31e2e01 00000000ffffffff 00000000ffffffff [ 19.339882] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.339983] page dumped because: kasan: bad access detected [ 19.340042] [ 19.340110] Memory state around the buggy address: [ 19.340269] fff00000c78b7f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.340322] fff00000c78b7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.340537] >fff00000c78b8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.340648] ^ [ 19.340818] fff00000c78b8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.340904] fff00000c78b8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.341116] ================================================================== [ 19.317549] ================================================================== [ 19.317890] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.317978] Free of addr fff00000c5a52501 by task kunit_try_catch/241 [ 19.318177] [ 19.318247] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.318513] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.318707] Hardware name: linux,dummy-virt (DT) [ 19.318930] Call trace: [ 19.318985] show_stack+0x20/0x38 (C) [ 19.319048] dump_stack_lvl+0x8c/0xd0 [ 19.319243] print_report+0x118/0x608 [ 19.319417] kasan_report_invalid_free+0xc0/0xe8 [ 19.319481] check_slab_allocation+0xfc/0x108 [ 19.319555] __kasan_mempool_poison_object+0x78/0x150 [ 19.319619] mempool_free+0x28c/0x328 [ 19.319678] mempool_kmalloc_invalid_free_helper+0x118/0x2a8 [ 19.319737] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.319797] kunit_try_run_case+0x170/0x3f0 [ 19.319851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.319907] kthread+0x328/0x630 [ 19.319955] ret_from_fork+0x10/0x20 [ 19.320009] [ 19.320034] Allocated by task 241: [ 19.320069] kasan_save_stack+0x3c/0x68 [ 19.320128] kasan_save_track+0x20/0x40 [ 19.320169] kasan_save_alloc_info+0x40/0x58 [ 19.320224] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.320286] remove_element+0x130/0x1f8 [ 19.320325] mempool_alloc_preallocated+0x58/0xc0 [ 19.320368] mempool_kmalloc_invalid_free_helper+0x94/0x2a8 [ 19.320422] mempool_kmalloc_invalid_free+0xc0/0x118 [ 19.320475] kunit_try_run_case+0x170/0x3f0 [ 19.320517] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.320564] kthread+0x328/0x630 [ 19.320599] ret_from_fork+0x10/0x20 [ 19.320638] [ 19.320659] The buggy address belongs to the object at fff00000c5a52500 [ 19.320659] which belongs to the cache kmalloc-128 of size 128 [ 19.320724] The buggy address is located 1 bytes inside of [ 19.320724] 128-byte region [fff00000c5a52500, fff00000c5a52580) [ 19.320788] [ 19.320822] The buggy address belongs to the physical page: [ 19.320869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a52 [ 19.320958] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.321014] page_type: f5(slab) [ 19.321064] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.321832] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.321908] page dumped because: kasan: bad access detected [ 19.321961] [ 19.322005] Memory state around the buggy address: [ 19.322065] fff00000c5a52400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.322290] fff00000c5a52480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.322586] >fff00000c5a52500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.322657] ^ [ 19.322887] fff00000c5a52580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.323144] fff00000c5a52600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.323255] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 19.297503] ================================================================== [ 19.297572] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 19.298143] Free of addr fff00000c789c000 by task kunit_try_catch/239 [ 19.298225] [ 19.298268] CPU: 1 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.298361] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.298395] Hardware name: linux,dummy-virt (DT) [ 19.298639] Call trace: [ 19.298897] show_stack+0x20/0x38 (C) [ 19.299022] dump_stack_lvl+0x8c/0xd0 [ 19.299188] print_report+0x118/0x608 [ 19.299613] kasan_report_invalid_free+0xc0/0xe8 [ 19.299757] __kasan_mempool_poison_pages+0xe0/0xe8 [ 19.299916] mempool_free+0x24c/0x328 [ 19.300161] mempool_double_free_helper+0x150/0x2e8 [ 19.300252] mempool_page_alloc_double_free+0xbc/0x118 [ 19.300442] kunit_try_run_case+0x170/0x3f0 [ 19.300727] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.300891] kthread+0x328/0x630 [ 19.301114] ret_from_fork+0x10/0x20 [ 19.301184] [ 19.301207] The buggy address belongs to the physical page: [ 19.301626] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10789c [ 19.301708] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.301787] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.302139] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.302306] page dumped because: kasan: bad access detected [ 19.302481] [ 19.302560] Memory state around the buggy address: [ 19.302648] fff00000c789bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.302700] fff00000c789bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.303154] >fff00000c789c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.303254] ^ [ 19.303417] fff00000c789c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.303512] fff00000c789c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.303596] ================================================================== [ 19.262099] ================================================================== [ 19.262161] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 19.262217] Free of addr fff00000c5a52100 by task kunit_try_catch/235 [ 19.262263] [ 19.262296] CPU: 1 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.262386] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.262418] Hardware name: linux,dummy-virt (DT) [ 19.262451] Call trace: [ 19.262475] show_stack+0x20/0x38 (C) [ 19.262525] dump_stack_lvl+0x8c/0xd0 [ 19.262576] print_report+0x118/0x608 [ 19.262623] kasan_report_invalid_free+0xc0/0xe8 [ 19.262675] check_slab_allocation+0xd4/0x108 [ 19.262723] __kasan_mempool_poison_object+0x78/0x150 [ 19.262796] mempool_free+0x28c/0x328 [ 19.262846] mempool_double_free_helper+0x150/0x2e8 [ 19.262898] mempool_kmalloc_double_free+0xc0/0x118 [ 19.262952] kunit_try_run_case+0x170/0x3f0 [ 19.263003] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.263057] kthread+0x328/0x630 [ 19.263110] ret_from_fork+0x10/0x20 [ 19.263889] [ 19.263933] Allocated by task 235: [ 19.263986] kasan_save_stack+0x3c/0x68 [ 19.264060] kasan_save_track+0x20/0x40 [ 19.264555] kasan_save_alloc_info+0x40/0x58 [ 19.264625] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.264679] remove_element+0x130/0x1f8 [ 19.264717] mempool_alloc_preallocated+0x58/0xc0 [ 19.264950] mempool_double_free_helper+0x94/0x2e8 [ 19.265057] mempool_kmalloc_double_free+0xc0/0x118 [ 19.265451] kunit_try_run_case+0x170/0x3f0 [ 19.265585] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.265688] kthread+0x328/0x630 [ 19.265733] ret_from_fork+0x10/0x20 [ 19.266110] [ 19.266256] Freed by task 235: [ 19.266377] kasan_save_stack+0x3c/0x68 [ 19.266529] kasan_save_track+0x20/0x40 [ 19.266704] kasan_save_free_info+0x4c/0x78 [ 19.266782] __kasan_mempool_poison_object+0xc0/0x150 [ 19.266844] mempool_free+0x28c/0x328 [ 19.267109] mempool_double_free_helper+0x100/0x2e8 [ 19.267328] mempool_kmalloc_double_free+0xc0/0x118 [ 19.267425] kunit_try_run_case+0x170/0x3f0 [ 19.267592] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.267666] kthread+0x328/0x630 [ 19.267700] ret_from_fork+0x10/0x20 [ 19.267914] [ 19.268047] The buggy address belongs to the object at fff00000c5a52100 [ 19.268047] which belongs to the cache kmalloc-128 of size 128 [ 19.268529] The buggy address is located 0 bytes inside of [ 19.268529] 128-byte region [fff00000c5a52100, fff00000c5a52180) [ 19.268708] [ 19.268746] The buggy address belongs to the physical page: [ 19.268797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a52 [ 19.268950] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.269067] page_type: f5(slab) [ 19.269137] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.269382] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.269551] page dumped because: kasan: bad access detected [ 19.269612] [ 19.269744] Memory state around the buggy address: [ 19.269802] fff00000c5a52000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.269944] fff00000c5a52080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.270050] >fff00000c5a52100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.270133] ^ [ 19.270442] fff00000c5a52180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.270533] fff00000c5a52200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.270622] ================================================================== [ 19.280205] ================================================================== [ 19.280275] BUG: KASAN: double-free in mempool_double_free_helper+0x150/0x2e8 [ 19.280334] Free of addr fff00000c789c000 by task kunit_try_catch/237 [ 19.280600] [ 19.280650] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.280916] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.280961] Hardware name: linux,dummy-virt (DT) [ 19.281348] Call trace: [ 19.281708] show_stack+0x20/0x38 (C) [ 19.281859] dump_stack_lvl+0x8c/0xd0 [ 19.282033] print_report+0x118/0x608 [ 19.282151] kasan_report_invalid_free+0xc0/0xe8 [ 19.282316] __kasan_mempool_poison_object+0x14c/0x150 [ 19.282474] mempool_free+0x28c/0x328 [ 19.282553] mempool_double_free_helper+0x150/0x2e8 [ 19.282655] mempool_kmalloc_large_double_free+0xc0/0x118 [ 19.282712] kunit_try_run_case+0x170/0x3f0 [ 19.282762] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.282817] kthread+0x328/0x630 [ 19.282860] ret_from_fork+0x10/0x20 [ 19.282911] [ 19.283251] The buggy address belongs to the physical page: [ 19.283297] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10789c [ 19.283534] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.284054] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.284256] page_type: f8(unknown) [ 19.284411] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.284575] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.284762] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.285030] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.285176] head: 0bfffe0000000002 ffffc1ffc31e2701 00000000ffffffff 00000000ffffffff [ 19.285302] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.285391] page dumped because: kasan: bad access detected [ 19.285426] [ 19.285461] Memory state around the buggy address: [ 19.285816] fff00000c789bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.285880] fff00000c789bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.285941] >fff00000c789c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.285985] ^ [ 19.286017] fff00000c789c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.286339] fff00000c789c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.286414] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 19.249274] ================================================================== [ 19.249342] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 19.249416] Read of size 1 at addr fff00000c789c000 by task kunit_try_catch/233 [ 19.249466] [ 19.249508] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.249645] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.249678] Hardware name: linux,dummy-virt (DT) [ 19.249730] Call trace: [ 19.249769] show_stack+0x20/0x38 (C) [ 19.249853] dump_stack_lvl+0x8c/0xd0 [ 19.249938] print_report+0x118/0x608 [ 19.250166] kasan_report+0xdc/0x128 [ 19.250588] __asan_report_load1_noabort+0x20/0x30 [ 19.250645] mempool_uaf_helper+0x314/0x340 [ 19.250693] mempool_page_alloc_uaf+0xc0/0x118 [ 19.250743] kunit_try_run_case+0x170/0x3f0 [ 19.250795] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.251180] kthread+0x328/0x630 [ 19.251262] ret_from_fork+0x10/0x20 [ 19.251349] [ 19.251450] The buggy address belongs to the physical page: [ 19.251484] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10789c [ 19.251577] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.251891] raw: 0bfffe0000000000 0000000000000000 dead000000000122 0000000000000000 [ 19.251998] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 19.252047] page dumped because: kasan: bad access detected [ 19.252126] [ 19.252194] Memory state around the buggy address: [ 19.252275] fff00000c789bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.252337] fff00000c789bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.252536] >fff00000c789c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.252714] ^ [ 19.252781] fff00000c789c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.252944] fff00000c789c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.253072] ================================================================== [ 19.170544] ================================================================== [ 19.170610] BUG: KASAN: use-after-free in mempool_uaf_helper+0x314/0x340 [ 19.170668] Read of size 1 at addr fff00000c789c000 by task kunit_try_catch/229 [ 19.170865] [ 19.170922] CPU: 1 UID: 0 PID: 229 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.171031] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.171066] Hardware name: linux,dummy-virt (DT) [ 19.171109] Call trace: [ 19.171135] show_stack+0x20/0x38 (C) [ 19.171189] dump_stack_lvl+0x8c/0xd0 [ 19.171239] print_report+0x118/0x608 [ 19.171286] kasan_report+0xdc/0x128 [ 19.171332] __asan_report_load1_noabort+0x20/0x30 [ 19.171408] mempool_uaf_helper+0x314/0x340 [ 19.171457] mempool_kmalloc_large_uaf+0xc4/0x120 [ 19.171508] kunit_try_run_case+0x170/0x3f0 [ 19.171577] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.171634] kthread+0x328/0x630 [ 19.171976] ret_from_fork+0x10/0x20 [ 19.172238] [ 19.172373] The buggy address belongs to the physical page: [ 19.172450] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10789c [ 19.172600] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.172655] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.172722] page_type: f8(unknown) [ 19.172763] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.172958] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.173032] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.173305] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.173439] head: 0bfffe0000000002 ffffc1ffc31e2701 00000000ffffffff 00000000ffffffff [ 19.173493] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.173581] page dumped because: kasan: bad access detected [ 19.173832] [ 19.173891] Memory state around the buggy address: [ 19.174021] fff00000c789bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174128] fff00000c789bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174280] >fff00000c789c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174380] ^ [ 19.174534] fff00000c789c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174611] fff00000c789c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 19.174660] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 19.154223] ================================================================== [ 19.154300] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 19.154374] Read of size 1 at addr fff00000c5a4ad00 by task kunit_try_catch/227 [ 19.154429] [ 19.154470] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.154561] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.154593] Hardware name: linux,dummy-virt (DT) [ 19.154626] Call trace: [ 19.154652] show_stack+0x20/0x38 (C) [ 19.154703] dump_stack_lvl+0x8c/0xd0 [ 19.154755] print_report+0x118/0x608 [ 19.154802] kasan_report+0xdc/0x128 [ 19.154848] __asan_report_load1_noabort+0x20/0x30 [ 19.155619] mempool_uaf_helper+0x314/0x340 [ 19.156900] mempool_kmalloc_uaf+0xc4/0x120 [ 19.157359] kunit_try_run_case+0x170/0x3f0 [ 19.157632] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.157711] kthread+0x328/0x630 [ 19.157758] ret_from_fork+0x10/0x20 [ 19.157817] [ 19.157836] Allocated by task 227: [ 19.157867] kasan_save_stack+0x3c/0x68 [ 19.157911] kasan_save_track+0x20/0x40 [ 19.158075] kasan_save_alloc_info+0x40/0x58 [ 19.158216] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.158319] remove_element+0x130/0x1f8 [ 19.158485] mempool_alloc_preallocated+0x58/0xc0 [ 19.158545] mempool_uaf_helper+0xa4/0x340 [ 19.158630] mempool_kmalloc_uaf+0xc4/0x120 [ 19.158673] kunit_try_run_case+0x170/0x3f0 [ 19.158829] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.158927] kthread+0x328/0x630 [ 19.159074] ret_from_fork+0x10/0x20 [ 19.159122] [ 19.159157] Freed by task 227: [ 19.159409] kasan_save_stack+0x3c/0x68 [ 19.159493] kasan_save_track+0x20/0x40 [ 19.159561] kasan_save_free_info+0x4c/0x78 [ 19.159678] __kasan_mempool_poison_object+0xc0/0x150 [ 19.159781] mempool_free+0x28c/0x328 [ 19.159934] mempool_uaf_helper+0x104/0x340 [ 19.160008] mempool_kmalloc_uaf+0xc4/0x120 [ 19.160116] kunit_try_run_case+0x170/0x3f0 [ 19.160157] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.160211] kthread+0x328/0x630 [ 19.160245] ret_from_fork+0x10/0x20 [ 19.160282] [ 19.160301] The buggy address belongs to the object at fff00000c5a4ad00 [ 19.160301] which belongs to the cache kmalloc-128 of size 128 [ 19.160381] The buggy address is located 0 bytes inside of [ 19.160381] freed 128-byte region [fff00000c5a4ad00, fff00000c5a4ad80) [ 19.160452] [ 19.160479] The buggy address belongs to the physical page: [ 19.160528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a4a [ 19.160592] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.160646] page_type: f5(slab) [ 19.160688] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.160740] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.160782] page dumped because: kasan: bad access detected [ 19.160813] [ 19.160832] Memory state around the buggy address: [ 19.160864] fff00000c5a4ac00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.160917] fff00000c5a4ac80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.160960] >fff00000c5a4ad00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.161006] ^ [ 19.161034] fff00000c5a4ad80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.161076] fff00000c5a4ae00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.161125] ================================================================== [ 19.184677] ================================================================== [ 19.184789] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x314/0x340 [ 19.184858] Read of size 1 at addr fff00000c6c1d240 by task kunit_try_catch/231 [ 19.184917] [ 19.185158] CPU: 1 UID: 0 PID: 231 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.185261] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.185324] Hardware name: linux,dummy-virt (DT) [ 19.185360] Call trace: [ 19.185442] show_stack+0x20/0x38 (C) [ 19.185538] dump_stack_lvl+0x8c/0xd0 [ 19.186009] print_report+0x118/0x608 [ 19.186159] kasan_report+0xdc/0x128 [ 19.186211] __asan_report_load1_noabort+0x20/0x30 [ 19.186380] mempool_uaf_helper+0x314/0x340 [ 19.186452] mempool_slab_uaf+0xc0/0x118 [ 19.186639] kunit_try_run_case+0x170/0x3f0 [ 19.186745] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.186869] kthread+0x328/0x630 [ 19.186976] ret_from_fork+0x10/0x20 [ 19.187078] [ 19.187296] Allocated by task 231: [ 19.187422] kasan_save_stack+0x3c/0x68 [ 19.187543] kasan_save_track+0x20/0x40 [ 19.187691] kasan_save_alloc_info+0x40/0x58 [ 19.187749] __kasan_mempool_unpoison_object+0xbc/0x180 [ 19.188144] remove_element+0x16c/0x1f8 [ 19.188252] mempool_alloc_preallocated+0x58/0xc0 [ 19.188329] mempool_uaf_helper+0xa4/0x340 [ 19.188617] mempool_slab_uaf+0xc0/0x118 [ 19.188765] kunit_try_run_case+0x170/0x3f0 [ 19.188883] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.189039] kthread+0x328/0x630 [ 19.189110] ret_from_fork+0x10/0x20 [ 19.189357] [ 19.189477] Freed by task 231: [ 19.189645] kasan_save_stack+0x3c/0x68 [ 19.189763] kasan_save_track+0x20/0x40 [ 19.189902] kasan_save_free_info+0x4c/0x78 [ 19.189978] __kasan_mempool_poison_object+0xc0/0x150 [ 19.190019] mempool_free+0x28c/0x328 [ 19.190306] mempool_uaf_helper+0x104/0x340 [ 19.190380] mempool_slab_uaf+0xc0/0x118 [ 19.190521] kunit_try_run_case+0x170/0x3f0 [ 19.190601] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.190652] kthread+0x328/0x630 [ 19.190908] ret_from_fork+0x10/0x20 [ 19.191021] [ 19.191132] The buggy address belongs to the object at fff00000c6c1d240 [ 19.191132] which belongs to the cache test_cache of size 123 [ 19.191586] The buggy address is located 0 bytes inside of [ 19.191586] freed 123-byte region [fff00000c6c1d240, fff00000c6c1d2bb) [ 19.191687] [ 19.191824] The buggy address belongs to the physical page: [ 19.191919] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c1d [ 19.192069] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.192139] page_type: f5(slab) [ 19.192180] raw: 0bfffe0000000000 fff00000c582bdc0 dead000000000122 0000000000000000 [ 19.192418] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 19.192594] page dumped because: kasan: bad access detected [ 19.192702] [ 19.192864] Memory state around the buggy address: [ 19.192961] fff00000c6c1d100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 19.193233] fff00000c6c1d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.193287] >fff00000c6c1d200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 19.193376] ^ [ 19.193580] fff00000c6c1d280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 19.193680] fff00000c6c1d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.193819] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 19.076698] ================================================================== [ 19.076771] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.076844] Read of size 1 at addr fff00000c5a4a973 by task kunit_try_catch/221 [ 19.076896] [ 19.076938] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.077029] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.077062] Hardware name: linux,dummy-virt (DT) [ 19.077109] Call trace: [ 19.077134] show_stack+0x20/0x38 (C) [ 19.077188] dump_stack_lvl+0x8c/0xd0 [ 19.077242] print_report+0x118/0x608 [ 19.077291] kasan_report+0xdc/0x128 [ 19.077338] __asan_report_load1_noabort+0x20/0x30 [ 19.077391] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.077442] mempool_kmalloc_oob_right+0xc4/0x120 [ 19.077492] kunit_try_run_case+0x170/0x3f0 [ 19.077543] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.077596] kthread+0x328/0x630 [ 19.077660] ret_from_fork+0x10/0x20 [ 19.077723] [ 19.077750] Allocated by task 221: [ 19.077781] kasan_save_stack+0x3c/0x68 [ 19.077824] kasan_save_track+0x20/0x40 [ 19.077864] kasan_save_alloc_info+0x40/0x58 [ 19.077905] __kasan_mempool_unpoison_object+0x11c/0x180 [ 19.077950] remove_element+0x130/0x1f8 [ 19.077989] mempool_alloc_preallocated+0x58/0xc0 [ 19.078029] mempool_oob_right_helper+0x98/0x2f0 [ 19.078068] mempool_kmalloc_oob_right+0xc4/0x120 [ 19.078120] kunit_try_run_case+0x170/0x3f0 [ 19.078160] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.078204] kthread+0x328/0x630 [ 19.078237] ret_from_fork+0x10/0x20 [ 19.078274] [ 19.078295] The buggy address belongs to the object at fff00000c5a4a900 [ 19.078295] which belongs to the cache kmalloc-128 of size 128 [ 19.078355] The buggy address is located 0 bytes to the right of [ 19.078355] allocated 115-byte region [fff00000c5a4a900, fff00000c5a4a973) [ 19.078418] [ 19.078439] The buggy address belongs to the physical page: [ 19.078474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105a4a [ 19.078531] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.078585] page_type: f5(slab) [ 19.078628] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 19.078679] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.078722] page dumped because: kasan: bad access detected [ 19.078753] [ 19.078771] Memory state around the buggy address: [ 19.078803] fff00000c5a4a800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.078847] fff00000c5a4a880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.078891] >fff00000c5a4a900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.078929] ^ [ 19.078970] fff00000c5a4a980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.079014] fff00000c5a4aa00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.079056] ================================================================== [ 19.111444] ================================================================== [ 19.112024] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.112809] Read of size 1 at addr fff00000c6c192bb by task kunit_try_catch/225 [ 19.112982] [ 19.113291] CPU: 1 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.113568] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.113608] Hardware name: linux,dummy-virt (DT) [ 19.113639] Call trace: [ 19.113664] show_stack+0x20/0x38 (C) [ 19.113719] dump_stack_lvl+0x8c/0xd0 [ 19.113773] print_report+0x118/0x608 [ 19.113822] kasan_report+0xdc/0x128 [ 19.113871] __asan_report_load1_noabort+0x20/0x30 [ 19.113923] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.113972] mempool_slab_oob_right+0xc0/0x118 [ 19.114021] kunit_try_run_case+0x170/0x3f0 [ 19.114069] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.114134] kthread+0x328/0x630 [ 19.114181] ret_from_fork+0x10/0x20 [ 19.114231] [ 19.114249] Allocated by task 225: [ 19.114279] kasan_save_stack+0x3c/0x68 [ 19.114320] kasan_save_track+0x20/0x40 [ 19.114359] kasan_save_alloc_info+0x40/0x58 [ 19.114398] __kasan_mempool_unpoison_object+0xbc/0x180 [ 19.114443] remove_element+0x16c/0x1f8 [ 19.114479] mempool_alloc_preallocated+0x58/0xc0 [ 19.114518] mempool_oob_right_helper+0x98/0x2f0 [ 19.114556] mempool_slab_oob_right+0xc0/0x118 [ 19.114598] kunit_try_run_case+0x170/0x3f0 [ 19.114635] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.114681] kthread+0x328/0x630 [ 19.114713] ret_from_fork+0x10/0x20 [ 19.115326] [ 19.115365] The buggy address belongs to the object at fff00000c6c19240 [ 19.115365] which belongs to the cache test_cache of size 123 [ 19.115444] The buggy address is located 0 bytes to the right of [ 19.115444] allocated 123-byte region [fff00000c6c19240, fff00000c6c192bb) [ 19.115575] [ 19.115596] The buggy address belongs to the physical page: [ 19.115631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106c19 [ 19.115688] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 19.115741] page_type: f5(slab) [ 19.115905] raw: 0bfffe0000000000 fff00000c582bc80 dead000000000122 0000000000000000 [ 19.116268] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 19.117205] page dumped because: kasan: bad access detected [ 19.117656] [ 19.117675] Memory state around the buggy address: [ 19.118132] fff00000c6c19180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.118236] fff00000c6c19200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 19.118391] >fff00000c6c19280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 19.118857] ^ [ 19.118924] fff00000c6c19300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.119322] fff00000c6c19380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.119378] ================================================================== [ 19.090976] ================================================================== [ 19.091500] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x2ac/0x2f0 [ 19.091681] Read of size 1 at addr fff00000c7742001 by task kunit_try_catch/223 [ 19.092107] [ 19.092350] CPU: 1 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 19.092455] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 19.092484] Hardware name: linux,dummy-virt (DT) [ 19.092670] Call trace: [ 19.092700] show_stack+0x20/0x38 (C) [ 19.092928] dump_stack_lvl+0x8c/0xd0 [ 19.093005] print_report+0x118/0x608 [ 19.093204] kasan_report+0xdc/0x128 [ 19.093250] __asan_report_load1_noabort+0x20/0x30 [ 19.093304] mempool_oob_right_helper+0x2ac/0x2f0 [ 19.093352] mempool_kmalloc_large_oob_right+0xc4/0x120 [ 19.093682] kunit_try_run_case+0x170/0x3f0 [ 19.093765] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 19.093828] kthread+0x328/0x630 [ 19.093890] ret_from_fork+0x10/0x20 [ 19.093943] [ 19.094442] The buggy address belongs to the physical page: [ 19.094479] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107740 [ 19.094856] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 19.094967] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 19.095389] page_type: f8(unknown) [ 19.095461] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.095790] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.095856] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 19.096280] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 19.096645] head: 0bfffe0000000002 ffffc1ffc31dd001 00000000ffffffff 00000000ffffffff [ 19.096851] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 19.097072] page dumped because: kasan: bad access detected [ 19.097305] [ 19.097324] Memory state around the buggy address: [ 19.097600] fff00000c7741f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.097649] fff00000c7741f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.097691] >fff00000c7742000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.097901] ^ [ 19.097937] fff00000c7742080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.098262] fff00000c7742100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 19.098315] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 18.524814] ================================================================== [ 18.524903] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x174/0x300 [ 18.524981] Read of size 1 at addr fff00000c582b8c0 by task kunit_try_catch/215 [ 18.525034] [ 18.525076] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 18.525184] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 18.525213] Hardware name: linux,dummy-virt (DT) [ 18.525248] Call trace: [ 18.525274] show_stack+0x20/0x38 (C) [ 18.525328] dump_stack_lvl+0x8c/0xd0 [ 18.525380] print_report+0x118/0x608 [ 18.525429] kasan_report+0xdc/0x128 [ 18.525475] __kasan_check_byte+0x54/0x70 [ 18.525524] kmem_cache_destroy+0x34/0x218 [ 18.525573] kmem_cache_double_destroy+0x174/0x300 [ 18.525653] kunit_try_run_case+0x170/0x3f0 [ 18.525703] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.525757] kthread+0x328/0x630 [ 18.525803] ret_from_fork+0x10/0x20 [ 18.525857] [ 18.525877] Allocated by task 215: [ 18.525907] kasan_save_stack+0x3c/0x68 [ 18.525950] kasan_save_track+0x20/0x40 [ 18.525989] kasan_save_alloc_info+0x40/0x58 [ 18.526031] __kasan_slab_alloc+0xa8/0xb0 [ 18.526068] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.526121] __kmem_cache_create_args+0x178/0x280 [ 18.526161] kmem_cache_double_destroy+0xc0/0x300 [ 18.526202] kunit_try_run_case+0x170/0x3f0 [ 18.526240] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.526286] kthread+0x328/0x630 [ 18.526320] ret_from_fork+0x10/0x20 [ 18.526359] [ 18.526376] Freed by task 215: [ 18.526404] kasan_save_stack+0x3c/0x68 [ 18.526443] kasan_save_track+0x20/0x40 [ 18.526482] kasan_save_free_info+0x4c/0x78 [ 18.526523] __kasan_slab_free+0x6c/0x98 [ 18.526566] kmem_cache_free+0x260/0x468 [ 18.526604] slab_kmem_cache_release+0x38/0x50 [ 18.526643] kmem_cache_release+0x1c/0x30 [ 18.526681] kobject_put+0x17c/0x420 [ 18.526718] sysfs_slab_release+0x1c/0x30 [ 18.526757] kmem_cache_destroy+0x118/0x218 [ 18.526795] kmem_cache_double_destroy+0x128/0x300 [ 18.526836] kunit_try_run_case+0x170/0x3f0 [ 18.526873] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.526916] kthread+0x328/0x630 [ 18.526952] ret_from_fork+0x10/0x20 [ 18.526987] [ 18.527007] The buggy address belongs to the object at fff00000c582b8c0 [ 18.527007] which belongs to the cache kmem_cache of size 208 [ 18.527066] The buggy address is located 0 bytes inside of [ 18.527066] freed 208-byte region [fff00000c582b8c0, fff00000c582b990) [ 18.527138] [ 18.527159] The buggy address belongs to the physical page: [ 18.527192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10582b [ 18.527249] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.527301] page_type: f5(slab) [ 18.527345] raw: 0bfffe0000000000 fff00000c0001000 dead000000000122 0000000000000000 [ 18.527396] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 18.527438] page dumped because: kasan: bad access detected [ 18.527469] [ 18.527486] Memory state around the buggy address: [ 18.527520] fff00000c582b780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.527564] fff00000c582b800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 18.527607] >fff00000c582b880: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 18.527647] ^ [ 18.527682] fff00000c582b900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.527725] fff00000c582b980: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.527764] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 18.446020] ================================================================== [ 18.446158] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x388/0x468 [ 18.446244] Read of size 1 at addr fff00000c779e000 by task kunit_try_catch/213 [ 18.446301] [ 18.446347] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 18.446442] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 18.446472] Hardware name: linux,dummy-virt (DT) [ 18.446508] Call trace: [ 18.446532] show_stack+0x20/0x38 (C) [ 18.446589] dump_stack_lvl+0x8c/0xd0 [ 18.446642] print_report+0x118/0x608 [ 18.446693] kasan_report+0xdc/0x128 [ 18.446739] __asan_report_load1_noabort+0x20/0x30 [ 18.446792] kmem_cache_rcu_uaf+0x388/0x468 [ 18.446841] kunit_try_run_case+0x170/0x3f0 [ 18.446892] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.446947] kthread+0x328/0x630 [ 18.446993] ret_from_fork+0x10/0x20 [ 18.447045] [ 18.447063] Allocated by task 213: [ 18.447104] kasan_save_stack+0x3c/0x68 [ 18.447147] kasan_save_track+0x20/0x40 [ 18.447186] kasan_save_alloc_info+0x40/0x58 [ 18.447227] __kasan_slab_alloc+0xa8/0xb0 [ 18.447264] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.447307] kmem_cache_rcu_uaf+0x12c/0x468 [ 18.447346] kunit_try_run_case+0x170/0x3f0 [ 18.447384] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.447429] kthread+0x328/0x630 [ 18.447462] ret_from_fork+0x10/0x20 [ 18.447500] [ 18.447521] Freed by task 0: [ 18.447550] kasan_save_stack+0x3c/0x68 [ 18.447586] kasan_save_track+0x20/0x40 [ 18.447624] kasan_save_free_info+0x4c/0x78 [ 18.447664] __kasan_slab_free+0x6c/0x98 [ 18.447702] slab_free_after_rcu_debug+0xd4/0x2f8 [ 18.447743] rcu_core+0x9f4/0x1e20 [ 18.447780] rcu_core_si+0x18/0x30 [ 18.447816] handle_softirqs+0x374/0xb28 [ 18.447855] __do_softirq+0x1c/0x28 [ 18.447890] [ 18.447909] Last potentially related work creation: [ 18.447937] kasan_save_stack+0x3c/0x68 [ 18.447976] kasan_record_aux_stack+0xb4/0xc8 [ 18.448018] kmem_cache_free+0x120/0x468 [ 18.448061] kmem_cache_rcu_uaf+0x16c/0x468 [ 18.448111] kunit_try_run_case+0x170/0x3f0 [ 18.448150] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.448195] kthread+0x328/0x630 [ 18.448229] ret_from_fork+0x10/0x20 [ 18.448265] [ 18.448284] The buggy address belongs to the object at fff00000c779e000 [ 18.448284] which belongs to the cache test_cache of size 200 [ 18.448345] The buggy address is located 0 bytes inside of [ 18.448345] freed 200-byte region [fff00000c779e000, fff00000c779e0c8) [ 18.448409] [ 18.448431] The buggy address belongs to the physical page: [ 18.448464] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10779e [ 18.448525] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.448579] page_type: f5(slab) [ 18.448629] raw: 0bfffe0000000000 fff00000c582b780 dead000000000122 0000000000000000 [ 18.448685] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.448730] page dumped because: kasan: bad access detected [ 18.448760] [ 18.448777] Memory state around the buggy address: [ 18.448813] fff00000c779df00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.448860] fff00000c779df80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.448907] >fff00000c779e000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.448947] ^ [ 18.448976] fff00000c779e080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 18.449021] fff00000c779e100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.449062] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 18.292504] ================================================================== [ 18.292598] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x184/0x3c8 [ 18.292667] Free of addr fff00000c7752001 by task kunit_try_catch/211 [ 18.292710] [ 18.292749] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 18.292839] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 18.292974] Hardware name: linux,dummy-virt (DT) [ 18.293156] Call trace: [ 18.293271] show_stack+0x20/0x38 (C) [ 18.293487] dump_stack_lvl+0x8c/0xd0 [ 18.293550] print_report+0x118/0x608 [ 18.293749] kasan_report_invalid_free+0xc0/0xe8 [ 18.293999] check_slab_allocation+0xfc/0x108 [ 18.294048] __kasan_slab_pre_free+0x2c/0x48 [ 18.294113] kmem_cache_free+0xf0/0x468 [ 18.294228] kmem_cache_invalid_free+0x184/0x3c8 [ 18.294411] kunit_try_run_case+0x170/0x3f0 [ 18.294645] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.294707] kthread+0x328/0x630 [ 18.294790] ret_from_fork+0x10/0x20 [ 18.294842] [ 18.294861] Allocated by task 211: [ 18.294889] kasan_save_stack+0x3c/0x68 [ 18.294930] kasan_save_track+0x20/0x40 [ 18.294969] kasan_save_alloc_info+0x40/0x58 [ 18.295009] __kasan_slab_alloc+0xa8/0xb0 [ 18.295056] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.295817] kmem_cache_invalid_free+0x12c/0x3c8 [ 18.295926] kunit_try_run_case+0x170/0x3f0 [ 18.295967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.296011] kthread+0x328/0x630 [ 18.296048] ret_from_fork+0x10/0x20 [ 18.296094] [ 18.296113] The buggy address belongs to the object at fff00000c7752000 [ 18.296113] which belongs to the cache test_cache of size 200 [ 18.296173] The buggy address is located 1 bytes inside of [ 18.296173] 200-byte region [fff00000c7752000, fff00000c77520c8) [ 18.296234] [ 18.296253] The buggy address belongs to the physical page: [ 18.296287] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107752 [ 18.296344] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.296394] page_type: f5(slab) [ 18.296439] raw: 0bfffe0000000000 fff00000c1ba2500 dead000000000122 0000000000000000 [ 18.296581] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.296748] page dumped because: kasan: bad access detected [ 18.296814] [ 18.296837] Memory state around the buggy address: [ 18.296878] fff00000c7751f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.297106] fff00000c7751f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.297151] >fff00000c7752000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.297208] ^ [ 18.297237] fff00000c7752080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 18.297280] fff00000c7752100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.297319] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 18.253896] ================================================================== [ 18.254159] BUG: KASAN: double-free in kmem_cache_double_free+0x190/0x3c8 [ 18.254443] Free of addr fff00000c778d000 by task kunit_try_catch/209 [ 18.254619] [ 18.254986] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 18.255346] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 18.255430] Hardware name: linux,dummy-virt (DT) [ 18.255564] Call trace: [ 18.255695] show_stack+0x20/0x38 (C) [ 18.255854] dump_stack_lvl+0x8c/0xd0 [ 18.255924] print_report+0x118/0x608 [ 18.256284] kasan_report_invalid_free+0xc0/0xe8 [ 18.256385] check_slab_allocation+0xd4/0x108 [ 18.256523] __kasan_slab_pre_free+0x2c/0x48 [ 18.256621] kmem_cache_free+0xf0/0x468 [ 18.256799] kmem_cache_double_free+0x190/0x3c8 [ 18.256854] kunit_try_run_case+0x170/0x3f0 [ 18.257296] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.257456] kthread+0x328/0x630 [ 18.257676] ret_from_fork+0x10/0x20 [ 18.257814] [ 18.257834] Allocated by task 209: [ 18.257868] kasan_save_stack+0x3c/0x68 [ 18.257912] kasan_save_track+0x20/0x40 [ 18.258839] kasan_save_alloc_info+0x40/0x58 [ 18.258993] __kasan_slab_alloc+0xa8/0xb0 [ 18.259134] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.259666] kmem_cache_double_free+0x12c/0x3c8 [ 18.259804] kunit_try_run_case+0x170/0x3f0 [ 18.259877] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.260074] kthread+0x328/0x630 [ 18.260281] ret_from_fork+0x10/0x20 [ 18.260339] [ 18.260579] Freed by task 209: [ 18.260741] kasan_save_stack+0x3c/0x68 [ 18.260825] kasan_save_track+0x20/0x40 [ 18.260980] kasan_save_free_info+0x4c/0x78 [ 18.261150] __kasan_slab_free+0x6c/0x98 [ 18.261219] kmem_cache_free+0x260/0x468 [ 18.261285] kmem_cache_double_free+0x140/0x3c8 [ 18.261539] kunit_try_run_case+0x170/0x3f0 [ 18.261659] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.261832] kthread+0x328/0x630 [ 18.262145] ret_from_fork+0x10/0x20 [ 18.262398] [ 18.262551] The buggy address belongs to the object at fff00000c778d000 [ 18.262551] which belongs to the cache test_cache of size 200 [ 18.263065] The buggy address is located 0 bytes inside of [ 18.263065] 200-byte region [fff00000c778d000, fff00000c778d0c8) [ 18.263481] [ 18.263548] The buggy address belongs to the physical page: [ 18.263609] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10778d [ 18.263690] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.263987] page_type: f5(slab) [ 18.264212] raw: 0bfffe0000000000 fff00000c1ba23c0 dead000000000122 0000000000000000 [ 18.264498] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.264616] page dumped because: kasan: bad access detected [ 18.264723] [ 18.264744] Memory state around the buggy address: [ 18.264778] fff00000c778cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.264985] fff00000c778cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.265107] >fff00000c778d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.265208] ^ [ 18.265296] fff00000c778d080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 18.265578] fff00000c778d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.266171] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 18.008065] ================================================================== [ 18.008167] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x344/0x430 [ 18.008229] Read of size 1 at addr fff00000c77910c8 by task kunit_try_catch/207 [ 18.008281] [ 18.008350] CPU: 0 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 18.008490] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 18.008522] Hardware name: linux,dummy-virt (DT) [ 18.008561] Call trace: [ 18.008618] show_stack+0x20/0x38 (C) [ 18.008669] dump_stack_lvl+0x8c/0xd0 [ 18.008738] print_report+0x118/0x608 [ 18.008789] kasan_report+0xdc/0x128 [ 18.008903] __asan_report_load1_noabort+0x20/0x30 [ 18.008957] kmem_cache_oob+0x344/0x430 [ 18.009048] kunit_try_run_case+0x170/0x3f0 [ 18.009417] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.009489] kthread+0x328/0x630 [ 18.009570] ret_from_fork+0x10/0x20 [ 18.009758] [ 18.009799] Allocated by task 207: [ 18.009861] kasan_save_stack+0x3c/0x68 [ 18.010038] kasan_save_track+0x20/0x40 [ 18.010131] kasan_save_alloc_info+0x40/0x58 [ 18.010240] __kasan_slab_alloc+0xa8/0xb0 [ 18.010300] kmem_cache_alloc_noprof+0x10c/0x398 [ 18.010342] kmem_cache_oob+0x12c/0x430 [ 18.010729] kunit_try_run_case+0x170/0x3f0 [ 18.010882] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 18.011094] kthread+0x328/0x630 [ 18.011142] ret_from_fork+0x10/0x20 [ 18.011276] [ 18.011367] The buggy address belongs to the object at fff00000c7791000 [ 18.011367] which belongs to the cache test_cache of size 200 [ 18.011510] The buggy address is located 0 bytes to the right of [ 18.011510] allocated 200-byte region [fff00000c7791000, fff00000c77910c8) [ 18.011597] [ 18.011618] The buggy address belongs to the physical page: [ 18.011695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107791 [ 18.011985] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 18.012157] page_type: f5(slab) [ 18.012376] raw: 0bfffe0000000000 fff00000c1ba2280 dead000000000122 0000000000000000 [ 18.012626] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 18.012697] page dumped because: kasan: bad access detected [ 18.012740] [ 18.012865] Memory state around the buggy address: [ 18.012899] fff00000c7790f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 18.012976] fff00000c7791000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 18.013442] >fff00000c7791080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 18.013788] ^ [ 18.014068] fff00000c7791100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.014184] fff00000c7791180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.014226] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 17.980905] ================================================================== [ 17.981068] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x480/0x4a8 [ 17.981146] Read of size 8 at addr fff00000c6558fc0 by task kunit_try_catch/200 [ 17.981219] [ 17.981266] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.981358] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.981388] Hardware name: linux,dummy-virt (DT) [ 17.981422] Call trace: [ 17.981445] show_stack+0x20/0x38 (C) [ 17.981503] dump_stack_lvl+0x8c/0xd0 [ 17.981554] print_report+0x118/0x608 [ 17.981631] kasan_report+0xdc/0x128 [ 17.981697] __asan_report_load8_noabort+0x20/0x30 [ 17.981748] workqueue_uaf+0x480/0x4a8 [ 17.982034] kunit_try_run_case+0x170/0x3f0 [ 17.982213] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.982348] kthread+0x328/0x630 [ 17.982393] ret_from_fork+0x10/0x20 [ 17.982442] [ 17.982461] Allocated by task 200: [ 17.982489] kasan_save_stack+0x3c/0x68 [ 17.982556] kasan_save_track+0x20/0x40 [ 17.982594] kasan_save_alloc_info+0x40/0x58 [ 17.982635] __kasan_kmalloc+0xd4/0xd8 [ 17.982802] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.982895] workqueue_uaf+0x13c/0x4a8 [ 17.982933] kunit_try_run_case+0x170/0x3f0 [ 17.983185] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.983347] kthread+0x328/0x630 [ 17.983488] ret_from_fork+0x10/0x20 [ 17.983588] [ 17.983607] Freed by task 10: [ 17.983649] kasan_save_stack+0x3c/0x68 [ 17.984056] kasan_save_track+0x20/0x40 [ 17.984220] kasan_save_free_info+0x4c/0x78 [ 17.984332] __kasan_slab_free+0x6c/0x98 [ 17.984372] kfree+0x214/0x3c8 [ 17.984805] workqueue_uaf_work+0x18/0x30 [ 17.984914] process_one_work+0x530/0xf98 [ 17.985041] worker_thread+0x618/0xf38 [ 17.985124] kthread+0x328/0x630 [ 17.985156] ret_from_fork+0x10/0x20 [ 17.985194] [ 17.985214] Last potentially related work creation: [ 17.985239] kasan_save_stack+0x3c/0x68 [ 17.985297] kasan_record_aux_stack+0xb4/0xc8 [ 17.985900] __queue_work+0x65c/0x1008 [ 17.985957] queue_work_on+0xbc/0xf8 [ 17.985995] workqueue_uaf+0x210/0x4a8 [ 17.986032] kunit_try_run_case+0x170/0x3f0 [ 17.986071] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.986126] kthread+0x328/0x630 [ 17.986426] ret_from_fork+0x10/0x20 [ 17.986568] [ 17.986671] The buggy address belongs to the object at fff00000c6558fc0 [ 17.986671] which belongs to the cache kmalloc-32 of size 32 [ 17.986808] The buggy address is located 0 bytes inside of [ 17.986808] freed 32-byte region [fff00000c6558fc0, fff00000c6558fe0) [ 17.986889] [ 17.986915] The buggy address belongs to the physical page: [ 17.986947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106558 [ 17.987018] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.987079] page_type: f5(slab) [ 17.987149] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 17.987201] raw: 0000000000000000 0000000000400040 00000000f5000000 0000000000000000 [ 17.987252] page dumped because: kasan: bad access detected [ 17.987284] [ 17.987303] Memory state around the buggy address: [ 17.987335] fff00000c6558e80: 00 00 00 fc fc fc fc fc 00 00 03 fc fc fc fc fc [ 17.987378] fff00000c6558f00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 17.987421] >fff00000c6558f80: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 17.987472] ^ [ 17.987507] fff00000c6559000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.987567] fff00000c6559080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.987606] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 17.959528] ================================================================== [ 17.959670] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x64/0x70 [ 17.959743] Read of size 4 at addr fff00000c6558dc0 by task swapper/0/0 [ 17.959794] [ 17.959836] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.959926] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.959955] Hardware name: linux,dummy-virt (DT) [ 17.959988] Call trace: [ 17.960012] show_stack+0x20/0x38 (C) [ 17.960071] dump_stack_lvl+0x8c/0xd0 [ 17.960462] print_report+0x118/0x608 [ 17.960516] kasan_report+0xdc/0x128 [ 17.960677] __asan_report_load4_noabort+0x20/0x30 [ 17.960731] rcu_uaf_reclaim+0x64/0x70 [ 17.960775] rcu_core+0x9f4/0x1e20 [ 17.960827] rcu_core_si+0x18/0x30 [ 17.960912] handle_softirqs+0x374/0xb28 [ 17.960964] __do_softirq+0x1c/0x28 [ 17.961009] ____do_softirq+0x18/0x30 [ 17.961122] call_on_irq_stack+0x24/0x30 [ 17.961238] do_softirq_own_stack+0x24/0x38 [ 17.961294] __irq_exit_rcu+0x1fc/0x318 [ 17.961340] irq_exit_rcu+0x1c/0x80 [ 17.961690] el1_interrupt+0x38/0x58 [ 17.961778] el1h_64_irq_handler+0x18/0x28 [ 17.962013] el1h_64_irq+0x6c/0x70 [ 17.962376] arch_local_irq_enable+0x4/0x8 (P) [ 17.962578] do_idle+0x384/0x4e8 [ 17.962638] cpu_startup_entry+0x64/0x80 [ 17.962685] rest_init+0x160/0x188 [ 17.962753] start_kernel+0x30c/0x3d0 [ 17.962806] __primary_switched+0x8c/0xa0 [ 17.962858] [ 17.962878] Allocated by task 198: [ 17.962908] kasan_save_stack+0x3c/0x68 [ 17.963126] kasan_save_track+0x20/0x40 [ 17.963299] kasan_save_alloc_info+0x40/0x58 [ 17.963423] __kasan_kmalloc+0xd4/0xd8 [ 17.963617] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.963670] rcu_uaf+0xb0/0x2d8 [ 17.963705] kunit_try_run_case+0x170/0x3f0 [ 17.964029] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.964132] kthread+0x328/0x630 [ 17.964302] ret_from_fork+0x10/0x20 [ 17.964516] [ 17.964651] Freed by task 0: [ 17.964732] kasan_save_stack+0x3c/0x68 [ 17.964915] kasan_save_track+0x20/0x40 [ 17.964997] kasan_save_free_info+0x4c/0x78 [ 17.965036] __kasan_slab_free+0x6c/0x98 [ 17.965254] kfree+0x214/0x3c8 [ 17.965428] rcu_uaf_reclaim+0x28/0x70 [ 17.965538] rcu_core+0x9f4/0x1e20 [ 17.965627] rcu_core_si+0x18/0x30 [ 17.965663] handle_softirqs+0x374/0xb28 [ 17.965800] __do_softirq+0x1c/0x28 [ 17.966001] [ 17.966056] Last potentially related work creation: [ 17.966110] kasan_save_stack+0x3c/0x68 [ 17.966156] kasan_record_aux_stack+0xb4/0xc8 [ 17.966198] __call_rcu_common.constprop.0+0x74/0x8c8 [ 17.966255] call_rcu+0x18/0x30 [ 17.966291] rcu_uaf+0x14c/0x2d8 [ 17.966324] kunit_try_run_case+0x170/0x3f0 [ 17.966366] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.966435] kthread+0x328/0x630 [ 17.966484] ret_from_fork+0x10/0x20 [ 17.966522] [ 17.966565] The buggy address belongs to the object at fff00000c6558dc0 [ 17.966565] which belongs to the cache kmalloc-32 of size 32 [ 17.966645] The buggy address is located 0 bytes inside of [ 17.966645] freed 32-byte region [fff00000c6558dc0, fff00000c6558de0) [ 17.966707] [ 17.966730] The buggy address belongs to the physical page: [ 17.966763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x106558 [ 17.966826] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.966888] page_type: f5(slab) [ 17.966939] raw: 0bfffe0000000000 fff00000c0001780 dead000000000122 0000000000000000 [ 17.966991] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 17.967033] page dumped because: kasan: bad access detected [ 17.967064] [ 17.967519] Memory state around the buggy address: [ 17.967753] fff00000c6558c80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 17.967939] fff00000c6558d00: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 17.968093] >fff00000c6558d80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 17.968135] ^ [ 17.968191] fff00000c6558e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.968241] fff00000c6558e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.968458] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 17.823520] ================================================================== [ 17.823570] BUG: KASAN: slab-use-after-free in ksize_uaf+0x598/0x5f8 [ 17.823618] Read of size 1 at addr fff00000c7767900 by task kunit_try_catch/196 [ 17.823669] [ 17.823697] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.823786] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.823815] Hardware name: linux,dummy-virt (DT) [ 17.823843] Call trace: [ 17.823866] show_stack+0x20/0x38 (C) [ 17.824220] dump_stack_lvl+0x8c/0xd0 [ 17.824650] print_report+0x118/0x608 [ 17.824710] kasan_report+0xdc/0x128 [ 17.824757] __asan_report_load1_noabort+0x20/0x30 [ 17.824810] ksize_uaf+0x598/0x5f8 [ 17.825181] kunit_try_run_case+0x170/0x3f0 [ 17.825245] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.825300] kthread+0x328/0x630 [ 17.825343] ret_from_fork+0x10/0x20 [ 17.825391] [ 17.825409] Allocated by task 196: [ 17.825444] kasan_save_stack+0x3c/0x68 [ 17.825617] kasan_save_track+0x20/0x40 [ 17.825656] kasan_save_alloc_info+0x40/0x58 [ 17.825818] __kasan_kmalloc+0xd4/0xd8 [ 17.825862] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.826249] ksize_uaf+0xb8/0x5f8 [ 17.826621] kunit_try_run_case+0x170/0x3f0 [ 17.826736] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.826781] kthread+0x328/0x630 [ 17.826815] ret_from_fork+0x10/0x20 [ 17.826851] [ 17.826901] Freed by task 196: [ 17.826929] kasan_save_stack+0x3c/0x68 [ 17.826967] kasan_save_track+0x20/0x40 [ 17.827005] kasan_save_free_info+0x4c/0x78 [ 17.827045] __kasan_slab_free+0x6c/0x98 [ 17.827093] kfree+0x214/0x3c8 [ 17.827127] ksize_uaf+0x11c/0x5f8 [ 17.827163] kunit_try_run_case+0x170/0x3f0 [ 17.827200] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.827244] kthread+0x328/0x630 [ 17.827277] ret_from_fork+0x10/0x20 [ 17.827312] [ 17.827332] The buggy address belongs to the object at fff00000c7767900 [ 17.827332] which belongs to the cache kmalloc-128 of size 128 [ 17.827958] The buggy address is located 0 bytes inside of [ 17.827958] freed 128-byte region [fff00000c7767900, fff00000c7767980) [ 17.828034] [ 17.828054] The buggy address belongs to the physical page: [ 17.828095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.828159] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.828212] page_type: f5(slab) [ 17.828250] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.828476] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.828590] page dumped because: kasan: bad access detected [ 17.828623] [ 17.828641] Memory state around the buggy address: [ 17.828675] fff00000c7767800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.828869] fff00000c7767880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.828914] >fff00000c7767900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.829000] ^ [ 17.829064] fff00000c7767980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.829182] fff00000c7767a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.829233] ================================================================== [ 17.830201] ================================================================== [ 17.830319] BUG: KASAN: slab-use-after-free in ksize_uaf+0x544/0x5f8 [ 17.830433] Read of size 1 at addr fff00000c7767978 by task kunit_try_catch/196 [ 17.830482] [ 17.830511] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.830668] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.830704] Hardware name: linux,dummy-virt (DT) [ 17.830844] Call trace: [ 17.830869] show_stack+0x20/0x38 (C) [ 17.830919] dump_stack_lvl+0x8c/0xd0 [ 17.830969] print_report+0x118/0x608 [ 17.831015] kasan_report+0xdc/0x128 [ 17.831062] __asan_report_load1_noabort+0x20/0x30 [ 17.831136] ksize_uaf+0x544/0x5f8 [ 17.831182] kunit_try_run_case+0x170/0x3f0 [ 17.831228] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.831542] kthread+0x328/0x630 [ 17.831585] ret_from_fork+0x10/0x20 [ 17.831634] [ 17.831662] Allocated by task 196: [ 17.831689] kasan_save_stack+0x3c/0x68 [ 17.831730] kasan_save_track+0x20/0x40 [ 17.831767] kasan_save_alloc_info+0x40/0x58 [ 17.832041] __kasan_kmalloc+0xd4/0xd8 [ 17.832171] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.832212] ksize_uaf+0xb8/0x5f8 [ 17.832257] kunit_try_run_case+0x170/0x3f0 [ 17.832434] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.832492] kthread+0x328/0x630 [ 17.832524] ret_from_fork+0x10/0x20 [ 17.832560] [ 17.832579] Freed by task 196: [ 17.832605] kasan_save_stack+0x3c/0x68 [ 17.832644] kasan_save_track+0x20/0x40 [ 17.832681] kasan_save_free_info+0x4c/0x78 [ 17.832722] __kasan_slab_free+0x6c/0x98 [ 17.832760] kfree+0x214/0x3c8 [ 17.832792] ksize_uaf+0x11c/0x5f8 [ 17.832828] kunit_try_run_case+0x170/0x3f0 [ 17.832980] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.833262] kthread+0x328/0x630 [ 17.833335] ret_from_fork+0x10/0x20 [ 17.833430] [ 17.833533] The buggy address belongs to the object at fff00000c7767900 [ 17.833533] which belongs to the cache kmalloc-128 of size 128 [ 17.833599] The buggy address is located 120 bytes inside of [ 17.833599] freed 128-byte region [fff00000c7767900, fff00000c7767980) [ 17.833662] [ 17.833714] The buggy address belongs to the physical page: [ 17.833746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.833798] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.833847] page_type: f5(slab) [ 17.833885] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.833938] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.834440] page dumped because: kasan: bad access detected [ 17.834474] [ 17.834492] Memory state around the buggy address: [ 17.834604] fff00000c7767800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.834651] fff00000c7767880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.834710] >fff00000c7767900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.834844] ^ [ 17.834983] fff00000c7767980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.835105] fff00000c7767a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.835144] ================================================================== [ 17.818334] ================================================================== [ 17.818400] BUG: KASAN: slab-use-after-free in ksize_uaf+0x168/0x5f8 [ 17.818459] Read of size 1 at addr fff00000c7767900 by task kunit_try_catch/196 [ 17.818512] [ 17.818591] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.818843] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.818976] Hardware name: linux,dummy-virt (DT) [ 17.819009] Call trace: [ 17.819032] show_stack+0x20/0x38 (C) [ 17.819094] dump_stack_lvl+0x8c/0xd0 [ 17.819144] print_report+0x118/0x608 [ 17.819192] kasan_report+0xdc/0x128 [ 17.819239] __kasan_check_byte+0x54/0x70 [ 17.819297] ksize+0x30/0x88 [ 17.819342] ksize_uaf+0x168/0x5f8 [ 17.819385] kunit_try_run_case+0x170/0x3f0 [ 17.819432] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.819485] kthread+0x328/0x630 [ 17.819526] ret_from_fork+0x10/0x20 [ 17.819795] [ 17.819823] Allocated by task 196: [ 17.819966] kasan_save_stack+0x3c/0x68 [ 17.820009] kasan_save_track+0x20/0x40 [ 17.820061] kasan_save_alloc_info+0x40/0x58 [ 17.820192] __kasan_kmalloc+0xd4/0xd8 [ 17.820238] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.820303] ksize_uaf+0xb8/0x5f8 [ 17.820338] kunit_try_run_case+0x170/0x3f0 [ 17.820377] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.820422] kthread+0x328/0x630 [ 17.820454] ret_from_fork+0x10/0x20 [ 17.820491] [ 17.820509] Freed by task 196: [ 17.820536] kasan_save_stack+0x3c/0x68 [ 17.820574] kasan_save_track+0x20/0x40 [ 17.820612] kasan_save_free_info+0x4c/0x78 [ 17.820718] __kasan_slab_free+0x6c/0x98 [ 17.820759] kfree+0x214/0x3c8 [ 17.820825] ksize_uaf+0x11c/0x5f8 [ 17.820867] kunit_try_run_case+0x170/0x3f0 [ 17.820967] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.821014] kthread+0x328/0x630 [ 17.821048] ret_from_fork+0x10/0x20 [ 17.821100] [ 17.821194] The buggy address belongs to the object at fff00000c7767900 [ 17.821194] which belongs to the cache kmalloc-128 of size 128 [ 17.821486] The buggy address is located 0 bytes inside of [ 17.821486] freed 128-byte region [fff00000c7767900, fff00000c7767980) [ 17.821671] [ 17.821691] The buggy address belongs to the physical page: [ 17.821722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.821777] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.821828] page_type: f5(slab) [ 17.821866] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.821918] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.822008] page dumped because: kasan: bad access detected [ 17.822040] [ 17.822059] Memory state around the buggy address: [ 17.822447] fff00000c7767800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.822493] fff00000c7767880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.822603] >fff00000c7767900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.822743] ^ [ 17.822815] fff00000c7767980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.822888] fff00000c7767a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.822928] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 17.805504] ================================================================== [ 17.805642] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x618/0x740 [ 17.805691] Read of size 1 at addr fff00000c7767878 by task kunit_try_catch/194 [ 17.805742] [ 17.805770] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.805855] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.805884] Hardware name: linux,dummy-virt (DT) [ 17.805913] Call trace: [ 17.805935] show_stack+0x20/0x38 (C) [ 17.805983] dump_stack_lvl+0x8c/0xd0 [ 17.806049] print_report+0x118/0x608 [ 17.806120] kasan_report+0xdc/0x128 [ 17.806288] __asan_report_load1_noabort+0x20/0x30 [ 17.806393] ksize_unpoisons_memory+0x618/0x740 [ 17.806504] kunit_try_run_case+0x170/0x3f0 [ 17.806571] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.806680] kthread+0x328/0x630 [ 17.806722] ret_from_fork+0x10/0x20 [ 17.806771] [ 17.806788] Allocated by task 194: [ 17.806814] kasan_save_stack+0x3c/0x68 [ 17.806855] kasan_save_track+0x20/0x40 [ 17.806894] kasan_save_alloc_info+0x40/0x58 [ 17.806933] __kasan_kmalloc+0xd4/0xd8 [ 17.807041] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.807107] ksize_unpoisons_memory+0xc0/0x740 [ 17.807146] kunit_try_run_case+0x170/0x3f0 [ 17.807186] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.807229] kthread+0x328/0x630 [ 17.807265] ret_from_fork+0x10/0x20 [ 17.807300] [ 17.807318] The buggy address belongs to the object at fff00000c7767800 [ 17.807318] which belongs to the cache kmalloc-128 of size 128 [ 17.807375] The buggy address is located 5 bytes to the right of [ 17.807375] allocated 115-byte region [fff00000c7767800, fff00000c7767873) [ 17.807533] [ 17.807627] The buggy address belongs to the physical page: [ 17.807735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.807787] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.807836] page_type: f5(slab) [ 17.807873] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.808008] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.808121] page dumped because: kasan: bad access detected [ 17.808152] [ 17.808170] Memory state around the buggy address: [ 17.808201] fff00000c7767700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.808246] fff00000c7767780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.808288] >fff00000c7767800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.808328] ^ [ 17.808369] fff00000c7767880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.808452] fff00000c7767900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.808493] ================================================================== [ 17.801848] ================================================================== [ 17.801909] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x628/0x740 [ 17.801966] Read of size 1 at addr fff00000c7767873 by task kunit_try_catch/194 [ 17.802108] [ 17.802153] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.802241] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.802272] Hardware name: linux,dummy-virt (DT) [ 17.802313] Call trace: [ 17.802362] show_stack+0x20/0x38 (C) [ 17.802414] dump_stack_lvl+0x8c/0xd0 [ 17.802485] print_report+0x118/0x608 [ 17.802533] kasan_report+0xdc/0x128 [ 17.802580] __asan_report_load1_noabort+0x20/0x30 [ 17.802633] ksize_unpoisons_memory+0x628/0x740 [ 17.802683] kunit_try_run_case+0x170/0x3f0 [ 17.802733] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.802796] kthread+0x328/0x630 [ 17.802941] ret_from_fork+0x10/0x20 [ 17.802992] [ 17.803012] Allocated by task 194: [ 17.803041] kasan_save_stack+0x3c/0x68 [ 17.803081] kasan_save_track+0x20/0x40 [ 17.803130] kasan_save_alloc_info+0x40/0x58 [ 17.803169] __kasan_kmalloc+0xd4/0xd8 [ 17.803206] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.803254] ksize_unpoisons_memory+0xc0/0x740 [ 17.803294] kunit_try_run_case+0x170/0x3f0 [ 17.803333] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.803376] kthread+0x328/0x630 [ 17.803408] ret_from_fork+0x10/0x20 [ 17.803445] [ 17.803463] The buggy address belongs to the object at fff00000c7767800 [ 17.803463] which belongs to the cache kmalloc-128 of size 128 [ 17.803673] The buggy address is located 0 bytes to the right of [ 17.803673] allocated 115-byte region [fff00000c7767800, fff00000c7767873) [ 17.803753] [ 17.803822] The buggy address belongs to the physical page: [ 17.803854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.803911] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.803962] page_type: f5(slab) [ 17.804003] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.804066] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.804265] page dumped because: kasan: bad access detected [ 17.804308] [ 17.804397] Memory state around the buggy address: [ 17.804431] fff00000c7767700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.804475] fff00000c7767780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.804526] >fff00000c7767800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.804718] ^ [ 17.804764] fff00000c7767880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.804920] fff00000c7767900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.804977] ================================================================== [ 17.809441] ================================================================== [ 17.809508] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x690/0x740 [ 17.809560] Read of size 1 at addr fff00000c776787f by task kunit_try_catch/194 [ 17.809639] [ 17.809670] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.809755] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.809841] Hardware name: linux,dummy-virt (DT) [ 17.809878] Call trace: [ 17.809991] show_stack+0x20/0x38 (C) [ 17.810043] dump_stack_lvl+0x8c/0xd0 [ 17.810175] print_report+0x118/0x608 [ 17.810225] kasan_report+0xdc/0x128 [ 17.810271] __asan_report_load1_noabort+0x20/0x30 [ 17.810332] ksize_unpoisons_memory+0x690/0x740 [ 17.810380] kunit_try_run_case+0x170/0x3f0 [ 17.810476] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.810532] kthread+0x328/0x630 [ 17.810576] ret_from_fork+0x10/0x20 [ 17.810624] [ 17.810671] Allocated by task 194: [ 17.810699] kasan_save_stack+0x3c/0x68 [ 17.810759] kasan_save_track+0x20/0x40 [ 17.810967] kasan_save_alloc_info+0x40/0x58 [ 17.811008] __kasan_kmalloc+0xd4/0xd8 [ 17.811047] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.811095] ksize_unpoisons_memory+0xc0/0x740 [ 17.811134] kunit_try_run_case+0x170/0x3f0 [ 17.811171] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.811215] kthread+0x328/0x630 [ 17.811246] ret_from_fork+0x10/0x20 [ 17.811283] [ 17.811300] The buggy address belongs to the object at fff00000c7767800 [ 17.811300] which belongs to the cache kmalloc-128 of size 128 [ 17.811360] The buggy address is located 12 bytes to the right of [ 17.811360] allocated 115-byte region [fff00000c7767800, fff00000c7767873) [ 17.811425] [ 17.811455] The buggy address belongs to the physical page: [ 17.811484] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.811536] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.811583] page_type: f5(slab) [ 17.811619] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.811672] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.811713] page dumped because: kasan: bad access detected [ 17.811758] [ 17.811819] Memory state around the buggy address: [ 17.811987] fff00000c7767700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.812040] fff00000c7767780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.812094] >fff00000c7767800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 17.812133] ^ [ 17.812185] fff00000c7767880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.812423] fff00000c7767900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.812465] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 17.791698] ================================================================== [ 17.791767] BUG: KASAN: double-free in kfree_sensitive+0x3c/0xb0 [ 17.791817] Free of addr fff00000c3f1d7a0 by task kunit_try_catch/192 [ 17.791861] [ 17.791891] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.791978] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.792008] Hardware name: linux,dummy-virt (DT) [ 17.792046] Call trace: [ 17.792067] show_stack+0x20/0x38 (C) [ 17.792137] dump_stack_lvl+0x8c/0xd0 [ 17.792322] print_report+0x118/0x608 [ 17.792377] kasan_report_invalid_free+0xc0/0xe8 [ 17.792441] check_slab_allocation+0xd4/0x108 [ 17.792489] __kasan_slab_pre_free+0x2c/0x48 [ 17.792536] kfree+0xe8/0x3c8 [ 17.792582] kfree_sensitive+0x3c/0xb0 [ 17.792626] kmalloc_double_kzfree+0x168/0x308 [ 17.792674] kunit_try_run_case+0x170/0x3f0 [ 17.792862] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.792921] kthread+0x328/0x630 [ 17.793010] ret_from_fork+0x10/0x20 [ 17.793144] [ 17.793245] Allocated by task 192: [ 17.793272] kasan_save_stack+0x3c/0x68 [ 17.793314] kasan_save_track+0x20/0x40 [ 17.793351] kasan_save_alloc_info+0x40/0x58 [ 17.793392] __kasan_kmalloc+0xd4/0xd8 [ 17.793436] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.793660] kmalloc_double_kzfree+0xb8/0x308 [ 17.793704] kunit_try_run_case+0x170/0x3f0 [ 17.793742] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.793786] kthread+0x328/0x630 [ 17.793820] ret_from_fork+0x10/0x20 [ 17.793855] [ 17.793873] Freed by task 192: [ 17.793900] kasan_save_stack+0x3c/0x68 [ 17.793936] kasan_save_track+0x20/0x40 [ 17.793974] kasan_save_free_info+0x4c/0x78 [ 17.794013] __kasan_slab_free+0x6c/0x98 [ 17.794052] kfree+0x214/0x3c8 [ 17.794105] kfree_sensitive+0x80/0xb0 [ 17.794162] kmalloc_double_kzfree+0x11c/0x308 [ 17.794200] kunit_try_run_case+0x170/0x3f0 [ 17.794261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.794307] kthread+0x328/0x630 [ 17.794339] ret_from_fork+0x10/0x20 [ 17.794374] [ 17.794394] The buggy address belongs to the object at fff00000c3f1d7a0 [ 17.794394] which belongs to the cache kmalloc-16 of size 16 [ 17.794452] The buggy address is located 0 bytes inside of [ 17.794452] 16-byte region [fff00000c3f1d7a0, fff00000c3f1d7b0) [ 17.794513] [ 17.794533] The buggy address belongs to the physical page: [ 17.794565] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f1d [ 17.794619] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.794747] page_type: f5(slab) [ 17.794836] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.794921] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.795051] page dumped because: kasan: bad access detected [ 17.795094] [ 17.795113] Memory state around the buggy address: [ 17.795147] fff00000c3f1d680: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.795191] fff00000c3f1d700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.795235] >fff00000c3f1d780: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 17.795274] ^ [ 17.795305] fff00000c3f1d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.795348] fff00000c3f1d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.795503] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 17.786411] ================================================================== [ 17.786480] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x168/0x308 [ 17.786547] Read of size 1 at addr fff00000c3f1d7a0 by task kunit_try_catch/192 [ 17.786613] [ 17.786653] CPU: 0 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.786745] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.786776] Hardware name: linux,dummy-virt (DT) [ 17.786810] Call trace: [ 17.786834] show_stack+0x20/0x38 (C) [ 17.786972] dump_stack_lvl+0x8c/0xd0 [ 17.787123] print_report+0x118/0x608 [ 17.787173] kasan_report+0xdc/0x128 [ 17.787219] __kasan_check_byte+0x54/0x70 [ 17.787268] kfree_sensitive+0x30/0xb0 [ 17.787328] kmalloc_double_kzfree+0x168/0x308 [ 17.787377] kunit_try_run_case+0x170/0x3f0 [ 17.787426] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.787481] kthread+0x328/0x630 [ 17.787523] ret_from_fork+0x10/0x20 [ 17.787661] [ 17.787680] Allocated by task 192: [ 17.787843] kasan_save_stack+0x3c/0x68 [ 17.787887] kasan_save_track+0x20/0x40 [ 17.787926] kasan_save_alloc_info+0x40/0x58 [ 17.787975] __kasan_kmalloc+0xd4/0xd8 [ 17.788012] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.788061] kmalloc_double_kzfree+0xb8/0x308 [ 17.788111] kunit_try_run_case+0x170/0x3f0 [ 17.788149] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.788193] kthread+0x328/0x630 [ 17.788250] ret_from_fork+0x10/0x20 [ 17.788438] [ 17.788478] Freed by task 192: [ 17.788543] kasan_save_stack+0x3c/0x68 [ 17.788590] kasan_save_track+0x20/0x40 [ 17.788650] kasan_save_free_info+0x4c/0x78 [ 17.788729] __kasan_slab_free+0x6c/0x98 [ 17.788886] kfree+0x214/0x3c8 [ 17.788971] kfree_sensitive+0x80/0xb0 [ 17.789010] kmalloc_double_kzfree+0x11c/0x308 [ 17.789104] kunit_try_run_case+0x170/0x3f0 [ 17.789141] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.789185] kthread+0x328/0x630 [ 17.789217] ret_from_fork+0x10/0x20 [ 17.789254] [ 17.789272] The buggy address belongs to the object at fff00000c3f1d7a0 [ 17.789272] which belongs to the cache kmalloc-16 of size 16 [ 17.789333] The buggy address is located 0 bytes inside of [ 17.789333] freed 16-byte region [fff00000c3f1d7a0, fff00000c3f1d7b0) [ 17.789394] [ 17.789413] The buggy address belongs to the physical page: [ 17.789445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f1d [ 17.789501] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.789563] page_type: f5(slab) [ 17.789807] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.789859] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.789902] page dumped because: kasan: bad access detected [ 17.789932] [ 17.789949] Memory state around the buggy address: [ 17.789985] fff00000c3f1d680: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.790029] fff00000c3f1d700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.790108] >fff00000c3f1d780: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 17.790148] ^ [ 17.790180] fff00000c3f1d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.790221] fff00000c3f1d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.790262] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 17.763141] ================================================================== [ 17.763202] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x3f4/0x468 [ 17.763257] Read of size 1 at addr fff00000c7708da8 by task kunit_try_catch/188 [ 17.763757] [ 17.764322] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.764636] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.764686] Hardware name: linux,dummy-virt (DT) [ 17.764717] Call trace: [ 17.764740] show_stack+0x20/0x38 (C) [ 17.764792] dump_stack_lvl+0x8c/0xd0 [ 17.764842] print_report+0x118/0x608 [ 17.764897] kasan_report+0xdc/0x128 [ 17.764950] __asan_report_load1_noabort+0x20/0x30 [ 17.765118] kmalloc_uaf2+0x3f4/0x468 [ 17.765164] kunit_try_run_case+0x170/0x3f0 [ 17.765213] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.765878] kthread+0x328/0x630 [ 17.766141] ret_from_fork+0x10/0x20 [ 17.766195] [ 17.766238] Allocated by task 188: [ 17.766270] kasan_save_stack+0x3c/0x68 [ 17.766314] kasan_save_track+0x20/0x40 [ 17.766630] kasan_save_alloc_info+0x40/0x58 [ 17.766745] __kasan_kmalloc+0xd4/0xd8 [ 17.766847] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.766888] kmalloc_uaf2+0xc4/0x468 [ 17.766925] kunit_try_run_case+0x170/0x3f0 [ 17.766964] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.767018] kthread+0x328/0x630 [ 17.767064] ret_from_fork+0x10/0x20 [ 17.767161] [ 17.767227] Freed by task 188: [ 17.767371] kasan_save_stack+0x3c/0x68 [ 17.767445] kasan_save_track+0x20/0x40 [ 17.767580] kasan_save_free_info+0x4c/0x78 [ 17.767740] __kasan_slab_free+0x6c/0x98 [ 17.767791] kfree+0x214/0x3c8 [ 17.767825] kmalloc_uaf2+0x134/0x468 [ 17.767879] kunit_try_run_case+0x170/0x3f0 [ 17.768096] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.768145] kthread+0x328/0x630 [ 17.768179] ret_from_fork+0x10/0x20 [ 17.768217] [ 17.768235] The buggy address belongs to the object at fff00000c7708d80 [ 17.768235] which belongs to the cache kmalloc-64 of size 64 [ 17.768298] The buggy address is located 40 bytes inside of [ 17.768298] freed 64-byte region [fff00000c7708d80, fff00000c7708dc0) [ 17.768629] [ 17.768759] The buggy address belongs to the physical page: [ 17.768855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107708 [ 17.768927] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.769016] page_type: f5(slab) [ 17.769078] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 17.769231] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.769275] page dumped because: kasan: bad access detected [ 17.769306] [ 17.769323] Memory state around the buggy address: [ 17.769359] fff00000c7708c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.769480] fff00000c7708d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.769643] >fff00000c7708d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.769856] ^ [ 17.769933] fff00000c7708e00: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 17.770006] fff00000c7708e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.770050] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 17.749194] ================================================================== [ 17.749257] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x170/0x310 [ 17.749640] Write of size 33 at addr fff00000c7708c00 by task kunit_try_catch/186 [ 17.749702] [ 17.749934] CPU: 0 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.750030] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.750061] Hardware name: linux,dummy-virt (DT) [ 17.750105] Call trace: [ 17.750128] show_stack+0x20/0x38 (C) [ 17.750964] dump_stack_lvl+0x8c/0xd0 [ 17.751112] print_report+0x118/0x608 [ 17.751212] kasan_report+0xdc/0x128 [ 17.751260] kasan_check_range+0x100/0x1a8 [ 17.751501] __asan_memset+0x34/0x78 [ 17.751644] kmalloc_uaf_memset+0x170/0x310 [ 17.751694] kunit_try_run_case+0x170/0x3f0 [ 17.751903] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.752248] kthread+0x328/0x630 [ 17.752302] ret_from_fork+0x10/0x20 [ 17.752353] [ 17.752408] Allocated by task 186: [ 17.752484] kasan_save_stack+0x3c/0x68 [ 17.752556] kasan_save_track+0x20/0x40 [ 17.752595] kasan_save_alloc_info+0x40/0x58 [ 17.752704] __kasan_kmalloc+0xd4/0xd8 [ 17.752761] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.752907] kmalloc_uaf_memset+0xb8/0x310 [ 17.752990] kunit_try_run_case+0x170/0x3f0 [ 17.753030] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.753133] kthread+0x328/0x630 [ 17.753187] ret_from_fork+0x10/0x20 [ 17.753329] [ 17.753393] Freed by task 186: [ 17.753421] kasan_save_stack+0x3c/0x68 [ 17.753458] kasan_save_track+0x20/0x40 [ 17.753495] kasan_save_free_info+0x4c/0x78 [ 17.753536] __kasan_slab_free+0x6c/0x98 [ 17.753574] kfree+0x214/0x3c8 [ 17.753654] kmalloc_uaf_memset+0x11c/0x310 [ 17.753691] kunit_try_run_case+0x170/0x3f0 [ 17.753731] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.753775] kthread+0x328/0x630 [ 17.753807] ret_from_fork+0x10/0x20 [ 17.754108] [ 17.754129] The buggy address belongs to the object at fff00000c7708c00 [ 17.754129] which belongs to the cache kmalloc-64 of size 64 [ 17.754192] The buggy address is located 0 bytes inside of [ 17.754192] freed 64-byte region [fff00000c7708c00, fff00000c7708c40) [ 17.754254] [ 17.754762] The buggy address belongs to the physical page: [ 17.754812] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107708 [ 17.754872] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.754924] page_type: f5(slab) [ 17.754965] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 17.755017] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.755061] page dumped because: kasan: bad access detected [ 17.755104] [ 17.755123] Memory state around the buggy address: [ 17.755156] fff00000c7708b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.755214] fff00000c7708b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.755258] >fff00000c7708c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.755298] ^ [ 17.755326] fff00000c7708c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.755570] fff00000c7708d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.755764] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 17.735709] ================================================================== [ 17.735779] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x300/0x338 [ 17.735994] Read of size 1 at addr fff00000c3f1d788 by task kunit_try_catch/184 [ 17.736055] [ 17.736105] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.736196] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.736227] Hardware name: linux,dummy-virt (DT) [ 17.736275] Call trace: [ 17.736301] show_stack+0x20/0x38 (C) [ 17.736361] dump_stack_lvl+0x8c/0xd0 [ 17.736429] print_report+0x118/0x608 [ 17.736600] kasan_report+0xdc/0x128 [ 17.736676] __asan_report_load1_noabort+0x20/0x30 [ 17.736730] kmalloc_uaf+0x300/0x338 [ 17.736792] kunit_try_run_case+0x170/0x3f0 [ 17.736844] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.736919] kthread+0x328/0x630 [ 17.737228] ret_from_fork+0x10/0x20 [ 17.737515] [ 17.737534] Allocated by task 184: [ 17.737651] kasan_save_stack+0x3c/0x68 [ 17.737697] kasan_save_track+0x20/0x40 [ 17.737877] kasan_save_alloc_info+0x40/0x58 [ 17.737936] __kasan_kmalloc+0xd4/0xd8 [ 17.738074] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.738145] kmalloc_uaf+0xb8/0x338 [ 17.738179] kunit_try_run_case+0x170/0x3f0 [ 17.738236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.738873] kthread+0x328/0x630 [ 17.739169] ret_from_fork+0x10/0x20 [ 17.739487] [ 17.739557] Freed by task 184: [ 17.739637] kasan_save_stack+0x3c/0x68 [ 17.739891] kasan_save_track+0x20/0x40 [ 17.740017] kasan_save_free_info+0x4c/0x78 [ 17.740128] __kasan_slab_free+0x6c/0x98 [ 17.740387] kfree+0x214/0x3c8 [ 17.740423] kmalloc_uaf+0x11c/0x338 [ 17.740539] kunit_try_run_case+0x170/0x3f0 [ 17.740658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.741014] kthread+0x328/0x630 [ 17.741051] ret_from_fork+0x10/0x20 [ 17.741097] [ 17.741116] The buggy address belongs to the object at fff00000c3f1d780 [ 17.741116] which belongs to the cache kmalloc-16 of size 16 [ 17.741179] The buggy address is located 8 bytes inside of [ 17.741179] freed 16-byte region [fff00000c3f1d780, fff00000c3f1d790) [ 17.741240] [ 17.741259] The buggy address belongs to the physical page: [ 17.741292] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f1d [ 17.741438] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.741495] page_type: f5(slab) [ 17.741537] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 17.741641] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.741734] page dumped because: kasan: bad access detected [ 17.741768] [ 17.741786] Memory state around the buggy address: [ 17.741821] fff00000c3f1d680: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.741864] fff00000c3f1d700: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.741909] >fff00000c3f1d780: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.741951] ^ [ 17.741983] fff00000c3f1d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.742035] fff00000c3f1d880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.742077] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 17.724989] ================================================================== [ 17.725058] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x154/0x2e0 [ 17.725138] Read of size 64 at addr fff00000c7708904 by task kunit_try_catch/182 [ 17.725191] [ 17.725230] CPU: 0 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.725545] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.725769] Hardware name: linux,dummy-virt (DT) [ 17.725806] Call trace: [ 17.725832] show_stack+0x20/0x38 (C) [ 17.725924] dump_stack_lvl+0x8c/0xd0 [ 17.725978] print_report+0x118/0x608 [ 17.726026] kasan_report+0xdc/0x128 [ 17.726122] kasan_check_range+0x100/0x1a8 [ 17.726179] __asan_memmove+0x3c/0x98 [ 17.726242] kmalloc_memmove_invalid_size+0x154/0x2e0 [ 17.726294] kunit_try_run_case+0x170/0x3f0 [ 17.726782] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.726849] kthread+0x328/0x630 [ 17.726894] ret_from_fork+0x10/0x20 [ 17.726947] [ 17.726966] Allocated by task 182: [ 17.727000] kasan_save_stack+0x3c/0x68 [ 17.727044] kasan_save_track+0x20/0x40 [ 17.727098] kasan_save_alloc_info+0x40/0x58 [ 17.727140] __kasan_kmalloc+0xd4/0xd8 [ 17.727178] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.727220] kmalloc_memmove_invalid_size+0xb0/0x2e0 [ 17.727262] kunit_try_run_case+0x170/0x3f0 [ 17.727303] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.727349] kthread+0x328/0x630 [ 17.727381] ret_from_fork+0x10/0x20 [ 17.727419] [ 17.727439] The buggy address belongs to the object at fff00000c7708900 [ 17.727439] which belongs to the cache kmalloc-64 of size 64 [ 17.727499] The buggy address is located 4 bytes inside of [ 17.727499] allocated 64-byte region [fff00000c7708900, fff00000c7708940) [ 17.727563] [ 17.727582] The buggy address belongs to the physical page: [ 17.727615] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107708 [ 17.727671] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.727722] page_type: f5(slab) [ 17.727766] raw: 0bfffe0000000000 fff00000c00018c0 dead000000000122 0000000000000000 [ 17.727821] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 17.727865] page dumped because: kasan: bad access detected [ 17.727898] [ 17.727918] Memory state around the buggy address: [ 17.727951] fff00000c7708800: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 17.727996] fff00000c7708880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 17.728047] >fff00000c7708900: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 17.728094] ^ [ 17.728130] fff00000c7708980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.728173] fff00000c7708a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.728212] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 17.067630] ================================================================== [ 17.067747] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.067819] Read of size 18446744073709551614 at addr fff00000ffe70004 by task kunit_try_catch/180 [ 17.067904] [ 17.067951] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.068046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.068073] Hardware name: linux,dummy-virt (DT) [ 17.068407] Call trace: [ 17.068642] show_stack+0x20/0x38 (C) [ 17.068707] dump_stack_lvl+0x8c/0xd0 [ 17.068759] print_report+0x118/0x608 [ 17.069065] kasan_report+0xdc/0x128 [ 17.069243] kasan_check_range+0x100/0x1a8 [ 17.069318] __asan_memmove+0x3c/0x98 [ 17.069373] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.069463] kunit_try_run_case+0x170/0x3f0 [ 17.069851] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.070033] kthread+0x328/0x630 [ 17.070828] ret_from_fork+0x10/0x20 [ 17.071185] [ 17.071763] Allocated by task 2846403498: [ 17.072124] ------------[ cut here ]------------ [ 17.072380] pool index 44973 out of bounds (211) for stack id adacafae [ 17.076622] WARNING: CPU: 0 PID: 180 at lib/stackdepot.c:451 depot_fetch_stack+0x6c/0x90 [ 17.627792] Modules linked in: [ 17.629288] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.629930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.630584] Hardware name: linux,dummy-virt (DT) [ 17.631569] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 17.632394] pc : depot_fetch_stack+0x6c/0x90 [ 17.632768] lr : depot_fetch_stack+0x6c/0x90 [ 17.633628] sp : ffff800080a27a20 [ 17.633877] x29: ffff800080a27a20 x28: ffffa8ee9a94f000 x27: 1ffff00010010f60 [ 17.634639] x26: 1ffff00010010f5f x25: 0000000000000000 x24: ffffa8ee9375f5c4 [ 17.635172] x23: ffffc1ffc3ff9c00 x22: ffffa8ee982b1b28 x21: ffffa8ee982b4e38 [ 17.635631] x20: fff00000ffe70004 x19: ffff800080a27b30 x18: 000000005bc8891d [ 17.636111] x17: 0000000000000001 x16: 00000000f1f1f1f1 x15: 0000000000000007 [ 17.636594] x14: 0000000000000000 x13: 0000000000000007 x12: ffff700010144ea1 [ 17.637068] x11: 1ffff00010144ea0 x10: ffff700010144ea0 x9 : ffffa8ee930ebbbc [ 17.637591] x8 : ffff800080a27507 x7 : 0000000000000001 x6 : ffff700010144ea0 [ 17.637939] x5 : ffff800080a27500 x4 : 1ffe000018f06799 x3 : dfff800000000000 [ 17.638296] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7833cc0 [ 17.638783] Call trace: [ 17.638981] depot_fetch_stack+0x6c/0x90 (P) [ 17.639320] stack_depot_print+0x24/0x60 [ 17.639627] print_report+0x5e4/0x608 [ 17.639888] kasan_report+0xdc/0x128 [ 17.640199] kasan_check_range+0x100/0x1a8 [ 17.640492] __asan_memmove+0x3c/0x98 [ 17.640753] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.641116] kunit_try_run_case+0x170/0x3f0 [ 17.641431] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.641779] kthread+0x328/0x630 [ 17.642032] ret_from_fork+0x10/0x20 [ 17.642396] ---[ end trace 0000000000000000 ]--- [ 17.643005] ------------[ cut here ]------------ [ 17.643061] corrupt handle or use after stack_depot_put() [ 17.643168] WARNING: CPU: 0 PID: 180 at lib/stackdepot.c:723 stack_depot_print+0x54/0x60 [ 17.644040] Modules linked in: [ 17.644344] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.644864] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.645119] Hardware name: linux,dummy-virt (DT) [ 17.645360] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 17.645688] pc : stack_depot_print+0x54/0x60 [ 17.645922] lr : stack_depot_print+0x54/0x60 [ 17.646223] sp : ffff800080a27a30 [ 17.646410] x29: ffff800080a27a30 x28: ffffa8ee9a94f000 x27: 1ffff00010010f60 [ 17.646976] x26: 1ffff00010010f5f x25: 0000000000000000 x24: ffffa8ee9375f5c4 [ 17.647490] x23: ffffc1ffc3ff9c00 x22: ffffa8ee982b1b28 x21: ffffa8ee982b4e38 [ 17.647967] x20: fff00000ffe70004 x19: ffff800080a27b30 x18: 000000005bc8891d [ 17.648447] x17: 0000000000000001 x16: 00000000f1f1f1f1 x15: 00000000f3f3f3f3 [ 17.648907] x14: ffff700010144f26 x13: 1ffe000018f06799 x12: ffff751dd340a659 [ 17.649391] x11: 1ffff51dd340a658 x10: ffff751dd340a658 x9 : ffffa8ee930ebbbc [ 17.649847] x8 : ffffa8ee9a0532c3 x7 : 0000000000000001 x6 : ffff751dd340a658 [ 17.650318] x5 : ffffa8ee9a0532c0 x4 : 1ffe000018f06799 x3 : dfff800000000000 [ 17.650782] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7833cc0 [ 17.651251] Call trace: [ 17.651432] stack_depot_print+0x54/0x60 (P) [ 17.651710] print_report+0x5e4/0x608 [ 17.651959] kasan_report+0xdc/0x128 [ 17.652280] kasan_check_range+0x100/0x1a8 [ 17.652550] __asan_memmove+0x3c/0x98 [ 17.652865] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.653187] kunit_try_run_case+0x170/0x3f0 [ 17.653484] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.653831] kthread+0x328/0x630 [ 17.654069] ret_from_fork+0x10/0x20 [ 17.654351] ---[ end trace 0000000000000000 ]--- [ 17.654669] [ 17.654702] Last potentially related work creation: [ 17.654770] ------------[ cut here ]------------ [ 17.654795] pool index 43945 out of bounds (211) for stack id a9a8abaa [ 17.654897] WARNING: CPU: 0 PID: 180 at lib/stackdepot.c:451 depot_fetch_stack+0x6c/0x90 [ 17.656195] Modules linked in: [ 17.656470] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.657034] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.657350] Hardware name: linux,dummy-virt (DT) [ 17.657640] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 17.658040] pc : depot_fetch_stack+0x6c/0x90 [ 17.658325] lr : depot_fetch_stack+0x6c/0x90 [ 17.658607] sp : ffff800080a27a00 [ 17.658808] x29: ffff800080a27a00 x28: ffffa8ee9a94f000 x27: 1ffff00010010f60 [ 17.659326] x26: 1ffff00010010f5f x25: 0000000000000000 x24: ffffa8ee9375f5c4 [ 17.659799] x23: ffffc1ffc3ff9c00 x22: ffffa8ee982b1b28 x21: ffffa8ee982b4e38 [ 17.660258] x20: fff00000ffe70004 x19: fff00000ffe70040 x18: 000000005bc8891d [ 17.660706] x17: 0000000000000001 x16: 00000000f1f1f1f1 x15: 0000000000000007 [ 17.661163] x14: 0000000000000000 x13: 0000000000000007 x12: ffff751dd340a659 [ 17.661605] x11: 1ffff51dd340a658 x10: ffff751dd340a658 x9 : ffffa8ee930ebbbc [ 17.662043] x8 : ffffa8ee9a0532c3 x7 : 0000000000000001 x6 : ffff751dd340a658 [ 17.662493] x5 : ffffa8ee9a0532c0 x4 : 1ffe000018f06799 x3 : dfff800000000000 [ 17.662930] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7833cc0 [ 17.663377] Call trace: [ 17.663568] depot_fetch_stack+0x6c/0x90 (P) [ 17.663837] stack_depot_print+0x24/0x60 [ 17.664040] kasan_print_aux_stacks+0x50/0x98 [ 17.664258] print_report+0x348/0x608 [ 17.664447] kasan_report+0xdc/0x128 [ 17.664750] kasan_check_range+0x100/0x1a8 [ 17.665030] __asan_memmove+0x3c/0x98 [ 17.665336] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.665640] kunit_try_run_case+0x170/0x3f0 [ 17.665935] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.666309] kthread+0x328/0x630 [ 17.666552] ret_from_fork+0x10/0x20 [ 17.666829] ---[ end trace 0000000000000000 ]--- [ 17.667164] ------------[ cut here ]------------ [ 17.667195] corrupt handle or use after stack_depot_put() [ 17.667276] WARNING: CPU: 0 PID: 180 at lib/stackdepot.c:723 stack_depot_print+0x54/0x60 [ 17.668243] Modules linked in: [ 17.668534] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.669091] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.669333] Hardware name: linux,dummy-virt (DT) [ 17.669567] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 17.669942] pc : stack_depot_print+0x54/0x60 [ 17.670256] lr : stack_depot_print+0x54/0x60 [ 17.670465] sp : ffff800080a27a10 [ 17.670718] x29: ffff800080a27a10 x28: ffffa8ee9a94f000 x27: 1ffff00010010f60 [ 17.671179] x26: 1ffff00010010f5f x25: 0000000000000000 x24: ffffa8ee9375f5c4 [ 17.671675] x23: ffffc1ffc3ff9c00 x22: ffffa8ee982b1b28 x21: ffffa8ee982b4e38 [ 17.672142] x20: fff00000ffe70004 x19: fff00000ffe70040 x18: 000000005bc8891d [ 17.672603] x17: 0000000000000001 x16: 00000000f1f1f1f1 x15: 00000000f3f3f3f3 [ 17.673042] x14: ffff700010144f22 x13: 1ffe000018f06799 x12: ffff751dd340a659 [ 17.673487] x11: 1ffff51dd340a658 x10: ffff751dd340a658 x9 : ffffa8ee930ebbbc [ 17.673919] x8 : ffffa8ee9a0532c3 x7 : 0000000000000001 x6 : ffff751dd340a658 [ 17.674386] x5 : ffffa8ee9a0532c0 x4 : 1ffe000018f06799 x3 : dfff800000000000 [ 17.674822] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7833cc0 [ 17.675260] Call trace: [ 17.675450] stack_depot_print+0x54/0x60 (P) [ 17.675723] kasan_print_aux_stacks+0x50/0x98 [ 17.676080] print_report+0x348/0x608 [ 17.676341] kasan_report+0xdc/0x128 [ 17.676576] kasan_check_range+0x100/0x1a8 [ 17.676902] __asan_memmove+0x3c/0x98 [ 17.677185] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.677549] kunit_try_run_case+0x170/0x3f0 [ 17.677834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.678224] kthread+0x328/0x630 [ 17.678458] ret_from_fork+0x10/0x20 [ 17.678708] ---[ end trace 0000000000000000 ]--- [ 17.679019] [ 17.679100] Second to last potentially related work creation: [ 17.679138] ------------[ cut here ]------------ [ 17.679164] pool index 44973 out of bounds (211) for stack id adacafae [ 17.679265] WARNING: CPU: 0 PID: 180 at lib/stackdepot.c:451 depot_fetch_stack+0x6c/0x90 [ 17.680423] Modules linked in: [ 17.681453] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.682891] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.683131] Hardware name: linux,dummy-virt (DT) [ 17.683335] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 17.684817] pc : depot_fetch_stack+0x6c/0x90 [ 17.685502] lr : depot_fetch_stack+0x6c/0x90 [ 17.685727] sp : ffff800080a27a00 [ 17.685884] x29: ffff800080a27a00 x28: ffffa8ee9a94f000 x27: 1ffff00010010f60 [ 17.686282] x26: 1ffff00010010f5f x25: 0000000000000000 x24: ffffa8ee9375f5c4 [ 17.686633] x23: ffffc1ffc3ff9c00 x22: ffffa8ee982b1b28 x21: ffffa8ee982b4e38 [ 17.686980] x20: fff00000ffe70004 x19: fff00000ffe70040 x18: 000000005bc8891d [ 17.689666] x17: 0000000000000001 x16: 00000000f1f1f1f1 x15: 0000000000000007 [ 17.690839] x14: 0000000000000000 x13: 0000000000000007 x12: ffff751dd340a659 [ 17.692121] x11: 1ffff51dd340a658 x10: ffff751dd340a658 x9 : ffffa8ee930ebbbc [ 17.693268] x8 : ffffa8ee9a0532c3 x7 : 0000000000000001 x6 : ffff751dd340a658 [ 17.694525] x5 : ffffa8ee9a0532c0 x4 : 1ffe000018f06799 x3 : dfff800000000000 [ 17.695665] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7833cc0 [ 17.696036] Call trace: [ 17.696185] depot_fetch_stack+0x6c/0x90 (P) [ 17.696751] stack_depot_print+0x24/0x60 [ 17.697157] kasan_print_aux_stacks+0x78/0x98 [ 17.697581] print_report+0x348/0x608 [ 17.697835] kasan_report+0xdc/0x128 [ 17.698347] kasan_check_range+0x100/0x1a8 [ 17.698807] __asan_memmove+0x3c/0x98 [ 17.699195] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.699529] kunit_try_run_case+0x170/0x3f0 [ 17.699777] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.700137] kthread+0x328/0x630 [ 17.700416] ret_from_fork+0x10/0x20 [ 17.700621] ---[ end trace 0000000000000000 ]--- [ 17.700954] ------------[ cut here ]------------ [ 17.700985] corrupt handle or use after stack_depot_put() [ 17.701117] WARNING: CPU: 0 PID: 180 at lib/stackdepot.c:723 stack_depot_print+0x54/0x60 [ 17.701905] Modules linked in: [ 17.702106] CPU: 0 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B W N 6.16.0-rc5 #1 PREEMPT [ 17.702501] Tainted: [B]=BAD_PAGE, [W]=WARN, [N]=TEST [ 17.702769] Hardware name: linux,dummy-virt (DT) [ 17.703104] pstate: 624020c9 (nZCv daIF +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 17.703457] pc : stack_depot_print+0x54/0x60 [ 17.703715] lr : stack_depot_print+0x54/0x60 [ 17.704033] sp : ffff800080a27a10 [ 17.704301] x29: ffff800080a27a10 x28: ffffa8ee9a94f000 x27: 1ffff00010010f60 [ 17.704703] x26: 1ffff00010010f5f x25: 0000000000000000 x24: ffffa8ee9375f5c4 [ 17.705214] x23: ffffc1ffc3ff9c00 x22: ffffa8ee982b1b28 x21: ffffa8ee982b4e38 [ 17.705633] x20: fff00000ffe70004 x19: fff00000ffe70040 x18: 000000005bc8891d [ 17.706048] x17: 0000000000000001 x16: 00000000f1f1f1f1 x15: 00000000f3f3f3f3 [ 17.706469] x14: ffff700010144f22 x13: 1ffe000018f06799 x12: ffff751dd340a659 [ 17.706879] x11: 1ffff51dd340a658 x10: ffff751dd340a658 x9 : ffffa8ee930ebbbc [ 17.707310] x8 : ffffa8ee9a0532c3 x7 : 0000000000000001 x6 : ffff751dd340a658 [ 17.707728] x5 : ffffa8ee9a0532c0 x4 : 1ffe000018f06799 x3 : dfff800000000000 [ 17.708161] x2 : 0000000000000000 x1 : 0000000000000000 x0 : fff00000c7833cc0 [ 17.708656] Call trace: [ 17.708826] stack_depot_print+0x54/0x60 (P) [ 17.709161] kasan_print_aux_stacks+0x78/0x98 [ 17.709494] print_report+0x348/0x608 [ 17.709698] kasan_report+0xdc/0x128 [ 17.709938] kasan_check_range+0x100/0x1a8 [ 17.710193] __asan_memmove+0x3c/0x98 [ 17.710383] kmalloc_memmove_negative_size+0x154/0x2e0 [ 17.710651] kunit_try_run_case+0x170/0x3f0 [ 17.710903] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.711221] kthread+0x328/0x630 [ 17.711450] ret_from_fork+0x10/0x20 [ 17.711672] ---[ end trace 0000000000000000 ]--- [ 17.711935] [ 17.711980] The buggy address belongs to the object at fff00000ffe70000 [ 17.711980] which belongs to the cache kmalloc-64 of size 64 [ 17.712054] The buggy address is located 4 bytes inside of [ 17.712054] 64-byte region [fff00000ffe70000, fff00000ffe70040) [ 17.712129] [ 17.712151] The buggy address belongs to the physical page: [ 17.712186] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x13fe70 [ 17.712249] memcg:fff00000d9d40db9 [ 17.712282] flags: 0xbfffe0000002000(reserved|node=0|zone=2|lastcpupid=0x1ffff) [ 17.712343] page_type: f5(slab) [ 17.712420] raw: 0bfffe0000002000 fff00000c00018c0 ffffc1ffc3ff9c08 0000000000000000 [ 17.712487] raw: 0000000000000000 0000000000010000 00000001f5000000 fff00000d9d40db9 [ 17.712549] page dumped because: kasan: bad access detected [ 17.712582] [ 17.712602] Memory state around the buggy address: [ 17.712647] fff00000ffe6ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.712692] fff00000ffe6ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.712736] >fff00000ffe70000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.712777] ^ [ 17.712805] fff00000ffe70080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.712849] fff00000ffe70100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.712890] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 17.046809] ================================================================== [ 17.046970] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x150/0x2f8 [ 17.047108] Write of size 16 at addr fff00000c7767769 by task kunit_try_catch/178 [ 17.047182] [ 17.047266] CPU: 0 UID: 0 PID: 178 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.047351] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.047378] Hardware name: linux,dummy-virt (DT) [ 17.047545] Call trace: [ 17.047587] show_stack+0x20/0x38 (C) [ 17.047642] dump_stack_lvl+0x8c/0xd0 [ 17.047692] print_report+0x118/0x608 [ 17.047739] kasan_report+0xdc/0x128 [ 17.047793] kasan_check_range+0x100/0x1a8 [ 17.047841] __asan_memset+0x34/0x78 [ 17.047884] kmalloc_oob_memset_16+0x150/0x2f8 [ 17.047931] kunit_try_run_case+0x170/0x3f0 [ 17.047979] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.048036] kthread+0x328/0x630 [ 17.048078] ret_from_fork+0x10/0x20 [ 17.048138] [ 17.048156] Allocated by task 178: [ 17.048511] kasan_save_stack+0x3c/0x68 [ 17.048762] kasan_save_track+0x20/0x40 [ 17.048920] kasan_save_alloc_info+0x40/0x58 [ 17.049001] __kasan_kmalloc+0xd4/0xd8 [ 17.049047] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.049336] kmalloc_oob_memset_16+0xb0/0x2f8 [ 17.049413] kunit_try_run_case+0x170/0x3f0 [ 17.049480] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.049538] kthread+0x328/0x630 [ 17.049572] ret_from_fork+0x10/0x20 [ 17.049688] [ 17.049762] The buggy address belongs to the object at fff00000c7767700 [ 17.049762] which belongs to the cache kmalloc-128 of size 128 [ 17.049910] The buggy address is located 105 bytes inside of [ 17.049910] allocated 120-byte region [fff00000c7767700, fff00000c7767778) [ 17.050029] [ 17.050057] The buggy address belongs to the physical page: [ 17.050100] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.050175] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.051263] page_type: f5(slab) [ 17.051322] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.051373] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.051421] page dumped because: kasan: bad access detected [ 17.051451] [ 17.051469] Memory state around the buggy address: [ 17.051501] fff00000c7767600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.051544] fff00000c7767680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.051586] >fff00000c7767700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.051623] ^ [ 17.051663] fff00000c7767780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.051706] fff00000c7767800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.051744] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 17.035978] ================================================================== [ 17.036046] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x150/0x2f8 [ 17.036117] Write of size 8 at addr fff00000c7767671 by task kunit_try_catch/176 [ 17.036182] [ 17.036243] CPU: 0 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.036346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.036373] Hardware name: linux,dummy-virt (DT) [ 17.036405] Call trace: [ 17.036427] show_stack+0x20/0x38 (C) [ 17.036477] dump_stack_lvl+0x8c/0xd0 [ 17.036525] print_report+0x118/0x608 [ 17.036576] kasan_report+0xdc/0x128 [ 17.036621] kasan_check_range+0x100/0x1a8 [ 17.036796] __asan_memset+0x34/0x78 [ 17.036870] kmalloc_oob_memset_8+0x150/0x2f8 [ 17.036934] kunit_try_run_case+0x170/0x3f0 [ 17.036995] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.037049] kthread+0x328/0x630 [ 17.037103] ret_from_fork+0x10/0x20 [ 17.037152] [ 17.037170] Allocated by task 176: [ 17.037198] kasan_save_stack+0x3c/0x68 [ 17.037246] kasan_save_track+0x20/0x40 [ 17.037292] kasan_save_alloc_info+0x40/0x58 [ 17.037332] __kasan_kmalloc+0xd4/0xd8 [ 17.037369] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.037416] kmalloc_oob_memset_8+0xb0/0x2f8 [ 17.038263] kunit_try_run_case+0x170/0x3f0 [ 17.038323] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.038375] kthread+0x328/0x630 [ 17.038408] ret_from_fork+0x10/0x20 [ 17.038443] [ 17.038463] The buggy address belongs to the object at fff00000c7767600 [ 17.038463] which belongs to the cache kmalloc-128 of size 128 [ 17.038523] The buggy address is located 113 bytes inside of [ 17.038523] allocated 120-byte region [fff00000c7767600, fff00000c7767678) [ 17.038585] [ 17.038604] The buggy address belongs to the physical page: [ 17.038634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.038687] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.038736] page_type: f5(slab) [ 17.038778] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.038828] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.038868] page dumped because: kasan: bad access detected [ 17.038899] [ 17.038917] Memory state around the buggy address: [ 17.038948] fff00000c7767500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.038991] fff00000c7767580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.039033] >fff00000c7767600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.039071] ^ [ 17.039177] fff00000c7767680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.039289] fff00000c7767700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.039465] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 17.024035] ================================================================== [ 17.024112] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x150/0x300 [ 17.024167] Write of size 4 at addr fff00000c7767575 by task kunit_try_catch/174 [ 17.024267] [ 17.024304] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.024700] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.024730] Hardware name: linux,dummy-virt (DT) [ 17.025187] Call trace: [ 17.025225] show_stack+0x20/0x38 (C) [ 17.025290] dump_stack_lvl+0x8c/0xd0 [ 17.025340] print_report+0x118/0x608 [ 17.025387] kasan_report+0xdc/0x128 [ 17.025433] kasan_check_range+0x100/0x1a8 [ 17.025481] __asan_memset+0x34/0x78 [ 17.025524] kmalloc_oob_memset_4+0x150/0x300 [ 17.025571] kunit_try_run_case+0x170/0x3f0 [ 17.025658] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.025711] kthread+0x328/0x630 [ 17.025939] ret_from_fork+0x10/0x20 [ 17.026028] [ 17.026048] Allocated by task 174: [ 17.026079] kasan_save_stack+0x3c/0x68 [ 17.026131] kasan_save_track+0x20/0x40 [ 17.026301] kasan_save_alloc_info+0x40/0x58 [ 17.026415] __kasan_kmalloc+0xd4/0xd8 [ 17.026563] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.026654] kmalloc_oob_memset_4+0xb0/0x300 [ 17.026693] kunit_try_run_case+0x170/0x3f0 [ 17.026731] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.026823] kthread+0x328/0x630 [ 17.027125] ret_from_fork+0x10/0x20 [ 17.027202] [ 17.027251] The buggy address belongs to the object at fff00000c7767500 [ 17.027251] which belongs to the cache kmalloc-128 of size 128 [ 17.027359] The buggy address is located 117 bytes inside of [ 17.027359] allocated 120-byte region [fff00000c7767500, fff00000c7767578) [ 17.027455] [ 17.027753] The buggy address belongs to the physical page: [ 17.027784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.027903] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.028324] page_type: f5(slab) [ 17.028412] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.028514] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.028576] page dumped because: kasan: bad access detected [ 17.028607] [ 17.028641] Memory state around the buggy address: [ 17.028790] fff00000c7767400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.029397] fff00000c7767480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.029458] >fff00000c7767500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.029496] ^ [ 17.029676] fff00000c7767580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.029896] fff00000c7767600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.029965] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 17.008209] ================================================================== [ 17.008268] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x150/0x2f8 [ 17.008319] Write of size 2 at addr fff00000c7767477 by task kunit_try_catch/172 [ 17.008375] [ 17.008406] CPU: 0 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 17.008487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.008523] Hardware name: linux,dummy-virt (DT) [ 17.008555] Call trace: [ 17.008578] show_stack+0x20/0x38 (C) [ 17.008626] dump_stack_lvl+0x8c/0xd0 [ 17.008674] print_report+0x118/0x608 [ 17.008754] kasan_report+0xdc/0x128 [ 17.008805] kasan_check_range+0x100/0x1a8 [ 17.008855] __asan_memset+0x34/0x78 [ 17.008899] kmalloc_oob_memset_2+0x150/0x2f8 [ 17.008945] kunit_try_run_case+0x170/0x3f0 [ 17.008991] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.009043] kthread+0x328/0x630 [ 17.009103] ret_from_fork+0x10/0x20 [ 17.009151] [ 17.009169] Allocated by task 172: [ 17.009197] kasan_save_stack+0x3c/0x68 [ 17.009239] kasan_save_track+0x20/0x40 [ 17.009276] kasan_save_alloc_info+0x40/0x58 [ 17.009324] __kasan_kmalloc+0xd4/0xd8 [ 17.009507] __kmalloc_cache_noprof+0x16c/0x3c0 [ 17.009676] kmalloc_oob_memset_2+0xb0/0x2f8 [ 17.009715] kunit_try_run_case+0x170/0x3f0 [ 17.010201] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 17.010255] kthread+0x328/0x630 [ 17.010721] ret_from_fork+0x10/0x20 [ 17.011102] [ 17.011211] The buggy address belongs to the object at fff00000c7767400 [ 17.011211] which belongs to the cache kmalloc-128 of size 128 [ 17.011312] The buggy address is located 119 bytes inside of [ 17.011312] allocated 120-byte region [fff00000c7767400, fff00000c7767478) [ 17.011788] [ 17.011993] The buggy address belongs to the physical page: [ 17.012071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 17.012225] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 17.012280] page_type: f5(slab) [ 17.012344] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 17.012693] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.012739] page dumped because: kasan: bad access detected [ 17.012934] [ 17.013273] Memory state around the buggy address: [ 17.013513] fff00000c7767300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.013627] fff00000c7767380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.013676] >fff00000c7767400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.013755] ^ [ 17.014024] fff00000c7767480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.014075] fff00000c7767500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.014126] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 16.996354] ================================================================== [ 16.996425] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x144/0x2d0 [ 16.996480] Write of size 128 at addr fff00000c7767300 by task kunit_try_catch/170 [ 16.996592] [ 16.996640] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.996730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.996947] Hardware name: linux,dummy-virt (DT) [ 16.997025] Call trace: [ 16.997051] show_stack+0x20/0x38 (C) [ 16.997142] dump_stack_lvl+0x8c/0xd0 [ 16.997202] print_report+0x118/0x608 [ 16.997266] kasan_report+0xdc/0x128 [ 16.997315] kasan_check_range+0x100/0x1a8 [ 16.997363] __asan_memset+0x34/0x78 [ 16.997426] kmalloc_oob_in_memset+0x144/0x2d0 [ 16.997474] kunit_try_run_case+0x170/0x3f0 [ 16.997522] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.997584] kthread+0x328/0x630 [ 16.997677] ret_from_fork+0x10/0x20 [ 16.997730] [ 16.997748] Allocated by task 170: [ 16.997777] kasan_save_stack+0x3c/0x68 [ 16.998062] kasan_save_track+0x20/0x40 [ 16.998148] kasan_save_alloc_info+0x40/0x58 [ 16.998238] __kasan_kmalloc+0xd4/0xd8 [ 16.998497] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.998543] kmalloc_oob_in_memset+0xb0/0x2d0 [ 16.998581] kunit_try_run_case+0x170/0x3f0 [ 16.998667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.998725] kthread+0x328/0x630 [ 16.998815] ret_from_fork+0x10/0x20 [ 16.998900] [ 16.998947] The buggy address belongs to the object at fff00000c7767300 [ 16.998947] which belongs to the cache kmalloc-128 of size 128 [ 16.999030] The buggy address is located 0 bytes inside of [ 16.999030] allocated 120-byte region [fff00000c7767300, fff00000c7767378) [ 16.999148] [ 16.999220] The buggy address belongs to the physical page: [ 16.999274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.999341] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.999512] page_type: f5(slab) [ 16.999650] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.999815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.999884] page dumped because: kasan: bad access detected [ 16.999972] [ 17.000008] Memory state around the buggy address: [ 17.000047] fff00000c7767200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.000306] fff00000c7767280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.000418] >fff00000c7767300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 17.000520] ^ [ 17.002019] fff00000c7767380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.002301] fff00000c7767400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.002355] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 16.976535] ================================================================== [ 16.976986] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x3bc/0x438 [ 16.977063] Read of size 16 at addr fff00000c3f1d760 by task kunit_try_catch/168 [ 16.977571] [ 16.977681] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.977830] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.979013] Hardware name: linux,dummy-virt (DT) [ 16.979398] Call trace: [ 16.979439] show_stack+0x20/0x38 (C) [ 16.979496] dump_stack_lvl+0x8c/0xd0 [ 16.979546] print_report+0x118/0x608 [ 16.979599] kasan_report+0xdc/0x128 [ 16.980446] __asan_report_load16_noabort+0x20/0x30 [ 16.980514] kmalloc_uaf_16+0x3bc/0x438 [ 16.980577] kunit_try_run_case+0x170/0x3f0 [ 16.980627] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.981039] kthread+0x328/0x630 [ 16.981105] ret_from_fork+0x10/0x20 [ 16.981156] [ 16.981174] Allocated by task 168: [ 16.981204] kasan_save_stack+0x3c/0x68 [ 16.981367] kasan_save_track+0x20/0x40 [ 16.981412] kasan_save_alloc_info+0x40/0x58 [ 16.981506] __kasan_kmalloc+0xd4/0xd8 [ 16.981543] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.981908] kmalloc_uaf_16+0x140/0x438 [ 16.982028] kunit_try_run_case+0x170/0x3f0 [ 16.982291] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.982340] kthread+0x328/0x630 [ 16.982374] ret_from_fork+0x10/0x20 [ 16.982569] [ 16.982593] Freed by task 168: [ 16.982622] kasan_save_stack+0x3c/0x68 [ 16.982664] kasan_save_track+0x20/0x40 [ 16.983065] kasan_save_free_info+0x4c/0x78 [ 16.983363] __kasan_slab_free+0x6c/0x98 [ 16.984337] kfree+0x214/0x3c8 [ 16.984374] kmalloc_uaf_16+0x190/0x438 [ 16.984419] kunit_try_run_case+0x170/0x3f0 [ 16.984457] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.984803] kthread+0x328/0x630 [ 16.984964] ret_from_fork+0x10/0x20 [ 16.985003] [ 16.985023] The buggy address belongs to the object at fff00000c3f1d760 [ 16.985023] which belongs to the cache kmalloc-16 of size 16 [ 16.985132] The buggy address is located 0 bytes inside of [ 16.985132] freed 16-byte region [fff00000c3f1d760, fff00000c3f1d770) [ 16.985399] [ 16.985426] The buggy address belongs to the physical page: [ 16.985618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f1d [ 16.985756] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.985830] page_type: f5(slab) [ 16.985963] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.986044] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.986164] page dumped because: kasan: bad access detected [ 16.986213] [ 16.986239] Memory state around the buggy address: [ 16.986274] fff00000c3f1d600: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 02 fc fc [ 16.986337] fff00000c3f1d680: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.986715] >fff00000c3f1d700: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 16.986871] ^ [ 16.986949] fff00000c3f1d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.987025] fff00000c3f1d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.987136] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 16.954957] ================================================================== [ 16.955025] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x3a0/0x3f8 [ 16.955081] Write of size 16 at addr fff00000c3f1d700 by task kunit_try_catch/166 [ 16.955150] [ 16.955533] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.955862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.955906] Hardware name: linux,dummy-virt (DT) [ 16.956006] Call trace: [ 16.956039] show_stack+0x20/0x38 (C) [ 16.956185] dump_stack_lvl+0x8c/0xd0 [ 16.956240] print_report+0x118/0x608 [ 16.956366] kasan_report+0xdc/0x128 [ 16.957198] __asan_report_store16_noabort+0x20/0x30 [ 16.957278] kmalloc_oob_16+0x3a0/0x3f8 [ 16.957447] kunit_try_run_case+0x170/0x3f0 [ 16.957518] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.957823] kthread+0x328/0x630 [ 16.958167] ret_from_fork+0x10/0x20 [ 16.958354] [ 16.958377] Allocated by task 166: [ 16.958407] kasan_save_stack+0x3c/0x68 [ 16.958450] kasan_save_track+0x20/0x40 [ 16.958488] kasan_save_alloc_info+0x40/0x58 [ 16.958984] __kasan_kmalloc+0xd4/0xd8 [ 16.959073] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.959228] kmalloc_oob_16+0xb4/0x3f8 [ 16.959286] kunit_try_run_case+0x170/0x3f0 [ 16.959414] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.959492] kthread+0x328/0x630 [ 16.959702] ret_from_fork+0x10/0x20 [ 16.959856] [ 16.959962] The buggy address belongs to the object at fff00000c3f1d700 [ 16.959962] which belongs to the cache kmalloc-16 of size 16 [ 16.961192] The buggy address is located 0 bytes inside of [ 16.961192] allocated 13-byte region [fff00000c3f1d700, fff00000c3f1d70d) [ 16.961450] [ 16.961672] The buggy address belongs to the physical page: [ 16.961989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f1d [ 16.962146] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.962460] page_type: f5(slab) [ 16.962516] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.962573] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.962615] page dumped because: kasan: bad access detected [ 16.962645] [ 16.962662] Memory state around the buggy address: [ 16.962695] fff00000c3f1d600: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 02 fc fc [ 16.963104] fff00000c3f1d680: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 16.963202] >fff00000c3f1d700: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.963247] ^ [ 16.963281] fff00000c3f1d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.963326] fff00000c3f1d800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.963403] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 16.941168] ================================================================== [ 16.941214] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x4c8/0x520 [ 16.941272] Read of size 1 at addr fff00000c4519e00 by task kunit_try_catch/164 [ 16.941323] [ 16.941577] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.941671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.941733] Hardware name: linux,dummy-virt (DT) [ 16.941839] Call trace: [ 16.941920] show_stack+0x20/0x38 (C) [ 16.942051] dump_stack_lvl+0x8c/0xd0 [ 16.942112] print_report+0x118/0x608 [ 16.942160] kasan_report+0xdc/0x128 [ 16.942208] __asan_report_load1_noabort+0x20/0x30 [ 16.942386] krealloc_uaf+0x4c8/0x520 [ 16.942434] kunit_try_run_case+0x170/0x3f0 [ 16.942487] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.942604] kthread+0x328/0x630 [ 16.942678] ret_from_fork+0x10/0x20 [ 16.942822] [ 16.942878] Allocated by task 164: [ 16.942988] kasan_save_stack+0x3c/0x68 [ 16.943048] kasan_save_track+0x20/0x40 [ 16.943129] kasan_save_alloc_info+0x40/0x58 [ 16.943252] __kasan_kmalloc+0xd4/0xd8 [ 16.943311] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.943409] krealloc_uaf+0xc8/0x520 [ 16.943466] kunit_try_run_case+0x170/0x3f0 [ 16.943536] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.943597] kthread+0x328/0x630 [ 16.943629] ret_from_fork+0x10/0x20 [ 16.943805] [ 16.943830] Freed by task 164: [ 16.943856] kasan_save_stack+0x3c/0x68 [ 16.943894] kasan_save_track+0x20/0x40 [ 16.943930] kasan_save_free_info+0x4c/0x78 [ 16.943985] __kasan_slab_free+0x6c/0x98 [ 16.944027] kfree+0x214/0x3c8 [ 16.944059] krealloc_uaf+0x12c/0x520 [ 16.944182] kunit_try_run_case+0x170/0x3f0 [ 16.944261] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.944335] kthread+0x328/0x630 [ 16.944415] ret_from_fork+0x10/0x20 [ 16.944464] [ 16.944560] The buggy address belongs to the object at fff00000c4519e00 [ 16.944560] which belongs to the cache kmalloc-256 of size 256 [ 16.944668] The buggy address is located 0 bytes inside of [ 16.944668] freed 256-byte region [fff00000c4519e00, fff00000c4519f00) [ 16.945005] [ 16.945031] The buggy address belongs to the physical page: [ 16.945068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.945156] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.945204] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.945267] page_type: f5(slab) [ 16.945310] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.945369] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.945438] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.945499] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.945562] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.945621] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.945662] page dumped because: kasan: bad access detected [ 16.945692] [ 16.945708] Memory state around the buggy address: [ 16.945740] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.945857] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.945904] >fff00000c4519e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.945948] ^ [ 16.945977] fff00000c4519e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.946022] fff00000c4519f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.946097] ================================================================== [ 16.935256] ================================================================== [ 16.935326] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x180/0x520 [ 16.935398] Read of size 1 at addr fff00000c4519e00 by task kunit_try_catch/164 [ 16.935496] [ 16.935555] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.935648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.935674] Hardware name: linux,dummy-virt (DT) [ 16.935711] Call trace: [ 16.935752] show_stack+0x20/0x38 (C) [ 16.935820] dump_stack_lvl+0x8c/0xd0 [ 16.935870] print_report+0x118/0x608 [ 16.935916] kasan_report+0xdc/0x128 [ 16.936266] __kasan_check_byte+0x54/0x70 [ 16.936350] krealloc_noprof+0x44/0x360 [ 16.936409] krealloc_uaf+0x180/0x520 [ 16.936493] kunit_try_run_case+0x170/0x3f0 [ 16.936560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.936613] kthread+0x328/0x630 [ 16.936665] ret_from_fork+0x10/0x20 [ 16.936731] [ 16.936759] Allocated by task 164: [ 16.936825] kasan_save_stack+0x3c/0x68 [ 16.936883] kasan_save_track+0x20/0x40 [ 16.936930] kasan_save_alloc_info+0x40/0x58 [ 16.937010] __kasan_kmalloc+0xd4/0xd8 [ 16.937067] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.937123] krealloc_uaf+0xc8/0x520 [ 16.937196] kunit_try_run_case+0x170/0x3f0 [ 16.937263] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.937307] kthread+0x328/0x630 [ 16.937340] ret_from_fork+0x10/0x20 [ 16.937381] [ 16.937399] Freed by task 164: [ 16.937424] kasan_save_stack+0x3c/0x68 [ 16.937460] kasan_save_track+0x20/0x40 [ 16.938259] kasan_save_free_info+0x4c/0x78 [ 16.938404] __kasan_slab_free+0x6c/0x98 [ 16.938485] kfree+0x214/0x3c8 [ 16.938591] krealloc_uaf+0x12c/0x520 [ 16.938653] kunit_try_run_case+0x170/0x3f0 [ 16.938718] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.938795] kthread+0x328/0x630 [ 16.938828] ret_from_fork+0x10/0x20 [ 16.938864] [ 16.938906] The buggy address belongs to the object at fff00000c4519e00 [ 16.938906] which belongs to the cache kmalloc-256 of size 256 [ 16.939003] The buggy address is located 0 bytes inside of [ 16.939003] freed 256-byte region [fff00000c4519e00, fff00000c4519f00) [ 16.939122] [ 16.939143] The buggy address belongs to the physical page: [ 16.939174] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.939230] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.939341] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.939448] page_type: f5(slab) [ 16.939547] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.939624] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.939742] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.939829] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.939913] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.940003] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.940079] page dumped because: kasan: bad access detected [ 16.940176] [ 16.940194] Memory state around the buggy address: [ 16.940228] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.940273] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.940319] >fff00000c4519e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.940358] ^ [ 16.940386] fff00000c4519e80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.940430] fff00000c4519f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.940470] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 16.832329] ================================================================== [ 16.832574] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.832634] Write of size 1 at addr fff00000c4519cda by task kunit_try_catch/158 [ 16.832986] [ 16.833191] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.833428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.833530] Hardware name: linux,dummy-virt (DT) [ 16.833565] Call trace: [ 16.833627] show_stack+0x20/0x38 (C) [ 16.833802] dump_stack_lvl+0x8c/0xd0 [ 16.833898] print_report+0x118/0x608 [ 16.833985] kasan_report+0xdc/0x128 [ 16.834315] __asan_report_store1_noabort+0x20/0x30 [ 16.834472] krealloc_less_oob_helper+0xa80/0xc50 [ 16.834569] krealloc_less_oob+0x20/0x38 [ 16.834790] kunit_try_run_case+0x170/0x3f0 [ 16.834931] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.834987] kthread+0x328/0x630 [ 16.835076] ret_from_fork+0x10/0x20 [ 16.835280] [ 16.835303] Allocated by task 158: [ 16.835331] kasan_save_stack+0x3c/0x68 [ 16.835376] kasan_save_track+0x20/0x40 [ 16.835441] kasan_save_alloc_info+0x40/0x58 [ 16.835482] __kasan_krealloc+0x118/0x178 [ 16.835529] krealloc_noprof+0x128/0x360 [ 16.835566] krealloc_less_oob_helper+0x168/0xc50 [ 16.835606] krealloc_less_oob+0x20/0x38 [ 16.835643] kunit_try_run_case+0x170/0x3f0 [ 16.835680] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.835732] kthread+0x328/0x630 [ 16.835764] ret_from_fork+0x10/0x20 [ 16.835809] [ 16.835827] The buggy address belongs to the object at fff00000c4519c00 [ 16.835827] which belongs to the cache kmalloc-256 of size 256 [ 16.835898] The buggy address is located 17 bytes to the right of [ 16.835898] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.835962] [ 16.835982] The buggy address belongs to the physical page: [ 16.836031] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.836101] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.836767] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.836926] page_type: f5(slab) [ 16.837013] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.837231] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.837492] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.837571] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.837875] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.837951] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.838023] page dumped because: kasan: bad access detected [ 16.838054] [ 16.838078] Memory state around the buggy address: [ 16.838281] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838504] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.838557] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.838682] ^ [ 16.838843] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838887] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.838985] ================================================================== [ 16.911622] ================================================================== [ 16.912187] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa80/0xc50 [ 16.912499] Write of size 1 at addr fff00000c77e20da by task kunit_try_catch/162 [ 16.912611] [ 16.912928] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.913289] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.914254] Hardware name: linux,dummy-virt (DT) [ 16.914320] Call trace: [ 16.914343] show_stack+0x20/0x38 (C) [ 16.914398] dump_stack_lvl+0x8c/0xd0 [ 16.914447] print_report+0x118/0x608 [ 16.914495] kasan_report+0xdc/0x128 [ 16.914540] __asan_report_store1_noabort+0x20/0x30 [ 16.914592] krealloc_less_oob_helper+0xa80/0xc50 [ 16.914642] krealloc_large_less_oob+0x20/0x38 [ 16.916052] kunit_try_run_case+0x170/0x3f0 [ 16.916298] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.916362] kthread+0x328/0x630 [ 16.916688] ret_from_fork+0x10/0x20 [ 16.916870] [ 16.916973] The buggy address belongs to the physical page: [ 16.917295] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.917641] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.917719] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.917794] page_type: f8(unknown) [ 16.917846] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.918061] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.918334] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.918390] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.918447] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.918848] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.918919] page dumped because: kasan: bad access detected [ 16.919031] [ 16.919254] Memory state around the buggy address: [ 16.919376] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.919425] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.919677] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.919927] ^ [ 16.920196] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.920252] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.920312] ================================================================== [ 16.813653] ================================================================== [ 16.813712] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.814062] Write of size 1 at addr fff00000c4519cc9 by task kunit_try_catch/158 [ 16.814340] [ 16.814480] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.814574] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.814974] Hardware name: linux,dummy-virt (DT) [ 16.815026] Call trace: [ 16.815179] show_stack+0x20/0x38 (C) [ 16.815271] dump_stack_lvl+0x8c/0xd0 [ 16.815491] print_report+0x118/0x608 [ 16.815706] kasan_report+0xdc/0x128 [ 16.815893] __asan_report_store1_noabort+0x20/0x30 [ 16.816232] krealloc_less_oob_helper+0xa48/0xc50 [ 16.816521] krealloc_less_oob+0x20/0x38 [ 16.816725] kunit_try_run_case+0x170/0x3f0 [ 16.816848] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.817044] kthread+0x328/0x630 [ 16.817139] ret_from_fork+0x10/0x20 [ 16.817323] [ 16.817437] Allocated by task 158: [ 16.817470] kasan_save_stack+0x3c/0x68 [ 16.817546] kasan_save_track+0x20/0x40 [ 16.818005] kasan_save_alloc_info+0x40/0x58 [ 16.818066] __kasan_krealloc+0x118/0x178 [ 16.818119] krealloc_noprof+0x128/0x360 [ 16.818185] krealloc_less_oob_helper+0x168/0xc50 [ 16.818465] krealloc_less_oob+0x20/0x38 [ 16.818579] kunit_try_run_case+0x170/0x3f0 [ 16.818748] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.818794] kthread+0x328/0x630 [ 16.818827] ret_from_fork+0x10/0x20 [ 16.818904] [ 16.818931] The buggy address belongs to the object at fff00000c4519c00 [ 16.818931] which belongs to the cache kmalloc-256 of size 256 [ 16.818991] The buggy address is located 0 bytes to the right of [ 16.818991] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.819055] [ 16.819092] The buggy address belongs to the physical page: [ 16.819125] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.819207] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.819257] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.819313] page_type: f5(slab) [ 16.819355] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.819406] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.819467] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.819523] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.819581] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.819632] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.819672] page dumped because: kasan: bad access detected [ 16.819712] [ 16.819730] Memory state around the buggy address: [ 16.819770] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.819812] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.819854] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.819892] ^ [ 16.819927] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.819968] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.820006] ================================================================== [ 16.840620] ================================================================== [ 16.840915] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.840984] Write of size 1 at addr fff00000c4519cea by task kunit_try_catch/158 [ 16.841037] [ 16.841203] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.841357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.841416] Hardware name: linux,dummy-virt (DT) [ 16.841485] Call trace: [ 16.841620] show_stack+0x20/0x38 (C) [ 16.841679] dump_stack_lvl+0x8c/0xd0 [ 16.841737] print_report+0x118/0x608 [ 16.841785] kasan_report+0xdc/0x128 [ 16.842331] __asan_report_store1_noabort+0x20/0x30 [ 16.842490] krealloc_less_oob_helper+0xae4/0xc50 [ 16.842677] krealloc_less_oob+0x20/0x38 [ 16.842786] kunit_try_run_case+0x170/0x3f0 [ 16.842836] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.843272] kthread+0x328/0x630 [ 16.843350] ret_from_fork+0x10/0x20 [ 16.843676] [ 16.843886] Allocated by task 158: [ 16.843962] kasan_save_stack+0x3c/0x68 [ 16.844165] kasan_save_track+0x20/0x40 [ 16.844482] kasan_save_alloc_info+0x40/0x58 [ 16.844690] __kasan_krealloc+0x118/0x178 [ 16.844794] krealloc_noprof+0x128/0x360 [ 16.844902] krealloc_less_oob_helper+0x168/0xc50 [ 16.845076] krealloc_less_oob+0x20/0x38 [ 16.845181] kunit_try_run_case+0x170/0x3f0 [ 16.845229] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.845287] kthread+0x328/0x630 [ 16.845319] ret_from_fork+0x10/0x20 [ 16.845371] [ 16.845400] The buggy address belongs to the object at fff00000c4519c00 [ 16.845400] which belongs to the cache kmalloc-256 of size 256 [ 16.845471] The buggy address is located 33 bytes to the right of [ 16.845471] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.845545] [ 16.845564] The buggy address belongs to the physical page: [ 16.845625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.845678] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.845726] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.845779] page_type: f5(slab) [ 16.846198] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.846636] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.846726] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.847354] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.847462] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.847547] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.847725] page dumped because: kasan: bad access detected [ 16.847981] [ 16.848073] Memory state around the buggy address: [ 16.848531] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848623] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.848803] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.848846] ^ [ 16.848900] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848942] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.848981] ================================================================== [ 16.888865] ================================================================== [ 16.888951] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa48/0xc50 [ 16.889021] Write of size 1 at addr fff00000c77e20c9 by task kunit_try_catch/162 [ 16.889074] [ 16.889125] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.889210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.889492] Hardware name: linux,dummy-virt (DT) [ 16.889547] Call trace: [ 16.889635] show_stack+0x20/0x38 (C) [ 16.889698] dump_stack_lvl+0x8c/0xd0 [ 16.889766] print_report+0x118/0x608 [ 16.889815] kasan_report+0xdc/0x128 [ 16.889861] __asan_report_store1_noabort+0x20/0x30 [ 16.889915] krealloc_less_oob_helper+0xa48/0xc50 [ 16.889965] krealloc_large_less_oob+0x20/0x38 [ 16.890013] kunit_try_run_case+0x170/0x3f0 [ 16.890275] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.890341] kthread+0x328/0x630 [ 16.890412] ret_from_fork+0x10/0x20 [ 16.890565] [ 16.890585] The buggy address belongs to the physical page: [ 16.893890] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.894178] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.894230] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.894287] page_type: f8(unknown) [ 16.894334] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.894389] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.894444] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.894498] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.894552] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.894606] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.894647] page dumped because: kasan: bad access detected [ 16.894677] [ 16.894695] Memory state around the buggy address: [ 16.894728] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.894773] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.894818] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.894857] ^ [ 16.894895] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.894939] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.894979] ================================================================== [ 16.895417] ================================================================== [ 16.895464] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.895512] Write of size 1 at addr fff00000c77e20d0 by task kunit_try_catch/162 [ 16.895562] [ 16.895594] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.895674] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.901858] Hardware name: linux,dummy-virt (DT) [ 16.901919] Call trace: [ 16.901957] show_stack+0x20/0x38 (C) [ 16.902105] dump_stack_lvl+0x8c/0xd0 [ 16.902251] print_report+0x118/0x608 [ 16.902315] kasan_report+0xdc/0x128 [ 16.902976] __asan_report_store1_noabort+0x20/0x30 [ 16.903078] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.903325] krealloc_large_less_oob+0x20/0x38 [ 16.903517] kunit_try_run_case+0x170/0x3f0 [ 16.903899] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.904249] kthread+0x328/0x630 [ 16.904480] ret_from_fork+0x10/0x20 [ 16.904533] [ 16.904554] The buggy address belongs to the physical page: [ 16.904586] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.904639] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.904686] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.905210] page_type: f8(unknown) [ 16.905676] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.905737] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.906021] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.906471] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.906780] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.907046] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.907319] page dumped because: kasan: bad access detected [ 16.907355] [ 16.907372] Memory state around the buggy address: [ 16.907656] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.908068] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.908247] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.908484] ^ [ 16.908533] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.908872] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.909183] ================================================================== [ 16.926965] ================================================================== [ 16.927009] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.927058] Write of size 1 at addr fff00000c77e20eb by task kunit_try_catch/162 [ 16.927124] [ 16.927153] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.927233] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.927258] Hardware name: linux,dummy-virt (DT) [ 16.927287] Call trace: [ 16.927309] show_stack+0x20/0x38 (C) [ 16.927516] dump_stack_lvl+0x8c/0xd0 [ 16.927571] print_report+0x118/0x608 [ 16.927618] kasan_report+0xdc/0x128 [ 16.927664] __asan_report_store1_noabort+0x20/0x30 [ 16.927715] krealloc_less_oob_helper+0xa58/0xc50 [ 16.927821] krealloc_large_less_oob+0x20/0x38 [ 16.927870] kunit_try_run_case+0x170/0x3f0 [ 16.927947] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.928010] kthread+0x328/0x630 [ 16.928059] ret_from_fork+0x10/0x20 [ 16.928186] [ 16.928234] The buggy address belongs to the physical page: [ 16.928285] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.928339] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.928478] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.928662] page_type: f8(unknown) [ 16.928748] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.928823] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.928879] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.928932] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.928986] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.929049] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.929102] page dumped because: kasan: bad access detected [ 16.929132] [ 16.929149] Memory state around the buggy address: [ 16.929180] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.929258] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.929305] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.929345] ^ [ 16.929421] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.929505] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.929553] ================================================================== [ 16.852757] ================================================================== [ 16.852836] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xa58/0xc50 [ 16.852891] Write of size 1 at addr fff00000c4519ceb by task kunit_try_catch/158 [ 16.853417] [ 16.853468] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.853552] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.853578] Hardware name: linux,dummy-virt (DT) [ 16.853618] Call trace: [ 16.853641] show_stack+0x20/0x38 (C) [ 16.853697] dump_stack_lvl+0x8c/0xd0 [ 16.853747] print_report+0x118/0x608 [ 16.853794] kasan_report+0xdc/0x128 [ 16.853840] __asan_report_store1_noabort+0x20/0x30 [ 16.853897] krealloc_less_oob_helper+0xa58/0xc50 [ 16.853946] krealloc_less_oob+0x20/0x38 [ 16.853991] kunit_try_run_case+0x170/0x3f0 [ 16.854038] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.855865] kthread+0x328/0x630 [ 16.855925] ret_from_fork+0x10/0x20 [ 16.855976] [ 16.855994] Allocated by task 158: [ 16.856029] kasan_save_stack+0x3c/0x68 [ 16.856073] kasan_save_track+0x20/0x40 [ 16.856125] kasan_save_alloc_info+0x40/0x58 [ 16.856166] __kasan_krealloc+0x118/0x178 [ 16.856203] krealloc_noprof+0x128/0x360 [ 16.856240] krealloc_less_oob_helper+0x168/0xc50 [ 16.856279] krealloc_less_oob+0x20/0x38 [ 16.856314] kunit_try_run_case+0x170/0x3f0 [ 16.856352] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.856394] kthread+0x328/0x630 [ 16.856426] ret_from_fork+0x10/0x20 [ 16.856461] [ 16.856479] The buggy address belongs to the object at fff00000c4519c00 [ 16.856479] which belongs to the cache kmalloc-256 of size 256 [ 16.856535] The buggy address is located 34 bytes to the right of [ 16.856535] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.856599] [ 16.856618] The buggy address belongs to the physical page: [ 16.857124] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.857231] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.857338] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.857392] page_type: f5(slab) [ 16.857431] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.857687] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.857929] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.857984] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.858167] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.858359] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.858410] page dumped because: kasan: bad access detected [ 16.858442] [ 16.858459] Memory state around the buggy address: [ 16.858490] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.858532] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.858573] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.858611] ^ [ 16.858648] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.858690] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.858728] ================================================================== [ 16.821822] ================================================================== [ 16.821977] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xb9c/0xc50 [ 16.822030] Write of size 1 at addr fff00000c4519cd0 by task kunit_try_catch/158 [ 16.822441] [ 16.822599] CPU: 0 UID: 0 PID: 158 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.823018] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.823114] Hardware name: linux,dummy-virt (DT) [ 16.823242] Call trace: [ 16.823282] show_stack+0x20/0x38 (C) [ 16.823340] dump_stack_lvl+0x8c/0xd0 [ 16.823545] print_report+0x118/0x608 [ 16.823744] kasan_report+0xdc/0x128 [ 16.823893] __asan_report_store1_noabort+0x20/0x30 [ 16.824018] krealloc_less_oob_helper+0xb9c/0xc50 [ 16.824230] krealloc_less_oob+0x20/0x38 [ 16.824667] kunit_try_run_case+0x170/0x3f0 [ 16.824833] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.825008] kthread+0x328/0x630 [ 16.825220] ret_from_fork+0x10/0x20 [ 16.825624] [ 16.825724] Allocated by task 158: [ 16.825930] kasan_save_stack+0x3c/0x68 [ 16.826121] kasan_save_track+0x20/0x40 [ 16.826227] kasan_save_alloc_info+0x40/0x58 [ 16.826456] __kasan_krealloc+0x118/0x178 [ 16.826627] krealloc_noprof+0x128/0x360 [ 16.826742] krealloc_less_oob_helper+0x168/0xc50 [ 16.826848] krealloc_less_oob+0x20/0x38 [ 16.826892] kunit_try_run_case+0x170/0x3f0 [ 16.827220] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.827423] kthread+0x328/0x630 [ 16.827512] ret_from_fork+0x10/0x20 [ 16.827636] [ 16.827725] The buggy address belongs to the object at fff00000c4519c00 [ 16.827725] which belongs to the cache kmalloc-256 of size 256 [ 16.828144] The buggy address is located 7 bytes to the right of [ 16.828144] allocated 201-byte region [fff00000c4519c00, fff00000c4519cc9) [ 16.828311] [ 16.828381] The buggy address belongs to the physical page: [ 16.828514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.828597] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.828644] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.828878] page_type: f5(slab) [ 16.828925] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.829365] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.829580] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.829661] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.830116] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.830192] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.830333] page dumped because: kasan: bad access detected [ 16.830410] [ 16.830452] Memory state around the buggy address: [ 16.830585] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.830663] fff00000c4519c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.830720] >fff00000c4519c80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 16.830758] ^ [ 16.830964] fff00000c4519d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.831122] fff00000c4519d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.831285] ================================================================== [ 16.921818] ================================================================== [ 16.921870] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xae4/0xc50 [ 16.922462] Write of size 1 at addr fff00000c77e20ea by task kunit_try_catch/162 [ 16.922531] [ 16.922565] CPU: 0 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.922929] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.923362] Hardware name: linux,dummy-virt (DT) [ 16.923437] Call trace: [ 16.923474] show_stack+0x20/0x38 (C) [ 16.923574] dump_stack_lvl+0x8c/0xd0 [ 16.923627] print_report+0x118/0x608 [ 16.923686] kasan_report+0xdc/0x128 [ 16.923743] __asan_report_store1_noabort+0x20/0x30 [ 16.923795] krealloc_less_oob_helper+0xae4/0xc50 [ 16.923852] krealloc_large_less_oob+0x20/0x38 [ 16.923916] kunit_try_run_case+0x170/0x3f0 [ 16.923999] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.924081] kthread+0x328/0x630 [ 16.924168] ret_from_fork+0x10/0x20 [ 16.924218] [ 16.924237] The buggy address belongs to the physical page: [ 16.924639] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.924700] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.924747] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.924806] page_type: f8(unknown) [ 16.924851] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.924908] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.925715] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.925774] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.925829] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.925881] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.925922] page dumped because: kasan: bad access detected [ 16.925953] [ 16.925970] Memory state around the buggy address: [ 16.926003] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.926050] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.926108] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 16.926147] ^ [ 16.926206] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.926340] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.926435] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 16.799555] ================================================================== [ 16.799603] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 16.799653] Write of size 1 at addr fff00000c4519af0 by task kunit_try_catch/156 [ 16.799835] [ 16.799953] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.800048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.800075] Hardware name: linux,dummy-virt (DT) [ 16.800209] Call trace: [ 16.800290] show_stack+0x20/0x38 (C) [ 16.800383] dump_stack_lvl+0x8c/0xd0 [ 16.800443] print_report+0x118/0x608 [ 16.800529] kasan_report+0xdc/0x128 [ 16.800600] __asan_report_store1_noabort+0x20/0x30 [ 16.800697] krealloc_more_oob_helper+0x5c0/0x678 [ 16.800747] krealloc_more_oob+0x20/0x38 [ 16.800822] kunit_try_run_case+0x170/0x3f0 [ 16.801023] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.801336] kthread+0x328/0x630 [ 16.801421] ret_from_fork+0x10/0x20 [ 16.801477] [ 16.801546] Allocated by task 156: [ 16.801905] kasan_save_stack+0x3c/0x68 [ 16.801960] kasan_save_track+0x20/0x40 [ 16.802000] kasan_save_alloc_info+0x40/0x58 [ 16.802048] __kasan_krealloc+0x118/0x178 [ 16.802230] krealloc_noprof+0x128/0x360 [ 16.802291] krealloc_more_oob_helper+0x168/0x678 [ 16.802333] krealloc_more_oob+0x20/0x38 [ 16.802569] kunit_try_run_case+0x170/0x3f0 [ 16.802667] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.802835] kthread+0x328/0x630 [ 16.802966] ret_from_fork+0x10/0x20 [ 16.803044] [ 16.803063] The buggy address belongs to the object at fff00000c4519a00 [ 16.803063] which belongs to the cache kmalloc-256 of size 256 [ 16.803157] The buggy address is located 5 bytes to the right of [ 16.803157] allocated 235-byte region [fff00000c4519a00, fff00000c4519aeb) [ 16.803221] [ 16.803240] The buggy address belongs to the physical page: [ 16.803286] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.803342] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.803549] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.803652] page_type: f5(slab) [ 16.803785] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.803890] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.804072] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.804234] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.804427] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.804661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.804707] page dumped because: kasan: bad access detected [ 16.804757] [ 16.804774] Memory state around the buggy address: [ 16.804813] fff00000c4519980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.804866] fff00000c4519a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.804908] >fff00000c4519a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 16.804945] ^ [ 16.804983] fff00000c4519b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.805296] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.805428] ================================================================== [ 16.866796] ================================================================== [ 16.866886] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 16.866970] Write of size 1 at addr fff00000c77e20eb by task kunit_try_catch/160 [ 16.867021] [ 16.867053] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.867294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.867332] Hardware name: linux,dummy-virt (DT) [ 16.867365] Call trace: [ 16.867388] show_stack+0x20/0x38 (C) [ 16.867459] dump_stack_lvl+0x8c/0xd0 [ 16.867514] print_report+0x118/0x608 [ 16.867561] kasan_report+0xdc/0x128 [ 16.867608] __asan_report_store1_noabort+0x20/0x30 [ 16.867676] krealloc_more_oob_helper+0x60c/0x678 [ 16.867765] krealloc_large_more_oob+0x20/0x38 [ 16.867831] kunit_try_run_case+0x170/0x3f0 [ 16.867886] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.867946] kthread+0x328/0x630 [ 16.867989] ret_from_fork+0x10/0x20 [ 16.868044] [ 16.868063] The buggy address belongs to the physical page: [ 16.868105] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.868160] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.868382] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.868444] page_type: f8(unknown) [ 16.868488] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.868551] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.868612] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.868685] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.868741] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.868806] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.868847] page dumped because: kasan: bad access detected [ 16.868877] [ 16.868894] Memory state around the buggy address: [ 16.868941] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.868998] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.869044] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 16.869099] ^ [ 16.869145] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.869190] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.869230] ================================================================== [ 16.869280] ================================================================== [ 16.869323] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x5c0/0x678 [ 16.869367] Write of size 1 at addr fff00000c77e20f0 by task kunit_try_catch/160 [ 16.869423] [ 16.869450] CPU: 0 UID: 0 PID: 160 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.869528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.869554] Hardware name: linux,dummy-virt (DT) [ 16.869583] Call trace: [ 16.869603] show_stack+0x20/0x38 (C) [ 16.869650] dump_stack_lvl+0x8c/0xd0 [ 16.869749] print_report+0x118/0x608 [ 16.870005] kasan_report+0xdc/0x128 [ 16.870063] __asan_report_store1_noabort+0x20/0x30 [ 16.870130] krealloc_more_oob_helper+0x5c0/0x678 [ 16.870179] krealloc_large_more_oob+0x20/0x38 [ 16.870283] kunit_try_run_case+0x170/0x3f0 [ 16.870440] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.870526] kthread+0x328/0x630 [ 16.870637] ret_from_fork+0x10/0x20 [ 16.870775] [ 16.870826] The buggy address belongs to the physical page: [ 16.870871] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077e0 [ 16.870932] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.871013] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.871099] page_type: f8(unknown) [ 16.871142] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.871198] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.871271] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.871324] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.871525] head: 0bfffe0000000002 ffffc1ffc31df801 00000000ffffffff 00000000ffffffff [ 16.871595] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.871672] page dumped because: kasan: bad access detected [ 16.871730] [ 16.871747] Memory state around the buggy address: [ 16.871794] fff00000c77e1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.871881] fff00000c77e2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.871987] >fff00000c77e2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 16.872047] ^ [ 16.872109] fff00000c77e2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.872164] fff00000c77e2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.872233] ================================================================== [ 16.791036] ================================================================== [ 16.791112] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x60c/0x678 [ 16.791169] Write of size 1 at addr fff00000c4519aeb by task kunit_try_catch/156 [ 16.791219] [ 16.791253] CPU: 0 UID: 0 PID: 156 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.791336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.791604] Hardware name: linux,dummy-virt (DT) [ 16.791882] Call trace: [ 16.792015] show_stack+0x20/0x38 (C) [ 16.792587] dump_stack_lvl+0x8c/0xd0 [ 16.792788] print_report+0x118/0x608 [ 16.792943] kasan_report+0xdc/0x128 [ 16.793109] __asan_report_store1_noabort+0x20/0x30 [ 16.793161] krealloc_more_oob_helper+0x60c/0x678 [ 16.793210] krealloc_more_oob+0x20/0x38 [ 16.793493] kunit_try_run_case+0x170/0x3f0 [ 16.793674] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.793853] kthread+0x328/0x630 [ 16.794276] ret_from_fork+0x10/0x20 [ 16.794470] [ 16.794491] Allocated by task 156: [ 16.794540] kasan_save_stack+0x3c/0x68 [ 16.794583] kasan_save_track+0x20/0x40 [ 16.794621] kasan_save_alloc_info+0x40/0x58 [ 16.794661] __kasan_krealloc+0x118/0x178 [ 16.794699] krealloc_noprof+0x128/0x360 [ 16.794907] krealloc_more_oob_helper+0x168/0x678 [ 16.795017] krealloc_more_oob+0x20/0x38 [ 16.795053] kunit_try_run_case+0x170/0x3f0 [ 16.795103] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.795166] kthread+0x328/0x630 [ 16.795286] ret_from_fork+0x10/0x20 [ 16.795322] [ 16.795341] The buggy address belongs to the object at fff00000c4519a00 [ 16.795341] which belongs to the cache kmalloc-256 of size 256 [ 16.795402] The buggy address is located 0 bytes to the right of [ 16.795402] allocated 235-byte region [fff00000c4519a00, fff00000c4519aeb) [ 16.795466] [ 16.795486] The buggy address belongs to the physical page: [ 16.795518] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104518 [ 16.795571] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.795626] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.795720] page_type: f5(slab) [ 16.795832] raw: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.795935] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.796074] head: 0bfffe0000000040 fff00000c0001b40 dead000000000122 0000000000000000 [ 16.796325] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.796546] head: 0bfffe0000000001 ffffc1ffc3114601 00000000ffffffff 00000000ffffffff [ 16.797004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 16.797145] page dumped because: kasan: bad access detected [ 16.797188] [ 16.797206] Memory state around the buggy address: [ 16.797238] fff00000c4519980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.797280] fff00000c4519a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.797332] >fff00000c4519a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 16.797466] ^ [ 16.797522] fff00000c4519b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.797565] fff00000c4519b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.797775] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 16.779728] ================================================================== [ 16.779838] BUG: KASAN: use-after-free in page_alloc_uaf+0x328/0x350 [ 16.779922] Read of size 1 at addr fff00000c7810000 by task kunit_try_catch/154 [ 16.779975] [ 16.780058] CPU: 0 UID: 0 PID: 154 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.780201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.780261] Hardware name: linux,dummy-virt (DT) [ 16.780294] Call trace: [ 16.780317] show_stack+0x20/0x38 (C) [ 16.780407] dump_stack_lvl+0x8c/0xd0 [ 16.780672] print_report+0x118/0x608 [ 16.780838] kasan_report+0xdc/0x128 [ 16.780905] __asan_report_load1_noabort+0x20/0x30 [ 16.780957] page_alloc_uaf+0x328/0x350 [ 16.781329] kunit_try_run_case+0x170/0x3f0 [ 16.781397] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.781452] kthread+0x328/0x630 [ 16.781495] ret_from_fork+0x10/0x20 [ 16.781544] [ 16.781565] The buggy address belongs to the physical page: [ 16.781626] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107810 [ 16.781683] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.781756] page_type: f0(buddy) [ 16.781947] raw: 0bfffe0000000000 fff00000ff6160a0 fff00000ff6160a0 0000000000000000 [ 16.782010] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 16.782050] page dumped because: kasan: bad access detected [ 16.782080] [ 16.782107] Memory state around the buggy address: [ 16.782141] fff00000c780ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.782184] fff00000c780ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.782448] >fff00000c7810000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.782499] ^ [ 16.782556] fff00000c7810080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.782698] fff00000c7810100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.782815] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 16.761535] ================================================================== [ 16.761636] BUG: KASAN: invalid-free in kfree+0x270/0x3c8 [ 16.761700] Free of addr fff00000c77dc001 by task kunit_try_catch/150 [ 16.761746] [ 16.761779] CPU: 0 UID: 0 PID: 150 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.761862] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.761887] Hardware name: linux,dummy-virt (DT) [ 16.761918] Call trace: [ 16.761942] show_stack+0x20/0x38 (C) [ 16.761996] dump_stack_lvl+0x8c/0xd0 [ 16.762044] print_report+0x118/0x608 [ 16.762104] kasan_report_invalid_free+0xc0/0xe8 [ 16.762154] __kasan_kfree_large+0x5c/0xa8 [ 16.762201] free_large_kmalloc+0x64/0x190 [ 16.762246] kfree+0x270/0x3c8 [ 16.762288] kmalloc_large_invalid_free+0x108/0x270 [ 16.763013] kunit_try_run_case+0x170/0x3f0 [ 16.763228] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.763355] kthread+0x328/0x630 [ 16.763454] ret_from_fork+0x10/0x20 [ 16.763506] [ 16.763526] The buggy address belongs to the physical page: [ 16.763558] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077dc [ 16.763637] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.763793] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.763899] page_type: f8(unknown) [ 16.763999] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.764136] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.764225] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.764333] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.764441] head: 0bfffe0000000002 ffffc1ffc31df701 00000000ffffffff 00000000ffffffff [ 16.764528] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.764642] page dumped because: kasan: bad access detected [ 16.764755] [ 16.764826] Memory state around the buggy address: [ 16.764893] fff00000c77dbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.764936] fff00000c77dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.765297] >fff00000c77dc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.765342] ^ [ 16.765644] fff00000c77dc080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.765768] fff00000c77dc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.765918] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 16.751830] ================================================================== [ 16.752024] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2cc/0x2f8 [ 16.752205] Read of size 1 at addr fff00000c77dc000 by task kunit_try_catch/148 [ 16.752258] [ 16.752293] CPU: 0 UID: 0 PID: 148 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.752428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.752455] Hardware name: linux,dummy-virt (DT) [ 16.752486] Call trace: [ 16.752546] show_stack+0x20/0x38 (C) [ 16.752597] dump_stack_lvl+0x8c/0xd0 [ 16.752720] print_report+0x118/0x608 [ 16.752769] kasan_report+0xdc/0x128 [ 16.752815] __asan_report_load1_noabort+0x20/0x30 [ 16.753045] kmalloc_large_uaf+0x2cc/0x2f8 [ 16.753123] kunit_try_run_case+0x170/0x3f0 [ 16.753236] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.753290] kthread+0x328/0x630 [ 16.753334] ret_from_fork+0x10/0x20 [ 16.753383] [ 16.753403] The buggy address belongs to the physical page: [ 16.753487] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077dc [ 16.753540] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.753639] raw: 0bfffe0000000000 ffffc1ffc31df808 fff00000da456c40 0000000000000000 [ 16.753691] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 16.753730] page dumped because: kasan: bad access detected [ 16.753761] [ 16.753780] Memory state around the buggy address: [ 16.753812] fff00000c77dbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.754114] fff00000c77dbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.754406] >fff00000c77dc000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.754659] ^ [ 16.754716] fff00000c77dc080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.754773] fff00000c77dc100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.754810] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 16.740639] ================================================================== [ 16.740709] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x278/0x2b8 [ 16.740764] Write of size 1 at addr fff00000c77da00a by task kunit_try_catch/146 [ 16.740853] [ 16.741022] CPU: 0 UID: 0 PID: 146 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.741134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.741160] Hardware name: linux,dummy-virt (DT) [ 16.741215] Call trace: [ 16.741239] show_stack+0x20/0x38 (C) [ 16.741410] dump_stack_lvl+0x8c/0xd0 [ 16.741534] print_report+0x118/0x608 [ 16.741589] kasan_report+0xdc/0x128 [ 16.741885] __asan_report_store1_noabort+0x20/0x30 [ 16.741999] kmalloc_large_oob_right+0x278/0x2b8 [ 16.742107] kunit_try_run_case+0x170/0x3f0 [ 16.742207] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.742269] kthread+0x328/0x630 [ 16.742311] ret_from_fork+0x10/0x20 [ 16.742361] [ 16.742398] The buggy address belongs to the physical page: [ 16.742432] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1077d8 [ 16.742506] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.742563] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.742647] page_type: f8(unknown) [ 16.742693] raw: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.742748] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.742802] head: 0bfffe0000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.743029] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.743121] head: 0bfffe0000000002 ffffc1ffc31df601 00000000ffffffff 00000000ffffffff [ 16.743243] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.743339] page dumped because: kasan: bad access detected [ 16.743465] [ 16.743541] Memory state around the buggy address: [ 16.743629] fff00000c77d9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.743778] fff00000c77d9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.743931] >fff00000c77da000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.744006] ^ [ 16.744471] fff00000c77da080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.744587] fff00000c77da100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.744688] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 16.726672] ================================================================== [ 16.726748] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x2a4/0x2f0 [ 16.726806] Write of size 1 at addr fff00000c448df00 by task kunit_try_catch/144 [ 16.727175] [ 16.727243] CPU: 0 UID: 0 PID: 144 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.727337] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.727363] Hardware name: linux,dummy-virt (DT) [ 16.727405] Call trace: [ 16.727748] show_stack+0x20/0x38 (C) [ 16.727819] dump_stack_lvl+0x8c/0xd0 [ 16.727926] print_report+0x118/0x608 [ 16.728005] kasan_report+0xdc/0x128 [ 16.728057] __asan_report_store1_noabort+0x20/0x30 [ 16.728151] kmalloc_big_oob_right+0x2a4/0x2f0 [ 16.728406] kunit_try_run_case+0x170/0x3f0 [ 16.728560] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.728637] kthread+0x328/0x630 [ 16.728680] ret_from_fork+0x10/0x20 [ 16.728729] [ 16.728835] Allocated by task 144: [ 16.729107] kasan_save_stack+0x3c/0x68 [ 16.729192] kasan_save_track+0x20/0x40 [ 16.729249] kasan_save_alloc_info+0x40/0x58 [ 16.729290] __kasan_kmalloc+0xd4/0xd8 [ 16.729326] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.729468] kmalloc_big_oob_right+0xb8/0x2f0 [ 16.729807] kunit_try_run_case+0x170/0x3f0 [ 16.729906] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.730037] kthread+0x328/0x630 [ 16.730126] ret_from_fork+0x10/0x20 [ 16.730163] [ 16.730183] The buggy address belongs to the object at fff00000c448c000 [ 16.730183] which belongs to the cache kmalloc-8k of size 8192 [ 16.730247] The buggy address is located 0 bytes to the right of [ 16.730247] allocated 7936-byte region [fff00000c448c000, fff00000c448df00) [ 16.730314] [ 16.730334] The buggy address belongs to the physical page: [ 16.730366] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x104488 [ 16.730721] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.730847] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.731024] page_type: f5(slab) [ 16.731118] raw: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 16.731479] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.731620] head: 0bfffe0000000040 fff00000c0002280 dead000000000122 0000000000000000 [ 16.731756] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 16.731842] head: 0bfffe0000000003 ffffc1ffc3112201 00000000ffffffff 00000000ffffffff [ 16.731928] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 16.732245] page dumped because: kasan: bad access detected [ 16.732362] [ 16.732423] Memory state around the buggy address: [ 16.732530] fff00000c448de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.732649] fff00000c448de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.732756] >fff00000c448df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.732795] ^ [ 16.732893] fff00000c448df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.733179] fff00000c448e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.733323] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 16.703512] ================================================================== [ 16.703579] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.703645] Write of size 1 at addr fff00000c7767178 by task kunit_try_catch/142 [ 16.703695] [ 16.703734] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.703818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.703844] Hardware name: linux,dummy-virt (DT) [ 16.703876] Call trace: [ 16.703899] show_stack+0x20/0x38 (C) [ 16.703951] dump_stack_lvl+0x8c/0xd0 [ 16.704000] print_report+0x118/0x608 [ 16.704054] kasan_report+0xdc/0x128 [ 16.704145] __asan_report_store1_noabort+0x20/0x30 [ 16.704217] kmalloc_track_caller_oob_right+0x40c/0x488 [ 16.704269] kunit_try_run_case+0x170/0x3f0 [ 16.704436] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.704503] kthread+0x328/0x630 [ 16.704559] ret_from_fork+0x10/0x20 [ 16.704661] [ 16.704691] Allocated by task 142: [ 16.704799] kasan_save_stack+0x3c/0x68 [ 16.704850] kasan_save_track+0x20/0x40 [ 16.704955] kasan_save_alloc_info+0x40/0x58 [ 16.704996] __kasan_kmalloc+0xd4/0xd8 [ 16.705041] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.705104] kmalloc_track_caller_oob_right+0xa8/0x488 [ 16.705145] kunit_try_run_case+0x170/0x3f0 [ 16.705182] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.705225] kthread+0x328/0x630 [ 16.705257] ret_from_fork+0x10/0x20 [ 16.705292] [ 16.705310] The buggy address belongs to the object at fff00000c7767100 [ 16.705310] which belongs to the cache kmalloc-128 of size 128 [ 16.705376] The buggy address is located 0 bytes to the right of [ 16.705376] allocated 120-byte region [fff00000c7767100, fff00000c7767178) [ 16.705448] [ 16.705468] The buggy address belongs to the physical page: [ 16.705499] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.705553] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.705604] page_type: f5(slab) [ 16.705645] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.705696] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.705736] page dumped because: kasan: bad access detected [ 16.705775] [ 16.705793] Memory state around the buggy address: [ 16.705824] fff00000c7767000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.705872] fff00000c7767080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.705922] >fff00000c7767100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.705959] ^ [ 16.706007] fff00000c7767180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.706048] fff00000c7767200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.706478] ================================================================== [ 16.707664] ================================================================== [ 16.707717] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x418/0x488 [ 16.707833] Write of size 1 at addr fff00000c7767278 by task kunit_try_catch/142 [ 16.707885] [ 16.707914] CPU: 0 UID: 0 PID: 142 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.708044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.708071] Hardware name: linux,dummy-virt (DT) [ 16.708140] Call trace: [ 16.708169] show_stack+0x20/0x38 (C) [ 16.708221] dump_stack_lvl+0x8c/0xd0 [ 16.708269] print_report+0x118/0x608 [ 16.708315] kasan_report+0xdc/0x128 [ 16.708360] __asan_report_store1_noabort+0x20/0x30 [ 16.708412] kmalloc_track_caller_oob_right+0x418/0x488 [ 16.708610] kunit_try_run_case+0x170/0x3f0 [ 16.708690] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.708793] kthread+0x328/0x630 [ 16.708878] ret_from_fork+0x10/0x20 [ 16.708928] [ 16.708946] Allocated by task 142: [ 16.708973] kasan_save_stack+0x3c/0x68 [ 16.709014] kasan_save_track+0x20/0x40 [ 16.709183] kasan_save_alloc_info+0x40/0x58 [ 16.709310] __kasan_kmalloc+0xd4/0xd8 [ 16.709357] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.709451] kmalloc_track_caller_oob_right+0x184/0x488 [ 16.709495] kunit_try_run_case+0x170/0x3f0 [ 16.709532] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.709574] kthread+0x328/0x630 [ 16.709633] ret_from_fork+0x10/0x20 [ 16.709769] [ 16.709916] The buggy address belongs to the object at fff00000c7767200 [ 16.709916] which belongs to the cache kmalloc-128 of size 128 [ 16.710161] The buggy address is located 0 bytes to the right of [ 16.710161] allocated 120-byte region [fff00000c7767200, fff00000c7767278) [ 16.710248] [ 16.710276] The buggy address belongs to the physical page: [ 16.710305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.710374] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.710783] page_type: f5(slab) [ 16.710975] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.711115] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.711230] page dumped because: kasan: bad access detected [ 16.711413] [ 16.711450] Memory state around the buggy address: [ 16.711632] fff00000c7767100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.711705] fff00000c7767180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.711897] >fff00000c7767200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.712047] ^ [ 16.712103] fff00000c7767280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.712245] fff00000c7767300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.712326] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 16.677531] ================================================================== [ 16.677626] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x2f4/0x330 [ 16.677728] Read of size 1 at addr fff00000c5c8f000 by task kunit_try_catch/140 [ 16.677915] [ 16.678054] CPU: 0 UID: 0 PID: 140 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.678368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.678504] Hardware name: linux,dummy-virt (DT) [ 16.678547] Call trace: [ 16.678569] show_stack+0x20/0x38 (C) [ 16.678620] dump_stack_lvl+0x8c/0xd0 [ 16.678667] print_report+0x118/0x608 [ 16.678714] kasan_report+0xdc/0x128 [ 16.678760] __asan_report_load1_noabort+0x20/0x30 [ 16.678811] kmalloc_node_oob_right+0x2f4/0x330 [ 16.678859] kunit_try_run_case+0x170/0x3f0 [ 16.678906] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.678961] kthread+0x328/0x630 [ 16.679026] ret_from_fork+0x10/0x20 [ 16.679075] [ 16.679103] Allocated by task 140: [ 16.679130] kasan_save_stack+0x3c/0x68 [ 16.679170] kasan_save_track+0x20/0x40 [ 16.679284] kasan_save_alloc_info+0x40/0x58 [ 16.679509] __kasan_kmalloc+0xd4/0xd8 [ 16.679625] __kmalloc_cache_node_noprof+0x178/0x3d0 [ 16.679747] kmalloc_node_oob_right+0xbc/0x330 [ 16.679786] kunit_try_run_case+0x170/0x3f0 [ 16.679834] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.679878] kthread+0x328/0x630 [ 16.679954] ret_from_fork+0x10/0x20 [ 16.679989] [ 16.680103] The buggy address belongs to the object at fff00000c5c8e000 [ 16.680103] which belongs to the cache kmalloc-4k of size 4096 [ 16.680171] The buggy address is located 0 bytes to the right of [ 16.680171] allocated 4096-byte region [fff00000c5c8e000, fff00000c5c8f000) [ 16.680243] [ 16.680361] The buggy address belongs to the physical page: [ 16.680458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x105c88 [ 16.680617] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.680682] flags: 0xbfffe0000000040(head|node=0|zone=2|lastcpupid=0x1ffff) [ 16.680745] page_type: f5(slab) [ 16.680783] raw: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 16.680834] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 16.680953] head: 0bfffe0000000040 fff00000c0002140 dead000000000122 0000000000000000 [ 16.681041] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 16.681127] head: 0bfffe0000000003 ffffc1ffc3172201 00000000ffffffff 00000000ffffffff [ 16.681211] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 16.681254] page dumped because: kasan: bad access detected [ 16.681342] [ 16.681393] Memory state around the buggy address: [ 16.681520] fff00000c5c8ef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.681583] fff00000c5c8ef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.681745] >fff00000c5c8f000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.681849] ^ [ 16.681983] fff00000c5c8f080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.682025] fff00000c5c8f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.682063] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 16.668580] ================================================================== [ 16.668674] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x2ec/0x320 [ 16.668944] Read of size 1 at addr fff00000c3f1d6df by task kunit_try_catch/138 [ 16.669238] [ 16.669274] CPU: 0 UID: 0 PID: 138 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.669362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.669500] Hardware name: linux,dummy-virt (DT) [ 16.669555] Call trace: [ 16.669577] show_stack+0x20/0x38 (C) [ 16.669634] dump_stack_lvl+0x8c/0xd0 [ 16.669682] print_report+0x118/0x608 [ 16.669729] kasan_report+0xdc/0x128 [ 16.669775] __asan_report_load1_noabort+0x20/0x30 [ 16.669826] kmalloc_oob_left+0x2ec/0x320 [ 16.669878] kunit_try_run_case+0x170/0x3f0 [ 16.670651] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.670739] kthread+0x328/0x630 [ 16.670781] ret_from_fork+0x10/0x20 [ 16.670830] [ 16.670848] Allocated by task 26: [ 16.670878] kasan_save_stack+0x3c/0x68 [ 16.670918] kasan_save_track+0x20/0x40 [ 16.670955] kasan_save_alloc_info+0x40/0x58 [ 16.670994] __kasan_kmalloc+0xd4/0xd8 [ 16.671030] __kmalloc_node_track_caller_noprof+0x194/0x4b8 [ 16.671073] kstrdup+0x54/0xc8 [ 16.671117] devtmpfs_work_loop+0x6f8/0xa58 [ 16.671160] devtmpfsd+0x50/0x58 [ 16.671194] kthread+0x328/0x630 [ 16.671289] ret_from_fork+0x10/0x20 [ 16.671326] [ 16.671365] Freed by task 26: [ 16.671570] kasan_save_stack+0x3c/0x68 [ 16.671633] kasan_save_track+0x20/0x40 [ 16.671734] kasan_save_free_info+0x4c/0x78 [ 16.671938] __kasan_slab_free+0x6c/0x98 [ 16.672043] kfree+0x214/0x3c8 [ 16.672246] devtmpfs_work_loop+0x804/0xa58 [ 16.672304] devtmpfsd+0x50/0x58 [ 16.672337] kthread+0x328/0x630 [ 16.672650] ret_from_fork+0x10/0x20 [ 16.672836] [ 16.672945] The buggy address belongs to the object at fff00000c3f1d6c0 [ 16.672945] which belongs to the cache kmalloc-16 of size 16 [ 16.673004] The buggy address is located 15 bytes to the right of [ 16.673004] allocated 16-byte region [fff00000c3f1d6c0, fff00000c3f1d6d0) [ 16.673102] [ 16.673279] The buggy address belongs to the physical page: [ 16.673334] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103f1d [ 16.673391] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.673440] page_type: f5(slab) [ 16.673481] raw: 0bfffe0000000000 fff00000c0001640 dead000000000122 0000000000000000 [ 16.673531] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 16.673571] page dumped because: kasan: bad access detected [ 16.673608] [ 16.673625] Memory state around the buggy address: [ 16.673657] fff00000c3f1d580: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 00 fc fc [ 16.673768] fff00000c3f1d600: 00 00 fc fc 00 00 fc fc 00 00 fc fc 00 02 fc fc [ 16.673811] >fff00000c3f1d680: 00 02 fc fc fa fb fc fc fa fb fc fc 00 07 fc fc [ 16.673895] ^ [ 16.673967] fff00000c3f1d700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.674009] fff00000c3f1d780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.674047] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 16.654742] ================================================================== [ 16.656559] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5d0/0x660 [ 16.656815] Read of size 1 at addr fff00000c7767080 by task kunit_try_catch/136 [ 16.657271] [ 16.657306] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.657388] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.657909] Hardware name: linux,dummy-virt (DT) [ 16.657956] Call trace: [ 16.658120] show_stack+0x20/0x38 (C) [ 16.659067] dump_stack_lvl+0x8c/0xd0 [ 16.659580] print_report+0x118/0x608 [ 16.659634] kasan_report+0xdc/0x128 [ 16.659681] __asan_report_load1_noabort+0x20/0x30 [ 16.659733] kmalloc_oob_right+0x5d0/0x660 [ 16.659779] kunit_try_run_case+0x170/0x3f0 [ 16.659827] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.659880] kthread+0x328/0x630 [ 16.659922] ret_from_fork+0x10/0x20 [ 16.659971] [ 16.659988] Allocated by task 136: [ 16.660015] kasan_save_stack+0x3c/0x68 [ 16.660061] kasan_save_track+0x20/0x40 [ 16.660127] kasan_save_alloc_info+0x40/0x58 [ 16.660182] __kasan_kmalloc+0xd4/0xd8 [ 16.660370] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.660428] kmalloc_oob_right+0xb0/0x660 [ 16.660650] kunit_try_run_case+0x170/0x3f0 [ 16.660905] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.661054] kthread+0x328/0x630 [ 16.661142] ret_from_fork+0x10/0x20 [ 16.661178] [ 16.661197] The buggy address belongs to the object at fff00000c7767000 [ 16.661197] which belongs to the cache kmalloc-128 of size 128 [ 16.661503] The buggy address is located 13 bytes to the right of [ 16.661503] allocated 115-byte region [fff00000c7767000, fff00000c7767073) [ 16.661574] [ 16.661625] The buggy address belongs to the physical page: [ 16.661654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.661708] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.661874] page_type: f5(slab) [ 16.661989] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.662046] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.662121] page dumped because: kasan: bad access detected [ 16.662152] [ 16.662169] Memory state around the buggy address: [ 16.662329] fff00000c7766f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.662463] fff00000c7767000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.662547] >fff00000c7767080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.662693] ^ [ 16.662774] fff00000c7767100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.662877] fff00000c7767180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.662958] ================================================================== [ 16.639995] ================================================================== [ 16.640374] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x5a4/0x660 [ 16.641241] Write of size 1 at addr fff00000c7767073 by task kunit_try_catch/136 [ 16.641355] [ 16.642222] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5 #1 PREEMPT [ 16.642376] Tainted: [N]=TEST [ 16.642409] Hardware name: linux,dummy-virt (DT) [ 16.642629] Call trace: [ 16.642794] show_stack+0x20/0x38 (C) [ 16.642928] dump_stack_lvl+0x8c/0xd0 [ 16.642990] print_report+0x118/0x608 [ 16.643041] kasan_report+0xdc/0x128 [ 16.643103] __asan_report_store1_noabort+0x20/0x30 [ 16.643157] kmalloc_oob_right+0x5a4/0x660 [ 16.643204] kunit_try_run_case+0x170/0x3f0 [ 16.643257] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.643310] kthread+0x328/0x630 [ 16.643354] ret_from_fork+0x10/0x20 [ 16.643511] [ 16.643549] Allocated by task 136: [ 16.643662] kasan_save_stack+0x3c/0x68 [ 16.643726] kasan_save_track+0x20/0x40 [ 16.643764] kasan_save_alloc_info+0x40/0x58 [ 16.643803] __kasan_kmalloc+0xd4/0xd8 [ 16.643840] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.643880] kmalloc_oob_right+0xb0/0x660 [ 16.643916] kunit_try_run_case+0x170/0x3f0 [ 16.643953] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.643995] kthread+0x328/0x630 [ 16.644035] ret_from_fork+0x10/0x20 [ 16.644102] [ 16.644161] The buggy address belongs to the object at fff00000c7767000 [ 16.644161] which belongs to the cache kmalloc-128 of size 128 [ 16.644254] The buggy address is located 0 bytes to the right of [ 16.644254] allocated 115-byte region [fff00000c7767000, fff00000c7767073) [ 16.644320] [ 16.644399] The buggy address belongs to the physical page: [ 16.644570] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.644834] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.645126] page_type: f5(slab) [ 16.645426] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.645491] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.645594] page dumped because: kasan: bad access detected [ 16.645636] [ 16.645660] Memory state around the buggy address: [ 16.645912] fff00000c7766f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.645979] fff00000c7766f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.646034] >fff00000c7767000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.646100] ^ [ 16.646182] fff00000c7767080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.646226] fff00000c7767100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.646289] ================================================================== [ 16.647428] ================================================================== [ 16.647837] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x538/0x660 [ 16.647917] Write of size 1 at addr fff00000c7767078 by task kunit_try_catch/136 [ 16.648000] [ 16.648038] CPU: 0 UID: 0 PID: 136 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT [ 16.648335] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.648371] Hardware name: linux,dummy-virt (DT) [ 16.648591] Call trace: [ 16.648632] show_stack+0x20/0x38 (C) [ 16.648687] dump_stack_lvl+0x8c/0xd0 [ 16.648790] print_report+0x118/0x608 [ 16.648858] kasan_report+0xdc/0x128 [ 16.648997] __asan_report_store1_noabort+0x20/0x30 [ 16.649058] kmalloc_oob_right+0x538/0x660 [ 16.649128] kunit_try_run_case+0x170/0x3f0 [ 16.649180] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.649523] kthread+0x328/0x630 [ 16.649593] ret_from_fork+0x10/0x20 [ 16.649950] [ 16.650073] Allocated by task 136: [ 16.650119] kasan_save_stack+0x3c/0x68 [ 16.650162] kasan_save_track+0x20/0x40 [ 16.650206] kasan_save_alloc_info+0x40/0x58 [ 16.650245] __kasan_kmalloc+0xd4/0xd8 [ 16.650281] __kmalloc_cache_noprof+0x16c/0x3c0 [ 16.650319] kmalloc_oob_right+0xb0/0x660 [ 16.650354] kunit_try_run_case+0x170/0x3f0 [ 16.650391] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 16.650433] kthread+0x328/0x630 [ 16.650465] ret_from_fork+0x10/0x20 [ 16.650499] [ 16.650517] The buggy address belongs to the object at fff00000c7767000 [ 16.650517] which belongs to the cache kmalloc-128 of size 128 [ 16.650574] The buggy address is located 5 bytes to the right of [ 16.650574] allocated 115-byte region [fff00000c7767000, fff00000c7767073) [ 16.650637] [ 16.650655] The buggy address belongs to the physical page: [ 16.650683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x107767 [ 16.650734] flags: 0xbfffe0000000000(node=0|zone=2|lastcpupid=0x1ffff) [ 16.650781] page_type: f5(slab) [ 16.650818] raw: 0bfffe0000000000 fff00000c0001a00 dead000000000122 0000000000000000 [ 16.650868] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.650908] page dumped because: kasan: bad access detected [ 16.650938] [ 16.650955] Memory state around the buggy address: [ 16.650984] fff00000c7766f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.651026] fff00000c7766f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 16.651068] >fff00000c7767000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 16.651113] ^ [ 16.651152] fff00000c7767080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.651194] fff00000c7767100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.651398] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 95.511574] WARNING: CPU: 0 PID: 656 at lib/math/int_log.c:120 intlog10+0x38/0x48 [ 95.513390] Modules linked in: [ 95.514284] CPU: 0 UID: 0 PID: 656 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT [ 95.515605] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 95.516408] Hardware name: linux,dummy-virt (DT) [ 95.516982] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 95.517832] pc : intlog10+0x38/0x48 [ 95.518385] lr : intlog10_test+0xe4/0x200 [ 95.518940] sp : ffff800082287c10 [ 95.519401] x29: ffff800082287c90 x28: 0000000000000000 x27: 0000000000000000 [ 95.520267] x26: 1ffe000018f828e1 x25: 0000000000000000 x24: ffff800082287ce0 [ 95.520759] x23: ffff800082287d00 x22: 0000000000000000 x21: 1ffff00010450f82 [ 95.521129] x20: ffffa8ee96a89e80 x19: ffff800080087990 x18: 000000000fcdb100 [ 95.521470] x17: 000000005cebc7da x16: fff00000c097583c x15: fff00000ff616b08 [ 95.522576] x14: 00000000f1f1f1f1 x13: 1ffe00001b48e9cd x12: ffff751dd3523379 [ 95.523571] x11: 1ffff51dd3523378 x10: ffff751dd3523378 x9 : ffffa8ee9403501c [ 95.524350] x8 : ffffa8ee9a919bc3 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 95.525103] x5 : ffff700010450f82 x4 : 1ffff00010010f3a x3 : 1ffff51dd2d513d0 [ 95.525934] x2 : 1ffff51dd2d513d0 x1 : 0000000000000003 x0 : 0000000000000000 [ 95.526832] Call trace: [ 95.527160] intlog10+0x38/0x48 (P) [ 95.527572] kunit_try_run_case+0x170/0x3f0 [ 95.528042] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 95.528615] kthread+0x328/0x630 [ 95.528973] ret_from_fork+0x10/0x20 [ 95.529179] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 95.467161] WARNING: CPU: 0 PID: 638 at lib/math/int_log.c:63 intlog2+0xd8/0xf8 [ 95.468966] Modules linked in: [ 95.469682] CPU: 0 UID: 0 PID: 638 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT [ 95.470929] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 95.471484] Hardware name: linux,dummy-virt (DT) [ 95.472210] pstate: 12402009 (nzcV daif +PAN -UAO +TCO -DIT -SSBS BTYPE=--) [ 95.472996] pc : intlog2+0xd8/0xf8 [ 95.473432] lr : intlog2_test+0xe4/0x200 [ 95.473978] sp : ffff8000821d7c10 [ 95.474222] x29: ffff8000821d7c90 x28: 0000000000000000 x27: 0000000000000000 [ 95.474802] x26: 1ffe000018f7d741 x25: 0000000000000000 x24: ffff8000821d7ce0 [ 95.475778] x23: ffff8000821d7d00 x22: 0000000000000000 x21: 1ffff0001043af82 [ 95.476554] x20: ffffa8ee96a89d80 x19: ffff800080087990 x18: 0000000055453ec3 [ 95.476899] x17: 0000000063a28f22 x16: fff00000c097583c x15: 000000005930dd65 [ 95.477578] x14: 00000000f1f1f1f1 x13: 1ffe00001b48e9cd x12: ffff751dd3523379 [ 95.478431] x11: 1ffff51dd3523378 x10: ffff751dd3523378 x9 : ffffa8ee9403521c [ 95.479322] x8 : ffffa8ee9a919bc3 x7 : 0000000000000001 x6 : 00000000f1f1f1f1 [ 95.480112] x5 : ffff70001043af82 x4 : 1ffff00010010f3a x3 : 1ffff51dd2d513b0 [ 95.480831] x2 : 1ffff51dd2d513b0 x1 : 0000000000000003 x0 : 0000000000000000 [ 95.481183] Call trace: [ 95.481323] intlog2+0xd8/0xf8 (P) [ 95.481515] kunit_try_run_case+0x170/0x3f0 [ 95.481847] kunit_generic_run_threadfn_adapter+0x88/0x100 [ 95.482319] kthread+0x328/0x630 [ 95.482537] ret_from_fork+0x10/0x20 [ 95.482731] ---[ end trace 0000000000000000 ]---