Date
July 10, 2025, 6:10 p.m.
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 49.100760] ================================================================== [ 49.101252] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 49.101252] [ 49.101640] Use-after-free read at 0x(____ptrval____) (in kfence-#134): [ 49.101902] test_krealloc+0x6fc/0xbe0 [ 49.102142] kunit_try_run_case+0x1a5/0x480 [ 49.102333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.102549] kthread+0x337/0x6f0 [ 49.102719] ret_from_fork+0x116/0x1d0 [ 49.102897] ret_from_fork_asm+0x1a/0x30 [ 49.103055] [ 49.103140] kfence-#134: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 49.103140] [ 49.103526] allocated by task 354 on cpu 1 at 49.100112s (0.003411s ago): [ 49.103880] test_alloc+0x364/0x10f0 [ 49.104095] test_krealloc+0xad/0xbe0 [ 49.104274] kunit_try_run_case+0x1a5/0x480 [ 49.104432] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.104686] kthread+0x337/0x6f0 [ 49.104837] ret_from_fork+0x116/0x1d0 [ 49.105052] ret_from_fork_asm+0x1a/0x30 [ 49.105267] [ 49.105361] freed by task 354 on cpu 1 at 49.100376s (0.004983s ago): [ 49.105673] krealloc_noprof+0x108/0x340 [ 49.105873] test_krealloc+0x226/0xbe0 [ 49.106071] kunit_try_run_case+0x1a5/0x480 [ 49.106215] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.106547] kthread+0x337/0x6f0 [ 49.106735] ret_from_fork+0x116/0x1d0 [ 49.106907] ret_from_fork_asm+0x1a/0x30 [ 49.107458] [ 49.107581] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 49.108353] Tainted: [B]=BAD_PAGE, [N]=TEST [ 49.108645] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 49.109006] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 49.016459] ================================================================== [ 49.016929] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 49.016929] [ 49.017479] Use-after-free read at 0x(____ptrval____) (in kfence-#133): [ 49.017774] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 49.018117] kunit_try_run_case+0x1a5/0x480 [ 49.018291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.018470] kthread+0x337/0x6f0 [ 49.018640] ret_from_fork+0x116/0x1d0 [ 49.018833] ret_from_fork_asm+0x1a/0x30 [ 49.019063] [ 49.019221] kfence-#133: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 49.019221] [ 49.020182] allocated by task 352 on cpu 0 at 48.996825s (0.023352s ago): [ 49.020521] test_alloc+0x2a6/0x10f0 [ 49.020710] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 49.021373] kunit_try_run_case+0x1a5/0x480 [ 49.021581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.021818] kthread+0x337/0x6f0 [ 49.021962] ret_from_fork+0x116/0x1d0 [ 49.022187] ret_from_fork_asm+0x1a/0x30 [ 49.022366] [ 49.022463] freed by task 352 on cpu 0 at 48.997002s (0.025458s ago): [ 49.022717] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 49.022970] kunit_try_run_case+0x1a5/0x480 [ 49.023200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 49.023435] kthread+0x337/0x6f0 [ 49.023558] ret_from_fork+0x116/0x1d0 [ 49.023749] ret_from_fork_asm+0x1a/0x30 [ 49.023953] [ 49.024084] CPU: 0 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 49.024495] Tainted: [B]=BAD_PAGE, [N]=TEST [ 49.024695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 49.025111] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 24.254972] ================================================================== [ 24.255497] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 24.255497] [ 24.255990] Invalid read at 0x(____ptrval____): [ 24.256434] test_invalid_access+0xf0/0x210 [ 24.256630] kunit_try_run_case+0x1a5/0x480 [ 24.257439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.257696] kthread+0x337/0x6f0 [ 24.257918] ret_from_fork+0x116/0x1d0 [ 24.258368] ret_from_fork_asm+0x1a/0x30 [ 24.258591] [ 24.258718] CPU: 0 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 24.259359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.259625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.260293] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 24.036378] ================================================================== [ 24.036776] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 24.036776] [ 24.037260] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#129): [ 24.037843] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 24.038148] kunit_try_run_case+0x1a5/0x480 [ 24.038350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.038564] kthread+0x337/0x6f0 [ 24.038739] ret_from_fork+0x116/0x1d0 [ 24.038921] ret_from_fork_asm+0x1a/0x30 [ 24.039110] [ 24.039209] kfence-#129: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 24.039209] [ 24.039531] allocated by task 342 on cpu 0 at 24.036122s (0.003407s ago): [ 24.039838] test_alloc+0x364/0x10f0 [ 24.040059] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 24.040258] kunit_try_run_case+0x1a5/0x480 [ 24.040406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.040665] kthread+0x337/0x6f0 [ 24.040839] ret_from_fork+0x116/0x1d0 [ 24.041042] ret_from_fork_asm+0x1a/0x30 [ 24.041275] [ 24.041374] freed by task 342 on cpu 0 at 24.036255s (0.005117s ago): [ 24.041600] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 24.041772] kunit_try_run_case+0x1a5/0x480 [ 24.041974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.042240] kthread+0x337/0x6f0 [ 24.042421] ret_from_fork+0x116/0x1d0 [ 24.042582] ret_from_fork_asm+0x1a/0x30 [ 24.042730] [ 24.042829] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 24.043616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.043831] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.044212] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 23.828325] ================================================================== [ 23.828714] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.828714] [ 23.829188] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#127): [ 23.829505] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 23.829743] kunit_try_run_case+0x1a5/0x480 [ 23.829950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.830210] kthread+0x337/0x6f0 [ 23.830363] ret_from_fork+0x116/0x1d0 [ 23.830500] ret_from_fork_asm+0x1a/0x30 [ 23.830697] [ 23.830795] kfence-#127: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 23.830795] [ 23.831258] allocated by task 340 on cpu 1 at 23.828111s (0.003144s ago): [ 23.831541] test_alloc+0x364/0x10f0 [ 23.831707] test_kmalloc_aligned_oob_read+0x105/0x560 [ 23.831947] kunit_try_run_case+0x1a5/0x480 [ 23.832169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.832388] kthread+0x337/0x6f0 [ 23.832552] ret_from_fork+0x116/0x1d0 [ 23.832703] ret_from_fork_asm+0x1a/0x30 [ 23.832864] [ 23.833000] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 23.833437] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.833604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.833873] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 19.356385] ================================================================== [ 19.356779] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 19.356779] [ 19.357193] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#84): [ 19.357595] test_corruption+0x2df/0x3e0 [ 19.357791] kunit_try_run_case+0x1a5/0x480 [ 19.358039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.358228] kthread+0x337/0x6f0 [ 19.358373] ret_from_fork+0x116/0x1d0 [ 19.358569] ret_from_fork_asm+0x1a/0x30 [ 19.358781] [ 19.358882] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.358882] [ 19.359236] allocated by task 328 on cpu 1 at 19.356156s (0.003078s ago): [ 19.359557] test_alloc+0x364/0x10f0 [ 19.359755] test_corruption+0x1cb/0x3e0 [ 19.359954] kunit_try_run_case+0x1a5/0x480 [ 19.360220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.360454] kthread+0x337/0x6f0 [ 19.360630] ret_from_fork+0x116/0x1d0 [ 19.360813] ret_from_fork_asm+0x1a/0x30 [ 19.361084] [ 19.361159] freed by task 328 on cpu 1 at 19.356223s (0.004934s ago): [ 19.361459] test_corruption+0x2df/0x3e0 [ 19.361640] kunit_try_run_case+0x1a5/0x480 [ 19.361834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.362088] kthread+0x337/0x6f0 [ 19.362313] ret_from_fork+0x116/0x1d0 [ 19.362541] ret_from_fork_asm+0x1a/0x30 [ 19.362748] [ 19.362868] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 19.363322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.363488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.363873] ================================================================== [ 19.668248] ================================================================== [ 19.668643] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 19.668643] [ 19.669130] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#87): [ 19.669662] test_corruption+0x131/0x3e0 [ 19.669813] kunit_try_run_case+0x1a5/0x480 [ 19.670136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.670398] kthread+0x337/0x6f0 [ 19.670577] ret_from_fork+0x116/0x1d0 [ 19.670722] ret_from_fork_asm+0x1a/0x30 [ 19.670867] [ 19.670964] kfence-#87: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.670964] [ 19.671387] allocated by task 330 on cpu 0 at 19.668129s (0.003256s ago): [ 19.671662] test_alloc+0x2a6/0x10f0 [ 19.671794] test_corruption+0xe6/0x3e0 [ 19.671984] kunit_try_run_case+0x1a5/0x480 [ 19.672246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.672461] kthread+0x337/0x6f0 [ 19.672583] ret_from_fork+0x116/0x1d0 [ 19.672718] ret_from_fork_asm+0x1a/0x30 [ 19.672912] [ 19.673047] freed by task 330 on cpu 0 at 19.668171s (0.004874s ago): [ 19.673351] test_corruption+0x131/0x3e0 [ 19.673548] kunit_try_run_case+0x1a5/0x480 [ 19.673763] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.673964] kthread+0x337/0x6f0 [ 19.674096] ret_from_fork+0x116/0x1d0 [ 19.674266] ret_from_fork_asm+0x1a/0x30 [ 19.674473] [ 19.674587] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 19.674977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.675126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.675653] ================================================================== [ 19.772258] ================================================================== [ 19.772634] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 19.772634] [ 19.773130] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#88): [ 19.773437] test_corruption+0x216/0x3e0 [ 19.773640] kunit_try_run_case+0x1a5/0x480 [ 19.773802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.774023] kthread+0x337/0x6f0 [ 19.774265] ret_from_fork+0x116/0x1d0 [ 19.774467] ret_from_fork_asm+0x1a/0x30 [ 19.774624] [ 19.774725] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.774725] [ 19.775196] allocated by task 330 on cpu 0 at 19.772139s (0.003055s ago): [ 19.775431] test_alloc+0x2a6/0x10f0 [ 19.775589] test_corruption+0x1cb/0x3e0 [ 19.775784] kunit_try_run_case+0x1a5/0x480 [ 19.775994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.776236] kthread+0x337/0x6f0 [ 19.776412] ret_from_fork+0x116/0x1d0 [ 19.776546] ret_from_fork_asm+0x1a/0x30 [ 19.776732] [ 19.776831] freed by task 330 on cpu 0 at 19.772193s (0.004636s ago): [ 19.777301] test_corruption+0x216/0x3e0 [ 19.777490] kunit_try_run_case+0x1a5/0x480 [ 19.777640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.777887] kthread+0x337/0x6f0 [ 19.778211] ret_from_fork+0x116/0x1d0 [ 19.778373] ret_from_fork_asm+0x1a/0x30 [ 19.778514] [ 19.778607] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 19.779482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.779685] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.780012] ================================================================== [ 18.940362] ================================================================== [ 18.940866] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 18.940866] [ 18.941317] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#80): [ 18.942114] test_corruption+0x2d2/0x3e0 [ 18.942291] kunit_try_run_case+0x1a5/0x480 [ 18.942517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.942762] kthread+0x337/0x6f0 [ 18.942932] ret_from_fork+0x116/0x1d0 [ 18.943129] ret_from_fork_asm+0x1a/0x30 [ 18.943336] [ 18.943426] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.943426] [ 18.943778] allocated by task 328 on cpu 1 at 18.940126s (0.003650s ago): [ 18.944203] test_alloc+0x364/0x10f0 [ 18.944339] test_corruption+0xe6/0x3e0 [ 18.944514] kunit_try_run_case+0x1a5/0x480 [ 18.944728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.944984] kthread+0x337/0x6f0 [ 18.945146] ret_from_fork+0x116/0x1d0 [ 18.945301] ret_from_fork_asm+0x1a/0x30 [ 18.945443] [ 18.945515] freed by task 328 on cpu 1 at 18.940200s (0.005313s ago): [ 18.945809] test_corruption+0x2d2/0x3e0 [ 18.946004] kunit_try_run_case+0x1a5/0x480 [ 18.946329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.946548] kthread+0x337/0x6f0 [ 18.946721] ret_from_fork+0x116/0x1d0 [ 18.946917] ret_from_fork_asm+0x1a/0x30 [ 18.947116] [ 18.947223] CPU: 1 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.947662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.947827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.948244] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 18.628236] ================================================================== [ 18.628611] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 18.628611] [ 18.629061] Invalid free of 0x(____ptrval____) (in kfence-#77): [ 18.629365] test_invalid_addr_free+0xfb/0x260 [ 18.629523] kunit_try_run_case+0x1a5/0x480 [ 18.629738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.630011] kthread+0x337/0x6f0 [ 18.630233] ret_from_fork+0x116/0x1d0 [ 18.630430] ret_from_fork_asm+0x1a/0x30 [ 18.630570] [ 18.630667] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.630667] [ 18.631170] allocated by task 326 on cpu 0 at 18.628143s (0.003025s ago): [ 18.631503] test_alloc+0x2a6/0x10f0 [ 18.631683] test_invalid_addr_free+0xdb/0x260 [ 18.631906] kunit_try_run_case+0x1a5/0x480 [ 18.632135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.632375] kthread+0x337/0x6f0 [ 18.632493] ret_from_fork+0x116/0x1d0 [ 18.632621] ret_from_fork_asm+0x1a/0x30 [ 18.632816] [ 18.632930] CPU: 0 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.633448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.633651] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.633988] ================================================================== [ 18.524257] ================================================================== [ 18.524683] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 18.524683] [ 18.525110] Invalid free of 0x(____ptrval____) (in kfence-#76): [ 18.525382] test_invalid_addr_free+0x1e1/0x260 [ 18.525593] kunit_try_run_case+0x1a5/0x480 [ 18.525802] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.526363] kthread+0x337/0x6f0 [ 18.526560] ret_from_fork+0x116/0x1d0 [ 18.526721] ret_from_fork_asm+0x1a/0x30 [ 18.526906] [ 18.527370] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.527370] [ 18.527746] allocated by task 324 on cpu 1 at 18.524135s (0.003608s ago): [ 18.528254] test_alloc+0x364/0x10f0 [ 18.528525] test_invalid_addr_free+0xdb/0x260 [ 18.528751] kunit_try_run_case+0x1a5/0x480 [ 18.528946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.529250] kthread+0x337/0x6f0 [ 18.529424] ret_from_fork+0x116/0x1d0 [ 18.529595] ret_from_fork_asm+0x1a/0x30 [ 18.529778] [ 18.529889] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.530762] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.531123] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.531589] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 18.316388] ================================================================== [ 18.316818] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 18.316818] [ 18.317325] Invalid free of 0x(____ptrval____) (in kfence-#74): [ 18.317623] test_double_free+0x1d3/0x260 [ 18.317775] kunit_try_run_case+0x1a5/0x480 [ 18.318004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.318298] kthread+0x337/0x6f0 [ 18.318497] ret_from_fork+0x116/0x1d0 [ 18.318667] ret_from_fork_asm+0x1a/0x30 [ 18.318861] [ 18.318971] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.318971] [ 18.319386] allocated by task 320 on cpu 1 at 18.316138s (0.003246s ago): [ 18.319689] test_alloc+0x364/0x10f0 [ 18.319865] test_double_free+0xdb/0x260 [ 18.320078] kunit_try_run_case+0x1a5/0x480 [ 18.320305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.320533] kthread+0x337/0x6f0 [ 18.320654] ret_from_fork+0x116/0x1d0 [ 18.320790] ret_from_fork_asm+0x1a/0x30 [ 18.321100] [ 18.321198] freed by task 320 on cpu 1 at 18.316202s (0.004994s ago): [ 18.321493] test_double_free+0x1e0/0x260 [ 18.321665] kunit_try_run_case+0x1a5/0x480 [ 18.321811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.322055] kthread+0x337/0x6f0 [ 18.322307] ret_from_fork+0x116/0x1d0 [ 18.322490] ret_from_fork_asm+0x1a/0x30 [ 18.322637] [ 18.322731] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.323443] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.323654] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.323937] ================================================================== [ 18.420315] ================================================================== [ 18.420700] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 18.420700] [ 18.421159] Invalid free of 0x(____ptrval____) (in kfence-#75): [ 18.421483] test_double_free+0x112/0x260 [ 18.421918] kunit_try_run_case+0x1a5/0x480 [ 18.422180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.422400] kthread+0x337/0x6f0 [ 18.422529] ret_from_fork+0x116/0x1d0 [ 18.422661] ret_from_fork_asm+0x1a/0x30 [ 18.422861] [ 18.422973] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.422973] [ 18.423282] allocated by task 322 on cpu 0 at 18.420150s (0.003130s ago): [ 18.423613] test_alloc+0x2a6/0x10f0 [ 18.423811] test_double_free+0xdb/0x260 [ 18.424057] kunit_try_run_case+0x1a5/0x480 [ 18.424278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.424544] kthread+0x337/0x6f0 [ 18.424714] ret_from_fork+0x116/0x1d0 [ 18.424870] ret_from_fork_asm+0x1a/0x30 [ 18.425151] [ 18.425286] freed by task 322 on cpu 0 at 18.420205s (0.005079s ago): [ 18.425557] test_double_free+0xfa/0x260 [ 18.425785] kunit_try_run_case+0x1a5/0x480 [ 18.425987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.426273] kthread+0x337/0x6f0 [ 18.426390] ret_from_fork+0x116/0x1d0 [ 18.426517] ret_from_fork_asm+0x1a/0x30 [ 18.426725] [ 18.426865] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.427597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.427787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.428195] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 18.004223] ================================================================== [ 18.004659] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 18.004659] [ 18.005187] Use-after-free read at 0x(____ptrval____) (in kfence-#71): [ 18.005423] test_use_after_free_read+0x129/0x270 [ 18.005663] kunit_try_run_case+0x1a5/0x480 [ 18.005823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.006111] kthread+0x337/0x6f0 [ 18.006303] ret_from_fork+0x116/0x1d0 [ 18.006491] ret_from_fork_asm+0x1a/0x30 [ 18.006635] [ 18.006711] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.006711] [ 18.007292] allocated by task 314 on cpu 0 at 18.004094s (0.003196s ago): [ 18.007589] test_alloc+0x2a6/0x10f0 [ 18.007732] test_use_after_free_read+0xdc/0x270 [ 18.007891] kunit_try_run_case+0x1a5/0x480 [ 18.008112] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.008438] kthread+0x337/0x6f0 [ 18.008590] ret_from_fork+0x116/0x1d0 [ 18.008724] ret_from_fork_asm+0x1a/0x30 [ 18.008903] [ 18.009089] freed by task 314 on cpu 0 at 18.004140s (0.004947s ago): [ 18.009407] test_use_after_free_read+0xfb/0x270 [ 18.009605] kunit_try_run_case+0x1a5/0x480 [ 18.009782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.009972] kthread+0x337/0x6f0 [ 18.010163] ret_from_fork+0x116/0x1d0 [ 18.010409] ret_from_fork_asm+0x1a/0x30 [ 18.010647] [ 18.010742] CPU: 0 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 18.011345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.011509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.011776] ================================================================== [ 17.900356] ================================================================== [ 17.900779] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.900779] [ 17.901354] Use-after-free read at 0x(____ptrval____) (in kfence-#70): [ 17.901638] test_use_after_free_read+0x129/0x270 [ 17.901866] kunit_try_run_case+0x1a5/0x480 [ 17.902183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.902424] kthread+0x337/0x6f0 [ 17.902589] ret_from_fork+0x116/0x1d0 [ 17.902747] ret_from_fork_asm+0x1a/0x30 [ 17.902961] [ 17.903079] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.903079] [ 17.903462] allocated by task 312 on cpu 1 at 17.900149s (0.003311s ago): [ 17.903799] test_alloc+0x364/0x10f0 [ 17.903983] test_use_after_free_read+0xdc/0x270 [ 17.904447] kunit_try_run_case+0x1a5/0x480 [ 17.904639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.904870] kthread+0x337/0x6f0 [ 17.905512] ret_from_fork+0x116/0x1d0 [ 17.905725] ret_from_fork_asm+0x1a/0x30 [ 17.906025] [ 17.906374] freed by task 312 on cpu 1 at 17.900203s (0.006088s ago): [ 17.906712] test_use_after_free_read+0x1e7/0x270 [ 17.906953] kunit_try_run_case+0x1a5/0x480 [ 17.907145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.907353] kthread+0x337/0x6f0 [ 17.907522] ret_from_fork+0x116/0x1d0 [ 17.907680] ret_from_fork_asm+0x1a/0x30 [ 17.907858] [ 17.907997] CPU: 1 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.908426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.908560] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.908935] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 17.796221] ================================================================== [ 17.796684] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.796684] [ 17.797172] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#69): [ 17.797456] test_out_of_bounds_write+0x10d/0x260 [ 17.797698] kunit_try_run_case+0x1a5/0x480 [ 17.797877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.798704] kthread+0x337/0x6f0 [ 17.798857] ret_from_fork+0x116/0x1d0 [ 17.799264] ret_from_fork_asm+0x1a/0x30 [ 17.799455] [ 17.799544] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.799544] [ 17.799912] allocated by task 310 on cpu 0 at 17.796166s (0.003744s ago): [ 17.800211] test_alloc+0x2a6/0x10f0 [ 17.800401] test_out_of_bounds_write+0xd4/0x260 [ 17.800608] kunit_try_run_case+0x1a5/0x480 [ 17.800796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.801493] kthread+0x337/0x6f0 [ 17.801639] ret_from_fork+0x116/0x1d0 [ 17.801914] ret_from_fork_asm+0x1a/0x30 [ 17.802279] [ 17.802392] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.802998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.803292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.803708] ================================================================== [ 17.692601] ================================================================== [ 17.692961] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.692961] [ 17.693328] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#68): [ 17.693593] test_out_of_bounds_write+0x10d/0x260 [ 17.693828] kunit_try_run_case+0x1a5/0x480 [ 17.694869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.695133] kthread+0x337/0x6f0 [ 17.695305] ret_from_fork+0x116/0x1d0 [ 17.695482] ret_from_fork_asm+0x1a/0x30 [ 17.695640] [ 17.695734] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.695734] [ 17.696122] allocated by task 308 on cpu 1 at 17.692498s (0.003621s ago): [ 17.696543] test_alloc+0x364/0x10f0 [ 17.697125] test_out_of_bounds_write+0xd4/0x260 [ 17.697293] kunit_try_run_case+0x1a5/0x480 [ 17.697444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.697620] kthread+0x337/0x6f0 [ 17.697797] ret_from_fork+0x116/0x1d0 [ 17.697984] ret_from_fork_asm+0x1a/0x30 [ 17.698200] [ 17.698297] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.698622] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.698761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.699040] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 16.757315] ================================================================== [ 16.757800] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.757800] [ 16.758341] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#59): [ 16.758807] test_out_of_bounds_read+0x126/0x4e0 [ 16.759010] kunit_try_run_case+0x1a5/0x480 [ 16.759236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.759449] kthread+0x337/0x6f0 [ 16.759574] ret_from_fork+0x116/0x1d0 [ 16.759767] ret_from_fork_asm+0x1a/0x30 [ 16.760021] [ 16.760349] kfence-#59: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.760349] [ 16.760815] allocated by task 304 on cpu 0 at 16.756106s (0.004654s ago): [ 16.761395] test_alloc+0x364/0x10f0 [ 16.761598] test_out_of_bounds_read+0xed/0x4e0 [ 16.761757] kunit_try_run_case+0x1a5/0x480 [ 16.761983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.762246] kthread+0x337/0x6f0 [ 16.762371] ret_from_fork+0x116/0x1d0 [ 16.762541] ret_from_fork_asm+0x1a/0x30 [ 16.762795] [ 16.762943] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.763411] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.763604] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.763955] ================================================================== [ 16.964348] ================================================================== [ 16.964738] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.964738] [ 16.965290] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#61): [ 16.965607] test_out_of_bounds_read+0x216/0x4e0 [ 16.965835] kunit_try_run_case+0x1a5/0x480 [ 16.966026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.966285] kthread+0x337/0x6f0 [ 16.966441] ret_from_fork+0x116/0x1d0 [ 16.966612] ret_from_fork_asm+0x1a/0x30 [ 16.966755] [ 16.966855] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.966855] [ 16.967410] allocated by task 304 on cpu 0 at 16.964154s (0.003253s ago): [ 16.967671] test_alloc+0x364/0x10f0 [ 16.967803] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.968041] kunit_try_run_case+0x1a5/0x480 [ 16.968254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.968493] kthread+0x337/0x6f0 [ 16.968614] ret_from_fork+0x116/0x1d0 [ 16.968748] ret_from_fork_asm+0x1a/0x30 [ 16.968963] [ 16.969094] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.969575] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.969758] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.970135] ================================================================== [ 17.588168] ================================================================== [ 17.588564] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 17.588564] [ 17.589059] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#67): [ 17.589408] test_out_of_bounds_read+0x216/0x4e0 [ 17.589576] kunit_try_run_case+0x1a5/0x480 [ 17.589799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.590105] kthread+0x337/0x6f0 [ 17.590411] ret_from_fork+0x116/0x1d0 [ 17.590594] ret_from_fork_asm+0x1a/0x30 [ 17.590787] [ 17.590862] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.590862] [ 17.591315] allocated by task 306 on cpu 1 at 17.588114s (0.003199s ago): [ 17.591670] test_alloc+0x2a6/0x10f0 [ 17.591854] test_out_of_bounds_read+0x1e2/0x4e0 [ 17.592098] kunit_try_run_case+0x1a5/0x480 [ 17.592381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.592597] kthread+0x337/0x6f0 [ 17.592718] ret_from_fork+0x116/0x1d0 [ 17.592880] ret_from_fork_asm+0x1a/0x30 [ 17.593267] [ 17.593413] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.593908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.594119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.594547] ================================================================== [ 17.068233] ================================================================== [ 17.068607] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 17.068607] [ 17.069287] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#62): [ 17.069936] test_out_of_bounds_read+0x126/0x4e0 [ 17.070372] kunit_try_run_case+0x1a5/0x480 [ 17.070572] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.070972] kthread+0x337/0x6f0 [ 17.071188] ret_from_fork+0x116/0x1d0 [ 17.071330] ret_from_fork_asm+0x1a/0x30 [ 17.071475] [ 17.071550] kfence-#62: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.071550] [ 17.071828] allocated by task 306 on cpu 1 at 17.068171s (0.003655s ago): [ 17.072461] test_alloc+0x2a6/0x10f0 [ 17.072797] test_out_of_bounds_read+0xed/0x4e0 [ 17.073196] kunit_try_run_case+0x1a5/0x480 [ 17.073367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.073623] kthread+0x337/0x6f0 [ 17.073778] ret_from_fork+0x116/0x1d0 [ 17.073995] ret_from_fork_asm+0x1a/0x30 [ 17.074188] [ 17.074327] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 17.074797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.075058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.075413] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 16.651964] ================================================================== [ 16.652639] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.652933] Write of size 1 at addr ffff888102791f78 by task kunit_try_catch/302 [ 16.653276] [ 16.653386] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.653429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.653442] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.653482] Call Trace: [ 16.653497] <TASK> [ 16.653514] dump_stack_lvl+0x73/0xb0 [ 16.653543] print_report+0xd1/0x650 [ 16.653566] ? __virt_addr_valid+0x1db/0x2d0 [ 16.653590] ? strncpy_from_user+0x1a5/0x1d0 [ 16.653614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.653638] ? strncpy_from_user+0x1a5/0x1d0 [ 16.653681] kasan_report+0x141/0x180 [ 16.653717] ? strncpy_from_user+0x1a5/0x1d0 [ 16.653747] __asan_report_store1_noabort+0x1b/0x30 [ 16.653787] strncpy_from_user+0x1a5/0x1d0 [ 16.653828] copy_user_test_oob+0x760/0x10f0 [ 16.653855] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.653879] ? finish_task_switch.isra.0+0x153/0x700 [ 16.653903] ? __switch_to+0x47/0xf50 [ 16.653928] ? __schedule+0x10cc/0x2b60 [ 16.653951] ? __pfx_read_tsc+0x10/0x10 [ 16.653973] ? ktime_get_ts64+0x86/0x230 [ 16.653997] kunit_try_run_case+0x1a5/0x480 [ 16.654023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.654057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.654082] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.654107] ? __kthread_parkme+0x82/0x180 [ 16.654129] ? preempt_count_sub+0x50/0x80 [ 16.654153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.654179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.654205] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.654231] kthread+0x337/0x6f0 [ 16.654251] ? trace_preempt_on+0x20/0xc0 [ 16.654275] ? __pfx_kthread+0x10/0x10 [ 16.654296] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.654319] ? calculate_sigpending+0x7b/0xa0 [ 16.654344] ? __pfx_kthread+0x10/0x10 [ 16.654378] ret_from_fork+0x116/0x1d0 [ 16.654396] ? __pfx_kthread+0x10/0x10 [ 16.654417] ret_from_fork_asm+0x1a/0x30 [ 16.654448] </TASK> [ 16.654459] [ 16.667094] Allocated by task 302: [ 16.667431] kasan_save_stack+0x45/0x70 [ 16.667646] kasan_save_track+0x18/0x40 [ 16.667953] kasan_save_alloc_info+0x3b/0x50 [ 16.668340] __kasan_kmalloc+0xb7/0xc0 [ 16.668541] __kmalloc_noprof+0x1c9/0x500 [ 16.668852] kunit_kmalloc_array+0x25/0x60 [ 16.669144] copy_user_test_oob+0xab/0x10f0 [ 16.669485] kunit_try_run_case+0x1a5/0x480 [ 16.669696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.670124] kthread+0x337/0x6f0 [ 16.670412] ret_from_fork+0x116/0x1d0 [ 16.670687] ret_from_fork_asm+0x1a/0x30 [ 16.670890] [ 16.671068] The buggy address belongs to the object at ffff888102791f00 [ 16.671068] which belongs to the cache kmalloc-128 of size 128 [ 16.671756] The buggy address is located 0 bytes to the right of [ 16.671756] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.672391] [ 16.672476] The buggy address belongs to the physical page: [ 16.672859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.673345] flags: 0x200000000000000(node=0|zone=2) [ 16.673646] page_type: f5(slab) [ 16.673895] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.674418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.674803] page dumped because: kasan: bad access detected [ 16.675182] [ 16.675394] Memory state around the buggy address: [ 16.675690] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.676067] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.676339] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.676716] ^ [ 16.677183] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.677518] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.677925] ================================================================== [ 16.628898] ================================================================== [ 16.629168] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.629495] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.629800] [ 16.630489] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.630539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.630553] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.630575] Call Trace: [ 16.630591] <TASK> [ 16.630608] dump_stack_lvl+0x73/0xb0 [ 16.630640] print_report+0xd1/0x650 [ 16.630664] ? __virt_addr_valid+0x1db/0x2d0 [ 16.630688] ? strncpy_from_user+0x2e/0x1d0 [ 16.630712] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.630737] ? strncpy_from_user+0x2e/0x1d0 [ 16.630762] kasan_report+0x141/0x180 [ 16.630786] ? strncpy_from_user+0x2e/0x1d0 [ 16.630815] kasan_check_range+0x10c/0x1c0 [ 16.630840] __kasan_check_write+0x18/0x20 [ 16.630861] strncpy_from_user+0x2e/0x1d0 [ 16.630887] copy_user_test_oob+0x760/0x10f0 [ 16.630924] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.630949] ? finish_task_switch.isra.0+0x153/0x700 [ 16.630972] ? __switch_to+0x47/0xf50 [ 16.630998] ? __schedule+0x10cc/0x2b60 [ 16.631021] ? __pfx_read_tsc+0x10/0x10 [ 16.631052] ? ktime_get_ts64+0x86/0x230 [ 16.631076] kunit_try_run_case+0x1a5/0x480 [ 16.631101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.631125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.631149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.631175] ? __kthread_parkme+0x82/0x180 [ 16.631196] ? preempt_count_sub+0x50/0x80 [ 16.631220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.631246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.631272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.631298] kthread+0x337/0x6f0 [ 16.631318] ? trace_preempt_on+0x20/0xc0 [ 16.631342] ? __pfx_kthread+0x10/0x10 [ 16.631388] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.631411] ? calculate_sigpending+0x7b/0xa0 [ 16.631436] ? __pfx_kthread+0x10/0x10 [ 16.631458] ret_from_fork+0x116/0x1d0 [ 16.631479] ? __pfx_kthread+0x10/0x10 [ 16.631500] ret_from_fork_asm+0x1a/0x30 [ 16.631531] </TASK> [ 16.631541] [ 16.641573] Allocated by task 302: [ 16.641734] kasan_save_stack+0x45/0x70 [ 16.642133] kasan_save_track+0x18/0x40 [ 16.642410] kasan_save_alloc_info+0x3b/0x50 [ 16.642697] __kasan_kmalloc+0xb7/0xc0 [ 16.642893] __kmalloc_noprof+0x1c9/0x500 [ 16.643279] kunit_kmalloc_array+0x25/0x60 [ 16.643587] copy_user_test_oob+0xab/0x10f0 [ 16.643835] kunit_try_run_case+0x1a5/0x480 [ 16.644132] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.644403] kthread+0x337/0x6f0 [ 16.644739] ret_from_fork+0x116/0x1d0 [ 16.645068] ret_from_fork_asm+0x1a/0x30 [ 16.645296] [ 16.645399] The buggy address belongs to the object at ffff888102791f00 [ 16.645399] which belongs to the cache kmalloc-128 of size 128 [ 16.646177] The buggy address is located 0 bytes inside of [ 16.646177] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.646635] [ 16.646733] The buggy address belongs to the physical page: [ 16.646992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.647327] flags: 0x200000000000000(node=0|zone=2) [ 16.647742] page_type: f5(slab) [ 16.647917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.648328] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.648635] page dumped because: kasan: bad access detected [ 16.648845] [ 16.648914] Memory state around the buggy address: [ 16.649129] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.649467] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.649793] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.650082] ^ [ 16.650301] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.650799] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.651141] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 16.606478] ================================================================== [ 16.606774] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.607232] Read of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.607541] [ 16.607656] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.607697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.607710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.607730] Call Trace: [ 16.607745] <TASK> [ 16.607760] dump_stack_lvl+0x73/0xb0 [ 16.607789] print_report+0xd1/0x650 [ 16.607812] ? __virt_addr_valid+0x1db/0x2d0 [ 16.607836] ? copy_user_test_oob+0x604/0x10f0 [ 16.607860] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.607884] ? copy_user_test_oob+0x604/0x10f0 [ 16.607909] kasan_report+0x141/0x180 [ 16.607932] ? copy_user_test_oob+0x604/0x10f0 [ 16.607967] kasan_check_range+0x10c/0x1c0 [ 16.607992] __kasan_check_read+0x15/0x20 [ 16.608012] copy_user_test_oob+0x604/0x10f0 [ 16.608406] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.608438] ? finish_task_switch.isra.0+0x153/0x700 [ 16.608464] ? __switch_to+0x47/0xf50 [ 16.608490] ? __schedule+0x10cc/0x2b60 [ 16.608514] ? __pfx_read_tsc+0x10/0x10 [ 16.608536] ? ktime_get_ts64+0x86/0x230 [ 16.608561] kunit_try_run_case+0x1a5/0x480 [ 16.608586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.608610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.608636] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.608662] ? __kthread_parkme+0x82/0x180 [ 16.608684] ? preempt_count_sub+0x50/0x80 [ 16.608709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.608735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.608761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.608787] kthread+0x337/0x6f0 [ 16.608807] ? trace_preempt_on+0x20/0xc0 [ 16.608831] ? __pfx_kthread+0x10/0x10 [ 16.608852] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.608875] ? calculate_sigpending+0x7b/0xa0 [ 16.608900] ? __pfx_kthread+0x10/0x10 [ 16.608923] ret_from_fork+0x116/0x1d0 [ 16.608950] ? __pfx_kthread+0x10/0x10 [ 16.608972] ret_from_fork_asm+0x1a/0x30 [ 16.609003] </TASK> [ 16.609013] [ 16.618432] Allocated by task 302: [ 16.618700] kasan_save_stack+0x45/0x70 [ 16.618976] kasan_save_track+0x18/0x40 [ 16.619176] kasan_save_alloc_info+0x3b/0x50 [ 16.619477] __kasan_kmalloc+0xb7/0xc0 [ 16.619740] __kmalloc_noprof+0x1c9/0x500 [ 16.619906] kunit_kmalloc_array+0x25/0x60 [ 16.620147] copy_user_test_oob+0xab/0x10f0 [ 16.620468] kunit_try_run_case+0x1a5/0x480 [ 16.620669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.620898] kthread+0x337/0x6f0 [ 16.621289] ret_from_fork+0x116/0x1d0 [ 16.621472] ret_from_fork_asm+0x1a/0x30 [ 16.621773] [ 16.621876] The buggy address belongs to the object at ffff888102791f00 [ 16.621876] which belongs to the cache kmalloc-128 of size 128 [ 16.622469] The buggy address is located 0 bytes inside of [ 16.622469] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.623130] [ 16.623297] The buggy address belongs to the physical page: [ 16.623568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.624039] flags: 0x200000000000000(node=0|zone=2) [ 16.624272] page_type: f5(slab) [ 16.624414] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.624745] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.625290] page dumped because: kasan: bad access detected [ 16.625586] [ 16.625667] Memory state around the buggy address: [ 16.625869] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.626340] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.626720] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.626976] ^ [ 16.627501] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.627885] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.628263] ================================================================== [ 16.583979] ================================================================== [ 16.584576] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.585018] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.585302] [ 16.585597] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.585642] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.585655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.585675] Call Trace: [ 16.585691] <TASK> [ 16.585706] dump_stack_lvl+0x73/0xb0 [ 16.585735] print_report+0xd1/0x650 [ 16.585759] ? __virt_addr_valid+0x1db/0x2d0 [ 16.585782] ? copy_user_test_oob+0x557/0x10f0 [ 16.585806] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.585831] ? copy_user_test_oob+0x557/0x10f0 [ 16.585856] kasan_report+0x141/0x180 [ 16.585879] ? copy_user_test_oob+0x557/0x10f0 [ 16.585908] kasan_check_range+0x10c/0x1c0 [ 16.586000] __kasan_check_write+0x18/0x20 [ 16.586024] copy_user_test_oob+0x557/0x10f0 [ 16.586064] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.586088] ? finish_task_switch.isra.0+0x153/0x700 [ 16.586111] ? __switch_to+0x47/0xf50 [ 16.586137] ? __schedule+0x10cc/0x2b60 [ 16.586160] ? __pfx_read_tsc+0x10/0x10 [ 16.586184] ? ktime_get_ts64+0x86/0x230 [ 16.586209] kunit_try_run_case+0x1a5/0x480 [ 16.586235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.586259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.586285] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.586310] ? __kthread_parkme+0x82/0x180 [ 16.586332] ? preempt_count_sub+0x50/0x80 [ 16.586356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.586383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.586408] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.586435] kthread+0x337/0x6f0 [ 16.586456] ? trace_preempt_on+0x20/0xc0 [ 16.586479] ? __pfx_kthread+0x10/0x10 [ 16.586501] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.586524] ? calculate_sigpending+0x7b/0xa0 [ 16.586549] ? __pfx_kthread+0x10/0x10 [ 16.586572] ret_from_fork+0x116/0x1d0 [ 16.586592] ? __pfx_kthread+0x10/0x10 [ 16.586613] ret_from_fork_asm+0x1a/0x30 [ 16.586645] </TASK> [ 16.586656] [ 16.595814] Allocated by task 302: [ 16.596186] kasan_save_stack+0x45/0x70 [ 16.596371] kasan_save_track+0x18/0x40 [ 16.596674] kasan_save_alloc_info+0x3b/0x50 [ 16.596946] __kasan_kmalloc+0xb7/0xc0 [ 16.597113] __kmalloc_noprof+0x1c9/0x500 [ 16.597318] kunit_kmalloc_array+0x25/0x60 [ 16.597685] copy_user_test_oob+0xab/0x10f0 [ 16.597878] kunit_try_run_case+0x1a5/0x480 [ 16.598237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.598485] kthread+0x337/0x6f0 [ 16.598749] ret_from_fork+0x116/0x1d0 [ 16.598927] ret_from_fork_asm+0x1a/0x30 [ 16.599275] [ 16.599359] The buggy address belongs to the object at ffff888102791f00 [ 16.599359] which belongs to the cache kmalloc-128 of size 128 [ 16.599908] The buggy address is located 0 bytes inside of [ 16.599908] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.600745] [ 16.600840] The buggy address belongs to the physical page: [ 16.601248] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.601637] flags: 0x200000000000000(node=0|zone=2) [ 16.601947] page_type: f5(slab) [ 16.602098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.602574] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.602890] page dumped because: kasan: bad access detected [ 16.603217] [ 16.603291] Memory state around the buggy address: [ 16.603503] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.603792] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.604304] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.604688] ^ [ 16.605066] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.605379] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.605807] ================================================================== [ 16.561370] ================================================================== [ 16.561671] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.562393] Read of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.562881] [ 16.563013] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.563147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.563162] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.563184] Call Trace: [ 16.563255] <TASK> [ 16.563273] dump_stack_lvl+0x73/0xb0 [ 16.563304] print_report+0xd1/0x650 [ 16.563327] ? __virt_addr_valid+0x1db/0x2d0 [ 16.563351] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.563375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.563399] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.563424] kasan_report+0x141/0x180 [ 16.563447] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.563477] kasan_check_range+0x10c/0x1c0 [ 16.563501] __kasan_check_read+0x15/0x20 [ 16.563522] copy_user_test_oob+0x4aa/0x10f0 [ 16.563548] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.563572] ? finish_task_switch.isra.0+0x153/0x700 [ 16.563596] ? __switch_to+0x47/0xf50 [ 16.563621] ? __schedule+0x10cc/0x2b60 [ 16.563643] ? __pfx_read_tsc+0x10/0x10 [ 16.563665] ? ktime_get_ts64+0x86/0x230 [ 16.563689] kunit_try_run_case+0x1a5/0x480 [ 16.563714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.563738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.563763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.563789] ? __kthread_parkme+0x82/0x180 [ 16.563810] ? preempt_count_sub+0x50/0x80 [ 16.563834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.563860] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.563887] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.563914] kthread+0x337/0x6f0 [ 16.563955] ? trace_preempt_on+0x20/0xc0 [ 16.563981] ? __pfx_kthread+0x10/0x10 [ 16.564002] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.564025] ? calculate_sigpending+0x7b/0xa0 [ 16.564061] ? __pfx_kthread+0x10/0x10 [ 16.564083] ret_from_fork+0x116/0x1d0 [ 16.564103] ? __pfx_kthread+0x10/0x10 [ 16.564124] ret_from_fork_asm+0x1a/0x30 [ 16.564156] </TASK> [ 16.564168] [ 16.573544] Allocated by task 302: [ 16.573714] kasan_save_stack+0x45/0x70 [ 16.573913] kasan_save_track+0x18/0x40 [ 16.574370] kasan_save_alloc_info+0x3b/0x50 [ 16.574569] __kasan_kmalloc+0xb7/0xc0 [ 16.574738] __kmalloc_noprof+0x1c9/0x500 [ 16.574921] kunit_kmalloc_array+0x25/0x60 [ 16.575315] copy_user_test_oob+0xab/0x10f0 [ 16.575572] kunit_try_run_case+0x1a5/0x480 [ 16.575739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.576168] kthread+0x337/0x6f0 [ 16.576408] ret_from_fork+0x116/0x1d0 [ 16.576637] ret_from_fork_asm+0x1a/0x30 [ 16.576831] [ 16.576920] The buggy address belongs to the object at ffff888102791f00 [ 16.576920] which belongs to the cache kmalloc-128 of size 128 [ 16.577597] The buggy address is located 0 bytes inside of [ 16.577597] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.578210] [ 16.578432] The buggy address belongs to the physical page: [ 16.578636] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.578997] flags: 0x200000000000000(node=0|zone=2) [ 16.579396] page_type: f5(slab) [ 16.579626] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.579985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.580324] page dumped because: kasan: bad access detected [ 16.580552] [ 16.580630] Memory state around the buggy address: [ 16.580860] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.581489] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.581863] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.582224] ^ [ 16.582626] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.583045] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.583401] ================================================================== [ 16.538786] ================================================================== [ 16.539148] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.539464] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.539768] [ 16.539869] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.539912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.539925] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.540201] Call Trace: [ 16.540220] <TASK> [ 16.540324] dump_stack_lvl+0x73/0xb0 [ 16.540360] print_report+0xd1/0x650 [ 16.540384] ? __virt_addr_valid+0x1db/0x2d0 [ 16.540409] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.540434] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.540459] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.540483] kasan_report+0x141/0x180 [ 16.540506] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.540535] kasan_check_range+0x10c/0x1c0 [ 16.540560] __kasan_check_write+0x18/0x20 [ 16.540580] copy_user_test_oob+0x3fd/0x10f0 [ 16.540607] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.540631] ? finish_task_switch.isra.0+0x153/0x700 [ 16.540655] ? __switch_to+0x47/0xf50 [ 16.540681] ? __schedule+0x10cc/0x2b60 [ 16.540704] ? __pfx_read_tsc+0x10/0x10 [ 16.540725] ? ktime_get_ts64+0x86/0x230 [ 16.540750] kunit_try_run_case+0x1a5/0x480 [ 16.540775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.540799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.540824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.540849] ? __kthread_parkme+0x82/0x180 [ 16.540870] ? preempt_count_sub+0x50/0x80 [ 16.540894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.540920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.540960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.540987] kthread+0x337/0x6f0 [ 16.541007] ? trace_preempt_on+0x20/0xc0 [ 16.541041] ? __pfx_kthread+0x10/0x10 [ 16.541063] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.541085] ? calculate_sigpending+0x7b/0xa0 [ 16.541110] ? __pfx_kthread+0x10/0x10 [ 16.541133] ret_from_fork+0x116/0x1d0 [ 16.541152] ? __pfx_kthread+0x10/0x10 [ 16.541174] ret_from_fork_asm+0x1a/0x30 [ 16.541206] </TASK> [ 16.541218] [ 16.550727] Allocated by task 302: [ 16.550974] kasan_save_stack+0x45/0x70 [ 16.551190] kasan_save_track+0x18/0x40 [ 16.551362] kasan_save_alloc_info+0x3b/0x50 [ 16.551552] __kasan_kmalloc+0xb7/0xc0 [ 16.551728] __kmalloc_noprof+0x1c9/0x500 [ 16.551906] kunit_kmalloc_array+0x25/0x60 [ 16.552465] copy_user_test_oob+0xab/0x10f0 [ 16.552651] kunit_try_run_case+0x1a5/0x480 [ 16.552867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.553352] kthread+0x337/0x6f0 [ 16.553497] ret_from_fork+0x116/0x1d0 [ 16.553809] ret_from_fork_asm+0x1a/0x30 [ 16.554058] [ 16.554235] The buggy address belongs to the object at ffff888102791f00 [ 16.554235] which belongs to the cache kmalloc-128 of size 128 [ 16.554819] The buggy address is located 0 bytes inside of [ 16.554819] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.555547] [ 16.555771] The buggy address belongs to the physical page: [ 16.556009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.556516] flags: 0x200000000000000(node=0|zone=2) [ 16.556798] page_type: f5(slab) [ 16.556930] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.557338] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.557665] page dumped because: kasan: bad access detected [ 16.557890] [ 16.557967] Memory state around the buggy address: [ 16.558479] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.558859] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.559218] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.559622] ^ [ 16.559981] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.560305] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.560708] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 16.511941] ================================================================== [ 16.512280] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 16.512566] Read of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.512883] [ 16.513196] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.513242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.513255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.513275] Call Trace: [ 16.513445] <TASK> [ 16.513464] dump_stack_lvl+0x73/0xb0 [ 16.513496] print_report+0xd1/0x650 [ 16.513520] ? __virt_addr_valid+0x1db/0x2d0 [ 16.513543] ? _copy_to_user+0x3c/0x70 [ 16.513563] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.513588] ? _copy_to_user+0x3c/0x70 [ 16.513608] kasan_report+0x141/0x180 [ 16.513631] ? _copy_to_user+0x3c/0x70 [ 16.513656] kasan_check_range+0x10c/0x1c0 [ 16.513680] __kasan_check_read+0x15/0x20 [ 16.513701] _copy_to_user+0x3c/0x70 [ 16.513723] copy_user_test_oob+0x364/0x10f0 [ 16.513750] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.513774] ? finish_task_switch.isra.0+0x153/0x700 [ 16.513798] ? __switch_to+0x47/0xf50 [ 16.513825] ? __schedule+0x10cc/0x2b60 [ 16.513848] ? __pfx_read_tsc+0x10/0x10 [ 16.513870] ? ktime_get_ts64+0x86/0x230 [ 16.513895] kunit_try_run_case+0x1a5/0x480 [ 16.513919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.513957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.513982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.514008] ? __kthread_parkme+0x82/0x180 [ 16.514041] ? preempt_count_sub+0x50/0x80 [ 16.514066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.514091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.514119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.514145] kthread+0x337/0x6f0 [ 16.514165] ? trace_preempt_on+0x20/0xc0 [ 16.514189] ? __pfx_kthread+0x10/0x10 [ 16.514211] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.514234] ? calculate_sigpending+0x7b/0xa0 [ 16.514259] ? __pfx_kthread+0x10/0x10 [ 16.514281] ret_from_fork+0x116/0x1d0 [ 16.514301] ? __pfx_kthread+0x10/0x10 [ 16.514323] ret_from_fork_asm+0x1a/0x30 [ 16.514354] </TASK> [ 16.514365] [ 16.524063] Allocated by task 302: [ 16.524271] kasan_save_stack+0x45/0x70 [ 16.524586] kasan_save_track+0x18/0x40 [ 16.524785] kasan_save_alloc_info+0x3b/0x50 [ 16.525101] __kasan_kmalloc+0xb7/0xc0 [ 16.525287] __kmalloc_noprof+0x1c9/0x500 [ 16.525474] kunit_kmalloc_array+0x25/0x60 [ 16.525665] copy_user_test_oob+0xab/0x10f0 [ 16.525852] kunit_try_run_case+0x1a5/0x480 [ 16.526322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.526631] kthread+0x337/0x6f0 [ 16.526776] ret_from_fork+0x116/0x1d0 [ 16.526969] ret_from_fork_asm+0x1a/0x30 [ 16.527382] [ 16.527473] The buggy address belongs to the object at ffff888102791f00 [ 16.527473] which belongs to the cache kmalloc-128 of size 128 [ 16.528214] The buggy address is located 0 bytes inside of [ 16.528214] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.528742] [ 16.528986] The buggy address belongs to the physical page: [ 16.529226] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.529565] flags: 0x200000000000000(node=0|zone=2) [ 16.529777] page_type: f5(slab) [ 16.529922] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.530480] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.530870] page dumped because: kasan: bad access detected [ 16.531338] [ 16.531443] Memory state around the buggy address: [ 16.531621] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.531934] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.532499] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.532866] ^ [ 16.533352] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.533781] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.534163] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 16.485881] ================================================================== [ 16.486470] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 16.486743] Write of size 121 at addr ffff888102791f00 by task kunit_try_catch/302 [ 16.487066] [ 16.487383] CPU: 1 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.487433] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.487448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.487472] Call Trace: [ 16.487486] <TASK> [ 16.487505] dump_stack_lvl+0x73/0xb0 [ 16.487538] print_report+0xd1/0x650 [ 16.487561] ? __virt_addr_valid+0x1db/0x2d0 [ 16.487587] ? _copy_from_user+0x32/0x90 [ 16.487607] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.487633] ? _copy_from_user+0x32/0x90 [ 16.487653] kasan_report+0x141/0x180 [ 16.487676] ? _copy_from_user+0x32/0x90 [ 16.487701] kasan_check_range+0x10c/0x1c0 [ 16.487725] __kasan_check_write+0x18/0x20 [ 16.487746] _copy_from_user+0x32/0x90 [ 16.487768] copy_user_test_oob+0x2be/0x10f0 [ 16.487795] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.487820] ? finish_task_switch.isra.0+0x153/0x700 [ 16.487845] ? __switch_to+0x47/0xf50 [ 16.487872] ? __schedule+0x10cc/0x2b60 [ 16.487896] ? __pfx_read_tsc+0x10/0x10 [ 16.487919] ? ktime_get_ts64+0x86/0x230 [ 16.487969] kunit_try_run_case+0x1a5/0x480 [ 16.487996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.488020] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.488057] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.488082] ? __kthread_parkme+0x82/0x180 [ 16.488106] ? preempt_count_sub+0x50/0x80 [ 16.488131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.488156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.488183] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.488210] kthread+0x337/0x6f0 [ 16.488231] ? trace_preempt_on+0x20/0xc0 [ 16.488255] ? __pfx_kthread+0x10/0x10 [ 16.488277] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.488300] ? calculate_sigpending+0x7b/0xa0 [ 16.488326] ? __pfx_kthread+0x10/0x10 [ 16.488350] ret_from_fork+0x116/0x1d0 [ 16.488371] ? __pfx_kthread+0x10/0x10 [ 16.488393] ret_from_fork_asm+0x1a/0x30 [ 16.488426] </TASK> [ 16.488438] [ 16.498080] Allocated by task 302: [ 16.498254] kasan_save_stack+0x45/0x70 [ 16.498429] kasan_save_track+0x18/0x40 [ 16.498625] kasan_save_alloc_info+0x3b/0x50 [ 16.498814] __kasan_kmalloc+0xb7/0xc0 [ 16.499020] __kmalloc_noprof+0x1c9/0x500 [ 16.499585] kunit_kmalloc_array+0x25/0x60 [ 16.499754] copy_user_test_oob+0xab/0x10f0 [ 16.500143] kunit_try_run_case+0x1a5/0x480 [ 16.500446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.500646] kthread+0x337/0x6f0 [ 16.500930] ret_from_fork+0x116/0x1d0 [ 16.501197] ret_from_fork_asm+0x1a/0x30 [ 16.501528] [ 16.501612] The buggy address belongs to the object at ffff888102791f00 [ 16.501612] which belongs to the cache kmalloc-128 of size 128 [ 16.502324] The buggy address is located 0 bytes inside of [ 16.502324] allocated 120-byte region [ffff888102791f00, ffff888102791f78) [ 16.502824] [ 16.502930] The buggy address belongs to the physical page: [ 16.503467] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.503884] flags: 0x200000000000000(node=0|zone=2) [ 16.504265] page_type: f5(slab) [ 16.504417] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.504888] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.505325] page dumped because: kasan: bad access detected [ 16.505649] [ 16.505740] Memory state around the buggy address: [ 16.505931] ffff888102791e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.506464] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.506760] >ffff888102791f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.507169] ^ [ 16.507476] ffff888102791f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.507866] ffff888102792000: 00 00 00 00 07 fc fc fc fc fc fc fc fc fc fc fc [ 16.508263] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 16.449514] ================================================================== [ 16.450189] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.450512] Write of size 8 at addr ffff888102791e78 by task kunit_try_catch/298 [ 16.451005] [ 16.451115] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.451160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.451173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.451403] Call Trace: [ 16.451420] <TASK> [ 16.451435] dump_stack_lvl+0x73/0xb0 [ 16.451466] print_report+0xd1/0x650 [ 16.451491] ? __virt_addr_valid+0x1db/0x2d0 [ 16.451516] ? copy_to_kernel_nofault+0x99/0x260 [ 16.451541] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.451565] ? copy_to_kernel_nofault+0x99/0x260 [ 16.451590] kasan_report+0x141/0x180 [ 16.451613] ? copy_to_kernel_nofault+0x99/0x260 [ 16.451643] kasan_check_range+0x10c/0x1c0 [ 16.451669] __kasan_check_write+0x18/0x20 [ 16.451690] copy_to_kernel_nofault+0x99/0x260 [ 16.451716] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.451743] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.451768] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.451796] ? trace_hardirqs_on+0x37/0xe0 [ 16.451890] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.451920] kunit_try_run_case+0x1a5/0x480 [ 16.451962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.451987] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.452012] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.452049] ? __kthread_parkme+0x82/0x180 [ 16.452071] ? preempt_count_sub+0x50/0x80 [ 16.452096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.452121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.452147] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.452174] kthread+0x337/0x6f0 [ 16.452194] ? trace_preempt_on+0x20/0xc0 [ 16.452217] ? __pfx_kthread+0x10/0x10 [ 16.452239] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.452262] ? calculate_sigpending+0x7b/0xa0 [ 16.452287] ? __pfx_kthread+0x10/0x10 [ 16.452309] ret_from_fork+0x116/0x1d0 [ 16.452329] ? __pfx_kthread+0x10/0x10 [ 16.452350] ret_from_fork_asm+0x1a/0x30 [ 16.452381] </TASK> [ 16.452393] [ 16.463121] Allocated by task 298: [ 16.463283] kasan_save_stack+0x45/0x70 [ 16.463478] kasan_save_track+0x18/0x40 [ 16.463666] kasan_save_alloc_info+0x3b/0x50 [ 16.463870] __kasan_kmalloc+0xb7/0xc0 [ 16.464451] __kmalloc_cache_noprof+0x189/0x420 [ 16.464659] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.465235] kunit_try_run_case+0x1a5/0x480 [ 16.465452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.465676] kthread+0x337/0x6f0 [ 16.466043] ret_from_fork+0x116/0x1d0 [ 16.466218] ret_from_fork_asm+0x1a/0x30 [ 16.466543] [ 16.466624] The buggy address belongs to the object at ffff888102791e00 [ 16.466624] which belongs to the cache kmalloc-128 of size 128 [ 16.467419] The buggy address is located 0 bytes to the right of [ 16.467419] allocated 120-byte region [ffff888102791e00, ffff888102791e78) [ 16.468152] [ 16.468398] The buggy address belongs to the physical page: [ 16.468599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.469162] flags: 0x200000000000000(node=0|zone=2) [ 16.469400] page_type: f5(slab) [ 16.469555] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.470262] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.470571] page dumped because: kasan: bad access detected [ 16.471009] [ 16.471120] Memory state around the buggy address: [ 16.471340] ffff888102791d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.471748] ffff888102791d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.472145] >ffff888102791e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.472448] ^ [ 16.472746] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.473344] ffff888102791f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.473607] ================================================================== [ 16.424123] ================================================================== [ 16.424753] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.425268] Read of size 8 at addr ffff888102791e78 by task kunit_try_catch/298 [ 16.425557] [ 16.425670] CPU: 1 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.425718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.425731] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.425753] Call Trace: [ 16.425767] <TASK> [ 16.425784] dump_stack_lvl+0x73/0xb0 [ 16.425818] print_report+0xd1/0x650 [ 16.425843] ? __virt_addr_valid+0x1db/0x2d0 [ 16.425868] ? copy_to_kernel_nofault+0x225/0x260 [ 16.425893] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.425918] ? copy_to_kernel_nofault+0x225/0x260 [ 16.426196] kasan_report+0x141/0x180 [ 16.426225] ? copy_to_kernel_nofault+0x225/0x260 [ 16.426255] __asan_report_load8_noabort+0x18/0x20 [ 16.426282] copy_to_kernel_nofault+0x225/0x260 [ 16.426309] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.426335] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.426360] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 16.426481] ? trace_hardirqs_on+0x37/0xe0 [ 16.426517] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.426549] kunit_try_run_case+0x1a5/0x480 [ 16.426576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.426626] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.426652] ? __kthread_parkme+0x82/0x180 [ 16.426675] ? preempt_count_sub+0x50/0x80 [ 16.426702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.426753] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.426780] kthread+0x337/0x6f0 [ 16.426800] ? trace_preempt_on+0x20/0xc0 [ 16.426847] ? __pfx_kthread+0x10/0x10 [ 16.426870] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.426893] ? calculate_sigpending+0x7b/0xa0 [ 16.426919] ? __pfx_kthread+0x10/0x10 [ 16.426961] ret_from_fork+0x116/0x1d0 [ 16.426982] ? __pfx_kthread+0x10/0x10 [ 16.427004] ret_from_fork_asm+0x1a/0x30 [ 16.427046] </TASK> [ 16.427057] [ 16.436910] Allocated by task 298: [ 16.437106] kasan_save_stack+0x45/0x70 [ 16.437731] kasan_save_track+0x18/0x40 [ 16.438000] kasan_save_alloc_info+0x3b/0x50 [ 16.438251] __kasan_kmalloc+0xb7/0xc0 [ 16.438552] __kmalloc_cache_noprof+0x189/0x420 [ 16.438771] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.439130] kunit_try_run_case+0x1a5/0x480 [ 16.439488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.439794] kthread+0x337/0x6f0 [ 16.440118] ret_from_fork+0x116/0x1d0 [ 16.440296] ret_from_fork_asm+0x1a/0x30 [ 16.440497] [ 16.440587] The buggy address belongs to the object at ffff888102791e00 [ 16.440587] which belongs to the cache kmalloc-128 of size 128 [ 16.441568] The buggy address is located 0 bytes to the right of [ 16.441568] allocated 120-byte region [ffff888102791e00, ffff888102791e78) [ 16.442240] [ 16.442348] The buggy address belongs to the physical page: [ 16.442805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 16.443377] flags: 0x200000000000000(node=0|zone=2) [ 16.443609] page_type: f5(slab) [ 16.443906] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.444275] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.444837] page dumped because: kasan: bad access detected [ 16.445197] [ 16.445293] Memory state around the buggy address: [ 16.445510] ffff888102791d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.446246] ffff888102791d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.446546] >ffff888102791e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.446987] ^ [ 16.447300] ffff888102791e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.447603] ffff888102791f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.447897] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 16.261944] ================================================================== [ 16.262424] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 16.262871] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.263232] [ 16.263316] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.263357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.263369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.263390] Call Trace: [ 16.263407] <TASK> [ 16.263422] dump_stack_lvl+0x73/0xb0 [ 16.263449] print_report+0xd1/0x650 [ 16.263473] ? __virt_addr_valid+0x1db/0x2d0 [ 16.263497] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.263519] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.263543] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.263566] kasan_report+0x141/0x180 [ 16.263589] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.263616] __asan_report_load8_noabort+0x18/0x20 [ 16.263642] kasan_atomics_helper+0x4f98/0x5450 [ 16.263666] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.263690] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.263716] ? kasan_atomics+0x152/0x310 [ 16.263744] kasan_atomics+0x1dc/0x310 [ 16.263768] ? __pfx_kasan_atomics+0x10/0x10 [ 16.263792] ? trace_hardirqs_on+0x37/0xe0 [ 16.263815] ? __pfx_read_tsc+0x10/0x10 [ 16.263837] ? ktime_get_ts64+0x86/0x230 [ 16.263862] kunit_try_run_case+0x1a5/0x480 [ 16.263887] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.263913] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.263966] ? __kthread_parkme+0x82/0x180 [ 16.263986] ? preempt_count_sub+0x50/0x80 [ 16.264011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.264062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.264088] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.264115] kthread+0x337/0x6f0 [ 16.264134] ? trace_preempt_on+0x20/0xc0 [ 16.264159] ? __pfx_kthread+0x10/0x10 [ 16.264181] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.264204] ? calculate_sigpending+0x7b/0xa0 [ 16.264230] ? __pfx_kthread+0x10/0x10 [ 16.264253] ret_from_fork+0x116/0x1d0 [ 16.264273] ? __pfx_kthread+0x10/0x10 [ 16.264295] ret_from_fork_asm+0x1a/0x30 [ 16.264326] </TASK> [ 16.264338] [ 16.272059] Allocated by task 282: [ 16.272278] kasan_save_stack+0x45/0x70 [ 16.272459] kasan_save_track+0x18/0x40 [ 16.272655] kasan_save_alloc_info+0x3b/0x50 [ 16.272862] __kasan_kmalloc+0xb7/0xc0 [ 16.273065] __kmalloc_cache_noprof+0x189/0x420 [ 16.273250] kasan_atomics+0x95/0x310 [ 16.273431] kunit_try_run_case+0x1a5/0x480 [ 16.273600] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.273776] kthread+0x337/0x6f0 [ 16.273938] ret_from_fork+0x116/0x1d0 [ 16.274161] ret_from_fork_asm+0x1a/0x30 [ 16.274362] [ 16.274457] The buggy address belongs to the object at ffff8881027b3900 [ 16.274457] which belongs to the cache kmalloc-64 of size 64 [ 16.274964] The buggy address is located 0 bytes to the right of [ 16.274964] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.275501] [ 16.275586] The buggy address belongs to the physical page: [ 16.275758] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.276011] flags: 0x200000000000000(node=0|zone=2) [ 16.276181] page_type: f5(slab) [ 16.276321] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.276660] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.276995] page dumped because: kasan: bad access detected [ 16.277285] [ 16.277379] Memory state around the buggy address: [ 16.277558] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.277837] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.278181] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.278451] ^ [ 16.278636] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.279050] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.279339] ================================================================== [ 15.495339] ================================================================== [ 15.495732] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 15.496003] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.496588] [ 15.496683] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.496725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.496738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.496757] Call Trace: [ 15.496773] <TASK> [ 15.496786] dump_stack_lvl+0x73/0xb0 [ 15.496816] print_report+0xd1/0x650 [ 15.496839] ? __virt_addr_valid+0x1db/0x2d0 [ 15.496862] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.496885] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.496970] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.497003] kasan_report+0x141/0x180 [ 15.497027] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.497066] kasan_check_range+0x10c/0x1c0 [ 15.497092] __kasan_check_write+0x18/0x20 [ 15.497135] kasan_atomics_helper+0xfa9/0x5450 [ 15.497159] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.497182] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.497208] ? kasan_atomics+0x152/0x310 [ 15.497236] kasan_atomics+0x1dc/0x310 [ 15.497259] ? __pfx_kasan_atomics+0x10/0x10 [ 15.497301] ? trace_hardirqs_on+0x37/0xe0 [ 15.497325] ? __pfx_read_tsc+0x10/0x10 [ 15.497347] ? ktime_get_ts64+0x86/0x230 [ 15.497371] kunit_try_run_case+0x1a5/0x480 [ 15.497395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.497421] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.497447] ? __kthread_parkme+0x82/0x180 [ 15.497468] ? preempt_count_sub+0x50/0x80 [ 15.497492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.497518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.497544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.497589] kthread+0x337/0x6f0 [ 15.497609] ? trace_preempt_on+0x20/0xc0 [ 15.497633] ? __pfx_kthread+0x10/0x10 [ 15.497655] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.497678] ? calculate_sigpending+0x7b/0xa0 [ 15.497704] ? __pfx_kthread+0x10/0x10 [ 15.497726] ret_from_fork+0x116/0x1d0 [ 15.497746] ? __pfx_kthread+0x10/0x10 [ 15.497767] ret_from_fork_asm+0x1a/0x30 [ 15.497800] </TASK> [ 15.497853] [ 15.506642] Allocated by task 282: [ 15.506777] kasan_save_stack+0x45/0x70 [ 15.507099] kasan_save_track+0x18/0x40 [ 15.507299] kasan_save_alloc_info+0x3b/0x50 [ 15.507513] __kasan_kmalloc+0xb7/0xc0 [ 15.507702] __kmalloc_cache_noprof+0x189/0x420 [ 15.507997] kasan_atomics+0x95/0x310 [ 15.508226] kunit_try_run_case+0x1a5/0x480 [ 15.508398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.508658] kthread+0x337/0x6f0 [ 15.508782] ret_from_fork+0x116/0x1d0 [ 15.509101] ret_from_fork_asm+0x1a/0x30 [ 15.509309] [ 15.509423] The buggy address belongs to the object at ffff8881027b3900 [ 15.509423] which belongs to the cache kmalloc-64 of size 64 [ 15.510222] The buggy address is located 0 bytes to the right of [ 15.510222] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.510757] [ 15.510929] The buggy address belongs to the physical page: [ 15.511116] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.511458] flags: 0x200000000000000(node=0|zone=2) [ 15.511693] page_type: f5(slab) [ 15.511951] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.512293] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.512549] page dumped because: kasan: bad access detected [ 15.512847] [ 15.512998] Memory state around the buggy address: [ 15.513189] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.513412] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.513691] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.514148] ^ [ 15.514397] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.514720] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.515196] ================================================================== [ 16.131053] ================================================================== [ 16.131398] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 16.131670] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.132015] [ 16.133082] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.134063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.134088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.134112] Call Trace: [ 16.134136] <TASK> [ 16.134154] dump_stack_lvl+0x73/0xb0 [ 16.134188] print_report+0xd1/0x650 [ 16.134211] ? __virt_addr_valid+0x1db/0x2d0 [ 16.134236] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.134259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.134284] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.134307] kasan_report+0x141/0x180 [ 16.134330] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.134357] kasan_check_range+0x10c/0x1c0 [ 16.134382] __kasan_check_write+0x18/0x20 [ 16.134403] kasan_atomics_helper+0x1d7a/0x5450 [ 16.134427] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.134450] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.134476] ? kasan_atomics+0x152/0x310 [ 16.134504] kasan_atomics+0x1dc/0x310 [ 16.134526] ? __pfx_kasan_atomics+0x10/0x10 [ 16.134550] ? trace_hardirqs_on+0x37/0xe0 [ 16.134575] ? __pfx_read_tsc+0x10/0x10 [ 16.134595] ? ktime_get_ts64+0x86/0x230 [ 16.134620] kunit_try_run_case+0x1a5/0x480 [ 16.134647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.134674] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.134701] ? __kthread_parkme+0x82/0x180 [ 16.134723] ? preempt_count_sub+0x50/0x80 [ 16.134747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.134773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.134799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.134910] kthread+0x337/0x6f0 [ 16.134932] ? trace_preempt_on+0x20/0xc0 [ 16.134957] ? __pfx_kthread+0x10/0x10 [ 16.134978] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.135002] ? calculate_sigpending+0x7b/0xa0 [ 16.135027] ? __pfx_kthread+0x10/0x10 [ 16.135062] ret_from_fork+0x116/0x1d0 [ 16.135081] ? __pfx_kthread+0x10/0x10 [ 16.135102] ret_from_fork_asm+0x1a/0x30 [ 16.135133] </TASK> [ 16.135144] [ 16.143709] Allocated by task 282: [ 16.144016] kasan_save_stack+0x45/0x70 [ 16.144463] kasan_save_track+0x18/0x40 [ 16.144661] kasan_save_alloc_info+0x3b/0x50 [ 16.144938] __kasan_kmalloc+0xb7/0xc0 [ 16.145149] __kmalloc_cache_noprof+0x189/0x420 [ 16.145359] kasan_atomics+0x95/0x310 [ 16.145527] kunit_try_run_case+0x1a5/0x480 [ 16.145697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.146094] kthread+0x337/0x6f0 [ 16.146263] ret_from_fork+0x116/0x1d0 [ 16.146428] ret_from_fork_asm+0x1a/0x30 [ 16.146597] [ 16.146676] The buggy address belongs to the object at ffff8881027b3900 [ 16.146676] which belongs to the cache kmalloc-64 of size 64 [ 16.147267] The buggy address is located 0 bytes to the right of [ 16.147267] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.147640] [ 16.147712] The buggy address belongs to the physical page: [ 16.147899] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.148578] flags: 0x200000000000000(node=0|zone=2) [ 16.148814] page_type: f5(slab) [ 16.148981] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.149309] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.149697] page dumped because: kasan: bad access detected [ 16.149868] [ 16.149938] Memory state around the buggy address: [ 16.150103] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.150330] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.150864] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.151411] ^ [ 16.151775] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.152059] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.152325] ================================================================== [ 15.956394] ================================================================== [ 15.956776] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 15.957542] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.958005] [ 15.958115] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.958157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.958170] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.958191] Call Trace: [ 15.958205] <TASK> [ 15.958221] dump_stack_lvl+0x73/0xb0 [ 15.958249] print_report+0xd1/0x650 [ 15.958271] ? __virt_addr_valid+0x1db/0x2d0 [ 15.958295] ? kasan_atomics_helper+0x194a/0x5450 [ 15.958318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.958342] ? kasan_atomics_helper+0x194a/0x5450 [ 15.958366] kasan_report+0x141/0x180 [ 15.958389] ? kasan_atomics_helper+0x194a/0x5450 [ 15.958417] kasan_check_range+0x10c/0x1c0 [ 15.958441] __kasan_check_write+0x18/0x20 [ 15.958462] kasan_atomics_helper+0x194a/0x5450 [ 15.958486] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.958511] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.958538] ? kasan_atomics+0x152/0x310 [ 15.958567] kasan_atomics+0x1dc/0x310 [ 15.958591] ? __pfx_kasan_atomics+0x10/0x10 [ 15.958615] ? trace_hardirqs_on+0x37/0xe0 [ 15.958640] ? __pfx_read_tsc+0x10/0x10 [ 15.958662] ? ktime_get_ts64+0x86/0x230 [ 15.958688] kunit_try_run_case+0x1a5/0x480 [ 15.958713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.958740] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.958766] ? __kthread_parkme+0x82/0x180 [ 15.958787] ? preempt_count_sub+0x50/0x80 [ 15.958812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.958848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.958875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.958901] kthread+0x337/0x6f0 [ 15.958934] ? trace_preempt_on+0x20/0xc0 [ 15.958963] ? __pfx_kthread+0x10/0x10 [ 15.958985] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.959019] ? calculate_sigpending+0x7b/0xa0 [ 15.959054] ? __pfx_kthread+0x10/0x10 [ 15.959077] ret_from_fork+0x116/0x1d0 [ 15.959097] ? __pfx_kthread+0x10/0x10 [ 15.959119] ret_from_fork_asm+0x1a/0x30 [ 15.959151] </TASK> [ 15.959161] [ 15.967785] Allocated by task 282: [ 15.968254] kasan_save_stack+0x45/0x70 [ 15.968503] kasan_save_track+0x18/0x40 [ 15.968698] kasan_save_alloc_info+0x3b/0x50 [ 15.969007] __kasan_kmalloc+0xb7/0xc0 [ 15.969219] __kmalloc_cache_noprof+0x189/0x420 [ 15.969417] kasan_atomics+0x95/0x310 [ 15.969552] kunit_try_run_case+0x1a5/0x480 [ 15.969699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.969914] kthread+0x337/0x6f0 [ 15.970288] ret_from_fork+0x116/0x1d0 [ 15.970482] ret_from_fork_asm+0x1a/0x30 [ 15.970677] [ 15.970772] The buggy address belongs to the object at ffff8881027b3900 [ 15.970772] which belongs to the cache kmalloc-64 of size 64 [ 15.971498] The buggy address is located 0 bytes to the right of [ 15.971498] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.972072] [ 15.972185] The buggy address belongs to the physical page: [ 15.972446] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.972793] flags: 0x200000000000000(node=0|zone=2) [ 15.974885] page_type: f5(slab) [ 15.975087] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.975327] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.975667] page dumped because: kasan: bad access detected [ 15.976065] [ 15.976250] Memory state around the buggy address: [ 15.976482] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.976786] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.977178] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.977499] ^ [ 15.977745] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.978218] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.978541] ================================================================== [ 15.643321] ================================================================== [ 15.643663] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 15.644342] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.644608] [ 15.644695] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.644740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.644753] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.644774] Call Trace: [ 15.644788] <TASK> [ 15.644802] dump_stack_lvl+0x73/0xb0 [ 15.644833] print_report+0xd1/0x650 [ 15.644855] ? __virt_addr_valid+0x1db/0x2d0 [ 15.644878] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.644901] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.644927] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.644951] kasan_report+0x141/0x180 [ 15.644974] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.645001] __asan_report_load4_noabort+0x18/0x20 [ 15.645108] kasan_atomics_helper+0x49e8/0x5450 [ 15.645136] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.645162] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.645189] ? kasan_atomics+0x152/0x310 [ 15.645216] kasan_atomics+0x1dc/0x310 [ 15.645240] ? __pfx_kasan_atomics+0x10/0x10 [ 15.645264] ? trace_hardirqs_on+0x37/0xe0 [ 15.645287] ? __pfx_read_tsc+0x10/0x10 [ 15.645309] ? ktime_get_ts64+0x86/0x230 [ 15.645333] kunit_try_run_case+0x1a5/0x480 [ 15.645359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.645385] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.645414] ? __kthread_parkme+0x82/0x180 [ 15.645436] ? preempt_count_sub+0x50/0x80 [ 15.645460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.645485] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.645512] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.645539] kthread+0x337/0x6f0 [ 15.645560] ? trace_preempt_on+0x20/0xc0 [ 15.645583] ? __pfx_kthread+0x10/0x10 [ 15.645604] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.645626] ? calculate_sigpending+0x7b/0xa0 [ 15.645651] ? __pfx_kthread+0x10/0x10 [ 15.645675] ret_from_fork+0x116/0x1d0 [ 15.645694] ? __pfx_kthread+0x10/0x10 [ 15.645715] ret_from_fork_asm+0x1a/0x30 [ 15.645746] </TASK> [ 15.645757] [ 15.655040] Allocated by task 282: [ 15.655227] kasan_save_stack+0x45/0x70 [ 15.655447] kasan_save_track+0x18/0x40 [ 15.655635] kasan_save_alloc_info+0x3b/0x50 [ 15.655789] __kasan_kmalloc+0xb7/0xc0 [ 15.655923] __kmalloc_cache_noprof+0x189/0x420 [ 15.656097] kasan_atomics+0x95/0x310 [ 15.656234] kunit_try_run_case+0x1a5/0x480 [ 15.656380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.656898] kthread+0x337/0x6f0 [ 15.657156] ret_from_fork+0x116/0x1d0 [ 15.657380] ret_from_fork_asm+0x1a/0x30 [ 15.657778] [ 15.657947] The buggy address belongs to the object at ffff8881027b3900 [ 15.657947] which belongs to the cache kmalloc-64 of size 64 [ 15.660345] The buggy address is located 0 bytes to the right of [ 15.660345] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.661250] [ 15.661359] The buggy address belongs to the physical page: [ 15.661613] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.661933] flags: 0x200000000000000(node=0|zone=2) [ 15.662233] page_type: f5(slab) [ 15.662426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.662767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.663148] page dumped because: kasan: bad access detected [ 15.663333] [ 15.663487] Memory state around the buggy address: [ 15.663758] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.664207] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.664520] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.664769] ^ [ 15.665131] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.665492] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.665823] ================================================================== [ 15.553775] ================================================================== [ 15.554184] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 15.554504] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.554887] [ 15.555046] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.555091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.555104] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.555125] Call Trace: [ 15.555139] <TASK> [ 15.555175] dump_stack_lvl+0x73/0xb0 [ 15.555205] print_report+0xd1/0x650 [ 15.555229] ? __virt_addr_valid+0x1db/0x2d0 [ 15.555252] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.555274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.555299] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.555322] kasan_report+0x141/0x180 [ 15.555344] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.555372] __asan_report_load4_noabort+0x18/0x20 [ 15.555398] kasan_atomics_helper+0x4a1c/0x5450 [ 15.555422] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.555445] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.555471] ? kasan_atomics+0x152/0x310 [ 15.555498] kasan_atomics+0x1dc/0x310 [ 15.555545] ? __pfx_kasan_atomics+0x10/0x10 [ 15.555569] ? trace_hardirqs_on+0x37/0xe0 [ 15.555593] ? __pfx_read_tsc+0x10/0x10 [ 15.555614] ? ktime_get_ts64+0x86/0x230 [ 15.555638] kunit_try_run_case+0x1a5/0x480 [ 15.555663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.555689] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.555716] ? __kthread_parkme+0x82/0x180 [ 15.555738] ? preempt_count_sub+0x50/0x80 [ 15.555762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.555788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.555883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.555910] kthread+0x337/0x6f0 [ 15.555930] ? trace_preempt_on+0x20/0xc0 [ 15.555990] ? __pfx_kthread+0x10/0x10 [ 15.556013] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.556044] ? calculate_sigpending+0x7b/0xa0 [ 15.556070] ? __pfx_kthread+0x10/0x10 [ 15.556092] ret_from_fork+0x116/0x1d0 [ 15.556112] ? __pfx_kthread+0x10/0x10 [ 15.556134] ret_from_fork_asm+0x1a/0x30 [ 15.556165] </TASK> [ 15.556177] [ 15.564054] Allocated by task 282: [ 15.564236] kasan_save_stack+0x45/0x70 [ 15.564445] kasan_save_track+0x18/0x40 [ 15.564637] kasan_save_alloc_info+0x3b/0x50 [ 15.565113] __kasan_kmalloc+0xb7/0xc0 [ 15.565372] __kmalloc_cache_noprof+0x189/0x420 [ 15.565614] kasan_atomics+0x95/0x310 [ 15.565877] kunit_try_run_case+0x1a5/0x480 [ 15.566071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.566334] kthread+0x337/0x6f0 [ 15.566485] ret_from_fork+0x116/0x1d0 [ 15.566675] ret_from_fork_asm+0x1a/0x30 [ 15.566885] [ 15.566984] The buggy address belongs to the object at ffff8881027b3900 [ 15.566984] which belongs to the cache kmalloc-64 of size 64 [ 15.567540] The buggy address is located 0 bytes to the right of [ 15.567540] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.568057] [ 15.568133] The buggy address belongs to the physical page: [ 15.568360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.568731] flags: 0x200000000000000(node=0|zone=2) [ 15.569121] page_type: f5(slab) [ 15.569291] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.569630] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.570134] page dumped because: kasan: bad access detected [ 15.570390] [ 15.570484] Memory state around the buggy address: [ 15.570686] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.571057] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.571391] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.571600] ^ [ 15.571909] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.572273] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.572508] ================================================================== [ 15.860426] ================================================================== [ 15.861336] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 15.861652] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.862340] [ 15.862653] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.862763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.862777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.862798] Call Trace: [ 15.862813] <TASK> [ 15.862867] dump_stack_lvl+0x73/0xb0 [ 15.862899] print_report+0xd1/0x650 [ 15.862922] ? __virt_addr_valid+0x1db/0x2d0 [ 15.862944] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.862968] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.862999] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.863023] kasan_report+0x141/0x180 [ 15.863058] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.863085] kasan_check_range+0x10c/0x1c0 [ 15.863109] __kasan_check_write+0x18/0x20 [ 15.863130] kasan_atomics_helper+0x16e7/0x5450 [ 15.863154] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.863178] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.863205] ? kasan_atomics+0x152/0x310 [ 15.863232] kasan_atomics+0x1dc/0x310 [ 15.863255] ? __pfx_kasan_atomics+0x10/0x10 [ 15.863278] ? trace_hardirqs_on+0x37/0xe0 [ 15.863303] ? __pfx_read_tsc+0x10/0x10 [ 15.863325] ? ktime_get_ts64+0x86/0x230 [ 15.863349] kunit_try_run_case+0x1a5/0x480 [ 15.863374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.863399] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.863425] ? __kthread_parkme+0x82/0x180 [ 15.863446] ? preempt_count_sub+0x50/0x80 [ 15.863471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.863496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.863521] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.863548] kthread+0x337/0x6f0 [ 15.863567] ? trace_preempt_on+0x20/0xc0 [ 15.863590] ? __pfx_kthread+0x10/0x10 [ 15.863611] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.863634] ? calculate_sigpending+0x7b/0xa0 [ 15.863659] ? __pfx_kthread+0x10/0x10 [ 15.863681] ret_from_fork+0x116/0x1d0 [ 15.863701] ? __pfx_kthread+0x10/0x10 [ 15.863722] ret_from_fork_asm+0x1a/0x30 [ 15.863753] </TASK> [ 15.863764] [ 15.877385] Allocated by task 282: [ 15.878290] kasan_save_stack+0x45/0x70 [ 15.879110] kasan_save_track+0x18/0x40 [ 15.879448] kasan_save_alloc_info+0x3b/0x50 [ 15.879656] __kasan_kmalloc+0xb7/0xc0 [ 15.880233] __kmalloc_cache_noprof+0x189/0x420 [ 15.880453] kasan_atomics+0x95/0x310 [ 15.880629] kunit_try_run_case+0x1a5/0x480 [ 15.881083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.881330] kthread+0x337/0x6f0 [ 15.881484] ret_from_fork+0x116/0x1d0 [ 15.881650] ret_from_fork_asm+0x1a/0x30 [ 15.882175] [ 15.882277] The buggy address belongs to the object at ffff8881027b3900 [ 15.882277] which belongs to the cache kmalloc-64 of size 64 [ 15.883257] The buggy address is located 0 bytes to the right of [ 15.883257] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.883769] [ 15.884201] The buggy address belongs to the physical page: [ 15.884451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.884786] flags: 0x200000000000000(node=0|zone=2) [ 15.885313] page_type: f5(slab) [ 15.885477] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.885776] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.886395] page dumped because: kasan: bad access detected [ 15.886634] [ 15.886724] Memory state around the buggy address: [ 15.887250] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.887531] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.887805] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.888559] ^ [ 15.888786] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.889168] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.889468] ================================================================== [ 16.279956] ================================================================== [ 16.280317] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 16.280656] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.281070] [ 16.281171] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.281215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.281228] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.281257] Call Trace: [ 16.281270] <TASK> [ 16.281311] dump_stack_lvl+0x73/0xb0 [ 16.281341] print_report+0xd1/0x650 [ 16.281366] ? __virt_addr_valid+0x1db/0x2d0 [ 16.281390] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.281412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.281437] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.281460] kasan_report+0x141/0x180 [ 16.281483] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.281510] kasan_check_range+0x10c/0x1c0 [ 16.281536] __kasan_check_write+0x18/0x20 [ 16.281556] kasan_atomics_helper+0x20c8/0x5450 [ 16.281580] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.281604] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.281630] ? kasan_atomics+0x152/0x310 [ 16.281658] kasan_atomics+0x1dc/0x310 [ 16.281681] ? __pfx_kasan_atomics+0x10/0x10 [ 16.281704] ? trace_hardirqs_on+0x37/0xe0 [ 16.281729] ? __pfx_read_tsc+0x10/0x10 [ 16.281751] ? ktime_get_ts64+0x86/0x230 [ 16.281776] kunit_try_run_case+0x1a5/0x480 [ 16.281807] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.281834] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.281859] ? __kthread_parkme+0x82/0x180 [ 16.281881] ? preempt_count_sub+0x50/0x80 [ 16.281905] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.281931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.281957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.281983] kthread+0x337/0x6f0 [ 16.282004] ? trace_preempt_on+0x20/0xc0 [ 16.282026] ? __pfx_kthread+0x10/0x10 [ 16.282059] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.282082] ? calculate_sigpending+0x7b/0xa0 [ 16.282106] ? __pfx_kthread+0x10/0x10 [ 16.282129] ret_from_fork+0x116/0x1d0 [ 16.282149] ? __pfx_kthread+0x10/0x10 [ 16.282170] ret_from_fork_asm+0x1a/0x30 [ 16.282202] </TASK> [ 16.282213] [ 16.294163] Allocated by task 282: [ 16.294343] kasan_save_stack+0x45/0x70 [ 16.294538] kasan_save_track+0x18/0x40 [ 16.294717] kasan_save_alloc_info+0x3b/0x50 [ 16.295203] __kasan_kmalloc+0xb7/0xc0 [ 16.295514] __kmalloc_cache_noprof+0x189/0x420 [ 16.295730] kasan_atomics+0x95/0x310 [ 16.296303] kunit_try_run_case+0x1a5/0x480 [ 16.296508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.296744] kthread+0x337/0x6f0 [ 16.297104] ret_from_fork+0x116/0x1d0 [ 16.297288] ret_from_fork_asm+0x1a/0x30 [ 16.297473] [ 16.297566] The buggy address belongs to the object at ffff8881027b3900 [ 16.297566] which belongs to the cache kmalloc-64 of size 64 [ 16.298709] The buggy address is located 0 bytes to the right of [ 16.298709] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.299771] [ 16.299862] The buggy address belongs to the physical page: [ 16.300378] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.301059] flags: 0x200000000000000(node=0|zone=2) [ 16.301428] page_type: f5(slab) [ 16.301586] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.302051] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.302365] page dumped because: kasan: bad access detected [ 16.302596] [ 16.302686] Memory state around the buggy address: [ 16.303092] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.303393] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.303691] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.304557] ^ [ 16.305164] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.305472] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.305756] ================================================================== [ 15.382247] ================================================================== [ 15.382858] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 15.383465] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.383775] [ 15.384730] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.384783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.384798] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.385068] Call Trace: [ 15.385091] <TASK> [ 15.385107] dump_stack_lvl+0x73/0xb0 [ 15.385246] print_report+0xd1/0x650 [ 15.385271] ? __virt_addr_valid+0x1db/0x2d0 [ 15.385400] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.385425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.385477] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.385503] kasan_report+0x141/0x180 [ 15.385527] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.385555] __asan_report_load4_noabort+0x18/0x20 [ 15.385582] kasan_atomics_helper+0x4a84/0x5450 [ 15.385606] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.385636] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.385663] ? kasan_atomics+0x152/0x310 [ 15.385691] kasan_atomics+0x1dc/0x310 [ 15.385715] ? __pfx_kasan_atomics+0x10/0x10 [ 15.385740] ? trace_hardirqs_on+0x37/0xe0 [ 15.385764] ? __pfx_read_tsc+0x10/0x10 [ 15.385806] ? ktime_get_ts64+0x86/0x230 [ 15.385831] kunit_try_run_case+0x1a5/0x480 [ 15.385872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.385912] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.385953] ? __kthread_parkme+0x82/0x180 [ 15.385976] ? preempt_count_sub+0x50/0x80 [ 15.386014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.386049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.386090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.386198] kthread+0x337/0x6f0 [ 15.386224] ? trace_preempt_on+0x20/0xc0 [ 15.386249] ? __pfx_kthread+0x10/0x10 [ 15.386271] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.386295] ? calculate_sigpending+0x7b/0xa0 [ 15.386320] ? __pfx_kthread+0x10/0x10 [ 15.386343] ret_from_fork+0x116/0x1d0 [ 15.386364] ? __pfx_kthread+0x10/0x10 [ 15.386385] ret_from_fork_asm+0x1a/0x30 [ 15.386416] </TASK> [ 15.386440] [ 15.395536] Allocated by task 282: [ 15.395679] kasan_save_stack+0x45/0x70 [ 15.395882] kasan_save_track+0x18/0x40 [ 15.396166] kasan_save_alloc_info+0x3b/0x50 [ 15.396550] __kasan_kmalloc+0xb7/0xc0 [ 15.396766] __kmalloc_cache_noprof+0x189/0x420 [ 15.397121] kasan_atomics+0x95/0x310 [ 15.397340] kunit_try_run_case+0x1a5/0x480 [ 15.397545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.397728] kthread+0x337/0x6f0 [ 15.397854] ret_from_fork+0x116/0x1d0 [ 15.397990] ret_from_fork_asm+0x1a/0x30 [ 15.398193] [ 15.398311] The buggy address belongs to the object at ffff8881027b3900 [ 15.398311] which belongs to the cache kmalloc-64 of size 64 [ 15.398907] The buggy address is located 0 bytes to the right of [ 15.398907] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.401079] [ 15.401172] The buggy address belongs to the physical page: [ 15.401344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.401584] flags: 0x200000000000000(node=0|zone=2) [ 15.401745] page_type: f5(slab) [ 15.401870] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.402668] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.403716] page dumped because: kasan: bad access detected [ 15.404586] [ 15.404849] Memory state around the buggy address: [ 15.405269] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.405508] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.405728] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.406324] ^ [ 15.406800] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.407319] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.407615] ================================================================== [ 15.624146] ================================================================== [ 15.624544] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 15.624897] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.625224] [ 15.625340] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.625385] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.625397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.625418] Call Trace: [ 15.625432] <TASK> [ 15.625447] dump_stack_lvl+0x73/0xb0 [ 15.625476] print_report+0xd1/0x650 [ 15.625501] ? __virt_addr_valid+0x1db/0x2d0 [ 15.625525] ? kasan_atomics_helper+0x1217/0x5450 [ 15.625548] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.625572] ? kasan_atomics_helper+0x1217/0x5450 [ 15.625595] kasan_report+0x141/0x180 [ 15.625618] ? kasan_atomics_helper+0x1217/0x5450 [ 15.625645] kasan_check_range+0x10c/0x1c0 [ 15.625670] __kasan_check_write+0x18/0x20 [ 15.625690] kasan_atomics_helper+0x1217/0x5450 [ 15.625714] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.625738] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.625765] ? kasan_atomics+0x152/0x310 [ 15.625794] kasan_atomics+0x1dc/0x310 [ 15.625838] ? __pfx_kasan_atomics+0x10/0x10 [ 15.625862] ? trace_hardirqs_on+0x37/0xe0 [ 15.625887] ? __pfx_read_tsc+0x10/0x10 [ 15.625908] ? ktime_get_ts64+0x86/0x230 [ 15.625979] kunit_try_run_case+0x1a5/0x480 [ 15.626009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.626048] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.626075] ? __kthread_parkme+0x82/0x180 [ 15.626096] ? preempt_count_sub+0x50/0x80 [ 15.626120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.626146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.626172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.626199] kthread+0x337/0x6f0 [ 15.626218] ? trace_preempt_on+0x20/0xc0 [ 15.626241] ? __pfx_kthread+0x10/0x10 [ 15.626262] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.626284] ? calculate_sigpending+0x7b/0xa0 [ 15.626311] ? __pfx_kthread+0x10/0x10 [ 15.626334] ret_from_fork+0x116/0x1d0 [ 15.626354] ? __pfx_kthread+0x10/0x10 [ 15.626374] ret_from_fork_asm+0x1a/0x30 [ 15.626406] </TASK> [ 15.626417] [ 15.634305] Allocated by task 282: [ 15.634494] kasan_save_stack+0x45/0x70 [ 15.634717] kasan_save_track+0x18/0x40 [ 15.634943] kasan_save_alloc_info+0x3b/0x50 [ 15.635212] __kasan_kmalloc+0xb7/0xc0 [ 15.635391] __kmalloc_cache_noprof+0x189/0x420 [ 15.635607] kasan_atomics+0x95/0x310 [ 15.635799] kunit_try_run_case+0x1a5/0x480 [ 15.636110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.636324] kthread+0x337/0x6f0 [ 15.636523] ret_from_fork+0x116/0x1d0 [ 15.636701] ret_from_fork_asm+0x1a/0x30 [ 15.636979] [ 15.637064] The buggy address belongs to the object at ffff8881027b3900 [ 15.637064] which belongs to the cache kmalloc-64 of size 64 [ 15.637650] The buggy address is located 0 bytes to the right of [ 15.637650] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.638149] [ 15.638223] The buggy address belongs to the physical page: [ 15.638393] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.638671] flags: 0x200000000000000(node=0|zone=2) [ 15.639297] page_type: f5(slab) [ 15.639476] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.639954] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.640338] page dumped because: kasan: bad access detected [ 15.640612] [ 15.640696] Memory state around the buggy address: [ 15.641091] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.641333] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.641552] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.641767] ^ [ 15.641989] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.642322] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.642645] ================================================================== [ 15.750936] ================================================================== [ 15.751321] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 15.751648] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.752049] [ 15.752133] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.752175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.752187] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.752259] Call Trace: [ 15.752277] <TASK> [ 15.752293] dump_stack_lvl+0x73/0xb0 [ 15.752361] print_report+0xd1/0x650 [ 15.752386] ? __virt_addr_valid+0x1db/0x2d0 [ 15.752410] ? kasan_atomics_helper+0x1467/0x5450 [ 15.752444] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.752496] ? kasan_atomics_helper+0x1467/0x5450 [ 15.752520] kasan_report+0x141/0x180 [ 15.752553] ? kasan_atomics_helper+0x1467/0x5450 [ 15.752581] kasan_check_range+0x10c/0x1c0 [ 15.752606] __kasan_check_write+0x18/0x20 [ 15.752626] kasan_atomics_helper+0x1467/0x5450 [ 15.752651] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.752675] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.752722] ? kasan_atomics+0x152/0x310 [ 15.752750] kasan_atomics+0x1dc/0x310 [ 15.752773] ? __pfx_kasan_atomics+0x10/0x10 [ 15.752819] ? trace_hardirqs_on+0x37/0xe0 [ 15.752842] ? __pfx_read_tsc+0x10/0x10 [ 15.752875] ? ktime_get_ts64+0x86/0x230 [ 15.752899] kunit_try_run_case+0x1a5/0x480 [ 15.752990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.753019] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.753056] ? __kthread_parkme+0x82/0x180 [ 15.753077] ? preempt_count_sub+0x50/0x80 [ 15.753102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.753128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.753154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.753181] kthread+0x337/0x6f0 [ 15.753200] ? trace_preempt_on+0x20/0xc0 [ 15.753224] ? __pfx_kthread+0x10/0x10 [ 15.753245] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.753268] ? calculate_sigpending+0x7b/0xa0 [ 15.753293] ? __pfx_kthread+0x10/0x10 [ 15.753315] ret_from_fork+0x116/0x1d0 [ 15.753335] ? __pfx_kthread+0x10/0x10 [ 15.753356] ret_from_fork_asm+0x1a/0x30 [ 15.753389] </TASK> [ 15.753401] [ 15.762516] Allocated by task 282: [ 15.762783] kasan_save_stack+0x45/0x70 [ 15.763054] kasan_save_track+0x18/0x40 [ 15.763299] kasan_save_alloc_info+0x3b/0x50 [ 15.763539] __kasan_kmalloc+0xb7/0xc0 [ 15.763676] __kmalloc_cache_noprof+0x189/0x420 [ 15.763981] kasan_atomics+0x95/0x310 [ 15.764243] kunit_try_run_case+0x1a5/0x480 [ 15.764460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.764741] kthread+0x337/0x6f0 [ 15.765042] ret_from_fork+0x116/0x1d0 [ 15.765184] ret_from_fork_asm+0x1a/0x30 [ 15.765326] [ 15.765469] The buggy address belongs to the object at ffff8881027b3900 [ 15.765469] which belongs to the cache kmalloc-64 of size 64 [ 15.766012] The buggy address is located 0 bytes to the right of [ 15.766012] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.766792] [ 15.766957] The buggy address belongs to the physical page: [ 15.767164] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.767434] flags: 0x200000000000000(node=0|zone=2) [ 15.767727] page_type: f5(slab) [ 15.767986] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.768456] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.768749] page dumped because: kasan: bad access detected [ 15.769132] [ 15.769262] Memory state around the buggy address: [ 15.769509] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.769759] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.770376] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.770709] ^ [ 15.771208] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.771511] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.771881] ================================================================== [ 16.152707] ================================================================== [ 16.153064] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 16.153412] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.153849] [ 16.153968] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.154011] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.154024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.154056] Call Trace: [ 16.154071] <TASK> [ 16.154086] dump_stack_lvl+0x73/0xb0 [ 16.154115] print_report+0xd1/0x650 [ 16.154138] ? __virt_addr_valid+0x1db/0x2d0 [ 16.154161] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.154183] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.154208] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.154232] kasan_report+0x141/0x180 [ 16.154255] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.154283] kasan_check_range+0x10c/0x1c0 [ 16.154307] __kasan_check_write+0x18/0x20 [ 16.154328] kasan_atomics_helper+0x1e12/0x5450 [ 16.154352] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.154376] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.154403] ? kasan_atomics+0x152/0x310 [ 16.154430] kasan_atomics+0x1dc/0x310 [ 16.154453] ? __pfx_kasan_atomics+0x10/0x10 [ 16.154477] ? trace_hardirqs_on+0x37/0xe0 [ 16.154500] ? __pfx_read_tsc+0x10/0x10 [ 16.154522] ? ktime_get_ts64+0x86/0x230 [ 16.154547] kunit_try_run_case+0x1a5/0x480 [ 16.154582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.154608] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.154635] ? __kthread_parkme+0x82/0x180 [ 16.154657] ? preempt_count_sub+0x50/0x80 [ 16.154682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.154707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.154733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.154760] kthread+0x337/0x6f0 [ 16.154780] ? trace_preempt_on+0x20/0xc0 [ 16.154803] ? __pfx_kthread+0x10/0x10 [ 16.154824] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.154847] ? calculate_sigpending+0x7b/0xa0 [ 16.154883] ? __pfx_kthread+0x10/0x10 [ 16.154905] ret_from_fork+0x116/0x1d0 [ 16.154924] ? __pfx_kthread+0x10/0x10 [ 16.154947] ret_from_fork_asm+0x1a/0x30 [ 16.154978] </TASK> [ 16.154989] [ 16.169154] Allocated by task 282: [ 16.169295] kasan_save_stack+0x45/0x70 [ 16.169446] kasan_save_track+0x18/0x40 [ 16.169583] kasan_save_alloc_info+0x3b/0x50 [ 16.169733] __kasan_kmalloc+0xb7/0xc0 [ 16.169874] __kmalloc_cache_noprof+0x189/0x420 [ 16.170041] kasan_atomics+0x95/0x310 [ 16.170314] kunit_try_run_case+0x1a5/0x480 [ 16.170698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.171293] kthread+0x337/0x6f0 [ 16.171611] ret_from_fork+0x116/0x1d0 [ 16.172191] ret_from_fork_asm+0x1a/0x30 [ 16.172572] [ 16.172731] The buggy address belongs to the object at ffff8881027b3900 [ 16.172731] which belongs to the cache kmalloc-64 of size 64 [ 16.173937] The buggy address is located 0 bytes to the right of [ 16.173937] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.175070] [ 16.175148] The buggy address belongs to the physical page: [ 16.175322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.175563] flags: 0x200000000000000(node=0|zone=2) [ 16.175726] page_type: f5(slab) [ 16.176019] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.176685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.177562] page dumped because: kasan: bad access detected [ 16.178130] [ 16.178291] Memory state around the buggy address: [ 16.178715] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.179444] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.180169] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.180427] ^ [ 16.180582] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.180804] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.181019] ================================================================== [ 15.730010] ================================================================== [ 15.730297] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 15.730618] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.730954] [ 15.731095] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.731172] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.731185] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.731206] Call Trace: [ 15.731232] <TASK> [ 15.731248] dump_stack_lvl+0x73/0xb0 [ 15.731279] print_report+0xd1/0x650 [ 15.731302] ? __virt_addr_valid+0x1db/0x2d0 [ 15.731325] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.731348] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.731373] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.731396] kasan_report+0x141/0x180 [ 15.731419] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.731447] __asan_report_load8_noabort+0x18/0x20 [ 15.731474] kasan_atomics_helper+0x4eae/0x5450 [ 15.731498] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.731554] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.731580] ? kasan_atomics+0x152/0x310 [ 15.731620] kasan_atomics+0x1dc/0x310 [ 15.731671] ? __pfx_kasan_atomics+0x10/0x10 [ 15.731695] ? trace_hardirqs_on+0x37/0xe0 [ 15.731718] ? __pfx_read_tsc+0x10/0x10 [ 15.731750] ? ktime_get_ts64+0x86/0x230 [ 15.731774] kunit_try_run_case+0x1a5/0x480 [ 15.731799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.731825] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.731852] ? __kthread_parkme+0x82/0x180 [ 15.731874] ? preempt_count_sub+0x50/0x80 [ 15.731925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.731959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.732065] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.732092] kthread+0x337/0x6f0 [ 15.732163] ? trace_preempt_on+0x20/0xc0 [ 15.732188] ? __pfx_kthread+0x10/0x10 [ 15.732211] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.732234] ? calculate_sigpending+0x7b/0xa0 [ 15.732259] ? __pfx_kthread+0x10/0x10 [ 15.732282] ret_from_fork+0x116/0x1d0 [ 15.732301] ? __pfx_kthread+0x10/0x10 [ 15.732323] ret_from_fork_asm+0x1a/0x30 [ 15.732354] </TASK> [ 15.732365] [ 15.741159] Allocated by task 282: [ 15.741295] kasan_save_stack+0x45/0x70 [ 15.741500] kasan_save_track+0x18/0x40 [ 15.741696] kasan_save_alloc_info+0x3b/0x50 [ 15.741911] __kasan_kmalloc+0xb7/0xc0 [ 15.742159] __kmalloc_cache_noprof+0x189/0x420 [ 15.742401] kasan_atomics+0x95/0x310 [ 15.742677] kunit_try_run_case+0x1a5/0x480 [ 15.743107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.743387] kthread+0x337/0x6f0 [ 15.743513] ret_from_fork+0x116/0x1d0 [ 15.743647] ret_from_fork_asm+0x1a/0x30 [ 15.743796] [ 15.743959] The buggy address belongs to the object at ffff8881027b3900 [ 15.743959] which belongs to the cache kmalloc-64 of size 64 [ 15.744554] The buggy address is located 0 bytes to the right of [ 15.744554] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.745377] [ 15.745505] The buggy address belongs to the physical page: [ 15.745694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.746007] flags: 0x200000000000000(node=0|zone=2) [ 15.746251] page_type: f5(slab) [ 15.746580] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.747018] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.747268] page dumped because: kasan: bad access detected [ 15.747570] [ 15.747668] Memory state around the buggy address: [ 15.747971] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.748480] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.749003] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.749321] ^ [ 15.749580] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.749938] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.750423] ================================================================== [ 15.798777] ================================================================== [ 15.799388] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 15.799716] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.800409] [ 15.800649] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.800773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.800787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.800829] Call Trace: [ 15.800844] <TASK> [ 15.800861] dump_stack_lvl+0x73/0xb0 [ 15.800925] print_report+0xd1/0x650 [ 15.800960] ? __virt_addr_valid+0x1db/0x2d0 [ 15.800984] ? kasan_atomics_helper+0x151d/0x5450 [ 15.801007] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.801042] ? kasan_atomics_helper+0x151d/0x5450 [ 15.801065] kasan_report+0x141/0x180 [ 15.801087] ? kasan_atomics_helper+0x151d/0x5450 [ 15.801115] kasan_check_range+0x10c/0x1c0 [ 15.801140] __kasan_check_write+0x18/0x20 [ 15.801160] kasan_atomics_helper+0x151d/0x5450 [ 15.801184] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.801209] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.801235] ? kasan_atomics+0x152/0x310 [ 15.801262] kasan_atomics+0x1dc/0x310 [ 15.801286] ? __pfx_kasan_atomics+0x10/0x10 [ 15.801310] ? trace_hardirqs_on+0x37/0xe0 [ 15.801333] ? __pfx_read_tsc+0x10/0x10 [ 15.801355] ? ktime_get_ts64+0x86/0x230 [ 15.801380] kunit_try_run_case+0x1a5/0x480 [ 15.801405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.801431] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.801457] ? __kthread_parkme+0x82/0x180 [ 15.801478] ? preempt_count_sub+0x50/0x80 [ 15.801503] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.801529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.801555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.801582] kthread+0x337/0x6f0 [ 15.801601] ? trace_preempt_on+0x20/0xc0 [ 15.801624] ? __pfx_kthread+0x10/0x10 [ 15.801646] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.801668] ? calculate_sigpending+0x7b/0xa0 [ 15.801693] ? __pfx_kthread+0x10/0x10 [ 15.801715] ret_from_fork+0x116/0x1d0 [ 15.801735] ? __pfx_kthread+0x10/0x10 [ 15.801756] ret_from_fork_asm+0x1a/0x30 [ 15.801788] </TASK> [ 15.801800] [ 15.810047] Allocated by task 282: [ 15.810250] kasan_save_stack+0x45/0x70 [ 15.810455] kasan_save_track+0x18/0x40 [ 15.810650] kasan_save_alloc_info+0x3b/0x50 [ 15.810939] __kasan_kmalloc+0xb7/0xc0 [ 15.811104] __kmalloc_cache_noprof+0x189/0x420 [ 15.811380] kasan_atomics+0x95/0x310 [ 15.811650] kunit_try_run_case+0x1a5/0x480 [ 15.811866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.812221] kthread+0x337/0x6f0 [ 15.812385] ret_from_fork+0x116/0x1d0 [ 15.812568] ret_from_fork_asm+0x1a/0x30 [ 15.812713] [ 15.812810] The buggy address belongs to the object at ffff8881027b3900 [ 15.812810] which belongs to the cache kmalloc-64 of size 64 [ 15.813393] The buggy address is located 0 bytes to the right of [ 15.813393] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.813826] [ 15.813899] The buggy address belongs to the physical page: [ 15.814155] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.814532] flags: 0x200000000000000(node=0|zone=2) [ 15.814809] page_type: f5(slab) [ 15.815147] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.815389] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.815621] page dumped because: kasan: bad access detected [ 15.816151] [ 15.816247] Memory state around the buggy address: [ 15.816543] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.816820] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.817143] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.817358] ^ [ 15.817513] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.817729] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.818100] ================================================================== [ 15.092123] ================================================================== [ 15.093739] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 15.095151] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.095577] [ 15.095671] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.095715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.095728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.095750] Call Trace: [ 15.095767] <TASK> [ 15.095782] dump_stack_lvl+0x73/0xb0 [ 15.096006] print_report+0xd1/0x650 [ 15.096043] ? __virt_addr_valid+0x1db/0x2d0 [ 15.096067] ? kasan_atomics_helper+0x565/0x5450 [ 15.096090] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.096115] ? kasan_atomics_helper+0x565/0x5450 [ 15.096138] kasan_report+0x141/0x180 [ 15.096161] ? kasan_atomics_helper+0x565/0x5450 [ 15.096188] kasan_check_range+0x10c/0x1c0 [ 15.096213] __kasan_check_write+0x18/0x20 [ 15.096233] kasan_atomics_helper+0x565/0x5450 [ 15.096258] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.096283] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.096309] ? kasan_atomics+0x152/0x310 [ 15.096338] kasan_atomics+0x1dc/0x310 [ 15.096361] ? __pfx_kasan_atomics+0x10/0x10 [ 15.096386] ? trace_hardirqs_on+0x37/0xe0 [ 15.096410] ? __pfx_read_tsc+0x10/0x10 [ 15.096432] ? ktime_get_ts64+0x86/0x230 [ 15.096457] kunit_try_run_case+0x1a5/0x480 [ 15.096482] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.096508] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.096533] ? __kthread_parkme+0x82/0x180 [ 15.096554] ? preempt_count_sub+0x50/0x80 [ 15.096579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.096605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.096631] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.096657] kthread+0x337/0x6f0 [ 15.096677] ? trace_preempt_on+0x20/0xc0 [ 15.096701] ? __pfx_kthread+0x10/0x10 [ 15.096723] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.096745] ? calculate_sigpending+0x7b/0xa0 [ 15.096770] ? __pfx_kthread+0x10/0x10 [ 15.096851] ret_from_fork+0x116/0x1d0 [ 15.096875] ? __pfx_kthread+0x10/0x10 [ 15.096898] ret_from_fork_asm+0x1a/0x30 [ 15.096929] </TASK> [ 15.096940] [ 15.110555] Allocated by task 282: [ 15.110913] kasan_save_stack+0x45/0x70 [ 15.111131] kasan_save_track+0x18/0x40 [ 15.111273] kasan_save_alloc_info+0x3b/0x50 [ 15.111425] __kasan_kmalloc+0xb7/0xc0 [ 15.111560] __kmalloc_cache_noprof+0x189/0x420 [ 15.111718] kasan_atomics+0x95/0x310 [ 15.111860] kunit_try_run_case+0x1a5/0x480 [ 15.112014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.112201] kthread+0x337/0x6f0 [ 15.112323] ret_from_fork+0x116/0x1d0 [ 15.112707] ret_from_fork_asm+0x1a/0x30 [ 15.113221] [ 15.113302] The buggy address belongs to the object at ffff8881027b3900 [ 15.113302] which belongs to the cache kmalloc-64 of size 64 [ 15.113657] The buggy address is located 0 bytes to the right of [ 15.113657] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.114598] [ 15.114760] The buggy address belongs to the physical page: [ 15.115312] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.116078] flags: 0x200000000000000(node=0|zone=2) [ 15.116517] page_type: f5(slab) [ 15.116888] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.117561] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.118169] page dumped because: kasan: bad access detected [ 15.118349] [ 15.118420] Memory state around the buggy address: [ 15.118575] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.118791] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.119003] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.119696] ^ [ 15.120203] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.120843] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.121459] ================================================================== [ 15.818586] ================================================================== [ 15.818904] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 15.819151] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.819374] [ 15.819456] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.819496] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.819523] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.819544] Call Trace: [ 15.819571] <TASK> [ 15.819586] dump_stack_lvl+0x73/0xb0 [ 15.819613] print_report+0xd1/0x650 [ 15.819635] ? __virt_addr_valid+0x1db/0x2d0 [ 15.819658] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.819680] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.819704] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.819727] kasan_report+0x141/0x180 [ 15.819750] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.819777] kasan_check_range+0x10c/0x1c0 [ 15.819801] __kasan_check_write+0x18/0x20 [ 15.819828] kasan_atomics_helper+0x15b6/0x5450 [ 15.819852] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.819876] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.819902] ? kasan_atomics+0x152/0x310 [ 15.819929] kasan_atomics+0x1dc/0x310 [ 15.819959] ? __pfx_kasan_atomics+0x10/0x10 [ 15.819982] ? trace_hardirqs_on+0x37/0xe0 [ 15.820013] ? __pfx_read_tsc+0x10/0x10 [ 15.820053] ? ktime_get_ts64+0x86/0x230 [ 15.820078] kunit_try_run_case+0x1a5/0x480 [ 15.820102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.820128] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.820155] ? __kthread_parkme+0x82/0x180 [ 15.820177] ? preempt_count_sub+0x50/0x80 [ 15.820202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.820228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.820254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.820281] kthread+0x337/0x6f0 [ 15.820302] ? trace_preempt_on+0x20/0xc0 [ 15.820325] ? __pfx_kthread+0x10/0x10 [ 15.820347] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.820379] ? calculate_sigpending+0x7b/0xa0 [ 15.820404] ? __pfx_kthread+0x10/0x10 [ 15.820427] ret_from_fork+0x116/0x1d0 [ 15.820457] ? __pfx_kthread+0x10/0x10 [ 15.820479] ret_from_fork_asm+0x1a/0x30 [ 15.820511] </TASK> [ 15.820522] [ 15.829362] Allocated by task 282: [ 15.829565] kasan_save_stack+0x45/0x70 [ 15.829742] kasan_save_track+0x18/0x40 [ 15.830015] kasan_save_alloc_info+0x3b/0x50 [ 15.830233] __kasan_kmalloc+0xb7/0xc0 [ 15.830403] __kmalloc_cache_noprof+0x189/0x420 [ 15.830561] kasan_atomics+0x95/0x310 [ 15.830697] kunit_try_run_case+0x1a5/0x480 [ 15.830878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.831272] kthread+0x337/0x6f0 [ 15.831455] ret_from_fork+0x116/0x1d0 [ 15.831643] ret_from_fork_asm+0x1a/0x30 [ 15.831968] [ 15.832056] The buggy address belongs to the object at ffff8881027b3900 [ 15.832056] which belongs to the cache kmalloc-64 of size 64 [ 15.832715] The buggy address is located 0 bytes to the right of [ 15.832715] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.833369] [ 15.833503] The buggy address belongs to the physical page: [ 15.833721] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.834009] flags: 0x200000000000000(node=0|zone=2) [ 15.834489] page_type: f5(slab) [ 15.834653] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.835141] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.835384] page dumped because: kasan: bad access detected [ 15.835571] [ 15.835663] Memory state around the buggy address: [ 15.835921] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.836394] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.836692] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.837019] ^ [ 15.837202] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.837422] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.837638] ================================================================== [ 15.047683] ================================================================== [ 15.048406] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 15.048876] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.049280] [ 15.049395] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.049439] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.049452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.049506] Call Trace: [ 15.049522] <TASK> [ 15.049539] dump_stack_lvl+0x73/0xb0 [ 15.049569] print_report+0xd1/0x650 [ 15.049591] ? __virt_addr_valid+0x1db/0x2d0 [ 15.049645] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.049669] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.049694] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.049717] kasan_report+0x141/0x180 [ 15.049740] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.049767] kasan_check_range+0x10c/0x1c0 [ 15.049853] __kasan_check_write+0x18/0x20 [ 15.049935] kasan_atomics_helper+0x4a0/0x5450 [ 15.049961] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.049986] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.050055] ? kasan_atomics+0x152/0x310 [ 15.050085] kasan_atomics+0x1dc/0x310 [ 15.050109] ? __pfx_kasan_atomics+0x10/0x10 [ 15.050132] ? trace_hardirqs_on+0x37/0xe0 [ 15.050156] ? __pfx_read_tsc+0x10/0x10 [ 15.050177] ? ktime_get_ts64+0x86/0x230 [ 15.050202] kunit_try_run_case+0x1a5/0x480 [ 15.050226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.050253] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.050279] ? __kthread_parkme+0x82/0x180 [ 15.050300] ? preempt_count_sub+0x50/0x80 [ 15.050325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.050350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.050376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.050402] kthread+0x337/0x6f0 [ 15.050422] ? trace_preempt_on+0x20/0xc0 [ 15.050445] ? __pfx_kthread+0x10/0x10 [ 15.050466] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.050489] ? calculate_sigpending+0x7b/0xa0 [ 15.050516] ? __pfx_kthread+0x10/0x10 [ 15.050538] ret_from_fork+0x116/0x1d0 [ 15.050557] ? __pfx_kthread+0x10/0x10 [ 15.050579] ret_from_fork_asm+0x1a/0x30 [ 15.050610] </TASK> [ 15.050621] [ 15.059445] Allocated by task 282: [ 15.059631] kasan_save_stack+0x45/0x70 [ 15.059960] kasan_save_track+0x18/0x40 [ 15.060198] kasan_save_alloc_info+0x3b/0x50 [ 15.060413] __kasan_kmalloc+0xb7/0xc0 [ 15.060551] __kmalloc_cache_noprof+0x189/0x420 [ 15.060769] kasan_atomics+0x95/0x310 [ 15.061137] kunit_try_run_case+0x1a5/0x480 [ 15.061357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.061632] kthread+0x337/0x6f0 [ 15.061757] ret_from_fork+0x116/0x1d0 [ 15.062070] ret_from_fork_asm+0x1a/0x30 [ 15.062317] [ 15.062448] The buggy address belongs to the object at ffff8881027b3900 [ 15.062448] which belongs to the cache kmalloc-64 of size 64 [ 15.063021] The buggy address is located 0 bytes to the right of [ 15.063021] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.063562] [ 15.063639] The buggy address belongs to the physical page: [ 15.063890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.064272] flags: 0x200000000000000(node=0|zone=2) [ 15.064506] page_type: f5(slab) [ 15.064662] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.064951] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.065541] page dumped because: kasan: bad access detected [ 15.065748] [ 15.065885] Memory state around the buggy address: [ 15.066133] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.066545] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.066985] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.067299] ^ [ 15.067503] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.067941] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.068281] ================================================================== [ 15.202862] ================================================================== [ 15.203345] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 15.203842] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.204248] [ 15.204353] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.204396] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.204409] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.204430] Call Trace: [ 15.204445] <TASK> [ 15.204461] dump_stack_lvl+0x73/0xb0 [ 15.204491] print_report+0xd1/0x650 [ 15.204514] ? __virt_addr_valid+0x1db/0x2d0 [ 15.204538] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.204560] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.204585] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.204608] kasan_report+0x141/0x180 [ 15.204631] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.204658] kasan_check_range+0x10c/0x1c0 [ 15.204683] __kasan_check_write+0x18/0x20 [ 15.204703] kasan_atomics_helper+0x7c7/0x5450 [ 15.204727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.204751] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.204778] ? kasan_atomics+0x152/0x310 [ 15.204805] kasan_atomics+0x1dc/0x310 [ 15.204830] ? __pfx_kasan_atomics+0x10/0x10 [ 15.204854] ? trace_hardirqs_on+0x37/0xe0 [ 15.204878] ? __pfx_read_tsc+0x10/0x10 [ 15.204900] ? ktime_get_ts64+0x86/0x230 [ 15.204925] kunit_try_run_case+0x1a5/0x480 [ 15.204950] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.204977] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.205003] ? __kthread_parkme+0x82/0x180 [ 15.205024] ? preempt_count_sub+0x50/0x80 [ 15.205059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.205085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.205111] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.205138] kthread+0x337/0x6f0 [ 15.205158] ? trace_preempt_on+0x20/0xc0 [ 15.205180] ? __pfx_kthread+0x10/0x10 [ 15.205202] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.205275] ? calculate_sigpending+0x7b/0xa0 [ 15.205305] ? __pfx_kthread+0x10/0x10 [ 15.205327] ret_from_fork+0x116/0x1d0 [ 15.205347] ? __pfx_kthread+0x10/0x10 [ 15.205369] ret_from_fork_asm+0x1a/0x30 [ 15.205400] </TASK> [ 15.205411] [ 15.213538] Allocated by task 282: [ 15.213798] kasan_save_stack+0x45/0x70 [ 15.214172] kasan_save_track+0x18/0x40 [ 15.214342] kasan_save_alloc_info+0x3b/0x50 [ 15.214496] __kasan_kmalloc+0xb7/0xc0 [ 15.214681] __kmalloc_cache_noprof+0x189/0x420 [ 15.214898] kasan_atomics+0x95/0x310 [ 15.215097] kunit_try_run_case+0x1a5/0x480 [ 15.215351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.215535] kthread+0x337/0x6f0 [ 15.215667] ret_from_fork+0x116/0x1d0 [ 15.215901] ret_from_fork_asm+0x1a/0x30 [ 15.216160] [ 15.216258] The buggy address belongs to the object at ffff8881027b3900 [ 15.216258] which belongs to the cache kmalloc-64 of size 64 [ 15.216749] The buggy address is located 0 bytes to the right of [ 15.216749] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.217397] [ 15.217499] The buggy address belongs to the physical page: [ 15.217700] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.218062] flags: 0x200000000000000(node=0|zone=2) [ 15.218344] page_type: f5(slab) [ 15.218467] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.218793] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.219290] page dumped because: kasan: bad access detected [ 15.219469] [ 15.219539] Memory state around the buggy address: [ 15.219696] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.219987] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.220309] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.220556] ^ [ 15.220714] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.220929] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.221528] ================================================================== [ 16.028299] ================================================================== [ 16.028614] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 16.029120] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.029686] [ 16.030089] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.030138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.030152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.030174] Call Trace: [ 16.030189] <TASK> [ 16.030204] dump_stack_lvl+0x73/0xb0 [ 16.030235] print_report+0xd1/0x650 [ 16.030258] ? __virt_addr_valid+0x1db/0x2d0 [ 16.030282] ? kasan_atomics_helper+0x1b22/0x5450 [ 16.030305] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.030329] ? kasan_atomics_helper+0x1b22/0x5450 [ 16.030352] kasan_report+0x141/0x180 [ 16.030375] ? kasan_atomics_helper+0x1b22/0x5450 [ 16.030402] kasan_check_range+0x10c/0x1c0 [ 16.030427] __kasan_check_write+0x18/0x20 [ 16.030448] kasan_atomics_helper+0x1b22/0x5450 [ 16.030472] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.030496] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.030522] ? kasan_atomics+0x152/0x310 [ 16.030550] kasan_atomics+0x1dc/0x310 [ 16.030573] ? __pfx_kasan_atomics+0x10/0x10 [ 16.030597] ? trace_hardirqs_on+0x37/0xe0 [ 16.030622] ? __pfx_read_tsc+0x10/0x10 [ 16.030644] ? ktime_get_ts64+0x86/0x230 [ 16.030669] kunit_try_run_case+0x1a5/0x480 [ 16.030694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.030720] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.030746] ? __kthread_parkme+0x82/0x180 [ 16.030767] ? preempt_count_sub+0x50/0x80 [ 16.030792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.030906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.030948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.030975] kthread+0x337/0x6f0 [ 16.030995] ? trace_preempt_on+0x20/0xc0 [ 16.031018] ? __pfx_kthread+0x10/0x10 [ 16.031052] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.031075] ? calculate_sigpending+0x7b/0xa0 [ 16.031100] ? __pfx_kthread+0x10/0x10 [ 16.031122] ret_from_fork+0x116/0x1d0 [ 16.031142] ? __pfx_kthread+0x10/0x10 [ 16.031163] ret_from_fork_asm+0x1a/0x30 [ 16.031195] </TASK> [ 16.031205] [ 16.043337] Allocated by task 282: [ 16.043505] kasan_save_stack+0x45/0x70 [ 16.044182] kasan_save_track+0x18/0x40 [ 16.044378] kasan_save_alloc_info+0x3b/0x50 [ 16.044548] __kasan_kmalloc+0xb7/0xc0 [ 16.044749] __kmalloc_cache_noprof+0x189/0x420 [ 16.045250] kasan_atomics+0x95/0x310 [ 16.045436] kunit_try_run_case+0x1a5/0x480 [ 16.045790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.046296] kthread+0x337/0x6f0 [ 16.046545] ret_from_fork+0x116/0x1d0 [ 16.046802] ret_from_fork_asm+0x1a/0x30 [ 16.047204] [ 16.047341] The buggy address belongs to the object at ffff8881027b3900 [ 16.047341] which belongs to the cache kmalloc-64 of size 64 [ 16.047843] The buggy address is located 0 bytes to the right of [ 16.047843] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.048702] [ 16.048797] The buggy address belongs to the physical page: [ 16.049288] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.049763] flags: 0x200000000000000(node=0|zone=2) [ 16.050176] page_type: f5(slab) [ 16.050409] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.050812] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.051289] page dumped because: kasan: bad access detected [ 16.051734] [ 16.052097] Memory state around the buggy address: [ 16.052404] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.052986] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.053457] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.053782] ^ [ 16.054183] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.054600] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.055227] ================================================================== [ 15.316083] ================================================================== [ 15.316342] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 15.316677] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.317009] [ 15.317236] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.317280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.317293] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.317314] Call Trace: [ 15.317330] <TASK> [ 15.317346] dump_stack_lvl+0x73/0xb0 [ 15.317375] print_report+0xd1/0x650 [ 15.317398] ? __virt_addr_valid+0x1db/0x2d0 [ 15.317421] ? kasan_atomics_helper+0xac7/0x5450 [ 15.317443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.317468] ? kasan_atomics_helper+0xac7/0x5450 [ 15.317492] kasan_report+0x141/0x180 [ 15.317514] ? kasan_atomics_helper+0xac7/0x5450 [ 15.317542] kasan_check_range+0x10c/0x1c0 [ 15.317567] __kasan_check_write+0x18/0x20 [ 15.317588] kasan_atomics_helper+0xac7/0x5450 [ 15.317612] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.317636] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.317662] ? kasan_atomics+0x152/0x310 [ 15.317690] kasan_atomics+0x1dc/0x310 [ 15.317713] ? __pfx_kasan_atomics+0x10/0x10 [ 15.317738] ? trace_hardirqs_on+0x37/0xe0 [ 15.317762] ? __pfx_read_tsc+0x10/0x10 [ 15.317784] ? ktime_get_ts64+0x86/0x230 [ 15.317808] kunit_try_run_case+0x1a5/0x480 [ 15.317832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.317858] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.317885] ? __kthread_parkme+0x82/0x180 [ 15.317905] ? preempt_count_sub+0x50/0x80 [ 15.317930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.318114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.318151] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.318192] kthread+0x337/0x6f0 [ 15.318212] ? trace_preempt_on+0x20/0xc0 [ 15.318236] ? __pfx_kthread+0x10/0x10 [ 15.318257] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.318280] ? calculate_sigpending+0x7b/0xa0 [ 15.318306] ? __pfx_kthread+0x10/0x10 [ 15.318339] ret_from_fork+0x116/0x1d0 [ 15.318359] ? __pfx_kthread+0x10/0x10 [ 15.318383] ret_from_fork_asm+0x1a/0x30 [ 15.318426] </TASK> [ 15.318437] [ 15.326853] Allocated by task 282: [ 15.327101] kasan_save_stack+0x45/0x70 [ 15.327286] kasan_save_track+0x18/0x40 [ 15.327465] kasan_save_alloc_info+0x3b/0x50 [ 15.327687] __kasan_kmalloc+0xb7/0xc0 [ 15.327949] __kmalloc_cache_noprof+0x189/0x420 [ 15.328182] kasan_atomics+0x95/0x310 [ 15.328353] kunit_try_run_case+0x1a5/0x480 [ 15.328582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.328988] kthread+0x337/0x6f0 [ 15.329189] ret_from_fork+0x116/0x1d0 [ 15.329398] ret_from_fork_asm+0x1a/0x30 [ 15.329586] [ 15.329660] The buggy address belongs to the object at ffff8881027b3900 [ 15.329660] which belongs to the cache kmalloc-64 of size 64 [ 15.330015] The buggy address is located 0 bytes to the right of [ 15.330015] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.330581] [ 15.330677] The buggy address belongs to the physical page: [ 15.330923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.331505] flags: 0x200000000000000(node=0|zone=2) [ 15.331897] page_type: f5(slab) [ 15.332146] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.332465] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.332693] page dumped because: kasan: bad access detected [ 15.332884] [ 15.332977] Memory state around the buggy address: [ 15.333242] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.333641] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.334080] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.334373] ^ [ 15.334612] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.334915] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.335294] ================================================================== [ 15.688515] ================================================================== [ 15.688975] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 15.689438] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.689774] [ 15.690006] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.690064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.690077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.690098] Call Trace: [ 15.690112] <TASK> [ 15.690127] dump_stack_lvl+0x73/0xb0 [ 15.690156] print_report+0xd1/0x650 [ 15.690179] ? __virt_addr_valid+0x1db/0x2d0 [ 15.690203] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.690226] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.690250] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.690274] kasan_report+0x141/0x180 [ 15.690297] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.690326] __asan_report_load4_noabort+0x18/0x20 [ 15.690352] kasan_atomics_helper+0x49ce/0x5450 [ 15.690376] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.690401] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.690427] ? kasan_atomics+0x152/0x310 [ 15.690491] kasan_atomics+0x1dc/0x310 [ 15.690517] ? __pfx_kasan_atomics+0x10/0x10 [ 15.690541] ? trace_hardirqs_on+0x37/0xe0 [ 15.690577] ? __pfx_read_tsc+0x10/0x10 [ 15.690598] ? ktime_get_ts64+0x86/0x230 [ 15.690623] kunit_try_run_case+0x1a5/0x480 [ 15.690648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.690674] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.690700] ? __kthread_parkme+0x82/0x180 [ 15.690722] ? preempt_count_sub+0x50/0x80 [ 15.690747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.690772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.690797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.690872] kthread+0x337/0x6f0 [ 15.690894] ? trace_preempt_on+0x20/0xc0 [ 15.690920] ? __pfx_kthread+0x10/0x10 [ 15.690948] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.690971] ? calculate_sigpending+0x7b/0xa0 [ 15.690996] ? __pfx_kthread+0x10/0x10 [ 15.691019] ret_from_fork+0x116/0x1d0 [ 15.691051] ? __pfx_kthread+0x10/0x10 [ 15.691073] ret_from_fork_asm+0x1a/0x30 [ 15.691104] </TASK> [ 15.691116] [ 15.699646] Allocated by task 282: [ 15.699833] kasan_save_stack+0x45/0x70 [ 15.700070] kasan_save_track+0x18/0x40 [ 15.700389] kasan_save_alloc_info+0x3b/0x50 [ 15.700548] __kasan_kmalloc+0xb7/0xc0 [ 15.700686] __kmalloc_cache_noprof+0x189/0x420 [ 15.701092] kasan_atomics+0x95/0x310 [ 15.701321] kunit_try_run_case+0x1a5/0x480 [ 15.701537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.701894] kthread+0x337/0x6f0 [ 15.702119] ret_from_fork+0x116/0x1d0 [ 15.702312] ret_from_fork_asm+0x1a/0x30 [ 15.702519] [ 15.702596] The buggy address belongs to the object at ffff8881027b3900 [ 15.702596] which belongs to the cache kmalloc-64 of size 64 [ 15.702994] The buggy address is located 0 bytes to the right of [ 15.702994] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.703691] [ 15.703796] The buggy address belongs to the physical page: [ 15.704382] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.704728] flags: 0x200000000000000(node=0|zone=2) [ 15.704894] page_type: f5(slab) [ 15.705082] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.705431] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.705773] page dumped because: kasan: bad access detected [ 15.706135] [ 15.706238] Memory state around the buggy address: [ 15.706503] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.706865] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.707207] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.707427] ^ [ 15.707645] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.708191] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.708569] ================================================================== [ 15.335755] ================================================================== [ 15.336314] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 15.336649] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.337118] [ 15.337206] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.337254] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.337278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.337298] Call Trace: [ 15.337314] <TASK> [ 15.337329] dump_stack_lvl+0x73/0xb0 [ 15.337371] print_report+0xd1/0x650 [ 15.337395] ? __virt_addr_valid+0x1db/0x2d0 [ 15.337418] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.337441] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.337465] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.337489] kasan_report+0x141/0x180 [ 15.337512] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.337539] kasan_check_range+0x10c/0x1c0 [ 15.337564] __kasan_check_write+0x18/0x20 [ 15.337586] kasan_atomics_helper+0xb6a/0x5450 [ 15.337609] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.337634] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.337660] ? kasan_atomics+0x152/0x310 [ 15.337688] kasan_atomics+0x1dc/0x310 [ 15.337711] ? __pfx_kasan_atomics+0x10/0x10 [ 15.337735] ? trace_hardirqs_on+0x37/0xe0 [ 15.337760] ? __pfx_read_tsc+0x10/0x10 [ 15.337781] ? ktime_get_ts64+0x86/0x230 [ 15.337806] kunit_try_run_case+0x1a5/0x480 [ 15.337832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.337857] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.337925] ? __kthread_parkme+0x82/0x180 [ 15.337969] ? preempt_count_sub+0x50/0x80 [ 15.337995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.338020] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.338055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.338091] kthread+0x337/0x6f0 [ 15.338111] ? trace_preempt_on+0x20/0xc0 [ 15.338134] ? __pfx_kthread+0x10/0x10 [ 15.338166] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.338190] ? calculate_sigpending+0x7b/0xa0 [ 15.338215] ? __pfx_kthread+0x10/0x10 [ 15.338238] ret_from_fork+0x116/0x1d0 [ 15.338258] ? __pfx_kthread+0x10/0x10 [ 15.338279] ret_from_fork_asm+0x1a/0x30 [ 15.338320] </TASK> [ 15.338330] [ 15.346654] Allocated by task 282: [ 15.346824] kasan_save_stack+0x45/0x70 [ 15.347256] kasan_save_track+0x18/0x40 [ 15.347432] kasan_save_alloc_info+0x3b/0x50 [ 15.347651] __kasan_kmalloc+0xb7/0xc0 [ 15.347914] __kmalloc_cache_noprof+0x189/0x420 [ 15.348151] kasan_atomics+0x95/0x310 [ 15.348300] kunit_try_run_case+0x1a5/0x480 [ 15.348449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.348626] kthread+0x337/0x6f0 [ 15.348748] ret_from_fork+0x116/0x1d0 [ 15.348882] ret_from_fork_asm+0x1a/0x30 [ 15.349024] [ 15.349118] The buggy address belongs to the object at ffff8881027b3900 [ 15.349118] which belongs to the cache kmalloc-64 of size 64 [ 15.349473] The buggy address is located 0 bytes to the right of [ 15.349473] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.349839] [ 15.349911] The buggy address belongs to the physical page: [ 15.350095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.350339] flags: 0x200000000000000(node=0|zone=2) [ 15.350504] page_type: f5(slab) [ 15.350623] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.352507] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.352811] page dumped because: kasan: bad access detected [ 15.352998] [ 15.353349] Memory state around the buggy address: [ 15.354190] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.354597] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.355154] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.355629] ^ [ 15.355861] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.356508] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.356924] ================================================================== [ 16.325660] ================================================================== [ 16.326354] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 16.326594] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.326976] [ 16.327103] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.327146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.327159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.327179] Call Trace: [ 16.327194] <TASK> [ 16.327209] dump_stack_lvl+0x73/0xb0 [ 16.327238] print_report+0xd1/0x650 [ 16.327261] ? __virt_addr_valid+0x1db/0x2d0 [ 16.327284] ? kasan_atomics_helper+0x218a/0x5450 [ 16.327306] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.327331] ? kasan_atomics_helper+0x218a/0x5450 [ 16.327354] kasan_report+0x141/0x180 [ 16.327386] ? kasan_atomics_helper+0x218a/0x5450 [ 16.327414] kasan_check_range+0x10c/0x1c0 [ 16.327439] __kasan_check_write+0x18/0x20 [ 16.327460] kasan_atomics_helper+0x218a/0x5450 [ 16.327484] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.327508] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.327535] ? kasan_atomics+0x152/0x310 [ 16.327562] kasan_atomics+0x1dc/0x310 [ 16.327586] ? __pfx_kasan_atomics+0x10/0x10 [ 16.327609] ? trace_hardirqs_on+0x37/0xe0 [ 16.327633] ? __pfx_read_tsc+0x10/0x10 [ 16.327655] ? ktime_get_ts64+0x86/0x230 [ 16.327679] kunit_try_run_case+0x1a5/0x480 [ 16.327703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.327729] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.327756] ? __kthread_parkme+0x82/0x180 [ 16.327777] ? preempt_count_sub+0x50/0x80 [ 16.327802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.327879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.327906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.327952] kthread+0x337/0x6f0 [ 16.327973] ? trace_preempt_on+0x20/0xc0 [ 16.327997] ? __pfx_kthread+0x10/0x10 [ 16.328021] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.328058] ? calculate_sigpending+0x7b/0xa0 [ 16.328084] ? __pfx_kthread+0x10/0x10 [ 16.328107] ret_from_fork+0x116/0x1d0 [ 16.328127] ? __pfx_kthread+0x10/0x10 [ 16.328148] ret_from_fork_asm+0x1a/0x30 [ 16.328179] </TASK> [ 16.328191] [ 16.336151] Allocated by task 282: [ 16.336334] kasan_save_stack+0x45/0x70 [ 16.336534] kasan_save_track+0x18/0x40 [ 16.336729] kasan_save_alloc_info+0x3b/0x50 [ 16.336963] __kasan_kmalloc+0xb7/0xc0 [ 16.337164] __kmalloc_cache_noprof+0x189/0x420 [ 16.337383] kasan_atomics+0x95/0x310 [ 16.337540] kunit_try_run_case+0x1a5/0x480 [ 16.337688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.338115] kthread+0x337/0x6f0 [ 16.338295] ret_from_fork+0x116/0x1d0 [ 16.338468] ret_from_fork_asm+0x1a/0x30 [ 16.338611] [ 16.338683] The buggy address belongs to the object at ffff8881027b3900 [ 16.338683] which belongs to the cache kmalloc-64 of size 64 [ 16.339272] The buggy address is located 0 bytes to the right of [ 16.339272] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.339710] [ 16.339806] The buggy address belongs to the physical page: [ 16.340234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.340588] flags: 0x200000000000000(node=0|zone=2) [ 16.340776] page_type: f5(slab) [ 16.340953] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.341270] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.341505] page dumped because: kasan: bad access detected [ 16.341677] [ 16.341748] Memory state around the buggy address: [ 16.341904] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.342235] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.342561] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.342872] ^ [ 16.343220] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.343566] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.344025] ================================================================== [ 16.381505] ================================================================== [ 16.381884] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 16.382285] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.382583] [ 16.382668] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.382709] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.382721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.382741] Call Trace: [ 16.382755] <TASK> [ 16.382771] dump_stack_lvl+0x73/0xb0 [ 16.382800] print_report+0xd1/0x650 [ 16.382872] ? __virt_addr_valid+0x1db/0x2d0 [ 16.382896] ? kasan_atomics_helper+0x5115/0x5450 [ 16.382919] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.382943] ? kasan_atomics_helper+0x5115/0x5450 [ 16.382967] kasan_report+0x141/0x180 [ 16.382990] ? kasan_atomics_helper+0x5115/0x5450 [ 16.383019] __asan_report_load8_noabort+0x18/0x20 [ 16.383059] kasan_atomics_helper+0x5115/0x5450 [ 16.383083] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.383108] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.383136] ? kasan_atomics+0x152/0x310 [ 16.383167] kasan_atomics+0x1dc/0x310 [ 16.383192] ? __pfx_kasan_atomics+0x10/0x10 [ 16.383216] ? trace_hardirqs_on+0x37/0xe0 [ 16.383240] ? __pfx_read_tsc+0x10/0x10 [ 16.383262] ? ktime_get_ts64+0x86/0x230 [ 16.383287] kunit_try_run_case+0x1a5/0x480 [ 16.383312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.383338] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.383364] ? __kthread_parkme+0x82/0x180 [ 16.383385] ? preempt_count_sub+0x50/0x80 [ 16.383411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.383436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.383462] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.383489] kthread+0x337/0x6f0 [ 16.383509] ? trace_preempt_on+0x20/0xc0 [ 16.383532] ? __pfx_kthread+0x10/0x10 [ 16.383554] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.383576] ? calculate_sigpending+0x7b/0xa0 [ 16.383602] ? __pfx_kthread+0x10/0x10 [ 16.383624] ret_from_fork+0x116/0x1d0 [ 16.383643] ? __pfx_kthread+0x10/0x10 [ 16.383665] ret_from_fork_asm+0x1a/0x30 [ 16.383697] </TASK> [ 16.383707] [ 16.391469] Allocated by task 282: [ 16.391607] kasan_save_stack+0x45/0x70 [ 16.391753] kasan_save_track+0x18/0x40 [ 16.391889] kasan_save_alloc_info+0x3b/0x50 [ 16.392055] __kasan_kmalloc+0xb7/0xc0 [ 16.392191] __kmalloc_cache_noprof+0x189/0x420 [ 16.392540] kasan_atomics+0x95/0x310 [ 16.393040] kunit_try_run_case+0x1a5/0x480 [ 16.393272] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.393541] kthread+0x337/0x6f0 [ 16.393713] ret_from_fork+0x116/0x1d0 [ 16.393902] ret_from_fork_asm+0x1a/0x30 [ 16.394114] [ 16.394210] The buggy address belongs to the object at ffff8881027b3900 [ 16.394210] which belongs to the cache kmalloc-64 of size 64 [ 16.394623] The buggy address is located 0 bytes to the right of [ 16.394623] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.395268] [ 16.395346] The buggy address belongs to the physical page: [ 16.395521] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.395763] flags: 0x200000000000000(node=0|zone=2) [ 16.395925] page_type: f5(slab) [ 16.396071] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.396306] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.396595] page dumped because: kasan: bad access detected [ 16.396770] [ 16.397104] Memory state around the buggy address: [ 16.397283] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.397503] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.397718] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.397931] ^ [ 16.398154] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.398470] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.398778] ================================================================== [ 15.122265] ================================================================== [ 15.123098] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 15.123751] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.124473] [ 15.124649] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.124693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.124706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.124727] Call Trace: [ 15.124742] <TASK> [ 15.124758] dump_stack_lvl+0x73/0xb0 [ 15.124786] print_report+0xd1/0x650 [ 15.124886] ? __virt_addr_valid+0x1db/0x2d0 [ 15.124912] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.124935] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.124976] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.124999] kasan_report+0x141/0x180 [ 15.125022] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.125060] kasan_check_range+0x10c/0x1c0 [ 15.125086] __kasan_check_write+0x18/0x20 [ 15.125107] kasan_atomics_helper+0x5fe/0x5450 [ 15.125131] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.125156] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.125182] ? kasan_atomics+0x152/0x310 [ 15.125209] kasan_atomics+0x1dc/0x310 [ 15.125233] ? __pfx_kasan_atomics+0x10/0x10 [ 15.125256] ? trace_hardirqs_on+0x37/0xe0 [ 15.125281] ? __pfx_read_tsc+0x10/0x10 [ 15.125303] ? ktime_get_ts64+0x86/0x230 [ 15.125328] kunit_try_run_case+0x1a5/0x480 [ 15.125352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.125378] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.125404] ? __kthread_parkme+0x82/0x180 [ 15.125425] ? preempt_count_sub+0x50/0x80 [ 15.125450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.125476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.125502] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.125529] kthread+0x337/0x6f0 [ 15.125549] ? trace_preempt_on+0x20/0xc0 [ 15.125572] ? __pfx_kthread+0x10/0x10 [ 15.125593] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.125616] ? calculate_sigpending+0x7b/0xa0 [ 15.125642] ? __pfx_kthread+0x10/0x10 [ 15.125664] ret_from_fork+0x116/0x1d0 [ 15.125683] ? __pfx_kthread+0x10/0x10 [ 15.125705] ret_from_fork_asm+0x1a/0x30 [ 15.125736] </TASK> [ 15.125747] [ 15.138290] Allocated by task 282: [ 15.138460] kasan_save_stack+0x45/0x70 [ 15.138607] kasan_save_track+0x18/0x40 [ 15.138746] kasan_save_alloc_info+0x3b/0x50 [ 15.139196] __kasan_kmalloc+0xb7/0xc0 [ 15.139566] __kmalloc_cache_noprof+0x189/0x420 [ 15.140062] kasan_atomics+0x95/0x310 [ 15.140412] kunit_try_run_case+0x1a5/0x480 [ 15.140809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.141352] kthread+0x337/0x6f0 [ 15.141487] ret_from_fork+0x116/0x1d0 [ 15.141627] ret_from_fork_asm+0x1a/0x30 [ 15.141769] [ 15.142038] The buggy address belongs to the object at ffff8881027b3900 [ 15.142038] which belongs to the cache kmalloc-64 of size 64 [ 15.143300] The buggy address is located 0 bytes to the right of [ 15.143300] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.144512] [ 15.144660] The buggy address belongs to the physical page: [ 15.144980] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.145651] flags: 0x200000000000000(node=0|zone=2) [ 15.146102] page_type: f5(slab) [ 15.146241] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.146474] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.146701] page dumped because: kasan: bad access detected [ 15.147139] [ 15.147297] Memory state around the buggy address: [ 15.147704] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.148709] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.149464] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.150177] ^ [ 15.150624] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.151001] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.151714] ================================================================== [ 16.362419] ================================================================== [ 16.362687] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 16.363218] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.363491] [ 16.363575] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.363616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.363629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.363650] Call Trace: [ 16.363663] <TASK> [ 16.363677] dump_stack_lvl+0x73/0xb0 [ 16.363705] print_report+0xd1/0x650 [ 16.363728] ? __virt_addr_valid+0x1db/0x2d0 [ 16.363751] ? kasan_atomics_helper+0x224c/0x5450 [ 16.363774] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.363798] ? kasan_atomics_helper+0x224c/0x5450 [ 16.363821] kasan_report+0x141/0x180 [ 16.363845] ? kasan_atomics_helper+0x224c/0x5450 [ 16.363873] kasan_check_range+0x10c/0x1c0 [ 16.363898] __kasan_check_write+0x18/0x20 [ 16.363918] kasan_atomics_helper+0x224c/0x5450 [ 16.364004] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.364043] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.364070] ? kasan_atomics+0x152/0x310 [ 16.364098] kasan_atomics+0x1dc/0x310 [ 16.364122] ? __pfx_kasan_atomics+0x10/0x10 [ 16.364146] ? trace_hardirqs_on+0x37/0xe0 [ 16.364170] ? __pfx_read_tsc+0x10/0x10 [ 16.364192] ? ktime_get_ts64+0x86/0x230 [ 16.364215] kunit_try_run_case+0x1a5/0x480 [ 16.364240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.364266] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.364292] ? __kthread_parkme+0x82/0x180 [ 16.364314] ? preempt_count_sub+0x50/0x80 [ 16.364338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.364364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.364390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.364416] kthread+0x337/0x6f0 [ 16.364436] ? trace_preempt_on+0x20/0xc0 [ 16.364459] ? __pfx_kthread+0x10/0x10 [ 16.364481] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.364504] ? calculate_sigpending+0x7b/0xa0 [ 16.364528] ? __pfx_kthread+0x10/0x10 [ 16.364551] ret_from_fork+0x116/0x1d0 [ 16.364570] ? __pfx_kthread+0x10/0x10 [ 16.364591] ret_from_fork_asm+0x1a/0x30 [ 16.364623] </TASK> [ 16.364633] [ 16.373069] Allocated by task 282: [ 16.373239] kasan_save_stack+0x45/0x70 [ 16.373418] kasan_save_track+0x18/0x40 [ 16.373589] kasan_save_alloc_info+0x3b/0x50 [ 16.373787] __kasan_kmalloc+0xb7/0xc0 [ 16.373998] __kmalloc_cache_noprof+0x189/0x420 [ 16.374181] kasan_atomics+0x95/0x310 [ 16.374317] kunit_try_run_case+0x1a5/0x480 [ 16.374465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.374643] kthread+0x337/0x6f0 [ 16.374764] ret_from_fork+0x116/0x1d0 [ 16.374897] ret_from_fork_asm+0x1a/0x30 [ 16.375045] [ 16.375117] The buggy address belongs to the object at ffff8881027b3900 [ 16.375117] which belongs to the cache kmalloc-64 of size 64 [ 16.375612] The buggy address is located 0 bytes to the right of [ 16.375612] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.376387] [ 16.376486] The buggy address belongs to the physical page: [ 16.376735] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.377089] flags: 0x200000000000000(node=0|zone=2) [ 16.377440] page_type: f5(slab) [ 16.377785] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.378212] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.378445] page dumped because: kasan: bad access detected [ 16.378616] [ 16.378686] Memory state around the buggy address: [ 16.378996] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.379339] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.379658] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.380314] ^ [ 16.380523] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.380792] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.381174] ================================================================== [ 15.068775] ================================================================== [ 15.069209] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 15.069591] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.070109] [ 15.070226] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.070270] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.070282] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.070303] Call Trace: [ 15.070318] <TASK> [ 15.070334] dump_stack_lvl+0x73/0xb0 [ 15.070364] print_report+0xd1/0x650 [ 15.070387] ? __virt_addr_valid+0x1db/0x2d0 [ 15.070410] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.070475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.070501] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.070525] kasan_report+0x141/0x180 [ 15.070549] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.070610] __asan_report_store4_noabort+0x1b/0x30 [ 15.070638] kasan_atomics_helper+0x4b3a/0x5450 [ 15.070662] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.070686] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.070712] ? kasan_atomics+0x152/0x310 [ 15.070740] kasan_atomics+0x1dc/0x310 [ 15.070765] ? __pfx_kasan_atomics+0x10/0x10 [ 15.070789] ? trace_hardirqs_on+0x37/0xe0 [ 15.070937] ? __pfx_read_tsc+0x10/0x10 [ 15.070961] ? ktime_get_ts64+0x86/0x230 [ 15.070985] kunit_try_run_case+0x1a5/0x480 [ 15.071036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.071065] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.071092] ? __kthread_parkme+0x82/0x180 [ 15.071113] ? preempt_count_sub+0x50/0x80 [ 15.071138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.071164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.071190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.071217] kthread+0x337/0x6f0 [ 15.071236] ? trace_preempt_on+0x20/0xc0 [ 15.071259] ? __pfx_kthread+0x10/0x10 [ 15.071281] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.071304] ? calculate_sigpending+0x7b/0xa0 [ 15.071329] ? __pfx_kthread+0x10/0x10 [ 15.071352] ret_from_fork+0x116/0x1d0 [ 15.071371] ? __pfx_kthread+0x10/0x10 [ 15.071393] ret_from_fork_asm+0x1a/0x30 [ 15.071424] </TASK> [ 15.071436] [ 15.080415] Allocated by task 282: [ 15.080587] kasan_save_stack+0x45/0x70 [ 15.080791] kasan_save_track+0x18/0x40 [ 15.080990] kasan_save_alloc_info+0x3b/0x50 [ 15.081201] __kasan_kmalloc+0xb7/0xc0 [ 15.081382] __kmalloc_cache_noprof+0x189/0x420 [ 15.081606] kasan_atomics+0x95/0x310 [ 15.081779] kunit_try_run_case+0x1a5/0x480 [ 15.081954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.082307] kthread+0x337/0x6f0 [ 15.082441] ret_from_fork+0x116/0x1d0 [ 15.082578] ret_from_fork_asm+0x1a/0x30 [ 15.082722] [ 15.082848] The buggy address belongs to the object at ffff8881027b3900 [ 15.082848] which belongs to the cache kmalloc-64 of size 64 [ 15.083376] The buggy address is located 0 bytes to the right of [ 15.083376] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.084228] [ 15.084332] The buggy address belongs to the physical page: [ 15.084650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.085013] flags: 0x200000000000000(node=0|zone=2) [ 15.085208] page_type: f5(slab) [ 15.088192] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.088526] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.088873] page dumped because: kasan: bad access detected [ 15.089095] [ 15.089174] Memory state around the buggy address: [ 15.089368] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.089683] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.090432] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.090648] ^ [ 15.090803] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.091010] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.091338] ================================================================== [ 16.080498] ================================================================== [ 16.080842] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 16.081367] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.081683] [ 16.081774] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.082141] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.082159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.082180] Call Trace: [ 16.082198] <TASK> [ 16.082212] dump_stack_lvl+0x73/0xb0 [ 16.082344] print_report+0xd1/0x650 [ 16.082367] ? __virt_addr_valid+0x1db/0x2d0 [ 16.082391] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.082414] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.082438] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.082462] kasan_report+0x141/0x180 [ 16.082485] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.082512] __asan_report_load8_noabort+0x18/0x20 [ 16.082538] kasan_atomics_helper+0x4f30/0x5450 [ 16.082562] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.082586] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.082612] ? kasan_atomics+0x152/0x310 [ 16.082640] kasan_atomics+0x1dc/0x310 [ 16.082663] ? __pfx_kasan_atomics+0x10/0x10 [ 16.082687] ? trace_hardirqs_on+0x37/0xe0 [ 16.082711] ? __pfx_read_tsc+0x10/0x10 [ 16.082733] ? ktime_get_ts64+0x86/0x230 [ 16.082758] kunit_try_run_case+0x1a5/0x480 [ 16.082783] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.082854] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.082885] ? __kthread_parkme+0x82/0x180 [ 16.082907] ? preempt_count_sub+0x50/0x80 [ 16.082932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.082959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.082985] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.083013] kthread+0x337/0x6f0 [ 16.083045] ? trace_preempt_on+0x20/0xc0 [ 16.083068] ? __pfx_kthread+0x10/0x10 [ 16.083090] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.083112] ? calculate_sigpending+0x7b/0xa0 [ 16.083137] ? __pfx_kthread+0x10/0x10 [ 16.083160] ret_from_fork+0x116/0x1d0 [ 16.083178] ? __pfx_kthread+0x10/0x10 [ 16.083200] ret_from_fork_asm+0x1a/0x30 [ 16.083231] </TASK> [ 16.083242] [ 16.093539] Allocated by task 282: [ 16.093694] kasan_save_stack+0x45/0x70 [ 16.094417] kasan_save_track+0x18/0x40 [ 16.094610] kasan_save_alloc_info+0x3b/0x50 [ 16.094779] __kasan_kmalloc+0xb7/0xc0 [ 16.095027] __kmalloc_cache_noprof+0x189/0x420 [ 16.095457] kasan_atomics+0x95/0x310 [ 16.095728] kunit_try_run_case+0x1a5/0x480 [ 16.096253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.096504] kthread+0x337/0x6f0 [ 16.096653] ret_from_fork+0x116/0x1d0 [ 16.096848] ret_from_fork_asm+0x1a/0x30 [ 16.097380] [ 16.097461] The buggy address belongs to the object at ffff8881027b3900 [ 16.097461] which belongs to the cache kmalloc-64 of size 64 [ 16.098289] The buggy address is located 0 bytes to the right of [ 16.098289] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.098951] [ 16.099119] The buggy address belongs to the physical page: [ 16.099455] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.100012] flags: 0x200000000000000(node=0|zone=2) [ 16.100262] page_type: f5(slab) [ 16.100417] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.100848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.101303] page dumped because: kasan: bad access detected [ 16.101547] [ 16.101625] Memory state around the buggy address: [ 16.101838] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.102543] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.103047] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.103440] ^ [ 16.103606] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.104243] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.104614] ================================================================== [ 15.592194] ================================================================== [ 15.592490] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 15.592871] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.593268] [ 15.593357] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.593399] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.593411] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.593432] Call Trace: [ 15.593447] <TASK> [ 15.593463] dump_stack_lvl+0x73/0xb0 [ 15.593492] print_report+0xd1/0x650 [ 15.593515] ? __virt_addr_valid+0x1db/0x2d0 [ 15.593538] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.593561] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.593585] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.593609] kasan_report+0x141/0x180 [ 15.593632] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.593659] __asan_report_load4_noabort+0x18/0x20 [ 15.593686] kasan_atomics_helper+0x4a02/0x5450 [ 15.593710] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.593734] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.593761] ? kasan_atomics+0x152/0x310 [ 15.593788] kasan_atomics+0x1dc/0x310 [ 15.593876] ? __pfx_kasan_atomics+0x10/0x10 [ 15.593901] ? trace_hardirqs_on+0x37/0xe0 [ 15.593944] ? __pfx_read_tsc+0x10/0x10 [ 15.593966] ? ktime_get_ts64+0x86/0x230 [ 15.593991] kunit_try_run_case+0x1a5/0x480 [ 15.594016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.594051] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.594076] ? __kthread_parkme+0x82/0x180 [ 15.594098] ? preempt_count_sub+0x50/0x80 [ 15.594123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.594148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.594173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.594223] kthread+0x337/0x6f0 [ 15.594243] ? trace_preempt_on+0x20/0xc0 [ 15.594267] ? __pfx_kthread+0x10/0x10 [ 15.594288] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.594311] ? calculate_sigpending+0x7b/0xa0 [ 15.594335] ? __pfx_kthread+0x10/0x10 [ 15.594358] ret_from_fork+0x116/0x1d0 [ 15.594377] ? __pfx_kthread+0x10/0x10 [ 15.594399] ret_from_fork_asm+0x1a/0x30 [ 15.594431] </TASK> [ 15.594441] [ 15.605696] Allocated by task 282: [ 15.606121] kasan_save_stack+0x45/0x70 [ 15.606423] kasan_save_track+0x18/0x40 [ 15.606701] kasan_save_alloc_info+0x3b/0x50 [ 15.607043] __kasan_kmalloc+0xb7/0xc0 [ 15.607322] __kmalloc_cache_noprof+0x189/0x420 [ 15.607540] kasan_atomics+0x95/0x310 [ 15.607716] kunit_try_run_case+0x1a5/0x480 [ 15.608164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.608382] kthread+0x337/0x6f0 [ 15.608707] ret_from_fork+0x116/0x1d0 [ 15.609108] ret_from_fork_asm+0x1a/0x30 [ 15.609334] [ 15.609426] The buggy address belongs to the object at ffff8881027b3900 [ 15.609426] which belongs to the cache kmalloc-64 of size 64 [ 15.610178] The buggy address is located 0 bytes to the right of [ 15.610178] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.611112] [ 15.611216] The buggy address belongs to the physical page: [ 15.611975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.613388] flags: 0x200000000000000(node=0|zone=2) [ 15.614076] page_type: f5(slab) [ 15.614209] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.614445] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.614674] page dumped because: kasan: bad access detected [ 15.615540] [ 15.616012] Memory state around the buggy address: [ 15.616641] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.617733] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.618618] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.619789] ^ [ 15.620378] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.620605] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.621266] ================================================================== [ 16.221685] ================================================================== [ 16.222200] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 16.222514] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.222737] [ 16.222820] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.222885] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.222898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.222935] Call Trace: [ 16.222949] <TASK> [ 16.222965] dump_stack_lvl+0x73/0xb0 [ 16.222993] print_report+0xd1/0x650 [ 16.223016] ? __virt_addr_valid+0x1db/0x2d0 [ 16.223048] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.223071] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.223095] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.223118] kasan_report+0x141/0x180 [ 16.223141] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.223169] __asan_report_load8_noabort+0x18/0x20 [ 16.223195] kasan_atomics_helper+0x4f71/0x5450 [ 16.223219] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.223243] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.223270] ? kasan_atomics+0x152/0x310 [ 16.223297] kasan_atomics+0x1dc/0x310 [ 16.223320] ? __pfx_kasan_atomics+0x10/0x10 [ 16.223344] ? trace_hardirqs_on+0x37/0xe0 [ 16.223392] ? __pfx_read_tsc+0x10/0x10 [ 16.223438] ? ktime_get_ts64+0x86/0x230 [ 16.223463] kunit_try_run_case+0x1a5/0x480 [ 16.223488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.223514] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.223540] ? __kthread_parkme+0x82/0x180 [ 16.223561] ? preempt_count_sub+0x50/0x80 [ 16.223586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.223612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.223640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.223669] kthread+0x337/0x6f0 [ 16.223689] ? trace_preempt_on+0x20/0xc0 [ 16.223712] ? __pfx_kthread+0x10/0x10 [ 16.223734] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.223757] ? calculate_sigpending+0x7b/0xa0 [ 16.223783] ? __pfx_kthread+0x10/0x10 [ 16.223813] ret_from_fork+0x116/0x1d0 [ 16.223832] ? __pfx_kthread+0x10/0x10 [ 16.223885] ret_from_fork_asm+0x1a/0x30 [ 16.223932] </TASK> [ 16.223947] [ 16.231861] Allocated by task 282: [ 16.232084] kasan_save_stack+0x45/0x70 [ 16.232291] kasan_save_track+0x18/0x40 [ 16.232482] kasan_save_alloc_info+0x3b/0x50 [ 16.232819] __kasan_kmalloc+0xb7/0xc0 [ 16.233050] __kmalloc_cache_noprof+0x189/0x420 [ 16.233243] kasan_atomics+0x95/0x310 [ 16.233380] kunit_try_run_case+0x1a5/0x480 [ 16.233576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.233902] kthread+0x337/0x6f0 [ 16.234085] ret_from_fork+0x116/0x1d0 [ 16.234262] ret_from_fork_asm+0x1a/0x30 [ 16.234465] [ 16.234559] The buggy address belongs to the object at ffff8881027b3900 [ 16.234559] which belongs to the cache kmalloc-64 of size 64 [ 16.235115] The buggy address is located 0 bytes to the right of [ 16.235115] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.235482] [ 16.235555] The buggy address belongs to the physical page: [ 16.235988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.236352] flags: 0x200000000000000(node=0|zone=2) [ 16.236585] page_type: f5(slab) [ 16.236815] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.237134] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.237465] page dumped because: kasan: bad access detected [ 16.237638] [ 16.237707] Memory state around the buggy address: [ 16.237887] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.238347] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.238681] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.239215] ^ [ 16.239442] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.239744] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.240241] ================================================================== [ 16.240636] ================================================================== [ 16.241089] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 16.241565] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.241855] [ 16.241955] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.241997] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.242011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.242061] Call Trace: [ 16.242077] <TASK> [ 16.242092] dump_stack_lvl+0x73/0xb0 [ 16.242121] print_report+0xd1/0x650 [ 16.242143] ? __virt_addr_valid+0x1db/0x2d0 [ 16.242166] ? kasan_atomics_helper+0x2006/0x5450 [ 16.242189] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.242214] ? kasan_atomics_helper+0x2006/0x5450 [ 16.242237] kasan_report+0x141/0x180 [ 16.242285] ? kasan_atomics_helper+0x2006/0x5450 [ 16.242314] kasan_check_range+0x10c/0x1c0 [ 16.242338] __kasan_check_write+0x18/0x20 [ 16.242359] kasan_atomics_helper+0x2006/0x5450 [ 16.242383] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.242407] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.242433] ? kasan_atomics+0x152/0x310 [ 16.242461] kasan_atomics+0x1dc/0x310 [ 16.242485] ? __pfx_kasan_atomics+0x10/0x10 [ 16.242509] ? trace_hardirqs_on+0x37/0xe0 [ 16.242532] ? __pfx_read_tsc+0x10/0x10 [ 16.242555] ? ktime_get_ts64+0x86/0x230 [ 16.242579] kunit_try_run_case+0x1a5/0x480 [ 16.242603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.242630] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.242657] ? __kthread_parkme+0x82/0x180 [ 16.242678] ? preempt_count_sub+0x50/0x80 [ 16.242703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.242729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.242754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.242819] kthread+0x337/0x6f0 [ 16.242840] ? trace_preempt_on+0x20/0xc0 [ 16.242863] ? __pfx_kthread+0x10/0x10 [ 16.242895] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.242933] ? calculate_sigpending+0x7b/0xa0 [ 16.242958] ? __pfx_kthread+0x10/0x10 [ 16.242981] ret_from_fork+0x116/0x1d0 [ 16.243001] ? __pfx_kthread+0x10/0x10 [ 16.243023] ret_from_fork_asm+0x1a/0x30 [ 16.243063] </TASK> [ 16.243075] [ 16.250870] Allocated by task 282: [ 16.251035] kasan_save_stack+0x45/0x70 [ 16.251245] kasan_save_track+0x18/0x40 [ 16.251448] kasan_save_alloc_info+0x3b/0x50 [ 16.251820] __kasan_kmalloc+0xb7/0xc0 [ 16.252063] __kmalloc_cache_noprof+0x189/0x420 [ 16.252357] kasan_atomics+0x95/0x310 [ 16.252504] kunit_try_run_case+0x1a5/0x480 [ 16.252655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.252834] kthread+0x337/0x6f0 [ 16.252981] ret_from_fork+0x116/0x1d0 [ 16.253180] ret_from_fork_asm+0x1a/0x30 [ 16.253533] [ 16.253651] The buggy address belongs to the object at ffff8881027b3900 [ 16.253651] which belongs to the cache kmalloc-64 of size 64 [ 16.254337] The buggy address is located 0 bytes to the right of [ 16.254337] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.254717] [ 16.254787] The buggy address belongs to the physical page: [ 16.254960] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.255593] flags: 0x200000000000000(node=0|zone=2) [ 16.256148] page_type: f5(slab) [ 16.256546] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.257422] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.258129] page dumped because: kasan: bad access detected [ 16.258747] [ 16.258909] Memory state around the buggy address: [ 16.259415] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.260236] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.260558] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.260765] ^ [ 16.260924] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.261197] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.261503] ================================================================== [ 16.203199] ================================================================== [ 16.203608] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 16.204017] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.204257] [ 16.204344] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.204386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.204423] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.204445] Call Trace: [ 16.204458] <TASK> [ 16.204473] dump_stack_lvl+0x73/0xb0 [ 16.204504] print_report+0xd1/0x650 [ 16.204545] ? __virt_addr_valid+0x1db/0x2d0 [ 16.204569] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.204604] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.204649] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.204673] kasan_report+0x141/0x180 [ 16.204696] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.204723] kasan_check_range+0x10c/0x1c0 [ 16.204748] __kasan_check_write+0x18/0x20 [ 16.204798] kasan_atomics_helper+0x1f43/0x5450 [ 16.204823] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.204847] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.204891] ? kasan_atomics+0x152/0x310 [ 16.204926] kasan_atomics+0x1dc/0x310 [ 16.204950] ? __pfx_kasan_atomics+0x10/0x10 [ 16.204974] ? trace_hardirqs_on+0x37/0xe0 [ 16.204999] ? __pfx_read_tsc+0x10/0x10 [ 16.205020] ? ktime_get_ts64+0x86/0x230 [ 16.205054] kunit_try_run_case+0x1a5/0x480 [ 16.205079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.205105] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.205131] ? __kthread_parkme+0x82/0x180 [ 16.205153] ? preempt_count_sub+0x50/0x80 [ 16.205177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.205203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.205228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.205256] kthread+0x337/0x6f0 [ 16.205306] ? trace_preempt_on+0x20/0xc0 [ 16.205331] ? __pfx_kthread+0x10/0x10 [ 16.205352] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.205375] ? calculate_sigpending+0x7b/0xa0 [ 16.205401] ? __pfx_kthread+0x10/0x10 [ 16.205423] ret_from_fork+0x116/0x1d0 [ 16.205443] ? __pfx_kthread+0x10/0x10 [ 16.205464] ret_from_fork_asm+0x1a/0x30 [ 16.205496] </TASK> [ 16.205507] [ 16.213453] Allocated by task 282: [ 16.213579] kasan_save_stack+0x45/0x70 [ 16.213723] kasan_save_track+0x18/0x40 [ 16.214027] kasan_save_alloc_info+0x3b/0x50 [ 16.214252] __kasan_kmalloc+0xb7/0xc0 [ 16.214462] __kmalloc_cache_noprof+0x189/0x420 [ 16.214706] kasan_atomics+0x95/0x310 [ 16.214903] kunit_try_run_case+0x1a5/0x480 [ 16.215194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.215442] kthread+0x337/0x6f0 [ 16.215582] ret_from_fork+0x116/0x1d0 [ 16.215754] ret_from_fork_asm+0x1a/0x30 [ 16.215967] [ 16.216075] The buggy address belongs to the object at ffff8881027b3900 [ 16.216075] which belongs to the cache kmalloc-64 of size 64 [ 16.216625] The buggy address is located 0 bytes to the right of [ 16.216625] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.217105] [ 16.217179] The buggy address belongs to the physical page: [ 16.217353] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.217594] flags: 0x200000000000000(node=0|zone=2) [ 16.217868] page_type: f5(slab) [ 16.218068] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.218555] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.218961] page dumped because: kasan: bad access detected [ 16.219155] [ 16.219225] Memory state around the buggy address: [ 16.219380] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.219597] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.219967] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.220300] ^ [ 16.220570] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.220964] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.221265] ================================================================== [ 14.911523] ================================================================== [ 14.912194] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 14.912513] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 14.912803] [ 14.912915] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.912959] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.912969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.912990] Call Trace: [ 14.913015] <TASK> [ 14.913041] dump_stack_lvl+0x73/0xb0 [ 14.913072] print_report+0xd1/0x650 [ 14.913094] ? __virt_addr_valid+0x1db/0x2d0 [ 14.913117] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.913140] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.913164] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.913186] kasan_report+0x141/0x180 [ 14.913207] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.913234] __asan_report_load4_noabort+0x18/0x20 [ 14.913259] kasan_atomics_helper+0x4bbc/0x5450 [ 14.913283] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.913305] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.913330] ? kasan_atomics+0x152/0x310 [ 14.913356] kasan_atomics+0x1dc/0x310 [ 14.913378] ? __pfx_kasan_atomics+0x10/0x10 [ 14.913401] ? trace_hardirqs_on+0x37/0xe0 [ 14.913424] ? __pfx_read_tsc+0x10/0x10 [ 14.913445] ? ktime_get_ts64+0x86/0x230 [ 14.913469] kunit_try_run_case+0x1a5/0x480 [ 14.913494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.913519] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.913544] ? __kthread_parkme+0x82/0x180 [ 14.913564] ? preempt_count_sub+0x50/0x80 [ 14.913588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.913612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.913636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.913662] kthread+0x337/0x6f0 [ 14.913681] ? trace_preempt_on+0x20/0xc0 [ 14.913704] ? __pfx_kthread+0x10/0x10 [ 14.913723] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.913745] ? calculate_sigpending+0x7b/0xa0 [ 14.913769] ? __pfx_kthread+0x10/0x10 [ 14.913790] ret_from_fork+0x116/0x1d0 [ 14.913808] ? __pfx_kthread+0x10/0x10 [ 14.913829] ret_from_fork_asm+0x1a/0x30 [ 14.913860] </TASK> [ 14.913870] [ 14.925113] Allocated by task 282: [ 14.925292] kasan_save_stack+0x45/0x70 [ 14.925476] kasan_save_track+0x18/0x40 [ 14.925638] kasan_save_alloc_info+0x3b/0x50 [ 14.925832] __kasan_kmalloc+0xb7/0xc0 [ 14.925992] __kmalloc_cache_noprof+0x189/0x420 [ 14.927071] kasan_atomics+0x95/0x310 [ 14.927385] kunit_try_run_case+0x1a5/0x480 [ 14.927697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.928074] kthread+0x337/0x6f0 [ 14.928487] ret_from_fork+0x116/0x1d0 [ 14.928779] ret_from_fork_asm+0x1a/0x30 [ 14.929194] [ 14.929291] The buggy address belongs to the object at ffff8881027b3900 [ 14.929291] which belongs to the cache kmalloc-64 of size 64 [ 14.929761] The buggy address is located 0 bytes to the right of [ 14.929761] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 14.930788] [ 14.931064] The buggy address belongs to the physical page: [ 14.931578] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 14.932126] flags: 0x200000000000000(node=0|zone=2) [ 14.932464] page_type: f5(slab) [ 14.932740] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.933315] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.933702] page dumped because: kasan: bad access detected [ 14.934150] [ 14.934382] Memory state around the buggy address: [ 14.934780] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.935247] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.935571] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.935873] ^ [ 14.936545] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.937054] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.937353] ================================================================== [ 15.666427] ================================================================== [ 15.666722] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 15.667251] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.667710] [ 15.667873] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.667960] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.667974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.668007] Call Trace: [ 15.668024] <TASK> [ 15.668082] dump_stack_lvl+0x73/0xb0 [ 15.668115] print_report+0xd1/0x650 [ 15.668137] ? __virt_addr_valid+0x1db/0x2d0 [ 15.668171] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.668194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.668219] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.668242] kasan_report+0x141/0x180 [ 15.668264] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.668292] kasan_check_range+0x10c/0x1c0 [ 15.668318] __kasan_check_write+0x18/0x20 [ 15.668339] kasan_atomics_helper+0x12e6/0x5450 [ 15.668363] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.668387] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.668413] ? kasan_atomics+0x152/0x310 [ 15.668467] kasan_atomics+0x1dc/0x310 [ 15.668492] ? __pfx_kasan_atomics+0x10/0x10 [ 15.668516] ? trace_hardirqs_on+0x37/0xe0 [ 15.668552] ? __pfx_read_tsc+0x10/0x10 [ 15.668574] ? ktime_get_ts64+0x86/0x230 [ 15.668624] kunit_try_run_case+0x1a5/0x480 [ 15.668649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.668676] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.668713] ? __kthread_parkme+0x82/0x180 [ 15.668734] ? preempt_count_sub+0x50/0x80 [ 15.668758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.668794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.668868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.668896] kthread+0x337/0x6f0 [ 15.668917] ? trace_preempt_on+0x20/0xc0 [ 15.668940] ? __pfx_kthread+0x10/0x10 [ 15.668962] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.668985] ? calculate_sigpending+0x7b/0xa0 [ 15.669009] ? __pfx_kthread+0x10/0x10 [ 15.669043] ret_from_fork+0x116/0x1d0 [ 15.669062] ? __pfx_kthread+0x10/0x10 [ 15.669085] ret_from_fork_asm+0x1a/0x30 [ 15.669116] </TASK> [ 15.669126] [ 15.678200] Allocated by task 282: [ 15.678379] kasan_save_stack+0x45/0x70 [ 15.678579] kasan_save_track+0x18/0x40 [ 15.678757] kasan_save_alloc_info+0x3b/0x50 [ 15.678955] __kasan_kmalloc+0xb7/0xc0 [ 15.679335] __kmalloc_cache_noprof+0x189/0x420 [ 15.679504] kasan_atomics+0x95/0x310 [ 15.679637] kunit_try_run_case+0x1a5/0x480 [ 15.679779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.679958] kthread+0x337/0x6f0 [ 15.680090] ret_from_fork+0x116/0x1d0 [ 15.680224] ret_from_fork_asm+0x1a/0x30 [ 15.680515] [ 15.680854] The buggy address belongs to the object at ffff8881027b3900 [ 15.680854] which belongs to the cache kmalloc-64 of size 64 [ 15.682074] The buggy address is located 0 bytes to the right of [ 15.682074] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.682683] [ 15.682783] The buggy address belongs to the physical page: [ 15.683189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.683590] flags: 0x200000000000000(node=0|zone=2) [ 15.683808] page_type: f5(slab) [ 15.684166] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.684420] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.684672] page dumped because: kasan: bad access detected [ 15.685288] [ 15.685578] Memory state around the buggy address: [ 15.685808] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.686261] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.686554] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.686977] ^ [ 15.687248] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.687539] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.687994] ================================================================== [ 15.937174] ================================================================== [ 15.937512] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 15.937822] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.938223] [ 15.938355] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.938397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.938410] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.938430] Call Trace: [ 15.938445] <TASK> [ 15.938460] dump_stack_lvl+0x73/0xb0 [ 15.938490] print_report+0xd1/0x650 [ 15.938513] ? __virt_addr_valid+0x1db/0x2d0 [ 15.938536] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.938559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.938594] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.938624] kasan_report+0x141/0x180 [ 15.938654] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.938682] kasan_check_range+0x10c/0x1c0 [ 15.938706] __kasan_check_write+0x18/0x20 [ 15.938728] kasan_atomics_helper+0x18b1/0x5450 [ 15.938762] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.938787] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.938819] ? kasan_atomics+0x152/0x310 [ 15.938857] kasan_atomics+0x1dc/0x310 [ 15.938882] ? __pfx_kasan_atomics+0x10/0x10 [ 15.938906] ? trace_hardirqs_on+0x37/0xe0 [ 15.938939] ? __pfx_read_tsc+0x10/0x10 [ 15.938961] ? ktime_get_ts64+0x86/0x230 [ 15.938986] kunit_try_run_case+0x1a5/0x480 [ 15.939011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.939057] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.939084] ? __kthread_parkme+0x82/0x180 [ 15.939104] ? preempt_count_sub+0x50/0x80 [ 15.939139] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.939165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.939190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.939226] kthread+0x337/0x6f0 [ 15.939246] ? trace_preempt_on+0x20/0xc0 [ 15.939269] ? __pfx_kthread+0x10/0x10 [ 15.939290] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.939323] ? calculate_sigpending+0x7b/0xa0 [ 15.939348] ? __pfx_kthread+0x10/0x10 [ 15.939370] ret_from_fork+0x116/0x1d0 [ 15.939398] ? __pfx_kthread+0x10/0x10 [ 15.939420] ret_from_fork_asm+0x1a/0x30 [ 15.939451] </TASK> [ 15.939472] [ 15.947607] Allocated by task 282: [ 15.947892] kasan_save_stack+0x45/0x70 [ 15.948325] kasan_save_track+0x18/0x40 [ 15.948499] kasan_save_alloc_info+0x3b/0x50 [ 15.948649] __kasan_kmalloc+0xb7/0xc0 [ 15.948782] __kmalloc_cache_noprof+0x189/0x420 [ 15.948939] kasan_atomics+0x95/0x310 [ 15.949083] kunit_try_run_case+0x1a5/0x480 [ 15.949457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.949714] kthread+0x337/0x6f0 [ 15.949907] ret_from_fork+0x116/0x1d0 [ 15.950119] ret_from_fork_asm+0x1a/0x30 [ 15.950344] [ 15.950484] The buggy address belongs to the object at ffff8881027b3900 [ 15.950484] which belongs to the cache kmalloc-64 of size 64 [ 15.950942] The buggy address is located 0 bytes to the right of [ 15.950942] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.951591] [ 15.951684] The buggy address belongs to the physical page: [ 15.952094] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.952412] flags: 0x200000000000000(node=0|zone=2) [ 15.952577] page_type: f5(slab) [ 15.952717] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.953135] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.953680] page dumped because: kasan: bad access detected [ 15.953950] [ 15.954021] Memory state around the buggy address: [ 15.954340] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.954706] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.955014] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.955302] ^ [ 15.955457] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.955674] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.955888] ================================================================== [ 15.295039] ================================================================== [ 15.295629] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 15.296139] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.296454] [ 15.296572] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.296616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.296640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.296661] Call Trace: [ 15.296677] <TASK> [ 15.296692] dump_stack_lvl+0x73/0xb0 [ 15.296721] print_report+0xd1/0x650 [ 15.296744] ? __virt_addr_valid+0x1db/0x2d0 [ 15.296776] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.296799] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.296823] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.296857] kasan_report+0x141/0x180 [ 15.296880] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.296908] kasan_check_range+0x10c/0x1c0 [ 15.296933] __kasan_check_write+0x18/0x20 [ 15.296983] kasan_atomics_helper+0xa2b/0x5450 [ 15.297008] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.297081] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.297111] ? kasan_atomics+0x152/0x310 [ 15.297139] kasan_atomics+0x1dc/0x310 [ 15.297163] ? __pfx_kasan_atomics+0x10/0x10 [ 15.297187] ? trace_hardirqs_on+0x37/0xe0 [ 15.297212] ? __pfx_read_tsc+0x10/0x10 [ 15.297234] ? ktime_get_ts64+0x86/0x230 [ 15.297271] kunit_try_run_case+0x1a5/0x480 [ 15.297297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.297336] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.297362] ? __kthread_parkme+0x82/0x180 [ 15.297383] ? preempt_count_sub+0x50/0x80 [ 15.297407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.297441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.297467] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.297493] kthread+0x337/0x6f0 [ 15.297524] ? trace_preempt_on+0x20/0xc0 [ 15.297547] ? __pfx_kthread+0x10/0x10 [ 15.297568] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.297599] ? calculate_sigpending+0x7b/0xa0 [ 15.297625] ? __pfx_kthread+0x10/0x10 [ 15.297647] ret_from_fork+0x116/0x1d0 [ 15.297677] ? __pfx_kthread+0x10/0x10 [ 15.297698] ret_from_fork_asm+0x1a/0x30 [ 15.297729] </TASK> [ 15.297748] [ 15.306481] Allocated by task 282: [ 15.306673] kasan_save_stack+0x45/0x70 [ 15.306906] kasan_save_track+0x18/0x40 [ 15.307317] kasan_save_alloc_info+0x3b/0x50 [ 15.307519] __kasan_kmalloc+0xb7/0xc0 [ 15.307722] __kmalloc_cache_noprof+0x189/0x420 [ 15.308052] kasan_atomics+0x95/0x310 [ 15.308249] kunit_try_run_case+0x1a5/0x480 [ 15.308451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.308689] kthread+0x337/0x6f0 [ 15.308930] ret_from_fork+0x116/0x1d0 [ 15.309120] ret_from_fork_asm+0x1a/0x30 [ 15.309321] [ 15.309435] The buggy address belongs to the object at ffff8881027b3900 [ 15.309435] which belongs to the cache kmalloc-64 of size 64 [ 15.310080] The buggy address is located 0 bytes to the right of [ 15.310080] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.310485] [ 15.310561] The buggy address belongs to the physical page: [ 15.310732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.311153] flags: 0x200000000000000(node=0|zone=2) [ 15.311448] page_type: f5(slab) [ 15.311617] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.312237] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.312569] page dumped because: kasan: bad access detected [ 15.312747] [ 15.312864] Memory state around the buggy address: [ 15.313279] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.313766] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.313990] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.314650] ^ [ 15.314980] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.315299] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.315535] ================================================================== [ 15.152487] ================================================================== [ 15.153152] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 15.153773] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.154473] [ 15.154564] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.154608] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.154621] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.154641] Call Trace: [ 15.154657] <TASK> [ 15.154673] dump_stack_lvl+0x73/0xb0 [ 15.154702] print_report+0xd1/0x650 [ 15.154725] ? __virt_addr_valid+0x1db/0x2d0 [ 15.154749] ? kasan_atomics_helper+0x697/0x5450 [ 15.154771] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.154796] ? kasan_atomics_helper+0x697/0x5450 [ 15.154864] kasan_report+0x141/0x180 [ 15.154888] ? kasan_atomics_helper+0x697/0x5450 [ 15.154916] kasan_check_range+0x10c/0x1c0 [ 15.154941] __kasan_check_write+0x18/0x20 [ 15.154974] kasan_atomics_helper+0x697/0x5450 [ 15.154999] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.155023] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.155060] ? kasan_atomics+0x152/0x310 [ 15.155088] kasan_atomics+0x1dc/0x310 [ 15.155111] ? __pfx_kasan_atomics+0x10/0x10 [ 15.155135] ? trace_hardirqs_on+0x37/0xe0 [ 15.155159] ? __pfx_read_tsc+0x10/0x10 [ 15.155181] ? ktime_get_ts64+0x86/0x230 [ 15.155205] kunit_try_run_case+0x1a5/0x480 [ 15.155230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.155257] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.155284] ? __kthread_parkme+0x82/0x180 [ 15.155305] ? preempt_count_sub+0x50/0x80 [ 15.155330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.155357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.155382] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.155409] kthread+0x337/0x6f0 [ 15.155429] ? trace_preempt_on+0x20/0xc0 [ 15.155452] ? __pfx_kthread+0x10/0x10 [ 15.155474] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.155497] ? calculate_sigpending+0x7b/0xa0 [ 15.155521] ? __pfx_kthread+0x10/0x10 [ 15.155544] ret_from_fork+0x116/0x1d0 [ 15.155564] ? __pfx_kthread+0x10/0x10 [ 15.155586] ret_from_fork_asm+0x1a/0x30 [ 15.155617] </TASK> [ 15.155628] [ 15.169966] Allocated by task 282: [ 15.170115] kasan_save_stack+0x45/0x70 [ 15.170426] kasan_save_track+0x18/0x40 [ 15.170621] kasan_save_alloc_info+0x3b/0x50 [ 15.170827] __kasan_kmalloc+0xb7/0xc0 [ 15.171073] __kmalloc_cache_noprof+0x189/0x420 [ 15.171237] kasan_atomics+0x95/0x310 [ 15.171397] kunit_try_run_case+0x1a5/0x480 [ 15.171606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.171861] kthread+0x337/0x6f0 [ 15.172129] ret_from_fork+0x116/0x1d0 [ 15.172273] ret_from_fork_asm+0x1a/0x30 [ 15.172490] [ 15.172585] The buggy address belongs to the object at ffff8881027b3900 [ 15.172585] which belongs to the cache kmalloc-64 of size 64 [ 15.173166] The buggy address is located 0 bytes to the right of [ 15.173166] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.173591] [ 15.173690] The buggy address belongs to the physical page: [ 15.173968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.174448] flags: 0x200000000000000(node=0|zone=2) [ 15.174658] page_type: f5(slab) [ 15.174823] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.175497] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.175819] page dumped because: kasan: bad access detected [ 15.176189] [ 15.176266] Memory state around the buggy address: [ 15.176424] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.176738] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.177172] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.177513] ^ [ 15.177743] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.178157] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.178445] ================================================================== [ 15.453351] ================================================================== [ 15.453700] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 15.454368] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.454710] [ 15.454915] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.455003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.455017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.455050] Call Trace: [ 15.455065] <TASK> [ 15.455080] dump_stack_lvl+0x73/0xb0 [ 15.455111] print_report+0xd1/0x650 [ 15.455133] ? __virt_addr_valid+0x1db/0x2d0 [ 15.455157] ? kasan_atomics_helper+0xe78/0x5450 [ 15.455180] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.455204] ? kasan_atomics_helper+0xe78/0x5450 [ 15.455227] kasan_report+0x141/0x180 [ 15.455285] ? kasan_atomics_helper+0xe78/0x5450 [ 15.455314] kasan_check_range+0x10c/0x1c0 [ 15.455340] __kasan_check_write+0x18/0x20 [ 15.455362] kasan_atomics_helper+0xe78/0x5450 [ 15.455386] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.455436] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.455487] ? kasan_atomics+0x152/0x310 [ 15.455515] kasan_atomics+0x1dc/0x310 [ 15.455539] ? __pfx_kasan_atomics+0x10/0x10 [ 15.455562] ? trace_hardirqs_on+0x37/0xe0 [ 15.455587] ? __pfx_read_tsc+0x10/0x10 [ 15.455608] ? ktime_get_ts64+0x86/0x230 [ 15.455633] kunit_try_run_case+0x1a5/0x480 [ 15.455658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.455684] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.455709] ? __kthread_parkme+0x82/0x180 [ 15.455731] ? preempt_count_sub+0x50/0x80 [ 15.455756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.455782] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.455807] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.455911] kthread+0x337/0x6f0 [ 15.455932] ? trace_preempt_on+0x20/0xc0 [ 15.455961] ? __pfx_kthread+0x10/0x10 [ 15.455983] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.456006] ? calculate_sigpending+0x7b/0xa0 [ 15.456042] ? __pfx_kthread+0x10/0x10 [ 15.456064] ret_from_fork+0x116/0x1d0 [ 15.456084] ? __pfx_kthread+0x10/0x10 [ 15.456106] ret_from_fork_asm+0x1a/0x30 [ 15.456139] </TASK> [ 15.456150] [ 15.465154] Allocated by task 282: [ 15.465292] kasan_save_stack+0x45/0x70 [ 15.465438] kasan_save_track+0x18/0x40 [ 15.465760] kasan_save_alloc_info+0x3b/0x50 [ 15.466493] __kasan_kmalloc+0xb7/0xc0 [ 15.466697] __kmalloc_cache_noprof+0x189/0x420 [ 15.467168] kasan_atomics+0x95/0x310 [ 15.467382] kunit_try_run_case+0x1a5/0x480 [ 15.467536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.467775] kthread+0x337/0x6f0 [ 15.468100] ret_from_fork+0x116/0x1d0 [ 15.468330] ret_from_fork_asm+0x1a/0x30 [ 15.468531] [ 15.468660] The buggy address belongs to the object at ffff8881027b3900 [ 15.468660] which belongs to the cache kmalloc-64 of size 64 [ 15.469270] The buggy address is located 0 bytes to the right of [ 15.469270] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.470252] [ 15.470335] The buggy address belongs to the physical page: [ 15.470588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.471196] flags: 0x200000000000000(node=0|zone=2) [ 15.471458] page_type: f5(slab) [ 15.471614] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.472106] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.472443] page dumped because: kasan: bad access detected [ 15.472709] [ 15.472848] Memory state around the buggy address: [ 15.473174] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.473514] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.473808] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.474121] ^ [ 15.474555] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.474871] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.475410] ================================================================== [ 15.709004] ================================================================== [ 15.709290] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 15.709605] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.710174] [ 15.710270] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.710362] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.710377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.710410] Call Trace: [ 15.710437] <TASK> [ 15.710453] dump_stack_lvl+0x73/0xb0 [ 15.710484] print_report+0xd1/0x650 [ 15.710507] ? __virt_addr_valid+0x1db/0x2d0 [ 15.710529] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.710552] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.710577] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.710600] kasan_report+0x141/0x180 [ 15.710623] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.710650] kasan_check_range+0x10c/0x1c0 [ 15.710675] __kasan_check_read+0x15/0x20 [ 15.710696] kasan_atomics_helper+0x13b5/0x5450 [ 15.710720] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.710744] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.710770] ? kasan_atomics+0x152/0x310 [ 15.710798] kasan_atomics+0x1dc/0x310 [ 15.710821] ? __pfx_kasan_atomics+0x10/0x10 [ 15.710846] ? trace_hardirqs_on+0x37/0xe0 [ 15.710870] ? __pfx_read_tsc+0x10/0x10 [ 15.710892] ? ktime_get_ts64+0x86/0x230 [ 15.710917] kunit_try_run_case+0x1a5/0x480 [ 15.710999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.711025] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.711065] ? __kthread_parkme+0x82/0x180 [ 15.711086] ? preempt_count_sub+0x50/0x80 [ 15.711110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.711170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.711197] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.711223] kthread+0x337/0x6f0 [ 15.711270] ? trace_preempt_on+0x20/0xc0 [ 15.711293] ? __pfx_kthread+0x10/0x10 [ 15.711315] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.711347] ? calculate_sigpending+0x7b/0xa0 [ 15.711372] ? __pfx_kthread+0x10/0x10 [ 15.711394] ret_from_fork+0x116/0x1d0 [ 15.711414] ? __pfx_kthread+0x10/0x10 [ 15.711435] ret_from_fork_asm+0x1a/0x30 [ 15.711466] </TASK> [ 15.711476] [ 15.720746] Allocated by task 282: [ 15.720929] kasan_save_stack+0x45/0x70 [ 15.721139] kasan_save_track+0x18/0x40 [ 15.721336] kasan_save_alloc_info+0x3b/0x50 [ 15.721753] __kasan_kmalloc+0xb7/0xc0 [ 15.721999] __kmalloc_cache_noprof+0x189/0x420 [ 15.722173] kasan_atomics+0x95/0x310 [ 15.722348] kunit_try_run_case+0x1a5/0x480 [ 15.722555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.722733] kthread+0x337/0x6f0 [ 15.722902] ret_from_fork+0x116/0x1d0 [ 15.723299] ret_from_fork_asm+0x1a/0x30 [ 15.723554] [ 15.723682] The buggy address belongs to the object at ffff8881027b3900 [ 15.723682] which belongs to the cache kmalloc-64 of size 64 [ 15.724310] The buggy address is located 0 bytes to the right of [ 15.724310] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.724699] [ 15.724796] The buggy address belongs to the physical page: [ 15.725160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.725524] flags: 0x200000000000000(node=0|zone=2) [ 15.725734] page_type: f5(slab) [ 15.725932] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.726248] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.726516] page dumped because: kasan: bad access detected [ 15.726765] [ 15.726863] Memory state around the buggy address: [ 15.727473] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.727697] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.728284] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.728613] ^ [ 15.728900] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.729294] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.729587] ================================================================== [ 15.916460] ================================================================== [ 15.916794] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 15.917111] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.917534] [ 15.917695] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.917738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.917751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.917772] Call Trace: [ 15.917788] <TASK> [ 15.917803] dump_stack_lvl+0x73/0xb0 [ 15.917832] print_report+0xd1/0x650 [ 15.917893] ? __virt_addr_valid+0x1db/0x2d0 [ 15.917918] ? kasan_atomics_helper+0x1818/0x5450 [ 15.917941] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.917966] ? kasan_atomics_helper+0x1818/0x5450 [ 15.917990] kasan_report+0x141/0x180 [ 15.918013] ? kasan_atomics_helper+0x1818/0x5450 [ 15.918053] kasan_check_range+0x10c/0x1c0 [ 15.918088] __kasan_check_write+0x18/0x20 [ 15.918109] kasan_atomics_helper+0x1818/0x5450 [ 15.918133] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.918157] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.918183] ? kasan_atomics+0x152/0x310 [ 15.918211] kasan_atomics+0x1dc/0x310 [ 15.918235] ? __pfx_kasan_atomics+0x10/0x10 [ 15.918259] ? trace_hardirqs_on+0x37/0xe0 [ 15.918283] ? __pfx_read_tsc+0x10/0x10 [ 15.918305] ? ktime_get_ts64+0x86/0x230 [ 15.918330] kunit_try_run_case+0x1a5/0x480 [ 15.918355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.918381] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.918406] ? __kthread_parkme+0x82/0x180 [ 15.918427] ? preempt_count_sub+0x50/0x80 [ 15.918451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.918477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.918504] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.918530] kthread+0x337/0x6f0 [ 15.918550] ? trace_preempt_on+0x20/0xc0 [ 15.918573] ? __pfx_kthread+0x10/0x10 [ 15.918595] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.918617] ? calculate_sigpending+0x7b/0xa0 [ 15.918643] ? __pfx_kthread+0x10/0x10 [ 15.918665] ret_from_fork+0x116/0x1d0 [ 15.918685] ? __pfx_kthread+0x10/0x10 [ 15.918706] ret_from_fork_asm+0x1a/0x30 [ 15.918738] </TASK> [ 15.918749] [ 15.926853] Allocated by task 282: [ 15.927090] kasan_save_stack+0x45/0x70 [ 15.927240] kasan_save_track+0x18/0x40 [ 15.927378] kasan_save_alloc_info+0x3b/0x50 [ 15.927529] __kasan_kmalloc+0xb7/0xc0 [ 15.927667] __kmalloc_cache_noprof+0x189/0x420 [ 15.927910] kasan_atomics+0x95/0x310 [ 15.928097] kunit_try_run_case+0x1a5/0x480 [ 15.928246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.928424] kthread+0x337/0x6f0 [ 15.928544] ret_from_fork+0x116/0x1d0 [ 15.928680] ret_from_fork_asm+0x1a/0x30 [ 15.928821] [ 15.928893] The buggy address belongs to the object at ffff8881027b3900 [ 15.928893] which belongs to the cache kmalloc-64 of size 64 [ 15.929332] The buggy address is located 0 bytes to the right of [ 15.929332] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.929702] [ 15.929775] The buggy address belongs to the physical page: [ 15.929947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.932571] flags: 0x200000000000000(node=0|zone=2) [ 15.932871] page_type: f5(slab) [ 15.933199] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.933521] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.933827] page dumped because: kasan: bad access detected [ 15.934250] [ 15.934334] Memory state around the buggy address: [ 15.934491] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.934811] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.935133] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.935394] ^ [ 15.935883] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.936307] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.936636] ================================================================== [ 15.240049] ================================================================== [ 15.240387] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 15.240717] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.241266] [ 15.241352] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.241393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.241405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.241426] Call Trace: [ 15.241441] <TASK> [ 15.241455] dump_stack_lvl+0x73/0xb0 [ 15.241484] print_report+0xd1/0x650 [ 15.241507] ? __virt_addr_valid+0x1db/0x2d0 [ 15.241530] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.241553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.241577] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.241600] kasan_report+0x141/0x180 [ 15.241623] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.241650] kasan_check_range+0x10c/0x1c0 [ 15.241675] __kasan_check_write+0x18/0x20 [ 15.241696] kasan_atomics_helper+0x8f9/0x5450 [ 15.241720] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.241744] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.241770] ? kasan_atomics+0x152/0x310 [ 15.241797] kasan_atomics+0x1dc/0x310 [ 15.241821] ? __pfx_kasan_atomics+0x10/0x10 [ 15.241844] ? trace_hardirqs_on+0x37/0xe0 [ 15.241868] ? __pfx_read_tsc+0x10/0x10 [ 15.241889] ? ktime_get_ts64+0x86/0x230 [ 15.241913] kunit_try_run_case+0x1a5/0x480 [ 15.241938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.241964] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.241989] ? __kthread_parkme+0x82/0x180 [ 15.242011] ? preempt_count_sub+0x50/0x80 [ 15.242049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.242074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.242100] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.242127] kthread+0x337/0x6f0 [ 15.242147] ? trace_preempt_on+0x20/0xc0 [ 15.242170] ? __pfx_kthread+0x10/0x10 [ 15.242192] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.242216] ? calculate_sigpending+0x7b/0xa0 [ 15.242241] ? __pfx_kthread+0x10/0x10 [ 15.242263] ret_from_fork+0x116/0x1d0 [ 15.242283] ? __pfx_kthread+0x10/0x10 [ 15.242304] ret_from_fork_asm+0x1a/0x30 [ 15.242335] </TASK> [ 15.242346] [ 15.250709] Allocated by task 282: [ 15.250844] kasan_save_stack+0x45/0x70 [ 15.251203] kasan_save_track+0x18/0x40 [ 15.251404] kasan_save_alloc_info+0x3b/0x50 [ 15.251621] __kasan_kmalloc+0xb7/0xc0 [ 15.251808] __kmalloc_cache_noprof+0x189/0x420 [ 15.252110] kasan_atomics+0x95/0x310 [ 15.252305] kunit_try_run_case+0x1a5/0x480 [ 15.252502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.252698] kthread+0x337/0x6f0 [ 15.252820] ret_from_fork+0x116/0x1d0 [ 15.252955] ret_from_fork_asm+0x1a/0x30 [ 15.253117] [ 15.253189] The buggy address belongs to the object at ffff8881027b3900 [ 15.253189] which belongs to the cache kmalloc-64 of size 64 [ 15.253541] The buggy address is located 0 bytes to the right of [ 15.253541] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.254744] [ 15.255383] The buggy address belongs to the physical page: [ 15.256171] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.257396] flags: 0x200000000000000(node=0|zone=2) [ 15.258375] page_type: f5(slab) [ 15.258897] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.260079] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.261252] page dumped because: kasan: bad access detected [ 15.261623] [ 15.261701] Memory state around the buggy address: [ 15.261859] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.262197] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.262659] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.263350] ^ [ 15.263520] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.263737] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.264439] ================================================================== [ 15.515625] ================================================================== [ 15.516060] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 15.516404] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.516684] [ 15.516865] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.516908] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.516928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.516949] Call Trace: [ 15.516964] <TASK> [ 15.516979] dump_stack_lvl+0x73/0xb0 [ 15.517009] print_report+0xd1/0x650 [ 15.517077] ? __virt_addr_valid+0x1db/0x2d0 [ 15.517102] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.517125] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.517151] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.517174] kasan_report+0x141/0x180 [ 15.517196] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.517224] __asan_report_load4_noabort+0x18/0x20 [ 15.517251] kasan_atomics_helper+0x4a36/0x5450 [ 15.517275] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.517298] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.517325] ? kasan_atomics+0x152/0x310 [ 15.517351] kasan_atomics+0x1dc/0x310 [ 15.517375] ? __pfx_kasan_atomics+0x10/0x10 [ 15.517399] ? trace_hardirqs_on+0x37/0xe0 [ 15.517422] ? __pfx_read_tsc+0x10/0x10 [ 15.517444] ? ktime_get_ts64+0x86/0x230 [ 15.517469] kunit_try_run_case+0x1a5/0x480 [ 15.517494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.517520] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.517545] ? __kthread_parkme+0x82/0x180 [ 15.517566] ? preempt_count_sub+0x50/0x80 [ 15.517591] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.517637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.517664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.517690] kthread+0x337/0x6f0 [ 15.517711] ? trace_preempt_on+0x20/0xc0 [ 15.517734] ? __pfx_kthread+0x10/0x10 [ 15.517755] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.517778] ? calculate_sigpending+0x7b/0xa0 [ 15.517859] ? __pfx_kthread+0x10/0x10 [ 15.517883] ret_from_fork+0x116/0x1d0 [ 15.517904] ? __pfx_kthread+0x10/0x10 [ 15.517945] ret_from_fork_asm+0x1a/0x30 [ 15.517979] </TASK> [ 15.517990] [ 15.525723] Allocated by task 282: [ 15.526087] kasan_save_stack+0x45/0x70 [ 15.526326] kasan_save_track+0x18/0x40 [ 15.526507] kasan_save_alloc_info+0x3b/0x50 [ 15.526723] __kasan_kmalloc+0xb7/0xc0 [ 15.527037] __kmalloc_cache_noprof+0x189/0x420 [ 15.527214] kasan_atomics+0x95/0x310 [ 15.527350] kunit_try_run_case+0x1a5/0x480 [ 15.527577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.527901] kthread+0x337/0x6f0 [ 15.528133] ret_from_fork+0x116/0x1d0 [ 15.528297] ret_from_fork_asm+0x1a/0x30 [ 15.528439] [ 15.528513] The buggy address belongs to the object at ffff8881027b3900 [ 15.528513] which belongs to the cache kmalloc-64 of size 64 [ 15.529152] The buggy address is located 0 bytes to the right of [ 15.529152] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.529673] [ 15.529746] The buggy address belongs to the physical page: [ 15.530110] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.530487] flags: 0x200000000000000(node=0|zone=2) [ 15.530708] page_type: f5(slab) [ 15.531053] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.531427] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.531761] page dumped because: kasan: bad access detected [ 15.532117] [ 15.532198] Memory state around the buggy address: [ 15.532357] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.532696] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.533134] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.533386] ^ [ 15.533605] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.533996] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.534298] ================================================================== [ 15.891180] ================================================================== [ 15.891471] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 15.891837] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.892168] [ 15.892257] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.892302] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.892315] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.892336] Call Trace: [ 15.892362] <TASK> [ 15.892380] dump_stack_lvl+0x73/0xb0 [ 15.892409] print_report+0xd1/0x650 [ 15.892432] ? __virt_addr_valid+0x1db/0x2d0 [ 15.892457] ? kasan_atomics_helper+0x177f/0x5450 [ 15.892480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.892505] ? kasan_atomics_helper+0x177f/0x5450 [ 15.892529] kasan_report+0x141/0x180 [ 15.892553] ? kasan_atomics_helper+0x177f/0x5450 [ 15.892580] kasan_check_range+0x10c/0x1c0 [ 15.892606] __kasan_check_write+0x18/0x20 [ 15.892627] kasan_atomics_helper+0x177f/0x5450 [ 15.892651] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.892674] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.892701] ? kasan_atomics+0x152/0x310 [ 15.892728] kasan_atomics+0x1dc/0x310 [ 15.892751] ? __pfx_kasan_atomics+0x10/0x10 [ 15.892776] ? trace_hardirqs_on+0x37/0xe0 [ 15.892800] ? __pfx_read_tsc+0x10/0x10 [ 15.892822] ? ktime_get_ts64+0x86/0x230 [ 15.892846] kunit_try_run_case+0x1a5/0x480 [ 15.892872] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.892899] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.892925] ? __kthread_parkme+0x82/0x180 [ 15.892948] ? preempt_count_sub+0x50/0x80 [ 15.892972] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.892997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.893024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.893061] kthread+0x337/0x6f0 [ 15.893106] ? trace_preempt_on+0x20/0xc0 [ 15.893130] ? __pfx_kthread+0x10/0x10 [ 15.893161] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.893184] ? calculate_sigpending+0x7b/0xa0 [ 15.893209] ? __pfx_kthread+0x10/0x10 [ 15.893231] ret_from_fork+0x116/0x1d0 [ 15.893251] ? __pfx_kthread+0x10/0x10 [ 15.893272] ret_from_fork_asm+0x1a/0x30 [ 15.893304] </TASK> [ 15.893315] [ 15.905324] Allocated by task 282: [ 15.905505] kasan_save_stack+0x45/0x70 [ 15.905807] kasan_save_track+0x18/0x40 [ 15.906241] kasan_save_alloc_info+0x3b/0x50 [ 15.906448] __kasan_kmalloc+0xb7/0xc0 [ 15.906623] __kmalloc_cache_noprof+0x189/0x420 [ 15.906833] kasan_atomics+0x95/0x310 [ 15.907370] kunit_try_run_case+0x1a5/0x480 [ 15.907659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.908406] kthread+0x337/0x6f0 [ 15.908588] ret_from_fork+0x116/0x1d0 [ 15.908934] ret_from_fork_asm+0x1a/0x30 [ 15.909357] [ 15.909568] The buggy address belongs to the object at ffff8881027b3900 [ 15.909568] which belongs to the cache kmalloc-64 of size 64 [ 15.910344] The buggy address is located 0 bytes to the right of [ 15.910344] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.911191] [ 15.911299] The buggy address belongs to the physical page: [ 15.911552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.911807] flags: 0x200000000000000(node=0|zone=2) [ 15.912127] page_type: f5(slab) [ 15.912388] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.913104] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.913692] page dumped because: kasan: bad access detected [ 15.914146] [ 15.914226] Memory state around the buggy address: [ 15.914385] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.914606] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.914879] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.915191] ^ [ 15.915410] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.915642] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.915973] ================================================================== [ 14.939062] ================================================================== [ 14.939648] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 14.940710] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 14.941448] [ 14.941561] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.941606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.941617] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.941638] Call Trace: [ 14.941652] <TASK> [ 14.941666] dump_stack_lvl+0x73/0xb0 [ 14.941697] print_report+0xd1/0x650 [ 14.941719] ? __virt_addr_valid+0x1db/0x2d0 [ 14.941744] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.941765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.941788] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.941977] kasan_report+0x141/0x180 [ 14.942001] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.942041] __asan_report_store4_noabort+0x1b/0x30 [ 14.942067] kasan_atomics_helper+0x4ba2/0x5450 [ 14.942090] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.942113] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.942138] ? kasan_atomics+0x152/0x310 [ 14.942164] kasan_atomics+0x1dc/0x310 [ 14.942187] ? __pfx_kasan_atomics+0x10/0x10 [ 14.942209] ? trace_hardirqs_on+0x37/0xe0 [ 14.942233] ? __pfx_read_tsc+0x10/0x10 [ 14.942253] ? ktime_get_ts64+0x86/0x230 [ 14.942277] kunit_try_run_case+0x1a5/0x480 [ 14.942301] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.942326] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.942351] ? __kthread_parkme+0x82/0x180 [ 14.942371] ? preempt_count_sub+0x50/0x80 [ 14.942395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.942419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.942443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.942468] kthread+0x337/0x6f0 [ 14.942487] ? trace_preempt_on+0x20/0xc0 [ 14.942509] ? __pfx_kthread+0x10/0x10 [ 14.942529] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.942551] ? calculate_sigpending+0x7b/0xa0 [ 14.942575] ? __pfx_kthread+0x10/0x10 [ 14.942596] ret_from_fork+0x116/0x1d0 [ 14.942614] ? __pfx_kthread+0x10/0x10 [ 14.942635] ret_from_fork_asm+0x1a/0x30 [ 14.942666] </TASK> [ 14.942675] [ 14.954002] Allocated by task 282: [ 14.954416] kasan_save_stack+0x45/0x70 [ 14.954718] kasan_save_track+0x18/0x40 [ 14.955082] kasan_save_alloc_info+0x3b/0x50 [ 14.955474] __kasan_kmalloc+0xb7/0xc0 [ 14.955671] __kmalloc_cache_noprof+0x189/0x420 [ 14.956114] kasan_atomics+0x95/0x310 [ 14.956365] kunit_try_run_case+0x1a5/0x480 [ 14.956612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.957118] kthread+0x337/0x6f0 [ 14.957385] ret_from_fork+0x116/0x1d0 [ 14.957532] ret_from_fork_asm+0x1a/0x30 [ 14.957888] [ 14.957982] The buggy address belongs to the object at ffff8881027b3900 [ 14.957982] which belongs to the cache kmalloc-64 of size 64 [ 14.958456] The buggy address is located 0 bytes to the right of [ 14.958456] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 14.959377] [ 14.959483] The buggy address belongs to the physical page: [ 14.959691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 14.960291] flags: 0x200000000000000(node=0|zone=2) [ 14.960731] page_type: f5(slab) [ 14.960987] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.961429] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.961802] page dumped because: kasan: bad access detected [ 14.962169] [ 14.962384] Memory state around the buggy address: [ 14.962607] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.963077] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.963456] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.963724] ^ [ 14.964195] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.964501] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.964796] ================================================================== [ 16.055705] ================================================================== [ 16.055958] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 16.056277] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.056762] [ 16.056850] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.056893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.056906] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.056927] Call Trace: [ 16.057002] <TASK> [ 16.057018] dump_stack_lvl+0x73/0xb0 [ 16.057074] print_report+0xd1/0x650 [ 16.057097] ? __virt_addr_valid+0x1db/0x2d0 [ 16.057132] ? kasan_atomics_helper+0x1c18/0x5450 [ 16.057155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.057179] ? kasan_atomics_helper+0x1c18/0x5450 [ 16.057203] kasan_report+0x141/0x180 [ 16.057234] ? kasan_atomics_helper+0x1c18/0x5450 [ 16.057262] kasan_check_range+0x10c/0x1c0 [ 16.057287] __kasan_check_write+0x18/0x20 [ 16.057318] kasan_atomics_helper+0x1c18/0x5450 [ 16.057342] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.057366] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.057393] ? kasan_atomics+0x152/0x310 [ 16.057420] kasan_atomics+0x1dc/0x310 [ 16.057443] ? __pfx_kasan_atomics+0x10/0x10 [ 16.057467] ? trace_hardirqs_on+0x37/0xe0 [ 16.057491] ? __pfx_read_tsc+0x10/0x10 [ 16.057522] ? ktime_get_ts64+0x86/0x230 [ 16.057547] kunit_try_run_case+0x1a5/0x480 [ 16.057572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.057608] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.057635] ? __kthread_parkme+0x82/0x180 [ 16.057657] ? preempt_count_sub+0x50/0x80 [ 16.057683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.057709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.057735] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.057762] kthread+0x337/0x6f0 [ 16.057781] ? trace_preempt_on+0x20/0xc0 [ 16.057851] ? __pfx_kthread+0x10/0x10 [ 16.057888] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.057911] ? calculate_sigpending+0x7b/0xa0 [ 16.057935] ? __pfx_kthread+0x10/0x10 [ 16.057959] ret_from_fork+0x116/0x1d0 [ 16.057978] ? __pfx_kthread+0x10/0x10 [ 16.058000] ret_from_fork_asm+0x1a/0x30 [ 16.058046] </TASK> [ 16.058058] [ 16.068974] Allocated by task 282: [ 16.069444] kasan_save_stack+0x45/0x70 [ 16.069633] kasan_save_track+0x18/0x40 [ 16.069854] kasan_save_alloc_info+0x3b/0x50 [ 16.070114] __kasan_kmalloc+0xb7/0xc0 [ 16.070305] __kmalloc_cache_noprof+0x189/0x420 [ 16.070516] kasan_atomics+0x95/0x310 [ 16.070692] kunit_try_run_case+0x1a5/0x480 [ 16.070913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.071727] kthread+0x337/0x6f0 [ 16.072052] ret_from_fork+0x116/0x1d0 [ 16.072315] ret_from_fork_asm+0x1a/0x30 [ 16.072603] [ 16.072683] The buggy address belongs to the object at ffff8881027b3900 [ 16.072683] which belongs to the cache kmalloc-64 of size 64 [ 16.073390] The buggy address is located 0 bytes to the right of [ 16.073390] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.074184] [ 16.074459] The buggy address belongs to the physical page: [ 16.074688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.075118] flags: 0x200000000000000(node=0|zone=2) [ 16.075330] page_type: f5(slab) [ 16.075488] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.075800] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.076437] page dumped because: kasan: bad access detected [ 16.076693] [ 16.076766] Memory state around the buggy address: [ 16.077011] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.077791] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.078285] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.078633] ^ [ 16.078979] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.079449] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.079775] ================================================================== [ 15.573041] ================================================================== [ 15.573327] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 15.573592] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.574201] [ 15.574318] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.574381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.574395] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.574416] Call Trace: [ 15.574432] <TASK> [ 15.574447] dump_stack_lvl+0x73/0xb0 [ 15.574477] print_report+0xd1/0x650 [ 15.574500] ? __virt_addr_valid+0x1db/0x2d0 [ 15.574523] ? kasan_atomics_helper+0x1148/0x5450 [ 15.574545] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.574586] ? kasan_atomics_helper+0x1148/0x5450 [ 15.574609] kasan_report+0x141/0x180 [ 15.574632] ? kasan_atomics_helper+0x1148/0x5450 [ 15.574660] kasan_check_range+0x10c/0x1c0 [ 15.574685] __kasan_check_write+0x18/0x20 [ 15.574707] kasan_atomics_helper+0x1148/0x5450 [ 15.574747] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.574771] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.574864] ? kasan_atomics+0x152/0x310 [ 15.574897] kasan_atomics+0x1dc/0x310 [ 15.574938] ? __pfx_kasan_atomics+0x10/0x10 [ 15.574963] ? trace_hardirqs_on+0x37/0xe0 [ 15.574987] ? __pfx_read_tsc+0x10/0x10 [ 15.575009] ? ktime_get_ts64+0x86/0x230 [ 15.575042] kunit_try_run_case+0x1a5/0x480 [ 15.575068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.575094] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.575141] ? __kthread_parkme+0x82/0x180 [ 15.575162] ? preempt_count_sub+0x50/0x80 [ 15.575186] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.575212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.575237] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.575264] kthread+0x337/0x6f0 [ 15.575284] ? trace_preempt_on+0x20/0xc0 [ 15.575307] ? __pfx_kthread+0x10/0x10 [ 15.575329] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.575352] ? calculate_sigpending+0x7b/0xa0 [ 15.575377] ? __pfx_kthread+0x10/0x10 [ 15.575399] ret_from_fork+0x116/0x1d0 [ 15.575419] ? __pfx_kthread+0x10/0x10 [ 15.575440] ret_from_fork_asm+0x1a/0x30 [ 15.575472] </TASK> [ 15.575482] [ 15.583567] Allocated by task 282: [ 15.583743] kasan_save_stack+0x45/0x70 [ 15.584069] kasan_save_track+0x18/0x40 [ 15.584216] kasan_save_alloc_info+0x3b/0x50 [ 15.584404] __kasan_kmalloc+0xb7/0xc0 [ 15.584587] __kmalloc_cache_noprof+0x189/0x420 [ 15.584813] kasan_atomics+0x95/0x310 [ 15.584977] kunit_try_run_case+0x1a5/0x480 [ 15.585184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.585364] kthread+0x337/0x6f0 [ 15.585526] ret_from_fork+0x116/0x1d0 [ 15.585721] ret_from_fork_asm+0x1a/0x30 [ 15.585914] [ 15.586001] The buggy address belongs to the object at ffff8881027b3900 [ 15.586001] which belongs to the cache kmalloc-64 of size 64 [ 15.586616] The buggy address is located 0 bytes to the right of [ 15.586616] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.587081] [ 15.587158] The buggy address belongs to the physical page: [ 15.587386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.587765] flags: 0x200000000000000(node=0|zone=2) [ 15.588099] page_type: f5(slab) [ 15.588274] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.588621] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.589067] page dumped because: kasan: bad access detected [ 15.589344] [ 15.589432] Memory state around the buggy address: [ 15.589656] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.590182] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.590481] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.590768] ^ [ 15.591088] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.591416] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.591714] ================================================================== [ 16.306533] ================================================================== [ 16.306791] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 16.307156] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.307463] [ 16.307653] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.307702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.307715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.307736] Call Trace: [ 16.307749] <TASK> [ 16.307763] dump_stack_lvl+0x73/0xb0 [ 16.307793] print_report+0xd1/0x650 [ 16.307864] ? __virt_addr_valid+0x1db/0x2d0 [ 16.307888] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.307912] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.307936] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.307972] kasan_report+0x141/0x180 [ 16.307995] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.308023] __asan_report_load8_noabort+0x18/0x20 [ 16.308062] kasan_atomics_helper+0x4fb2/0x5450 [ 16.308085] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.308110] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.308135] ? kasan_atomics+0x152/0x310 [ 16.308163] kasan_atomics+0x1dc/0x310 [ 16.308187] ? __pfx_kasan_atomics+0x10/0x10 [ 16.308211] ? trace_hardirqs_on+0x37/0xe0 [ 16.308235] ? __pfx_read_tsc+0x10/0x10 [ 16.308256] ? ktime_get_ts64+0x86/0x230 [ 16.308281] kunit_try_run_case+0x1a5/0x480 [ 16.308307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.308333] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.308359] ? __kthread_parkme+0x82/0x180 [ 16.308380] ? preempt_count_sub+0x50/0x80 [ 16.308405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.308431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.308457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.308484] kthread+0x337/0x6f0 [ 16.308503] ? trace_preempt_on+0x20/0xc0 [ 16.308526] ? __pfx_kthread+0x10/0x10 [ 16.308548] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.308571] ? calculate_sigpending+0x7b/0xa0 [ 16.308597] ? __pfx_kthread+0x10/0x10 [ 16.308620] ret_from_fork+0x116/0x1d0 [ 16.308640] ? __pfx_kthread+0x10/0x10 [ 16.308662] ret_from_fork_asm+0x1a/0x30 [ 16.308694] </TASK> [ 16.308706] [ 16.316632] Allocated by task 282: [ 16.316781] kasan_save_stack+0x45/0x70 [ 16.317092] kasan_save_track+0x18/0x40 [ 16.317278] kasan_save_alloc_info+0x3b/0x50 [ 16.317493] __kasan_kmalloc+0xb7/0xc0 [ 16.317662] __kmalloc_cache_noprof+0x189/0x420 [ 16.317930] kasan_atomics+0x95/0x310 [ 16.318446] kunit_try_run_case+0x1a5/0x480 [ 16.318648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.318918] kthread+0x337/0x6f0 [ 16.319110] ret_from_fork+0x116/0x1d0 [ 16.319316] ret_from_fork_asm+0x1a/0x30 [ 16.319492] [ 16.319573] The buggy address belongs to the object at ffff8881027b3900 [ 16.319573] which belongs to the cache kmalloc-64 of size 64 [ 16.320003] The buggy address is located 0 bytes to the right of [ 16.320003] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.320579] [ 16.320654] The buggy address belongs to the physical page: [ 16.321159] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.321524] flags: 0x200000000000000(node=0|zone=2) [ 16.321746] page_type: f5(slab) [ 16.321867] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.322113] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.322616] page dumped because: kasan: bad access detected [ 16.322940] [ 16.323010] Memory state around the buggy address: [ 16.323176] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.323392] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.323604] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.324287] ^ [ 16.324518] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.324841] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.325181] ================================================================== [ 16.344408] ================================================================== [ 16.344698] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 16.345106] Read of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.345333] [ 16.345417] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.345458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.345470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.345490] Call Trace: [ 16.345505] <TASK> [ 16.345520] dump_stack_lvl+0x73/0xb0 [ 16.345550] print_report+0xd1/0x650 [ 16.345573] ? __virt_addr_valid+0x1db/0x2d0 [ 16.345596] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.345619] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.345643] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.345666] kasan_report+0x141/0x180 [ 16.345690] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.345718] __asan_report_load8_noabort+0x18/0x20 [ 16.345745] kasan_atomics_helper+0x4fa5/0x5450 [ 16.345769] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.345793] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.345862] ? kasan_atomics+0x152/0x310 [ 16.345891] kasan_atomics+0x1dc/0x310 [ 16.345916] ? __pfx_kasan_atomics+0x10/0x10 [ 16.345940] ? trace_hardirqs_on+0x37/0xe0 [ 16.345964] ? __pfx_read_tsc+0x10/0x10 [ 16.345987] ? ktime_get_ts64+0x86/0x230 [ 16.346011] kunit_try_run_case+0x1a5/0x480 [ 16.346051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.346077] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.346104] ? __kthread_parkme+0x82/0x180 [ 16.346125] ? preempt_count_sub+0x50/0x80 [ 16.346150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.346176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.346202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.346228] kthread+0x337/0x6f0 [ 16.346248] ? trace_preempt_on+0x20/0xc0 [ 16.346271] ? __pfx_kthread+0x10/0x10 [ 16.346293] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.346315] ? calculate_sigpending+0x7b/0xa0 [ 16.346341] ? __pfx_kthread+0x10/0x10 [ 16.346363] ret_from_fork+0x116/0x1d0 [ 16.346383] ? __pfx_kthread+0x10/0x10 [ 16.346404] ret_from_fork_asm+0x1a/0x30 [ 16.346435] </TASK> [ 16.346447] [ 16.354391] Allocated by task 282: [ 16.354560] kasan_save_stack+0x45/0x70 [ 16.354745] kasan_save_track+0x18/0x40 [ 16.354911] kasan_save_alloc_info+0x3b/0x50 [ 16.355139] __kasan_kmalloc+0xb7/0xc0 [ 16.355279] __kmalloc_cache_noprof+0x189/0x420 [ 16.355503] kasan_atomics+0x95/0x310 [ 16.355691] kunit_try_run_case+0x1a5/0x480 [ 16.355976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.356176] kthread+0x337/0x6f0 [ 16.356346] ret_from_fork+0x116/0x1d0 [ 16.356535] ret_from_fork_asm+0x1a/0x30 [ 16.356735] [ 16.356813] The buggy address belongs to the object at ffff8881027b3900 [ 16.356813] which belongs to the cache kmalloc-64 of size 64 [ 16.357258] The buggy address is located 0 bytes to the right of [ 16.357258] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.357625] [ 16.357697] The buggy address belongs to the physical page: [ 16.357869] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.358289] flags: 0x200000000000000(node=0|zone=2) [ 16.358518] page_type: f5(slab) [ 16.358682] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.359009] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.359409] page dumped because: kasan: bad access detected [ 16.359579] [ 16.359648] Memory state around the buggy address: [ 16.359802] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.360022] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.360534] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.360956] ^ [ 16.361206] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.361537] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.361947] ================================================================== [ 15.432109] ================================================================== [ 15.432625] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 15.433047] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.433342] [ 15.433452] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.433493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.433505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.433526] Call Trace: [ 15.433541] <TASK> [ 15.433556] dump_stack_lvl+0x73/0xb0 [ 15.433585] print_report+0xd1/0x650 [ 15.433608] ? __virt_addr_valid+0x1db/0x2d0 [ 15.433631] ? kasan_atomics_helper+0xde0/0x5450 [ 15.433654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.433701] ? kasan_atomics_helper+0xde0/0x5450 [ 15.433726] kasan_report+0x141/0x180 [ 15.433749] ? kasan_atomics_helper+0xde0/0x5450 [ 15.433776] kasan_check_range+0x10c/0x1c0 [ 15.433801] __kasan_check_write+0x18/0x20 [ 15.433822] kasan_atomics_helper+0xde0/0x5450 [ 15.433846] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.433870] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.433896] ? kasan_atomics+0x152/0x310 [ 15.433923] kasan_atomics+0x1dc/0x310 [ 15.434005] ? __pfx_kasan_atomics+0x10/0x10 [ 15.434041] ? trace_hardirqs_on+0x37/0xe0 [ 15.434067] ? __pfx_read_tsc+0x10/0x10 [ 15.434090] ? ktime_get_ts64+0x86/0x230 [ 15.434115] kunit_try_run_case+0x1a5/0x480 [ 15.434140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.434166] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.434192] ? __kthread_parkme+0x82/0x180 [ 15.434214] ? preempt_count_sub+0x50/0x80 [ 15.434238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.434264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.434291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.434318] kthread+0x337/0x6f0 [ 15.434338] ? trace_preempt_on+0x20/0xc0 [ 15.434362] ? __pfx_kthread+0x10/0x10 [ 15.434401] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.434424] ? calculate_sigpending+0x7b/0xa0 [ 15.434449] ? __pfx_kthread+0x10/0x10 [ 15.434472] ret_from_fork+0x116/0x1d0 [ 15.434492] ? __pfx_kthread+0x10/0x10 [ 15.434514] ret_from_fork_asm+0x1a/0x30 [ 15.434545] </TASK> [ 15.434556] [ 15.442714] Allocated by task 282: [ 15.443184] kasan_save_stack+0x45/0x70 [ 15.443380] kasan_save_track+0x18/0x40 [ 15.443600] kasan_save_alloc_info+0x3b/0x50 [ 15.443804] __kasan_kmalloc+0xb7/0xc0 [ 15.444287] __kmalloc_cache_noprof+0x189/0x420 [ 15.444493] kasan_atomics+0x95/0x310 [ 15.444690] kunit_try_run_case+0x1a5/0x480 [ 15.445074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.445393] kthread+0x337/0x6f0 [ 15.445564] ret_from_fork+0x116/0x1d0 [ 15.445771] ret_from_fork_asm+0x1a/0x30 [ 15.446068] [ 15.446210] The buggy address belongs to the object at ffff8881027b3900 [ 15.446210] which belongs to the cache kmalloc-64 of size 64 [ 15.446744] The buggy address is located 0 bytes to the right of [ 15.446744] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.447413] [ 15.447516] The buggy address belongs to the physical page: [ 15.447707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.448294] flags: 0x200000000000000(node=0|zone=2) [ 15.448464] page_type: f5(slab) [ 15.448642] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.449229] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.449705] page dumped because: kasan: bad access detected [ 15.449914] [ 15.450059] Memory state around the buggy address: [ 15.450536] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.450813] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.451235] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.451628] ^ [ 15.451878] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.452286] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.452732] ================================================================== [ 15.534779] ================================================================== [ 15.535161] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 15.535540] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.535855] [ 15.536020] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.536074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.536086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.536107] Call Trace: [ 15.536123] <TASK> [ 15.536138] dump_stack_lvl+0x73/0xb0 [ 15.536167] print_report+0xd1/0x650 [ 15.536190] ? __virt_addr_valid+0x1db/0x2d0 [ 15.536214] ? kasan_atomics_helper+0x1079/0x5450 [ 15.536237] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.536262] ? kasan_atomics_helper+0x1079/0x5450 [ 15.536285] kasan_report+0x141/0x180 [ 15.536308] ? kasan_atomics_helper+0x1079/0x5450 [ 15.536336] kasan_check_range+0x10c/0x1c0 [ 15.536361] __kasan_check_write+0x18/0x20 [ 15.536382] kasan_atomics_helper+0x1079/0x5450 [ 15.536406] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.536430] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.536456] ? kasan_atomics+0x152/0x310 [ 15.536484] kasan_atomics+0x1dc/0x310 [ 15.536507] ? __pfx_kasan_atomics+0x10/0x10 [ 15.536530] ? trace_hardirqs_on+0x37/0xe0 [ 15.536576] ? __pfx_read_tsc+0x10/0x10 [ 15.536597] ? ktime_get_ts64+0x86/0x230 [ 15.536622] kunit_try_run_case+0x1a5/0x480 [ 15.536647] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.536673] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.536700] ? __kthread_parkme+0x82/0x180 [ 15.536720] ? preempt_count_sub+0x50/0x80 [ 15.536745] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.536770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.536860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.536891] kthread+0x337/0x6f0 [ 15.536912] ? trace_preempt_on+0x20/0xc0 [ 15.536934] ? __pfx_kthread+0x10/0x10 [ 15.536963] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.536985] ? calculate_sigpending+0x7b/0xa0 [ 15.537010] ? __pfx_kthread+0x10/0x10 [ 15.537041] ret_from_fork+0x116/0x1d0 [ 15.537060] ? __pfx_kthread+0x10/0x10 [ 15.537082] ret_from_fork_asm+0x1a/0x30 [ 15.537114] </TASK> [ 15.537124] [ 15.545370] Allocated by task 282: [ 15.545573] kasan_save_stack+0x45/0x70 [ 15.545790] kasan_save_track+0x18/0x40 [ 15.546099] kasan_save_alloc_info+0x3b/0x50 [ 15.546289] __kasan_kmalloc+0xb7/0xc0 [ 15.546442] __kmalloc_cache_noprof+0x189/0x420 [ 15.546691] kasan_atomics+0x95/0x310 [ 15.546921] kunit_try_run_case+0x1a5/0x480 [ 15.547190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.547442] kthread+0x337/0x6f0 [ 15.547575] ret_from_fork+0x116/0x1d0 [ 15.547707] ret_from_fork_asm+0x1a/0x30 [ 15.547855] [ 15.548041] The buggy address belongs to the object at ffff8881027b3900 [ 15.548041] which belongs to the cache kmalloc-64 of size 64 [ 15.548576] The buggy address is located 0 bytes to the right of [ 15.548576] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.549223] [ 15.549317] The buggy address belongs to the physical page: [ 15.549490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.549967] flags: 0x200000000000000(node=0|zone=2) [ 15.550232] page_type: f5(slab) [ 15.550400] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.550739] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.551053] page dumped because: kasan: bad access detected [ 15.551291] [ 15.551382] Memory state around the buggy address: [ 15.551576] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.551871] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.552297] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.552520] ^ [ 15.552679] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.553008] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.553331] ================================================================== [ 15.222073] ================================================================== [ 15.222419] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 15.222705] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.223171] [ 15.223283] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.223328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.223340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.223361] Call Trace: [ 15.223375] <TASK> [ 15.223392] dump_stack_lvl+0x73/0xb0 [ 15.223421] print_report+0xd1/0x650 [ 15.223444] ? __virt_addr_valid+0x1db/0x2d0 [ 15.223467] ? kasan_atomics_helper+0x860/0x5450 [ 15.223490] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.223515] ? kasan_atomics_helper+0x860/0x5450 [ 15.223538] kasan_report+0x141/0x180 [ 15.223561] ? kasan_atomics_helper+0x860/0x5450 [ 15.223589] kasan_check_range+0x10c/0x1c0 [ 15.223614] __kasan_check_write+0x18/0x20 [ 15.223634] kasan_atomics_helper+0x860/0x5450 [ 15.223658] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.223682] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.223709] ? kasan_atomics+0x152/0x310 [ 15.223736] kasan_atomics+0x1dc/0x310 [ 15.223760] ? __pfx_kasan_atomics+0x10/0x10 [ 15.223784] ? trace_hardirqs_on+0x37/0xe0 [ 15.223848] ? __pfx_read_tsc+0x10/0x10 [ 15.223873] ? ktime_get_ts64+0x86/0x230 [ 15.223897] kunit_try_run_case+0x1a5/0x480 [ 15.223923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.223965] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.223993] ? __kthread_parkme+0x82/0x180 [ 15.224015] ? preempt_count_sub+0x50/0x80 [ 15.224050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.224076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.224102] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.224129] kthread+0x337/0x6f0 [ 15.224149] ? trace_preempt_on+0x20/0xc0 [ 15.224172] ? __pfx_kthread+0x10/0x10 [ 15.224194] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.224217] ? calculate_sigpending+0x7b/0xa0 [ 15.224242] ? __pfx_kthread+0x10/0x10 [ 15.224264] ret_from_fork+0x116/0x1d0 [ 15.224283] ? __pfx_kthread+0x10/0x10 [ 15.224305] ret_from_fork_asm+0x1a/0x30 [ 15.224337] </TASK> [ 15.224348] [ 15.231753] Allocated by task 282: [ 15.231932] kasan_save_stack+0x45/0x70 [ 15.232151] kasan_save_track+0x18/0x40 [ 15.232336] kasan_save_alloc_info+0x3b/0x50 [ 15.232524] __kasan_kmalloc+0xb7/0xc0 [ 15.232693] __kmalloc_cache_noprof+0x189/0x420 [ 15.232948] kasan_atomics+0x95/0x310 [ 15.233130] kunit_try_run_case+0x1a5/0x480 [ 15.233324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.233527] kthread+0x337/0x6f0 [ 15.233649] ret_from_fork+0x116/0x1d0 [ 15.233782] ret_from_fork_asm+0x1a/0x30 [ 15.233923] [ 15.234020] The buggy address belongs to the object at ffff8881027b3900 [ 15.234020] which belongs to the cache kmalloc-64 of size 64 [ 15.234850] The buggy address is located 0 bytes to the right of [ 15.234850] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.235595] [ 15.235675] The buggy address belongs to the physical page: [ 15.236081] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.236464] flags: 0x200000000000000(node=0|zone=2) [ 15.236668] page_type: f5(slab) [ 15.236834] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.237155] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.237471] page dumped because: kasan: bad access detected [ 15.237684] [ 15.237785] Memory state around the buggy address: [ 15.237981] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.238270] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.238485] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.238696] ^ [ 15.238849] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.239133] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.239449] ================================================================== [ 15.838014] ================================================================== [ 15.838323] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 15.838658] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.839301] [ 15.839512] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.839553] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.839566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.839587] Call Trace: [ 15.839602] <TASK> [ 15.839616] dump_stack_lvl+0x73/0xb0 [ 15.839646] print_report+0xd1/0x650 [ 15.839668] ? __virt_addr_valid+0x1db/0x2d0 [ 15.839692] ? kasan_atomics_helper+0x164f/0x5450 [ 15.839714] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.839738] ? kasan_atomics_helper+0x164f/0x5450 [ 15.839761] kasan_report+0x141/0x180 [ 15.839784] ? kasan_atomics_helper+0x164f/0x5450 [ 15.839811] kasan_check_range+0x10c/0x1c0 [ 15.839836] __kasan_check_write+0x18/0x20 [ 15.839857] kasan_atomics_helper+0x164f/0x5450 [ 15.839880] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.839904] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.839930] ? kasan_atomics+0x152/0x310 [ 15.839962] kasan_atomics+0x1dc/0x310 [ 15.839986] ? __pfx_kasan_atomics+0x10/0x10 [ 15.840009] ? trace_hardirqs_on+0x37/0xe0 [ 15.840044] ? __pfx_read_tsc+0x10/0x10 [ 15.840066] ? ktime_get_ts64+0x86/0x230 [ 15.840090] kunit_try_run_case+0x1a5/0x480 [ 15.840115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.840141] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.840166] ? __kthread_parkme+0x82/0x180 [ 15.840187] ? preempt_count_sub+0x50/0x80 [ 15.840211] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.840237] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.840262] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.840289] kthread+0x337/0x6f0 [ 15.840309] ? trace_preempt_on+0x20/0xc0 [ 15.840331] ? __pfx_kthread+0x10/0x10 [ 15.840353] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.840376] ? calculate_sigpending+0x7b/0xa0 [ 15.840401] ? __pfx_kthread+0x10/0x10 [ 15.840424] ret_from_fork+0x116/0x1d0 [ 15.840444] ? __pfx_kthread+0x10/0x10 [ 15.840465] ret_from_fork_asm+0x1a/0x30 [ 15.840496] </TASK> [ 15.840507] [ 15.849230] Allocated by task 282: [ 15.849357] kasan_save_stack+0x45/0x70 [ 15.849500] kasan_save_track+0x18/0x40 [ 15.849689] kasan_save_alloc_info+0x3b/0x50 [ 15.849897] __kasan_kmalloc+0xb7/0xc0 [ 15.850091] __kmalloc_cache_noprof+0x189/0x420 [ 15.850402] kasan_atomics+0x95/0x310 [ 15.850604] kunit_try_run_case+0x1a5/0x480 [ 15.850908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.851179] kthread+0x337/0x6f0 [ 15.851391] ret_from_fork+0x116/0x1d0 [ 15.851576] ret_from_fork_asm+0x1a/0x30 [ 15.851718] [ 15.851789] The buggy address belongs to the object at ffff8881027b3900 [ 15.851789] which belongs to the cache kmalloc-64 of size 64 [ 15.852496] The buggy address is located 0 bytes to the right of [ 15.852496] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.853134] [ 15.853245] The buggy address belongs to the physical page: [ 15.853507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.853754] flags: 0x200000000000000(node=0|zone=2) [ 15.853915] page_type: f5(slab) [ 15.854092] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.854465] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.854940] page dumped because: kasan: bad access detected [ 15.855218] [ 15.855287] Memory state around the buggy address: [ 15.855440] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.855659] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.856082] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.857488] ^ [ 15.858007] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.858520] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.858747] ================================================================== [ 15.026399] ================================================================== [ 15.026711] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 15.027222] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.027545] [ 15.027652] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.027695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.027708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.027730] Call Trace: [ 15.027782] <TASK> [ 15.027865] dump_stack_lvl+0x73/0xb0 [ 15.027937] print_report+0xd1/0x650 [ 15.027982] ? __virt_addr_valid+0x1db/0x2d0 [ 15.028006] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.028038] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.028096] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.028119] kasan_report+0x141/0x180 [ 15.028143] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.028170] __asan_report_load4_noabort+0x18/0x20 [ 15.028222] kasan_atomics_helper+0x4b54/0x5450 [ 15.028247] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.028271] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.028297] ? kasan_atomics+0x152/0x310 [ 15.028325] kasan_atomics+0x1dc/0x310 [ 15.028348] ? __pfx_kasan_atomics+0x10/0x10 [ 15.028372] ? trace_hardirqs_on+0x37/0xe0 [ 15.028397] ? __pfx_read_tsc+0x10/0x10 [ 15.028418] ? ktime_get_ts64+0x86/0x230 [ 15.028470] kunit_try_run_case+0x1a5/0x480 [ 15.028519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.028545] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.028571] ? __kthread_parkme+0x82/0x180 [ 15.028593] ? preempt_count_sub+0x50/0x80 [ 15.028617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.028643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.028669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.028695] kthread+0x337/0x6f0 [ 15.028715] ? trace_preempt_on+0x20/0xc0 [ 15.028738] ? __pfx_kthread+0x10/0x10 [ 15.028759] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.028782] ? calculate_sigpending+0x7b/0xa0 [ 15.028872] ? __pfx_kthread+0x10/0x10 [ 15.028896] ret_from_fork+0x116/0x1d0 [ 15.028917] ? __pfx_kthread+0x10/0x10 [ 15.028939] ret_from_fork_asm+0x1a/0x30 [ 15.028987] </TASK> [ 15.028998] [ 15.038149] Allocated by task 282: [ 15.038336] kasan_save_stack+0x45/0x70 [ 15.038567] kasan_save_track+0x18/0x40 [ 15.038776] kasan_save_alloc_info+0x3b/0x50 [ 15.039143] __kasan_kmalloc+0xb7/0xc0 [ 15.039338] __kmalloc_cache_noprof+0x189/0x420 [ 15.039515] kasan_atomics+0x95/0x310 [ 15.039695] kunit_try_run_case+0x1a5/0x480 [ 15.040038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.040335] kthread+0x337/0x6f0 [ 15.040518] ret_from_fork+0x116/0x1d0 [ 15.040722] ret_from_fork_asm+0x1a/0x30 [ 15.041052] [ 15.041182] The buggy address belongs to the object at ffff8881027b3900 [ 15.041182] which belongs to the cache kmalloc-64 of size 64 [ 15.041684] The buggy address is located 0 bytes to the right of [ 15.041684] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.042468] [ 15.042604] The buggy address belongs to the physical page: [ 15.042986] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.043377] flags: 0x200000000000000(node=0|zone=2) [ 15.043606] page_type: f5(slab) [ 15.043861] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.044276] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.044609] page dumped because: kasan: bad access detected [ 15.044886] [ 15.044975] Memory state around the buggy address: [ 15.045174] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.045506] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.045779] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.046214] ^ [ 15.046376] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.046691] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.047185] ================================================================== [ 15.265333] ================================================================== [ 15.266065] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 15.266729] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.267196] [ 15.267287] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.267330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.267342] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.267363] Call Trace: [ 15.267378] <TASK> [ 15.267393] dump_stack_lvl+0x73/0xb0 [ 15.267423] print_report+0xd1/0x650 [ 15.267447] ? __virt_addr_valid+0x1db/0x2d0 [ 15.267470] ? kasan_atomics_helper+0x992/0x5450 [ 15.267492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.267517] ? kasan_atomics_helper+0x992/0x5450 [ 15.267540] kasan_report+0x141/0x180 [ 15.267563] ? kasan_atomics_helper+0x992/0x5450 [ 15.267591] kasan_check_range+0x10c/0x1c0 [ 15.267615] __kasan_check_write+0x18/0x20 [ 15.267636] kasan_atomics_helper+0x992/0x5450 [ 15.267660] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.267684] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.267710] ? kasan_atomics+0x152/0x310 [ 15.267737] kasan_atomics+0x1dc/0x310 [ 15.267761] ? __pfx_kasan_atomics+0x10/0x10 [ 15.267785] ? trace_hardirqs_on+0x37/0xe0 [ 15.267878] ? __pfx_read_tsc+0x10/0x10 [ 15.267902] ? ktime_get_ts64+0x86/0x230 [ 15.267952] kunit_try_run_case+0x1a5/0x480 [ 15.267986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.268012] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.268054] ? __kthread_parkme+0x82/0x180 [ 15.268077] ? preempt_count_sub+0x50/0x80 [ 15.268101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.268128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.268154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.268180] kthread+0x337/0x6f0 [ 15.268200] ? trace_preempt_on+0x20/0xc0 [ 15.268222] ? __pfx_kthread+0x10/0x10 [ 15.268244] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.268266] ? calculate_sigpending+0x7b/0xa0 [ 15.268291] ? __pfx_kthread+0x10/0x10 [ 15.268314] ret_from_fork+0x116/0x1d0 [ 15.268333] ? __pfx_kthread+0x10/0x10 [ 15.268355] ret_from_fork_asm+0x1a/0x30 [ 15.268386] </TASK> [ 15.268397] [ 15.283374] Allocated by task 282: [ 15.283710] kasan_save_stack+0x45/0x70 [ 15.284214] kasan_save_track+0x18/0x40 [ 15.284623] kasan_save_alloc_info+0x3b/0x50 [ 15.285075] __kasan_kmalloc+0xb7/0xc0 [ 15.285511] __kmalloc_cache_noprof+0x189/0x420 [ 15.286126] kasan_atomics+0x95/0x310 [ 15.286419] kunit_try_run_case+0x1a5/0x480 [ 15.286666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.286856] kthread+0x337/0x6f0 [ 15.287255] ret_from_fork+0x116/0x1d0 [ 15.287640] ret_from_fork_asm+0x1a/0x30 [ 15.288115] [ 15.288300] The buggy address belongs to the object at ffff8881027b3900 [ 15.288300] which belongs to the cache kmalloc-64 of size 64 [ 15.289322] The buggy address is located 0 bytes to the right of [ 15.289322] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.289696] [ 15.289770] The buggy address belongs to the physical page: [ 15.289981] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.290586] flags: 0x200000000000000(node=0|zone=2) [ 15.291218] page_type: f5(slab) [ 15.291449] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.291686] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.291984] page dumped because: kasan: bad access detected [ 15.292251] [ 15.292348] Memory state around the buggy address: [ 15.292579] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.292914] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.293261] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.293618] ^ [ 15.293808] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.294217] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.294513] ================================================================== [ 14.965609] ================================================================== [ 14.966113] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 14.966690] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 14.967224] [ 14.967324] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.967367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.967378] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.967399] Call Trace: [ 14.967413] <TASK> [ 14.967427] dump_stack_lvl+0x73/0xb0 [ 14.967456] print_report+0xd1/0x650 [ 14.967477] ? __virt_addr_valid+0x1db/0x2d0 [ 14.967499] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.967521] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.967544] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.967565] kasan_report+0x141/0x180 [ 14.967587] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.967614] __asan_report_load4_noabort+0x18/0x20 [ 14.967639] kasan_atomics_helper+0x4b88/0x5450 [ 14.967661] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.967684] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.967709] ? kasan_atomics+0x152/0x310 [ 14.967906] kasan_atomics+0x1dc/0x310 [ 14.967953] ? __pfx_kasan_atomics+0x10/0x10 [ 14.967999] ? trace_hardirqs_on+0x37/0xe0 [ 14.968024] ? __pfx_read_tsc+0x10/0x10 [ 14.968058] ? ktime_get_ts64+0x86/0x230 [ 14.968083] kunit_try_run_case+0x1a5/0x480 [ 14.968109] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.968135] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.968162] ? __kthread_parkme+0x82/0x180 [ 14.968183] ? preempt_count_sub+0x50/0x80 [ 14.968207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.968233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.968258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.968285] kthread+0x337/0x6f0 [ 14.968305] ? trace_preempt_on+0x20/0xc0 [ 14.968330] ? __pfx_kthread+0x10/0x10 [ 14.968352] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.968375] ? calculate_sigpending+0x7b/0xa0 [ 14.968400] ? __pfx_kthread+0x10/0x10 [ 14.968424] ret_from_fork+0x116/0x1d0 [ 14.968443] ? __pfx_kthread+0x10/0x10 [ 14.968465] ret_from_fork_asm+0x1a/0x30 [ 14.968498] </TASK> [ 14.968509] [ 14.976661] Allocated by task 282: [ 14.976798] kasan_save_stack+0x45/0x70 [ 14.976945] kasan_save_track+0x18/0x40 [ 14.977091] kasan_save_alloc_info+0x3b/0x50 [ 14.977344] __kasan_kmalloc+0xb7/0xc0 [ 14.977527] __kmalloc_cache_noprof+0x189/0x420 [ 14.977957] kasan_atomics+0x95/0x310 [ 14.978183] kunit_try_run_case+0x1a5/0x480 [ 14.978378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.978649] kthread+0x337/0x6f0 [ 14.978786] ret_from_fork+0x116/0x1d0 [ 14.979117] ret_from_fork_asm+0x1a/0x30 [ 14.979311] [ 14.979385] The buggy address belongs to the object at ffff8881027b3900 [ 14.979385] which belongs to the cache kmalloc-64 of size 64 [ 14.979980] The buggy address is located 0 bytes to the right of [ 14.979980] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 14.980467] [ 14.980542] The buggy address belongs to the physical page: [ 14.980715] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 14.981116] flags: 0x200000000000000(node=0|zone=2) [ 14.981357] page_type: f5(slab) [ 14.981585] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.982223] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.982556] page dumped because: kasan: bad access detected [ 14.982791] [ 14.982867] Memory state around the buggy address: [ 14.983041] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.983576] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.983900] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.984131] ^ [ 14.984337] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.984648] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.985170] ================================================================== [ 14.985533] ================================================================== [ 14.986044] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 14.986493] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 14.986762] [ 14.986867] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.986909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.986922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.987006] Call Trace: [ 14.987022] <TASK> [ 14.987049] dump_stack_lvl+0x73/0xb0 [ 14.987079] print_report+0xd1/0x650 [ 14.987103] ? __virt_addr_valid+0x1db/0x2d0 [ 14.987126] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.987149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.987173] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.987196] kasan_report+0x141/0x180 [ 14.987219] ? kasan_atomics_helper+0x4b6e/0x5450 [ 14.987247] __asan_report_store4_noabort+0x1b/0x30 [ 14.987273] kasan_atomics_helper+0x4b6e/0x5450 [ 14.987298] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.987321] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.987347] ? kasan_atomics+0x152/0x310 [ 14.987375] kasan_atomics+0x1dc/0x310 [ 14.987422] ? __pfx_kasan_atomics+0x10/0x10 [ 14.987446] ? trace_hardirqs_on+0x37/0xe0 [ 14.987470] ? __pfx_read_tsc+0x10/0x10 [ 14.987491] ? ktime_get_ts64+0x86/0x230 [ 14.987516] kunit_try_run_case+0x1a5/0x480 [ 14.987540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.987566] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.987592] ? __kthread_parkme+0x82/0x180 [ 14.987613] ? preempt_count_sub+0x50/0x80 [ 14.987637] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.987663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.987689] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.987715] kthread+0x337/0x6f0 [ 14.987734] ? trace_preempt_on+0x20/0xc0 [ 14.987757] ? __pfx_kthread+0x10/0x10 [ 14.987779] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.987801] ? calculate_sigpending+0x7b/0xa0 [ 14.987826] ? __pfx_kthread+0x10/0x10 [ 14.987850] ret_from_fork+0x116/0x1d0 [ 14.987869] ? __pfx_kthread+0x10/0x10 [ 14.987910] ret_from_fork_asm+0x1a/0x30 [ 14.987942] </TASK> [ 14.987958] [ 14.996213] Allocated by task 282: [ 14.996347] kasan_save_stack+0x45/0x70 [ 14.996500] kasan_save_track+0x18/0x40 [ 14.996695] kasan_save_alloc_info+0x3b/0x50 [ 14.997020] __kasan_kmalloc+0xb7/0xc0 [ 14.997244] __kmalloc_cache_noprof+0x189/0x420 [ 14.997472] kasan_atomics+0x95/0x310 [ 14.997680] kunit_try_run_case+0x1a5/0x480 [ 14.998126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.998357] kthread+0x337/0x6f0 [ 14.998530] ret_from_fork+0x116/0x1d0 [ 14.998736] ret_from_fork_asm+0x1a/0x30 [ 14.999062] [ 14.999136] The buggy address belongs to the object at ffff8881027b3900 [ 14.999136] which belongs to the cache kmalloc-64 of size 64 [ 14.999625] The buggy address is located 0 bytes to the right of [ 14.999625] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.000368] [ 15.000465] The buggy address belongs to the physical page: [ 15.000649] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.000971] flags: 0x200000000000000(node=0|zone=2) [ 15.001320] page_type: f5(slab) [ 15.001489] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.001773] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.001995] page dumped because: kasan: bad access detected [ 15.002398] [ 15.002497] Memory state around the buggy address: [ 15.002723] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.003259] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.003480] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.003994] ^ [ 15.004249] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.004609] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.005060] ================================================================== [ 15.178894] ================================================================== [ 15.179437] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 15.179866] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.180342] [ 15.180503] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.180546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.180607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.180633] Call Trace: [ 15.180649] <TASK> [ 15.180665] dump_stack_lvl+0x73/0xb0 [ 15.180696] print_report+0xd1/0x650 [ 15.180719] ? __virt_addr_valid+0x1db/0x2d0 [ 15.180744] ? kasan_atomics_helper+0x72f/0x5450 [ 15.180767] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.180814] ? kasan_atomics_helper+0x72f/0x5450 [ 15.180873] kasan_report+0x141/0x180 [ 15.180896] ? kasan_atomics_helper+0x72f/0x5450 [ 15.180924] kasan_check_range+0x10c/0x1c0 [ 15.180949] __kasan_check_write+0x18/0x20 [ 15.180978] kasan_atomics_helper+0x72f/0x5450 [ 15.181003] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.181027] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.181067] ? kasan_atomics+0x152/0x310 [ 15.181094] kasan_atomics+0x1dc/0x310 [ 15.181141] ? __pfx_kasan_atomics+0x10/0x10 [ 15.181165] ? trace_hardirqs_on+0x37/0xe0 [ 15.181190] ? __pfx_read_tsc+0x10/0x10 [ 15.181212] ? ktime_get_ts64+0x86/0x230 [ 15.181237] kunit_try_run_case+0x1a5/0x480 [ 15.181262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.181288] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.181315] ? __kthread_parkme+0x82/0x180 [ 15.181355] ? preempt_count_sub+0x50/0x80 [ 15.181381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.181408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.181434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.181462] kthread+0x337/0x6f0 [ 15.181481] ? trace_preempt_on+0x20/0xc0 [ 15.181504] ? __pfx_kthread+0x10/0x10 [ 15.181526] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.181549] ? calculate_sigpending+0x7b/0xa0 [ 15.181574] ? __pfx_kthread+0x10/0x10 [ 15.181597] ret_from_fork+0x116/0x1d0 [ 15.181616] ? __pfx_kthread+0x10/0x10 [ 15.181638] ret_from_fork_asm+0x1a/0x30 [ 15.181669] </TASK> [ 15.181681] [ 15.193147] Allocated by task 282: [ 15.193472] kasan_save_stack+0x45/0x70 [ 15.193774] kasan_save_track+0x18/0x40 [ 15.194179] kasan_save_alloc_info+0x3b/0x50 [ 15.194486] __kasan_kmalloc+0xb7/0xc0 [ 15.194637] __kmalloc_cache_noprof+0x189/0x420 [ 15.194863] kasan_atomics+0x95/0x310 [ 15.195303] kunit_try_run_case+0x1a5/0x480 [ 15.195594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.196043] kthread+0x337/0x6f0 [ 15.196302] ret_from_fork+0x116/0x1d0 [ 15.196451] ret_from_fork_asm+0x1a/0x30 [ 15.196777] [ 15.196895] The buggy address belongs to the object at ffff8881027b3900 [ 15.196895] which belongs to the cache kmalloc-64 of size 64 [ 15.197421] The buggy address is located 0 bytes to the right of [ 15.197421] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.197946] [ 15.198303] The buggy address belongs to the physical page: [ 15.198560] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.198855] flags: 0x200000000000000(node=0|zone=2) [ 15.199137] page_type: f5(slab) [ 15.199308] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.199601] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.200045] page dumped because: kasan: bad access detected [ 15.200286] [ 15.200386] Memory state around the buggy address: [ 15.200589] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.200867] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.201265] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.201538] ^ [ 15.201694] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.202089] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.202421] ================================================================== [ 15.357733] ================================================================== [ 15.358687] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 15.359217] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.359672] [ 15.359779] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.359822] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.359834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.359855] Call Trace: [ 15.359870] <TASK> [ 15.359885] dump_stack_lvl+0x73/0xb0 [ 15.359914] print_report+0xd1/0x650 [ 15.359937] ? __virt_addr_valid+0x1db/0x2d0 [ 15.359967] ? kasan_atomics_helper+0xc70/0x5450 [ 15.359989] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.360014] ? kasan_atomics_helper+0xc70/0x5450 [ 15.360047] kasan_report+0x141/0x180 [ 15.360071] ? kasan_atomics_helper+0xc70/0x5450 [ 15.360098] kasan_check_range+0x10c/0x1c0 [ 15.360124] __kasan_check_write+0x18/0x20 [ 15.360145] kasan_atomics_helper+0xc70/0x5450 [ 15.360169] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.360193] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.360220] ? kasan_atomics+0x152/0x310 [ 15.360247] kasan_atomics+0x1dc/0x310 [ 15.360271] ? __pfx_kasan_atomics+0x10/0x10 [ 15.360295] ? trace_hardirqs_on+0x37/0xe0 [ 15.360319] ? __pfx_read_tsc+0x10/0x10 [ 15.360341] ? ktime_get_ts64+0x86/0x230 [ 15.360630] kunit_try_run_case+0x1a5/0x480 [ 15.360832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.360872] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.360900] ? __kthread_parkme+0x82/0x180 [ 15.360922] ? preempt_count_sub+0x50/0x80 [ 15.360948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.360976] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.361003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.361051] kthread+0x337/0x6f0 [ 15.361072] ? trace_preempt_on+0x20/0xc0 [ 15.361096] ? __pfx_kthread+0x10/0x10 [ 15.361119] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.361142] ? calculate_sigpending+0x7b/0xa0 [ 15.361167] ? __pfx_kthread+0x10/0x10 [ 15.361190] ret_from_fork+0x116/0x1d0 [ 15.361291] ? __pfx_kthread+0x10/0x10 [ 15.361319] ret_from_fork_asm+0x1a/0x30 [ 15.361352] </TASK> [ 15.361365] [ 15.372324] Allocated by task 282: [ 15.372460] kasan_save_stack+0x45/0x70 [ 15.372608] kasan_save_track+0x18/0x40 [ 15.372744] kasan_save_alloc_info+0x3b/0x50 [ 15.372893] __kasan_kmalloc+0xb7/0xc0 [ 15.373026] __kmalloc_cache_noprof+0x189/0x420 [ 15.373363] kasan_atomics+0x95/0x310 [ 15.373596] kunit_try_run_case+0x1a5/0x480 [ 15.373812] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.374245] kthread+0x337/0x6f0 [ 15.374441] ret_from_fork+0x116/0x1d0 [ 15.374643] ret_from_fork_asm+0x1a/0x30 [ 15.374907] [ 15.375063] The buggy address belongs to the object at ffff8881027b3900 [ 15.375063] which belongs to the cache kmalloc-64 of size 64 [ 15.375624] The buggy address is located 0 bytes to the right of [ 15.375624] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.376422] [ 15.376560] The buggy address belongs to the physical page: [ 15.377112] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.377541] flags: 0x200000000000000(node=0|zone=2) [ 15.377781] page_type: f5(slab) [ 15.377991] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.378456] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.378832] page dumped because: kasan: bad access detected [ 15.379169] [ 15.379297] Memory state around the buggy address: [ 15.379621] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.380054] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.380399] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.380841] ^ [ 15.381137] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.381467] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.381780] ================================================================== [ 15.408701] ================================================================== [ 15.409241] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 15.409689] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.410418] [ 15.410540] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.410584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.410598] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.410619] Call Trace: [ 15.410636] <TASK> [ 15.410652] dump_stack_lvl+0x73/0xb0 [ 15.410682] print_report+0xd1/0x650 [ 15.410705] ? __virt_addr_valid+0x1db/0x2d0 [ 15.410728] ? kasan_atomics_helper+0xd47/0x5450 [ 15.410751] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.410775] ? kasan_atomics_helper+0xd47/0x5450 [ 15.410798] kasan_report+0x141/0x180 [ 15.410867] ? kasan_atomics_helper+0xd47/0x5450 [ 15.410895] kasan_check_range+0x10c/0x1c0 [ 15.410920] __kasan_check_write+0x18/0x20 [ 15.410939] kasan_atomics_helper+0xd47/0x5450 [ 15.410964] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.410988] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.411064] ? kasan_atomics+0x152/0x310 [ 15.411093] kasan_atomics+0x1dc/0x310 [ 15.411117] ? __pfx_kasan_atomics+0x10/0x10 [ 15.411141] ? trace_hardirqs_on+0x37/0xe0 [ 15.411164] ? __pfx_read_tsc+0x10/0x10 [ 15.411186] ? ktime_get_ts64+0x86/0x230 [ 15.411211] kunit_try_run_case+0x1a5/0x480 [ 15.411236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.411263] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.411290] ? __kthread_parkme+0x82/0x180 [ 15.411311] ? preempt_count_sub+0x50/0x80 [ 15.411335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.411361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.411387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.411413] kthread+0x337/0x6f0 [ 15.411434] ? trace_preempt_on+0x20/0xc0 [ 15.411457] ? __pfx_kthread+0x10/0x10 [ 15.411479] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.411502] ? calculate_sigpending+0x7b/0xa0 [ 15.411527] ? __pfx_kthread+0x10/0x10 [ 15.411549] ret_from_fork+0x116/0x1d0 [ 15.411569] ? __pfx_kthread+0x10/0x10 [ 15.411590] ret_from_fork_asm+0x1a/0x30 [ 15.411621] </TASK> [ 15.411632] [ 15.422931] Allocated by task 282: [ 15.423130] kasan_save_stack+0x45/0x70 [ 15.423281] kasan_save_track+0x18/0x40 [ 15.423429] kasan_save_alloc_info+0x3b/0x50 [ 15.423663] __kasan_kmalloc+0xb7/0xc0 [ 15.423867] __kmalloc_cache_noprof+0x189/0x420 [ 15.424205] kasan_atomics+0x95/0x310 [ 15.424441] kunit_try_run_case+0x1a5/0x480 [ 15.424635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.424846] kthread+0x337/0x6f0 [ 15.425233] ret_from_fork+0x116/0x1d0 [ 15.425472] ret_from_fork_asm+0x1a/0x30 [ 15.425667] [ 15.425742] The buggy address belongs to the object at ffff8881027b3900 [ 15.425742] which belongs to the cache kmalloc-64 of size 64 [ 15.426190] The buggy address is located 0 bytes to the right of [ 15.426190] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.426728] [ 15.426800] The buggy address belongs to the physical page: [ 15.426970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.427659] flags: 0x200000000000000(node=0|zone=2) [ 15.428072] page_type: f5(slab) [ 15.428218] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.428566] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.428803] page dumped because: kasan: bad access detected [ 15.429273] [ 15.429405] Memory state around the buggy address: [ 15.429594] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.430051] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.430294] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.430641] ^ [ 15.430879] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.431411] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.431643] ================================================================== [ 16.001806] ================================================================== [ 16.002207] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 16.002997] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.003313] [ 16.003422] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.003465] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.003478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.003498] Call Trace: [ 16.003514] <TASK> [ 16.003530] dump_stack_lvl+0x73/0xb0 [ 16.003559] print_report+0xd1/0x650 [ 16.003582] ? __virt_addr_valid+0x1db/0x2d0 [ 16.003606] ? kasan_atomics_helper+0x1a7f/0x5450 [ 16.003629] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.003653] ? kasan_atomics_helper+0x1a7f/0x5450 [ 16.003676] kasan_report+0x141/0x180 [ 16.003699] ? kasan_atomics_helper+0x1a7f/0x5450 [ 16.003726] kasan_check_range+0x10c/0x1c0 [ 16.003751] __kasan_check_write+0x18/0x20 [ 16.003771] kasan_atomics_helper+0x1a7f/0x5450 [ 16.003796] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.003820] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.003846] ? kasan_atomics+0x152/0x310 [ 16.003873] kasan_atomics+0x1dc/0x310 [ 16.003897] ? __pfx_kasan_atomics+0x10/0x10 [ 16.003921] ? trace_hardirqs_on+0x37/0xe0 [ 16.003951] ? __pfx_read_tsc+0x10/0x10 [ 16.003973] ? ktime_get_ts64+0x86/0x230 [ 16.003997] kunit_try_run_case+0x1a5/0x480 [ 16.004022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.004144] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.004184] ? __kthread_parkme+0x82/0x180 [ 16.004205] ? preempt_count_sub+0x50/0x80 [ 16.004230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.004256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.004283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.004308] kthread+0x337/0x6f0 [ 16.004328] ? trace_preempt_on+0x20/0xc0 [ 16.004351] ? __pfx_kthread+0x10/0x10 [ 16.004372] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.004396] ? calculate_sigpending+0x7b/0xa0 [ 16.004421] ? __pfx_kthread+0x10/0x10 [ 16.004443] ret_from_fork+0x116/0x1d0 [ 16.004463] ? __pfx_kthread+0x10/0x10 [ 16.004484] ret_from_fork_asm+0x1a/0x30 [ 16.004517] </TASK> [ 16.004528] [ 16.015672] Allocated by task 282: [ 16.015894] kasan_save_stack+0x45/0x70 [ 16.016307] kasan_save_track+0x18/0x40 [ 16.016615] kasan_save_alloc_info+0x3b/0x50 [ 16.016917] __kasan_kmalloc+0xb7/0xc0 [ 16.017110] __kmalloc_cache_noprof+0x189/0x420 [ 16.017327] kasan_atomics+0x95/0x310 [ 16.017504] kunit_try_run_case+0x1a5/0x480 [ 16.017706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.017950] kthread+0x337/0x6f0 [ 16.018547] ret_from_fork+0x116/0x1d0 [ 16.018722] ret_from_fork_asm+0x1a/0x30 [ 16.019350] [ 16.019434] The buggy address belongs to the object at ffff8881027b3900 [ 16.019434] which belongs to the cache kmalloc-64 of size 64 [ 16.020324] The buggy address is located 0 bytes to the right of [ 16.020324] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.021107] [ 16.021217] The buggy address belongs to the physical page: [ 16.021612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.022186] flags: 0x200000000000000(node=0|zone=2) [ 16.022381] page_type: f5(slab) [ 16.022681] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.023205] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.023531] page dumped because: kasan: bad access detected [ 16.023770] [ 16.023855] Memory state around the buggy address: [ 16.024365] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.024729] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.025471] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.025771] ^ [ 16.026260] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.026671] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.027239] ================================================================== [ 15.772316] ================================================================== [ 15.772729] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 15.773155] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.773571] [ 15.773690] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.773734] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.773747] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.773768] Call Trace: [ 15.773784] <TASK> [ 15.773798] dump_stack_lvl+0x73/0xb0 [ 15.773827] print_report+0xd1/0x650 [ 15.773850] ? __virt_addr_valid+0x1db/0x2d0 [ 15.773873] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.773930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.773954] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.773988] kasan_report+0x141/0x180 [ 15.774011] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.774046] __asan_report_store8_noabort+0x1b/0x30 [ 15.774073] kasan_atomics_helper+0x50d4/0x5450 [ 15.774097] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.774121] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.774146] ? kasan_atomics+0x152/0x310 [ 15.774174] kasan_atomics+0x1dc/0x310 [ 15.774253] ? __pfx_kasan_atomics+0x10/0x10 [ 15.774279] ? trace_hardirqs_on+0x37/0xe0 [ 15.774303] ? __pfx_read_tsc+0x10/0x10 [ 15.774325] ? ktime_get_ts64+0x86/0x230 [ 15.774350] kunit_try_run_case+0x1a5/0x480 [ 15.774375] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.774401] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.774427] ? __kthread_parkme+0x82/0x180 [ 15.774448] ? preempt_count_sub+0x50/0x80 [ 15.774473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.774499] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.774525] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.774551] kthread+0x337/0x6f0 [ 15.774571] ? trace_preempt_on+0x20/0xc0 [ 15.774595] ? __pfx_kthread+0x10/0x10 [ 15.774617] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.774639] ? calculate_sigpending+0x7b/0xa0 [ 15.774664] ? __pfx_kthread+0x10/0x10 [ 15.774702] ret_from_fork+0x116/0x1d0 [ 15.774722] ? __pfx_kthread+0x10/0x10 [ 15.774744] ret_from_fork_asm+0x1a/0x30 [ 15.774785] </TASK> [ 15.774797] [ 15.784554] Allocated by task 282: [ 15.784731] kasan_save_stack+0x45/0x70 [ 15.785187] kasan_save_track+0x18/0x40 [ 15.785368] kasan_save_alloc_info+0x3b/0x50 [ 15.785559] __kasan_kmalloc+0xb7/0xc0 [ 15.785737] __kmalloc_cache_noprof+0x189/0x420 [ 15.786078] kasan_atomics+0x95/0x310 [ 15.786600] kunit_try_run_case+0x1a5/0x480 [ 15.787162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.787592] kthread+0x337/0x6f0 [ 15.788075] ret_from_fork+0x116/0x1d0 [ 15.788352] ret_from_fork_asm+0x1a/0x30 [ 15.788756] [ 15.788995] The buggy address belongs to the object at ffff8881027b3900 [ 15.788995] which belongs to the cache kmalloc-64 of size 64 [ 15.789725] The buggy address is located 0 bytes to the right of [ 15.789725] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.790458] [ 15.790558] The buggy address belongs to the physical page: [ 15.790790] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.791479] flags: 0x200000000000000(node=0|zone=2) [ 15.792067] page_type: f5(slab) [ 15.792378] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.792706] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.793306] page dumped because: kasan: bad access detected [ 15.793749] [ 15.793986] Memory state around the buggy address: [ 15.794397] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.794701] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.795479] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.795963] ^ [ 15.796420] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.797092] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.797608] ================================================================== [ 15.005582] ================================================================== [ 15.006070] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 15.006426] Read of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.006769] [ 15.007004] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.007060] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.007073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.007094] Call Trace: [ 15.007110] <TASK> [ 15.007125] dump_stack_lvl+0x73/0xb0 [ 15.007154] print_report+0xd1/0x650 [ 15.007178] ? __virt_addr_valid+0x1db/0x2d0 [ 15.007201] ? kasan_atomics_helper+0x3df/0x5450 [ 15.007223] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.007248] ? kasan_atomics_helper+0x3df/0x5450 [ 15.007271] kasan_report+0x141/0x180 [ 15.007293] ? kasan_atomics_helper+0x3df/0x5450 [ 15.007321] kasan_check_range+0x10c/0x1c0 [ 15.007346] __kasan_check_read+0x15/0x20 [ 15.007366] kasan_atomics_helper+0x3df/0x5450 [ 15.007390] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.007413] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.007440] ? kasan_atomics+0x152/0x310 [ 15.007467] kasan_atomics+0x1dc/0x310 [ 15.007491] ? __pfx_kasan_atomics+0x10/0x10 [ 15.007514] ? trace_hardirqs_on+0x37/0xe0 [ 15.007538] ? __pfx_read_tsc+0x10/0x10 [ 15.007560] ? ktime_get_ts64+0x86/0x230 [ 15.007584] kunit_try_run_case+0x1a5/0x480 [ 15.007609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.007635] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.007661] ? __kthread_parkme+0x82/0x180 [ 15.007682] ? preempt_count_sub+0x50/0x80 [ 15.007706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.007732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.007757] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.007784] kthread+0x337/0x6f0 [ 15.007899] ? trace_preempt_on+0x20/0xc0 [ 15.007943] ? __pfx_kthread+0x10/0x10 [ 15.007969] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.007993] ? calculate_sigpending+0x7b/0xa0 [ 15.008017] ? __pfx_kthread+0x10/0x10 [ 15.008049] ret_from_fork+0x116/0x1d0 [ 15.008068] ? __pfx_kthread+0x10/0x10 [ 15.008089] ret_from_fork_asm+0x1a/0x30 [ 15.008121] </TASK> [ 15.008131] [ 15.016388] Allocated by task 282: [ 15.016595] kasan_save_stack+0x45/0x70 [ 15.016786] kasan_save_track+0x18/0x40 [ 15.017141] kasan_save_alloc_info+0x3b/0x50 [ 15.017359] __kasan_kmalloc+0xb7/0xc0 [ 15.017493] __kmalloc_cache_noprof+0x189/0x420 [ 15.017698] kasan_atomics+0x95/0x310 [ 15.018183] kunit_try_run_case+0x1a5/0x480 [ 15.018405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.018703] kthread+0x337/0x6f0 [ 15.018979] ret_from_fork+0x116/0x1d0 [ 15.019210] ret_from_fork_asm+0x1a/0x30 [ 15.019408] [ 15.019540] The buggy address belongs to the object at ffff8881027b3900 [ 15.019540] which belongs to the cache kmalloc-64 of size 64 [ 15.020178] The buggy address is located 0 bytes to the right of [ 15.020178] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.020697] [ 15.020891] The buggy address belongs to the physical page: [ 15.021188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.021569] flags: 0x200000000000000(node=0|zone=2) [ 15.021881] page_type: f5(slab) [ 15.022113] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.022448] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.023011] page dumped because: kasan: bad access detected [ 15.023346] [ 15.023430] Memory state around the buggy address: [ 15.023652] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.024127] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.024460] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.024766] ^ [ 15.025112] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.025443] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.025780] ================================================================== [ 16.105347] ================================================================== [ 16.105622] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 16.106425] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.106744] [ 16.106840] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.107083] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.107097] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.107117] Call Trace: [ 16.107133] <TASK> [ 16.107149] dump_stack_lvl+0x73/0xb0 [ 16.107181] print_report+0xd1/0x650 [ 16.107204] ? __virt_addr_valid+0x1db/0x2d0 [ 16.107228] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.107251] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.107275] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.107298] kasan_report+0x141/0x180 [ 16.107322] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.107349] kasan_check_range+0x10c/0x1c0 [ 16.107374] __kasan_check_write+0x18/0x20 [ 16.107395] kasan_atomics_helper+0x1ce1/0x5450 [ 16.107419] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.107443] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.107469] ? kasan_atomics+0x152/0x310 [ 16.107496] kasan_atomics+0x1dc/0x310 [ 16.107520] ? __pfx_kasan_atomics+0x10/0x10 [ 16.107544] ? trace_hardirqs_on+0x37/0xe0 [ 16.107569] ? __pfx_read_tsc+0x10/0x10 [ 16.107592] ? ktime_get_ts64+0x86/0x230 [ 16.107616] kunit_try_run_case+0x1a5/0x480 [ 16.107642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.107669] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.107695] ? __kthread_parkme+0x82/0x180 [ 16.107716] ? preempt_count_sub+0x50/0x80 [ 16.107741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.107767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.107792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.107979] kthread+0x337/0x6f0 [ 16.108001] ? trace_preempt_on+0x20/0xc0 [ 16.108024] ? __pfx_kthread+0x10/0x10 [ 16.108057] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.108081] ? calculate_sigpending+0x7b/0xa0 [ 16.108106] ? __pfx_kthread+0x10/0x10 [ 16.108128] ret_from_fork+0x116/0x1d0 [ 16.108148] ? __pfx_kthread+0x10/0x10 [ 16.108169] ret_from_fork_asm+0x1a/0x30 [ 16.108199] </TASK> [ 16.108211] [ 16.118978] Allocated by task 282: [ 16.119418] kasan_save_stack+0x45/0x70 [ 16.119599] kasan_save_track+0x18/0x40 [ 16.119964] kasan_save_alloc_info+0x3b/0x50 [ 16.120342] __kasan_kmalloc+0xb7/0xc0 [ 16.120517] __kmalloc_cache_noprof+0x189/0x420 [ 16.120723] kasan_atomics+0x95/0x310 [ 16.121291] kunit_try_run_case+0x1a5/0x480 [ 16.121476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.121736] kthread+0x337/0x6f0 [ 16.121911] ret_from_fork+0x116/0x1d0 [ 16.122396] ret_from_fork_asm+0x1a/0x30 [ 16.122592] [ 16.122882] The buggy address belongs to the object at ffff8881027b3900 [ 16.122882] which belongs to the cache kmalloc-64 of size 64 [ 16.123481] The buggy address is located 0 bytes to the right of [ 16.123481] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.124363] [ 16.124468] The buggy address belongs to the physical page: [ 16.124670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.125356] flags: 0x200000000000000(node=0|zone=2) [ 16.125675] page_type: f5(slab) [ 16.125847] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.126413] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.126731] page dumped because: kasan: bad access detected [ 16.127282] [ 16.127379] Memory state around the buggy address: [ 16.127554] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.128133] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.128359] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.128664] ^ [ 16.129586] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.130439] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.130658] ================================================================== [ 16.181703] ================================================================== [ 16.182450] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 16.182693] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 16.183281] [ 16.183455] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 16.183498] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.183511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.183531] Call Trace: [ 16.183548] <TASK> [ 16.183563] dump_stack_lvl+0x73/0xb0 [ 16.183592] print_report+0xd1/0x650 [ 16.183616] ? __virt_addr_valid+0x1db/0x2d0 [ 16.183640] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.183663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.183687] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.183710] kasan_report+0x141/0x180 [ 16.183733] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.183761] kasan_check_range+0x10c/0x1c0 [ 16.183786] __kasan_check_write+0x18/0x20 [ 16.183866] kasan_atomics_helper+0x1eaa/0x5450 [ 16.183891] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.183932] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.183967] ? kasan_atomics+0x152/0x310 [ 16.183998] kasan_atomics+0x1dc/0x310 [ 16.184022] ? __pfx_kasan_atomics+0x10/0x10 [ 16.184056] ? trace_hardirqs_on+0x37/0xe0 [ 16.184080] ? __pfx_read_tsc+0x10/0x10 [ 16.184103] ? ktime_get_ts64+0x86/0x230 [ 16.184128] kunit_try_run_case+0x1a5/0x480 [ 16.184153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.184180] ? queued_spin_lock_slowpath+0x116/0xb40 [ 16.184206] ? __kthread_parkme+0x82/0x180 [ 16.184228] ? preempt_count_sub+0x50/0x80 [ 16.184252] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.184279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.184305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.184331] kthread+0x337/0x6f0 [ 16.184351] ? trace_preempt_on+0x20/0xc0 [ 16.184374] ? __pfx_kthread+0x10/0x10 [ 16.184396] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.184420] ? calculate_sigpending+0x7b/0xa0 [ 16.184445] ? __pfx_kthread+0x10/0x10 [ 16.184467] ret_from_fork+0x116/0x1d0 [ 16.184487] ? __pfx_kthread+0x10/0x10 [ 16.184508] ret_from_fork_asm+0x1a/0x30 [ 16.184539] </TASK> [ 16.184551] [ 16.194724] Allocated by task 282: [ 16.194916] kasan_save_stack+0x45/0x70 [ 16.195131] kasan_save_track+0x18/0x40 [ 16.195328] kasan_save_alloc_info+0x3b/0x50 [ 16.195534] __kasan_kmalloc+0xb7/0xc0 [ 16.195701] __kmalloc_cache_noprof+0x189/0x420 [ 16.195913] kasan_atomics+0x95/0x310 [ 16.196213] kunit_try_run_case+0x1a5/0x480 [ 16.196437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.196681] kthread+0x337/0x6f0 [ 16.196892] ret_from_fork+0x116/0x1d0 [ 16.197060] ret_from_fork_asm+0x1a/0x30 [ 16.197245] [ 16.197346] The buggy address belongs to the object at ffff8881027b3900 [ 16.197346] which belongs to the cache kmalloc-64 of size 64 [ 16.197800] The buggy address is located 0 bytes to the right of [ 16.197800] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 16.198195] [ 16.198316] The buggy address belongs to the physical page: [ 16.198572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 16.199091] flags: 0x200000000000000(node=0|zone=2) [ 16.199438] page_type: f5(slab) [ 16.199659] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.199907] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.200154] page dumped because: kasan: bad access detected [ 16.200377] [ 16.200469] Memory state around the buggy address: [ 16.200753] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.201262] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.201480] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.201692] ^ [ 16.201845] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.202331] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.202698] ================================================================== [ 15.979251] ================================================================== [ 15.979562] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 15.980126] Write of size 8 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.980457] [ 15.980548] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.980592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.980605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.981311] Call Trace: [ 15.981396] <TASK> [ 15.981417] dump_stack_lvl+0x73/0xb0 [ 15.981466] print_report+0xd1/0x650 [ 15.981489] ? __virt_addr_valid+0x1db/0x2d0 [ 15.981513] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.981536] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.981561] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.981584] kasan_report+0x141/0x180 [ 15.981606] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.981634] kasan_check_range+0x10c/0x1c0 [ 15.981659] __kasan_check_write+0x18/0x20 [ 15.981680] kasan_atomics_helper+0x19e3/0x5450 [ 15.981704] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.981728] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.981755] ? kasan_atomics+0x152/0x310 [ 15.981782] kasan_atomics+0x1dc/0x310 [ 15.981806] ? __pfx_kasan_atomics+0x10/0x10 [ 15.981887] ? trace_hardirqs_on+0x37/0xe0 [ 15.981912] ? __pfx_read_tsc+0x10/0x10 [ 15.981949] ? ktime_get_ts64+0x86/0x230 [ 15.981973] kunit_try_run_case+0x1a5/0x480 [ 15.982000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.982026] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.982064] ? __kthread_parkme+0x82/0x180 [ 15.982086] ? preempt_count_sub+0x50/0x80 [ 15.982111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.982137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.982162] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.982188] kthread+0x337/0x6f0 [ 15.982208] ? trace_preempt_on+0x20/0xc0 [ 15.982231] ? __pfx_kthread+0x10/0x10 [ 15.982253] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.982276] ? calculate_sigpending+0x7b/0xa0 [ 15.982301] ? __pfx_kthread+0x10/0x10 [ 15.982323] ret_from_fork+0x116/0x1d0 [ 15.982343] ? __pfx_kthread+0x10/0x10 [ 15.982364] ret_from_fork_asm+0x1a/0x30 [ 15.982395] </TASK> [ 15.982406] [ 15.991479] Allocated by task 282: [ 15.991719] kasan_save_stack+0x45/0x70 [ 15.992062] kasan_save_track+0x18/0x40 [ 15.992296] kasan_save_alloc_info+0x3b/0x50 [ 15.992455] __kasan_kmalloc+0xb7/0xc0 [ 15.992597] __kmalloc_cache_noprof+0x189/0x420 [ 15.992768] kasan_atomics+0x95/0x310 [ 15.993203] kunit_try_run_case+0x1a5/0x480 [ 15.993441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.993703] kthread+0x337/0x6f0 [ 15.993910] ret_from_fork+0x116/0x1d0 [ 15.994514] ret_from_fork_asm+0x1a/0x30 [ 15.994678] [ 15.994753] The buggy address belongs to the object at ffff8881027b3900 [ 15.994753] which belongs to the cache kmalloc-64 of size 64 [ 15.995191] The buggy address is located 0 bytes to the right of [ 15.995191] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.996025] [ 15.996173] The buggy address belongs to the physical page: [ 15.996445] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.996714] flags: 0x200000000000000(node=0|zone=2) [ 15.997176] page_type: f5(slab) [ 15.997369] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.997678] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.998111] page dumped because: kasan: bad access detected [ 15.998332] [ 15.998427] Memory state around the buggy address: [ 15.998686] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.999552] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.000084] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.000405] ^ [ 16.000621] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.001038] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.001375] ================================================================== [ 15.475904] ================================================================== [ 15.476291] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 15.476663] Write of size 4 at addr ffff8881027b3930 by task kunit_try_catch/282 [ 15.477064] [ 15.477217] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 15.477262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.477274] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.477295] Call Trace: [ 15.477309] <TASK> [ 15.477325] dump_stack_lvl+0x73/0xb0 [ 15.477355] print_report+0xd1/0x650 [ 15.477378] ? __virt_addr_valid+0x1db/0x2d0 [ 15.477401] ? kasan_atomics_helper+0xf10/0x5450 [ 15.477423] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.477447] ? kasan_atomics_helper+0xf10/0x5450 [ 15.477471] kasan_report+0x141/0x180 [ 15.477493] ? kasan_atomics_helper+0xf10/0x5450 [ 15.477520] kasan_check_range+0x10c/0x1c0 [ 15.477545] __kasan_check_write+0x18/0x20 [ 15.477565] kasan_atomics_helper+0xf10/0x5450 [ 15.477589] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.477613] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.477640] ? kasan_atomics+0x152/0x310 [ 15.477668] kasan_atomics+0x1dc/0x310 [ 15.477691] ? __pfx_kasan_atomics+0x10/0x10 [ 15.477715] ? trace_hardirqs_on+0x37/0xe0 [ 15.477740] ? __pfx_read_tsc+0x10/0x10 [ 15.477762] ? ktime_get_ts64+0x86/0x230 [ 15.477805] kunit_try_run_case+0x1a5/0x480 [ 15.477882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.477910] ? queued_spin_lock_slowpath+0x116/0xb40 [ 15.477938] ? __kthread_parkme+0x82/0x180 [ 15.477960] ? preempt_count_sub+0x50/0x80 [ 15.477985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.478011] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.478050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.478079] kthread+0x337/0x6f0 [ 15.478099] ? trace_preempt_on+0x20/0xc0 [ 15.478122] ? __pfx_kthread+0x10/0x10 [ 15.478143] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.478166] ? calculate_sigpending+0x7b/0xa0 [ 15.478200] ? __pfx_kthread+0x10/0x10 [ 15.478223] ret_from_fork+0x116/0x1d0 [ 15.478243] ? __pfx_kthread+0x10/0x10 [ 15.478265] ret_from_fork_asm+0x1a/0x30 [ 15.478296] </TASK> [ 15.478307] [ 15.486283] Allocated by task 282: [ 15.486447] kasan_save_stack+0x45/0x70 [ 15.486636] kasan_save_track+0x18/0x40 [ 15.486898] kasan_save_alloc_info+0x3b/0x50 [ 15.487078] __kasan_kmalloc+0xb7/0xc0 [ 15.487210] __kmalloc_cache_noprof+0x189/0x420 [ 15.487362] kasan_atomics+0x95/0x310 [ 15.487547] kunit_try_run_case+0x1a5/0x480 [ 15.487780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.488444] kthread+0x337/0x6f0 [ 15.488619] ret_from_fork+0x116/0x1d0 [ 15.488764] ret_from_fork_asm+0x1a/0x30 [ 15.489156] [ 15.489280] The buggy address belongs to the object at ffff8881027b3900 [ 15.489280] which belongs to the cache kmalloc-64 of size 64 [ 15.489661] The buggy address is located 0 bytes to the right of [ 15.489661] allocated 48-byte region [ffff8881027b3900, ffff8881027b3930) [ 15.490169] [ 15.490265] The buggy address belongs to the physical page: [ 15.490706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b3 [ 15.491155] flags: 0x200000000000000(node=0|zone=2) [ 15.491407] page_type: f5(slab) [ 15.491538] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.491763] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.492073] page dumped because: kasan: bad access detected [ 15.492317] [ 15.492391] Memory state around the buggy address: [ 15.492607] ffff8881027b3800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.493233] ffff8881027b3880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.493497] >ffff8881027b3900: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.493704] ^ [ 15.494069] ffff8881027b3980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.494436] ffff8881027b3a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.494755] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 14.789842] ================================================================== [ 14.790180] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.790586] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.791079] [ 14.791278] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.791322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.791334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.791354] Call Trace: [ 14.791368] <TASK> [ 14.791383] dump_stack_lvl+0x73/0xb0 [ 14.791411] print_report+0xd1/0x650 [ 14.791432] ? __virt_addr_valid+0x1db/0x2d0 [ 14.791455] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.791484] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.791508] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.791537] kasan_report+0x141/0x180 [ 14.791559] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.791592] kasan_check_range+0x10c/0x1c0 [ 14.791616] __kasan_check_write+0x18/0x20 [ 14.791634] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.791664] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.791695] ? ret_from_fork_asm+0x1a/0x30 [ 14.791717] ? kthread+0x337/0x6f0 [ 14.791739] kasan_bitops_generic+0x121/0x1c0 [ 14.791763] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.791789] ? __pfx_read_tsc+0x10/0x10 [ 14.791809] ? ktime_get_ts64+0x86/0x230 [ 14.791833] kunit_try_run_case+0x1a5/0x480 [ 14.791857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.791880] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.791905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.791929] ? __kthread_parkme+0x82/0x180 [ 14.791955] ? preempt_count_sub+0x50/0x80 [ 14.791979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.792002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.792027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.792065] kthread+0x337/0x6f0 [ 14.792084] ? trace_preempt_on+0x20/0xc0 [ 14.792106] ? __pfx_kthread+0x10/0x10 [ 14.792127] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.792148] ? calculate_sigpending+0x7b/0xa0 [ 14.792171] ? __pfx_kthread+0x10/0x10 [ 14.792193] ret_from_fork+0x116/0x1d0 [ 14.792220] ? __pfx_kthread+0x10/0x10 [ 14.792240] ret_from_fork_asm+0x1a/0x30 [ 14.792270] </TASK> [ 14.792279] [ 14.800571] Allocated by task 278: [ 14.800703] kasan_save_stack+0x45/0x70 [ 14.800843] kasan_save_track+0x18/0x40 [ 14.800978] kasan_save_alloc_info+0x3b/0x50 [ 14.801136] __kasan_kmalloc+0xb7/0xc0 [ 14.801267] __kmalloc_cache_noprof+0x189/0x420 [ 14.801583] kasan_bitops_generic+0x92/0x1c0 [ 14.801793] kunit_try_run_case+0x1a5/0x480 [ 14.801996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.802262] kthread+0x337/0x6f0 [ 14.802434] ret_from_fork+0x116/0x1d0 [ 14.802625] ret_from_fork_asm+0x1a/0x30 [ 14.802784] [ 14.802854] The buggy address belongs to the object at ffff888101debea0 [ 14.802854] which belongs to the cache kmalloc-16 of size 16 [ 14.803216] The buggy address is located 8 bytes inside of [ 14.803216] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.803999] [ 14.804114] The buggy address belongs to the physical page: [ 14.804363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.804709] flags: 0x200000000000000(node=0|zone=2) [ 14.804943] page_type: f5(slab) [ 14.805100] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.805328] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.805551] page dumped because: kasan: bad access detected [ 14.805721] [ 14.805790] Memory state around the buggy address: [ 14.805972] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.806311] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.806632] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.806953] ^ [ 14.807182] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.807563] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.807772] ================================================================== [ 14.828999] ================================================================== [ 14.830098] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.831333] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.831565] [ 14.831647] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.831688] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.831702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.831722] Call Trace: [ 14.831738] <TASK> [ 14.831753] dump_stack_lvl+0x73/0xb0 [ 14.831783] print_report+0xd1/0x650 [ 14.831806] ? __virt_addr_valid+0x1db/0x2d0 [ 14.831828] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.831857] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.831881] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.831910] kasan_report+0x141/0x180 [ 14.832577] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.832614] kasan_check_range+0x10c/0x1c0 [ 14.832643] __kasan_check_write+0x18/0x20 [ 14.832664] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.832694] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.832726] ? ret_from_fork_asm+0x1a/0x30 [ 14.832750] ? kthread+0x337/0x6f0 [ 14.832773] kasan_bitops_generic+0x121/0x1c0 [ 14.832798] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.832826] ? __pfx_read_tsc+0x10/0x10 [ 14.832848] ? ktime_get_ts64+0x86/0x230 [ 14.832871] kunit_try_run_case+0x1a5/0x480 [ 14.832895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.832944] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.832970] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.832994] ? __kthread_parkme+0x82/0x180 [ 14.833014] ? preempt_count_sub+0x50/0x80 [ 14.833050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.833074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.833098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.833124] kthread+0x337/0x6f0 [ 14.833142] ? trace_preempt_on+0x20/0xc0 [ 14.833166] ? __pfx_kthread+0x10/0x10 [ 14.833186] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.833208] ? calculate_sigpending+0x7b/0xa0 [ 14.833232] ? __pfx_kthread+0x10/0x10 [ 14.833252] ret_from_fork+0x116/0x1d0 [ 14.833271] ? __pfx_kthread+0x10/0x10 [ 14.833291] ret_from_fork_asm+0x1a/0x30 [ 14.833321] </TASK> [ 14.833331] [ 14.843862] Allocated by task 278: [ 14.843998] kasan_save_stack+0x45/0x70 [ 14.844629] kasan_save_track+0x18/0x40 [ 14.844844] kasan_save_alloc_info+0x3b/0x50 [ 14.845186] __kasan_kmalloc+0xb7/0xc0 [ 14.845519] __kmalloc_cache_noprof+0x189/0x420 [ 14.845723] kasan_bitops_generic+0x92/0x1c0 [ 14.845916] kunit_try_run_case+0x1a5/0x480 [ 14.846396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.846624] kthread+0x337/0x6f0 [ 14.846774] ret_from_fork+0x116/0x1d0 [ 14.847213] ret_from_fork_asm+0x1a/0x30 [ 14.847471] [ 14.847722] The buggy address belongs to the object at ffff888101debea0 [ 14.847722] which belongs to the cache kmalloc-16 of size 16 [ 14.848779] The buggy address is located 8 bytes inside of [ 14.848779] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.849632] [ 14.849879] The buggy address belongs to the physical page: [ 14.850291] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.850625] flags: 0x200000000000000(node=0|zone=2) [ 14.850846] page_type: f5(slab) [ 14.851303] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.851839] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.852373] page dumped because: kasan: bad access detected [ 14.852608] [ 14.852698] Memory state around the buggy address: [ 14.852902] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.853496] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.853803] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.854461] ^ [ 14.854749] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.855391] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.855694] ================================================================== [ 14.772402] ================================================================== [ 14.772641] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.772925] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.773279] [ 14.773363] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.773404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.773416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.773436] Call Trace: [ 14.773451] <TASK> [ 14.773464] dump_stack_lvl+0x73/0xb0 [ 14.773492] print_report+0xd1/0x650 [ 14.773514] ? __virt_addr_valid+0x1db/0x2d0 [ 14.773537] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.773567] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.773591] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.773619] kasan_report+0x141/0x180 [ 14.773641] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.773674] kasan_check_range+0x10c/0x1c0 [ 14.773697] __kasan_check_write+0x18/0x20 [ 14.773717] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.773746] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.773777] ? ret_from_fork_asm+0x1a/0x30 [ 14.773799] ? kthread+0x337/0x6f0 [ 14.773822] kasan_bitops_generic+0x121/0x1c0 [ 14.773846] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.773871] ? __pfx_read_tsc+0x10/0x10 [ 14.773892] ? ktime_get_ts64+0x86/0x230 [ 14.773916] kunit_try_run_case+0x1a5/0x480 [ 14.773954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.773977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.774001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.774024] ? __kthread_parkme+0x82/0x180 [ 14.774054] ? preempt_count_sub+0x50/0x80 [ 14.774078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.774102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.774127] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.774152] kthread+0x337/0x6f0 [ 14.774170] ? trace_preempt_on+0x20/0xc0 [ 14.774194] ? __pfx_kthread+0x10/0x10 [ 14.774214] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.774235] ? calculate_sigpending+0x7b/0xa0 [ 14.774259] ? __pfx_kthread+0x10/0x10 [ 14.774279] ret_from_fork+0x116/0x1d0 [ 14.774298] ? __pfx_kthread+0x10/0x10 [ 14.774319] ret_from_fork_asm+0x1a/0x30 [ 14.774349] </TASK> [ 14.774359] [ 14.781899] Allocated by task 278: [ 14.782078] kasan_save_stack+0x45/0x70 [ 14.782282] kasan_save_track+0x18/0x40 [ 14.782470] kasan_save_alloc_info+0x3b/0x50 [ 14.782633] __kasan_kmalloc+0xb7/0xc0 [ 14.782765] __kmalloc_cache_noprof+0x189/0x420 [ 14.782919] kasan_bitops_generic+0x92/0x1c0 [ 14.783078] kunit_try_run_case+0x1a5/0x480 [ 14.783431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.783685] kthread+0x337/0x6f0 [ 14.783852] ret_from_fork+0x116/0x1d0 [ 14.784055] ret_from_fork_asm+0x1a/0x30 [ 14.784277] [ 14.784373] The buggy address belongs to the object at ffff888101debea0 [ 14.784373] which belongs to the cache kmalloc-16 of size 16 [ 14.784867] The buggy address is located 8 bytes inside of [ 14.784867] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.785289] [ 14.785382] The buggy address belongs to the physical page: [ 14.785633] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.786017] flags: 0x200000000000000(node=0|zone=2) [ 14.786224] page_type: f5(slab) [ 14.786366] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.786671] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.787005] page dumped because: kasan: bad access detected [ 14.787200] [ 14.787268] Memory state around the buggy address: [ 14.787420] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.787635] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.787899] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.788509] ^ [ 14.788946] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.789197] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.789416] ================================================================== [ 14.684342] ================================================================== [ 14.684700] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.685138] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.685878] [ 14.686117] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.686167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.686179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.686199] Call Trace: [ 14.686214] <TASK> [ 14.686227] dump_stack_lvl+0x73/0xb0 [ 14.686257] print_report+0xd1/0x650 [ 14.686279] ? __virt_addr_valid+0x1db/0x2d0 [ 14.686303] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.686333] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.686356] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.686385] kasan_report+0x141/0x180 [ 14.686407] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.686439] kasan_check_range+0x10c/0x1c0 [ 14.686463] __kasan_check_write+0x18/0x20 [ 14.686483] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.686512] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.686543] ? ret_from_fork_asm+0x1a/0x30 [ 14.686565] ? kthread+0x337/0x6f0 [ 14.686587] kasan_bitops_generic+0x121/0x1c0 [ 14.686611] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.686636] ? __pfx_read_tsc+0x10/0x10 [ 14.686657] ? ktime_get_ts64+0x86/0x230 [ 14.686681] kunit_try_run_case+0x1a5/0x480 [ 14.686705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.686728] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.686751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.686775] ? __kthread_parkme+0x82/0x180 [ 14.686794] ? preempt_count_sub+0x50/0x80 [ 14.686818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.686842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.686866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.686891] kthread+0x337/0x6f0 [ 14.686910] ? trace_preempt_on+0x20/0xc0 [ 14.686965] ? __pfx_kthread+0x10/0x10 [ 14.686986] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.687008] ? calculate_sigpending+0x7b/0xa0 [ 14.687047] ? __pfx_kthread+0x10/0x10 [ 14.687069] ret_from_fork+0x116/0x1d0 [ 14.687088] ? __pfx_kthread+0x10/0x10 [ 14.687109] ret_from_fork_asm+0x1a/0x30 [ 14.687139] </TASK> [ 14.687149] [ 14.701459] Allocated by task 278: [ 14.701798] kasan_save_stack+0x45/0x70 [ 14.702236] kasan_save_track+0x18/0x40 [ 14.702599] kasan_save_alloc_info+0x3b/0x50 [ 14.703005] __kasan_kmalloc+0xb7/0xc0 [ 14.703359] __kmalloc_cache_noprof+0x189/0x420 [ 14.703780] kasan_bitops_generic+0x92/0x1c0 [ 14.704203] kunit_try_run_case+0x1a5/0x480 [ 14.704348] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.704517] kthread+0x337/0x6f0 [ 14.704633] ret_from_fork+0x116/0x1d0 [ 14.704762] ret_from_fork_asm+0x1a/0x30 [ 14.704897] [ 14.705057] The buggy address belongs to the object at ffff888101debea0 [ 14.705057] which belongs to the cache kmalloc-16 of size 16 [ 14.706160] The buggy address is located 8 bytes inside of [ 14.706160] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.707263] [ 14.707438] The buggy address belongs to the physical page: [ 14.707954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.708640] flags: 0x200000000000000(node=0|zone=2) [ 14.709116] page_type: f5(slab) [ 14.709427] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.710091] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.710321] page dumped because: kasan: bad access detected [ 14.710485] [ 14.710552] Memory state around the buggy address: [ 14.710701] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.710908] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.711541] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.712174] ^ [ 14.712578] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.713231] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.713959] ================================================================== [ 14.808281] ================================================================== [ 14.808613] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.809026] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.809378] [ 14.809460] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.809501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.809512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.809531] Call Trace: [ 14.809545] <TASK> [ 14.809559] dump_stack_lvl+0x73/0xb0 [ 14.809722] print_report+0xd1/0x650 [ 14.809750] ? __virt_addr_valid+0x1db/0x2d0 [ 14.809773] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.809802] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.809826] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.809856] kasan_report+0x141/0x180 [ 14.809878] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.809911] kasan_check_range+0x10c/0x1c0 [ 14.809949] __kasan_check_write+0x18/0x20 [ 14.809969] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.809999] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.810043] ? ret_from_fork_asm+0x1a/0x30 [ 14.810066] ? kthread+0x337/0x6f0 [ 14.810089] kasan_bitops_generic+0x121/0x1c0 [ 14.810114] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.810139] ? __pfx_read_tsc+0x10/0x10 [ 14.810160] ? ktime_get_ts64+0x86/0x230 [ 14.810183] kunit_try_run_case+0x1a5/0x480 [ 14.810207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.810231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.810255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.810279] ? __kthread_parkme+0x82/0x180 [ 14.810299] ? preempt_count_sub+0x50/0x80 [ 14.810322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.810347] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.810372] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.810397] kthread+0x337/0x6f0 [ 14.810415] ? trace_preempt_on+0x20/0xc0 [ 14.810437] ? __pfx_kthread+0x10/0x10 [ 14.810457] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.810480] ? calculate_sigpending+0x7b/0xa0 [ 14.810504] ? __pfx_kthread+0x10/0x10 [ 14.810525] ret_from_fork+0x116/0x1d0 [ 14.810544] ? __pfx_kthread+0x10/0x10 [ 14.810564] ret_from_fork_asm+0x1a/0x30 [ 14.810594] </TASK> [ 14.810605] [ 14.818534] Allocated by task 278: [ 14.818664] kasan_save_stack+0x45/0x70 [ 14.818806] kasan_save_track+0x18/0x40 [ 14.818941] kasan_save_alloc_info+0x3b/0x50 [ 14.819165] __kasan_kmalloc+0xb7/0xc0 [ 14.819421] __kmalloc_cache_noprof+0x189/0x420 [ 14.819639] kasan_bitops_generic+0x92/0x1c0 [ 14.820021] kunit_try_run_case+0x1a5/0x480 [ 14.820241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.820443] kthread+0x337/0x6f0 [ 14.820613] ret_from_fork+0x116/0x1d0 [ 14.820772] ret_from_fork_asm+0x1a/0x30 [ 14.820984] [ 14.821069] The buggy address belongs to the object at ffff888101debea0 [ 14.821069] which belongs to the cache kmalloc-16 of size 16 [ 14.821523] The buggy address is located 8 bytes inside of [ 14.821523] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.821978] [ 14.822102] The buggy address belongs to the physical page: [ 14.822327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.822636] flags: 0x200000000000000(node=0|zone=2) [ 14.822813] page_type: f5(slab) [ 14.823007] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.823307] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.823557] page dumped because: kasan: bad access detected [ 14.823726] [ 14.823793] Memory state around the buggy address: [ 14.823948] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.824173] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.824386] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.824709] ^ [ 14.824918] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.825248] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.825567] ================================================================== [ 14.743223] ================================================================== [ 14.743478] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.743754] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.744472] [ 14.744648] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.744689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.744700] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.744720] Call Trace: [ 14.744736] <TASK> [ 14.744750] dump_stack_lvl+0x73/0xb0 [ 14.744779] print_report+0xd1/0x650 [ 14.744800] ? __virt_addr_valid+0x1db/0x2d0 [ 14.744822] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.744851] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.744874] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.744903] kasan_report+0x141/0x180 [ 14.744925] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.744958] kasan_check_range+0x10c/0x1c0 [ 14.744981] __kasan_check_write+0x18/0x20 [ 14.745000] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.745042] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.745073] ? ret_from_fork_asm+0x1a/0x30 [ 14.745095] ? kthread+0x337/0x6f0 [ 14.745117] kasan_bitops_generic+0x121/0x1c0 [ 14.745142] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.745180] ? __pfx_read_tsc+0x10/0x10 [ 14.745201] ? ktime_get_ts64+0x86/0x230 [ 14.745225] kunit_try_run_case+0x1a5/0x480 [ 14.745248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.745271] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.745295] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.745319] ? __kthread_parkme+0x82/0x180 [ 14.745339] ? preempt_count_sub+0x50/0x80 [ 14.745362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.745386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.745411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.745436] kthread+0x337/0x6f0 [ 14.745454] ? trace_preempt_on+0x20/0xc0 [ 14.745477] ? __pfx_kthread+0x10/0x10 [ 14.745496] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.745519] ? calculate_sigpending+0x7b/0xa0 [ 14.745542] ? __pfx_kthread+0x10/0x10 [ 14.745563] ret_from_fork+0x116/0x1d0 [ 14.745582] ? __pfx_kthread+0x10/0x10 [ 14.745602] ret_from_fork_asm+0x1a/0x30 [ 14.745632] </TASK> [ 14.745641] [ 14.758487] Allocated by task 278: [ 14.758792] kasan_save_stack+0x45/0x70 [ 14.759186] kasan_save_track+0x18/0x40 [ 14.759554] kasan_save_alloc_info+0x3b/0x50 [ 14.759937] __kasan_kmalloc+0xb7/0xc0 [ 14.760291] __kmalloc_cache_noprof+0x189/0x420 [ 14.760697] kasan_bitops_generic+0x92/0x1c0 [ 14.761113] kunit_try_run_case+0x1a5/0x480 [ 14.761554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.762058] kthread+0x337/0x6f0 [ 14.762438] ret_from_fork+0x116/0x1d0 [ 14.762701] ret_from_fork_asm+0x1a/0x30 [ 14.763108] [ 14.763256] The buggy address belongs to the object at ffff888101debea0 [ 14.763256] which belongs to the cache kmalloc-16 of size 16 [ 14.763607] The buggy address is located 8 bytes inside of [ 14.763607] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.763997] [ 14.764172] The buggy address belongs to the physical page: [ 14.764631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.765455] flags: 0x200000000000000(node=0|zone=2) [ 14.765880] page_type: f5(slab) [ 14.766192] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.766824] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.767577] page dumped because: kasan: bad access detected [ 14.768083] [ 14.768257] Memory state around the buggy address: [ 14.768508] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.768722] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.768942] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.769543] ^ [ 14.769936] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.770764] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.771584] ================================================================== [ 14.884018] ================================================================== [ 14.884341] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.884705] Read of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.885356] [ 14.885580] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.885629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.885737] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.885762] Call Trace: [ 14.885779] <TASK> [ 14.885795] dump_stack_lvl+0x73/0xb0 [ 14.885824] print_report+0xd1/0x650 [ 14.885847] ? __virt_addr_valid+0x1db/0x2d0 [ 14.885870] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.885932] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.885956] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.885986] kasan_report+0x141/0x180 [ 14.886008] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.886051] __asan_report_load8_noabort+0x18/0x20 [ 14.886078] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.886109] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.886141] ? ret_from_fork_asm+0x1a/0x30 [ 14.886163] ? kthread+0x337/0x6f0 [ 14.886187] kasan_bitops_generic+0x121/0x1c0 [ 14.886211] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.886237] ? __pfx_read_tsc+0x10/0x10 [ 14.886259] ? ktime_get_ts64+0x86/0x230 [ 14.886282] kunit_try_run_case+0x1a5/0x480 [ 14.886308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.886331] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.886355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.886380] ? __kthread_parkme+0x82/0x180 [ 14.886400] ? preempt_count_sub+0x50/0x80 [ 14.886423] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.886447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.886472] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.886497] kthread+0x337/0x6f0 [ 14.886516] ? trace_preempt_on+0x20/0xc0 [ 14.886538] ? __pfx_kthread+0x10/0x10 [ 14.886559] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.886580] ? calculate_sigpending+0x7b/0xa0 [ 14.886604] ? __pfx_kthread+0x10/0x10 [ 14.886625] ret_from_fork+0x116/0x1d0 [ 14.886643] ? __pfx_kthread+0x10/0x10 [ 14.886664] ret_from_fork_asm+0x1a/0x30 [ 14.886694] </TASK> [ 14.886705] [ 14.894247] Allocated by task 278: [ 14.894413] kasan_save_stack+0x45/0x70 [ 14.894605] kasan_save_track+0x18/0x40 [ 14.894743] kasan_save_alloc_info+0x3b/0x50 [ 14.894958] __kasan_kmalloc+0xb7/0xc0 [ 14.895158] __kmalloc_cache_noprof+0x189/0x420 [ 14.895341] kasan_bitops_generic+0x92/0x1c0 [ 14.895493] kunit_try_run_case+0x1a5/0x480 [ 14.895692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.895949] kthread+0x337/0x6f0 [ 14.896100] ret_from_fork+0x116/0x1d0 [ 14.896234] ret_from_fork_asm+0x1a/0x30 [ 14.896374] [ 14.896444] The buggy address belongs to the object at ffff888101debea0 [ 14.896444] which belongs to the cache kmalloc-16 of size 16 [ 14.896886] The buggy address is located 8 bytes inside of [ 14.896886] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.897409] [ 14.897503] The buggy address belongs to the physical page: [ 14.897761] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.898054] flags: 0x200000000000000(node=0|zone=2) [ 14.898217] page_type: f5(slab) [ 14.898336] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.898565] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.899305] page dumped because: kasan: bad access detected [ 14.899547] [ 14.899634] Memory state around the buggy address: [ 14.899838] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.900104] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.900319] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.900709] ^ [ 14.901160] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901472] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901781] ================================================================== [ 14.715081] ================================================================== [ 14.715766] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.716699] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.717311] [ 14.717398] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.717458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.717469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.717489] Call Trace: [ 14.717501] <TASK> [ 14.717527] dump_stack_lvl+0x73/0xb0 [ 14.717555] print_report+0xd1/0x650 [ 14.717577] ? __virt_addr_valid+0x1db/0x2d0 [ 14.717600] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.717629] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.717652] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.717681] kasan_report+0x141/0x180 [ 14.717703] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.717745] kasan_check_range+0x10c/0x1c0 [ 14.717768] __kasan_check_write+0x18/0x20 [ 14.717788] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.717827] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.717858] ? ret_from_fork_asm+0x1a/0x30 [ 14.717880] ? kthread+0x337/0x6f0 [ 14.717912] kasan_bitops_generic+0x121/0x1c0 [ 14.717936] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.717961] ? __pfx_read_tsc+0x10/0x10 [ 14.718005] ? ktime_get_ts64+0x86/0x230 [ 14.718037] kunit_try_run_case+0x1a5/0x480 [ 14.718061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.718084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.718109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.718133] ? __kthread_parkme+0x82/0x180 [ 14.718153] ? preempt_count_sub+0x50/0x80 [ 14.718177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.718202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.718227] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.718252] kthread+0x337/0x6f0 [ 14.718271] ? trace_preempt_on+0x20/0xc0 [ 14.718294] ? __pfx_kthread+0x10/0x10 [ 14.718314] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.718337] ? calculate_sigpending+0x7b/0xa0 [ 14.718362] ? __pfx_kthread+0x10/0x10 [ 14.718383] ret_from_fork+0x116/0x1d0 [ 14.718402] ? __pfx_kthread+0x10/0x10 [ 14.718422] ret_from_fork_asm+0x1a/0x30 [ 14.718452] </TASK> [ 14.718463] [ 14.729986] Allocated by task 278: [ 14.730344] kasan_save_stack+0x45/0x70 [ 14.730718] kasan_save_track+0x18/0x40 [ 14.731139] kasan_save_alloc_info+0x3b/0x50 [ 14.731542] __kasan_kmalloc+0xb7/0xc0 [ 14.731903] __kmalloc_cache_noprof+0x189/0x420 [ 14.732266] kasan_bitops_generic+0x92/0x1c0 [ 14.732417] kunit_try_run_case+0x1a5/0x480 [ 14.732562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.732736] kthread+0x337/0x6f0 [ 14.732856] ret_from_fork+0x116/0x1d0 [ 14.733141] ret_from_fork_asm+0x1a/0x30 [ 14.733503] [ 14.733671] The buggy address belongs to the object at ffff888101debea0 [ 14.733671] which belongs to the cache kmalloc-16 of size 16 [ 14.734760] The buggy address is located 8 bytes inside of [ 14.734760] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.735814] [ 14.736022] The buggy address belongs to the physical page: [ 14.736543] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.737285] flags: 0x200000000000000(node=0|zone=2) [ 14.737627] page_type: f5(slab) [ 14.737747] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.738007] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.738418] page dumped because: kasan: bad access detected [ 14.738589] [ 14.738657] Memory state around the buggy address: [ 14.738812] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.739227] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.739841] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.740462] ^ [ 14.740862] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.741570] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.742254] ================================================================== [ 14.856292] ================================================================== [ 14.856611] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.857672] Read of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.858155] [ 14.858366] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.858412] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.858425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.858539] Call Trace: [ 14.858558] <TASK> [ 14.858573] dump_stack_lvl+0x73/0xb0 [ 14.858604] print_report+0xd1/0x650 [ 14.858627] ? __virt_addr_valid+0x1db/0x2d0 [ 14.858651] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.858715] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.858739] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.858768] kasan_report+0x141/0x180 [ 14.858790] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.858824] kasan_check_range+0x10c/0x1c0 [ 14.858848] __kasan_check_read+0x15/0x20 [ 14.858866] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.858896] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.858927] ? ret_from_fork_asm+0x1a/0x30 [ 14.858949] ? kthread+0x337/0x6f0 [ 14.858972] kasan_bitops_generic+0x121/0x1c0 [ 14.858997] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.859022] ? __pfx_read_tsc+0x10/0x10 [ 14.859054] ? ktime_get_ts64+0x86/0x230 [ 14.859077] kunit_try_run_case+0x1a5/0x480 [ 14.859101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.859124] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.859147] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.859171] ? __kthread_parkme+0x82/0x180 [ 14.859192] ? preempt_count_sub+0x50/0x80 [ 14.859215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.859240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.859264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.859290] kthread+0x337/0x6f0 [ 14.859308] ? trace_preempt_on+0x20/0xc0 [ 14.859332] ? __pfx_kthread+0x10/0x10 [ 14.859352] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.859373] ? calculate_sigpending+0x7b/0xa0 [ 14.859397] ? __pfx_kthread+0x10/0x10 [ 14.859418] ret_from_fork+0x116/0x1d0 [ 14.859438] ? __pfx_kthread+0x10/0x10 [ 14.859458] ret_from_fork_asm+0x1a/0x30 [ 14.859490] </TASK> [ 14.859502] [ 14.871163] Allocated by task 278: [ 14.871341] kasan_save_stack+0x45/0x70 [ 14.871536] kasan_save_track+0x18/0x40 [ 14.871718] kasan_save_alloc_info+0x3b/0x50 [ 14.871911] __kasan_kmalloc+0xb7/0xc0 [ 14.872357] __kmalloc_cache_noprof+0x189/0x420 [ 14.872721] kasan_bitops_generic+0x92/0x1c0 [ 14.873137] kunit_try_run_case+0x1a5/0x480 [ 14.873468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.873713] kthread+0x337/0x6f0 [ 14.873865] ret_from_fork+0x116/0x1d0 [ 14.874290] ret_from_fork_asm+0x1a/0x30 [ 14.874602] [ 14.874816] The buggy address belongs to the object at ffff888101debea0 [ 14.874816] which belongs to the cache kmalloc-16 of size 16 [ 14.875571] The buggy address is located 8 bytes inside of [ 14.875571] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.876387] [ 14.876483] The buggy address belongs to the physical page: [ 14.876894] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.877436] flags: 0x200000000000000(node=0|zone=2) [ 14.877784] page_type: f5(slab) [ 14.878125] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.878526] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.878833] page dumped because: kasan: bad access detected [ 14.879298] [ 14.879520] Memory state around the buggy address: [ 14.879854] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.880493] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.880786] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.881391] ^ [ 14.881666] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.882344] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.882778] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 14.605427] ================================================================== [ 14.605751] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.606448] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.607007] [ 14.607144] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.607189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.607201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.607220] Call Trace: [ 14.607233] <TASK> [ 14.607246] dump_stack_lvl+0x73/0xb0 [ 14.607276] print_report+0xd1/0x650 [ 14.607299] ? __virt_addr_valid+0x1db/0x2d0 [ 14.607322] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.607348] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.607372] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.607398] kasan_report+0x141/0x180 [ 14.607420] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.607451] kasan_check_range+0x10c/0x1c0 [ 14.607475] __kasan_check_write+0x18/0x20 [ 14.607495] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.607522] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.607552] ? ret_from_fork_asm+0x1a/0x30 [ 14.607574] ? kthread+0x337/0x6f0 [ 14.607596] kasan_bitops_generic+0x116/0x1c0 [ 14.607621] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.607647] ? __pfx_read_tsc+0x10/0x10 [ 14.607668] ? ktime_get_ts64+0x86/0x230 [ 14.607691] kunit_try_run_case+0x1a5/0x480 [ 14.607716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.607739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.607764] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.607788] ? __kthread_parkme+0x82/0x180 [ 14.607808] ? preempt_count_sub+0x50/0x80 [ 14.607832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.607857] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.607882] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.607908] kthread+0x337/0x6f0 [ 14.607927] ? trace_preempt_on+0x20/0xc0 [ 14.608160] ? __pfx_kthread+0x10/0x10 [ 14.608183] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.608205] ? calculate_sigpending+0x7b/0xa0 [ 14.608230] ? __pfx_kthread+0x10/0x10 [ 14.608251] ret_from_fork+0x116/0x1d0 [ 14.608271] ? __pfx_kthread+0x10/0x10 [ 14.608292] ret_from_fork_asm+0x1a/0x30 [ 14.608322] </TASK> [ 14.608333] [ 14.615805] Allocated by task 278: [ 14.615983] kasan_save_stack+0x45/0x70 [ 14.616193] kasan_save_track+0x18/0x40 [ 14.616565] kasan_save_alloc_info+0x3b/0x50 [ 14.616716] __kasan_kmalloc+0xb7/0xc0 [ 14.616846] __kmalloc_cache_noprof+0x189/0x420 [ 14.617199] kasan_bitops_generic+0x92/0x1c0 [ 14.617412] kunit_try_run_case+0x1a5/0x480 [ 14.617622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.617842] kthread+0x337/0x6f0 [ 14.618025] ret_from_fork+0x116/0x1d0 [ 14.618203] ret_from_fork_asm+0x1a/0x30 [ 14.618342] [ 14.618413] The buggy address belongs to the object at ffff888101debea0 [ 14.618413] which belongs to the cache kmalloc-16 of size 16 [ 14.618814] The buggy address is located 8 bytes inside of [ 14.618814] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.619340] [ 14.619524] The buggy address belongs to the physical page: [ 14.619775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.620095] flags: 0x200000000000000(node=0|zone=2) [ 14.620259] page_type: f5(slab) [ 14.620377] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.620790] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.621380] page dumped because: kasan: bad access detected [ 14.621639] [ 14.621731] Memory state around the buggy address: [ 14.621903] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.622128] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.622379] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.622687] ^ [ 14.622896] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.623360] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.623569] ================================================================== [ 14.643397] ================================================================== [ 14.643703] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.644068] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.644399] [ 14.644509] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.644551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.644562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.644582] Call Trace: [ 14.644596] <TASK> [ 14.644611] dump_stack_lvl+0x73/0xb0 [ 14.644638] print_report+0xd1/0x650 [ 14.644660] ? __virt_addr_valid+0x1db/0x2d0 [ 14.644682] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.644709] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.644732] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.644759] kasan_report+0x141/0x180 [ 14.644781] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.644811] kasan_check_range+0x10c/0x1c0 [ 14.644836] __kasan_check_write+0x18/0x20 [ 14.644855] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.644882] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.644911] ? ret_from_fork_asm+0x1a/0x30 [ 14.644956] ? kthread+0x337/0x6f0 [ 14.644979] kasan_bitops_generic+0x116/0x1c0 [ 14.645003] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.645037] ? __pfx_read_tsc+0x10/0x10 [ 14.645059] ? ktime_get_ts64+0x86/0x230 [ 14.645083] kunit_try_run_case+0x1a5/0x480 [ 14.645106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.645129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.645154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.645177] ? __kthread_parkme+0x82/0x180 [ 14.645198] ? preempt_count_sub+0x50/0x80 [ 14.645220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.645245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.645269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.645294] kthread+0x337/0x6f0 [ 14.645313] ? trace_preempt_on+0x20/0xc0 [ 14.645335] ? __pfx_kthread+0x10/0x10 [ 14.645356] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.645378] ? calculate_sigpending+0x7b/0xa0 [ 14.645402] ? __pfx_kthread+0x10/0x10 [ 14.645423] ret_from_fork+0x116/0x1d0 [ 14.645441] ? __pfx_kthread+0x10/0x10 [ 14.645462] ret_from_fork_asm+0x1a/0x30 [ 14.645492] </TASK> [ 14.645502] [ 14.652832] Allocated by task 278: [ 14.652979] kasan_save_stack+0x45/0x70 [ 14.653139] kasan_save_track+0x18/0x40 [ 14.653307] kasan_save_alloc_info+0x3b/0x50 [ 14.653490] __kasan_kmalloc+0xb7/0xc0 [ 14.653655] __kmalloc_cache_noprof+0x189/0x420 [ 14.653849] kasan_bitops_generic+0x92/0x1c0 [ 14.654025] kunit_try_run_case+0x1a5/0x480 [ 14.654182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.654357] kthread+0x337/0x6f0 [ 14.654492] ret_from_fork+0x116/0x1d0 [ 14.654674] ret_from_fork_asm+0x1a/0x30 [ 14.654867] [ 14.654983] The buggy address belongs to the object at ffff888101debea0 [ 14.654983] which belongs to the cache kmalloc-16 of size 16 [ 14.655506] The buggy address is located 8 bytes inside of [ 14.655506] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.655999] [ 14.656092] The buggy address belongs to the physical page: [ 14.656345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.656588] flags: 0x200000000000000(node=0|zone=2) [ 14.656749] page_type: f5(slab) [ 14.656912] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.657277] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.657628] page dumped because: kasan: bad access detected [ 14.657852] [ 14.657969] Memory state around the buggy address: [ 14.658172] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.658454] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.658758] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.659062] ^ [ 14.659249] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.659535] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.659817] ================================================================== [ 14.660690] ================================================================== [ 14.661106] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.661562] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.661899] [ 14.662023] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.662074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.662087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.662106] Call Trace: [ 14.662120] <TASK> [ 14.662134] dump_stack_lvl+0x73/0xb0 [ 14.662163] print_report+0xd1/0x650 [ 14.662186] ? __virt_addr_valid+0x1db/0x2d0 [ 14.662208] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.662235] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.662258] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.662285] kasan_report+0x141/0x180 [ 14.662306] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.662338] kasan_check_range+0x10c/0x1c0 [ 14.662361] __kasan_check_write+0x18/0x20 [ 14.662381] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.662407] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.662437] ? ret_from_fork_asm+0x1a/0x30 [ 14.662460] ? kthread+0x337/0x6f0 [ 14.662482] kasan_bitops_generic+0x116/0x1c0 [ 14.662507] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.662532] ? __pfx_read_tsc+0x10/0x10 [ 14.662555] ? ktime_get_ts64+0x86/0x230 [ 14.662578] kunit_try_run_case+0x1a5/0x480 [ 14.662602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.662626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.662649] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.662673] ? __kthread_parkme+0x82/0x180 [ 14.662693] ? preempt_count_sub+0x50/0x80 [ 14.662716] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.662740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.662765] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.662790] kthread+0x337/0x6f0 [ 14.662808] ? trace_preempt_on+0x20/0xc0 [ 14.662831] ? __pfx_kthread+0x10/0x10 [ 14.662851] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.662873] ? calculate_sigpending+0x7b/0xa0 [ 14.662896] ? __pfx_kthread+0x10/0x10 [ 14.662938] ret_from_fork+0x116/0x1d0 [ 14.662958] ? __pfx_kthread+0x10/0x10 [ 14.662978] ret_from_fork_asm+0x1a/0x30 [ 14.663007] </TASK> [ 14.663017] [ 14.672651] Allocated by task 278: [ 14.672828] kasan_save_stack+0x45/0x70 [ 14.673260] kasan_save_track+0x18/0x40 [ 14.673524] kasan_save_alloc_info+0x3b/0x50 [ 14.673734] __kasan_kmalloc+0xb7/0xc0 [ 14.673913] __kmalloc_cache_noprof+0x189/0x420 [ 14.674304] kasan_bitops_generic+0x92/0x1c0 [ 14.674526] kunit_try_run_case+0x1a5/0x480 [ 14.674711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.675137] kthread+0x337/0x6f0 [ 14.675291] ret_from_fork+0x116/0x1d0 [ 14.675465] ret_from_fork_asm+0x1a/0x30 [ 14.675828] [ 14.675941] The buggy address belongs to the object at ffff888101debea0 [ 14.675941] which belongs to the cache kmalloc-16 of size 16 [ 14.676561] The buggy address is located 8 bytes inside of [ 14.676561] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.677269] [ 14.677363] The buggy address belongs to the physical page: [ 14.677714] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.678148] flags: 0x200000000000000(node=0|zone=2) [ 14.678460] page_type: f5(slab) [ 14.678593] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.679048] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.679369] page dumped because: kasan: bad access detected [ 14.679610] [ 14.679689] Memory state around the buggy address: [ 14.679896] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.680488] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.680870] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.681282] ^ [ 14.681531] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.681935] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.682287] ================================================================== [ 14.580097] ================================================================== [ 14.580349] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.580699] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.581320] [ 14.581447] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.581489] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.581502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.581521] Call Trace: [ 14.581537] <TASK> [ 14.581552] dump_stack_lvl+0x73/0xb0 [ 14.581582] print_report+0xd1/0x650 [ 14.581603] ? __virt_addr_valid+0x1db/0x2d0 [ 14.581627] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.581654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.581678] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.581704] kasan_report+0x141/0x180 [ 14.581726] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.581757] kasan_check_range+0x10c/0x1c0 [ 14.581781] __kasan_check_write+0x18/0x20 [ 14.581801] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.581827] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.581856] ? ret_from_fork_asm+0x1a/0x30 [ 14.581879] ? kthread+0x337/0x6f0 [ 14.581902] kasan_bitops_generic+0x116/0x1c0 [ 14.581926] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.581952] ? __pfx_read_tsc+0x10/0x10 [ 14.581974] ? ktime_get_ts64+0x86/0x230 [ 14.582115] kunit_try_run_case+0x1a5/0x480 [ 14.582142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.582166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.582190] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.582215] ? __kthread_parkme+0x82/0x180 [ 14.582235] ? preempt_count_sub+0x50/0x80 [ 14.582259] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.582284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.582309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.582334] kthread+0x337/0x6f0 [ 14.582353] ? trace_preempt_on+0x20/0xc0 [ 14.582376] ? __pfx_kthread+0x10/0x10 [ 14.582396] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.582418] ? calculate_sigpending+0x7b/0xa0 [ 14.582442] ? __pfx_kthread+0x10/0x10 [ 14.582463] ret_from_fork+0x116/0x1d0 [ 14.582483] ? __pfx_kthread+0x10/0x10 [ 14.582504] ret_from_fork_asm+0x1a/0x30 [ 14.582534] </TASK> [ 14.582545] [ 14.592746] Allocated by task 278: [ 14.593212] kasan_save_stack+0x45/0x70 [ 14.593382] kasan_save_track+0x18/0x40 [ 14.593730] kasan_save_alloc_info+0x3b/0x50 [ 14.594166] __kasan_kmalloc+0xb7/0xc0 [ 14.594323] __kmalloc_cache_noprof+0x189/0x420 [ 14.594731] kasan_bitops_generic+0x92/0x1c0 [ 14.595187] kunit_try_run_case+0x1a5/0x480 [ 14.595366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.595790] kthread+0x337/0x6f0 [ 14.596144] ret_from_fork+0x116/0x1d0 [ 14.596342] ret_from_fork_asm+0x1a/0x30 [ 14.596527] [ 14.596614] The buggy address belongs to the object at ffff888101debea0 [ 14.596614] which belongs to the cache kmalloc-16 of size 16 [ 14.597417] The buggy address is located 8 bytes inside of [ 14.597417] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.598151] [ 14.598389] The buggy address belongs to the physical page: [ 14.598698] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.599293] flags: 0x200000000000000(node=0|zone=2) [ 14.599613] page_type: f5(slab) [ 14.599768] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.600329] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.600724] page dumped because: kasan: bad access detected [ 14.601234] [ 14.601315] Memory state around the buggy address: [ 14.601697] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.602116] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.602389] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.602705] ^ [ 14.602909] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.603569] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.604166] ================================================================== [ 14.531553] ================================================================== [ 14.532536] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.533083] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.533388] [ 14.533492] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.533534] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.533545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.533567] Call Trace: [ 14.533582] <TASK> [ 14.533598] dump_stack_lvl+0x73/0xb0 [ 14.533626] print_report+0xd1/0x650 [ 14.533649] ? __virt_addr_valid+0x1db/0x2d0 [ 14.533672] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.533699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.533723] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.533750] kasan_report+0x141/0x180 [ 14.533772] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.533803] kasan_check_range+0x10c/0x1c0 [ 14.533956] __kasan_check_write+0x18/0x20 [ 14.533977] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.534004] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.534047] ? ret_from_fork_asm+0x1a/0x30 [ 14.534070] ? kthread+0x337/0x6f0 [ 14.534093] kasan_bitops_generic+0x116/0x1c0 [ 14.534118] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.534144] ? __pfx_read_tsc+0x10/0x10 [ 14.534165] ? ktime_get_ts64+0x86/0x230 [ 14.534189] kunit_try_run_case+0x1a5/0x480 [ 14.534214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.534238] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.534262] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.534286] ? __kthread_parkme+0x82/0x180 [ 14.534307] ? preempt_count_sub+0x50/0x80 [ 14.534330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.534355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.534379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.534405] kthread+0x337/0x6f0 [ 14.534424] ? trace_preempt_on+0x20/0xc0 [ 14.534448] ? __pfx_kthread+0x10/0x10 [ 14.534469] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.534491] ? calculate_sigpending+0x7b/0xa0 [ 14.534515] ? __pfx_kthread+0x10/0x10 [ 14.534536] ret_from_fork+0x116/0x1d0 [ 14.534554] ? __pfx_kthread+0x10/0x10 [ 14.534574] ret_from_fork_asm+0x1a/0x30 [ 14.534604] </TASK> [ 14.534614] [ 14.542726] Allocated by task 278: [ 14.542861] kasan_save_stack+0x45/0x70 [ 14.543314] kasan_save_track+0x18/0x40 [ 14.543638] kasan_save_alloc_info+0x3b/0x50 [ 14.543836] __kasan_kmalloc+0xb7/0xc0 [ 14.544092] __kmalloc_cache_noprof+0x189/0x420 [ 14.544289] kasan_bitops_generic+0x92/0x1c0 [ 14.544500] kunit_try_run_case+0x1a5/0x480 [ 14.544712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.545050] kthread+0x337/0x6f0 [ 14.545194] ret_from_fork+0x116/0x1d0 [ 14.545360] ret_from_fork_asm+0x1a/0x30 [ 14.545518] [ 14.545611] The buggy address belongs to the object at ffff888101debea0 [ 14.545611] which belongs to the cache kmalloc-16 of size 16 [ 14.546208] The buggy address is located 8 bytes inside of [ 14.546208] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.546567] [ 14.546639] The buggy address belongs to the physical page: [ 14.546810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.547168] flags: 0x200000000000000(node=0|zone=2) [ 14.547727] page_type: f5(slab) [ 14.547902] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.548259] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.548491] page dumped because: kasan: bad access detected [ 14.548697] [ 14.548789] Memory state around the buggy address: [ 14.549140] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.549470] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.549796] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.550245] ^ [ 14.550455] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.550734] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.551785] ================================================================== [ 14.508043] ================================================================== [ 14.508505] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.508825] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.509146] [ 14.509291] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.509336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.509348] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.509368] Call Trace: [ 14.509382] <TASK> [ 14.509397] dump_stack_lvl+0x73/0xb0 [ 14.509427] print_report+0xd1/0x650 [ 14.509450] ? __virt_addr_valid+0x1db/0x2d0 [ 14.509476] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.509502] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.509525] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.509553] kasan_report+0x141/0x180 [ 14.509574] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.509606] kasan_check_range+0x10c/0x1c0 [ 14.509630] __kasan_check_write+0x18/0x20 [ 14.509650] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.509676] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.509706] ? ret_from_fork_asm+0x1a/0x30 [ 14.509729] ? kthread+0x337/0x6f0 [ 14.509752] kasan_bitops_generic+0x116/0x1c0 [ 14.509777] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.509803] ? __pfx_read_tsc+0x10/0x10 [ 14.509824] ? ktime_get_ts64+0x86/0x230 [ 14.509850] kunit_try_run_case+0x1a5/0x480 [ 14.509875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.509898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.509922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.510117] ? __kthread_parkme+0x82/0x180 [ 14.510151] ? preempt_count_sub+0x50/0x80 [ 14.510177] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.510202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.510228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.510253] kthread+0x337/0x6f0 [ 14.510272] ? trace_preempt_on+0x20/0xc0 [ 14.510294] ? __pfx_kthread+0x10/0x10 [ 14.510316] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.510337] ? calculate_sigpending+0x7b/0xa0 [ 14.510361] ? __pfx_kthread+0x10/0x10 [ 14.510382] ret_from_fork+0x116/0x1d0 [ 14.510401] ? __pfx_kthread+0x10/0x10 [ 14.510421] ret_from_fork_asm+0x1a/0x30 [ 14.510452] </TASK> [ 14.510462] [ 14.518941] Allocated by task 278: [ 14.519153] kasan_save_stack+0x45/0x70 [ 14.519309] kasan_save_track+0x18/0x40 [ 14.519446] kasan_save_alloc_info+0x3b/0x50 [ 14.519597] __kasan_kmalloc+0xb7/0xc0 [ 14.519776] __kmalloc_cache_noprof+0x189/0x420 [ 14.520685] kasan_bitops_generic+0x92/0x1c0 [ 14.520851] kunit_try_run_case+0x1a5/0x480 [ 14.521331] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.521620] kthread+0x337/0x6f0 [ 14.521781] ret_from_fork+0x116/0x1d0 [ 14.522295] ret_from_fork_asm+0x1a/0x30 [ 14.522491] [ 14.522586] The buggy address belongs to the object at ffff888101debea0 [ 14.522586] which belongs to the cache kmalloc-16 of size 16 [ 14.523584] The buggy address is located 8 bytes inside of [ 14.523584] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.524448] [ 14.524553] The buggy address belongs to the physical page: [ 14.524787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.525461] flags: 0x200000000000000(node=0|zone=2) [ 14.525759] page_type: f5(slab) [ 14.526198] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.526670] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.527188] page dumped because: kasan: bad access detected [ 14.527635] [ 14.527734] Memory state around the buggy address: [ 14.528127] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.528441] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.528726] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.529309] ^ [ 14.529640] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.530511] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.531102] ================================================================== [ 14.624939] ================================================================== [ 14.625304] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.625674] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.626318] [ 14.626447] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.626490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.626502] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.626522] Call Trace: [ 14.626537] <TASK> [ 14.626550] dump_stack_lvl+0x73/0xb0 [ 14.626579] print_report+0xd1/0x650 [ 14.626601] ? __virt_addr_valid+0x1db/0x2d0 [ 14.626624] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.626650] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.626673] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.626699] kasan_report+0x141/0x180 [ 14.626721] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.626753] kasan_check_range+0x10c/0x1c0 [ 14.626776] __kasan_check_write+0x18/0x20 [ 14.626795] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.626832] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.626861] ? ret_from_fork_asm+0x1a/0x30 [ 14.626883] ? kthread+0x337/0x6f0 [ 14.626906] kasan_bitops_generic+0x116/0x1c0 [ 14.626938] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.626965] ? __pfx_read_tsc+0x10/0x10 [ 14.626986] ? ktime_get_ts64+0x86/0x230 [ 14.627010] kunit_try_run_case+0x1a5/0x480 [ 14.627046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.627070] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.627094] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.627119] ? __kthread_parkme+0x82/0x180 [ 14.627138] ? preempt_count_sub+0x50/0x80 [ 14.627161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.627186] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.627210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.627235] kthread+0x337/0x6f0 [ 14.627254] ? trace_preempt_on+0x20/0xc0 [ 14.627276] ? __pfx_kthread+0x10/0x10 [ 14.627297] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.627319] ? calculate_sigpending+0x7b/0xa0 [ 14.627342] ? __pfx_kthread+0x10/0x10 [ 14.627364] ret_from_fork+0x116/0x1d0 [ 14.627382] ? __pfx_kthread+0x10/0x10 [ 14.627403] ret_from_fork_asm+0x1a/0x30 [ 14.627432] </TASK> [ 14.627442] [ 14.634699] Allocated by task 278: [ 14.634827] kasan_save_stack+0x45/0x70 [ 14.634970] kasan_save_track+0x18/0x40 [ 14.635401] kasan_save_alloc_info+0x3b/0x50 [ 14.636127] __kasan_kmalloc+0xb7/0xc0 [ 14.636298] __kmalloc_cache_noprof+0x189/0x420 [ 14.636474] kasan_bitops_generic+0x92/0x1c0 [ 14.636625] kunit_try_run_case+0x1a5/0x480 [ 14.636832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.637124] kthread+0x337/0x6f0 [ 14.637268] ret_from_fork+0x116/0x1d0 [ 14.637422] ret_from_fork_asm+0x1a/0x30 [ 14.637618] [ 14.637714] The buggy address belongs to the object at ffff888101debea0 [ 14.637714] which belongs to the cache kmalloc-16 of size 16 [ 14.638232] The buggy address is located 8 bytes inside of [ 14.638232] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.638612] [ 14.638707] The buggy address belongs to the physical page: [ 14.638989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.639349] flags: 0x200000000000000(node=0|zone=2) [ 14.639547] page_type: f5(slab) [ 14.639713] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.640054] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.640363] page dumped because: kasan: bad access detected [ 14.640534] [ 14.640603] Memory state around the buggy address: [ 14.640827] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.641167] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.641453] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.641702] ^ [ 14.641934] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.642242] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.642495] ================================================================== [ 14.552647] ================================================================== [ 14.553212] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.553540] Write of size 8 at addr ffff888101debea8 by task kunit_try_catch/278 [ 14.554362] [ 14.554478] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.554525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.554538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.554558] Call Trace: [ 14.554571] <TASK> [ 14.554585] dump_stack_lvl+0x73/0xb0 [ 14.554615] print_report+0xd1/0x650 [ 14.554637] ? __virt_addr_valid+0x1db/0x2d0 [ 14.554659] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.554762] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.554787] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.555003] kasan_report+0x141/0x180 [ 14.555049] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.555082] kasan_check_range+0x10c/0x1c0 [ 14.555106] __kasan_check_write+0x18/0x20 [ 14.555127] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.555154] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.555183] ? ret_from_fork_asm+0x1a/0x30 [ 14.555206] ? kthread+0x337/0x6f0 [ 14.555230] kasan_bitops_generic+0x116/0x1c0 [ 14.555255] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.555281] ? __pfx_read_tsc+0x10/0x10 [ 14.555303] ? ktime_get_ts64+0x86/0x230 [ 14.555329] kunit_try_run_case+0x1a5/0x480 [ 14.555355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.555379] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.555403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.555428] ? __kthread_parkme+0x82/0x180 [ 14.555448] ? preempt_count_sub+0x50/0x80 [ 14.555472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.555497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.555523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.555549] kthread+0x337/0x6f0 [ 14.555569] ? trace_preempt_on+0x20/0xc0 [ 14.555592] ? __pfx_kthread+0x10/0x10 [ 14.555613] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.555635] ? calculate_sigpending+0x7b/0xa0 [ 14.555659] ? __pfx_kthread+0x10/0x10 [ 14.555681] ret_from_fork+0x116/0x1d0 [ 14.555700] ? __pfx_kthread+0x10/0x10 [ 14.555721] ret_from_fork_asm+0x1a/0x30 [ 14.555752] </TASK> [ 14.555761] [ 14.568284] Allocated by task 278: [ 14.568481] kasan_save_stack+0x45/0x70 [ 14.568633] kasan_save_track+0x18/0x40 [ 14.568770] kasan_save_alloc_info+0x3b/0x50 [ 14.568919] __kasan_kmalloc+0xb7/0xc0 [ 14.569161] __kmalloc_cache_noprof+0x189/0x420 [ 14.569393] kasan_bitops_generic+0x92/0x1c0 [ 14.569609] kunit_try_run_case+0x1a5/0x480 [ 14.569885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.570159] kthread+0x337/0x6f0 [ 14.570337] ret_from_fork+0x116/0x1d0 [ 14.570541] ret_from_fork_asm+0x1a/0x30 [ 14.570677] [ 14.570769] The buggy address belongs to the object at ffff888101debea0 [ 14.570769] which belongs to the cache kmalloc-16 of size 16 [ 14.573235] The buggy address is located 8 bytes inside of [ 14.573235] allocated 9-byte region [ffff888101debea0, ffff888101debea9) [ 14.573621] [ 14.573710] The buggy address belongs to the physical page: [ 14.574179] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 14.574542] flags: 0x200000000000000(node=0|zone=2) [ 14.574777] page_type: f5(slab) [ 14.574930] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.575928] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.576354] page dumped because: kasan: bad access detected [ 14.576554] [ 14.576625] Memory state around the buggy address: [ 14.576813] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.577225] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.577587] >ffff888101debe80: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 14.578166] ^ [ 14.578394] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.578794] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.579306] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 14.480739] ================================================================== [ 14.480975] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 14.481836] Read of size 1 at addr ffff8881027b2750 by task kunit_try_catch/276 [ 14.482202] [ 14.482296] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.482339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.482350] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.482370] Call Trace: [ 14.482384] <TASK> [ 14.482399] dump_stack_lvl+0x73/0xb0 [ 14.482428] print_report+0xd1/0x650 [ 14.482449] ? __virt_addr_valid+0x1db/0x2d0 [ 14.482472] ? strnlen+0x73/0x80 [ 14.482489] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.482515] ? strnlen+0x73/0x80 [ 14.482534] kasan_report+0x141/0x180 [ 14.482556] ? strnlen+0x73/0x80 [ 14.482579] __asan_report_load1_noabort+0x18/0x20 [ 14.482604] strnlen+0x73/0x80 [ 14.482622] kasan_strings+0x615/0xe80 [ 14.482642] ? trace_hardirqs_on+0x37/0xe0 [ 14.482664] ? __pfx_kasan_strings+0x10/0x10 [ 14.482687] ? __kasan_check_write+0x18/0x20 [ 14.482706] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.482730] ? irqentry_exit+0x2a/0x60 [ 14.482752] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.482778] ? trace_hardirqs_on+0x37/0xe0 [ 14.482801] ? __pfx_read_tsc+0x10/0x10 [ 14.482821] ? ktime_get_ts64+0x86/0x230 [ 14.482846] kunit_try_run_case+0x1a5/0x480 [ 14.482869] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.482894] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.482918] ? __kthread_parkme+0x82/0x180 [ 14.482940] ? preempt_count_sub+0x50/0x80 [ 14.482963] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.482987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.483012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.483048] kthread+0x337/0x6f0 [ 14.483068] ? trace_preempt_on+0x20/0xc0 [ 14.483089] ? __pfx_kthread+0x10/0x10 [ 14.483109] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.483130] ? calculate_sigpending+0x7b/0xa0 [ 14.483153] ? __pfx_kthread+0x10/0x10 [ 14.483174] ret_from_fork+0x116/0x1d0 [ 14.483193] ? __pfx_kthread+0x10/0x10 [ 14.483214] ret_from_fork_asm+0x1a/0x30 [ 14.483245] </TASK> [ 14.483254] [ 14.491433] Allocated by task 276: [ 14.491615] kasan_save_stack+0x45/0x70 [ 14.491809] kasan_save_track+0x18/0x40 [ 14.492204] kasan_save_alloc_info+0x3b/0x50 [ 14.492392] __kasan_kmalloc+0xb7/0xc0 [ 14.492528] __kmalloc_cache_noprof+0x189/0x420 [ 14.492686] kasan_strings+0xc0/0xe80 [ 14.492938] kunit_try_run_case+0x1a5/0x480 [ 14.493168] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.493422] kthread+0x337/0x6f0 [ 14.493588] ret_from_fork+0x116/0x1d0 [ 14.493781] ret_from_fork_asm+0x1a/0x30 [ 14.494120] [ 14.494218] Freed by task 276: [ 14.494357] kasan_save_stack+0x45/0x70 [ 14.494514] kasan_save_track+0x18/0x40 [ 14.494705] kasan_save_free_info+0x3f/0x60 [ 14.494884] __kasan_slab_free+0x56/0x70 [ 14.495093] kfree+0x222/0x3f0 [ 14.495258] kasan_strings+0x2aa/0xe80 [ 14.495390] kunit_try_run_case+0x1a5/0x480 [ 14.495535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.495709] kthread+0x337/0x6f0 [ 14.495826] ret_from_fork+0x116/0x1d0 [ 14.496164] ret_from_fork_asm+0x1a/0x30 [ 14.496433] [ 14.496527] The buggy address belongs to the object at ffff8881027b2740 [ 14.496527] which belongs to the cache kmalloc-32 of size 32 [ 14.497088] The buggy address is located 16 bytes inside of [ 14.497088] freed 32-byte region [ffff8881027b2740, ffff8881027b2760) [ 14.497437] [ 14.497508] The buggy address belongs to the physical page: [ 14.497683] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b2 [ 14.498484] flags: 0x200000000000000(node=0|zone=2) [ 14.498734] page_type: f5(slab) [ 14.498924] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.499296] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.499727] page dumped because: kasan: bad access detected [ 14.500000] [ 14.500099] Memory state around the buggy address: [ 14.500387] ffff8881027b2600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.500641] ffff8881027b2680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.501157] >ffff8881027b2700: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.501385] ^ [ 14.501623] ffff8881027b2780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.502067] ffff8881027b2800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.502301] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 14.452529] ================================================================== [ 14.453389] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 14.454072] Read of size 1 at addr ffff8881027b2750 by task kunit_try_catch/276 [ 14.454622] [ 14.455163] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.455212] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.455225] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.455246] Call Trace: [ 14.455262] <TASK> [ 14.455284] dump_stack_lvl+0x73/0xb0 [ 14.455313] print_report+0xd1/0x650 [ 14.455335] ? __virt_addr_valid+0x1db/0x2d0 [ 14.455357] ? strlen+0x8f/0xb0 [ 14.455373] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.455397] ? strlen+0x8f/0xb0 [ 14.455414] kasan_report+0x141/0x180 [ 14.455438] ? strlen+0x8f/0xb0 [ 14.455461] __asan_report_load1_noabort+0x18/0x20 [ 14.455486] strlen+0x8f/0xb0 [ 14.455504] kasan_strings+0x57b/0xe80 [ 14.455524] ? trace_hardirqs_on+0x37/0xe0 [ 14.455547] ? __pfx_kasan_strings+0x10/0x10 [ 14.455570] ? __kasan_check_write+0x18/0x20 [ 14.455590] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.455613] ? irqentry_exit+0x2a/0x60 [ 14.455635] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.455661] ? trace_hardirqs_on+0x37/0xe0 [ 14.455682] ? __pfx_read_tsc+0x10/0x10 [ 14.455703] ? ktime_get_ts64+0x86/0x230 [ 14.455727] kunit_try_run_case+0x1a5/0x480 [ 14.455751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.455776] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.455800] ? __kthread_parkme+0x82/0x180 [ 14.455874] ? preempt_count_sub+0x50/0x80 [ 14.455899] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.455924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.455970] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.455996] kthread+0x337/0x6f0 [ 14.456015] ? trace_preempt_on+0x20/0xc0 [ 14.456050] ? __pfx_kthread+0x10/0x10 [ 14.456070] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.456091] ? calculate_sigpending+0x7b/0xa0 [ 14.456116] ? __pfx_kthread+0x10/0x10 [ 14.456136] ret_from_fork+0x116/0x1d0 [ 14.456154] ? __pfx_kthread+0x10/0x10 [ 14.456175] ret_from_fork_asm+0x1a/0x30 [ 14.456205] </TASK> [ 14.456215] [ 14.466977] Allocated by task 276: [ 14.467349] kasan_save_stack+0x45/0x70 [ 14.467538] kasan_save_track+0x18/0x40 [ 14.467726] kasan_save_alloc_info+0x3b/0x50 [ 14.468213] __kasan_kmalloc+0xb7/0xc0 [ 14.468400] __kmalloc_cache_noprof+0x189/0x420 [ 14.468578] kasan_strings+0xc0/0xe80 [ 14.468762] kunit_try_run_case+0x1a5/0x480 [ 14.469328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.469546] kthread+0x337/0x6f0 [ 14.469718] ret_from_fork+0x116/0x1d0 [ 14.470150] ret_from_fork_asm+0x1a/0x30 [ 14.470343] [ 14.470446] Freed by task 276: [ 14.470584] kasan_save_stack+0x45/0x70 [ 14.470766] kasan_save_track+0x18/0x40 [ 14.471308] kasan_save_free_info+0x3f/0x60 [ 14.471482] __kasan_slab_free+0x56/0x70 [ 14.471777] kfree+0x222/0x3f0 [ 14.472005] kasan_strings+0x2aa/0xe80 [ 14.472219] kunit_try_run_case+0x1a5/0x480 [ 14.472403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.472618] kthread+0x337/0x6f0 [ 14.472785] ret_from_fork+0x116/0x1d0 [ 14.473365] ret_from_fork_asm+0x1a/0x30 [ 14.473525] [ 14.473621] The buggy address belongs to the object at ffff8881027b2740 [ 14.473621] which belongs to the cache kmalloc-32 of size 32 [ 14.474319] The buggy address is located 16 bytes inside of [ 14.474319] freed 32-byte region [ffff8881027b2740, ffff8881027b2760) [ 14.474788] [ 14.475300] The buggy address belongs to the physical page: [ 14.475507] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b2 [ 14.475858] flags: 0x200000000000000(node=0|zone=2) [ 14.476345] page_type: f5(slab) [ 14.476510] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.476868] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.477253] page dumped because: kasan: bad access detected [ 14.477493] [ 14.477564] Memory state around the buggy address: [ 14.477769] ffff8881027b2600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.478498] ffff8881027b2680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.478791] >ffff8881027b2700: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.479262] ^ [ 14.479519] ffff8881027b2780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.479819] ffff8881027b2800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.480250] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 14.427851] ================================================================== [ 14.428210] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 14.428486] Read of size 1 at addr ffff8881027b2750 by task kunit_try_catch/276 [ 14.428742] [ 14.428873] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.428918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.428930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.428951] Call Trace: [ 14.428966] <TASK> [ 14.428980] dump_stack_lvl+0x73/0xb0 [ 14.429009] print_report+0xd1/0x650 [ 14.429043] ? __virt_addr_valid+0x1db/0x2d0 [ 14.429066] ? kasan_strings+0xcbc/0xe80 [ 14.429086] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.429109] ? kasan_strings+0xcbc/0xe80 [ 14.429131] kasan_report+0x141/0x180 [ 14.429152] ? kasan_strings+0xcbc/0xe80 [ 14.429177] __asan_report_load1_noabort+0x18/0x20 [ 14.429202] kasan_strings+0xcbc/0xe80 [ 14.429221] ? trace_hardirqs_on+0x37/0xe0 [ 14.429244] ? __pfx_kasan_strings+0x10/0x10 [ 14.429267] ? __kasan_check_write+0x18/0x20 [ 14.429286] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.429311] ? irqentry_exit+0x2a/0x60 [ 14.429332] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.429356] ? trace_hardirqs_on+0x37/0xe0 [ 14.429379] ? __pfx_read_tsc+0x10/0x10 [ 14.429399] ? ktime_get_ts64+0x86/0x230 [ 14.429423] kunit_try_run_case+0x1a5/0x480 [ 14.429447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.429472] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.429496] ? __kthread_parkme+0x82/0x180 [ 14.429516] ? preempt_count_sub+0x50/0x80 [ 14.429540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.429564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.429589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.429615] kthread+0x337/0x6f0 [ 14.429633] ? trace_preempt_on+0x20/0xc0 [ 14.429655] ? __pfx_kthread+0x10/0x10 [ 14.429675] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.429696] ? calculate_sigpending+0x7b/0xa0 [ 14.429720] ? __pfx_kthread+0x10/0x10 [ 14.429741] ret_from_fork+0x116/0x1d0 [ 14.429758] ? __pfx_kthread+0x10/0x10 [ 14.429779] ret_from_fork_asm+0x1a/0x30 [ 14.429841] </TASK> [ 14.429853] [ 14.438214] Allocated by task 276: [ 14.438399] kasan_save_stack+0x45/0x70 [ 14.438590] kasan_save_track+0x18/0x40 [ 14.438772] kasan_save_alloc_info+0x3b/0x50 [ 14.439354] __kasan_kmalloc+0xb7/0xc0 [ 14.439536] __kmalloc_cache_noprof+0x189/0x420 [ 14.439736] kasan_strings+0xc0/0xe80 [ 14.440533] kunit_try_run_case+0x1a5/0x480 [ 14.440728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.441383] kthread+0x337/0x6f0 [ 14.441557] ret_from_fork+0x116/0x1d0 [ 14.441733] ret_from_fork_asm+0x1a/0x30 [ 14.441994] [ 14.442101] Freed by task 276: [ 14.442241] kasan_save_stack+0x45/0x70 [ 14.442420] kasan_save_track+0x18/0x40 [ 14.442593] kasan_save_free_info+0x3f/0x60 [ 14.442780] __kasan_slab_free+0x56/0x70 [ 14.443315] kfree+0x222/0x3f0 [ 14.443476] kasan_strings+0x2aa/0xe80 [ 14.443652] kunit_try_run_case+0x1a5/0x480 [ 14.443939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.444187] kthread+0x337/0x6f0 [ 14.444347] ret_from_fork+0x116/0x1d0 [ 14.444519] ret_from_fork_asm+0x1a/0x30 [ 14.444701] [ 14.444788] The buggy address belongs to the object at ffff8881027b2740 [ 14.444788] which belongs to the cache kmalloc-32 of size 32 [ 14.446013] The buggy address is located 16 bytes inside of [ 14.446013] freed 32-byte region [ffff8881027b2740, ffff8881027b2760) [ 14.446671] [ 14.446769] The buggy address belongs to the physical page: [ 14.447544] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b2 [ 14.447892] flags: 0x200000000000000(node=0|zone=2) [ 14.448309] page_type: f5(slab) [ 14.448476] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.448777] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.449171] page dumped because: kasan: bad access detected [ 14.449408] [ 14.449497] Memory state around the buggy address: [ 14.449705] ffff8881027b2600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.450533] ffff8881027b2680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.450847] >ffff8881027b2700: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.451168] ^ [ 14.451419] ffff8881027b2780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.451714] ffff8881027b2800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.452081] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 14.398406] ================================================================== [ 14.399492] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 14.399749] Read of size 1 at addr ffff8881027b2750 by task kunit_try_catch/276 [ 14.400060] [ 14.400200] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.400245] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.400256] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.400277] Call Trace: [ 14.400290] <TASK> [ 14.400307] dump_stack_lvl+0x73/0xb0 [ 14.400335] print_report+0xd1/0x650 [ 14.400359] ? __virt_addr_valid+0x1db/0x2d0 [ 14.400383] ? strcmp+0xb0/0xc0 [ 14.400399] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.400423] ? strcmp+0xb0/0xc0 [ 14.400440] kasan_report+0x141/0x180 [ 14.400462] ? strcmp+0xb0/0xc0 [ 14.400560] __asan_report_load1_noabort+0x18/0x20 [ 14.400589] strcmp+0xb0/0xc0 [ 14.400608] kasan_strings+0x431/0xe80 [ 14.400628] ? trace_hardirqs_on+0x37/0xe0 [ 14.400652] ? __pfx_kasan_strings+0x10/0x10 [ 14.400675] ? __kasan_check_write+0x18/0x20 [ 14.400694] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.400720] ? irqentry_exit+0x2a/0x60 [ 14.400743] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.400768] ? trace_hardirqs_on+0x37/0xe0 [ 14.400790] ? __pfx_read_tsc+0x10/0x10 [ 14.400812] ? ktime_get_ts64+0x86/0x230 [ 14.400858] kunit_try_run_case+0x1a5/0x480 [ 14.400884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.400910] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.400934] ? __kthread_parkme+0x82/0x180 [ 14.401001] ? preempt_count_sub+0x50/0x80 [ 14.401026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.401061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.401086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.401112] kthread+0x337/0x6f0 [ 14.401130] ? trace_preempt_on+0x20/0xc0 [ 14.401153] ? __pfx_kthread+0x10/0x10 [ 14.401173] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.401194] ? calculate_sigpending+0x7b/0xa0 [ 14.401218] ? __pfx_kthread+0x10/0x10 [ 14.401239] ret_from_fork+0x116/0x1d0 [ 14.401257] ? __pfx_kthread+0x10/0x10 [ 14.401278] ret_from_fork_asm+0x1a/0x30 [ 14.401309] </TASK> [ 14.401319] [ 14.411679] Allocated by task 276: [ 14.412060] kasan_save_stack+0x45/0x70 [ 14.412264] kasan_save_track+0x18/0x40 [ 14.412441] kasan_save_alloc_info+0x3b/0x50 [ 14.412634] __kasan_kmalloc+0xb7/0xc0 [ 14.412853] __kmalloc_cache_noprof+0x189/0x420 [ 14.413845] kasan_strings+0xc0/0xe80 [ 14.414001] kunit_try_run_case+0x1a5/0x480 [ 14.414156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.414325] kthread+0x337/0x6f0 [ 14.414442] ret_from_fork+0x116/0x1d0 [ 14.414631] ret_from_fork_asm+0x1a/0x30 [ 14.414812] [ 14.414902] Freed by task 276: [ 14.415110] kasan_save_stack+0x45/0x70 [ 14.415288] kasan_save_track+0x18/0x40 [ 14.415460] kasan_save_free_info+0x3f/0x60 [ 14.415643] __kasan_slab_free+0x56/0x70 [ 14.416370] kfree+0x222/0x3f0 [ 14.416539] kasan_strings+0x2aa/0xe80 [ 14.416676] kunit_try_run_case+0x1a5/0x480 [ 14.416824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.417363] kthread+0x337/0x6f0 [ 14.417991] ret_from_fork+0x116/0x1d0 [ 14.418432] ret_from_fork_asm+0x1a/0x30 [ 14.418705] [ 14.418863] The buggy address belongs to the object at ffff8881027b2740 [ 14.418863] which belongs to the cache kmalloc-32 of size 32 [ 14.419859] The buggy address is located 16 bytes inside of [ 14.419859] freed 32-byte region [ffff8881027b2740, ffff8881027b2760) [ 14.420373] [ 14.420468] The buggy address belongs to the physical page: [ 14.420708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b2 [ 14.421337] flags: 0x200000000000000(node=0|zone=2) [ 14.421553] page_type: f5(slab) [ 14.421710] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.423042] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.423351] page dumped because: kasan: bad access detected [ 14.423658] [ 14.424122] Memory state around the buggy address: [ 14.424339] ffff8881027b2600: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.424633] ffff8881027b2680: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.425304] >ffff8881027b2700: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.425858] ^ [ 14.426271] ffff8881027b2780: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.426559] ffff8881027b2800: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 14.427292] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 14.364323] ================================================================== [ 14.364756] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.365246] Read of size 1 at addr ffff8881027b2658 by task kunit_try_catch/274 [ 14.365552] [ 14.365646] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.365690] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.365701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.365722] Call Trace: [ 14.365733] <TASK> [ 14.365746] dump_stack_lvl+0x73/0xb0 [ 14.365774] print_report+0xd1/0x650 [ 14.365796] ? __virt_addr_valid+0x1db/0x2d0 [ 14.365871] ? memcmp+0x1b4/0x1d0 [ 14.365892] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.365916] ? memcmp+0x1b4/0x1d0 [ 14.365935] kasan_report+0x141/0x180 [ 14.365956] ? memcmp+0x1b4/0x1d0 [ 14.365978] __asan_report_load1_noabort+0x18/0x20 [ 14.366004] memcmp+0x1b4/0x1d0 [ 14.366050] kasan_memcmp+0x18f/0x390 [ 14.366071] ? trace_hardirqs_on+0x37/0xe0 [ 14.366095] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.366116] ? finish_task_switch.isra.0+0x153/0x700 [ 14.366139] ? __switch_to+0x47/0xf50 [ 14.366168] ? __pfx_read_tsc+0x10/0x10 [ 14.366189] ? ktime_get_ts64+0x86/0x230 [ 14.366213] kunit_try_run_case+0x1a5/0x480 [ 14.366238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.366263] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.366286] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.366310] ? __kthread_parkme+0x82/0x180 [ 14.366330] ? preempt_count_sub+0x50/0x80 [ 14.366353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.366379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.366404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.366430] kthread+0x337/0x6f0 [ 14.366448] ? trace_preempt_on+0x20/0xc0 [ 14.366470] ? __pfx_kthread+0x10/0x10 [ 14.366490] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.366512] ? calculate_sigpending+0x7b/0xa0 [ 14.366536] ? __pfx_kthread+0x10/0x10 [ 14.366557] ret_from_fork+0x116/0x1d0 [ 14.366576] ? __pfx_kthread+0x10/0x10 [ 14.366596] ret_from_fork_asm+0x1a/0x30 [ 14.366627] </TASK> [ 14.366636] [ 14.376723] Allocated by task 274: [ 14.376875] kasan_save_stack+0x45/0x70 [ 14.377544] kasan_save_track+0x18/0x40 [ 14.377726] kasan_save_alloc_info+0x3b/0x50 [ 14.378138] __kasan_kmalloc+0xb7/0xc0 [ 14.378420] __kmalloc_cache_noprof+0x189/0x420 [ 14.378747] kasan_memcmp+0xb7/0x390 [ 14.379008] kunit_try_run_case+0x1a5/0x480 [ 14.379349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.379597] kthread+0x337/0x6f0 [ 14.379748] ret_from_fork+0x116/0x1d0 [ 14.380143] ret_from_fork_asm+0x1a/0x30 [ 14.380413] [ 14.380514] The buggy address belongs to the object at ffff8881027b2640 [ 14.380514] which belongs to the cache kmalloc-32 of size 32 [ 14.381503] The buggy address is located 0 bytes to the right of [ 14.381503] allocated 24-byte region [ffff8881027b2640, ffff8881027b2658) [ 14.382270] [ 14.382590] The buggy address belongs to the physical page: [ 14.383191] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b2 [ 14.383514] flags: 0x200000000000000(node=0|zone=2) [ 14.383702] page_type: f5(slab) [ 14.383891] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.384582] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.385109] page dumped because: kasan: bad access detected [ 14.385452] [ 14.385553] Memory state around the buggy address: [ 14.386110] ffff8881027b2500: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 14.386534] ffff8881027b2580: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 14.387083] >ffff8881027b2600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.387384] ^ [ 14.387742] ffff8881027b2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.388285] ffff8881027b2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.388588] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 14.338873] ================================================================== [ 14.339422] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 14.339737] Read of size 1 at addr ffff888103b07c4a by task kunit_try_catch/270 [ 14.340329] [ 14.340424] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.340467] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.340478] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.340498] Call Trace: [ 14.340511] <TASK> [ 14.340524] dump_stack_lvl+0x73/0xb0 [ 14.340554] print_report+0xd1/0x650 [ 14.340575] ? __virt_addr_valid+0x1db/0x2d0 [ 14.340599] ? kasan_alloca_oob_right+0x329/0x390 [ 14.340621] ? kasan_addr_to_slab+0x11/0xa0 [ 14.340641] ? kasan_alloca_oob_right+0x329/0x390 [ 14.340664] kasan_report+0x141/0x180 [ 14.340686] ? kasan_alloca_oob_right+0x329/0x390 [ 14.340713] __asan_report_load1_noabort+0x18/0x20 [ 14.340739] kasan_alloca_oob_right+0x329/0x390 [ 14.340764] ? finish_task_switch.isra.0+0x153/0x700 [ 14.340788] ? preempt_schedule_common+0xbe/0x110 [ 14.340812] ? trace_hardirqs_on+0x37/0xe0 [ 14.340856] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 14.340883] ? __schedule+0x10cc/0x2b60 [ 14.340905] ? __pfx_read_tsc+0x10/0x10 [ 14.340927] ? ktime_get_ts64+0x86/0x230 [ 14.341094] kunit_try_run_case+0x1a5/0x480 [ 14.341120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.341145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.341169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.341193] ? __kthread_parkme+0x82/0x180 [ 14.341213] ? preempt_count_sub+0x50/0x80 [ 14.341236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.341262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.341286] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.341312] kthread+0x337/0x6f0 [ 14.341331] ? trace_preempt_on+0x20/0xc0 [ 14.341353] ? __pfx_kthread+0x10/0x10 [ 14.341373] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.341395] ? calculate_sigpending+0x7b/0xa0 [ 14.341420] ? __pfx_kthread+0x10/0x10 [ 14.341441] ret_from_fork+0x116/0x1d0 [ 14.341460] ? __pfx_kthread+0x10/0x10 [ 14.341481] ret_from_fork_asm+0x1a/0x30 [ 14.341511] </TASK> [ 14.341521] [ 14.350311] The buggy address belongs to stack of task kunit_try_catch/270 [ 14.350870] [ 14.351193] The buggy address belongs to the physical page: [ 14.351732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b07 [ 14.352306] flags: 0x200000000000000(node=0|zone=2) [ 14.352891] raw: 0200000000000000 ffffea00040ec1c8 ffffea00040ec1c8 0000000000000000 [ 14.353328] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.353635] page dumped because: kasan: bad access detected [ 14.353868] [ 14.354226] Memory state around the buggy address: [ 14.354501] ffff888103b07b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.355001] ffff888103b07b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.355595] >ffff888103b07c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 14.355941] ^ [ 14.356321] ffff888103b07c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 14.356618] ffff888103b07d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.356904] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 14.312293] ================================================================== [ 14.312693] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 14.313193] Read of size 1 at addr ffff888103b07c3f by task kunit_try_catch/268 [ 14.313452] [ 14.313724] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.313771] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.313783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.313803] Call Trace: [ 14.313815] <TASK> [ 14.313829] dump_stack_lvl+0x73/0xb0 [ 14.313860] print_report+0xd1/0x650 [ 14.313881] ? __virt_addr_valid+0x1db/0x2d0 [ 14.313905] ? kasan_alloca_oob_left+0x320/0x380 [ 14.313927] ? kasan_addr_to_slab+0x11/0xa0 [ 14.313948] ? kasan_alloca_oob_left+0x320/0x380 [ 14.313971] kasan_report+0x141/0x180 [ 14.313992] ? kasan_alloca_oob_left+0x320/0x380 [ 14.314019] __asan_report_load1_noabort+0x18/0x20 [ 14.314059] kasan_alloca_oob_left+0x320/0x380 [ 14.314081] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.314105] ? finish_task_switch.isra.0+0x153/0x700 [ 14.314127] ? preempt_schedule_common+0xbe/0x110 [ 14.314151] ? trace_hardirqs_on+0x37/0xe0 [ 14.314176] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 14.314201] ? __schedule+0x10cc/0x2b60 [ 14.314222] ? __pfx_read_tsc+0x10/0x10 [ 14.314244] ? ktime_get_ts64+0x86/0x230 [ 14.314268] kunit_try_run_case+0x1a5/0x480 [ 14.314295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.314319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.314343] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.314367] ? __kthread_parkme+0x82/0x180 [ 14.314389] ? preempt_count_sub+0x50/0x80 [ 14.314412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.314438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.314463] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.314489] kthread+0x337/0x6f0 [ 14.314508] ? trace_preempt_on+0x20/0xc0 [ 14.314529] ? __pfx_kthread+0x10/0x10 [ 14.314550] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.314572] ? calculate_sigpending+0x7b/0xa0 [ 14.314596] ? __pfx_kthread+0x10/0x10 [ 14.315101] ret_from_fork+0x116/0x1d0 [ 14.315123] ? __pfx_kthread+0x10/0x10 [ 14.315144] ret_from_fork_asm+0x1a/0x30 [ 14.315176] </TASK> [ 14.315186] [ 14.326137] The buggy address belongs to stack of task kunit_try_catch/268 [ 14.326487] [ 14.326872] The buggy address belongs to the physical page: [ 14.327311] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b07 [ 14.327662] flags: 0x200000000000000(node=0|zone=2) [ 14.328340] raw: 0200000000000000 ffffea00040ec1c8 ffffea00040ec1c8 0000000000000000 [ 14.328695] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.329176] page dumped because: kasan: bad access detected [ 14.329655] [ 14.329853] Memory state around the buggy address: [ 14.330126] ffff888103b07b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.330384] ffff888103b07b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.330708] >ffff888103b07c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 14.330986] ^ [ 14.331372] ffff888103b07c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 14.331689] ffff888103b07d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.332263] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 14.281576] ================================================================== [ 14.282473] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 14.282788] Read of size 1 at addr ffff888103aafd02 by task kunit_try_catch/266 [ 14.283258] [ 14.283360] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.283404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.283415] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.283435] Call Trace: [ 14.283447] <TASK> [ 14.283461] dump_stack_lvl+0x73/0xb0 [ 14.283491] print_report+0xd1/0x650 [ 14.283513] ? __virt_addr_valid+0x1db/0x2d0 [ 14.283538] ? kasan_stack_oob+0x2b5/0x300 [ 14.283558] ? kasan_addr_to_slab+0x11/0xa0 [ 14.283579] ? kasan_stack_oob+0x2b5/0x300 [ 14.283600] kasan_report+0x141/0x180 [ 14.283635] ? kasan_stack_oob+0x2b5/0x300 [ 14.283659] __asan_report_load1_noabort+0x18/0x20 [ 14.283696] kasan_stack_oob+0x2b5/0x300 [ 14.283716] ? __pfx_kasan_stack_oob+0x10/0x10 [ 14.283736] ? __schedule+0x207f/0x2b60 [ 14.283757] ? schedule+0x7c/0x2e0 [ 14.283777] ? trace_hardirqs_on+0x37/0xe0 [ 14.283801] ? __schedule+0x207f/0x2b60 [ 14.283822] ? __pfx_read_tsc+0x10/0x10 [ 14.283908] ? ktime_get_ts64+0x86/0x230 [ 14.283938] kunit_try_run_case+0x1a5/0x480 [ 14.283970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.283994] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.284018] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.284053] ? __kthread_parkme+0x82/0x180 [ 14.284074] ? preempt_count_sub+0x50/0x80 [ 14.284097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.284123] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.284148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.284174] kthread+0x337/0x6f0 [ 14.284193] ? trace_preempt_on+0x20/0xc0 [ 14.284215] ? __pfx_kthread+0x10/0x10 [ 14.284236] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.284257] ? calculate_sigpending+0x7b/0xa0 [ 14.284281] ? __pfx_kthread+0x10/0x10 [ 14.284303] ret_from_fork+0x116/0x1d0 [ 14.284322] ? __pfx_kthread+0x10/0x10 [ 14.284343] ret_from_fork_asm+0x1a/0x30 [ 14.284373] </TASK> [ 14.284384] [ 14.295360] The buggy address belongs to stack of task kunit_try_catch/266 [ 14.295710] and is located at offset 138 in frame: [ 14.296394] kasan_stack_oob+0x0/0x300 [ 14.296760] [ 14.296926] This frame has 4 objects: [ 14.297522] [48, 49) '__assertion' [ 14.297550] [64, 72) 'array' [ 14.297713] [96, 112) '__assertion' [ 14.297878] [128, 138) 'stack_array' [ 14.298250] [ 14.298520] The buggy address belongs to the physical page: [ 14.298747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aaf [ 14.299602] flags: 0x200000000000000(node=0|zone=2) [ 14.299821] raw: 0200000000000000 ffffea00040eabc8 ffffea00040eabc8 0000000000000000 [ 14.300487] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.300902] page dumped because: kasan: bad access detected [ 14.301225] [ 14.301310] Memory state around the buggy address: [ 14.301514] ffff888103aafc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.302213] ffff888103aafc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 14.302512] >ffff888103aafd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.303064] ^ [ 14.303201] ffff888103aafd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 14.303524] ffff888103aafe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.303808] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 14.258215] ================================================================== [ 14.258935] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 14.259601] Read of size 1 at addr ffffffffb4263e8d by task kunit_try_catch/262 [ 14.260127] [ 14.260290] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.260334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.260347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.260366] Call Trace: [ 14.260379] <TASK> [ 14.260393] dump_stack_lvl+0x73/0xb0 [ 14.260423] print_report+0xd1/0x650 [ 14.260459] ? __virt_addr_valid+0x1db/0x2d0 [ 14.260483] ? kasan_global_oob_right+0x286/0x2d0 [ 14.260505] ? kasan_addr_to_slab+0x11/0xa0 [ 14.260537] ? kasan_global_oob_right+0x286/0x2d0 [ 14.260560] kasan_report+0x141/0x180 [ 14.260582] ? kasan_global_oob_right+0x286/0x2d0 [ 14.260609] __asan_report_load1_noabort+0x18/0x20 [ 14.260634] kasan_global_oob_right+0x286/0x2d0 [ 14.260657] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 14.260683] ? __schedule+0x10cc/0x2b60 [ 14.260705] ? __pfx_read_tsc+0x10/0x10 [ 14.260726] ? ktime_get_ts64+0x86/0x230 [ 14.260750] kunit_try_run_case+0x1a5/0x480 [ 14.260774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.260798] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.260837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.260862] ? __kthread_parkme+0x82/0x180 [ 14.260883] ? preempt_count_sub+0x50/0x80 [ 14.260907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.260940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.260966] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.260991] kthread+0x337/0x6f0 [ 14.261010] ? trace_preempt_on+0x20/0xc0 [ 14.261041] ? __pfx_kthread+0x10/0x10 [ 14.261063] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.261085] ? calculate_sigpending+0x7b/0xa0 [ 14.261110] ? __pfx_kthread+0x10/0x10 [ 14.261132] ret_from_fork+0x116/0x1d0 [ 14.261150] ? __pfx_kthread+0x10/0x10 [ 14.261171] ret_from_fork_asm+0x1a/0x30 [ 14.261200] </TASK> [ 14.261211] [ 14.269003] The buggy address belongs to the variable: [ 14.269270] global_array+0xd/0x40 [ 14.269428] [ 14.269517] The buggy address belongs to the physical page: [ 14.269793] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x30663 [ 14.270257] flags: 0x100000000002000(reserved|node=0|zone=1) [ 14.270662] raw: 0100000000002000 ffffea0000c198c8 ffffea0000c198c8 0000000000000000 [ 14.271232] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.271562] page dumped because: kasan: bad access detected [ 14.271794] [ 14.271939] Memory state around the buggy address: [ 14.272163] ffffffffb4263d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.272480] ffffffffb4263e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.272801] >ffffffffb4263e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 14.273193] ^ [ 14.273344] ffffffffb4263f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 14.273560] ffffffffb4263f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 14.273901] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 14.209260] ================================================================== [ 14.210100] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.210463] Free of addr ffff888102791b01 by task kunit_try_catch/258 [ 14.210784] [ 14.210935] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.210981] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.210993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.211022] Call Trace: [ 14.211050] <TASK> [ 14.211065] dump_stack_lvl+0x73/0xb0 [ 14.211094] print_report+0xd1/0x650 [ 14.211116] ? __virt_addr_valid+0x1db/0x2d0 [ 14.211138] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.211162] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.211189] kasan_report_invalid_free+0x10a/0x130 [ 14.211224] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.211254] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.211290] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.211316] check_slab_allocation+0x11f/0x130 [ 14.211339] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.211365] mempool_free+0x2ec/0x380 [ 14.211390] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.211418] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.211445] ? update_load_avg+0x1be/0x21b0 [ 14.211468] ? dequeue_entities+0x27e/0x1740 [ 14.211494] ? finish_task_switch.isra.0+0x153/0x700 [ 14.211519] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.211544] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.211573] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.211596] ? __pfx_mempool_kfree+0x10/0x10 [ 14.211621] ? __pfx_read_tsc+0x10/0x10 [ 14.211651] ? ktime_get_ts64+0x86/0x230 [ 14.211674] kunit_try_run_case+0x1a5/0x480 [ 14.211699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.211732] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.211756] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.211780] ? __kthread_parkme+0x82/0x180 [ 14.211801] ? preempt_count_sub+0x50/0x80 [ 14.211832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.211858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.211883] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.211908] kthread+0x337/0x6f0 [ 14.211927] ? trace_preempt_on+0x20/0xc0 [ 14.211996] ? __pfx_kthread+0x10/0x10 [ 14.212018] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.212049] ? calculate_sigpending+0x7b/0xa0 [ 14.212073] ? __pfx_kthread+0x10/0x10 [ 14.212097] ret_from_fork+0x116/0x1d0 [ 14.212116] ? __pfx_kthread+0x10/0x10 [ 14.212137] ret_from_fork_asm+0x1a/0x30 [ 14.212167] </TASK> [ 14.212177] [ 14.222106] Allocated by task 258: [ 14.222347] kasan_save_stack+0x45/0x70 [ 14.222499] kasan_save_track+0x18/0x40 [ 14.222636] kasan_save_alloc_info+0x3b/0x50 [ 14.222785] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.223024] remove_element+0x11e/0x190 [ 14.223231] mempool_alloc_preallocated+0x4d/0x90 [ 14.223456] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.223835] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.224014] kunit_try_run_case+0x1a5/0x480 [ 14.224171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.224347] kthread+0x337/0x6f0 [ 14.224711] ret_from_fork+0x116/0x1d0 [ 14.225124] ret_from_fork_asm+0x1a/0x30 [ 14.225362] [ 14.225482] The buggy address belongs to the object at ffff888102791b00 [ 14.225482] which belongs to the cache kmalloc-128 of size 128 [ 14.226200] The buggy address is located 1 bytes inside of [ 14.226200] 128-byte region [ffff888102791b00, ffff888102791b80) [ 14.226573] [ 14.226684] The buggy address belongs to the physical page: [ 14.227069] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 14.227558] flags: 0x200000000000000(node=0|zone=2) [ 14.227778] page_type: f5(slab) [ 14.227959] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.228350] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.228645] page dumped because: kasan: bad access detected [ 14.229025] [ 14.229223] Memory state around the buggy address: [ 14.229463] ffff888102791a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.229782] ffff888102791a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.230177] >ffff888102791b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.230501] ^ [ 14.230670] ffff888102791b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.231104] ffff888102791c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.231394] ================================================================== [ 14.236449] ================================================================== [ 14.236955] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.237398] Free of addr ffff888102ad4001 by task kunit_try_catch/260 [ 14.237652] [ 14.238092] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.238146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.238159] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.238192] Call Trace: [ 14.238205] <TASK> [ 14.238222] dump_stack_lvl+0x73/0xb0 [ 14.238268] print_report+0xd1/0x650 [ 14.238293] ? __virt_addr_valid+0x1db/0x2d0 [ 14.238320] ? kasan_addr_to_slab+0x11/0xa0 [ 14.238342] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.238373] kasan_report_invalid_free+0x10a/0x130 [ 14.238401] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.238432] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.238460] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.238497] mempool_free+0x2ec/0x380 [ 14.238528] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.238567] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.238598] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.238623] ? finish_task_switch.isra.0+0x153/0x700 [ 14.238652] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.238679] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.238710] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.238734] ? __pfx_mempool_kfree+0x10/0x10 [ 14.238761] ? __pfx_read_tsc+0x10/0x10 [ 14.238785] ? ktime_get_ts64+0x86/0x230 [ 14.238811] kunit_try_run_case+0x1a5/0x480 [ 14.238894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.238919] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.238953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.238979] ? __kthread_parkme+0x82/0x180 [ 14.239004] ? preempt_count_sub+0x50/0x80 [ 14.239041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.239067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.239094] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.239120] kthread+0x337/0x6f0 [ 14.239141] ? trace_preempt_on+0x20/0xc0 [ 14.239165] ? __pfx_kthread+0x10/0x10 [ 14.239187] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.239210] ? calculate_sigpending+0x7b/0xa0 [ 14.239237] ? __pfx_kthread+0x10/0x10 [ 14.239260] ret_from_fork+0x116/0x1d0 [ 14.239281] ? __pfx_kthread+0x10/0x10 [ 14.239303] ret_from_fork_asm+0x1a/0x30 [ 14.239336] </TASK> [ 14.239346] [ 14.248749] The buggy address belongs to the physical page: [ 14.249130] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 14.249445] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.249676] flags: 0x200000000000040(head|node=0|zone=2) [ 14.249853] page_type: f8(unknown) [ 14.250173] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.250713] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.251175] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.251486] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.251721] head: 0200000000000002 ffffea00040ab501 00000000ffffffff 00000000ffffffff [ 14.252292] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.252948] page dumped because: kasan: bad access detected [ 14.253187] [ 14.253275] Memory state around the buggy address: [ 14.253504] ffff888102ad3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.253872] ffff888102ad3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.254241] >ffff888102ad4000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.254561] ^ [ 14.254735] ffff888102ad4080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.255062] ffff888102ad4100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.255352] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 14.189100] ================================================================== [ 14.189874] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.190245] Free of addr ffff888103ac0000 by task kunit_try_catch/256 [ 14.190520] [ 14.190635] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.190680] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.190692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.190713] Call Trace: [ 14.190737] <TASK> [ 14.190753] dump_stack_lvl+0x73/0xb0 [ 14.190784] print_report+0xd1/0x650 [ 14.190869] ? __virt_addr_valid+0x1db/0x2d0 [ 14.190897] ? kasan_addr_to_slab+0x11/0xa0 [ 14.190918] ? mempool_double_free_helper+0x184/0x370 [ 14.190952] kasan_report_invalid_free+0x10a/0x130 [ 14.190979] ? mempool_double_free_helper+0x184/0x370 [ 14.191006] ? mempool_double_free_helper+0x184/0x370 [ 14.191051] __kasan_mempool_poison_pages+0x115/0x130 [ 14.191077] mempool_free+0x290/0x380 [ 14.191156] mempool_double_free_helper+0x184/0x370 [ 14.191182] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.191221] ? finish_task_switch.isra.0+0x153/0x700 [ 14.191250] mempool_page_alloc_double_free+0xe8/0x140 [ 14.191277] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.191317] ? __kasan_check_write+0x18/0x20 [ 14.191339] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.191364] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.191391] ? __pfx_read_tsc+0x10/0x10 [ 14.191413] ? ktime_get_ts64+0x86/0x230 [ 14.191435] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.191465] kunit_try_run_case+0x1a5/0x480 [ 14.191490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.191516] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.191542] ? __kthread_parkme+0x82/0x180 [ 14.191563] ? preempt_count_sub+0x50/0x80 [ 14.191587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.191612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.191638] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.191666] kthread+0x337/0x6f0 [ 14.191686] ? trace_preempt_on+0x20/0xc0 [ 14.191710] ? __pfx_kthread+0x10/0x10 [ 14.191731] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.191754] ? calculate_sigpending+0x7b/0xa0 [ 14.191778] ? __pfx_kthread+0x10/0x10 [ 14.191800] ret_from_fork+0x116/0x1d0 [ 14.191861] ? __pfx_kthread+0x10/0x10 [ 14.191884] ret_from_fork_asm+0x1a/0x30 [ 14.191916] </TASK> [ 14.191926] [ 14.201611] The buggy address belongs to the physical page: [ 14.201992] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ac0 [ 14.202364] flags: 0x200000000000000(node=0|zone=2) [ 14.202606] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.202920] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.203272] page dumped because: kasan: bad access detected [ 14.203445] [ 14.203516] Memory state around the buggy address: [ 14.203669] ffff888103abff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.204261] ffff888103abff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.204878] >ffff888103ac0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.205277] ^ [ 14.205456] ffff888103ac0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.205738] ffff888103ac0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.205955] ================================================================== [ 14.118900] ================================================================== [ 14.119906] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.120847] Free of addr ffff888103a11100 by task kunit_try_catch/252 [ 14.121586] [ 14.121914] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.121971] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.121984] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.122005] Call Trace: [ 14.122018] <TASK> [ 14.122157] dump_stack_lvl+0x73/0xb0 [ 14.122199] print_report+0xd1/0x650 [ 14.122235] ? __virt_addr_valid+0x1db/0x2d0 [ 14.122260] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.122290] ? mempool_double_free_helper+0x184/0x370 [ 14.122316] kasan_report_invalid_free+0x10a/0x130 [ 14.122342] ? mempool_double_free_helper+0x184/0x370 [ 14.122368] ? mempool_double_free_helper+0x184/0x370 [ 14.122392] ? mempool_double_free_helper+0x184/0x370 [ 14.122415] check_slab_allocation+0x101/0x130 [ 14.122437] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.122463] mempool_free+0x2ec/0x380 [ 14.122491] mempool_double_free_helper+0x184/0x370 [ 14.122516] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.122545] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.122569] ? finish_task_switch.isra.0+0x153/0x700 [ 14.122596] mempool_kmalloc_double_free+0xed/0x140 [ 14.122620] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.122647] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.122671] ? __pfx_mempool_kfree+0x10/0x10 [ 14.122696] ? __pfx_read_tsc+0x10/0x10 [ 14.122717] ? ktime_get_ts64+0x86/0x230 [ 14.122742] kunit_try_run_case+0x1a5/0x480 [ 14.122767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.122791] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.122844] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.122873] ? __kthread_parkme+0x82/0x180 [ 14.122897] ? preempt_count_sub+0x50/0x80 [ 14.122920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.122947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.122971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.122996] kthread+0x337/0x6f0 [ 14.123015] ? trace_preempt_on+0x20/0xc0 [ 14.123048] ? __pfx_kthread+0x10/0x10 [ 14.123068] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.123090] ? calculate_sigpending+0x7b/0xa0 [ 14.123114] ? __pfx_kthread+0x10/0x10 [ 14.123135] ret_from_fork+0x116/0x1d0 [ 14.123154] ? __pfx_kthread+0x10/0x10 [ 14.123174] ret_from_fork_asm+0x1a/0x30 [ 14.123205] </TASK> [ 14.123215] [ 14.138309] Allocated by task 252: [ 14.138453] kasan_save_stack+0x45/0x70 [ 14.138605] kasan_save_track+0x18/0x40 [ 14.138742] kasan_save_alloc_info+0x3b/0x50 [ 14.138904] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.139265] remove_element+0x11e/0x190 [ 14.140007] mempool_alloc_preallocated+0x4d/0x90 [ 14.140468] mempool_double_free_helper+0x8a/0x370 [ 14.140908] mempool_kmalloc_double_free+0xed/0x140 [ 14.141413] kunit_try_run_case+0x1a5/0x480 [ 14.142040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.142542] kthread+0x337/0x6f0 [ 14.142939] ret_from_fork+0x116/0x1d0 [ 14.143347] ret_from_fork_asm+0x1a/0x30 [ 14.143588] [ 14.143765] Freed by task 252: [ 14.144098] kasan_save_stack+0x45/0x70 [ 14.144334] kasan_save_track+0x18/0x40 [ 14.144724] kasan_save_free_info+0x3f/0x60 [ 14.145175] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.145353] mempool_free+0x2ec/0x380 [ 14.145486] mempool_double_free_helper+0x109/0x370 [ 14.145650] mempool_kmalloc_double_free+0xed/0x140 [ 14.145931] kunit_try_run_case+0x1a5/0x480 [ 14.146353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.146941] kthread+0x337/0x6f0 [ 14.147290] ret_from_fork+0x116/0x1d0 [ 14.147642] ret_from_fork_asm+0x1a/0x30 [ 14.148145] [ 14.148406] The buggy address belongs to the object at ffff888103a11100 [ 14.148406] which belongs to the cache kmalloc-128 of size 128 [ 14.149704] The buggy address is located 0 bytes inside of [ 14.149704] 128-byte region [ffff888103a11100, ffff888103a11180) [ 14.150709] [ 14.150792] The buggy address belongs to the physical page: [ 14.151519] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a11 [ 14.152157] flags: 0x200000000000000(node=0|zone=2) [ 14.152331] page_type: f5(slab) [ 14.152453] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.152685] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.152925] page dumped because: kasan: bad access detected [ 14.153202] [ 14.153375] Memory state around the buggy address: [ 14.153567] ffff888103a11000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.153822] ffff888103a11080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.154393] >ffff888103a11100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.155015] ^ [ 14.155156] ffff888103a11180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.155609] ffff888103a11200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.156247] ================================================================== [ 14.164110] ================================================================== [ 14.164763] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.165172] Free of addr ffff888103ac0000 by task kunit_try_catch/254 [ 14.166027] [ 14.166256] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.166305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.166417] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.166441] Call Trace: [ 14.166454] <TASK> [ 14.166471] dump_stack_lvl+0x73/0xb0 [ 14.166506] print_report+0xd1/0x650 [ 14.166528] ? __virt_addr_valid+0x1db/0x2d0 [ 14.166553] ? kasan_addr_to_slab+0x11/0xa0 [ 14.166574] ? mempool_double_free_helper+0x184/0x370 [ 14.166599] kasan_report_invalid_free+0x10a/0x130 [ 14.166625] ? mempool_double_free_helper+0x184/0x370 [ 14.166652] ? mempool_double_free_helper+0x184/0x370 [ 14.166676] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.166702] mempool_free+0x2ec/0x380 [ 14.166729] mempool_double_free_helper+0x184/0x370 [ 14.166754] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.166781] ? __kasan_check_write+0x18/0x20 [ 14.166801] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.166835] ? finish_task_switch.isra.0+0x153/0x700 [ 14.166862] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.166888] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.166917] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.166990] ? __pfx_mempool_kfree+0x10/0x10 [ 14.167018] ? __pfx_read_tsc+0x10/0x10 [ 14.167052] ? ktime_get_ts64+0x86/0x230 [ 14.167078] kunit_try_run_case+0x1a5/0x480 [ 14.167104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.167127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.167153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.167177] ? __kthread_parkme+0x82/0x180 [ 14.167198] ? preempt_count_sub+0x50/0x80 [ 14.167222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.167247] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.167272] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.167298] kthread+0x337/0x6f0 [ 14.167317] ? trace_preempt_on+0x20/0xc0 [ 14.167340] ? __pfx_kthread+0x10/0x10 [ 14.167360] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.167381] ? calculate_sigpending+0x7b/0xa0 [ 14.167405] ? __pfx_kthread+0x10/0x10 [ 14.167427] ret_from_fork+0x116/0x1d0 [ 14.167446] ? __pfx_kthread+0x10/0x10 [ 14.167466] ret_from_fork_asm+0x1a/0x30 [ 14.167497] </TASK> [ 14.167509] [ 14.178467] The buggy address belongs to the physical page: [ 14.178723] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ac0 [ 14.179263] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.179732] flags: 0x200000000000040(head|node=0|zone=2) [ 14.179972] page_type: f8(unknown) [ 14.180372] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.180659] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.181189] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.181444] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.181792] head: 0200000000000002 ffffea00040eb001 00000000ffffffff 00000000ffffffff [ 14.182293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.182616] page dumped because: kasan: bad access detected [ 14.182867] [ 14.182977] Memory state around the buggy address: [ 14.183275] ffff888103abff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.183589] ffff888103abff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.184058] >ffff888103ac0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.184337] ^ [ 14.184493] ffff888103ac0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.184743] ffff888103ac0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.184976] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 14.016677] ================================================================== [ 14.017302] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.017533] Read of size 1 at addr ffff888102ad0000 by task kunit_try_catch/246 [ 14.018401] [ 14.018680] CPU: 0 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.018730] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.018744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.018766] Call Trace: [ 14.018779] <TASK> [ 14.018793] dump_stack_lvl+0x73/0xb0 [ 14.018825] print_report+0xd1/0x650 [ 14.018848] ? __virt_addr_valid+0x1db/0x2d0 [ 14.018872] ? mempool_uaf_helper+0x392/0x400 [ 14.018895] ? kasan_addr_to_slab+0x11/0xa0 [ 14.018916] ? mempool_uaf_helper+0x392/0x400 [ 14.018940] kasan_report+0x141/0x180 [ 14.018962] ? mempool_uaf_helper+0x392/0x400 [ 14.018990] __asan_report_load1_noabort+0x18/0x20 [ 14.019016] mempool_uaf_helper+0x392/0x400 [ 14.019049] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.019075] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.019099] ? finish_task_switch.isra.0+0x153/0x700 [ 14.019126] mempool_kmalloc_large_uaf+0xef/0x140 [ 14.019149] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 14.019177] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.019201] ? __pfx_mempool_kfree+0x10/0x10 [ 14.019227] ? __pfx_read_tsc+0x10/0x10 [ 14.019249] ? ktime_get_ts64+0x86/0x230 [ 14.019273] kunit_try_run_case+0x1a5/0x480 [ 14.019298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.019321] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.019345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.019370] ? __kthread_parkme+0x82/0x180 [ 14.019390] ? preempt_count_sub+0x50/0x80 [ 14.019414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.019439] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.019464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.019489] kthread+0x337/0x6f0 [ 14.019508] ? trace_preempt_on+0x20/0xc0 [ 14.019532] ? __pfx_kthread+0x10/0x10 [ 14.019552] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.019574] ? calculate_sigpending+0x7b/0xa0 [ 14.019598] ? __pfx_kthread+0x10/0x10 [ 14.019619] ret_from_fork+0x116/0x1d0 [ 14.019639] ? __pfx_kthread+0x10/0x10 [ 14.019659] ret_from_fork_asm+0x1a/0x30 [ 14.019689] </TASK> [ 14.019699] [ 14.034285] The buggy address belongs to the physical page: [ 14.034785] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 14.035566] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.036359] flags: 0x200000000000040(head|node=0|zone=2) [ 14.036712] page_type: f8(unknown) [ 14.037269] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.037609] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.037950] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.038863] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.039594] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 14.040286] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.040738] page dumped because: kasan: bad access detected [ 14.041225] [ 14.041384] Memory state around the buggy address: [ 14.041847] ffff888102acff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.042481] ffff888102acff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.042712] >ffff888102ad0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.043057] ^ [ 14.043406] ffff888102ad0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.044101] ffff888102ad0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.044730] ================================================================== [ 14.093608] ================================================================== [ 14.094774] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.095020] Read of size 1 at addr ffff888102ad4000 by task kunit_try_catch/250 [ 14.095639] [ 14.095848] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.095931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.095952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.095986] Call Trace: [ 14.095999] <TASK> [ 14.096015] dump_stack_lvl+0x73/0xb0 [ 14.096060] print_report+0xd1/0x650 [ 14.096082] ? __virt_addr_valid+0x1db/0x2d0 [ 14.096107] ? mempool_uaf_helper+0x392/0x400 [ 14.096129] ? kasan_addr_to_slab+0x11/0xa0 [ 14.096149] ? mempool_uaf_helper+0x392/0x400 [ 14.096171] kasan_report+0x141/0x180 [ 14.096192] ? mempool_uaf_helper+0x392/0x400 [ 14.096247] __asan_report_load1_noabort+0x18/0x20 [ 14.096274] mempool_uaf_helper+0x392/0x400 [ 14.096297] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.096323] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.096347] ? finish_task_switch.isra.0+0x153/0x700 [ 14.096375] mempool_page_alloc_uaf+0xed/0x140 [ 14.096399] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 14.096426] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.096451] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.096478] ? __pfx_read_tsc+0x10/0x10 [ 14.096500] ? ktime_get_ts64+0x86/0x230 [ 14.096525] kunit_try_run_case+0x1a5/0x480 [ 14.096550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.096573] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.096597] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.096621] ? __kthread_parkme+0x82/0x180 [ 14.096641] ? preempt_count_sub+0x50/0x80 [ 14.096665] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.096688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.096713] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.096738] kthread+0x337/0x6f0 [ 14.096757] ? trace_preempt_on+0x20/0xc0 [ 14.096780] ? __pfx_kthread+0x10/0x10 [ 14.096801] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.096836] ? calculate_sigpending+0x7b/0xa0 [ 14.096860] ? __pfx_kthread+0x10/0x10 [ 14.096881] ret_from_fork+0x116/0x1d0 [ 14.096901] ? __pfx_kthread+0x10/0x10 [ 14.096921] ret_from_fork_asm+0x1a/0x30 [ 14.096960] </TASK> [ 14.096970] [ 14.110975] The buggy address belongs to the physical page: [ 14.111196] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad4 [ 14.111688] flags: 0x200000000000000(node=0|zone=2) [ 14.111866] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.112470] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.112694] page dumped because: kasan: bad access detected [ 14.113183] [ 14.113283] Memory state around the buggy address: [ 14.113550] ffff888102ad3f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.113886] ffff888102ad3f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.114219] >ffff888102ad4000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.114454] ^ [ 14.114615] ffff888102ad4080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.115189] ffff888102ad4100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.115514] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 14.049441] ================================================================== [ 14.051314] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.052397] Read of size 1 at addr ffff8881027af240 by task kunit_try_catch/248 [ 14.052629] [ 14.052722] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 14.052768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.052780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.052885] Call Trace: [ 14.052900] <TASK> [ 14.052936] dump_stack_lvl+0x73/0xb0 [ 14.052971] print_report+0xd1/0x650 [ 14.052994] ? __virt_addr_valid+0x1db/0x2d0 [ 14.053019] ? mempool_uaf_helper+0x392/0x400 [ 14.053051] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.053075] ? mempool_uaf_helper+0x392/0x400 [ 14.053097] kasan_report+0x141/0x180 [ 14.053119] ? mempool_uaf_helper+0x392/0x400 [ 14.053146] __asan_report_load1_noabort+0x18/0x20 [ 14.053171] mempool_uaf_helper+0x392/0x400 [ 14.053194] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.053217] ? update_load_avg+0x1be/0x21b0 [ 14.053245] ? finish_task_switch.isra.0+0x153/0x700 [ 14.053271] mempool_slab_uaf+0xea/0x140 [ 14.053305] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 14.053331] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.053357] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.053395] ? __pfx_read_tsc+0x10/0x10 [ 14.053416] ? ktime_get_ts64+0x86/0x230 [ 14.053442] kunit_try_run_case+0x1a5/0x480 [ 14.053468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.053491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.053517] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.053540] ? __kthread_parkme+0x82/0x180 [ 14.053562] ? preempt_count_sub+0x50/0x80 [ 14.053584] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.053608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.053633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.053658] kthread+0x337/0x6f0 [ 14.053677] ? trace_preempt_on+0x20/0xc0 [ 14.053700] ? __pfx_kthread+0x10/0x10 [ 14.053721] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.053742] ? calculate_sigpending+0x7b/0xa0 [ 14.053766] ? __pfx_kthread+0x10/0x10 [ 14.053787] ret_from_fork+0x116/0x1d0 [ 14.053867] ? __pfx_kthread+0x10/0x10 [ 14.053888] ret_from_fork_asm+0x1a/0x30 [ 14.053937] </TASK> [ 14.053949] [ 14.068037] Allocated by task 248: [ 14.068376] kasan_save_stack+0x45/0x70 [ 14.068751] kasan_save_track+0x18/0x40 [ 14.069207] kasan_save_alloc_info+0x3b/0x50 [ 14.069607] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.070177] remove_element+0x11e/0x190 [ 14.070563] mempool_alloc_preallocated+0x4d/0x90 [ 14.070963] mempool_uaf_helper+0x96/0x400 [ 14.071343] mempool_slab_uaf+0xea/0x140 [ 14.071488] kunit_try_run_case+0x1a5/0x480 [ 14.071636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.071924] kthread+0x337/0x6f0 [ 14.072280] ret_from_fork+0x116/0x1d0 [ 14.072653] ret_from_fork_asm+0x1a/0x30 [ 14.073149] [ 14.073322] Freed by task 248: [ 14.073631] kasan_save_stack+0x45/0x70 [ 14.074132] kasan_save_track+0x18/0x40 [ 14.074537] kasan_save_free_info+0x3f/0x60 [ 14.075054] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.075238] mempool_free+0x2ec/0x380 [ 14.075624] mempool_uaf_helper+0x11a/0x400 [ 14.076101] mempool_slab_uaf+0xea/0x140 [ 14.076281] kunit_try_run_case+0x1a5/0x480 [ 14.076696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.077230] kthread+0x337/0x6f0 [ 14.077356] ret_from_fork+0x116/0x1d0 [ 14.077489] ret_from_fork_asm+0x1a/0x30 [ 14.077628] [ 14.077700] The buggy address belongs to the object at ffff8881027af240 [ 14.077700] which belongs to the cache test_cache of size 123 [ 14.078078] The buggy address is located 0 bytes inside of [ 14.078078] freed 123-byte region [ffff8881027af240, ffff8881027af2bb) [ 14.078641] [ 14.078745] The buggy address belongs to the physical page: [ 14.079167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027af [ 14.079492] flags: 0x200000000000000(node=0|zone=2) [ 14.079755] page_type: f5(slab) [ 14.080063] raw: 0200000000000000 ffff8881027a4500 dead000000000122 0000000000000000 [ 14.080387] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.080725] page dumped because: kasan: bad access detected [ 14.081049] [ 14.081122] Memory state around the buggy address: [ 14.081345] ffff8881027af100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.081685] ffff8881027af180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.082054] >ffff8881027af200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 14.082388] ^ [ 14.082604] ffff8881027af280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.083154] ffff8881027af300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.083438] ================================================================== [ 13.990352] ================================================================== [ 13.991552] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.992553] Read of size 1 at addr ffff888102b0cd00 by task kunit_try_catch/244 [ 13.993153] [ 13.993247] CPU: 0 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.993294] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.993306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.993327] Call Trace: [ 13.993341] <TASK> [ 13.993358] dump_stack_lvl+0x73/0xb0 [ 13.993390] print_report+0xd1/0x650 [ 13.993413] ? __virt_addr_valid+0x1db/0x2d0 [ 13.993437] ? mempool_uaf_helper+0x392/0x400 [ 13.993459] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.993483] ? mempool_uaf_helper+0x392/0x400 [ 13.993506] kasan_report+0x141/0x180 [ 13.993528] ? mempool_uaf_helper+0x392/0x400 [ 13.993554] __asan_report_load1_noabort+0x18/0x20 [ 13.993580] mempool_uaf_helper+0x392/0x400 [ 13.993603] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.993628] ? __kasan_check_write+0x18/0x20 [ 13.993648] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.993671] ? finish_task_switch.isra.0+0x153/0x700 [ 13.993699] mempool_kmalloc_uaf+0xef/0x140 [ 13.993721] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 13.993747] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.993772] ? __pfx_mempool_kfree+0x10/0x10 [ 13.993806] ? __pfx_read_tsc+0x10/0x10 [ 13.993829] ? ktime_get_ts64+0x86/0x230 [ 13.993854] kunit_try_run_case+0x1a5/0x480 [ 13.993880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.993903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.993929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.993955] ? __kthread_parkme+0x82/0x180 [ 13.993977] ? preempt_count_sub+0x50/0x80 [ 13.994000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.994024] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.994059] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.994085] kthread+0x337/0x6f0 [ 13.994103] ? trace_preempt_on+0x20/0xc0 [ 13.994127] ? __pfx_kthread+0x10/0x10 [ 13.994148] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.994171] ? calculate_sigpending+0x7b/0xa0 [ 13.994196] ? __pfx_kthread+0x10/0x10 [ 13.994218] ret_from_fork+0x116/0x1d0 [ 13.994238] ? __pfx_kthread+0x10/0x10 [ 13.994258] ret_from_fork_asm+0x1a/0x30 [ 13.994291] </TASK> [ 13.994301] [ 14.002891] Allocated by task 244: [ 14.003074] kasan_save_stack+0x45/0x70 [ 14.003234] kasan_save_track+0x18/0x40 [ 14.003427] kasan_save_alloc_info+0x3b/0x50 [ 14.003637] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.003817] remove_element+0x11e/0x190 [ 14.003962] mempool_alloc_preallocated+0x4d/0x90 [ 14.004129] mempool_uaf_helper+0x96/0x400 [ 14.004308] mempool_kmalloc_uaf+0xef/0x140 [ 14.004509] kunit_try_run_case+0x1a5/0x480 [ 14.004712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.004960] kthread+0x337/0x6f0 [ 14.005201] ret_from_fork+0x116/0x1d0 [ 14.005340] ret_from_fork_asm+0x1a/0x30 [ 14.005479] [ 14.005548] Freed by task 244: [ 14.005706] kasan_save_stack+0x45/0x70 [ 14.005979] kasan_save_track+0x18/0x40 [ 14.006186] kasan_save_free_info+0x3f/0x60 [ 14.006394] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.006638] mempool_free+0x2ec/0x380 [ 14.006882] mempool_uaf_helper+0x11a/0x400 [ 14.007079] mempool_kmalloc_uaf+0xef/0x140 [ 14.007288] kunit_try_run_case+0x1a5/0x480 [ 14.007466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.007651] kthread+0x337/0x6f0 [ 14.007772] ret_from_fork+0x116/0x1d0 [ 14.008136] ret_from_fork_asm+0x1a/0x30 [ 14.008339] [ 14.008433] The buggy address belongs to the object at ffff888102b0cd00 [ 14.008433] which belongs to the cache kmalloc-128 of size 128 [ 14.009053] The buggy address is located 0 bytes inside of [ 14.009053] freed 128-byte region [ffff888102b0cd00, ffff888102b0cd80) [ 14.009571] [ 14.009649] The buggy address belongs to the physical page: [ 14.009822] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 14.010187] flags: 0x200000000000000(node=0|zone=2) [ 14.010420] page_type: f5(slab) [ 14.010582] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.010897] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.011265] page dumped because: kasan: bad access detected [ 14.011498] [ 14.011589] Memory state around the buggy address: [ 14.011850] ffff888102b0cc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.012141] ffff888102b0cc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.012461] >ffff888102b0cd00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.012696] ^ [ 14.012874] ffff888102b0cd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.013164] ffff888102b0ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.013480] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 13.925919] ================================================================== [ 13.926577] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.927054] Read of size 1 at addr ffff888102ad2001 by task kunit_try_catch/240 [ 13.927624] [ 13.927759] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.927804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.927914] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.927954] Call Trace: [ 13.927968] <TASK> [ 13.927984] dump_stack_lvl+0x73/0xb0 [ 13.928016] print_report+0xd1/0x650 [ 13.928052] ? __virt_addr_valid+0x1db/0x2d0 [ 13.928079] ? mempool_oob_right_helper+0x318/0x380 [ 13.928104] ? kasan_addr_to_slab+0x11/0xa0 [ 13.928127] ? mempool_oob_right_helper+0x318/0x380 [ 13.928153] kasan_report+0x141/0x180 [ 13.928175] ? mempool_oob_right_helper+0x318/0x380 [ 13.928204] __asan_report_load1_noabort+0x18/0x20 [ 13.928229] mempool_oob_right_helper+0x318/0x380 [ 13.928255] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.928281] ? __kasan_check_write+0x18/0x20 [ 13.928301] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.928324] ? finish_task_switch.isra.0+0x153/0x700 [ 13.928351] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 13.928376] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 13.928405] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.928429] ? __pfx_mempool_kfree+0x10/0x10 [ 13.928455] ? __pfx_read_tsc+0x10/0x10 [ 13.928478] ? ktime_get_ts64+0x86/0x230 [ 13.928503] kunit_try_run_case+0x1a5/0x480 [ 13.928527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.928550] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.928574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.928598] ? __kthread_parkme+0x82/0x180 [ 13.928618] ? preempt_count_sub+0x50/0x80 [ 13.928641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.928665] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.928690] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.928716] kthread+0x337/0x6f0 [ 13.928735] ? trace_preempt_on+0x20/0xc0 [ 13.928759] ? __pfx_kthread+0x10/0x10 [ 13.928781] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.928803] ? calculate_sigpending+0x7b/0xa0 [ 13.928906] ? __pfx_kthread+0x10/0x10 [ 13.928928] ret_from_fork+0x116/0x1d0 [ 13.928957] ? __pfx_kthread+0x10/0x10 [ 13.928978] ret_from_fork_asm+0x1a/0x30 [ 13.929008] </TASK> [ 13.929018] [ 13.941594] The buggy address belongs to the physical page: [ 13.942458] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 13.942799] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.943275] flags: 0x200000000000040(head|node=0|zone=2) [ 13.943538] page_type: f8(unknown) [ 13.943706] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.944450] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.944756] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.945278] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.945747] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 13.946281] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.946683] page dumped because: kasan: bad access detected [ 13.947124] [ 13.947326] Memory state around the buggy address: [ 13.947693] ffff888102ad1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.948274] ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.948596] >ffff888102ad2000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.949086] ^ [ 13.949422] ffff888102ad2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.949780] ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 13.950263] ================================================================== [ 13.897896] ================================================================== [ 13.898420] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.898767] Read of size 1 at addr ffff888102b0c973 by task kunit_try_catch/238 [ 13.899352] [ 13.899456] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.899507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.899520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.899544] Call Trace: [ 13.899557] <TASK> [ 13.899579] dump_stack_lvl+0x73/0xb0 [ 13.899612] print_report+0xd1/0x650 [ 13.899821] ? __virt_addr_valid+0x1db/0x2d0 [ 13.899850] ? mempool_oob_right_helper+0x318/0x380 [ 13.899875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.899900] ? mempool_oob_right_helper+0x318/0x380 [ 13.899924] kasan_report+0x141/0x180 [ 13.899953] ? mempool_oob_right_helper+0x318/0x380 [ 13.899981] __asan_report_load1_noabort+0x18/0x20 [ 13.900018] mempool_oob_right_helper+0x318/0x380 [ 13.900055] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.900226] ? __kasan_check_write+0x18/0x20 [ 13.900250] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.900275] ? finish_task_switch.isra.0+0x153/0x700 [ 13.900303] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.900327] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 13.900355] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.900381] ? __pfx_mempool_kfree+0x10/0x10 [ 13.900406] ? __pfx_read_tsc+0x10/0x10 [ 13.900430] ? ktime_get_ts64+0x86/0x230 [ 13.900456] kunit_try_run_case+0x1a5/0x480 [ 13.900483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.900506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.900531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.900555] ? __kthread_parkme+0x82/0x180 [ 13.900577] ? preempt_count_sub+0x50/0x80 [ 13.900600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.900624] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.900650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.900675] kthread+0x337/0x6f0 [ 13.900696] ? __pfx_kthread+0x10/0x10 [ 13.900715] ? recalc_sigpending+0x168/0x1f0 [ 13.900738] ? calculate_sigpending+0x7b/0xa0 [ 13.900761] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.900783] ? __x86_indirect_its_thunk_r15+0x80/0x80 [ 13.900810] ? __pfx_kthread+0x10/0x10 [ 13.900831] ret_from_fork+0x116/0x1d0 [ 13.900851] ? __pfx_kthread+0x10/0x10 [ 13.900871] ret_from_fork_asm+0x1a/0x30 [ 13.900903] </TASK> [ 13.900914] [ 13.913454] Allocated by task 238: [ 13.913640] kasan_save_stack+0x45/0x70 [ 13.913791] kasan_save_track+0x18/0x40 [ 13.913977] kasan_save_alloc_info+0x3b/0x50 [ 13.914244] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.914423] remove_element+0x11e/0x190 [ 13.914690] mempool_alloc_preallocated+0x4d/0x90 [ 13.915041] mempool_oob_right_helper+0x8a/0x380 [ 13.915230] mempool_kmalloc_oob_right+0xf2/0x150 [ 13.915465] kunit_try_run_case+0x1a5/0x480 [ 13.915643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.915959] kthread+0x337/0x6f0 [ 13.916110] ret_from_fork+0x116/0x1d0 [ 13.916289] ret_from_fork_asm+0x1a/0x30 [ 13.916430] [ 13.916500] The buggy address belongs to the object at ffff888102b0c900 [ 13.916500] which belongs to the cache kmalloc-128 of size 128 [ 13.917099] The buggy address is located 0 bytes to the right of [ 13.917099] allocated 115-byte region [ffff888102b0c900, ffff888102b0c973) [ 13.917778] [ 13.917924] The buggy address belongs to the physical page: [ 13.918367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 13.918652] flags: 0x200000000000000(node=0|zone=2) [ 13.918905] page_type: f5(slab) [ 13.919084] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.919339] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.919642] page dumped because: kasan: bad access detected [ 13.919889] [ 13.919980] Memory state around the buggy address: [ 13.920174] ffff888102b0c800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.920493] ffff888102b0c880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.920727] >ffff888102b0c900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.920995] ^ [ 13.921310] ffff888102b0c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.921710] ffff888102b0ca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.922064] ================================================================== [ 13.954754] ================================================================== [ 13.955561] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 13.956166] Read of size 1 at addr ffff8881027ad2bb by task kunit_try_catch/242 [ 13.956672] [ 13.956815] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.957020] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.957051] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.957073] Call Trace: [ 13.957086] <TASK> [ 13.957104] dump_stack_lvl+0x73/0xb0 [ 13.957139] print_report+0xd1/0x650 [ 13.957161] ? __virt_addr_valid+0x1db/0x2d0 [ 13.957186] ? mempool_oob_right_helper+0x318/0x380 [ 13.957210] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.957233] ? mempool_oob_right_helper+0x318/0x380 [ 13.957257] kasan_report+0x141/0x180 [ 13.957279] ? mempool_oob_right_helper+0x318/0x380 [ 13.957307] __asan_report_load1_noabort+0x18/0x20 [ 13.957332] mempool_oob_right_helper+0x318/0x380 [ 13.957357] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 13.957385] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.957409] ? finish_task_switch.isra.0+0x153/0x700 [ 13.957435] mempool_slab_oob_right+0xed/0x140 [ 13.957460] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 13.957488] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.957513] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.957540] ? __pfx_read_tsc+0x10/0x10 [ 13.957561] ? ktime_get_ts64+0x86/0x230 [ 13.957585] kunit_try_run_case+0x1a5/0x480 [ 13.957611] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.957634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.957658] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.957682] ? __kthread_parkme+0x82/0x180 [ 13.957703] ? preempt_count_sub+0x50/0x80 [ 13.957726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.957751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.957775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.957801] kthread+0x337/0x6f0 [ 13.957912] ? trace_preempt_on+0x20/0xc0 [ 13.957939] ? __pfx_kthread+0x10/0x10 [ 13.957959] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.957981] ? calculate_sigpending+0x7b/0xa0 [ 13.958006] ? __pfx_kthread+0x10/0x10 [ 13.958040] ret_from_fork+0x116/0x1d0 [ 13.958058] ? __pfx_kthread+0x10/0x10 [ 13.958080] ret_from_fork_asm+0x1a/0x30 [ 13.958111] </TASK> [ 13.958122] [ 13.970525] Allocated by task 242: [ 13.970683] kasan_save_stack+0x45/0x70 [ 13.971127] kasan_save_track+0x18/0x40 [ 13.971451] kasan_save_alloc_info+0x3b/0x50 [ 13.971696] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.972171] remove_element+0x11e/0x190 [ 13.972490] mempool_alloc_preallocated+0x4d/0x90 [ 13.972734] mempool_oob_right_helper+0x8a/0x380 [ 13.973208] mempool_slab_oob_right+0xed/0x140 [ 13.973431] kunit_try_run_case+0x1a5/0x480 [ 13.973706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.974186] kthread+0x337/0x6f0 [ 13.974325] ret_from_fork+0x116/0x1d0 [ 13.974693] ret_from_fork_asm+0x1a/0x30 [ 13.974908] [ 13.975109] The buggy address belongs to the object at ffff8881027ad240 [ 13.975109] which belongs to the cache test_cache of size 123 [ 13.975576] The buggy address is located 0 bytes to the right of [ 13.975576] allocated 123-byte region [ffff8881027ad240, ffff8881027ad2bb) [ 13.976438] [ 13.976542] The buggy address belongs to the physical page: [ 13.977055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027ad [ 13.977520] flags: 0x200000000000000(node=0|zone=2) [ 13.977821] page_type: f5(slab) [ 13.978194] raw: 0200000000000000 ffff8881027a43c0 dead000000000122 0000000000000000 [ 13.978478] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.978711] page dumped because: kasan: bad access detected [ 13.978895] [ 13.978967] Memory state around the buggy address: [ 13.979243] ffff8881027ad180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.979737] ffff8881027ad200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 13.980444] >ffff8881027ad280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 13.980948] ^ [ 13.981331] ffff8881027ad300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.981549] ffff8881027ad380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.981763] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 13.331703] ================================================================== [ 13.332331] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 13.332654] Read of size 1 at addr ffff8881027a4140 by task kunit_try_catch/232 [ 13.332936] [ 13.333241] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.333317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.333330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.333351] Call Trace: [ 13.333363] <TASK> [ 13.333380] dump_stack_lvl+0x73/0xb0 [ 13.333413] print_report+0xd1/0x650 [ 13.333435] ? __virt_addr_valid+0x1db/0x2d0 [ 13.333481] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.333506] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.333529] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.333554] kasan_report+0x141/0x180 [ 13.333575] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.333603] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.333629] __kasan_check_byte+0x3d/0x50 [ 13.333650] kmem_cache_destroy+0x25/0x1d0 [ 13.333675] kmem_cache_double_destroy+0x1bf/0x380 [ 13.333700] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 13.333743] ? finish_task_switch.isra.0+0x153/0x700 [ 13.333768] ? __switch_to+0x47/0xf50 [ 13.333796] ? __pfx_read_tsc+0x10/0x10 [ 13.333818] ? ktime_get_ts64+0x86/0x230 [ 13.333842] kunit_try_run_case+0x1a5/0x480 [ 13.333868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.333915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.333957] ? __kthread_parkme+0x82/0x180 [ 13.334000] ? preempt_count_sub+0x50/0x80 [ 13.334024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.334060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.334085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.334111] kthread+0x337/0x6f0 [ 13.334129] ? trace_preempt_on+0x20/0xc0 [ 13.334152] ? __pfx_kthread+0x10/0x10 [ 13.334172] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.334194] ? calculate_sigpending+0x7b/0xa0 [ 13.334217] ? __pfx_kthread+0x10/0x10 [ 13.334239] ret_from_fork+0x116/0x1d0 [ 13.334258] ? __pfx_kthread+0x10/0x10 [ 13.334277] ret_from_fork_asm+0x1a/0x30 [ 13.334309] </TASK> [ 13.334319] [ 13.345357] Allocated by task 232: [ 13.345531] kasan_save_stack+0x45/0x70 [ 13.345966] kasan_save_track+0x18/0x40 [ 13.346315] kasan_save_alloc_info+0x3b/0x50 [ 13.346519] __kasan_slab_alloc+0x91/0xa0 [ 13.346701] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.347196] __kmem_cache_create_args+0x169/0x240 [ 13.347391] kmem_cache_double_destroy+0xd5/0x380 [ 13.347849] kunit_try_run_case+0x1a5/0x480 [ 13.348236] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.348490] kthread+0x337/0x6f0 [ 13.348901] ret_from_fork+0x116/0x1d0 [ 13.349179] ret_from_fork_asm+0x1a/0x30 [ 13.349578] [ 13.349776] Freed by task 232: [ 13.349906] kasan_save_stack+0x45/0x70 [ 13.351475] kasan_save_track+0x18/0x40 [ 13.352139] kasan_save_free_info+0x3f/0x60 [ 13.352691] __kasan_slab_free+0x56/0x70 [ 13.353154] kmem_cache_free+0x249/0x420 [ 13.353408] slab_kmem_cache_release+0x2e/0x40 [ 13.353618] kmem_cache_release+0x16/0x20 [ 13.353780] kobject_put+0x181/0x450 [ 13.353980] sysfs_slab_release+0x16/0x20 [ 13.354638] kmem_cache_destroy+0xf0/0x1d0 [ 13.354867] kmem_cache_double_destroy+0x14e/0x380 [ 13.355338] kunit_try_run_case+0x1a5/0x480 [ 13.355626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.356050] kthread+0x337/0x6f0 [ 13.356333] ret_from_fork+0x116/0x1d0 [ 13.356639] ret_from_fork_asm+0x1a/0x30 [ 13.357013] [ 13.357131] The buggy address belongs to the object at ffff8881027a4140 [ 13.357131] which belongs to the cache kmem_cache of size 208 [ 13.357601] The buggy address is located 0 bytes inside of [ 13.357601] freed 208-byte region [ffff8881027a4140, ffff8881027a4210) [ 13.358422] [ 13.358517] The buggy address belongs to the physical page: [ 13.358756] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a4 [ 13.359230] flags: 0x200000000000000(node=0|zone=2) [ 13.359611] page_type: f5(slab) [ 13.359759] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 13.360353] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 13.360680] page dumped because: kasan: bad access detected [ 13.361109] [ 13.361201] Memory state around the buggy address: [ 13.361398] ffff8881027a4000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.361678] ffff8881027a4080: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 13.362063] >ffff8881027a4100: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.362304] ^ [ 13.362730] ffff8881027a4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.363007] ffff8881027a4200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.363415] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 13.285002] ================================================================== [ 13.285477] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.285722] Read of size 1 at addr ffff888103a0f000 by task kunit_try_catch/230 [ 13.286780] [ 13.287131] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.287201] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.287215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.287238] Call Trace: [ 13.287251] <TASK> [ 13.287269] dump_stack_lvl+0x73/0xb0 [ 13.287304] print_report+0xd1/0x650 [ 13.287328] ? __virt_addr_valid+0x1db/0x2d0 [ 13.287352] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.287375] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.287399] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.287423] kasan_report+0x141/0x180 [ 13.287444] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.287472] __asan_report_load1_noabort+0x18/0x20 [ 13.287496] kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.287520] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 13.287543] ? finish_task_switch.isra.0+0x153/0x700 [ 13.287568] ? __switch_to+0x47/0xf50 [ 13.287598] ? __pfx_read_tsc+0x10/0x10 [ 13.287620] ? ktime_get_ts64+0x86/0x230 [ 13.287647] kunit_try_run_case+0x1a5/0x480 [ 13.287672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.287695] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.287720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.287744] ? __kthread_parkme+0x82/0x180 [ 13.287764] ? preempt_count_sub+0x50/0x80 [ 13.287787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.287811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.287835] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.287860] kthread+0x337/0x6f0 [ 13.287879] ? trace_preempt_on+0x20/0xc0 [ 13.287903] ? __pfx_kthread+0x10/0x10 [ 13.287923] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.288103] ? calculate_sigpending+0x7b/0xa0 [ 13.288131] ? __pfx_kthread+0x10/0x10 [ 13.288165] ret_from_fork+0x116/0x1d0 [ 13.288185] ? __pfx_kthread+0x10/0x10 [ 13.288238] ret_from_fork_asm+0x1a/0x30 [ 13.288272] </TASK> [ 13.288283] [ 13.297630] Allocated by task 230: [ 13.297968] kasan_save_stack+0x45/0x70 [ 13.298298] kasan_save_track+0x18/0x40 [ 13.298448] kasan_save_alloc_info+0x3b/0x50 [ 13.298668] __kasan_slab_alloc+0x91/0xa0 [ 13.298860] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.299319] kmem_cache_rcu_uaf+0x155/0x510 [ 13.299617] kunit_try_run_case+0x1a5/0x480 [ 13.299819] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.300186] kthread+0x337/0x6f0 [ 13.300367] ret_from_fork+0x116/0x1d0 [ 13.300686] ret_from_fork_asm+0x1a/0x30 [ 13.300976] [ 13.301090] Freed by task 0: [ 13.301358] kasan_save_stack+0x45/0x70 [ 13.301531] kasan_save_track+0x18/0x40 [ 13.301713] kasan_save_free_info+0x3f/0x60 [ 13.301897] __kasan_slab_free+0x56/0x70 [ 13.302364] slab_free_after_rcu_debug+0xe4/0x310 [ 13.302557] rcu_core+0x66f/0x1c40 [ 13.302854] rcu_core_si+0x12/0x20 [ 13.303180] handle_softirqs+0x209/0x730 [ 13.303461] __irq_exit_rcu+0xc9/0x110 [ 13.303730] irq_exit_rcu+0x12/0x20 [ 13.303878] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.304304] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.304646] [ 13.304726] Last potentially related work creation: [ 13.305094] kasan_save_stack+0x45/0x70 [ 13.305382] kasan_record_aux_stack+0xb2/0xc0 [ 13.305667] kmem_cache_free+0x131/0x420 [ 13.305856] kmem_cache_rcu_uaf+0x194/0x510 [ 13.306226] kunit_try_run_case+0x1a5/0x480 [ 13.306441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.306679] kthread+0x337/0x6f0 [ 13.306837] ret_from_fork+0x116/0x1d0 [ 13.307255] ret_from_fork_asm+0x1a/0x30 [ 13.307529] [ 13.307609] The buggy address belongs to the object at ffff888103a0f000 [ 13.307609] which belongs to the cache test_cache of size 200 [ 13.308398] The buggy address is located 0 bytes inside of [ 13.308398] freed 200-byte region [ffff888103a0f000, ffff888103a0f0c8) [ 13.309016] [ 13.309129] The buggy address belongs to the physical page: [ 13.309502] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0f [ 13.309906] flags: 0x200000000000000(node=0|zone=2) [ 13.310318] page_type: f5(slab) [ 13.310457] raw: 0200000000000000 ffff888101654c80 dead000000000122 0000000000000000 [ 13.310787] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.311294] page dumped because: kasan: bad access detected [ 13.311617] [ 13.311718] Memory state around the buggy address: [ 13.312185] ffff888103a0ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.312597] ffff888103a0ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.312975] >ffff888103a0f000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.313390] ^ [ 13.313514] ffff888103a0f080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.313896] ffff888103a0f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.314407] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 13.216408] ================================================================== [ 13.216873] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.217385] Free of addr ffff8881027a6001 by task kunit_try_catch/228 [ 13.218164] [ 13.218468] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.218515] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.218526] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.218546] Call Trace: [ 13.218558] <TASK> [ 13.218575] dump_stack_lvl+0x73/0xb0 [ 13.218606] print_report+0xd1/0x650 [ 13.218627] ? __virt_addr_valid+0x1db/0x2d0 [ 13.218651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.218674] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.218699] kasan_report_invalid_free+0x10a/0x130 [ 13.218723] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.218749] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.218774] check_slab_allocation+0x11f/0x130 [ 13.218818] __kasan_slab_pre_free+0x28/0x40 [ 13.218840] kmem_cache_free+0xed/0x420 [ 13.218860] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.218880] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.218907] kmem_cache_invalid_free+0x1d8/0x460 [ 13.218949] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.218973] ? finish_task_switch.isra.0+0x153/0x700 [ 13.219043] ? __switch_to+0x47/0xf50 [ 13.219072] ? __pfx_read_tsc+0x10/0x10 [ 13.219109] ? ktime_get_ts64+0x86/0x230 [ 13.219134] kunit_try_run_case+0x1a5/0x480 [ 13.219159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.219181] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.219205] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.219228] ? __kthread_parkme+0x82/0x180 [ 13.219249] ? preempt_count_sub+0x50/0x80 [ 13.219272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.219295] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.219319] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.219344] kthread+0x337/0x6f0 [ 13.219362] ? trace_preempt_on+0x20/0xc0 [ 13.219385] ? __pfx_kthread+0x10/0x10 [ 13.219405] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.219426] ? calculate_sigpending+0x7b/0xa0 [ 13.219450] ? __pfx_kthread+0x10/0x10 [ 13.219471] ret_from_fork+0x116/0x1d0 [ 13.219489] ? __pfx_kthread+0x10/0x10 [ 13.219508] ret_from_fork_asm+0x1a/0x30 [ 13.219539] </TASK> [ 13.219549] [ 13.236073] Allocated by task 228: [ 13.236269] kasan_save_stack+0x45/0x70 [ 13.236424] kasan_save_track+0x18/0x40 [ 13.236767] kasan_save_alloc_info+0x3b/0x50 [ 13.237215] __kasan_slab_alloc+0x91/0xa0 [ 13.237797] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.238298] kmem_cache_invalid_free+0x157/0x460 [ 13.238690] kunit_try_run_case+0x1a5/0x480 [ 13.238831] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.239057] kthread+0x337/0x6f0 [ 13.239412] ret_from_fork+0x116/0x1d0 [ 13.239758] ret_from_fork_asm+0x1a/0x30 [ 13.240167] [ 13.240369] The buggy address belongs to the object at ffff8881027a6000 [ 13.240369] which belongs to the cache test_cache of size 200 [ 13.241599] The buggy address is located 1 bytes inside of [ 13.241599] 200-byte region [ffff8881027a6000, ffff8881027a60c8) [ 13.242364] [ 13.242435] The buggy address belongs to the physical page: [ 13.242602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027a6 [ 13.242850] flags: 0x200000000000000(node=0|zone=2) [ 13.243014] page_type: f5(slab) [ 13.243141] raw: 0200000000000000 ffff8881027a4000 dead000000000122 0000000000000000 [ 13.243536] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.243879] page dumped because: kasan: bad access detected [ 13.244145] [ 13.244214] Memory state around the buggy address: [ 13.244388] ffff8881027a5f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.244707] ffff8881027a5f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.245213] >ffff8881027a6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.245834] ^ [ 13.246074] ffff8881027a6080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.246373] ffff8881027a6100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.246679] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 13.168670] ================================================================== [ 13.169734] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.170904] Free of addr ffff888103a0b000 by task kunit_try_catch/226 [ 13.171709] [ 13.171972] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.172286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.172300] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.172319] Call Trace: [ 13.172331] <TASK> [ 13.172346] dump_stack_lvl+0x73/0xb0 [ 13.172377] print_report+0xd1/0x650 [ 13.172399] ? __virt_addr_valid+0x1db/0x2d0 [ 13.172423] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.172445] ? kmem_cache_double_free+0x1e5/0x480 [ 13.172470] kasan_report_invalid_free+0x10a/0x130 [ 13.172494] ? kmem_cache_double_free+0x1e5/0x480 [ 13.172520] ? kmem_cache_double_free+0x1e5/0x480 [ 13.172544] check_slab_allocation+0x101/0x130 [ 13.172566] __kasan_slab_pre_free+0x28/0x40 [ 13.172587] kmem_cache_free+0xed/0x420 [ 13.172606] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.172628] ? kmem_cache_double_free+0x1e5/0x480 [ 13.172655] kmem_cache_double_free+0x1e5/0x480 [ 13.172679] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.172703] ? finish_task_switch.isra.0+0x153/0x700 [ 13.172726] ? __switch_to+0x47/0xf50 [ 13.172752] ? __pfx_read_tsc+0x10/0x10 [ 13.172773] ? ktime_get_ts64+0x86/0x230 [ 13.172797] kunit_try_run_case+0x1a5/0x480 [ 13.172906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.172943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.172968] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.172992] ? __kthread_parkme+0x82/0x180 [ 13.173012] ? preempt_count_sub+0x50/0x80 [ 13.173046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.173070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.173096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.173122] kthread+0x337/0x6f0 [ 13.173142] ? trace_preempt_on+0x20/0xc0 [ 13.173166] ? __pfx_kthread+0x10/0x10 [ 13.173186] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.173208] ? calculate_sigpending+0x7b/0xa0 [ 13.173231] ? __pfx_kthread+0x10/0x10 [ 13.173252] ret_from_fork+0x116/0x1d0 [ 13.173269] ? __pfx_kthread+0x10/0x10 [ 13.173291] ret_from_fork_asm+0x1a/0x30 [ 13.173321] </TASK> [ 13.173331] [ 13.190403] Allocated by task 226: [ 13.190863] kasan_save_stack+0x45/0x70 [ 13.191361] kasan_save_track+0x18/0x40 [ 13.191756] kasan_save_alloc_info+0x3b/0x50 [ 13.192232] __kasan_slab_alloc+0x91/0xa0 [ 13.192404] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.192562] kmem_cache_double_free+0x14f/0x480 [ 13.192721] kunit_try_run_case+0x1a5/0x480 [ 13.192871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.193632] kthread+0x337/0x6f0 [ 13.194116] ret_from_fork+0x116/0x1d0 [ 13.194564] ret_from_fork_asm+0x1a/0x30 [ 13.195121] [ 13.195418] Freed by task 226: [ 13.195823] kasan_save_stack+0x45/0x70 [ 13.196492] kasan_save_track+0x18/0x40 [ 13.196876] kasan_save_free_info+0x3f/0x60 [ 13.197446] __kasan_slab_free+0x56/0x70 [ 13.197599] kmem_cache_free+0x249/0x420 [ 13.198186] kmem_cache_double_free+0x16a/0x480 [ 13.198755] kunit_try_run_case+0x1a5/0x480 [ 13.199231] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.199622] kthread+0x337/0x6f0 [ 13.199754] ret_from_fork+0x116/0x1d0 [ 13.200157] ret_from_fork_asm+0x1a/0x30 [ 13.200713] [ 13.201047] The buggy address belongs to the object at ffff888103a0b000 [ 13.201047] which belongs to the cache test_cache of size 200 [ 13.202470] The buggy address is located 0 bytes inside of [ 13.202470] 200-byte region [ffff888103a0b000, ffff888103a0b0c8) [ 13.203344] [ 13.203455] The buggy address belongs to the physical page: [ 13.204053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0b [ 13.204308] flags: 0x200000000000000(node=0|zone=2) [ 13.204473] page_type: f5(slab) [ 13.204593] raw: 0200000000000000 ffff888101654b40 dead000000000122 0000000000000000 [ 13.204882] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.205639] page dumped because: kasan: bad access detected [ 13.206124] [ 13.206304] Memory state around the buggy address: [ 13.206556] ffff888103a0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.206774] ffff888103a0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.207543] >ffff888103a0b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.208368] ^ [ 13.208717] ffff888103a0b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.209156] ffff888103a0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.209665] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 13.126797] ================================================================== [ 13.127260] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 13.127494] Read of size 1 at addr ffff888103a090c8 by task kunit_try_catch/224 [ 13.127715] [ 13.127805] CPU: 0 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.127850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.127862] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.127882] Call Trace: [ 13.127894] <TASK> [ 13.127911] dump_stack_lvl+0x73/0xb0 [ 13.127959] print_report+0xd1/0x650 [ 13.128284] ? __virt_addr_valid+0x1db/0x2d0 [ 13.128323] ? kmem_cache_oob+0x402/0x530 [ 13.128346] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.128369] ? kmem_cache_oob+0x402/0x530 [ 13.128392] kasan_report+0x141/0x180 [ 13.128413] ? kmem_cache_oob+0x402/0x530 [ 13.128447] __asan_report_load1_noabort+0x18/0x20 [ 13.128471] kmem_cache_oob+0x402/0x530 [ 13.128492] ? trace_hardirqs_on+0x37/0xe0 [ 13.128516] ? __pfx_kmem_cache_oob+0x10/0x10 [ 13.128539] ? finish_task_switch.isra.0+0x153/0x700 [ 13.128562] ? __switch_to+0x47/0xf50 [ 13.128590] ? __pfx_read_tsc+0x10/0x10 [ 13.128611] ? ktime_get_ts64+0x86/0x230 [ 13.128679] kunit_try_run_case+0x1a5/0x480 [ 13.128705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.129129] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.129163] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.129188] ? __kthread_parkme+0x82/0x180 [ 13.129209] ? preempt_count_sub+0x50/0x80 [ 13.129233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.129259] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.129284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.129309] kthread+0x337/0x6f0 [ 13.129327] ? trace_preempt_on+0x20/0xc0 [ 13.129349] ? __pfx_kthread+0x10/0x10 [ 13.129369] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.129390] ? calculate_sigpending+0x7b/0xa0 [ 13.129414] ? __pfx_kthread+0x10/0x10 [ 13.129435] ret_from_fork+0x116/0x1d0 [ 13.129453] ? __pfx_kthread+0x10/0x10 [ 13.129472] ret_from_fork_asm+0x1a/0x30 [ 13.129503] </TASK> [ 13.129513] [ 13.142738] Allocated by task 224: [ 13.143214] kasan_save_stack+0x45/0x70 [ 13.143574] kasan_save_track+0x18/0x40 [ 13.143779] kasan_save_alloc_info+0x3b/0x50 [ 13.144279] __kasan_slab_alloc+0x91/0xa0 [ 13.144608] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.144786] kmem_cache_oob+0x157/0x530 [ 13.145221] kunit_try_run_case+0x1a5/0x480 [ 13.145423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.145786] kthread+0x337/0x6f0 [ 13.146111] ret_from_fork+0x116/0x1d0 [ 13.146513] ret_from_fork_asm+0x1a/0x30 [ 13.146667] [ 13.146994] The buggy address belongs to the object at ffff888103a09000 [ 13.146994] which belongs to the cache test_cache of size 200 [ 13.147773] The buggy address is located 0 bytes to the right of [ 13.147773] allocated 200-byte region [ffff888103a09000, ffff888103a090c8) [ 13.148944] [ 13.149022] The buggy address belongs to the physical page: [ 13.149614] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a09 [ 13.150455] flags: 0x200000000000000(node=0|zone=2) [ 13.150626] page_type: f5(slab) [ 13.150745] raw: 0200000000000000 ffff888101654a00 dead000000000122 0000000000000000 [ 13.151007] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.151532] page dumped because: kasan: bad access detected [ 13.151732] [ 13.151805] Memory state around the buggy address: [ 13.152156] ffff888103a08f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.152499] ffff888103a09000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.152784] >ffff888103a09080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.153156] ^ [ 13.153331] ffff888103a09100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.153633] ffff888103a09180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.154110] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 13.086858] ================================================================== [ 13.087623] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 13.087907] Read of size 8 at addr ffff88810279cfc0 by task kunit_try_catch/217 [ 13.088353] [ 13.088469] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.088513] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.088524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.088543] Call Trace: [ 13.088555] <TASK> [ 13.088570] dump_stack_lvl+0x73/0xb0 [ 13.088599] print_report+0xd1/0x650 [ 13.088620] ? __virt_addr_valid+0x1db/0x2d0 [ 13.088664] ? workqueue_uaf+0x4d6/0x560 [ 13.088685] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.088708] ? workqueue_uaf+0x4d6/0x560 [ 13.088729] kasan_report+0x141/0x180 [ 13.088750] ? workqueue_uaf+0x4d6/0x560 [ 13.088776] __asan_report_load8_noabort+0x18/0x20 [ 13.088801] workqueue_uaf+0x4d6/0x560 [ 13.088822] ? __pfx_workqueue_uaf+0x10/0x10 [ 13.088844] ? __schedule+0x10cc/0x2b60 [ 13.088917] ? __pfx_read_tsc+0x10/0x10 [ 13.088972] ? ktime_get_ts64+0x86/0x230 [ 13.088997] kunit_try_run_case+0x1a5/0x480 [ 13.089021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.089054] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.089078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.089102] ? __kthread_parkme+0x82/0x180 [ 13.089122] ? preempt_count_sub+0x50/0x80 [ 13.089145] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.089170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.089194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.089221] kthread+0x337/0x6f0 [ 13.089241] ? trace_preempt_on+0x20/0xc0 [ 13.089265] ? __pfx_kthread+0x10/0x10 [ 13.089285] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.089307] ? calculate_sigpending+0x7b/0xa0 [ 13.089331] ? __pfx_kthread+0x10/0x10 [ 13.089351] ret_from_fork+0x116/0x1d0 [ 13.089369] ? __pfx_kthread+0x10/0x10 [ 13.089389] ret_from_fork_asm+0x1a/0x30 [ 13.089419] </TASK> [ 13.089429] [ 13.099164] Allocated by task 217: [ 13.099312] kasan_save_stack+0x45/0x70 [ 13.099587] kasan_save_track+0x18/0x40 [ 13.099779] kasan_save_alloc_info+0x3b/0x50 [ 13.100059] __kasan_kmalloc+0xb7/0xc0 [ 13.100322] __kmalloc_cache_noprof+0x189/0x420 [ 13.100542] workqueue_uaf+0x152/0x560 [ 13.100689] kunit_try_run_case+0x1a5/0x480 [ 13.101056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.101350] kthread+0x337/0x6f0 [ 13.101494] ret_from_fork+0x116/0x1d0 [ 13.101700] ret_from_fork_asm+0x1a/0x30 [ 13.101893] [ 13.101985] Freed by task 44: [ 13.102162] kasan_save_stack+0x45/0x70 [ 13.102295] kasan_save_track+0x18/0x40 [ 13.102644] kasan_save_free_info+0x3f/0x60 [ 13.103087] __kasan_slab_free+0x56/0x70 [ 13.103305] kfree+0x222/0x3f0 [ 13.103530] workqueue_uaf_work+0x12/0x20 [ 13.103791] process_one_work+0x5ee/0xf60 [ 13.103935] worker_thread+0x758/0x1220 [ 13.104659] kthread+0x337/0x6f0 [ 13.104862] ret_from_fork+0x116/0x1d0 [ 13.105278] ret_from_fork_asm+0x1a/0x30 [ 13.105498] [ 13.105588] Last potentially related work creation: [ 13.105793] kasan_save_stack+0x45/0x70 [ 13.106202] kasan_record_aux_stack+0xb2/0xc0 [ 13.106554] __queue_work+0x626/0xeb0 [ 13.106923] queue_work_on+0xb6/0xc0 [ 13.107360] workqueue_uaf+0x26d/0x560 [ 13.107545] kunit_try_run_case+0x1a5/0x480 [ 13.107742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.108292] kthread+0x337/0x6f0 [ 13.108584] ret_from_fork+0x116/0x1d0 [ 13.109005] ret_from_fork_asm+0x1a/0x30 [ 13.109225] [ 13.109315] The buggy address belongs to the object at ffff88810279cfc0 [ 13.109315] which belongs to the cache kmalloc-32 of size 32 [ 13.109791] The buggy address is located 0 bytes inside of [ 13.109791] freed 32-byte region [ffff88810279cfc0, ffff88810279cfe0) [ 13.110770] [ 13.111096] The buggy address belongs to the physical page: [ 13.111561] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10279c [ 13.112205] flags: 0x200000000000000(node=0|zone=2) [ 13.112433] page_type: f5(slab) [ 13.112583] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.113389] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.113902] page dumped because: kasan: bad access detected [ 13.114137] [ 13.114226] Memory state around the buggy address: [ 13.114435] ffff88810279ce80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.114720] ffff88810279cf00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.115372] >ffff88810279cf80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.115653] ^ [ 13.116265] ffff88810279d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.116569] ffff88810279d080: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.116951] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 13.042919] ================================================================== [ 13.043406] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 13.043730] Read of size 4 at addr ffff88810279cf40 by task swapper/1/0 [ 13.044057] [ 13.044159] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.044309] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.044327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.044347] Call Trace: [ 13.044377] <IRQ> [ 13.044392] dump_stack_lvl+0x73/0xb0 [ 13.044424] print_report+0xd1/0x650 [ 13.044446] ? __virt_addr_valid+0x1db/0x2d0 [ 13.044469] ? rcu_uaf_reclaim+0x50/0x60 [ 13.044489] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.044536] ? rcu_uaf_reclaim+0x50/0x60 [ 13.044558] kasan_report+0x141/0x180 [ 13.044579] ? rcu_uaf_reclaim+0x50/0x60 [ 13.044603] __asan_report_load4_noabort+0x18/0x20 [ 13.044627] rcu_uaf_reclaim+0x50/0x60 [ 13.044647] rcu_core+0x66f/0x1c40 [ 13.044674] ? __pfx_rcu_core+0x10/0x10 [ 13.044695] ? ktime_get+0x6b/0x150 [ 13.044735] ? handle_softirqs+0x18e/0x730 [ 13.044760] rcu_core_si+0x12/0x20 [ 13.044780] handle_softirqs+0x209/0x730 [ 13.044799] ? hrtimer_interrupt+0x2fe/0x780 [ 13.044879] ? __pfx_handle_softirqs+0x10/0x10 [ 13.044926] __irq_exit_rcu+0xc9/0x110 [ 13.044948] irq_exit_rcu+0x12/0x20 [ 13.044968] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.044994] </IRQ> [ 13.045023] <TASK> [ 13.045046] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.045136] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 13.045356] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d e3 81 21 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 13.045436] RSP: 0000:ffff888100877dc8 EFLAGS: 00010216 [ 13.045519] RAX: ffff8881a6f72000 RBX: ffff888100853000 RCX: ffffffffb1c74105 [ 13.045563] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 000000000001271c [ 13.045606] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 13.045646] R10: ffff88815b130c53 R11: 00000000000e2800 R12: 0000000000000001 [ 13.045687] R13: ffffed102010a600 R14: ffffffffb39b1490 R15: 0000000000000000 [ 13.045741] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 13.045905] ? default_idle+0xd/0x20 [ 13.045930] arch_cpu_idle+0xd/0x20 [ 13.045951] default_idle_call+0x48/0x80 [ 13.045970] do_idle+0x379/0x4f0 [ 13.045992] ? complete+0x15b/0x1d0 [ 13.046009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.046045] ? __pfx_do_idle+0x10/0x10 [ 13.046066] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 13.046089] ? complete+0x15b/0x1d0 [ 13.046110] cpu_startup_entry+0x5c/0x70 [ 13.046129] start_secondary+0x211/0x290 [ 13.046151] ? __pfx_start_secondary+0x10/0x10 [ 13.046176] common_startup_64+0x13e/0x148 [ 13.046208] </TASK> [ 13.046218] [ 13.062216] Allocated by task 215: [ 13.062393] kasan_save_stack+0x45/0x70 [ 13.062672] kasan_save_track+0x18/0x40 [ 13.062994] kasan_save_alloc_info+0x3b/0x50 [ 13.063230] __kasan_kmalloc+0xb7/0xc0 [ 13.063666] __kmalloc_cache_noprof+0x189/0x420 [ 13.064344] rcu_uaf+0xb0/0x330 [ 13.064756] kunit_try_run_case+0x1a5/0x480 [ 13.065322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.065511] kthread+0x337/0x6f0 [ 13.065634] ret_from_fork+0x116/0x1d0 [ 13.065766] ret_from_fork_asm+0x1a/0x30 [ 13.066229] [ 13.066563] Freed by task 0: [ 13.066702] kasan_save_stack+0x45/0x70 [ 13.066855] kasan_save_track+0x18/0x40 [ 13.067185] kasan_save_free_info+0x3f/0x60 [ 13.067457] __kasan_slab_free+0x56/0x70 [ 13.067663] kfree+0x222/0x3f0 [ 13.067827] rcu_uaf_reclaim+0x1f/0x60 [ 13.068108] rcu_core+0x66f/0x1c40 [ 13.068240] rcu_core_si+0x12/0x20 [ 13.068416] handle_softirqs+0x209/0x730 [ 13.068609] __irq_exit_rcu+0xc9/0x110 [ 13.068806] irq_exit_rcu+0x12/0x20 [ 13.069249] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.069463] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.069686] [ 13.069801] Last potentially related work creation: [ 13.070653] kasan_save_stack+0x45/0x70 [ 13.070875] kasan_record_aux_stack+0xb2/0xc0 [ 13.071203] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 13.071660] call_rcu+0x12/0x20 [ 13.071953] rcu_uaf+0x168/0x330 [ 13.072103] kunit_try_run_case+0x1a5/0x480 [ 13.072334] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.072795] kthread+0x337/0x6f0 [ 13.073186] ret_from_fork+0x116/0x1d0 [ 13.073401] ret_from_fork_asm+0x1a/0x30 [ 13.073567] [ 13.073668] The buggy address belongs to the object at ffff88810279cf40 [ 13.073668] which belongs to the cache kmalloc-32 of size 32 [ 13.074567] The buggy address is located 0 bytes inside of [ 13.074567] freed 32-byte region [ffff88810279cf40, ffff88810279cf60) [ 13.075488] [ 13.075760] The buggy address belongs to the physical page: [ 13.076301] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10279c [ 13.076655] flags: 0x200000000000000(node=0|zone=2) [ 13.076910] page_type: f5(slab) [ 13.077370] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.077780] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.078377] page dumped because: kasan: bad access detected [ 13.078839] [ 13.078985] Memory state around the buggy address: [ 13.079395] ffff88810279ce00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.079806] ffff88810279ce80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.080505] >ffff88810279cf00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.080860] ^ [ 13.081178] ffff88810279cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.081493] ffff88810279d000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.081998] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 12.975817] ================================================================== [ 12.976563] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 12.976848] Read of size 1 at addr ffff888102791800 by task kunit_try_catch/213 [ 12.977301] [ 12.977707] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.977751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.977761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.977780] Call Trace: [ 12.977942] <TASK> [ 12.977956] dump_stack_lvl+0x73/0xb0 [ 12.977986] print_report+0xd1/0x650 [ 12.978007] ? __virt_addr_valid+0x1db/0x2d0 [ 12.978042] ? ksize_uaf+0x5fe/0x6c0 [ 12.978061] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.978084] ? ksize_uaf+0x5fe/0x6c0 [ 12.978104] kasan_report+0x141/0x180 [ 12.978125] ? ksize_uaf+0x5fe/0x6c0 [ 12.978149] __asan_report_load1_noabort+0x18/0x20 [ 12.978173] ksize_uaf+0x5fe/0x6c0 [ 12.978193] ? __pfx_ksize_uaf+0x10/0x10 [ 12.978214] ? __schedule+0x10cc/0x2b60 [ 12.978234] ? __pfx_read_tsc+0x10/0x10 [ 12.978254] ? ktime_get_ts64+0x86/0x230 [ 12.978277] kunit_try_run_case+0x1a5/0x480 [ 12.978300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.978322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.978345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.978368] ? __kthread_parkme+0x82/0x180 [ 12.978388] ? preempt_count_sub+0x50/0x80 [ 12.978411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.978434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.978458] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.978483] kthread+0x337/0x6f0 [ 12.978501] ? trace_preempt_on+0x20/0xc0 [ 12.978522] ? __pfx_kthread+0x10/0x10 [ 12.978542] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.978563] ? calculate_sigpending+0x7b/0xa0 [ 12.978586] ? __pfx_kthread+0x10/0x10 [ 12.978607] ret_from_fork+0x116/0x1d0 [ 12.978624] ? __pfx_kthread+0x10/0x10 [ 12.978644] ret_from_fork_asm+0x1a/0x30 [ 12.978673] </TASK> [ 12.978683] [ 12.988719] Allocated by task 213: [ 12.989295] kasan_save_stack+0x45/0x70 [ 12.989501] kasan_save_track+0x18/0x40 [ 12.989790] kasan_save_alloc_info+0x3b/0x50 [ 12.990115] __kasan_kmalloc+0xb7/0xc0 [ 12.990329] __kmalloc_cache_noprof+0x189/0x420 [ 12.990494] ksize_uaf+0xaa/0x6c0 [ 12.990668] kunit_try_run_case+0x1a5/0x480 [ 12.990852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.991412] kthread+0x337/0x6f0 [ 12.991571] ret_from_fork+0x116/0x1d0 [ 12.991755] ret_from_fork_asm+0x1a/0x30 [ 12.992253] [ 12.992344] Freed by task 213: [ 12.992657] kasan_save_stack+0x45/0x70 [ 12.992972] kasan_save_track+0x18/0x40 [ 12.993193] kasan_save_free_info+0x3f/0x60 [ 12.993661] __kasan_slab_free+0x56/0x70 [ 12.993858] kfree+0x222/0x3f0 [ 12.994094] ksize_uaf+0x12c/0x6c0 [ 12.994245] kunit_try_run_case+0x1a5/0x480 [ 12.994447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.994684] kthread+0x337/0x6f0 [ 12.994841] ret_from_fork+0x116/0x1d0 [ 12.995015] ret_from_fork_asm+0x1a/0x30 [ 12.995208] [ 12.995295] The buggy address belongs to the object at ffff888102791800 [ 12.995295] which belongs to the cache kmalloc-128 of size 128 [ 12.995785] The buggy address is located 0 bytes inside of [ 12.995785] freed 128-byte region [ffff888102791800, ffff888102791880) [ 12.997252] [ 12.997541] The buggy address belongs to the physical page: [ 12.997794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 12.998312] flags: 0x200000000000000(node=0|zone=2) [ 12.998610] page_type: f5(slab) [ 12.998785] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.999387] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.999800] page dumped because: kasan: bad access detected [ 13.000261] [ 13.000362] Memory state around the buggy address: [ 13.000551] ffff888102791700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.001092] ffff888102791780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.001485] >ffff888102791800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.002116] ^ [ 13.002283] ffff888102791880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.002674] ffff888102791900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.003190] ================================================================== [ 12.952748] ================================================================== [ 12.953558] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 12.954098] Read of size 1 at addr ffff888102791800 by task kunit_try_catch/213 [ 12.954394] [ 12.954486] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.954531] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.954543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.954563] Call Trace: [ 12.954575] <TASK> [ 12.954593] dump_stack_lvl+0x73/0xb0 [ 12.954624] print_report+0xd1/0x650 [ 12.954645] ? __virt_addr_valid+0x1db/0x2d0 [ 12.954669] ? ksize_uaf+0x19d/0x6c0 [ 12.954688] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.954711] ? ksize_uaf+0x19d/0x6c0 [ 12.954731] kasan_report+0x141/0x180 [ 12.954752] ? ksize_uaf+0x19d/0x6c0 [ 12.954775] ? ksize_uaf+0x19d/0x6c0 [ 12.954795] __kasan_check_byte+0x3d/0x50 [ 12.955112] ksize+0x20/0x60 [ 12.955137] ksize_uaf+0x19d/0x6c0 [ 12.955157] ? __pfx_ksize_uaf+0x10/0x10 [ 12.955179] ? __schedule+0x10cc/0x2b60 [ 12.955200] ? __pfx_read_tsc+0x10/0x10 [ 12.955221] ? ktime_get_ts64+0x86/0x230 [ 12.955246] kunit_try_run_case+0x1a5/0x480 [ 12.955271] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955293] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.955317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.955340] ? __kthread_parkme+0x82/0x180 [ 12.955361] ? preempt_count_sub+0x50/0x80 [ 12.955384] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.955432] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.955456] kthread+0x337/0x6f0 [ 12.955474] ? trace_preempt_on+0x20/0xc0 [ 12.955496] ? __pfx_kthread+0x10/0x10 [ 12.955516] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.955538] ? calculate_sigpending+0x7b/0xa0 [ 12.955561] ? __pfx_kthread+0x10/0x10 [ 12.955582] ret_from_fork+0x116/0x1d0 [ 12.955600] ? __pfx_kthread+0x10/0x10 [ 12.955620] ret_from_fork_asm+0x1a/0x30 [ 12.955650] </TASK> [ 12.955661] [ 12.962878] Allocated by task 213: [ 12.963010] kasan_save_stack+0x45/0x70 [ 12.963167] kasan_save_track+0x18/0x40 [ 12.963300] kasan_save_alloc_info+0x3b/0x50 [ 12.963546] __kasan_kmalloc+0xb7/0xc0 [ 12.963729] __kmalloc_cache_noprof+0x189/0x420 [ 12.964167] ksize_uaf+0xaa/0x6c0 [ 12.964344] kunit_try_run_case+0x1a5/0x480 [ 12.964490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.964667] kthread+0x337/0x6f0 [ 12.964885] ret_from_fork+0x116/0x1d0 [ 12.965279] ret_from_fork_asm+0x1a/0x30 [ 12.965482] [ 12.965577] Freed by task 213: [ 12.965732] kasan_save_stack+0x45/0x70 [ 12.966075] kasan_save_track+0x18/0x40 [ 12.966251] kasan_save_free_info+0x3f/0x60 [ 12.966448] __kasan_slab_free+0x56/0x70 [ 12.966617] kfree+0x222/0x3f0 [ 12.966765] ksize_uaf+0x12c/0x6c0 [ 12.967068] kunit_try_run_case+0x1a5/0x480 [ 12.967238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.967457] kthread+0x337/0x6f0 [ 12.967616] ret_from_fork+0x116/0x1d0 [ 12.967807] ret_from_fork_asm+0x1a/0x30 [ 12.968141] [ 12.968238] The buggy address belongs to the object at ffff888102791800 [ 12.968238] which belongs to the cache kmalloc-128 of size 128 [ 12.968600] The buggy address is located 0 bytes inside of [ 12.968600] freed 128-byte region [ffff888102791800, ffff888102791880) [ 12.968942] [ 12.969024] The buggy address belongs to the physical page: [ 12.969280] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 12.969789] flags: 0x200000000000000(node=0|zone=2) [ 12.970165] page_type: f5(slab) [ 12.970333] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.970571] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.970795] page dumped because: kasan: bad access detected [ 12.971325] [ 12.971422] Memory state around the buggy address: [ 12.971690] ffff888102791700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.972134] ffff888102791780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.972417] >ffff888102791800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.972639] ^ [ 12.972757] ffff888102791880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.974065] ffff888102791900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.975134] ================================================================== [ 13.004892] ================================================================== [ 13.005210] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 13.005515] Read of size 1 at addr ffff888102791878 by task kunit_try_catch/213 [ 13.005786] [ 13.006147] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 13.006191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.006202] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.006221] Call Trace: [ 13.006235] <TASK> [ 13.006248] dump_stack_lvl+0x73/0xb0 [ 13.006278] print_report+0xd1/0x650 [ 13.006299] ? __virt_addr_valid+0x1db/0x2d0 [ 13.006321] ? ksize_uaf+0x5e4/0x6c0 [ 13.006341] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.006364] ? ksize_uaf+0x5e4/0x6c0 [ 13.006384] kasan_report+0x141/0x180 [ 13.006405] ? ksize_uaf+0x5e4/0x6c0 [ 13.006429] __asan_report_load1_noabort+0x18/0x20 [ 13.006454] ksize_uaf+0x5e4/0x6c0 [ 13.006473] ? __pfx_ksize_uaf+0x10/0x10 [ 13.006494] ? __schedule+0x10cc/0x2b60 [ 13.006516] ? __pfx_read_tsc+0x10/0x10 [ 13.006536] ? ktime_get_ts64+0x86/0x230 [ 13.006559] kunit_try_run_case+0x1a5/0x480 [ 13.006582] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.006605] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.006628] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.006651] ? __kthread_parkme+0x82/0x180 [ 13.006671] ? preempt_count_sub+0x50/0x80 [ 13.006694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.006717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.006741] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.006766] kthread+0x337/0x6f0 [ 13.006784] ? trace_preempt_on+0x20/0xc0 [ 13.007027] ? __pfx_kthread+0x10/0x10 [ 13.007069] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.007091] ? calculate_sigpending+0x7b/0xa0 [ 13.007114] ? __pfx_kthread+0x10/0x10 [ 13.007134] ret_from_fork+0x116/0x1d0 [ 13.007153] ? __pfx_kthread+0x10/0x10 [ 13.007173] ret_from_fork_asm+0x1a/0x30 [ 13.007202] </TASK> [ 13.007213] [ 13.014208] Allocated by task 213: [ 13.014375] kasan_save_stack+0x45/0x70 [ 13.014555] kasan_save_track+0x18/0x40 [ 13.014732] kasan_save_alloc_info+0x3b/0x50 [ 13.014917] __kasan_kmalloc+0xb7/0xc0 [ 13.015260] __kmalloc_cache_noprof+0x189/0x420 [ 13.015434] ksize_uaf+0xaa/0x6c0 [ 13.015604] kunit_try_run_case+0x1a5/0x480 [ 13.015814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.016543] kthread+0x337/0x6f0 [ 13.016679] ret_from_fork+0x116/0x1d0 [ 13.018168] ret_from_fork_asm+0x1a/0x30 [ 13.018369] [ 13.018449] Freed by task 213: [ 13.018587] kasan_save_stack+0x45/0x70 [ 13.018781] kasan_save_track+0x18/0x40 [ 13.018961] kasan_save_free_info+0x3f/0x60 [ 13.019170] __kasan_slab_free+0x56/0x70 [ 13.021300] kfree+0x222/0x3f0 [ 13.021435] ksize_uaf+0x12c/0x6c0 [ 13.021562] kunit_try_run_case+0x1a5/0x480 [ 13.021708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.021884] kthread+0x337/0x6f0 [ 13.022013] ret_from_fork+0x116/0x1d0 [ 13.022156] ret_from_fork_asm+0x1a/0x30 [ 13.022296] [ 13.022367] The buggy address belongs to the object at ffff888102791800 [ 13.022367] which belongs to the cache kmalloc-128 of size 128 [ 13.022723] The buggy address is located 120 bytes inside of [ 13.022723] freed 128-byte region [ffff888102791800, ffff888102791880) [ 13.024568] [ 13.025341] The buggy address belongs to the physical page: [ 13.026198] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 13.026663] flags: 0x200000000000000(node=0|zone=2) [ 13.027102] page_type: f5(slab) [ 13.027387] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.027833] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.028434] page dumped because: kasan: bad access detected [ 13.028656] [ 13.028744] Memory state around the buggy address: [ 13.029059] ffff888102791700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.029374] ffff888102791780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.029967] >ffff888102791800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.030276] ^ [ 13.030586] ffff888102791880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.030942] ffff888102791900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.031390] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 12.885457] ================================================================== [ 12.886250] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 12.886621] Read of size 1 at addr ffff888102b0c673 by task kunit_try_catch/211 [ 12.886973] [ 12.887115] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.887160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.887172] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.887191] Call Trace: [ 12.887202] <TASK> [ 12.887217] dump_stack_lvl+0x73/0xb0 [ 12.887246] print_report+0xd1/0x650 [ 12.887267] ? __virt_addr_valid+0x1db/0x2d0 [ 12.887289] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 12.887311] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.887334] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 12.887358] kasan_report+0x141/0x180 [ 12.887379] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 12.887407] __asan_report_load1_noabort+0x18/0x20 [ 12.887431] ksize_unpoisons_memory+0x81c/0x9b0 [ 12.887455] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.887478] ? finish_task_switch.isra.0+0x153/0x700 [ 12.887501] ? __switch_to+0x47/0xf50 [ 12.887526] ? __schedule+0x10cc/0x2b60 [ 12.887547] ? __pfx_read_tsc+0x10/0x10 [ 12.887567] ? ktime_get_ts64+0x86/0x230 [ 12.887590] kunit_try_run_case+0x1a5/0x480 [ 12.887614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.887636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.887659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.887708] ? __kthread_parkme+0x82/0x180 [ 12.887728] ? preempt_count_sub+0x50/0x80 [ 12.887751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.887775] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.887799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.887823] kthread+0x337/0x6f0 [ 12.887842] ? trace_preempt_on+0x20/0xc0 [ 12.887864] ? __pfx_kthread+0x10/0x10 [ 12.887884] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.887905] ? calculate_sigpending+0x7b/0xa0 [ 12.887928] ? __pfx_kthread+0x10/0x10 [ 12.887957] ret_from_fork+0x116/0x1d0 [ 12.887974] ? __pfx_kthread+0x10/0x10 [ 12.888004] ret_from_fork_asm+0x1a/0x30 [ 12.888046] </TASK> [ 12.888055] [ 12.896237] Allocated by task 211: [ 12.896407] kasan_save_stack+0x45/0x70 [ 12.896620] kasan_save_track+0x18/0x40 [ 12.896771] kasan_save_alloc_info+0x3b/0x50 [ 12.897001] __kasan_kmalloc+0xb7/0xc0 [ 12.897169] __kmalloc_cache_noprof+0x189/0x420 [ 12.897604] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.897784] kunit_try_run_case+0x1a5/0x480 [ 12.898107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.898287] kthread+0x337/0x6f0 [ 12.898405] ret_from_fork+0x116/0x1d0 [ 12.898534] ret_from_fork_asm+0x1a/0x30 [ 12.898729] [ 12.898964] The buggy address belongs to the object at ffff888102b0c600 [ 12.898964] which belongs to the cache kmalloc-128 of size 128 [ 12.899711] The buggy address is located 0 bytes to the right of [ 12.899711] allocated 115-byte region [ffff888102b0c600, ffff888102b0c673) [ 12.900377] [ 12.900480] The buggy address belongs to the physical page: [ 12.900753] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 12.901194] flags: 0x200000000000000(node=0|zone=2) [ 12.901463] page_type: f5(slab) [ 12.901586] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.902117] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.902484] page dumped because: kasan: bad access detected [ 12.902763] [ 12.902892] Memory state around the buggy address: [ 12.903120] ffff888102b0c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.903340] ffff888102b0c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.903606] >ffff888102b0c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.903921] ^ [ 12.904336] ffff888102b0c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.904638] ffff888102b0c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.905075] ================================================================== [ 12.927314] ================================================================== [ 12.927632] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.928687] Read of size 1 at addr ffff888102b0c67f by task kunit_try_catch/211 [ 12.929077] [ 12.929182] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.929222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.929233] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.929252] Call Trace: [ 12.929265] <TASK> [ 12.929280] dump_stack_lvl+0x73/0xb0 [ 12.929309] print_report+0xd1/0x650 [ 12.929331] ? __virt_addr_valid+0x1db/0x2d0 [ 12.929352] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.929375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.929398] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.929421] kasan_report+0x141/0x180 [ 12.929442] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.929470] __asan_report_load1_noabort+0x18/0x20 [ 12.929494] ksize_unpoisons_memory+0x7b6/0x9b0 [ 12.929517] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.929540] ? finish_task_switch.isra.0+0x153/0x700 [ 12.929562] ? __switch_to+0x47/0xf50 [ 12.929586] ? __schedule+0x10cc/0x2b60 [ 12.929608] ? __pfx_read_tsc+0x10/0x10 [ 12.929627] ? ktime_get_ts64+0x86/0x230 [ 12.929650] kunit_try_run_case+0x1a5/0x480 [ 12.929674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.929696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.929719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.929742] ? __kthread_parkme+0x82/0x180 [ 12.929762] ? preempt_count_sub+0x50/0x80 [ 12.929784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.930125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.930161] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.930187] kthread+0x337/0x6f0 [ 12.930207] ? trace_preempt_on+0x20/0xc0 [ 12.930231] ? __pfx_kthread+0x10/0x10 [ 12.930251] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.930308] ? calculate_sigpending+0x7b/0xa0 [ 12.930332] ? __pfx_kthread+0x10/0x10 [ 12.930353] ret_from_fork+0x116/0x1d0 [ 12.930371] ? __pfx_kthread+0x10/0x10 [ 12.930392] ret_from_fork_asm+0x1a/0x30 [ 12.930422] </TASK> [ 12.930433] [ 12.940999] Allocated by task 211: [ 12.941172] kasan_save_stack+0x45/0x70 [ 12.941350] kasan_save_track+0x18/0x40 [ 12.941517] kasan_save_alloc_info+0x3b/0x50 [ 12.941695] __kasan_kmalloc+0xb7/0xc0 [ 12.942821] __kmalloc_cache_noprof+0x189/0x420 [ 12.943011] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.943320] kunit_try_run_case+0x1a5/0x480 [ 12.943532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.943724] kthread+0x337/0x6f0 [ 12.943975] ret_from_fork+0x116/0x1d0 [ 12.944152] ret_from_fork_asm+0x1a/0x30 [ 12.944347] [ 12.944431] The buggy address belongs to the object at ffff888102b0c600 [ 12.944431] which belongs to the cache kmalloc-128 of size 128 [ 12.944995] The buggy address is located 12 bytes to the right of [ 12.944995] allocated 115-byte region [ffff888102b0c600, ffff888102b0c673) [ 12.945449] [ 12.945541] The buggy address belongs to the physical page: [ 12.945743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 12.946115] flags: 0x200000000000000(node=0|zone=2) [ 12.946352] page_type: f5(slab) [ 12.946517] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.946779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.947312] page dumped because: kasan: bad access detected [ 12.947579] [ 12.947674] Memory state around the buggy address: [ 12.947934] ffff888102b0c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.948242] ffff888102b0c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.948486] >ffff888102b0c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.948784] ^ [ 12.949173] ffff888102b0c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.949442] ffff888102b0c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.949763] ================================================================== [ 12.905910] ================================================================== [ 12.906224] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.906521] Read of size 1 at addr ffff888102b0c678 by task kunit_try_catch/211 [ 12.906937] [ 12.907051] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.907090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.907101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.907119] Call Trace: [ 12.907131] <TASK> [ 12.907144] dump_stack_lvl+0x73/0xb0 [ 12.907174] print_report+0xd1/0x650 [ 12.907195] ? __virt_addr_valid+0x1db/0x2d0 [ 12.907217] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.907240] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.907262] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.907286] kasan_report+0x141/0x180 [ 12.907307] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.907335] __asan_report_load1_noabort+0x18/0x20 [ 12.907359] ksize_unpoisons_memory+0x7e9/0x9b0 [ 12.907383] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 12.907406] ? finish_task_switch.isra.0+0x153/0x700 [ 12.907450] ? __switch_to+0x47/0xf50 [ 12.907474] ? __schedule+0x10cc/0x2b60 [ 12.907495] ? __pfx_read_tsc+0x10/0x10 [ 12.907516] ? ktime_get_ts64+0x86/0x230 [ 12.907539] kunit_try_run_case+0x1a5/0x480 [ 12.907563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.907586] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.907610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.907633] ? __kthread_parkme+0x82/0x180 [ 12.907652] ? preempt_count_sub+0x50/0x80 [ 12.907675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.907699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.907723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.907748] kthread+0x337/0x6f0 [ 12.907766] ? trace_preempt_on+0x20/0xc0 [ 12.907789] ? __pfx_kthread+0x10/0x10 [ 12.907855] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.907878] ? calculate_sigpending+0x7b/0xa0 [ 12.907902] ? __pfx_kthread+0x10/0x10 [ 12.907923] ret_from_fork+0x116/0x1d0 [ 12.907941] ? __pfx_kthread+0x10/0x10 [ 12.907967] ret_from_fork_asm+0x1a/0x30 [ 12.907997] </TASK> [ 12.908039] [ 12.915882] Allocated by task 211: [ 12.916022] kasan_save_stack+0x45/0x70 [ 12.916233] kasan_save_track+0x18/0x40 [ 12.916623] kasan_save_alloc_info+0x3b/0x50 [ 12.916904] __kasan_kmalloc+0xb7/0xc0 [ 12.917112] __kmalloc_cache_noprof+0x189/0x420 [ 12.917357] ksize_unpoisons_memory+0xc7/0x9b0 [ 12.917565] kunit_try_run_case+0x1a5/0x480 [ 12.917747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.918149] kthread+0x337/0x6f0 [ 12.918273] ret_from_fork+0x116/0x1d0 [ 12.918460] ret_from_fork_asm+0x1a/0x30 [ 12.918661] [ 12.918749] The buggy address belongs to the object at ffff888102b0c600 [ 12.918749] which belongs to the cache kmalloc-128 of size 128 [ 12.919121] The buggy address is located 5 bytes to the right of [ 12.919121] allocated 115-byte region [ffff888102b0c600, ffff888102b0c673) [ 12.919668] [ 12.919769] The buggy address belongs to the physical page: [ 12.920335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 12.920777] flags: 0x200000000000000(node=0|zone=2) [ 12.921173] page_type: f5(slab) [ 12.921347] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.921608] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.922496] page dumped because: kasan: bad access detected [ 12.922754] [ 12.922844] Memory state around the buggy address: [ 12.923077] ffff888102b0c500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.923308] ffff888102b0c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.924156] >ffff888102b0c600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.924405] ^ [ 12.924695] ffff888102b0c680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.925565] ffff888102b0c700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.926358] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 12.860582] ================================================================== [ 12.861158] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 12.861450] Free of addr ffff888101debe80 by task kunit_try_catch/209 [ 12.861647] [ 12.861730] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.861769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.861780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.861798] Call Trace: [ 12.861812] <TASK> [ 12.861826] dump_stack_lvl+0x73/0xb0 [ 12.861853] print_report+0xd1/0x650 [ 12.861874] ? __virt_addr_valid+0x1db/0x2d0 [ 12.861896] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.861919] ? kfree_sensitive+0x2e/0x90 [ 12.861939] kasan_report_invalid_free+0x10a/0x130 [ 12.861963] ? kfree_sensitive+0x2e/0x90 [ 12.861984] ? kfree_sensitive+0x2e/0x90 [ 12.862003] check_slab_allocation+0x101/0x130 [ 12.862026] __kasan_slab_pre_free+0x28/0x40 [ 12.862059] kfree+0xf0/0x3f0 [ 12.862079] ? kfree_sensitive+0x2e/0x90 [ 12.862101] kfree_sensitive+0x2e/0x90 [ 12.862120] kmalloc_double_kzfree+0x19c/0x350 [ 12.862375] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.862400] ? __schedule+0x10cc/0x2b60 [ 12.862421] ? __pfx_read_tsc+0x10/0x10 [ 12.862442] ? ktime_get_ts64+0x86/0x230 [ 12.862465] kunit_try_run_case+0x1a5/0x480 [ 12.862490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.862512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.862536] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.862559] ? __kthread_parkme+0x82/0x180 [ 12.862579] ? preempt_count_sub+0x50/0x80 [ 12.862601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.862626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.862649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.862674] kthread+0x337/0x6f0 [ 12.862692] ? trace_preempt_on+0x20/0xc0 [ 12.862715] ? __pfx_kthread+0x10/0x10 [ 12.862734] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.862755] ? calculate_sigpending+0x7b/0xa0 [ 12.862778] ? __pfx_kthread+0x10/0x10 [ 12.862799] ret_from_fork+0x116/0x1d0 [ 12.862817] ? __pfx_kthread+0x10/0x10 [ 12.862876] ret_from_fork_asm+0x1a/0x30 [ 12.862906] </TASK> [ 12.862916] [ 12.870785] Allocated by task 209: [ 12.870966] kasan_save_stack+0x45/0x70 [ 12.871283] kasan_save_track+0x18/0x40 [ 12.871418] kasan_save_alloc_info+0x3b/0x50 [ 12.871564] __kasan_kmalloc+0xb7/0xc0 [ 12.871695] __kmalloc_cache_noprof+0x189/0x420 [ 12.871849] kmalloc_double_kzfree+0xa9/0x350 [ 12.872217] kunit_try_run_case+0x1a5/0x480 [ 12.872433] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.872691] kthread+0x337/0x6f0 [ 12.872862] ret_from_fork+0x116/0x1d0 [ 12.873181] ret_from_fork_asm+0x1a/0x30 [ 12.873470] [ 12.873568] Freed by task 209: [ 12.873716] kasan_save_stack+0x45/0x70 [ 12.874115] kasan_save_track+0x18/0x40 [ 12.874338] kasan_save_free_info+0x3f/0x60 [ 12.874521] __kasan_slab_free+0x56/0x70 [ 12.874678] kfree+0x222/0x3f0 [ 12.874795] kfree_sensitive+0x67/0x90 [ 12.875219] kmalloc_double_kzfree+0x12b/0x350 [ 12.875461] kunit_try_run_case+0x1a5/0x480 [ 12.875664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.876042] kthread+0x337/0x6f0 [ 12.876168] ret_from_fork+0x116/0x1d0 [ 12.876302] ret_from_fork_asm+0x1a/0x30 [ 12.876442] [ 12.876516] The buggy address belongs to the object at ffff888101debe80 [ 12.876516] which belongs to the cache kmalloc-16 of size 16 [ 12.876868] The buggy address is located 0 bytes inside of [ 12.876868] 16-byte region [ffff888101debe80, ffff888101debe90) [ 12.877370] [ 12.877467] The buggy address belongs to the physical page: [ 12.877720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 12.878110] flags: 0x200000000000000(node=0|zone=2) [ 12.878349] page_type: f5(slab) [ 12.878483] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.878714] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.879044] page dumped because: kasan: bad access detected [ 12.879291] [ 12.879381] Memory state around the buggy address: [ 12.879597] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.879904] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.880268] >ffff888101debe80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.880528] ^ [ 12.880640] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.881119] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.881764] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 12.839257] ================================================================== [ 12.839821] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 12.840169] Read of size 1 at addr ffff888101debe80 by task kunit_try_catch/209 [ 12.840471] [ 12.840579] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.840620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.840631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.840650] Call Trace: [ 12.840662] <TASK> [ 12.840676] dump_stack_lvl+0x73/0xb0 [ 12.840706] print_report+0xd1/0x650 [ 12.840728] ? __virt_addr_valid+0x1db/0x2d0 [ 12.840751] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.840773] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.840796] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.840819] kasan_report+0x141/0x180 [ 12.840840] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.840866] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.840889] __kasan_check_byte+0x3d/0x50 [ 12.840910] kfree_sensitive+0x22/0x90 [ 12.840933] kmalloc_double_kzfree+0x19c/0x350 [ 12.840956] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.841054] ? __schedule+0x10cc/0x2b60 [ 12.841077] ? __pfx_read_tsc+0x10/0x10 [ 12.841098] ? ktime_get_ts64+0x86/0x230 [ 12.841121] kunit_try_run_case+0x1a5/0x480 [ 12.841146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.841168] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.841192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.841217] ? __kthread_parkme+0x82/0x180 [ 12.841238] ? preempt_count_sub+0x50/0x80 [ 12.841262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.841287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.841311] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.841336] kthread+0x337/0x6f0 [ 12.841354] ? trace_preempt_on+0x20/0xc0 [ 12.841377] ? __pfx_kthread+0x10/0x10 [ 12.841397] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.841418] ? calculate_sigpending+0x7b/0xa0 [ 12.841441] ? __pfx_kthread+0x10/0x10 [ 12.841462] ret_from_fork+0x116/0x1d0 [ 12.841480] ? __pfx_kthread+0x10/0x10 [ 12.841499] ret_from_fork_asm+0x1a/0x30 [ 12.841530] </TASK> [ 12.841539] [ 12.849069] Allocated by task 209: [ 12.849219] kasan_save_stack+0x45/0x70 [ 12.849367] kasan_save_track+0x18/0x40 [ 12.849502] kasan_save_alloc_info+0x3b/0x50 [ 12.849727] __kasan_kmalloc+0xb7/0xc0 [ 12.849927] __kmalloc_cache_noprof+0x189/0x420 [ 12.850351] kmalloc_double_kzfree+0xa9/0x350 [ 12.850561] kunit_try_run_case+0x1a5/0x480 [ 12.850732] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.850905] kthread+0x337/0x6f0 [ 12.851023] ret_from_fork+0x116/0x1d0 [ 12.851385] ret_from_fork_asm+0x1a/0x30 [ 12.851587] [ 12.851680] Freed by task 209: [ 12.851830] kasan_save_stack+0x45/0x70 [ 12.852390] kasan_save_track+0x18/0x40 [ 12.852561] kasan_save_free_info+0x3f/0x60 [ 12.852756] __kasan_slab_free+0x56/0x70 [ 12.853080] kfree+0x222/0x3f0 [ 12.853225] kfree_sensitive+0x67/0x90 [ 12.853374] kmalloc_double_kzfree+0x12b/0x350 [ 12.853526] kunit_try_run_case+0x1a5/0x480 [ 12.853718] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.853989] kthread+0x337/0x6f0 [ 12.854170] ret_from_fork+0x116/0x1d0 [ 12.854355] ret_from_fork_asm+0x1a/0x30 [ 12.854540] [ 12.854636] The buggy address belongs to the object at ffff888101debe80 [ 12.854636] which belongs to the cache kmalloc-16 of size 16 [ 12.855248] The buggy address is located 0 bytes inside of [ 12.855248] freed 16-byte region [ffff888101debe80, ffff888101debe90) [ 12.855703] [ 12.855774] The buggy address belongs to the physical page: [ 12.855950] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 12.856200] flags: 0x200000000000000(node=0|zone=2) [ 12.856362] page_type: f5(slab) [ 12.856527] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.856877] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.857377] page dumped because: kasan: bad access detected [ 12.857545] [ 12.857612] Memory state around the buggy address: [ 12.857763] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.857973] ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.858662] >ffff888101debe80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.859256] ^ [ 12.859423] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.859741] ffff888101debf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.860192] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 12.805466] ================================================================== [ 12.806436] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 12.806671] Read of size 1 at addr ffff8881039ff728 by task kunit_try_catch/205 [ 12.806904] [ 12.806995] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.807057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.807069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.807090] Call Trace: [ 12.807103] <TASK> [ 12.807122] dump_stack_lvl+0x73/0xb0 [ 12.807174] print_report+0xd1/0x650 [ 12.807198] ? __virt_addr_valid+0x1db/0x2d0 [ 12.807221] ? kmalloc_uaf2+0x4a8/0x520 [ 12.807240] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.807263] ? kmalloc_uaf2+0x4a8/0x520 [ 12.807282] kasan_report+0x141/0x180 [ 12.807303] ? kmalloc_uaf2+0x4a8/0x520 [ 12.807343] __asan_report_load1_noabort+0x18/0x20 [ 12.807368] kmalloc_uaf2+0x4a8/0x520 [ 12.807399] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 12.807419] ? finish_task_switch.isra.0+0x153/0x700 [ 12.807443] ? __switch_to+0x47/0xf50 [ 12.807469] ? __schedule+0x10cc/0x2b60 [ 12.807491] ? __pfx_read_tsc+0x10/0x10 [ 12.807511] ? ktime_get_ts64+0x86/0x230 [ 12.807897] kunit_try_run_case+0x1a5/0x480 [ 12.807928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.807959] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.807983] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.808007] ? __kthread_parkme+0x82/0x180 [ 12.808028] ? preempt_count_sub+0x50/0x80 [ 12.808061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.808085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.808109] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.808134] kthread+0x337/0x6f0 [ 12.808152] ? trace_preempt_on+0x20/0xc0 [ 12.808175] ? __pfx_kthread+0x10/0x10 [ 12.808196] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.808217] ? calculate_sigpending+0x7b/0xa0 [ 12.808241] ? __pfx_kthread+0x10/0x10 [ 12.808262] ret_from_fork+0x116/0x1d0 [ 12.808280] ? __pfx_kthread+0x10/0x10 [ 12.808302] ret_from_fork_asm+0x1a/0x30 [ 12.808332] </TASK> [ 12.808343] [ 12.820911] Allocated by task 205: [ 12.821054] kasan_save_stack+0x45/0x70 [ 12.821284] kasan_save_track+0x18/0x40 [ 12.821473] kasan_save_alloc_info+0x3b/0x50 [ 12.821681] __kasan_kmalloc+0xb7/0xc0 [ 12.821854] __kmalloc_cache_noprof+0x189/0x420 [ 12.822146] kmalloc_uaf2+0xc6/0x520 [ 12.822313] kunit_try_run_case+0x1a5/0x480 [ 12.822458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.822713] kthread+0x337/0x6f0 [ 12.822915] ret_from_fork+0x116/0x1d0 [ 12.823147] ret_from_fork_asm+0x1a/0x30 [ 12.823316] [ 12.823412] Freed by task 205: [ 12.823545] kasan_save_stack+0x45/0x70 [ 12.823706] kasan_save_track+0x18/0x40 [ 12.823839] kasan_save_free_info+0x3f/0x60 [ 12.823993] __kasan_slab_free+0x56/0x70 [ 12.824183] kfree+0x222/0x3f0 [ 12.824342] kmalloc_uaf2+0x14c/0x520 [ 12.824522] kunit_try_run_case+0x1a5/0x480 [ 12.824777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.825011] kthread+0x337/0x6f0 [ 12.825140] ret_from_fork+0x116/0x1d0 [ 12.825272] ret_from_fork_asm+0x1a/0x30 [ 12.825522] [ 12.825618] The buggy address belongs to the object at ffff8881039ff700 [ 12.825618] which belongs to the cache kmalloc-64 of size 64 [ 12.826265] The buggy address is located 40 bytes inside of [ 12.826265] freed 64-byte region [ffff8881039ff700, ffff8881039ff740) [ 12.826735] [ 12.826820] The buggy address belongs to the physical page: [ 12.827000] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ff [ 12.827364] flags: 0x200000000000000(node=0|zone=2) [ 12.827607] page_type: f5(slab) [ 12.827728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.827962] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.828371] page dumped because: kasan: bad access detected [ 12.828621] [ 12.828711] Memory state around the buggy address: [ 12.828927] ffff8881039ff600: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 12.829346] ffff8881039ff680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.829566] >ffff8881039ff700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.829844] ^ [ 12.830229] ffff8881039ff780: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 12.830549] ffff8881039ff800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.830788] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 12.766552] ================================================================== [ 12.767013] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 12.767538] Write of size 33 at addr ffff888102798c80 by task kunit_try_catch/203 [ 12.768074] [ 12.768443] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.768490] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.768605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.768628] Call Trace: [ 12.768642] <TASK> [ 12.768658] dump_stack_lvl+0x73/0xb0 [ 12.768689] print_report+0xd1/0x650 [ 12.768711] ? __virt_addr_valid+0x1db/0x2d0 [ 12.768735] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.768755] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.768778] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.768799] kasan_report+0x141/0x180 [ 12.768833] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.768859] kasan_check_range+0x10c/0x1c0 [ 12.768882] __asan_memset+0x27/0x50 [ 12.768901] kmalloc_uaf_memset+0x1a3/0x360 [ 12.768922] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 12.768944] ? __schedule+0x10cc/0x2b60 [ 12.768966] ? __pfx_read_tsc+0x10/0x10 [ 12.768986] ? ktime_get_ts64+0x86/0x230 [ 12.769012] kunit_try_run_case+0x1a5/0x480 [ 12.769063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.769086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.769109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.769132] ? __kthread_parkme+0x82/0x180 [ 12.769152] ? preempt_count_sub+0x50/0x80 [ 12.769176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.769200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.769223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.769248] kthread+0x337/0x6f0 [ 12.769266] ? trace_preempt_on+0x20/0xc0 [ 12.769289] ? __pfx_kthread+0x10/0x10 [ 12.769310] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.769330] ? calculate_sigpending+0x7b/0xa0 [ 12.769354] ? __pfx_kthread+0x10/0x10 [ 12.769375] ret_from_fork+0x116/0x1d0 [ 12.769393] ? __pfx_kthread+0x10/0x10 [ 12.769413] ret_from_fork_asm+0x1a/0x30 [ 12.769443] </TASK> [ 12.769453] [ 12.780451] Allocated by task 203: [ 12.780643] kasan_save_stack+0x45/0x70 [ 12.781094] kasan_save_track+0x18/0x40 [ 12.781263] kasan_save_alloc_info+0x3b/0x50 [ 12.781473] __kasan_kmalloc+0xb7/0xc0 [ 12.781648] __kmalloc_cache_noprof+0x189/0x420 [ 12.782513] kmalloc_uaf_memset+0xa9/0x360 [ 12.782737] kunit_try_run_case+0x1a5/0x480 [ 12.782935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.783184] kthread+0x337/0x6f0 [ 12.783342] ret_from_fork+0x116/0x1d0 [ 12.783510] ret_from_fork_asm+0x1a/0x30 [ 12.783682] [ 12.783773] Freed by task 203: [ 12.783913] kasan_save_stack+0x45/0x70 [ 12.784187] kasan_save_track+0x18/0x40 [ 12.784537] kasan_save_free_info+0x3f/0x60 [ 12.784745] __kasan_slab_free+0x56/0x70 [ 12.784966] kfree+0x222/0x3f0 [ 12.785138] kmalloc_uaf_memset+0x12b/0x360 [ 12.785754] kunit_try_run_case+0x1a5/0x480 [ 12.786494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.786773] kthread+0x337/0x6f0 [ 12.787501] ret_from_fork+0x116/0x1d0 [ 12.788236] ret_from_fork_asm+0x1a/0x30 [ 12.788462] [ 12.788759] The buggy address belongs to the object at ffff888102798c80 [ 12.788759] which belongs to the cache kmalloc-64 of size 64 [ 12.789315] The buggy address is located 0 bytes inside of [ 12.789315] freed 64-byte region [ffff888102798c80, ffff888102798cc0) [ 12.789755] [ 12.789876] The buggy address belongs to the physical page: [ 12.790854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102798 [ 12.791777] flags: 0x200000000000000(node=0|zone=2) [ 12.792441] page_type: f5(slab) [ 12.792942] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.793799] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.794677] page dumped because: kasan: bad access detected [ 12.795295] [ 12.795464] Memory state around the buggy address: [ 12.795994] ffff888102798b80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.796637] ffff888102798c00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.796924] >ffff888102798c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.798045] ^ [ 12.798548] ffff888102798d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.800223] ffff888102798d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.800876] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 12.735128] ================================================================== [ 12.735640] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 12.736255] Read of size 1 at addr ffff888101debe68 by task kunit_try_catch/201 [ 12.736616] [ 12.736734] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.736777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.736788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.736806] Call Trace: [ 12.736818] <TASK> [ 12.736832] dump_stack_lvl+0x73/0xb0 [ 12.736862] print_report+0xd1/0x650 [ 12.736884] ? __virt_addr_valid+0x1db/0x2d0 [ 12.736926] ? kmalloc_uaf+0x320/0x380 [ 12.736959] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.737095] ? kmalloc_uaf+0x320/0x380 [ 12.737122] kasan_report+0x141/0x180 [ 12.737144] ? kmalloc_uaf+0x320/0x380 [ 12.737168] __asan_report_load1_noabort+0x18/0x20 [ 12.737193] kmalloc_uaf+0x320/0x380 [ 12.737213] ? __pfx_kmalloc_uaf+0x10/0x10 [ 12.737233] ? __schedule+0x10cc/0x2b60 [ 12.737255] ? __pfx_read_tsc+0x10/0x10 [ 12.737277] ? ktime_get_ts64+0x86/0x230 [ 12.737300] kunit_try_run_case+0x1a5/0x480 [ 12.737325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737347] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.737371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.737394] ? __kthread_parkme+0x82/0x180 [ 12.737414] ? preempt_count_sub+0x50/0x80 [ 12.737438] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.737485] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.737510] kthread+0x337/0x6f0 [ 12.737528] ? trace_preempt_on+0x20/0xc0 [ 12.737551] ? __pfx_kthread+0x10/0x10 [ 12.737571] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.737592] ? calculate_sigpending+0x7b/0xa0 [ 12.737615] ? __pfx_kthread+0x10/0x10 [ 12.737636] ret_from_fork+0x116/0x1d0 [ 12.737654] ? __pfx_kthread+0x10/0x10 [ 12.737675] ret_from_fork_asm+0x1a/0x30 [ 12.737705] </TASK> [ 12.737714] [ 12.745386] Allocated by task 201: [ 12.745540] kasan_save_stack+0x45/0x70 [ 12.745768] kasan_save_track+0x18/0x40 [ 12.746145] kasan_save_alloc_info+0x3b/0x50 [ 12.746395] __kasan_kmalloc+0xb7/0xc0 [ 12.746603] __kmalloc_cache_noprof+0x189/0x420 [ 12.746830] kmalloc_uaf+0xaa/0x380 [ 12.747154] kunit_try_run_case+0x1a5/0x480 [ 12.747352] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.747634] kthread+0x337/0x6f0 [ 12.747802] ret_from_fork+0x116/0x1d0 [ 12.748072] ret_from_fork_asm+0x1a/0x30 [ 12.748273] [ 12.748365] Freed by task 201: [ 12.748521] kasan_save_stack+0x45/0x70 [ 12.748705] kasan_save_track+0x18/0x40 [ 12.748871] kasan_save_free_info+0x3f/0x60 [ 12.749096] __kasan_slab_free+0x56/0x70 [ 12.749355] kfree+0x222/0x3f0 [ 12.749471] kmalloc_uaf+0x12c/0x380 [ 12.749598] kunit_try_run_case+0x1a5/0x480 [ 12.750153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.750636] kthread+0x337/0x6f0 [ 12.750897] ret_from_fork+0x116/0x1d0 [ 12.751119] ret_from_fork_asm+0x1a/0x30 [ 12.751352] [ 12.751448] The buggy address belongs to the object at ffff888101debe60 [ 12.751448] which belongs to the cache kmalloc-16 of size 16 [ 12.752062] The buggy address is located 8 bytes inside of [ 12.752062] freed 16-byte region [ffff888101debe60, ffff888101debe70) [ 12.752446] [ 12.752516] The buggy address belongs to the physical page: [ 12.752848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 12.753519] flags: 0x200000000000000(node=0|zone=2) [ 12.753766] page_type: f5(slab) [ 12.753956] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.754541] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.754854] page dumped because: kasan: bad access detected [ 12.755025] [ 12.755106] Memory state around the buggy address: [ 12.755328] ffff888101debd00: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 12.755773] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.756199] >ffff888101debe00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.756481] ^ [ 12.756706] ffff888101debe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.757302] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.757763] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 12.709121] ================================================================== [ 12.709741] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.710335] Read of size 64 at addr ffff888102798a04 by task kunit_try_catch/199 [ 12.710631] [ 12.710958] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.711065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.711077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.711096] Call Trace: [ 12.711107] <TASK> [ 12.711121] dump_stack_lvl+0x73/0xb0 [ 12.711174] print_report+0xd1/0x650 [ 12.711195] ? __virt_addr_valid+0x1db/0x2d0 [ 12.711217] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.711259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.711282] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.711307] kasan_report+0x141/0x180 [ 12.711328] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.711358] kasan_check_range+0x10c/0x1c0 [ 12.711382] __asan_memmove+0x27/0x70 [ 12.711401] kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.711426] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 12.711452] ? __schedule+0x10cc/0x2b60 [ 12.711473] ? __pfx_read_tsc+0x10/0x10 [ 12.711494] ? ktime_get_ts64+0x86/0x230 [ 12.711516] kunit_try_run_case+0x1a5/0x480 [ 12.711541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.711564] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.711588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.711611] ? __kthread_parkme+0x82/0x180 [ 12.711632] ? preempt_count_sub+0x50/0x80 [ 12.711655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.711680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.711704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.711729] kthread+0x337/0x6f0 [ 12.711747] ? trace_preempt_on+0x20/0xc0 [ 12.711769] ? __pfx_kthread+0x10/0x10 [ 12.711790] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.711857] ? calculate_sigpending+0x7b/0xa0 [ 12.711884] ? __pfx_kthread+0x10/0x10 [ 12.711905] ret_from_fork+0x116/0x1d0 [ 12.711923] ? __pfx_kthread+0x10/0x10 [ 12.711958] ret_from_fork_asm+0x1a/0x30 [ 12.711988] </TASK> [ 12.711998] [ 12.720611] Allocated by task 199: [ 12.720785] kasan_save_stack+0x45/0x70 [ 12.720987] kasan_save_track+0x18/0x40 [ 12.721455] kasan_save_alloc_info+0x3b/0x50 [ 12.721671] __kasan_kmalloc+0xb7/0xc0 [ 12.721823] __kmalloc_cache_noprof+0x189/0x420 [ 12.722165] kmalloc_memmove_invalid_size+0xac/0x330 [ 12.722421] kunit_try_run_case+0x1a5/0x480 [ 12.722652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.722823] kthread+0x337/0x6f0 [ 12.722972] ret_from_fork+0x116/0x1d0 [ 12.723338] ret_from_fork_asm+0x1a/0x30 [ 12.723585] [ 12.723701] The buggy address belongs to the object at ffff888102798a00 [ 12.723701] which belongs to the cache kmalloc-64 of size 64 [ 12.724379] The buggy address is located 4 bytes inside of [ 12.724379] allocated 64-byte region [ffff888102798a00, ffff888102798a40) [ 12.724949] [ 12.725083] The buggy address belongs to the physical page: [ 12.725323] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102798 [ 12.725646] flags: 0x200000000000000(node=0|zone=2) [ 12.725915] page_type: f5(slab) [ 12.726106] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.726432] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.726781] page dumped because: kasan: bad access detected [ 12.727039] [ 12.727131] Memory state around the buggy address: [ 12.727347] ffff888102798900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.727656] ffff888102798980: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.727877] >ffff888102798a00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.728109] ^ [ 12.728417] ffff888102798a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.728778] ffff888102798b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.729296] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 12.684766] ================================================================== [ 12.685351] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 12.685700] Read of size 18446744073709551614 at addr ffff8881039ff584 by task kunit_try_catch/197 [ 12.686384] [ 12.686503] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.686546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.686557] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.686577] Call Trace: [ 12.686589] <TASK> [ 12.686603] dump_stack_lvl+0x73/0xb0 [ 12.686658] print_report+0xd1/0x650 [ 12.686681] ? __virt_addr_valid+0x1db/0x2d0 [ 12.686721] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.686747] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.686770] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.686816] kasan_report+0x141/0x180 [ 12.686838] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.686868] kasan_check_range+0x10c/0x1c0 [ 12.686891] __asan_memmove+0x27/0x70 [ 12.686910] kmalloc_memmove_negative_size+0x171/0x330 [ 12.686964] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 12.686993] ? __schedule+0x10cc/0x2b60 [ 12.687016] ? __pfx_read_tsc+0x10/0x10 [ 12.687070] ? ktime_get_ts64+0x86/0x230 [ 12.687097] kunit_try_run_case+0x1a5/0x480 [ 12.687190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.687214] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.687238] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.687261] ? __kthread_parkme+0x82/0x180 [ 12.687281] ? preempt_count_sub+0x50/0x80 [ 12.687306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.687330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.687353] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.687378] kthread+0x337/0x6f0 [ 12.687397] ? trace_preempt_on+0x20/0xc0 [ 12.687420] ? __pfx_kthread+0x10/0x10 [ 12.687440] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.687461] ? calculate_sigpending+0x7b/0xa0 [ 12.687485] ? __pfx_kthread+0x10/0x10 [ 12.687506] ret_from_fork+0x116/0x1d0 [ 12.687524] ? __pfx_kthread+0x10/0x10 [ 12.687544] ret_from_fork_asm+0x1a/0x30 [ 12.687575] </TASK> [ 12.687584] [ 12.695989] Allocated by task 197: [ 12.696151] kasan_save_stack+0x45/0x70 [ 12.696373] kasan_save_track+0x18/0x40 [ 12.696560] kasan_save_alloc_info+0x3b/0x50 [ 12.696755] __kasan_kmalloc+0xb7/0xc0 [ 12.696947] __kmalloc_cache_noprof+0x189/0x420 [ 12.697216] kmalloc_memmove_negative_size+0xac/0x330 [ 12.697475] kunit_try_run_case+0x1a5/0x480 [ 12.697688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.698027] kthread+0x337/0x6f0 [ 12.698243] ret_from_fork+0x116/0x1d0 [ 12.698373] ret_from_fork_asm+0x1a/0x30 [ 12.698511] [ 12.698582] The buggy address belongs to the object at ffff8881039ff580 [ 12.698582] which belongs to the cache kmalloc-64 of size 64 [ 12.699069] The buggy address is located 4 bytes inside of [ 12.699069] 64-byte region [ffff8881039ff580, ffff8881039ff5c0) [ 12.699764] [ 12.700001] The buggy address belongs to the physical page: [ 12.700350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ff [ 12.700749] flags: 0x200000000000000(node=0|zone=2) [ 12.701264] page_type: f5(slab) [ 12.701436] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.701691] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.701916] page dumped because: kasan: bad access detected [ 12.702097] [ 12.702166] Memory state around the buggy address: [ 12.702321] ffff8881039ff480: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 12.702715] ffff8881039ff500: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.703098] >ffff8881039ff580: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.703446] ^ [ 12.703634] ffff8881039ff600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.704018] ffff8881039ff680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.704564] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 12.659068] ================================================================== [ 12.659543] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.660121] Write of size 16 at addr ffff888102791769 by task kunit_try_catch/195 [ 12.660451] [ 12.660579] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.660620] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.660631] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.660649] Call Trace: [ 12.660661] <TASK> [ 12.660674] dump_stack_lvl+0x73/0xb0 [ 12.660704] print_report+0xd1/0x650 [ 12.660726] ? __virt_addr_valid+0x1db/0x2d0 [ 12.660767] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.660790] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.660813] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.660917] kasan_report+0x141/0x180 [ 12.660961] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.661003] kasan_check_range+0x10c/0x1c0 [ 12.661027] __asan_memset+0x27/0x50 [ 12.661218] kmalloc_oob_memset_16+0x166/0x330 [ 12.661242] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.661266] ? __schedule+0x10cc/0x2b60 [ 12.661288] ? __pfx_read_tsc+0x10/0x10 [ 12.661309] ? ktime_get_ts64+0x86/0x230 [ 12.661333] kunit_try_run_case+0x1a5/0x480 [ 12.661358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.661380] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.661404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.661428] ? __kthread_parkme+0x82/0x180 [ 12.661448] ? preempt_count_sub+0x50/0x80 [ 12.661471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.661495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.661519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.661544] kthread+0x337/0x6f0 [ 12.661562] ? trace_preempt_on+0x20/0xc0 [ 12.661585] ? __pfx_kthread+0x10/0x10 [ 12.661606] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.661627] ? calculate_sigpending+0x7b/0xa0 [ 12.661650] ? __pfx_kthread+0x10/0x10 [ 12.661671] ret_from_fork+0x116/0x1d0 [ 12.661689] ? __pfx_kthread+0x10/0x10 [ 12.661709] ret_from_fork_asm+0x1a/0x30 [ 12.661740] </TASK> [ 12.661750] [ 12.669758] Allocated by task 195: [ 12.669990] kasan_save_stack+0x45/0x70 [ 12.670293] kasan_save_track+0x18/0x40 [ 12.670487] kasan_save_alloc_info+0x3b/0x50 [ 12.670696] __kasan_kmalloc+0xb7/0xc0 [ 12.670995] __kmalloc_cache_noprof+0x189/0x420 [ 12.671171] kmalloc_oob_memset_16+0xac/0x330 [ 12.671372] kunit_try_run_case+0x1a5/0x480 [ 12.671578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.671940] kthread+0x337/0x6f0 [ 12.672140] ret_from_fork+0x116/0x1d0 [ 12.672293] ret_from_fork_asm+0x1a/0x30 [ 12.672484] [ 12.672554] The buggy address belongs to the object at ffff888102791700 [ 12.672554] which belongs to the cache kmalloc-128 of size 128 [ 12.673475] The buggy address is located 105 bytes inside of [ 12.673475] allocated 120-byte region [ffff888102791700, ffff888102791778) [ 12.674334] [ 12.674441] The buggy address belongs to the physical page: [ 12.674650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 12.675284] flags: 0x200000000000000(node=0|zone=2) [ 12.675545] page_type: f5(slab) [ 12.675710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.676160] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.676504] page dumped because: kasan: bad access detected [ 12.676689] [ 12.676783] Memory state around the buggy address: [ 12.677072] ffff888102791600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.677574] ffff888102791680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.677804] >ffff888102791700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.678348] ^ [ 12.678651] ffff888102791780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.679146] ffff888102791800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.679468] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 12.633789] ================================================================== [ 12.634701] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 12.635054] Write of size 8 at addr ffff888102791671 by task kunit_try_catch/193 [ 12.635493] [ 12.635629] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.635672] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.635683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.635702] Call Trace: [ 12.635713] <TASK> [ 12.635727] dump_stack_lvl+0x73/0xb0 [ 12.635755] print_report+0xd1/0x650 [ 12.635797] ? __virt_addr_valid+0x1db/0x2d0 [ 12.635819] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.635840] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.635959] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.635988] kasan_report+0x141/0x180 [ 12.636012] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.636051] kasan_check_range+0x10c/0x1c0 [ 12.636075] __asan_memset+0x27/0x50 [ 12.636094] kmalloc_oob_memset_8+0x166/0x330 [ 12.636116] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 12.636140] ? __schedule+0x10cc/0x2b60 [ 12.636161] ? __pfx_read_tsc+0x10/0x10 [ 12.636182] ? ktime_get_ts64+0x86/0x230 [ 12.636205] kunit_try_run_case+0x1a5/0x480 [ 12.636229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.636276] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.636301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.636324] ? __kthread_parkme+0x82/0x180 [ 12.636345] ? preempt_count_sub+0x50/0x80 [ 12.636369] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.636394] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.636434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.636459] kthread+0x337/0x6f0 [ 12.636477] ? trace_preempt_on+0x20/0xc0 [ 12.636500] ? __pfx_kthread+0x10/0x10 [ 12.636520] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.636541] ? calculate_sigpending+0x7b/0xa0 [ 12.636565] ? __pfx_kthread+0x10/0x10 [ 12.636586] ret_from_fork+0x116/0x1d0 [ 12.636604] ? __pfx_kthread+0x10/0x10 [ 12.636624] ret_from_fork_asm+0x1a/0x30 [ 12.636654] </TASK> [ 12.636664] [ 12.644543] Allocated by task 193: [ 12.644749] kasan_save_stack+0x45/0x70 [ 12.645151] kasan_save_track+0x18/0x40 [ 12.645321] kasan_save_alloc_info+0x3b/0x50 [ 12.645470] __kasan_kmalloc+0xb7/0xc0 [ 12.645602] __kmalloc_cache_noprof+0x189/0x420 [ 12.645770] kmalloc_oob_memset_8+0xac/0x330 [ 12.646007] kunit_try_run_case+0x1a5/0x480 [ 12.646346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.646609] kthread+0x337/0x6f0 [ 12.646842] ret_from_fork+0x116/0x1d0 [ 12.647073] ret_from_fork_asm+0x1a/0x30 [ 12.647217] [ 12.647292] The buggy address belongs to the object at ffff888102791600 [ 12.647292] which belongs to the cache kmalloc-128 of size 128 [ 12.647867] The buggy address is located 113 bytes inside of [ 12.647867] allocated 120-byte region [ffff888102791600, ffff888102791678) [ 12.648654] [ 12.648800] The buggy address belongs to the physical page: [ 12.649076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 12.649422] flags: 0x200000000000000(node=0|zone=2) [ 12.649651] page_type: f5(slab) [ 12.649786] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.650016] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.650253] page dumped because: kasan: bad access detected [ 12.650570] [ 12.650688] Memory state around the buggy address: [ 12.651047] ffff888102791500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.651486] ffff888102791580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.651960] >ffff888102791600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.652305] ^ [ 12.652598] ffff888102791680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.652881] ffff888102791700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.653310] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 12.610299] ================================================================== [ 12.611364] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.611679] Write of size 4 at addr ffff888102b0c575 by task kunit_try_catch/191 [ 12.612104] [ 12.612201] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.612244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.612255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.612296] Call Trace: [ 12.612308] <TASK> [ 12.612337] dump_stack_lvl+0x73/0xb0 [ 12.612368] print_report+0xd1/0x650 [ 12.612390] ? __virt_addr_valid+0x1db/0x2d0 [ 12.612426] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.612462] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.612485] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.612508] kasan_report+0x141/0x180 [ 12.612531] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.612559] kasan_check_range+0x10c/0x1c0 [ 12.612584] __asan_memset+0x27/0x50 [ 12.612605] kmalloc_oob_memset_4+0x166/0x330 [ 12.612629] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.612653] ? __schedule+0x10cc/0x2b60 [ 12.612676] ? __pfx_read_tsc+0x10/0x10 [ 12.612696] ? ktime_get_ts64+0x86/0x230 [ 12.612721] kunit_try_run_case+0x1a5/0x480 [ 12.612746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.612769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.612794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.612874] ? __kthread_parkme+0x82/0x180 [ 12.612901] ? preempt_count_sub+0x50/0x80 [ 12.612928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.612955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.612981] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.613006] kthread+0x337/0x6f0 [ 12.613025] ? trace_preempt_on+0x20/0xc0 [ 12.613061] ? __pfx_kthread+0x10/0x10 [ 12.613081] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.613103] ? calculate_sigpending+0x7b/0xa0 [ 12.613127] ? __pfx_kthread+0x10/0x10 [ 12.613149] ret_from_fork+0x116/0x1d0 [ 12.613167] ? __pfx_kthread+0x10/0x10 [ 12.613188] ret_from_fork_asm+0x1a/0x30 [ 12.613220] </TASK> [ 12.613230] [ 12.621580] Allocated by task 191: [ 12.621778] kasan_save_stack+0x45/0x70 [ 12.622025] kasan_save_track+0x18/0x40 [ 12.622423] kasan_save_alloc_info+0x3b/0x50 [ 12.622634] __kasan_kmalloc+0xb7/0xc0 [ 12.622831] __kmalloc_cache_noprof+0x189/0x420 [ 12.623122] kmalloc_oob_memset_4+0xac/0x330 [ 12.623348] kunit_try_run_case+0x1a5/0x480 [ 12.623516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.623692] kthread+0x337/0x6f0 [ 12.623971] ret_from_fork+0x116/0x1d0 [ 12.624179] ret_from_fork_asm+0x1a/0x30 [ 12.624374] [ 12.624470] The buggy address belongs to the object at ffff888102b0c500 [ 12.624470] which belongs to the cache kmalloc-128 of size 128 [ 12.625114] The buggy address is located 117 bytes inside of [ 12.625114] allocated 120-byte region [ffff888102b0c500, ffff888102b0c578) [ 12.625749] [ 12.625875] The buggy address belongs to the physical page: [ 12.626244] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 12.626603] flags: 0x200000000000000(node=0|zone=2) [ 12.626832] page_type: f5(slab) [ 12.626973] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.627634] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.628173] page dumped because: kasan: bad access detected [ 12.628388] [ 12.628459] Memory state around the buggy address: [ 12.628684] ffff888102b0c400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.629038] ffff888102b0c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.629420] >ffff888102b0c500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.629905] ^ [ 12.630305] ffff888102b0c580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.630553] ffff888102b0c600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.630763] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 12.588420] ================================================================== [ 12.589002] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.589319] Write of size 2 at addr ffff888102b0c477 by task kunit_try_catch/189 [ 12.589635] [ 12.589746] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.589814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.589825] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.589844] Call Trace: [ 12.589856] <TASK> [ 12.589870] dump_stack_lvl+0x73/0xb0 [ 12.589898] print_report+0xd1/0x650 [ 12.589920] ? __virt_addr_valid+0x1db/0x2d0 [ 12.589943] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.589964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.589987] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.590061] kasan_report+0x141/0x180 [ 12.590106] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.590133] kasan_check_range+0x10c/0x1c0 [ 12.590158] __asan_memset+0x27/0x50 [ 12.590180] kmalloc_oob_memset_2+0x166/0x330 [ 12.590204] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.590228] ? __schedule+0x10cc/0x2b60 [ 12.590251] ? __pfx_read_tsc+0x10/0x10 [ 12.590270] ? ktime_get_ts64+0x86/0x230 [ 12.590294] kunit_try_run_case+0x1a5/0x480 [ 12.590317] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.590341] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.590366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.590409] ? __kthread_parkme+0x82/0x180 [ 12.590429] ? preempt_count_sub+0x50/0x80 [ 12.590452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.590476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.590501] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.590525] kthread+0x337/0x6f0 [ 12.590544] ? trace_preempt_on+0x20/0xc0 [ 12.590567] ? __pfx_kthread+0x10/0x10 [ 12.590587] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.590608] ? calculate_sigpending+0x7b/0xa0 [ 12.590631] ? __pfx_kthread+0x10/0x10 [ 12.590671] ret_from_fork+0x116/0x1d0 [ 12.590689] ? __pfx_kthread+0x10/0x10 [ 12.590710] ret_from_fork_asm+0x1a/0x30 [ 12.590742] </TASK> [ 12.590752] [ 12.598618] Allocated by task 189: [ 12.598817] kasan_save_stack+0x45/0x70 [ 12.599141] kasan_save_track+0x18/0x40 [ 12.599367] kasan_save_alloc_info+0x3b/0x50 [ 12.599625] __kasan_kmalloc+0xb7/0xc0 [ 12.600057] __kmalloc_cache_noprof+0x189/0x420 [ 12.600291] kmalloc_oob_memset_2+0xac/0x330 [ 12.600498] kunit_try_run_case+0x1a5/0x480 [ 12.600702] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.600965] kthread+0x337/0x6f0 [ 12.601138] ret_from_fork+0x116/0x1d0 [ 12.601273] ret_from_fork_asm+0x1a/0x30 [ 12.601411] [ 12.601482] The buggy address belongs to the object at ffff888102b0c400 [ 12.601482] which belongs to the cache kmalloc-128 of size 128 [ 12.601925] The buggy address is located 119 bytes inside of [ 12.601925] allocated 120-byte region [ffff888102b0c400, ffff888102b0c478) [ 12.602456] [ 12.602548] The buggy address belongs to the physical page: [ 12.602800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 12.603275] flags: 0x200000000000000(node=0|zone=2) [ 12.603511] page_type: f5(slab) [ 12.603665] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.603983] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.604271] page dumped because: kasan: bad access detected [ 12.604546] [ 12.604666] Memory state around the buggy address: [ 12.604992] ffff888102b0c300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.605344] ffff888102b0c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.605665] >ffff888102b0c400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.606059] ^ [ 12.606364] ffff888102b0c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.606726] ffff888102b0c500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.607252] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 12.566356] ================================================================== [ 12.566804] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 12.567278] Write of size 128 at addr ffff888102791500 by task kunit_try_catch/187 [ 12.567572] [ 12.567665] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.567705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.567716] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.567734] Call Trace: [ 12.567746] <TASK> [ 12.567759] dump_stack_lvl+0x73/0xb0 [ 12.567787] print_report+0xd1/0x650 [ 12.567886] ? __virt_addr_valid+0x1db/0x2d0 [ 12.567915] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.567936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.567967] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.567989] kasan_report+0x141/0x180 [ 12.568010] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.568062] kasan_check_range+0x10c/0x1c0 [ 12.568086] __asan_memset+0x27/0x50 [ 12.568105] kmalloc_oob_in_memset+0x15f/0x320 [ 12.568125] ? __kasan_check_write+0x18/0x20 [ 12.568145] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 12.568167] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.568193] ? trace_hardirqs_on+0x37/0xe0 [ 12.568216] ? __pfx_read_tsc+0x10/0x10 [ 12.568236] ? ktime_get_ts64+0x86/0x230 [ 12.568259] kunit_try_run_case+0x1a5/0x480 [ 12.568283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.568307] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.568331] ? __kthread_parkme+0x82/0x180 [ 12.568351] ? preempt_count_sub+0x50/0x80 [ 12.568374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.568398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.568422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.568447] kthread+0x337/0x6f0 [ 12.568465] ? trace_preempt_on+0x20/0xc0 [ 12.568486] ? __pfx_kthread+0x10/0x10 [ 12.568506] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.568527] ? calculate_sigpending+0x7b/0xa0 [ 12.568550] ? __pfx_kthread+0x10/0x10 [ 12.568571] ret_from_fork+0x116/0x1d0 [ 12.568589] ? __pfx_kthread+0x10/0x10 [ 12.568609] ret_from_fork_asm+0x1a/0x30 [ 12.568639] </TASK> [ 12.568648] [ 12.576545] Allocated by task 187: [ 12.576683] kasan_save_stack+0x45/0x70 [ 12.576936] kasan_save_track+0x18/0x40 [ 12.577123] kasan_save_alloc_info+0x3b/0x50 [ 12.577273] __kasan_kmalloc+0xb7/0xc0 [ 12.577443] __kmalloc_cache_noprof+0x189/0x420 [ 12.577659] kmalloc_oob_in_memset+0xac/0x320 [ 12.577846] kunit_try_run_case+0x1a5/0x480 [ 12.577990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.578365] kthread+0x337/0x6f0 [ 12.578540] ret_from_fork+0x116/0x1d0 [ 12.578729] ret_from_fork_asm+0x1a/0x30 [ 12.578924] [ 12.579175] The buggy address belongs to the object at ffff888102791500 [ 12.579175] which belongs to the cache kmalloc-128 of size 128 [ 12.579641] The buggy address is located 0 bytes inside of [ 12.579641] allocated 120-byte region [ffff888102791500, ffff888102791578) [ 12.580189] [ 12.580265] The buggy address belongs to the physical page: [ 12.580443] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 12.580793] flags: 0x200000000000000(node=0|zone=2) [ 12.581023] page_type: f5(slab) [ 12.581302] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.581583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.581992] page dumped because: kasan: bad access detected [ 12.582239] [ 12.582308] Memory state around the buggy address: [ 12.582461] ffff888102791400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.582716] ffff888102791480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.583292] >ffff888102791500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.583644] ^ [ 12.584115] ffff888102791580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.584428] ffff888102791600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.584738] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 12.543321] ================================================================== [ 12.543780] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 12.544074] Read of size 16 at addr ffff888102709180 by task kunit_try_catch/185 [ 12.544471] [ 12.544559] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.544600] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.544611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.544629] Call Trace: [ 12.544640] <TASK> [ 12.544655] dump_stack_lvl+0x73/0xb0 [ 12.544682] print_report+0xd1/0x650 [ 12.544703] ? __virt_addr_valid+0x1db/0x2d0 [ 12.544725] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.544745] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.544768] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.544788] kasan_report+0x141/0x180 [ 12.544809] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.544834] __asan_report_load16_noabort+0x18/0x20 [ 12.544860] kmalloc_uaf_16+0x47b/0x4c0 [ 12.544880] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 12.544902] ? __schedule+0x10cc/0x2b60 [ 12.544923] ? __pfx_read_tsc+0x10/0x10 [ 12.544944] ? ktime_get_ts64+0x86/0x230 [ 12.544967] kunit_try_run_case+0x1a5/0x480 [ 12.544990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.545049] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.545073] ? __kthread_parkme+0x82/0x180 [ 12.545094] ? preempt_count_sub+0x50/0x80 [ 12.545118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.545167] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.545192] kthread+0x337/0x6f0 [ 12.545210] ? trace_preempt_on+0x20/0xc0 [ 12.545250] ? __pfx_kthread+0x10/0x10 [ 12.545271] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.545292] ? calculate_sigpending+0x7b/0xa0 [ 12.545315] ? __pfx_kthread+0x10/0x10 [ 12.545336] ret_from_fork+0x116/0x1d0 [ 12.545354] ? __pfx_kthread+0x10/0x10 [ 12.545374] ret_from_fork_asm+0x1a/0x30 [ 12.545404] </TASK> [ 12.545414] [ 12.552672] Allocated by task 185: [ 12.552882] kasan_save_stack+0x45/0x70 [ 12.553109] kasan_save_track+0x18/0x40 [ 12.553253] kasan_save_alloc_info+0x3b/0x50 [ 12.553405] __kasan_kmalloc+0xb7/0xc0 [ 12.553576] __kmalloc_cache_noprof+0x189/0x420 [ 12.553790] kmalloc_uaf_16+0x15b/0x4c0 [ 12.553978] kunit_try_run_case+0x1a5/0x480 [ 12.554192] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.554441] kthread+0x337/0x6f0 [ 12.554601] ret_from_fork+0x116/0x1d0 [ 12.554731] ret_from_fork_asm+0x1a/0x30 [ 12.554868] [ 12.555064] Freed by task 185: [ 12.555223] kasan_save_stack+0x45/0x70 [ 12.555416] kasan_save_track+0x18/0x40 [ 12.555605] kasan_save_free_info+0x3f/0x60 [ 12.555806] __kasan_slab_free+0x56/0x70 [ 12.555972] kfree+0x222/0x3f0 [ 12.556145] kmalloc_uaf_16+0x1d6/0x4c0 [ 12.556315] kunit_try_run_case+0x1a5/0x480 [ 12.556460] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.556685] kthread+0x337/0x6f0 [ 12.556853] ret_from_fork+0x116/0x1d0 [ 12.557144] ret_from_fork_asm+0x1a/0x30 [ 12.557329] [ 12.557401] The buggy address belongs to the object at ffff888102709180 [ 12.557401] which belongs to the cache kmalloc-16 of size 16 [ 12.557799] The buggy address is located 0 bytes inside of [ 12.557799] freed 16-byte region [ffff888102709180, ffff888102709190) [ 12.558151] [ 12.558232] The buggy address belongs to the physical page: [ 12.558480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102709 [ 12.558825] flags: 0x200000000000000(node=0|zone=2) [ 12.559412] page_type: f5(slab) [ 12.559538] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.559770] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.560602] page dumped because: kasan: bad access detected [ 12.560917] [ 12.561012] Memory state around the buggy address: [ 12.561179] ffff888102709080: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc [ 12.561414] ffff888102709100: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 12.561729] >ffff888102709180: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.562238] ^ [ 12.562382] ffff888102709200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.562663] ffff888102709280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.563117] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 12.520542] ================================================================== [ 12.521508] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.521805] Write of size 16 at addr ffff888101debe20 by task kunit_try_catch/183 [ 12.522202] [ 12.522320] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.522364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.522375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.522394] Call Trace: [ 12.522406] <TASK> [ 12.522420] dump_stack_lvl+0x73/0xb0 [ 12.522451] print_report+0xd1/0x650 [ 12.522473] ? __virt_addr_valid+0x1db/0x2d0 [ 12.522496] ? kmalloc_oob_16+0x452/0x4a0 [ 12.522516] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.522541] ? kmalloc_oob_16+0x452/0x4a0 [ 12.522561] kasan_report+0x141/0x180 [ 12.522582] ? kmalloc_oob_16+0x452/0x4a0 [ 12.522607] __asan_report_store16_noabort+0x1b/0x30 [ 12.522632] kmalloc_oob_16+0x452/0x4a0 [ 12.522652] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.522674] ? __schedule+0x10cc/0x2b60 [ 12.522696] ? __pfx_read_tsc+0x10/0x10 [ 12.522718] ? ktime_get_ts64+0x86/0x230 [ 12.522743] kunit_try_run_case+0x1a5/0x480 [ 12.522768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.522791] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.522861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.522886] ? __kthread_parkme+0x82/0x180 [ 12.522907] ? preempt_count_sub+0x50/0x80 [ 12.522931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.522954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.522979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.523003] kthread+0x337/0x6f0 [ 12.523022] ? trace_preempt_on+0x20/0xc0 [ 12.523058] ? __pfx_kthread+0x10/0x10 [ 12.523078] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.523099] ? calculate_sigpending+0x7b/0xa0 [ 12.523123] ? __pfx_kthread+0x10/0x10 [ 12.523144] ret_from_fork+0x116/0x1d0 [ 12.523162] ? __pfx_kthread+0x10/0x10 [ 12.523182] ret_from_fork_asm+0x1a/0x30 [ 12.523212] </TASK> [ 12.523222] [ 12.530379] Allocated by task 183: [ 12.530627] kasan_save_stack+0x45/0x70 [ 12.530813] kasan_save_track+0x18/0x40 [ 12.530954] kasan_save_alloc_info+0x3b/0x50 [ 12.531118] __kasan_kmalloc+0xb7/0xc0 [ 12.531413] __kmalloc_cache_noprof+0x189/0x420 [ 12.531656] kmalloc_oob_16+0xa8/0x4a0 [ 12.531849] kunit_try_run_case+0x1a5/0x480 [ 12.532098] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.532480] kthread+0x337/0x6f0 [ 12.532689] ret_from_fork+0x116/0x1d0 [ 12.532899] ret_from_fork_asm+0x1a/0x30 [ 12.533133] [ 12.533205] The buggy address belongs to the object at ffff888101debe20 [ 12.533205] which belongs to the cache kmalloc-16 of size 16 [ 12.533592] The buggy address is located 0 bytes inside of [ 12.533592] allocated 13-byte region [ffff888101debe20, ffff888101debe2d) [ 12.534117] [ 12.534277] The buggy address belongs to the physical page: [ 12.534534] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101deb [ 12.534785] flags: 0x200000000000000(node=0|zone=2) [ 12.535122] page_type: f5(slab) [ 12.535387] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.535645] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.535870] page dumped because: kasan: bad access detected [ 12.536115] [ 12.536208] Memory state around the buggy address: [ 12.536429] ffff888101debd00: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 12.536952] ffff888101debd80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.537192] >ffff888101debe00: 00 05 fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 12.537405] ^ [ 12.537847] ffff888101debe80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.538525] ffff888101debf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.538747] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 12.469385] ================================================================== [ 12.469900] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 12.470525] Read of size 1 at addr ffff888100a96600 by task kunit_try_catch/181 [ 12.470895] [ 12.471023] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.471080] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.471091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.471109] Call Trace: [ 12.471120] <TASK> [ 12.471134] dump_stack_lvl+0x73/0xb0 [ 12.471162] print_report+0xd1/0x650 [ 12.471184] ? __virt_addr_valid+0x1db/0x2d0 [ 12.471205] ? krealloc_uaf+0x1b8/0x5e0 [ 12.471225] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.471248] ? krealloc_uaf+0x1b8/0x5e0 [ 12.471269] kasan_report+0x141/0x180 [ 12.471289] ? krealloc_uaf+0x1b8/0x5e0 [ 12.471313] ? krealloc_uaf+0x1b8/0x5e0 [ 12.471333] __kasan_check_byte+0x3d/0x50 [ 12.471354] krealloc_noprof+0x3f/0x340 [ 12.471377] krealloc_uaf+0x1b8/0x5e0 [ 12.471398] ? __pfx_krealloc_uaf+0x10/0x10 [ 12.471418] ? finish_task_switch.isra.0+0x153/0x700 [ 12.471440] ? __switch_to+0x47/0xf50 [ 12.471464] ? __schedule+0x10cc/0x2b60 [ 12.471485] ? __pfx_read_tsc+0x10/0x10 [ 12.471505] ? ktime_get_ts64+0x86/0x230 [ 12.471530] kunit_try_run_case+0x1a5/0x480 [ 12.471554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.471576] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.471599] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.471623] ? __kthread_parkme+0x82/0x180 [ 12.471643] ? preempt_count_sub+0x50/0x80 [ 12.471666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.471690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.471714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.471739] kthread+0x337/0x6f0 [ 12.471757] ? trace_preempt_on+0x20/0xc0 [ 12.471779] ? __pfx_kthread+0x10/0x10 [ 12.471798] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.471838] ? calculate_sigpending+0x7b/0xa0 [ 12.471862] ? __pfx_kthread+0x10/0x10 [ 12.471883] ret_from_fork+0x116/0x1d0 [ 12.471901] ? __pfx_kthread+0x10/0x10 [ 12.471921] ret_from_fork_asm+0x1a/0x30 [ 12.471958] </TASK> [ 12.471968] [ 12.479375] Allocated by task 181: [ 12.479530] kasan_save_stack+0x45/0x70 [ 12.479723] kasan_save_track+0x18/0x40 [ 12.479858] kasan_save_alloc_info+0x3b/0x50 [ 12.480162] __kasan_kmalloc+0xb7/0xc0 [ 12.480351] __kmalloc_cache_noprof+0x189/0x420 [ 12.480543] krealloc_uaf+0xbb/0x5e0 [ 12.480672] kunit_try_run_case+0x1a5/0x480 [ 12.480869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.481134] kthread+0x337/0x6f0 [ 12.481301] ret_from_fork+0x116/0x1d0 [ 12.481437] ret_from_fork_asm+0x1a/0x30 [ 12.481624] [ 12.481718] Freed by task 181: [ 12.481873] kasan_save_stack+0x45/0x70 [ 12.482207] kasan_save_track+0x18/0x40 [ 12.482388] kasan_save_free_info+0x3f/0x60 [ 12.482569] __kasan_slab_free+0x56/0x70 [ 12.482745] kfree+0x222/0x3f0 [ 12.483068] krealloc_uaf+0x13d/0x5e0 [ 12.483242] kunit_try_run_case+0x1a5/0x480 [ 12.483423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.483644] kthread+0x337/0x6f0 [ 12.483791] ret_from_fork+0x116/0x1d0 [ 12.483977] ret_from_fork_asm+0x1a/0x30 [ 12.484285] [ 12.484375] The buggy address belongs to the object at ffff888100a96600 [ 12.484375] which belongs to the cache kmalloc-256 of size 256 [ 12.484780] The buggy address is located 0 bytes inside of [ 12.484780] freed 256-byte region [ffff888100a96600, ffff888100a96700) [ 12.485141] [ 12.485233] The buggy address belongs to the physical page: [ 12.485478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.485826] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.486306] flags: 0x200000000000040(head|node=0|zone=2) [ 12.486559] page_type: f5(slab) [ 12.486690] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.487088] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.487352] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.487585] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.487815] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.488069] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.488409] page dumped because: kasan: bad access detected [ 12.488661] [ 12.488753] Memory state around the buggy address: [ 12.489000] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.489330] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.489646] >ffff888100a96600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.489971] ^ [ 12.490109] ffff888100a96680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.490382] ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.490635] ================================================================== [ 12.491165] ================================================================== [ 12.491526] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 12.492222] Read of size 1 at addr ffff888100a96600 by task kunit_try_catch/181 [ 12.492560] [ 12.492667] CPU: 1 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.492706] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.492717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.492736] Call Trace: [ 12.492749] <TASK> [ 12.492763] dump_stack_lvl+0x73/0xb0 [ 12.492792] print_report+0xd1/0x650 [ 12.492897] ? __virt_addr_valid+0x1db/0x2d0 [ 12.492922] ? krealloc_uaf+0x53c/0x5e0 [ 12.492943] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.492966] ? krealloc_uaf+0x53c/0x5e0 [ 12.492987] kasan_report+0x141/0x180 [ 12.493008] ? krealloc_uaf+0x53c/0x5e0 [ 12.493048] __asan_report_load1_noabort+0x18/0x20 [ 12.493073] krealloc_uaf+0x53c/0x5e0 [ 12.493093] ? __pfx_krealloc_uaf+0x10/0x10 [ 12.493114] ? finish_task_switch.isra.0+0x153/0x700 [ 12.493136] ? __switch_to+0x47/0xf50 [ 12.493159] ? __schedule+0x10cc/0x2b60 [ 12.493181] ? __pfx_read_tsc+0x10/0x10 [ 12.493201] ? ktime_get_ts64+0x86/0x230 [ 12.493224] kunit_try_run_case+0x1a5/0x480 [ 12.493248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.493270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.493293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.493317] ? __kthread_parkme+0x82/0x180 [ 12.493336] ? preempt_count_sub+0x50/0x80 [ 12.493358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.493382] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.493406] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.493430] kthread+0x337/0x6f0 [ 12.493448] ? trace_preempt_on+0x20/0xc0 [ 12.493470] ? __pfx_kthread+0x10/0x10 [ 12.493491] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.493511] ? calculate_sigpending+0x7b/0xa0 [ 12.493535] ? __pfx_kthread+0x10/0x10 [ 12.493556] ret_from_fork+0x116/0x1d0 [ 12.493573] ? __pfx_kthread+0x10/0x10 [ 12.493593] ret_from_fork_asm+0x1a/0x30 [ 12.493623] </TASK> [ 12.493632] [ 12.504639] Allocated by task 181: [ 12.504777] kasan_save_stack+0x45/0x70 [ 12.504924] kasan_save_track+0x18/0x40 [ 12.505076] kasan_save_alloc_info+0x3b/0x50 [ 12.505266] __kasan_kmalloc+0xb7/0xc0 [ 12.505449] __kmalloc_cache_noprof+0x189/0x420 [ 12.505669] krealloc_uaf+0xbb/0x5e0 [ 12.505866] kunit_try_run_case+0x1a5/0x480 [ 12.506015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.506299] kthread+0x337/0x6f0 [ 12.506477] ret_from_fork+0x116/0x1d0 [ 12.506663] ret_from_fork_asm+0x1a/0x30 [ 12.507643] [ 12.507723] Freed by task 181: [ 12.507841] kasan_save_stack+0x45/0x70 [ 12.508058] kasan_save_track+0x18/0x40 [ 12.508244] kasan_save_free_info+0x3f/0x60 [ 12.508429] __kasan_slab_free+0x56/0x70 [ 12.508564] kfree+0x222/0x3f0 [ 12.508678] krealloc_uaf+0x13d/0x5e0 [ 12.509246] kunit_try_run_case+0x1a5/0x480 [ 12.509470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.509724] kthread+0x337/0x6f0 [ 12.509912] ret_from_fork+0x116/0x1d0 [ 12.510108] ret_from_fork_asm+0x1a/0x30 [ 12.510246] [ 12.510318] The buggy address belongs to the object at ffff888100a96600 [ 12.510318] which belongs to the cache kmalloc-256 of size 256 [ 12.510831] The buggy address is located 0 bytes inside of [ 12.510831] freed 256-byte region [ffff888100a96600, ffff888100a96700) [ 12.511402] [ 12.511479] The buggy address belongs to the physical page: [ 12.511679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.512341] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.512639] flags: 0x200000000000040(head|node=0|zone=2) [ 12.513101] page_type: f5(slab) [ 12.513244] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.513583] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.513951] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.514306] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.514575] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.514902] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.515356] page dumped because: kasan: bad access detected [ 12.515596] [ 12.515690] Memory state around the buggy address: [ 12.515890] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.516218] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.516461] >ffff888100a96600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.516750] ^ [ 12.516864] ffff888100a96680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.517088] ffff888100a96700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.517377] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 12.262767] ================================================================== [ 12.263303] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.263622] Write of size 1 at addr ffff888100a964da by task kunit_try_catch/175 [ 12.263871] [ 12.264157] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.264202] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.264213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.264233] Call Trace: [ 12.264248] <TASK> [ 12.264263] dump_stack_lvl+0x73/0xb0 [ 12.264292] print_report+0xd1/0x650 [ 12.264314] ? __virt_addr_valid+0x1db/0x2d0 [ 12.264336] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.264360] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.264382] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.264406] kasan_report+0x141/0x180 [ 12.264427] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.264455] __asan_report_store1_noabort+0x1b/0x30 [ 12.264480] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.264505] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.264530] ? finish_task_switch.isra.0+0x153/0x700 [ 12.264553] ? __switch_to+0x47/0xf50 [ 12.264577] ? __schedule+0x10cc/0x2b60 [ 12.264598] ? __pfx_read_tsc+0x10/0x10 [ 12.264621] krealloc_less_oob+0x1c/0x30 [ 12.264642] kunit_try_run_case+0x1a5/0x480 [ 12.264666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.264688] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.264711] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.264734] ? __kthread_parkme+0x82/0x180 [ 12.264753] ? preempt_count_sub+0x50/0x80 [ 12.264775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.264799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.264841] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.264866] kthread+0x337/0x6f0 [ 12.264884] ? trace_preempt_on+0x20/0xc0 [ 12.264907] ? __pfx_kthread+0x10/0x10 [ 12.264927] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.264996] ? calculate_sigpending+0x7b/0xa0 [ 12.265021] ? __pfx_kthread+0x10/0x10 [ 12.265056] ret_from_fork+0x116/0x1d0 [ 12.265074] ? __pfx_kthread+0x10/0x10 [ 12.265094] ret_from_fork_asm+0x1a/0x30 [ 12.265125] </TASK> [ 12.265134] [ 12.273329] Allocated by task 175: [ 12.273459] kasan_save_stack+0x45/0x70 [ 12.273658] kasan_save_track+0x18/0x40 [ 12.274021] kasan_save_alloc_info+0x3b/0x50 [ 12.274289] __kasan_krealloc+0x190/0x1f0 [ 12.274477] krealloc_noprof+0xf3/0x340 [ 12.274613] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.274863] krealloc_less_oob+0x1c/0x30 [ 12.275136] kunit_try_run_case+0x1a5/0x480 [ 12.275344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.275520] kthread+0x337/0x6f0 [ 12.275639] ret_from_fork+0x116/0x1d0 [ 12.275796] ret_from_fork_asm+0x1a/0x30 [ 12.276167] [ 12.276269] The buggy address belongs to the object at ffff888100a96400 [ 12.276269] which belongs to the cache kmalloc-256 of size 256 [ 12.276798] The buggy address is located 17 bytes to the right of [ 12.276798] allocated 201-byte region [ffff888100a96400, ffff888100a964c9) [ 12.277405] [ 12.277485] The buggy address belongs to the physical page: [ 12.277657] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.278227] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.278729] flags: 0x200000000000040(head|node=0|zone=2) [ 12.278901] page_type: f5(slab) [ 12.279018] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.279811] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.280281] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.280518] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.281042] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.281378] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.281633] page dumped because: kasan: bad access detected [ 12.281896] [ 12.281988] Memory state around the buggy address: [ 12.282180] ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.282613] ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.283131] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.283406] ^ [ 12.283663] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.284070] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.284290] ================================================================== [ 12.307333] ================================================================== [ 12.307601] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.308046] Write of size 1 at addr ffff888100a964eb by task kunit_try_catch/175 [ 12.308280] [ 12.308389] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.308429] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.308439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.308458] Call Trace: [ 12.308472] <TASK> [ 12.308485] dump_stack_lvl+0x73/0xb0 [ 12.308514] print_report+0xd1/0x650 [ 12.308538] ? __virt_addr_valid+0x1db/0x2d0 [ 12.308563] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.308592] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.308615] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.308640] kasan_report+0x141/0x180 [ 12.308661] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.308689] __asan_report_store1_noabort+0x1b/0x30 [ 12.308714] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.308739] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.308766] ? finish_task_switch.isra.0+0x153/0x700 [ 12.308789] ? __switch_to+0x47/0xf50 [ 12.308813] ? __schedule+0x10cc/0x2b60 [ 12.308834] ? __pfx_read_tsc+0x10/0x10 [ 12.308857] krealloc_less_oob+0x1c/0x30 [ 12.308878] kunit_try_run_case+0x1a5/0x480 [ 12.308902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.308925] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.309165] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.309191] ? __kthread_parkme+0x82/0x180 [ 12.309211] ? preempt_count_sub+0x50/0x80 [ 12.309234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.309258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.309283] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.309308] kthread+0x337/0x6f0 [ 12.309326] ? trace_preempt_on+0x20/0xc0 [ 12.309349] ? __pfx_kthread+0x10/0x10 [ 12.309369] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.309390] ? calculate_sigpending+0x7b/0xa0 [ 12.309413] ? __pfx_kthread+0x10/0x10 [ 12.309434] ret_from_fork+0x116/0x1d0 [ 12.309479] ? __pfx_kthread+0x10/0x10 [ 12.309500] ret_from_fork_asm+0x1a/0x30 [ 12.309530] </TASK> [ 12.309539] [ 12.317703] Allocated by task 175: [ 12.317985] kasan_save_stack+0x45/0x70 [ 12.318171] kasan_save_track+0x18/0x40 [ 12.318333] kasan_save_alloc_info+0x3b/0x50 [ 12.318540] __kasan_krealloc+0x190/0x1f0 [ 12.318703] krealloc_noprof+0xf3/0x340 [ 12.318853] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.319254] krealloc_less_oob+0x1c/0x30 [ 12.319486] kunit_try_run_case+0x1a5/0x480 [ 12.319669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.319845] kthread+0x337/0x6f0 [ 12.319968] ret_from_fork+0x116/0x1d0 [ 12.320305] ret_from_fork_asm+0x1a/0x30 [ 12.320503] [ 12.320599] The buggy address belongs to the object at ffff888100a96400 [ 12.320599] which belongs to the cache kmalloc-256 of size 256 [ 12.321406] The buggy address is located 34 bytes to the right of [ 12.321406] allocated 201-byte region [ffff888100a96400, ffff888100a964c9) [ 12.321990] [ 12.322137] The buggy address belongs to the physical page: [ 12.322394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.322763] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.323243] flags: 0x200000000000040(head|node=0|zone=2) [ 12.323517] page_type: f5(slab) [ 12.323687] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.324176] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.324531] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.325135] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.325446] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.325898] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.326239] page dumped because: kasan: bad access detected [ 12.326492] [ 12.326612] Memory state around the buggy address: [ 12.326884] ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.327286] ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.327580] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.328024] ^ [ 12.328287] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.328607] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.328932] ================================================================== [ 12.203925] ================================================================== [ 12.204408] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.204732] Write of size 1 at addr ffff888100a964c9 by task kunit_try_catch/175 [ 12.205257] [ 12.205372] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.205417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.205688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.205712] Call Trace: [ 12.205723] <TASK> [ 12.205738] dump_stack_lvl+0x73/0xb0 [ 12.205781] print_report+0xd1/0x650 [ 12.205803] ? __virt_addr_valid+0x1db/0x2d0 [ 12.205825] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.205859] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.205942] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.205967] kasan_report+0x141/0x180 [ 12.205988] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.206025] __asan_report_store1_noabort+0x1b/0x30 [ 12.206061] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.206098] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.206123] ? finish_task_switch.isra.0+0x153/0x700 [ 12.206146] ? __switch_to+0x47/0xf50 [ 12.206172] ? __schedule+0x10cc/0x2b60 [ 12.206193] ? __pfx_read_tsc+0x10/0x10 [ 12.206217] krealloc_less_oob+0x1c/0x30 [ 12.206239] kunit_try_run_case+0x1a5/0x480 [ 12.206264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.206287] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.206310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.206335] ? __kthread_parkme+0x82/0x180 [ 12.206356] ? preempt_count_sub+0x50/0x80 [ 12.206378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.206402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.206427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.206452] kthread+0x337/0x6f0 [ 12.206472] ? trace_preempt_on+0x20/0xc0 [ 12.206496] ? __pfx_kthread+0x10/0x10 [ 12.206516] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.206538] ? calculate_sigpending+0x7b/0xa0 [ 12.206561] ? __pfx_kthread+0x10/0x10 [ 12.206581] ret_from_fork+0x116/0x1d0 [ 12.206599] ? __pfx_kthread+0x10/0x10 [ 12.206619] ret_from_fork_asm+0x1a/0x30 [ 12.206649] </TASK> [ 12.206659] [ 12.215261] Allocated by task 175: [ 12.215393] kasan_save_stack+0x45/0x70 [ 12.215580] kasan_save_track+0x18/0x40 [ 12.215769] kasan_save_alloc_info+0x3b/0x50 [ 12.216008] __kasan_krealloc+0x190/0x1f0 [ 12.216162] krealloc_noprof+0xf3/0x340 [ 12.216298] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.216869] krealloc_less_oob+0x1c/0x30 [ 12.217225] kunit_try_run_case+0x1a5/0x480 [ 12.217483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.217667] kthread+0x337/0x6f0 [ 12.217790] ret_from_fork+0x116/0x1d0 [ 12.217966] ret_from_fork_asm+0x1a/0x30 [ 12.218168] [ 12.218274] The buggy address belongs to the object at ffff888100a96400 [ 12.218274] which belongs to the cache kmalloc-256 of size 256 [ 12.218797] The buggy address is located 0 bytes to the right of [ 12.218797] allocated 201-byte region [ffff888100a96400, ffff888100a964c9) [ 12.219704] [ 12.219806] The buggy address belongs to the physical page: [ 12.220262] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.220603] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.221088] flags: 0x200000000000040(head|node=0|zone=2) [ 12.221340] page_type: f5(slab) [ 12.221512] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.221768] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.222383] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.222673] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.223237] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.223572] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.224054] page dumped because: kasan: bad access detected [ 12.224293] [ 12.224363] Memory state around the buggy address: [ 12.224532] ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.224851] ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.225104] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.225417] ^ [ 12.225645] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.225888] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.226249] ================================================================== [ 12.420198] ================================================================== [ 12.420487] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.420784] Write of size 1 at addr ffff888102a520ea by task kunit_try_catch/179 [ 12.421259] [ 12.421344] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.421383] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.421393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.421411] Call Trace: [ 12.421423] <TASK> [ 12.421435] dump_stack_lvl+0x73/0xb0 [ 12.421462] print_report+0xd1/0x650 [ 12.421483] ? __virt_addr_valid+0x1db/0x2d0 [ 12.421504] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.421528] ? kasan_addr_to_slab+0x11/0xa0 [ 12.421548] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.421572] kasan_report+0x141/0x180 [ 12.421593] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.421621] __asan_report_store1_noabort+0x1b/0x30 [ 12.421646] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.421671] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.421696] ? finish_task_switch.isra.0+0x153/0x700 [ 12.421718] ? __switch_to+0x47/0xf50 [ 12.421743] ? __schedule+0x10cc/0x2b60 [ 12.421763] ? __pfx_read_tsc+0x10/0x10 [ 12.421786] krealloc_large_less_oob+0x1c/0x30 [ 12.421890] kunit_try_run_case+0x1a5/0x480 [ 12.421913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.421936] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.421975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.421999] ? __kthread_parkme+0x82/0x180 [ 12.422018] ? preempt_count_sub+0x50/0x80 [ 12.422049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.422073] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.422097] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.422122] kthread+0x337/0x6f0 [ 12.422140] ? trace_preempt_on+0x20/0xc0 [ 12.422163] ? __pfx_kthread+0x10/0x10 [ 12.422183] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.422203] ? calculate_sigpending+0x7b/0xa0 [ 12.422226] ? __pfx_kthread+0x10/0x10 [ 12.422247] ret_from_fork+0x116/0x1d0 [ 12.422265] ? __pfx_kthread+0x10/0x10 [ 12.422285] ret_from_fork_asm+0x1a/0x30 [ 12.422315] </TASK> [ 12.422324] [ 12.432101] The buggy address belongs to the physical page: [ 12.432350] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.432672] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.433532] flags: 0x200000000000040(head|node=0|zone=2) [ 12.434163] page_type: f8(unknown) [ 12.434391] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.435044] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.435535] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.436169] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.436724] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.437477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.438083] page dumped because: kasan: bad access detected [ 12.438448] [ 12.438543] Memory state around the buggy address: [ 12.438753] ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.439378] ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.439679] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.439978] ^ [ 12.440257] ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.440546] ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.440833] ================================================================== [ 12.371383] ================================================================== [ 12.371855] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372196] Write of size 1 at addr ffff888102a520c9 by task kunit_try_catch/179 [ 12.372497] [ 12.372593] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.372636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.372647] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.372666] Call Trace: [ 12.372679] <TASK> [ 12.372693] dump_stack_lvl+0x73/0xb0 [ 12.372722] print_report+0xd1/0x650 [ 12.372743] ? __virt_addr_valid+0x1db/0x2d0 [ 12.372765] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372788] ? kasan_addr_to_slab+0x11/0xa0 [ 12.372807] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372829] kasan_report+0x141/0x180 [ 12.372850] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372877] __asan_report_store1_noabort+0x1b/0x30 [ 12.372900] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.372924] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.372947] ? finish_task_switch.isra.0+0x153/0x700 [ 12.372969] ? __switch_to+0x47/0xf50 [ 12.372993] ? __schedule+0x10cc/0x2b60 [ 12.373013] ? __pfx_read_tsc+0x10/0x10 [ 12.373073] krealloc_large_less_oob+0x1c/0x30 [ 12.373098] kunit_try_run_case+0x1a5/0x480 [ 12.373125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.373149] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.373173] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.373196] ? __kthread_parkme+0x82/0x180 [ 12.373227] ? preempt_count_sub+0x50/0x80 [ 12.373256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.373280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.373304] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.373329] kthread+0x337/0x6f0 [ 12.373348] ? trace_preempt_on+0x20/0xc0 [ 12.373371] ? __pfx_kthread+0x10/0x10 [ 12.373391] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.373412] ? calculate_sigpending+0x7b/0xa0 [ 12.373436] ? __pfx_kthread+0x10/0x10 [ 12.373456] ret_from_fork+0x116/0x1d0 [ 12.373474] ? __pfx_kthread+0x10/0x10 [ 12.373511] ret_from_fork_asm+0x1a/0x30 [ 12.373541] </TASK> [ 12.373551] [ 12.381464] The buggy address belongs to the physical page: [ 12.381729] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.382095] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.382444] flags: 0x200000000000040(head|node=0|zone=2) [ 12.382658] page_type: f8(unknown) [ 12.382928] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.383277] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.383618] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.383984] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.384231] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.384570] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.385089] page dumped because: kasan: bad access detected [ 12.385313] [ 12.385410] Memory state around the buggy address: [ 12.385596] ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.385851] ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.386185] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.386504] ^ [ 12.386734] ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.387146] ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.387421] ================================================================== [ 12.404083] ================================================================== [ 12.404384] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.404678] Write of size 1 at addr ffff888102a520da by task kunit_try_catch/179 [ 12.405170] [ 12.405273] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.405312] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.405322] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.405341] Call Trace: [ 12.405354] <TASK> [ 12.405367] dump_stack_lvl+0x73/0xb0 [ 12.405397] print_report+0xd1/0x650 [ 12.405419] ? __virt_addr_valid+0x1db/0x2d0 [ 12.405441] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.405465] ? kasan_addr_to_slab+0x11/0xa0 [ 12.405486] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.405510] kasan_report+0x141/0x180 [ 12.405532] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.405560] __asan_report_store1_noabort+0x1b/0x30 [ 12.405585] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.405610] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.405635] ? finish_task_switch.isra.0+0x153/0x700 [ 12.405657] ? __switch_to+0x47/0xf50 [ 12.405681] ? __schedule+0x10cc/0x2b60 [ 12.405702] ? __pfx_read_tsc+0x10/0x10 [ 12.405726] krealloc_large_less_oob+0x1c/0x30 [ 12.405748] kunit_try_run_case+0x1a5/0x480 [ 12.405771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.405869] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.405897] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.405921] ? __kthread_parkme+0x82/0x180 [ 12.405941] ? preempt_count_sub+0x50/0x80 [ 12.405979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.406005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.406039] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.406064] kthread+0x337/0x6f0 [ 12.406082] ? trace_preempt_on+0x20/0xc0 [ 12.406105] ? __pfx_kthread+0x10/0x10 [ 12.406125] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.406146] ? calculate_sigpending+0x7b/0xa0 [ 12.406169] ? __pfx_kthread+0x10/0x10 [ 12.406190] ret_from_fork+0x116/0x1d0 [ 12.406208] ? __pfx_kthread+0x10/0x10 [ 12.406229] ret_from_fork_asm+0x1a/0x30 [ 12.406259] </TASK> [ 12.406268] [ 12.413672] The buggy address belongs to the physical page: [ 12.414027] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.414399] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.414734] flags: 0x200000000000040(head|node=0|zone=2) [ 12.415087] page_type: f8(unknown) [ 12.415259] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.415564] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.415917] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.416191] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.416485] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.416980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.417361] page dumped because: kasan: bad access detected [ 12.417537] [ 12.417606] Memory state around the buggy address: [ 12.417770] ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.418198] ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.418518] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.418895] ^ [ 12.419190] ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.419470] ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.419765] ================================================================== [ 12.284764] ================================================================== [ 12.285265] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.285727] Write of size 1 at addr ffff888100a964ea by task kunit_try_catch/175 [ 12.286142] [ 12.286249] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.286292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.286302] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.286321] Call Trace: [ 12.286335] <TASK> [ 12.286349] dump_stack_lvl+0x73/0xb0 [ 12.286377] print_report+0xd1/0x650 [ 12.286397] ? __virt_addr_valid+0x1db/0x2d0 [ 12.286419] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.286442] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.286464] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.286488] kasan_report+0x141/0x180 [ 12.286509] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.286537] __asan_report_store1_noabort+0x1b/0x30 [ 12.286561] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.286587] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.286612] ? finish_task_switch.isra.0+0x153/0x700 [ 12.286633] ? __switch_to+0x47/0xf50 [ 12.286657] ? __schedule+0x10cc/0x2b60 [ 12.286677] ? __pfx_read_tsc+0x10/0x10 [ 12.286701] krealloc_less_oob+0x1c/0x30 [ 12.286721] kunit_try_run_case+0x1a5/0x480 [ 12.286746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.286768] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.286791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.286815] ? __kthread_parkme+0x82/0x180 [ 12.286989] ? preempt_count_sub+0x50/0x80 [ 12.287013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.287053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.287078] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.287102] kthread+0x337/0x6f0 [ 12.287120] ? trace_preempt_on+0x20/0xc0 [ 12.287143] ? __pfx_kthread+0x10/0x10 [ 12.287163] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.287184] ? calculate_sigpending+0x7b/0xa0 [ 12.287207] ? __pfx_kthread+0x10/0x10 [ 12.287228] ret_from_fork+0x116/0x1d0 [ 12.287246] ? __pfx_kthread+0x10/0x10 [ 12.287265] ret_from_fork_asm+0x1a/0x30 [ 12.287295] </TASK> [ 12.287304] [ 12.295688] Allocated by task 175: [ 12.295929] kasan_save_stack+0x45/0x70 [ 12.296157] kasan_save_track+0x18/0x40 [ 12.296347] kasan_save_alloc_info+0x3b/0x50 [ 12.296559] __kasan_krealloc+0x190/0x1f0 [ 12.296746] krealloc_noprof+0xf3/0x340 [ 12.297110] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.297315] krealloc_less_oob+0x1c/0x30 [ 12.297464] kunit_try_run_case+0x1a5/0x480 [ 12.297673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.297896] kthread+0x337/0x6f0 [ 12.298158] ret_from_fork+0x116/0x1d0 [ 12.298369] ret_from_fork_asm+0x1a/0x30 [ 12.298602] [ 12.298692] The buggy address belongs to the object at ffff888100a96400 [ 12.298692] which belongs to the cache kmalloc-256 of size 256 [ 12.299392] The buggy address is located 33 bytes to the right of [ 12.299392] allocated 201-byte region [ffff888100a96400, ffff888100a964c9) [ 12.299789] [ 12.299988] The buggy address belongs to the physical page: [ 12.300452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.300744] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.300995] flags: 0x200000000000040(head|node=0|zone=2) [ 12.301281] page_type: f5(slab) [ 12.301599] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.302050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.302399] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.302712] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.302943] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.303285] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.303712] page dumped because: kasan: bad access detected [ 12.303882] [ 12.303957] Memory state around the buggy address: [ 12.304122] ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.304938] ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.305409] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.305720] ^ [ 12.306194] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.306450] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.306760] ================================================================== [ 12.442389] ================================================================== [ 12.442758] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.443359] Write of size 1 at addr ffff888102a520eb by task kunit_try_catch/179 [ 12.444040] [ 12.444256] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.444301] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.444313] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.444331] Call Trace: [ 12.444443] <TASK> [ 12.444460] dump_stack_lvl+0x73/0xb0 [ 12.444491] print_report+0xd1/0x650 [ 12.444512] ? __virt_addr_valid+0x1db/0x2d0 [ 12.444534] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.444557] ? kasan_addr_to_slab+0x11/0xa0 [ 12.444609] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.444634] kasan_report+0x141/0x180 [ 12.444655] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.444683] __asan_report_store1_noabort+0x1b/0x30 [ 12.444708] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.444734] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.444758] ? finish_task_switch.isra.0+0x153/0x700 [ 12.444779] ? __switch_to+0x47/0xf50 [ 12.444987] ? __schedule+0x10cc/0x2b60 [ 12.445015] ? __pfx_read_tsc+0x10/0x10 [ 12.445050] krealloc_large_less_oob+0x1c/0x30 [ 12.445074] kunit_try_run_case+0x1a5/0x480 [ 12.445097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.445121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.445149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.445173] ? __kthread_parkme+0x82/0x180 [ 12.445193] ? preempt_count_sub+0x50/0x80 [ 12.445215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.445239] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.445263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.445287] kthread+0x337/0x6f0 [ 12.445306] ? trace_preempt_on+0x20/0xc0 [ 12.445328] ? __pfx_kthread+0x10/0x10 [ 12.445347] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.445368] ? calculate_sigpending+0x7b/0xa0 [ 12.445392] ? __pfx_kthread+0x10/0x10 [ 12.445413] ret_from_fork+0x116/0x1d0 [ 12.445430] ? __pfx_kthread+0x10/0x10 [ 12.445450] ret_from_fork_asm+0x1a/0x30 [ 12.445480] </TASK> [ 12.445490] [ 12.456663] The buggy address belongs to the physical page: [ 12.457354] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.458076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.458464] flags: 0x200000000000040(head|node=0|zone=2) [ 12.458703] page_type: f8(unknown) [ 12.459221] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.459581] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.460245] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.460582] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.461369] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.461707] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.462339] page dumped because: kasan: bad access detected [ 12.462588] [ 12.462678] Memory state around the buggy address: [ 12.463027] ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.463343] ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.463634] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.464314] ^ [ 12.464545] ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.464982] ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.465296] ================================================================== [ 12.226998] ================================================================== [ 12.227323] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.227646] Write of size 1 at addr ffff888100a964d0 by task kunit_try_catch/175 [ 12.228181] [ 12.228300] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.228341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.228351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.228484] Call Trace: [ 12.228502] <TASK> [ 12.228515] dump_stack_lvl+0x73/0xb0 [ 12.228545] print_report+0xd1/0x650 [ 12.228566] ? __virt_addr_valid+0x1db/0x2d0 [ 12.228587] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.228611] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.228633] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.228657] kasan_report+0x141/0x180 [ 12.228678] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.228717] __asan_report_store1_noabort+0x1b/0x30 [ 12.228742] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.228779] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.228803] ? finish_task_switch.isra.0+0x153/0x700 [ 12.228825] ? __switch_to+0x47/0xf50 [ 12.228849] ? __schedule+0x10cc/0x2b60 [ 12.228870] ? __pfx_read_tsc+0x10/0x10 [ 12.228934] krealloc_less_oob+0x1c/0x30 [ 12.228958] kunit_try_run_case+0x1a5/0x480 [ 12.228983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.229005] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.229039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.229062] ? __kthread_parkme+0x82/0x180 [ 12.229082] ? preempt_count_sub+0x50/0x80 [ 12.229128] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.229152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.229187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.229212] kthread+0x337/0x6f0 [ 12.229230] ? trace_preempt_on+0x20/0xc0 [ 12.229252] ? __pfx_kthread+0x10/0x10 [ 12.229281] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.229302] ? calculate_sigpending+0x7b/0xa0 [ 12.229326] ? __pfx_kthread+0x10/0x10 [ 12.229358] ret_from_fork+0x116/0x1d0 [ 12.229376] ? __pfx_kthread+0x10/0x10 [ 12.229396] ret_from_fork_asm+0x1a/0x30 [ 12.229426] </TASK> [ 12.229444] [ 12.241554] Allocated by task 175: [ 12.242403] kasan_save_stack+0x45/0x70 [ 12.243081] kasan_save_track+0x18/0x40 [ 12.244117] kasan_save_alloc_info+0x3b/0x50 [ 12.244705] __kasan_krealloc+0x190/0x1f0 [ 12.244874] krealloc_noprof+0xf3/0x340 [ 12.245012] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.245188] krealloc_less_oob+0x1c/0x30 [ 12.245326] kunit_try_run_case+0x1a5/0x480 [ 12.245475] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.245651] kthread+0x337/0x6f0 [ 12.245770] ret_from_fork+0x116/0x1d0 [ 12.245901] ret_from_fork_asm+0x1a/0x30 [ 12.246509] [ 12.246744] The buggy address belongs to the object at ffff888100a96400 [ 12.246744] which belongs to the cache kmalloc-256 of size 256 [ 12.248671] The buggy address is located 7 bytes to the right of [ 12.248671] allocated 201-byte region [ffff888100a96400, ffff888100a964c9) [ 12.250314] [ 12.250661] The buggy address belongs to the physical page: [ 12.251386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a96 [ 12.252390] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.253369] flags: 0x200000000000040(head|node=0|zone=2) [ 12.254069] page_type: f5(slab) [ 12.254597] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.255474] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.256113] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.257073] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.257538] head: 0200000000000001 ffffea000402a581 00000000ffffffff 00000000ffffffff [ 12.257776] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.258404] page dumped because: kasan: bad access detected [ 12.258957] [ 12.259162] Memory state around the buggy address: [ 12.259600] ffff888100a96380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.260148] ffff888100a96400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.260756] >ffff888100a96480: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.261324] ^ [ 12.261510] ffff888100a96500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.261725] ffff888100a96580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.261952] ================================================================== [ 12.387950] ================================================================== [ 12.388206] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.388506] Write of size 1 at addr ffff888102a520d0 by task kunit_try_catch/179 [ 12.388992] [ 12.389090] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.389129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.389140] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.389157] Call Trace: [ 12.389168] <TASK> [ 12.389181] dump_stack_lvl+0x73/0xb0 [ 12.389208] print_report+0xd1/0x650 [ 12.389230] ? __virt_addr_valid+0x1db/0x2d0 [ 12.389252] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.389276] ? kasan_addr_to_slab+0x11/0xa0 [ 12.389296] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.389320] kasan_report+0x141/0x180 [ 12.389341] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.389370] __asan_report_store1_noabort+0x1b/0x30 [ 12.389395] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.389420] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.389445] ? finish_task_switch.isra.0+0x153/0x700 [ 12.389467] ? __switch_to+0x47/0xf50 [ 12.389490] ? __schedule+0x10cc/0x2b60 [ 12.389511] ? __pfx_read_tsc+0x10/0x10 [ 12.389534] krealloc_large_less_oob+0x1c/0x30 [ 12.389556] kunit_try_run_case+0x1a5/0x480 [ 12.389579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.389601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.389624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.389647] ? __kthread_parkme+0x82/0x180 [ 12.389667] ? preempt_count_sub+0x50/0x80 [ 12.389689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.389713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.389737] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.389761] kthread+0x337/0x6f0 [ 12.389779] ? trace_preempt_on+0x20/0xc0 [ 12.389870] ? __pfx_kthread+0x10/0x10 [ 12.389894] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.389933] ? calculate_sigpending+0x7b/0xa0 [ 12.389957] ? __pfx_kthread+0x10/0x10 [ 12.389978] ret_from_fork+0x116/0x1d0 [ 12.389996] ? __pfx_kthread+0x10/0x10 [ 12.390016] ret_from_fork_asm+0x1a/0x30 [ 12.390054] </TASK> [ 12.390064] [ 12.397867] The buggy address belongs to the physical page: [ 12.398074] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.398428] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.398733] flags: 0x200000000000040(head|node=0|zone=2) [ 12.398956] page_type: f8(unknown) [ 12.399233] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.399549] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.399913] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.400231] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.400462] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.400713] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.401220] page dumped because: kasan: bad access detected [ 12.401472] [ 12.401563] Memory state around the buggy address: [ 12.401743] ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.402116] ffff888102a52000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.402365] >ffff888102a52080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.402684] ^ [ 12.403061] ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.403357] ffff888102a52180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.403608] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 12.332334] ================================================================== [ 12.332804] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.333330] Write of size 1 at addr ffff888102ac20eb by task kunit_try_catch/177 [ 12.333614] [ 12.333791] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.334062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.334076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.334095] Call Trace: [ 12.334119] <TASK> [ 12.334134] dump_stack_lvl+0x73/0xb0 [ 12.334168] print_report+0xd1/0x650 [ 12.334190] ? __virt_addr_valid+0x1db/0x2d0 [ 12.334215] ? krealloc_more_oob_helper+0x821/0x930 [ 12.334241] ? kasan_addr_to_slab+0x11/0xa0 [ 12.334262] ? krealloc_more_oob_helper+0x821/0x930 [ 12.334288] kasan_report+0x141/0x180 [ 12.334309] ? krealloc_more_oob_helper+0x821/0x930 [ 12.334338] __asan_report_store1_noabort+0x1b/0x30 [ 12.334363] krealloc_more_oob_helper+0x821/0x930 [ 12.334385] ? __schedule+0x10cc/0x2b60 [ 12.334408] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.334434] ? finish_task_switch.isra.0+0x153/0x700 [ 12.334457] ? __switch_to+0x47/0xf50 [ 12.334482] ? __schedule+0x10cc/0x2b60 [ 12.334503] ? __pfx_read_tsc+0x10/0x10 [ 12.334527] krealloc_large_more_oob+0x1c/0x30 [ 12.334550] kunit_try_run_case+0x1a5/0x480 [ 12.334574] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.334596] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.334619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.334643] ? __kthread_parkme+0x82/0x180 [ 12.334663] ? preempt_count_sub+0x50/0x80 [ 12.334685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.334709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.334732] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.334757] kthread+0x337/0x6f0 [ 12.334776] ? trace_preempt_on+0x20/0xc0 [ 12.334799] ? __pfx_kthread+0x10/0x10 [ 12.334868] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.334891] ? calculate_sigpending+0x7b/0xa0 [ 12.334915] ? __pfx_kthread+0x10/0x10 [ 12.334936] ret_from_fork+0x116/0x1d0 [ 12.334954] ? __pfx_kthread+0x10/0x10 [ 12.334974] ret_from_fork_asm+0x1a/0x30 [ 12.335005] </TASK> [ 12.335015] [ 12.344856] The buggy address belongs to the physical page: [ 12.345149] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ac0 [ 12.345522] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.345919] flags: 0x200000000000040(head|node=0|zone=2) [ 12.346215] page_type: f8(unknown) [ 12.346342] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.346609] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.346995] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.347479] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.347976] head: 0200000000000002 ffffea00040ab001 00000000ffffffff 00000000ffffffff [ 12.348293] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.348584] page dumped because: kasan: bad access detected [ 12.349082] [ 12.349188] Memory state around the buggy address: [ 12.349359] ffff888102ac1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.349670] ffff888102ac2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.350051] >ffff888102ac2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 12.350351] ^ [ 12.350604] ffff888102ac2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.350923] ffff888102ac2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.351282] ================================================================== [ 12.175176] ================================================================== [ 12.175568] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.176333] Write of size 1 at addr ffff8881039c00f0 by task kunit_try_catch/173 [ 12.176995] [ 12.177177] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.177219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.177230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.177249] Call Trace: [ 12.177278] <TASK> [ 12.177293] dump_stack_lvl+0x73/0xb0 [ 12.177323] print_report+0xd1/0x650 [ 12.177358] ? __virt_addr_valid+0x1db/0x2d0 [ 12.177382] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.177406] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.177429] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.177453] kasan_report+0x141/0x180 [ 12.177483] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.177511] __asan_report_store1_noabort+0x1b/0x30 [ 12.177546] krealloc_more_oob_helper+0x7eb/0x930 [ 12.177569] ? __schedule+0x10cc/0x2b60 [ 12.177591] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.177616] ? finish_task_switch.isra.0+0x153/0x700 [ 12.177640] ? __switch_to+0x47/0xf50 [ 12.177665] ? __schedule+0x10cc/0x2b60 [ 12.177686] ? __pfx_read_tsc+0x10/0x10 [ 12.177710] krealloc_more_oob+0x1c/0x30 [ 12.177731] kunit_try_run_case+0x1a5/0x480 [ 12.177755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.177778] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.177801] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.177824] ? __kthread_parkme+0x82/0x180 [ 12.177844] ? preempt_count_sub+0x50/0x80 [ 12.177867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.177891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.177915] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.177950] kthread+0x337/0x6f0 [ 12.177968] ? trace_preempt_on+0x20/0xc0 [ 12.177992] ? __pfx_kthread+0x10/0x10 [ 12.178024] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.178063] ? calculate_sigpending+0x7b/0xa0 [ 12.178096] ? __pfx_kthread+0x10/0x10 [ 12.178126] ret_from_fork+0x116/0x1d0 [ 12.178144] ? __pfx_kthread+0x10/0x10 [ 12.178164] ret_from_fork_asm+0x1a/0x30 [ 12.178194] </TASK> [ 12.178203] [ 12.187351] Allocated by task 173: [ 12.187483] kasan_save_stack+0x45/0x70 [ 12.187632] kasan_save_track+0x18/0x40 [ 12.187871] kasan_save_alloc_info+0x3b/0x50 [ 12.188146] __kasan_krealloc+0x190/0x1f0 [ 12.188351] krealloc_noprof+0xf3/0x340 [ 12.188566] krealloc_more_oob_helper+0x1a9/0x930 [ 12.188775] krealloc_more_oob+0x1c/0x30 [ 12.189056] kunit_try_run_case+0x1a5/0x480 [ 12.189210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.189389] kthread+0x337/0x6f0 [ 12.189578] ret_from_fork+0x116/0x1d0 [ 12.189763] ret_from_fork_asm+0x1a/0x30 [ 12.189956] [ 12.190057] The buggy address belongs to the object at ffff8881039c0000 [ 12.190057] which belongs to the cache kmalloc-256 of size 256 [ 12.190889] The buggy address is located 5 bytes to the right of [ 12.190889] allocated 235-byte region [ffff8881039c0000, ffff8881039c00eb) [ 12.191638] [ 12.191724] The buggy address belongs to the physical page: [ 12.192386] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 12.192745] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.193232] flags: 0x200000000000040(head|node=0|zone=2) [ 12.193491] page_type: f5(slab) [ 12.193668] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.193982] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.194220] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.194662] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.195003] head: 0200000000000001 ffffea00040e7001 00000000ffffffff 00000000ffffffff [ 12.195476] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.195700] page dumped because: kasan: bad access detected [ 12.196221] [ 12.196353] Memory state around the buggy address: [ 12.196582] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.197022] ffff8881039c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.197278] >ffff8881039c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.197596] ^ [ 12.198080] ffff8881039c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.198378] ffff8881039c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.198666] ================================================================== [ 12.351699] ================================================================== [ 12.352105] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.352598] Write of size 1 at addr ffff888102ac20f0 by task kunit_try_catch/177 [ 12.352968] [ 12.353094] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.353135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.353146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.353165] Call Trace: [ 12.353177] <TASK> [ 12.353191] dump_stack_lvl+0x73/0xb0 [ 12.353219] print_report+0xd1/0x650 [ 12.353241] ? __virt_addr_valid+0x1db/0x2d0 [ 12.353263] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.353286] ? kasan_addr_to_slab+0x11/0xa0 [ 12.353306] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.353330] kasan_report+0x141/0x180 [ 12.353351] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.353379] __asan_report_store1_noabort+0x1b/0x30 [ 12.353404] krealloc_more_oob_helper+0x7eb/0x930 [ 12.353426] ? __schedule+0x10cc/0x2b60 [ 12.353447] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.353472] ? finish_task_switch.isra.0+0x153/0x700 [ 12.353494] ? __switch_to+0x47/0xf50 [ 12.353519] ? __schedule+0x10cc/0x2b60 [ 12.353540] ? __pfx_read_tsc+0x10/0x10 [ 12.353563] krealloc_large_more_oob+0x1c/0x30 [ 12.353586] kunit_try_run_case+0x1a5/0x480 [ 12.353609] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.353632] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.353655] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.353679] ? __kthread_parkme+0x82/0x180 [ 12.353698] ? preempt_count_sub+0x50/0x80 [ 12.353721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.353745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.353768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.353793] kthread+0x337/0x6f0 [ 12.353811] ? trace_preempt_on+0x20/0xc0 [ 12.353834] ? __pfx_kthread+0x10/0x10 [ 12.353854] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.353876] ? calculate_sigpending+0x7b/0xa0 [ 12.353899] ? __pfx_kthread+0x10/0x10 [ 12.353920] ret_from_fork+0x116/0x1d0 [ 12.353938] ? __pfx_kthread+0x10/0x10 [ 12.353958] ret_from_fork_asm+0x1a/0x30 [ 12.353988] </TASK> [ 12.353997] [ 12.361666] The buggy address belongs to the physical page: [ 12.361972] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ac0 [ 12.362244] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.362579] flags: 0x200000000000040(head|node=0|zone=2) [ 12.362816] page_type: f8(unknown) [ 12.363170] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.363430] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.363767] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.364082] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.364347] head: 0200000000000002 ffffea00040ab001 00000000ffffffff 00000000ffffffff [ 12.364654] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.364885] page dumped because: kasan: bad access detected [ 12.365221] [ 12.365322] Memory state around the buggy address: [ 12.365542] ffff888102ac1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.365936] ffff888102ac2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.366241] >ffff888102ac2080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 12.366509] ^ [ 12.366782] ffff888102ac2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.367105] ffff888102ac2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.367372] ================================================================== [ 12.139126] ================================================================== [ 12.140382] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.141099] Write of size 1 at addr ffff8881039c00eb by task kunit_try_catch/173 [ 12.141729] [ 12.141818] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.141859] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.141870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.141888] Call Trace: [ 12.141900] <TASK> [ 12.141913] dump_stack_lvl+0x73/0xb0 [ 12.141997] print_report+0xd1/0x650 [ 12.142065] ? __virt_addr_valid+0x1db/0x2d0 [ 12.142087] ? krealloc_more_oob_helper+0x821/0x930 [ 12.142110] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.142144] ? krealloc_more_oob_helper+0x821/0x930 [ 12.142168] kasan_report+0x141/0x180 [ 12.142189] ? krealloc_more_oob_helper+0x821/0x930 [ 12.142243] __asan_report_store1_noabort+0x1b/0x30 [ 12.142268] krealloc_more_oob_helper+0x821/0x930 [ 12.142291] ? __schedule+0x10cc/0x2b60 [ 12.142324] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.142348] ? finish_task_switch.isra.0+0x153/0x700 [ 12.142371] ? __switch_to+0x47/0xf50 [ 12.142396] ? __schedule+0x10cc/0x2b60 [ 12.142417] ? __pfx_read_tsc+0x10/0x10 [ 12.142441] krealloc_more_oob+0x1c/0x30 [ 12.142462] kunit_try_run_case+0x1a5/0x480 [ 12.142487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.142510] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.142532] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.142555] ? __kthread_parkme+0x82/0x180 [ 12.142576] ? preempt_count_sub+0x50/0x80 [ 12.142599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.142623] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.142647] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.142671] kthread+0x337/0x6f0 [ 12.142690] ? trace_preempt_on+0x20/0xc0 [ 12.142712] ? __pfx_kthread+0x10/0x10 [ 12.142732] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.142753] ? calculate_sigpending+0x7b/0xa0 [ 12.142776] ? __pfx_kthread+0x10/0x10 [ 12.142797] ret_from_fork+0x116/0x1d0 [ 12.142965] ? __pfx_kthread+0x10/0x10 [ 12.142991] ret_from_fork_asm+0x1a/0x30 [ 12.143022] </TASK> [ 12.143044] [ 12.156807] Allocated by task 173: [ 12.157072] kasan_save_stack+0x45/0x70 [ 12.157496] kasan_save_track+0x18/0x40 [ 12.157855] kasan_save_alloc_info+0x3b/0x50 [ 12.158368] __kasan_krealloc+0x190/0x1f0 [ 12.158657] krealloc_noprof+0xf3/0x340 [ 12.158983] krealloc_more_oob_helper+0x1a9/0x930 [ 12.159463] krealloc_more_oob+0x1c/0x30 [ 12.159613] kunit_try_run_case+0x1a5/0x480 [ 12.159761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.160314] kthread+0x337/0x6f0 [ 12.160650] ret_from_fork+0x116/0x1d0 [ 12.161022] ret_from_fork_asm+0x1a/0x30 [ 12.161501] [ 12.161682] The buggy address belongs to the object at ffff8881039c0000 [ 12.161682] which belongs to the cache kmalloc-256 of size 256 [ 12.162550] The buggy address is located 0 bytes to the right of [ 12.162550] allocated 235-byte region [ffff8881039c0000, ffff8881039c00eb) [ 12.163125] [ 12.163307] The buggy address belongs to the physical page: [ 12.163868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 12.164685] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.165424] flags: 0x200000000000040(head|node=0|zone=2) [ 12.165970] page_type: f5(slab) [ 12.166293] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.166785] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.167386] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.167624] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.167996] head: 0200000000000001 ffffea00040e7001 00000000ffffffff 00000000ffffffff [ 12.168736] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.169533] page dumped because: kasan: bad access detected [ 12.170095] [ 12.170259] Memory state around the buggy address: [ 12.170703] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.171352] ffff8881039c0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.171793] >ffff8881039c0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.172461] ^ [ 12.172665] ffff8881039c0100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.173101] ffff8881039c0180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.173848] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 12.109689] ================================================================== [ 12.110439] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 12.110656] Read of size 1 at addr ffff8881039c0000 by task kunit_try_catch/171 [ 12.110876] [ 12.112087] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.112143] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.112155] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.112174] Call Trace: [ 12.112186] <TASK> [ 12.112200] dump_stack_lvl+0x73/0xb0 [ 12.112230] print_report+0xd1/0x650 [ 12.112252] ? __virt_addr_valid+0x1db/0x2d0 [ 12.112275] ? page_alloc_uaf+0x356/0x3d0 [ 12.112295] ? kasan_addr_to_slab+0x11/0xa0 [ 12.112316] ? page_alloc_uaf+0x356/0x3d0 [ 12.112337] kasan_report+0x141/0x180 [ 12.112358] ? page_alloc_uaf+0x356/0x3d0 [ 12.112384] __asan_report_load1_noabort+0x18/0x20 [ 12.112408] page_alloc_uaf+0x356/0x3d0 [ 12.112429] ? __pfx_page_alloc_uaf+0x10/0x10 [ 12.112451] ? __schedule+0x10cc/0x2b60 [ 12.112472] ? __pfx_read_tsc+0x10/0x10 [ 12.112492] ? ktime_get_ts64+0x86/0x230 [ 12.112516] kunit_try_run_case+0x1a5/0x480 [ 12.112540] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.112562] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.112585] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.112608] ? __kthread_parkme+0x82/0x180 [ 12.112627] ? preempt_count_sub+0x50/0x80 [ 12.112650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.112673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.112697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.112722] kthread+0x337/0x6f0 [ 12.112740] ? trace_preempt_on+0x20/0xc0 [ 12.112762] ? __pfx_kthread+0x10/0x10 [ 12.112782] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.112802] ? calculate_sigpending+0x7b/0xa0 [ 12.112826] ? __pfx_kthread+0x10/0x10 [ 12.112846] ret_from_fork+0x116/0x1d0 [ 12.112864] ? __pfx_kthread+0x10/0x10 [ 12.112884] ret_from_fork_asm+0x1a/0x30 [ 12.112914] </TASK> [ 12.112923] [ 12.125672] The buggy address belongs to the physical page: [ 12.125857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039c0 [ 12.126618] flags: 0x200000000000000(node=0|zone=2) [ 12.127243] page_type: f0(buddy) [ 12.127530] raw: 0200000000000000 ffff88817fffb4f0 ffff88817fffb4f0 0000000000000000 [ 12.127764] raw: 0000000000000000 0000000000000006 00000000f0000000 0000000000000000 [ 12.128554] page dumped because: kasan: bad access detected [ 12.129142] [ 12.129337] Memory state around the buggy address: [ 12.129724] ffff8881039bff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.130234] ffff8881039bff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.130836] >ffff8881039c0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.131367] ^ [ 12.131489] ffff8881039c0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.131703] ffff8881039c0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.132294] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 12.087295] ================================================================== [ 12.087785] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 12.088209] Free of addr ffff888102a50001 by task kunit_try_catch/167 [ 12.088453] [ 12.088564] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.088605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.088616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.088634] Call Trace: [ 12.088645] <TASK> [ 12.088658] dump_stack_lvl+0x73/0xb0 [ 12.088685] print_report+0xd1/0x650 [ 12.088706] ? __virt_addr_valid+0x1db/0x2d0 [ 12.088729] ? kasan_addr_to_slab+0x11/0xa0 [ 12.088749] ? kfree+0x274/0x3f0 [ 12.088769] kasan_report_invalid_free+0x10a/0x130 [ 12.088859] ? kfree+0x274/0x3f0 [ 12.088886] ? kfree+0x274/0x3f0 [ 12.088905] __kasan_kfree_large+0x86/0xd0 [ 12.088945] free_large_kmalloc+0x4b/0x110 [ 12.088969] kfree+0x274/0x3f0 [ 12.088992] kmalloc_large_invalid_free+0x120/0x2b0 [ 12.089015] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.089047] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.089073] ? trace_hardirqs_on+0x37/0xe0 [ 12.089096] ? __pfx_read_tsc+0x10/0x10 [ 12.089115] ? ktime_get_ts64+0x86/0x230 [ 12.089138] kunit_try_run_case+0x1a5/0x480 [ 12.089161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.089186] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.089210] ? __kthread_parkme+0x82/0x180 [ 12.089230] ? preempt_count_sub+0x50/0x80 [ 12.089253] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.089277] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.089300] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.089325] kthread+0x337/0x6f0 [ 12.089343] ? trace_preempt_on+0x20/0xc0 [ 12.089365] ? __pfx_kthread+0x10/0x10 [ 12.089385] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.089407] ? calculate_sigpending+0x7b/0xa0 [ 12.089430] ? __pfx_kthread+0x10/0x10 [ 12.089450] ret_from_fork+0x116/0x1d0 [ 12.089468] ? __pfx_kthread+0x10/0x10 [ 12.089487] ret_from_fork_asm+0x1a/0x30 [ 12.089517] </TASK> [ 12.089527] [ 12.097060] The buggy address belongs to the physical page: [ 12.097310] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.097640] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.098225] flags: 0x200000000000040(head|node=0|zone=2) [ 12.098442] page_type: f8(unknown) [ 12.098611] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.098986] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.099334] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.099607] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.099923] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.100294] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.100608] page dumped because: kasan: bad access detected [ 12.100894] [ 12.100990] Memory state around the buggy address: [ 12.101156] ffff888102a4ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.101472] ffff888102a4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.101848] >ffff888102a50000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.102154] ^ [ 12.102318] ffff888102a50080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.102598] ffff888102a50100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.103119] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 12.069271] ================================================================== [ 12.069727] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 12.069985] Read of size 1 at addr ffff888102a50000 by task kunit_try_catch/165 [ 12.070409] [ 12.070507] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.070548] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.070559] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.070577] Call Trace: [ 12.070590] <TASK> [ 12.070604] dump_stack_lvl+0x73/0xb0 [ 12.070633] print_report+0xd1/0x650 [ 12.070654] ? __virt_addr_valid+0x1db/0x2d0 [ 12.070676] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.070696] ? kasan_addr_to_slab+0x11/0xa0 [ 12.070716] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.070736] kasan_report+0x141/0x180 [ 12.070757] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.070782] __asan_report_load1_noabort+0x18/0x20 [ 12.070806] kmalloc_large_uaf+0x2f1/0x340 [ 12.070873] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 12.070894] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.070920] ? trace_hardirqs_on+0x37/0xe0 [ 12.070942] ? __pfx_read_tsc+0x10/0x10 [ 12.070963] ? ktime_get_ts64+0x86/0x230 [ 12.070987] kunit_try_run_case+0x1a5/0x480 [ 12.071011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.071047] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.071071] ? __kthread_parkme+0x82/0x180 [ 12.071091] ? preempt_count_sub+0x50/0x80 [ 12.071114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.071138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.071162] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.071186] kthread+0x337/0x6f0 [ 12.071204] ? trace_preempt_on+0x20/0xc0 [ 12.071226] ? __pfx_kthread+0x10/0x10 [ 12.071245] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.071266] ? calculate_sigpending+0x7b/0xa0 [ 12.071290] ? __pfx_kthread+0x10/0x10 [ 12.071311] ret_from_fork+0x116/0x1d0 [ 12.071329] ? __pfx_kthread+0x10/0x10 [ 12.071349] ret_from_fork_asm+0x1a/0x30 [ 12.071379] </TASK> [ 12.071389] [ 12.078178] The buggy address belongs to the physical page: [ 12.078357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.078600] flags: 0x200000000000000(node=0|zone=2) [ 12.078849] raw: 0200000000000000 ffffea00040a9508 ffff88815b139f80 0000000000000000 [ 12.079200] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.079525] page dumped because: kasan: bad access detected [ 12.079701] [ 12.079769] Memory state around the buggy address: [ 12.079924] ffff888102a4ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.080279] ffff888102a4ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.080606] >ffff888102a50000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.081158] ^ [ 12.081332] ffff888102a50080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.081649] ffff888102a50100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.082056] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 12.048119] ================================================================== [ 12.048627] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.049588] Write of size 1 at addr ffff888102a5200a by task kunit_try_catch/163 [ 12.050561] [ 12.050709] CPU: 1 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.050755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.050766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.050785] Call Trace: [ 12.050798] <TASK> [ 12.050814] dump_stack_lvl+0x73/0xb0 [ 12.050845] print_report+0xd1/0x650 [ 12.050867] ? __virt_addr_valid+0x1db/0x2d0 [ 12.050890] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.050911] ? kasan_addr_to_slab+0x11/0xa0 [ 12.051163] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.051192] kasan_report+0x141/0x180 [ 12.051214] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.051275] __asan_report_store1_noabort+0x1b/0x30 [ 12.051303] kmalloc_large_oob_right+0x2e9/0x330 [ 12.051325] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.051350] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.051377] kunit_try_run_case+0x1a5/0x480 [ 12.051403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.051426] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.051450] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.051474] ? __kthread_parkme+0x82/0x180 [ 12.051494] ? preempt_count_sub+0x50/0x80 [ 12.051519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.051544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.051568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.051594] kthread+0x337/0x6f0 [ 12.051613] ? trace_preempt_on+0x20/0xc0 [ 12.051636] ? __pfx_kthread+0x10/0x10 [ 12.051656] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.051677] ? calculate_sigpending+0x7b/0xa0 [ 12.051701] ? __pfx_kthread+0x10/0x10 [ 12.051722] ret_from_fork+0x116/0x1d0 [ 12.051740] ? __pfx_kthread+0x10/0x10 [ 12.051760] ret_from_fork_asm+0x1a/0x30 [ 12.051790] </TASK> [ 12.051800] [ 12.058666] The buggy address belongs to the physical page: [ 12.058865] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a50 [ 12.059283] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.059568] flags: 0x200000000000040(head|node=0|zone=2) [ 12.059760] page_type: f8(unknown) [ 12.059888] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.060223] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.060680] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.061126] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.061543] head: 0200000000000002 ffffea00040a9401 00000000ffffffff 00000000ffffffff [ 12.061952] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.062202] page dumped because: kasan: bad access detected [ 12.062458] [ 12.062548] Memory state around the buggy address: [ 12.062785] ffff888102a51f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.063163] ffff888102a51f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.063464] >ffff888102a52000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.063716] ^ [ 12.063852] ffff888102a52080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.064179] ffff888102a52100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.064567] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 12.015357] ================================================================== [ 12.015970] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 12.016390] Write of size 1 at addr ffff8881037c9f00 by task kunit_try_catch/161 [ 12.017068] [ 12.017235] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 12.017277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.017288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.017307] Call Trace: [ 12.017318] <TASK> [ 12.017333] dump_stack_lvl+0x73/0xb0 [ 12.017362] print_report+0xd1/0x650 [ 12.017383] ? __virt_addr_valid+0x1db/0x2d0 [ 12.017405] ? kmalloc_big_oob_right+0x316/0x370 [ 12.017427] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.017450] ? kmalloc_big_oob_right+0x316/0x370 [ 12.017472] kasan_report+0x141/0x180 [ 12.017493] ? kmalloc_big_oob_right+0x316/0x370 [ 12.017520] __asan_report_store1_noabort+0x1b/0x30 [ 12.017545] kmalloc_big_oob_right+0x316/0x370 [ 12.017567] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 12.017590] ? __schedule+0x10cc/0x2b60 [ 12.017612] ? __pfx_read_tsc+0x10/0x10 [ 12.017631] ? ktime_get_ts64+0x86/0x230 [ 12.017655] kunit_try_run_case+0x1a5/0x480 [ 12.017679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.017702] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.017724] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.017747] ? __kthread_parkme+0x82/0x180 [ 12.017766] ? preempt_count_sub+0x50/0x80 [ 12.017789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.017813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.017837] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.017861] kthread+0x337/0x6f0 [ 12.017879] ? trace_preempt_on+0x20/0xc0 [ 12.017903] ? __pfx_kthread+0x10/0x10 [ 12.017923] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.017995] ? calculate_sigpending+0x7b/0xa0 [ 12.018021] ? __pfx_kthread+0x10/0x10 [ 12.018056] ret_from_fork+0x116/0x1d0 [ 12.018074] ? __pfx_kthread+0x10/0x10 [ 12.018095] ret_from_fork_asm+0x1a/0x30 [ 12.018125] </TASK> [ 12.018135] [ 12.029215] Allocated by task 161: [ 12.029632] kasan_save_stack+0x45/0x70 [ 12.029924] kasan_save_track+0x18/0x40 [ 12.030374] kasan_save_alloc_info+0x3b/0x50 [ 12.030688] __kasan_kmalloc+0xb7/0xc0 [ 12.031116] __kmalloc_cache_noprof+0x189/0x420 [ 12.031345] kmalloc_big_oob_right+0xa9/0x370 [ 12.031932] kunit_try_run_case+0x1a5/0x480 [ 12.032395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.032576] kthread+0x337/0x6f0 [ 12.032695] ret_from_fork+0x116/0x1d0 [ 12.032896] ret_from_fork_asm+0x1a/0x30 [ 12.033300] [ 12.033467] The buggy address belongs to the object at ffff8881037c8000 [ 12.033467] which belongs to the cache kmalloc-8k of size 8192 [ 12.034696] The buggy address is located 0 bytes to the right of [ 12.034696] allocated 7936-byte region [ffff8881037c8000, ffff8881037c9f00) [ 12.035814] [ 12.036051] The buggy address belongs to the physical page: [ 12.036232] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1037c8 [ 12.036476] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.036702] flags: 0x200000000000040(head|node=0|zone=2) [ 12.037075] page_type: f5(slab) [ 12.037397] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.038157] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.038828] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.039817] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.040654] head: 0200000000000003 ffffea00040df201 00000000ffffffff 00000000ffffffff [ 12.041467] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.042239] page dumped because: kasan: bad access detected [ 12.042413] [ 12.042482] Memory state around the buggy address: [ 12.042632] ffff8881037c9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.042854] ffff8881037c9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.043379] >ffff8881037c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.043655] ^ [ 12.043770] ffff8881037c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.044314] ffff8881037ca000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.044959] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 11.962291] ================================================================== [ 11.962760] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.963455] Write of size 1 at addr ffff888102791378 by task kunit_try_catch/159 [ 11.963740] [ 11.964061] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.964108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.964119] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.964137] Call Trace: [ 11.964148] <TASK> [ 11.964162] dump_stack_lvl+0x73/0xb0 [ 11.964191] print_report+0xd1/0x650 [ 11.964216] ? __virt_addr_valid+0x1db/0x2d0 [ 11.964239] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.964265] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.964288] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.964314] kasan_report+0x141/0x180 [ 11.964335] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.964365] __asan_report_store1_noabort+0x1b/0x30 [ 11.964390] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 11.964416] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.964443] ? __schedule+0x10cc/0x2b60 [ 11.964464] ? __pfx_read_tsc+0x10/0x10 [ 11.964484] ? ktime_get_ts64+0x86/0x230 [ 11.964508] kunit_try_run_case+0x1a5/0x480 [ 11.964532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.964554] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.964578] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.964601] ? __kthread_parkme+0x82/0x180 [ 11.964622] ? preempt_count_sub+0x50/0x80 [ 11.964645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.964669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.964694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.964718] kthread+0x337/0x6f0 [ 11.964737] ? trace_preempt_on+0x20/0xc0 [ 11.964759] ? __pfx_kthread+0x10/0x10 [ 11.964779] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.964801] ? calculate_sigpending+0x7b/0xa0 [ 11.964892] ? __pfx_kthread+0x10/0x10 [ 11.964913] ret_from_fork+0x116/0x1d0 [ 11.964932] ? __pfx_kthread+0x10/0x10 [ 11.964952] ret_from_fork_asm+0x1a/0x30 [ 11.964982] </TASK> [ 11.964992] [ 11.972889] Allocated by task 159: [ 11.973691] kasan_save_stack+0x45/0x70 [ 11.974132] kasan_save_track+0x18/0x40 [ 11.974433] kasan_save_alloc_info+0x3b/0x50 [ 11.974658] __kasan_kmalloc+0xb7/0xc0 [ 11.975369] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.975614] kmalloc_track_caller_oob_right+0x99/0x520 [ 11.975840] kunit_try_run_case+0x1a5/0x480 [ 11.976110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.976352] kthread+0x337/0x6f0 [ 11.976514] ret_from_fork+0x116/0x1d0 [ 11.976686] ret_from_fork_asm+0x1a/0x30 [ 11.977646] [ 11.977728] The buggy address belongs to the object at ffff888102791300 [ 11.977728] which belongs to the cache kmalloc-128 of size 128 [ 11.978280] The buggy address is located 0 bytes to the right of [ 11.978280] allocated 120-byte region [ffff888102791300, ffff888102791378) [ 11.978638] [ 11.978709] The buggy address belongs to the physical page: [ 11.978873] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 11.979115] flags: 0x200000000000000(node=0|zone=2) [ 11.979269] page_type: f5(slab) [ 11.980094] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.980530] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.982127] page dumped because: kasan: bad access detected [ 11.982616] [ 11.982694] Memory state around the buggy address: [ 11.982847] ffff888102791200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.983079] ffff888102791280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.983288] >ffff888102791300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.983492] ^ [ 11.983698] ffff888102791380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.983905] ffff888102791400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.985143] ================================================================== [ 11.987550] ================================================================== [ 11.987878] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.988311] Write of size 1 at addr ffff888102791478 by task kunit_try_catch/159 [ 11.988625] [ 11.988796] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.988835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.988846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.988864] Call Trace: [ 11.988876] <TASK> [ 11.988890] dump_stack_lvl+0x73/0xb0 [ 11.988917] print_report+0xd1/0x650 [ 11.988951] ? __virt_addr_valid+0x1db/0x2d0 [ 11.988973] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.988998] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.989020] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.989063] kasan_report+0x141/0x180 [ 11.989084] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.989114] __asan_report_store1_noabort+0x1b/0x30 [ 11.989139] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 11.989164] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 11.989190] ? __schedule+0x10cc/0x2b60 [ 11.989211] ? __pfx_read_tsc+0x10/0x10 [ 11.989232] ? ktime_get_ts64+0x86/0x230 [ 11.989255] kunit_try_run_case+0x1a5/0x480 [ 11.989279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.989301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.989324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.989347] ? __kthread_parkme+0x82/0x180 [ 11.989367] ? preempt_count_sub+0x50/0x80 [ 11.989389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.989413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.989437] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.989462] kthread+0x337/0x6f0 [ 11.989480] ? trace_preempt_on+0x20/0xc0 [ 11.989502] ? __pfx_kthread+0x10/0x10 [ 11.989522] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.989543] ? calculate_sigpending+0x7b/0xa0 [ 11.989566] ? __pfx_kthread+0x10/0x10 [ 11.989586] ret_from_fork+0x116/0x1d0 [ 11.989604] ? __pfx_kthread+0x10/0x10 [ 11.989624] ret_from_fork_asm+0x1a/0x30 [ 11.989654] </TASK> [ 11.989664] [ 11.999921] Allocated by task 159: [ 12.000332] kasan_save_stack+0x45/0x70 [ 12.000535] kasan_save_track+0x18/0x40 [ 12.000715] kasan_save_alloc_info+0x3b/0x50 [ 12.000911] __kasan_kmalloc+0xb7/0xc0 [ 12.001488] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.001714] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.002157] kunit_try_run_case+0x1a5/0x480 [ 12.002516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.002746] kthread+0x337/0x6f0 [ 12.003178] ret_from_fork+0x116/0x1d0 [ 12.003339] ret_from_fork_asm+0x1a/0x30 [ 12.003632] [ 12.003796] The buggy address belongs to the object at ffff888102791400 [ 12.003796] which belongs to the cache kmalloc-128 of size 128 [ 12.004590] The buggy address is located 0 bytes to the right of [ 12.004590] allocated 120-byte region [ffff888102791400, ffff888102791478) [ 12.005441] [ 12.005554] The buggy address belongs to the physical page: [ 12.005801] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102791 [ 12.006474] flags: 0x200000000000000(node=0|zone=2) [ 12.006712] page_type: f5(slab) [ 12.007078] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.007431] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.007741] page dumped because: kasan: bad access detected [ 12.008181] [ 12.008284] Memory state around the buggy address: [ 12.008565] ffff888102791300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.008833] ffff888102791380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.009412] >ffff888102791400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.009690] ^ [ 12.010435] ffff888102791480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.010749] ffff888102791500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.011333] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 11.933127] ================================================================== [ 11.933581] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 11.933900] Read of size 1 at addr ffff8881029ef000 by task kunit_try_catch/157 [ 11.934351] [ 11.934460] CPU: 1 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.934505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.934516] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.934536] Call Trace: [ 11.934548] <TASK> [ 11.934563] dump_stack_lvl+0x73/0xb0 [ 11.934592] print_report+0xd1/0x650 [ 11.934613] ? __virt_addr_valid+0x1db/0x2d0 [ 11.934636] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.934659] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.934682] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.934706] kasan_report+0x141/0x180 [ 11.934727] ? kmalloc_node_oob_right+0x369/0x3c0 [ 11.934756] __asan_report_load1_noabort+0x18/0x20 [ 11.934780] kmalloc_node_oob_right+0x369/0x3c0 [ 11.934804] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 11.934889] ? __schedule+0x10cc/0x2b60 [ 11.934911] ? __pfx_read_tsc+0x10/0x10 [ 11.934932] ? ktime_get_ts64+0x86/0x230 [ 11.934957] kunit_try_run_case+0x1a5/0x480 [ 11.934981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.935004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.935026] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.935063] ? __kthread_parkme+0x82/0x180 [ 11.935082] ? preempt_count_sub+0x50/0x80 [ 11.935106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.935129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.935153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.935177] kthread+0x337/0x6f0 [ 11.935196] ? trace_preempt_on+0x20/0xc0 [ 11.935219] ? __pfx_kthread+0x10/0x10 [ 11.935239] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.935259] ? calculate_sigpending+0x7b/0xa0 [ 11.935283] ? __pfx_kthread+0x10/0x10 [ 11.935304] ret_from_fork+0x116/0x1d0 [ 11.935322] ? __pfx_kthread+0x10/0x10 [ 11.935342] ret_from_fork_asm+0x1a/0x30 [ 11.935372] </TASK> [ 11.935382] [ 11.942292] Allocated by task 157: [ 11.942430] kasan_save_stack+0x45/0x70 [ 11.942576] kasan_save_track+0x18/0x40 [ 11.942710] kasan_save_alloc_info+0x3b/0x50 [ 11.942858] __kasan_kmalloc+0xb7/0xc0 [ 11.942988] __kmalloc_cache_node_noprof+0x188/0x420 [ 11.943664] kmalloc_node_oob_right+0xab/0x3c0 [ 11.944220] kunit_try_run_case+0x1a5/0x480 [ 11.944587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.945217] kthread+0x337/0x6f0 [ 11.945687] ret_from_fork+0x116/0x1d0 [ 11.946233] ret_from_fork_asm+0x1a/0x30 [ 11.946702] [ 11.946955] The buggy address belongs to the object at ffff8881029ee000 [ 11.946955] which belongs to the cache kmalloc-4k of size 4096 [ 11.948448] The buggy address is located 0 bytes to the right of [ 11.948448] allocated 4096-byte region [ffff8881029ee000, ffff8881029ef000) [ 11.949682] [ 11.949757] The buggy address belongs to the physical page: [ 11.949994] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e8 [ 11.951186] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.951796] flags: 0x200000000000040(head|node=0|zone=2) [ 11.952101] page_type: f5(slab) [ 11.952613] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 11.953488] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 11.954617] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 11.955147] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 11.955383] head: 0200000000000003 ffffea00040a7a01 00000000ffffffff 00000000ffffffff [ 11.955613] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 11.955871] page dumped because: kasan: bad access detected [ 11.956782] [ 11.957110] Memory state around the buggy address: [ 11.957694] ffff8881029eef00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.958378] ffff8881029eef80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.958925] >ffff8881029ef000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.959387] ^ [ 11.959507] ffff8881029ef080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.959720] ffff8881029ef100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.959965] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 11.884054] ================================================================== [ 11.884497] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 11.884734] Read of size 1 at addr ffff88810270913f by task kunit_try_catch/155 [ 11.885772] [ 11.886146] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.886196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.886306] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.886332] Call Trace: [ 11.886346] <TASK> [ 11.886364] dump_stack_lvl+0x73/0xb0 [ 11.886397] print_report+0xd1/0x650 [ 11.886419] ? __virt_addr_valid+0x1db/0x2d0 [ 11.886442] ? kmalloc_oob_left+0x361/0x3c0 [ 11.886497] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.886520] ? kmalloc_oob_left+0x361/0x3c0 [ 11.886541] kasan_report+0x141/0x180 [ 11.886562] ? kmalloc_oob_left+0x361/0x3c0 [ 11.886588] __asan_report_load1_noabort+0x18/0x20 [ 11.886613] kmalloc_oob_left+0x361/0x3c0 [ 11.886634] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 11.886656] ? __schedule+0x10cc/0x2b60 [ 11.886678] ? __pfx_read_tsc+0x10/0x10 [ 11.886699] ? ktime_get_ts64+0x86/0x230 [ 11.886722] kunit_try_run_case+0x1a5/0x480 [ 11.886746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.886769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.886792] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.886827] ? __kthread_parkme+0x82/0x180 [ 11.886847] ? preempt_count_sub+0x50/0x80 [ 11.886871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.886895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.886919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.886944] kthread+0x337/0x6f0 [ 11.886962] ? trace_preempt_on+0x20/0xc0 [ 11.886984] ? __pfx_kthread+0x10/0x10 [ 11.887004] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.887025] ? calculate_sigpending+0x7b/0xa0 [ 11.887060] ? __pfx_kthread+0x10/0x10 [ 11.887081] ret_from_fork+0x116/0x1d0 [ 11.887098] ? __pfx_kthread+0x10/0x10 [ 11.887118] ret_from_fork_asm+0x1a/0x30 [ 11.887148] </TASK> [ 11.887159] [ 11.900314] Allocated by task 44: [ 11.900579] kasan_save_stack+0x45/0x70 [ 11.900828] kasan_save_track+0x18/0x40 [ 11.900997] kasan_save_alloc_info+0x3b/0x50 [ 11.901216] __kasan_kmalloc+0xb7/0xc0 [ 11.901364] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 11.901620] kvasprintf+0xc5/0x150 [ 11.901744] kasprintf+0xb6/0xf0 [ 11.901863] input_devnode+0x46/0x80 [ 11.902238] device_get_devnode+0x145/0x2a0 [ 11.902981] dev_uevent+0x41c/0x730 [ 11.903174] kobject_uevent_env+0x50d/0xff0 [ 11.903346] kobject_uevent+0xf/0x20 [ 11.903475] device_add+0xe4c/0x1820 [ 11.903607] cdev_device_add+0xab/0x1c0 [ 11.904502] evdev_connect+0x356/0x480 [ 11.904948] input_attach_handler.isra.0+0x117/0x1f0 [ 11.905254] input_register_device+0x722/0xe10 [ 11.905446] psmouse_connect+0x6ed/0xe30 [ 11.905614] serio_driver_probe+0x7a/0xb0 [ 11.905799] really_probe+0x1d4/0x920 [ 11.906207] __driver_probe_device+0x18f/0x3e0 [ 11.906426] driver_probe_device+0x4f/0x130 [ 11.906740] __driver_attach+0x1eb/0x4b0 [ 11.907068] bus_for_each_dev+0x10f/0x1a0 [ 11.907453] driver_attach+0x41/0x60 [ 11.907758] serio_handle_event+0x254/0x940 [ 11.907930] process_one_work+0x5ee/0xf60 [ 11.908233] worker_thread+0x758/0x1220 [ 11.908476] kthread+0x337/0x6f0 [ 11.908652] ret_from_fork+0x116/0x1d0 [ 11.908809] ret_from_fork_asm+0x1a/0x30 [ 11.909272] [ 11.909469] Freed by task 44: [ 11.909679] kasan_save_stack+0x45/0x70 [ 11.909984] kasan_save_track+0x18/0x40 [ 11.910425] kasan_save_free_info+0x3f/0x60 [ 11.910902] __kasan_slab_free+0x56/0x70 [ 11.911314] kfree+0x222/0x3f0 [ 11.911513] dev_uevent+0x466/0x730 [ 11.911739] kobject_uevent_env+0x50d/0xff0 [ 11.912211] kobject_uevent+0xf/0x20 [ 11.912577] device_add+0xe4c/0x1820 [ 11.912946] cdev_device_add+0xab/0x1c0 [ 11.913262] evdev_connect+0x356/0x480 [ 11.913625] input_attach_handler.isra.0+0x117/0x1f0 [ 11.913901] input_register_device+0x722/0xe10 [ 11.914420] psmouse_connect+0x6ed/0xe30 [ 11.914740] serio_driver_probe+0x7a/0xb0 [ 11.914919] really_probe+0x1d4/0x920 [ 11.915354] __driver_probe_device+0x18f/0x3e0 [ 11.915764] driver_probe_device+0x4f/0x130 [ 11.916320] __driver_attach+0x1eb/0x4b0 [ 11.916488] bus_for_each_dev+0x10f/0x1a0 [ 11.916628] driver_attach+0x41/0x60 [ 11.916757] serio_handle_event+0x254/0x940 [ 11.917164] process_one_work+0x5ee/0xf60 [ 11.917534] worker_thread+0x758/0x1220 [ 11.917916] kthread+0x337/0x6f0 [ 11.918290] ret_from_fork+0x116/0x1d0 [ 11.918632] ret_from_fork_asm+0x1a/0x30 [ 11.919058] [ 11.919264] The buggy address belongs to the object at ffff888102709120 [ 11.919264] which belongs to the cache kmalloc-16 of size 16 [ 11.919826] The buggy address is located 15 bytes to the right of [ 11.919826] allocated 16-byte region [ffff888102709120, ffff888102709130) [ 11.921025] [ 11.921377] The buggy address belongs to the physical page: [ 11.921599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102709 [ 11.922102] flags: 0x200000000000000(node=0|zone=2) [ 11.922532] page_type: f5(slab) [ 11.922828] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.923572] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.924170] page dumped because: kasan: bad access detected [ 11.924766] [ 11.924898] Memory state around the buggy address: [ 11.925131] ffff888102709000: 00 00 fc fc 00 06 fc fc 00 06 fc fc 00 00 fc fc [ 11.925773] ffff888102709080: 00 02 fc fc 00 02 fc fc 00 06 fc fc 00 06 fc fc [ 11.926630] >ffff888102709100: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 11.927069] ^ [ 11.927517] ffff888102709180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.927928] ffff888102709200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.928463] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 11.832108] ================================================================== [ 11.832531] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 11.832972] Write of size 1 at addr ffff888102b0c378 by task kunit_try_catch/153 [ 11.833363] [ 11.833460] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.833501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.833512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.833534] Call Trace: [ 11.833546] <TASK> [ 11.833560] dump_stack_lvl+0x73/0xb0 [ 11.833589] print_report+0xd1/0x650 [ 11.833611] ? __virt_addr_valid+0x1db/0x2d0 [ 11.833633] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.833654] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.833677] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.833699] kasan_report+0x141/0x180 [ 11.833720] ? kmalloc_oob_right+0x6bd/0x7f0 [ 11.833746] __asan_report_store1_noabort+0x1b/0x30 [ 11.833771] kmalloc_oob_right+0x6bd/0x7f0 [ 11.834043] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.834075] ? __schedule+0x10cc/0x2b60 [ 11.834099] ? __pfx_read_tsc+0x10/0x10 [ 11.834119] ? ktime_get_ts64+0x86/0x230 [ 11.834143] kunit_try_run_case+0x1a5/0x480 [ 11.834168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.834191] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.834215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.834238] ? __kthread_parkme+0x82/0x180 [ 11.834258] ? preempt_count_sub+0x50/0x80 [ 11.834282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.834307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.834332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.834359] kthread+0x337/0x6f0 [ 11.834377] ? trace_preempt_on+0x20/0xc0 [ 11.834400] ? __pfx_kthread+0x10/0x10 [ 11.834420] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.834441] ? calculate_sigpending+0x7b/0xa0 [ 11.834464] ? __pfx_kthread+0x10/0x10 [ 11.834485] ret_from_fork+0x116/0x1d0 [ 11.834503] ? __pfx_kthread+0x10/0x10 [ 11.834523] ret_from_fork_asm+0x1a/0x30 [ 11.834552] </TASK> [ 11.834562] [ 11.843488] Allocated by task 153: [ 11.843620] kasan_save_stack+0x45/0x70 [ 11.844202] kasan_save_track+0x18/0x40 [ 11.844600] kasan_save_alloc_info+0x3b/0x50 [ 11.844802] __kasan_kmalloc+0xb7/0xc0 [ 11.845187] __kmalloc_cache_noprof+0x189/0x420 [ 11.845359] kmalloc_oob_right+0xa9/0x7f0 [ 11.845668] kunit_try_run_case+0x1a5/0x480 [ 11.845955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.846245] kthread+0x337/0x6f0 [ 11.846413] ret_from_fork+0x116/0x1d0 [ 11.846576] ret_from_fork_asm+0x1a/0x30 [ 11.846734] [ 11.847179] The buggy address belongs to the object at ffff888102b0c300 [ 11.847179] which belongs to the cache kmalloc-128 of size 128 [ 11.847643] The buggy address is located 5 bytes to the right of [ 11.847643] allocated 115-byte region [ffff888102b0c300, ffff888102b0c373) [ 11.848491] [ 11.848603] The buggy address belongs to the physical page: [ 11.848836] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 11.849457] flags: 0x200000000000000(node=0|zone=2) [ 11.849890] page_type: f5(slab) [ 11.850092] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.850388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.850709] page dumped because: kasan: bad access detected [ 11.851155] [ 11.851261] Memory state around the buggy address: [ 11.851513] ffff888102b0c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.852268] ffff888102b0c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.852574] >ffff888102b0c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.853114] ^ [ 11.853698] ffff888102b0c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.854327] ffff888102b0c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.854740] ================================================================== [ 11.798747] ================================================================== [ 11.799700] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.800422] Write of size 1 at addr ffff888102b0c373 by task kunit_try_catch/153 [ 11.800867] [ 11.802312] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.802660] Tainted: [N]=TEST [ 11.802692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.802904] Call Trace: [ 11.802968] <TASK> [ 11.803120] dump_stack_lvl+0x73/0xb0 [ 11.803206] print_report+0xd1/0x650 [ 11.803234] ? __virt_addr_valid+0x1db/0x2d0 [ 11.803259] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.803279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.803302] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.803323] kasan_report+0x141/0x180 [ 11.803344] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.803370] __asan_report_store1_noabort+0x1b/0x30 [ 11.803395] kmalloc_oob_right+0x6f0/0x7f0 [ 11.803416] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.803438] ? __schedule+0x10cc/0x2b60 [ 11.803461] ? __pfx_read_tsc+0x10/0x10 [ 11.803483] ? ktime_get_ts64+0x86/0x230 [ 11.803508] kunit_try_run_case+0x1a5/0x480 [ 11.803535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.803558] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.803582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.803605] ? __kthread_parkme+0x82/0x180 [ 11.803627] ? preempt_count_sub+0x50/0x80 [ 11.803651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.803676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.803701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.803727] kthread+0x337/0x6f0 [ 11.803745] ? trace_preempt_on+0x20/0xc0 [ 11.803769] ? __pfx_kthread+0x10/0x10 [ 11.803789] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.803827] ? calculate_sigpending+0x7b/0xa0 [ 11.803852] ? __pfx_kthread+0x10/0x10 [ 11.803873] ret_from_fork+0x116/0x1d0 [ 11.803890] ? __pfx_kthread+0x10/0x10 [ 11.803911] ret_from_fork_asm+0x1a/0x30 [ 11.803980] </TASK> [ 11.804053] [ 11.814577] Allocated by task 153: [ 11.815336] kasan_save_stack+0x45/0x70 [ 11.815556] kasan_save_track+0x18/0x40 [ 11.815993] kasan_save_alloc_info+0x3b/0x50 [ 11.816336] __kasan_kmalloc+0xb7/0xc0 [ 11.816670] __kmalloc_cache_noprof+0x189/0x420 [ 11.817105] kmalloc_oob_right+0xa9/0x7f0 [ 11.817311] kunit_try_run_case+0x1a5/0x480 [ 11.817514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.817735] kthread+0x337/0x6f0 [ 11.817901] ret_from_fork+0x116/0x1d0 [ 11.818607] ret_from_fork_asm+0x1a/0x30 [ 11.819275] [ 11.819439] The buggy address belongs to the object at ffff888102b0c300 [ 11.819439] which belongs to the cache kmalloc-128 of size 128 [ 11.820411] The buggy address is located 0 bytes to the right of [ 11.820411] allocated 115-byte region [ffff888102b0c300, ffff888102b0c373) [ 11.821369] [ 11.821852] The buggy address belongs to the physical page: [ 11.822746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 11.823563] flags: 0x200000000000000(node=0|zone=2) [ 11.824278] page_type: f5(slab) [ 11.825159] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.825480] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.826364] page dumped because: kasan: bad access detected [ 11.826642] [ 11.826747] Memory state around the buggy address: [ 11.827598] ffff888102b0c200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.828027] ffff888102b0c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828512] >ffff888102b0c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.829074] ^ [ 11.829549] ffff888102b0c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.829998] ffff888102b0c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.830507] ================================================================== [ 11.855499] ================================================================== [ 11.855809] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 11.856873] Read of size 1 at addr ffff888102b0c380 by task kunit_try_catch/153 [ 11.857263] [ 11.857366] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 11.857613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.857627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.857649] Call Trace: [ 11.857660] <TASK> [ 11.857674] dump_stack_lvl+0x73/0xb0 [ 11.857702] print_report+0xd1/0x650 [ 11.857723] ? __virt_addr_valid+0x1db/0x2d0 [ 11.857745] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.857765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.857788] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.857961] kasan_report+0x141/0x180 [ 11.857996] ? kmalloc_oob_right+0x68a/0x7f0 [ 11.858023] __asan_report_load1_noabort+0x18/0x20 [ 11.858063] kmalloc_oob_right+0x68a/0x7f0 [ 11.858085] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.858107] ? __schedule+0x10cc/0x2b60 [ 11.858129] ? __pfx_read_tsc+0x10/0x10 [ 11.858148] ? ktime_get_ts64+0x86/0x230 [ 11.858172] kunit_try_run_case+0x1a5/0x480 [ 11.858196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.858219] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.858242] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.858265] ? __kthread_parkme+0x82/0x180 [ 11.858285] ? preempt_count_sub+0x50/0x80 [ 11.858308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.858332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.858357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.858383] kthread+0x337/0x6f0 [ 11.858401] ? trace_preempt_on+0x20/0xc0 [ 11.858423] ? __pfx_kthread+0x10/0x10 [ 11.858443] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.858464] ? calculate_sigpending+0x7b/0xa0 [ 11.858487] ? __pfx_kthread+0x10/0x10 [ 11.858508] ret_from_fork+0x116/0x1d0 [ 11.858526] ? __pfx_kthread+0x10/0x10 [ 11.858545] ret_from_fork_asm+0x1a/0x30 [ 11.858575] </TASK> [ 11.858585] [ 11.869205] Allocated by task 153: [ 11.869654] kasan_save_stack+0x45/0x70 [ 11.869911] kasan_save_track+0x18/0x40 [ 11.870329] kasan_save_alloc_info+0x3b/0x50 [ 11.870620] __kasan_kmalloc+0xb7/0xc0 [ 11.870974] __kmalloc_cache_noprof+0x189/0x420 [ 11.871415] kmalloc_oob_right+0xa9/0x7f0 [ 11.871905] kunit_try_run_case+0x1a5/0x480 [ 11.872091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.872514] kthread+0x337/0x6f0 [ 11.872792] ret_from_fork+0x116/0x1d0 [ 11.873167] ret_from_fork_asm+0x1a/0x30 [ 11.873370] [ 11.873455] The buggy address belongs to the object at ffff888102b0c300 [ 11.873455] which belongs to the cache kmalloc-128 of size 128 [ 11.873986] The buggy address is located 13 bytes to the right of [ 11.873986] allocated 115-byte region [ffff888102b0c300, ffff888102b0c373) [ 11.874519] [ 11.874610] The buggy address belongs to the physical page: [ 11.874857] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0c [ 11.875651] flags: 0x200000000000000(node=0|zone=2) [ 11.876100] page_type: f5(slab) [ 11.876278] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.876950] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.877386] page dumped because: kasan: bad access detected [ 11.877631] [ 11.877714] Memory state around the buggy address: [ 11.878184] ffff888102b0c280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.878568] ffff888102b0c300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.878946] >ffff888102b0c380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.879338] ^ [ 11.879738] ffff888102b0c400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.880111] ffff888102b0c480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.880574] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 141.308405] WARNING: CPU: 0 PID: 2763 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 141.309353] Modules linked in: [ 141.309538] CPU: 0 UID: 0 PID: 2763 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 141.310176] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.310433] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.310905] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 141.311209] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 141.311947] RSP: 0000:ffff88810ce9fc78 EFLAGS: 00010286 [ 141.312511] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 141.312804] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb22337bc [ 141.313261] RBP: ffff88810ce9fca0 R08: 0000000000000000 R09: ffffed10216a5420 [ 141.313533] R10: ffff88810b52a107 R11: 0000000000000000 R12: ffffffffb22337a8 [ 141.313845] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810ce9fd38 [ 141.314174] FS: 0000000000000000(0000) GS:ffff8881a6e72000(0000) knlGS:0000000000000000 [ 141.314564] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.314917] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 141.315231] DR0: ffffffffb4252440 DR1: ffffffffb4252441 DR2: ffffffffb4252443 [ 141.315509] DR3: ffffffffb4252445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.315891] Call Trace: [ 141.316210] <TASK> [ 141.316360] drm_test_rect_calc_vscale+0x108/0x270 [ 141.316645] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 141.316871] ? __schedule+0x10cc/0x2b60 [ 141.317261] ? __pfx_read_tsc+0x10/0x10 [ 141.317418] ? ktime_get_ts64+0x86/0x230 [ 141.317696] kunit_try_run_case+0x1a5/0x480 [ 141.317967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.318245] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.318448] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.318720] ? __kthread_parkme+0x82/0x180 [ 141.318919] ? preempt_count_sub+0x50/0x80 [ 141.319143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.319418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.319710] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.320223] kthread+0x337/0x6f0 [ 141.320401] ? trace_preempt_on+0x20/0xc0 [ 141.320617] ? __pfx_kthread+0x10/0x10 [ 141.320768] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.321003] ? calculate_sigpending+0x7b/0xa0 [ 141.321420] ? __pfx_kthread+0x10/0x10 [ 141.321638] ret_from_fork+0x116/0x1d0 [ 141.321805] ? __pfx_kthread+0x10/0x10 [ 141.322090] ret_from_fork_asm+0x1a/0x30 [ 141.322274] </TASK> [ 141.322395] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 141.329425] WARNING: CPU: 1 PID: 2765 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 141.330018] Modules linked in: [ 141.330198] CPU: 1 UID: 0 PID: 2765 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 141.330761] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.331181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.331542] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 141.331757] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 141.332572] RSP: 0000:ffff88810cdf7c78 EFLAGS: 00010286 [ 141.332844] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 141.333344] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb22337f4 [ 141.333645] RBP: ffff88810cdf7ca0 R08: 0000000000000000 R09: ffffed1020491a00 [ 141.333941] R10: ffff88810248d007 R11: 0000000000000000 R12: ffffffffb22337e0 [ 141.334378] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810cdf7d38 [ 141.334693] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 141.335008] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.335382] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 141.335684] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 141.336066] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.336488] Call Trace: [ 141.336629] <TASK> [ 141.336766] drm_test_rect_calc_vscale+0x108/0x270 [ 141.337227] ? __kasan_check_write+0x18/0x20 [ 141.337486] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 141.337712] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 141.338138] ? trace_hardirqs_on+0x37/0xe0 [ 141.338390] ? __pfx_read_tsc+0x10/0x10 [ 141.338595] ? ktime_get_ts64+0x86/0x230 [ 141.338813] kunit_try_run_case+0x1a5/0x480 [ 141.339129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.339341] ? queued_spin_lock_slowpath+0x116/0xb40 [ 141.339583] ? __kthread_parkme+0x82/0x180 [ 141.339748] ? preempt_count_sub+0x50/0x80 [ 141.339954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.340316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.340576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.340893] kthread+0x337/0x6f0 [ 141.341244] ? trace_preempt_on+0x20/0xc0 [ 141.341545] ? __pfx_kthread+0x10/0x10 [ 141.341716] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.342160] ? calculate_sigpending+0x7b/0xa0 [ 141.342432] ? __pfx_kthread+0x10/0x10 [ 141.342596] ret_from_fork+0x116/0x1d0 [ 141.342786] ? __pfx_kthread+0x10/0x10 [ 141.343130] ret_from_fork_asm+0x1a/0x30 [ 141.343289] </TASK> [ 141.343413] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 141.275063] WARNING: CPU: 1 PID: 2753 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 141.276065] Modules linked in: [ 141.276344] CPU: 1 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 141.276663] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.276879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.277887] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 141.278322] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b dc 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 141.278868] RSP: 0000:ffff88810c9ffc78 EFLAGS: 00010286 [ 141.279483] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 141.280266] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb22337f8 [ 141.281140] RBP: ffff88810c9ffca0 R08: 0000000000000000 R09: ffffed1020492740 [ 141.282262] R10: ffff888102493a07 R11: 0000000000000000 R12: ffffffffb22337e0 [ 141.282997] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810c9ffd38 [ 141.283230] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 141.283468] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.283643] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 141.283864] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 141.284291] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.284629] Call Trace: [ 141.284769] <TASK> [ 141.285084] drm_test_rect_calc_hscale+0x108/0x270 [ 141.285310] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 141.285492] ? __schedule+0x10cc/0x2b60 [ 141.285694] ? __pfx_read_tsc+0x10/0x10 [ 141.285945] ? ktime_get_ts64+0x86/0x230 [ 141.286170] kunit_try_run_case+0x1a5/0x480 [ 141.286419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.286758] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.287284] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.287541] ? __kthread_parkme+0x82/0x180 [ 141.287718] ? preempt_count_sub+0x50/0x80 [ 141.288090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.288298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.288561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.288807] kthread+0x337/0x6f0 [ 141.289109] ? trace_preempt_on+0x20/0xc0 [ 141.289263] ? __pfx_kthread+0x10/0x10 [ 141.289497] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.289721] ? calculate_sigpending+0x7b/0xa0 [ 141.290092] ? __pfx_kthread+0x10/0x10 [ 141.290361] ret_from_fork+0x116/0x1d0 [ 141.290497] ? __pfx_kthread+0x10/0x10 [ 141.290718] ret_from_fork_asm+0x1a/0x30 [ 141.290943] </TASK> [ 141.291430] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 141.254062] WARNING: CPU: 0 PID: 2751 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 141.254479] Modules linked in: [ 141.254665] CPU: 0 UID: 0 PID: 2751 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 141.255991] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 141.256389] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 141.257171] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 141.257426] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 5b dc 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 141.258340] RSP: 0000:ffff88810cddfc78 EFLAGS: 00010286 [ 141.258732] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 141.259191] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb22337c0 [ 141.259469] RBP: ffff88810cddfca0 R08: 0000000000000000 R09: ffffed10216a4b60 [ 141.259761] R10: ffff88810b525b07 R11: 0000000000000000 R12: ffffffffb22337a8 [ 141.260381] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810cddfd38 [ 141.260965] FS: 0000000000000000(0000) GS:ffff8881a6e72000(0000) knlGS:0000000000000000 [ 141.261397] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 141.261742] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 141.262227] DR0: ffffffffb4252440 DR1: ffffffffb4252441 DR2: ffffffffb4252443 [ 141.262530] DR3: ffffffffb4252445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 141.263062] Call Trace: [ 141.263267] <TASK> [ 141.263519] drm_test_rect_calc_hscale+0x108/0x270 [ 141.263998] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 141.264373] ? __schedule+0x207f/0x2b60 [ 141.264683] ? __pfx_read_tsc+0x10/0x10 [ 141.265101] ? ktime_get_ts64+0x86/0x230 [ 141.265306] kunit_try_run_case+0x1a5/0x480 [ 141.265510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.265722] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 141.266329] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 141.266631] ? __kthread_parkme+0x82/0x180 [ 141.267243] ? preempt_count_sub+0x50/0x80 [ 141.267516] ? __pfx_kunit_try_run_case+0x10/0x10 [ 141.267980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 141.268252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 141.268508] kthread+0x337/0x6f0 [ 141.268668] ? trace_preempt_on+0x20/0xc0 [ 141.269153] ? __pfx_kthread+0x10/0x10 [ 141.269533] ? _raw_spin_unlock_irq+0x47/0x80 [ 141.270077] ? calculate_sigpending+0x7b/0xa0 [ 141.270443] ? __pfx_kthread+0x10/0x10 [ 141.270765] ret_from_fork+0x116/0x1d0 [ 141.271245] ? __pfx_kthread+0x10/0x10 [ 141.271444] ret_from_fork_asm+0x1a/0x30 [ 141.271642] </TASK> [ 141.271761] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 140.638503] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 140.638607] WARNING: CPU: 1 PID: 2568 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 140.640956] Modules linked in: [ 140.641456] CPU: 1 UID: 0 PID: 2568 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 140.642496] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 140.642978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 140.643721] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 140.644078] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 6d 1d 80 00 48 c7 c1 a0 86 1e b2 4c 89 f2 48 c7 c7 60 83 1e b2 48 89 c6 e8 f4 ce 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 140.644556] RSP: 0000:ffff88810c98fd18 EFLAGS: 00010286 [ 140.645503] RAX: 0000000000000000 RBX: ffff8881090cc000 RCX: 1ffffffff65e4ce8 [ 140.646296] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 140.646729] RBP: ffff88810c98fd48 R08: 0000000000000000 R09: fffffbfff65e4ce8 [ 140.646933] R10: 0000000000000003 R11: 0000000000039408 R12: ffff88810c4e4800 [ 140.647149] R13: ffff8881090cc0f8 R14: ffff88810af13b80 R15: ffff88810039fb40 [ 140.647350] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 140.648068] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.648623] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 140.649452] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 140.649903] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 140.650278] Call Trace: [ 140.650509] <TASK> [ 140.650713] ? trace_preempt_on+0x20/0xc0 [ 140.651025] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 140.651602] drm_gem_shmem_free_wrapper+0x12/0x20 [ 140.651774] __kunit_action_free+0x57/0x70 [ 140.651927] kunit_remove_resource+0x133/0x200 [ 140.652222] ? preempt_count_sub+0x50/0x80 [ 140.652782] kunit_cleanup+0x7a/0x120 [ 140.653150] kunit_try_run_case_cleanup+0xbd/0xf0 [ 140.653471] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 140.653878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 140.654373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 140.655083] kthread+0x337/0x6f0 [ 140.655398] ? trace_preempt_on+0x20/0xc0 [ 140.655591] ? __pfx_kthread+0x10/0x10 [ 140.655830] ? _raw_spin_unlock_irq+0x47/0x80 [ 140.656298] ? calculate_sigpending+0x7b/0xa0 [ 140.656658] ? __pfx_kthread+0x10/0x10 [ 140.657070] ret_from_fork+0x116/0x1d0 [ 140.657627] ? __pfx_kthread+0x10/0x10 [ 140.658221] ret_from_fork_asm+0x1a/0x30 [ 140.658556] </TASK> [ 140.658821] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 140.509654] WARNING: CPU: 1 PID: 2549 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 140.510547] Modules linked in: [ 140.510761] CPU: 1 UID: 0 PID: 2549 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 140.511513] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 140.511777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 140.512573] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 140.513042] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 140.513741] RSP: 0000:ffff88810c047b30 EFLAGS: 00010246 [ 140.513956] RAX: dffffc0000000000 RBX: ffff88810c047c28 RCX: 0000000000000000 [ 140.514437] RDX: 1ffff11021808f8e RSI: ffff88810c047c28 RDI: ffff88810c047c70 [ 140.514842] RBP: ffff88810c047b70 R08: ffff88810bdd4000 R09: ffffffffb21d89e0 [ 140.515169] R10: 0000000000000003 R11: 00000000ae51693f R12: ffff88810bdd4000 [ 140.515464] R13: ffff88810039fae8 R14: ffff88810c047ba8 R15: 0000000000000000 [ 140.515964] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 140.516325] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.516670] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 140.517132] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 140.518536] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 140.519050] Call Trace: [ 140.519280] <TASK> [ 140.519404] ? add_dr+0xc1/0x1d0 [ 140.519583] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 140.519962] ? add_dr+0x148/0x1d0 [ 140.520128] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 140.520419] ? __drmm_add_action+0x1a4/0x280 [ 140.520636] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 140.521069] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 140.521547] ? __drmm_add_action_or_reset+0x22/0x50 [ 140.521794] ? __schedule+0x10cc/0x2b60 [ 140.522175] ? __pfx_read_tsc+0x10/0x10 [ 140.522384] ? ktime_get_ts64+0x86/0x230 [ 140.522569] kunit_try_run_case+0x1a5/0x480 [ 140.522772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 140.523012] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 140.523342] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 140.523619] ? __kthread_parkme+0x82/0x180 [ 140.523891] ? preempt_count_sub+0x50/0x80 [ 140.524150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 140.524401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 140.524649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 140.524921] kthread+0x337/0x6f0 [ 140.525400] ? trace_preempt_on+0x20/0xc0 [ 140.525935] ? __pfx_kthread+0x10/0x10 [ 140.526139] ? _raw_spin_unlock_irq+0x47/0x80 [ 140.526365] ? calculate_sigpending+0x7b/0xa0 [ 140.526563] ? __pfx_kthread+0x10/0x10 [ 140.526763] ret_from_fork+0x116/0x1d0 [ 140.527177] ? __pfx_kthread+0x10/0x10 [ 140.527410] ret_from_fork_asm+0x1a/0x30 [ 140.527621] </TASK> [ 140.527755] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 140.470364] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 140.470495] WARNING: CPU: 0 PID: 2545 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 140.471606] Modules linked in: [ 140.471773] CPU: 0 UID: 0 PID: 2545 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 140.473179] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 140.473934] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 140.474527] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 140.474716] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 3b 3a 87 00 48 c7 c1 c0 38 1d b2 4c 89 fa 48 c7 c7 20 39 1d b2 48 89 c6 e8 c2 eb 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 140.475790] RSP: 0000:ffff88810c75fb68 EFLAGS: 00010282 [ 140.476529] RAX: 0000000000000000 RBX: ffff88810c75fc40 RCX: 1ffffffff65e4ce8 [ 140.477356] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 140.477929] RBP: ffff88810c75fb90 R08: 0000000000000000 R09: fffffbfff65e4ce8 [ 140.478163] R10: 0000000000000003 R11: 0000000000037a18 R12: ffff88810c75fc18 [ 140.478395] R13: ffff88810c2f2800 R14: ffff88810c4ef000 R15: ffff88810c455380 [ 140.478737] FS: 0000000000000000(0000) GS:ffff8881a6e72000(0000) knlGS:0000000000000000 [ 140.479358] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 140.479711] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 140.480095] DR0: ffffffffb4252440 DR1: ffffffffb4252441 DR2: ffffffffb4252443 [ 140.480701] DR3: ffffffffb4252445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 140.481013] Call Trace: [ 140.481194] <TASK> [ 140.481356] drm_test_framebuffer_free+0x1ab/0x610 [ 140.481758] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 140.482076] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 140.482406] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 140.482678] ? __drmm_add_action_or_reset+0x22/0x50 [ 140.482970] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 140.483415] kunit_try_run_case+0x1a5/0x480 [ 140.483627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 140.484161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 140.484607] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 140.485044] ? __kthread_parkme+0x82/0x180 [ 140.485428] ? preempt_count_sub+0x50/0x80 [ 140.485767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 140.486170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 140.486413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 140.486679] kthread+0x337/0x6f0 [ 140.487137] ? trace_preempt_on+0x20/0xc0 [ 140.487587] ? __pfx_kthread+0x10/0x10 [ 140.487922] ? _raw_spin_unlock_irq+0x47/0x80 [ 140.488332] ? calculate_sigpending+0x7b/0xa0 [ 140.488648] ? __pfx_kthread+0x10/0x10 [ 140.489182] ret_from_fork+0x116/0x1d0 [ 140.489372] ? __pfx_kthread+0x10/0x10 [ 140.489546] ret_from_fork_asm+0x1a/0x30 [ 140.489737] </TASK> [ 140.490283] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 139.127155] WARNING: CPU: 0 PID: 1975 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 139.127676] Modules linked in: [ 139.128078] CPU: 0 UID: 0 PID: 1975 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 139.128632] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.128937] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.129861] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 139.130465] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 25 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 139.131764] RSP: 0000:ffff88810b98fc90 EFLAGS: 00010246 [ 139.132347] RAX: dffffc0000000000 RBX: ffff88810b7b4000 RCX: 0000000000000000 [ 139.133248] RDX: 1ffff110216f6832 RSI: ffffffffaf405968 RDI: ffff88810b7b4190 [ 139.134136] RBP: ffff88810b98fca0 R08: 1ffff11020073f69 R09: ffffed1021731f65 [ 139.134793] R10: 0000000000000003 R11: ffffffffade049da R12: 0000000000000000 [ 139.135730] R13: ffff88810b98fd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 139.136572] FS: 0000000000000000(0000) GS:ffff8881a6e72000(0000) knlGS:0000000000000000 [ 139.137081] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.137779] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 139.138495] DR0: ffffffffb4252440 DR1: ffffffffb4252441 DR2: ffffffffb4252443 [ 139.139378] DR3: ffffffffb4252445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.140090] Call Trace: [ 139.140222] <TASK> [ 139.140327] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 139.140567] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 139.141138] ? __schedule+0x10cc/0x2b60 [ 139.141604] ? __pfx_read_tsc+0x10/0x10 [ 139.142370] ? ktime_get_ts64+0x86/0x230 [ 139.142999] kunit_try_run_case+0x1a5/0x480 [ 139.143497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.144125] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.144353] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.144571] ? __kthread_parkme+0x82/0x180 [ 139.144753] ? preempt_count_sub+0x50/0x80 [ 139.145350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.145553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.145801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.146065] kthread+0x337/0x6f0 [ 139.146306] ? trace_preempt_on+0x20/0xc0 [ 139.146566] ? __pfx_kthread+0x10/0x10 [ 139.146764] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.147122] ? calculate_sigpending+0x7b/0xa0 [ 139.147329] ? __pfx_kthread+0x10/0x10 [ 139.147527] ret_from_fork+0x116/0x1d0 [ 139.147717] ? __pfx_kthread+0x10/0x10 [ 139.148117] ret_from_fork_asm+0x1a/0x30 [ 139.148324] </TASK> [ 139.148451] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 139.209306] WARNING: CPU: 1 PID: 1983 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 139.209662] Modules linked in: [ 139.209828] CPU: 1 UID: 0 PID: 1983 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 139.210503] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 139.210690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 139.211411] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 139.212052] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 25 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 139.213831] RSP: 0000:ffff88810b617c90 EFLAGS: 00010246 [ 139.214161] RAX: dffffc0000000000 RBX: ffff88810b94a000 RCX: 0000000000000000 [ 139.214889] RDX: 1ffff11021729432 RSI: ffffffffaf405968 RDI: ffff88810b94a190 [ 139.215370] RBP: ffff88810b617ca0 R08: 1ffff11020073f69 R09: ffffed10216c2f65 [ 139.215580] R10: 0000000000000003 R11: ffffffffae985b48 R12: 0000000000000000 [ 139.215783] R13: ffff88810b617d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 139.216545] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 139.217425] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 139.218016] CR2: 00007ffff7ffe000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 139.218727] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 139.219235] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 139.220071] Call Trace: [ 139.220175] <TASK> [ 139.220275] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 139.220493] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 139.220712] ? __schedule+0x10cc/0x2b60 [ 139.220874] ? __pfx_read_tsc+0x10/0x10 [ 139.221011] ? ktime_get_ts64+0x86/0x230 [ 139.221392] kunit_try_run_case+0x1a5/0x480 [ 139.221625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.221985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 139.222283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 139.222522] ? __kthread_parkme+0x82/0x180 [ 139.222682] ? preempt_count_sub+0x50/0x80 [ 139.222826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 139.223177] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 139.223610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 139.224068] kthread+0x337/0x6f0 [ 139.224249] ? trace_preempt_on+0x20/0xc0 [ 139.224523] ? __pfx_kthread+0x10/0x10 [ 139.224672] ? _raw_spin_unlock_irq+0x47/0x80 [ 139.225119] ? calculate_sigpending+0x7b/0xa0 [ 139.225310] ? __pfx_kthread+0x10/0x10 [ 139.225494] ret_from_fork+0x116/0x1d0 [ 139.225717] ? __pfx_kthread+0x10/0x10 [ 139.225920] ret_from_fork_asm+0x1a/0x30 [ 139.226252] </TASK> [ 139.226367] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 108.591226] WARNING: CPU: 1 PID: 673 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 108.592075] Modules linked in: [ 108.592443] CPU: 1 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 108.593860] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 108.594455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.595426] RIP: 0010:intlog10+0x2a/0x40 [ 108.595742] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 97 a8 86 02 90 <0f> 0b 90 31 c0 e9 8c a8 86 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 108.596558] RSP: 0000:ffff88810d8c7cb0 EFLAGS: 00010246 [ 108.596747] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021b18fb4 [ 108.596993] RDX: 1ffffffff6412db4 RSI: 1ffff11021b18fb3 RDI: 0000000000000000 [ 108.597368] RBP: ffff88810d8c7d60 R08: 0000000000000000 R09: ffffed10204e05a0 [ 108.597628] R10: ffff888102702d07 R11: 0000000000000000 R12: 1ffff11021b18f97 [ 108.598068] R13: ffffffffb2096da0 R14: 0000000000000000 R15: ffff88810d8c7d38 [ 108.598369] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 108.598676] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.598964] CR2: ffff88815a90e000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 108.599317] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 108.600049] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 108.600322] Call Trace: [ 108.600464] <TASK> [ 108.600589] ? intlog10_test+0xf2/0x220 [ 108.600786] ? __pfx_intlog10_test+0x10/0x10 [ 108.601270] ? __schedule+0x10cc/0x2b60 [ 108.601462] ? __pfx_read_tsc+0x10/0x10 [ 108.601647] ? ktime_get_ts64+0x86/0x230 [ 108.601930] kunit_try_run_case+0x1a5/0x480 [ 108.602134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.602322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 108.602545] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 108.602775] ? __kthread_parkme+0x82/0x180 [ 108.603073] ? preempt_count_sub+0x50/0x80 [ 108.603289] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.603464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 108.603727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 108.603979] kthread+0x337/0x6f0 [ 108.604116] ? trace_preempt_on+0x20/0xc0 [ 108.604403] ? __pfx_kthread+0x10/0x10 [ 108.604601] ? _raw_spin_unlock_irq+0x47/0x80 [ 108.604978] ? calculate_sigpending+0x7b/0xa0 [ 108.605198] ? __pfx_kthread+0x10/0x10 [ 108.605392] ret_from_fork+0x116/0x1d0 [ 108.605559] ? __pfx_kthread+0x10/0x10 [ 108.605736] ret_from_fork_asm+0x1a/0x30 [ 108.605977] </TASK> [ 108.606079] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 108.549123] WARNING: CPU: 1 PID: 655 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 108.549533] Modules linked in: [ 108.549745] CPU: 1 UID: 0 PID: 655 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc5 #1 PREEMPT(voluntary) [ 108.550367] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 108.550597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.550921] RIP: 0010:intlog2+0xdf/0x110 [ 108.551171] Code: 09 b2 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 02 a9 86 02 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 8f e8 55 ff 8b 45 e4 eb [ 108.552095] RSP: 0000:ffff888102bf7cb0 EFLAGS: 00010246 [ 108.552529] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff1102057efb4 [ 108.552904] RDX: 1ffffffff6412e08 RSI: 1ffff1102057efb3 RDI: 0000000000000000 [ 108.553239] RBP: ffff888102bf7d60 R08: 0000000000000000 R09: ffffed10204dcec0 [ 108.553504] R10: ffff8881026e7607 R11: 0000000000000000 R12: 1ffff1102057ef97 [ 108.553758] R13: ffffffffb2097040 R14: 0000000000000000 R15: ffff888102bf7d38 [ 108.554142] FS: 0000000000000000(0000) GS:ffff8881a6f72000(0000) knlGS:0000000000000000 [ 108.554458] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.554794] CR2: ffff88815a90e000 CR3: 000000002f2bc000 CR4: 00000000000006f0 [ 108.555211] DR0: ffffffffb4252444 DR1: ffffffffb4252449 DR2: ffffffffb425244a [ 108.555467] DR3: ffffffffb425244b DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 108.555898] Call Trace: [ 108.556077] <TASK> [ 108.556282] ? intlog2_test+0xf2/0x220 [ 108.556451] ? __pfx_intlog2_test+0x10/0x10 [ 108.556689] ? __schedule+0x10cc/0x2b60 [ 108.557059] ? __pfx_read_tsc+0x10/0x10 [ 108.557249] ? ktime_get_ts64+0x86/0x230 [ 108.557409] kunit_try_run_case+0x1a5/0x480 [ 108.557630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.558085] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 108.558288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 108.558453] ? __kthread_parkme+0x82/0x180 [ 108.558685] ? preempt_count_sub+0x50/0x80 [ 108.559282] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.559495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 108.559698] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 108.560350] kthread+0x337/0x6f0 [ 108.560596] ? trace_preempt_on+0x20/0xc0 [ 108.560781] ? __pfx_kthread+0x10/0x10 [ 108.560974] ? _raw_spin_unlock_irq+0x47/0x80 [ 108.561310] ? calculate_sigpending+0x7b/0xa0 [ 108.561605] ? __pfx_kthread+0x10/0x10 [ 108.561816] ret_from_fork+0x116/0x1d0 [ 108.562065] ? __pfx_kthread+0x10/0x10 [ 108.562229] ret_from_fork_asm+0x1a/0x30 [ 108.562504] </TASK> [ 108.562663] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 107.983169] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI