Date
July 23, 2025, 2:10 a.m.
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 13.049177] ================================================================== [ 13.049611] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.049962] Read of size 1 at addr ffff8881025cc37f by task kunit_try_catch/211 [ 13.050354] [ 13.050444] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.050485] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.050497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.050516] Call Trace: [ 13.050545] <TASK> [ 13.050560] dump_stack_lvl+0x73/0xb0 [ 13.050587] print_report+0xd1/0x610 [ 13.050620] ? __virt_addr_valid+0x1db/0x2d0 [ 13.050642] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.050664] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.050685] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.050707] kasan_report+0x141/0x180 [ 13.050728] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.050754] __asan_report_load1_noabort+0x18/0x20 [ 13.050777] ksize_unpoisons_memory+0x7b6/0x9b0 [ 13.050800] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.050830] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.050867] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.050893] kunit_try_run_case+0x1a5/0x480 [ 13.050917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.050957] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.050980] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.051002] ? __kthread_parkme+0x82/0x180 [ 13.051031] ? preempt_count_sub+0x50/0x80 [ 13.051053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.051076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.051098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.051122] kthread+0x337/0x6f0 [ 13.051141] ? trace_preempt_on+0x20/0xc0 [ 13.051162] ? __pfx_kthread+0x10/0x10 [ 13.051182] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.051202] ? calculate_sigpending+0x7b/0xa0 [ 13.051235] ? __pfx_kthread+0x10/0x10 [ 13.051255] ret_from_fork+0x116/0x1d0 [ 13.051273] ? __pfx_kthread+0x10/0x10 [ 13.051293] ret_from_fork_asm+0x1a/0x30 [ 13.051322] </TASK> [ 13.051332] [ 13.059278] Allocated by task 211: [ 13.059520] kasan_save_stack+0x45/0x70 [ 13.059669] kasan_save_track+0x18/0x40 [ 13.059805] kasan_save_alloc_info+0x3b/0x50 [ 13.060055] __kasan_kmalloc+0xb7/0xc0 [ 13.060244] __kmalloc_cache_noprof+0x189/0x420 [ 13.060450] ksize_unpoisons_memory+0xc7/0x9b0 [ 13.060649] kunit_try_run_case+0x1a5/0x480 [ 13.060906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.061200] kthread+0x337/0x6f0 [ 13.061330] ret_from_fork+0x116/0x1d0 [ 13.061569] ret_from_fork_asm+0x1a/0x30 [ 13.061789] [ 13.061894] The buggy address belongs to the object at ffff8881025cc300 [ 13.061894] which belongs to the cache kmalloc-128 of size 128 [ 13.062496] The buggy address is located 12 bytes to the right of [ 13.062496] allocated 115-byte region [ffff8881025cc300, ffff8881025cc373) [ 13.063034] [ 13.063134] The buggy address belongs to the physical page: [ 13.063416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 13.063764] flags: 0x200000000000000(node=0|zone=2) [ 13.064017] page_type: f5(slab) [ 13.064322] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.064668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.064994] page dumped because: kasan: bad access detected [ 13.065259] [ 13.065331] Memory state around the buggy address: [ 13.065626] ffff8881025cc200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.065937] ffff8881025cc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.066291] >ffff8881025cc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.066534] ^ [ 13.066749] ffff8881025cc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.066973] ffff8881025cc400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.067187] ================================================================== [ 13.029724] ================================================================== [ 13.030032] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.030441] Read of size 1 at addr ffff8881025cc378 by task kunit_try_catch/211 [ 13.030663] [ 13.030763] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.030804] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.030824] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.030843] Call Trace: [ 13.030857] <TASK> [ 13.030870] dump_stack_lvl+0x73/0xb0 [ 13.030895] print_report+0xd1/0x610 [ 13.030916] ? __virt_addr_valid+0x1db/0x2d0 [ 13.030937] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.030958] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.030980] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.031002] kasan_report+0x141/0x180 [ 13.031023] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.031049] __asan_report_load1_noabort+0x18/0x20 [ 13.031072] ksize_unpoisons_memory+0x7e9/0x9b0 [ 13.031095] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.031116] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.031145] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.031171] kunit_try_run_case+0x1a5/0x480 [ 13.031194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.031215] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.031237] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.031259] ? __kthread_parkme+0x82/0x180 [ 13.031278] ? preempt_count_sub+0x50/0x80 [ 13.031300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.031323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.031345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.031368] kthread+0x337/0x6f0 [ 13.031386] ? trace_preempt_on+0x20/0xc0 [ 13.031408] ? __pfx_kthread+0x10/0x10 [ 13.031427] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.031448] ? calculate_sigpending+0x7b/0xa0 [ 13.031470] ? __pfx_kthread+0x10/0x10 [ 13.031490] ret_from_fork+0x116/0x1d0 [ 13.031508] ? __pfx_kthread+0x10/0x10 [ 13.031527] ret_from_fork_asm+0x1a/0x30 [ 13.031557] </TASK> [ 13.031567] [ 13.039544] Allocated by task 211: [ 13.039735] kasan_save_stack+0x45/0x70 [ 13.039935] kasan_save_track+0x18/0x40 [ 13.040072] kasan_save_alloc_info+0x3b/0x50 [ 13.040300] __kasan_kmalloc+0xb7/0xc0 [ 13.040588] __kmalloc_cache_noprof+0x189/0x420 [ 13.040745] ksize_unpoisons_memory+0xc7/0x9b0 [ 13.041271] kunit_try_run_case+0x1a5/0x480 [ 13.041486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.041684] kthread+0x337/0x6f0 [ 13.041882] ret_from_fork+0x116/0x1d0 [ 13.042070] ret_from_fork_asm+0x1a/0x30 [ 13.042325] [ 13.042420] The buggy address belongs to the object at ffff8881025cc300 [ 13.042420] which belongs to the cache kmalloc-128 of size 128 [ 13.042932] The buggy address is located 5 bytes to the right of [ 13.042932] allocated 115-byte region [ffff8881025cc300, ffff8881025cc373) [ 13.043664] [ 13.044021] The buggy address belongs to the physical page: [ 13.044383] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 13.044740] flags: 0x200000000000000(node=0|zone=2) [ 13.044986] page_type: f5(slab) [ 13.045128] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.045362] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.045697] page dumped because: kasan: bad access detected [ 13.046034] [ 13.046179] Memory state around the buggy address: [ 13.046397] ffff8881025cc200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.046717] ffff8881025cc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.047040] >ffff8881025cc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.047464] ^ [ 13.047775] ffff8881025cc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.048039] ffff8881025cc400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.048509] ================================================================== [ 13.006184] ================================================================== [ 13.007335] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 13.007664] Read of size 1 at addr ffff8881025cc373 by task kunit_try_catch/211 [ 13.007966] [ 13.008077] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.008123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.008135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.008158] Call Trace: [ 13.008171] <TASK> [ 13.008189] dump_stack_lvl+0x73/0xb0 [ 13.008220] print_report+0xd1/0x610 [ 13.008242] ? __virt_addr_valid+0x1db/0x2d0 [ 13.008265] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 13.008287] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.008308] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 13.008330] kasan_report+0x141/0x180 [ 13.008351] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 13.008378] __asan_report_load1_noabort+0x18/0x20 [ 13.008401] ksize_unpoisons_memory+0x81c/0x9b0 [ 13.008423] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.008445] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.008474] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 13.008500] kunit_try_run_case+0x1a5/0x480 [ 13.008525] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.008546] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.008569] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.008686] ? __kthread_parkme+0x82/0x180 [ 13.008715] ? preempt_count_sub+0x50/0x80 [ 13.008742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.008765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.008788] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.008819] kthread+0x337/0x6f0 [ 13.008839] ? trace_preempt_on+0x20/0xc0 [ 13.008866] ? __pfx_kthread+0x10/0x10 [ 13.008885] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.008906] ? calculate_sigpending+0x7b/0xa0 [ 13.008929] ? __pfx_kthread+0x10/0x10 [ 13.008950] ret_from_fork+0x116/0x1d0 [ 13.008968] ? __pfx_kthread+0x10/0x10 [ 13.008987] ret_from_fork_asm+0x1a/0x30 [ 13.009016] </TASK> [ 13.009028] [ 13.019159] Allocated by task 211: [ 13.019708] kasan_save_stack+0x45/0x70 [ 13.019985] kasan_save_track+0x18/0x40 [ 13.020402] kasan_save_alloc_info+0x3b/0x50 [ 13.020607] __kasan_kmalloc+0xb7/0xc0 [ 13.020793] __kmalloc_cache_noprof+0x189/0x420 [ 13.021131] ksize_unpoisons_memory+0xc7/0x9b0 [ 13.021463] kunit_try_run_case+0x1a5/0x480 [ 13.021638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.021905] kthread+0x337/0x6f0 [ 13.022057] ret_from_fork+0x116/0x1d0 [ 13.022536] ret_from_fork_asm+0x1a/0x30 [ 13.022748] [ 13.022853] The buggy address belongs to the object at ffff8881025cc300 [ 13.022853] which belongs to the cache kmalloc-128 of size 128 [ 13.023433] The buggy address is located 0 bytes to the right of [ 13.023433] allocated 115-byte region [ffff8881025cc300, ffff8881025cc373) [ 13.024292] [ 13.024408] The buggy address belongs to the physical page: [ 13.024652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 13.025010] flags: 0x200000000000000(node=0|zone=2) [ 13.025497] page_type: f5(slab) [ 13.025642] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.026153] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.026621] page dumped because: kasan: bad access detected [ 13.026865] [ 13.026948] Memory state around the buggy address: [ 13.027149] ffff8881025cc200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.027445] ffff8881025cc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.027736] >ffff8881025cc300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 13.028033] ^ [ 13.028618] ffff8881025cc380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.028882] ffff8881025cc400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.029274] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kfree_sensitive
[ 12.966835] ================================================================== [ 12.967100] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 12.967528] Free of addr ffff8881025ca060 by task kunit_try_catch/209 [ 12.968244] [ 12.968419] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.968461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.968472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.968494] Call Trace: [ 12.968510] <TASK> [ 12.968525] dump_stack_lvl+0x73/0xb0 [ 12.968554] print_report+0xd1/0x610 [ 12.968575] ? __virt_addr_valid+0x1db/0x2d0 [ 12.968596] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.968617] ? kfree_sensitive+0x2e/0x90 [ 12.968638] kasan_report_invalid_free+0x10a/0x130 [ 12.968661] ? kfree_sensitive+0x2e/0x90 [ 12.968682] ? kfree_sensitive+0x2e/0x90 [ 12.968701] check_slab_allocation+0x101/0x130 [ 12.968721] __kasan_slab_pre_free+0x28/0x40 [ 12.968741] kfree+0xf0/0x3f0 [ 12.968762] ? kfree_sensitive+0x2e/0x90 [ 12.968783] kfree_sensitive+0x2e/0x90 [ 12.968802] kmalloc_double_kzfree+0x19c/0x350 [ 12.968836] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.968862] ? __schedule+0x10c6/0x2b60 [ 12.968884] ? __pfx_read_tsc+0x10/0x10 [ 12.968904] ? ktime_get_ts64+0x86/0x230 [ 12.968926] kunit_try_run_case+0x1a5/0x480 [ 12.968949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.968971] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.968994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.969016] ? __kthread_parkme+0x82/0x180 [ 12.969035] ? preempt_count_sub+0x50/0x80 [ 12.969057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.969079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.969101] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.969124] kthread+0x337/0x6f0 [ 12.969142] ? trace_preempt_on+0x20/0xc0 [ 12.969164] ? __pfx_kthread+0x10/0x10 [ 12.969194] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.969214] ? calculate_sigpending+0x7b/0xa0 [ 12.969237] ? __pfx_kthread+0x10/0x10 [ 12.969258] ret_from_fork+0x116/0x1d0 [ 12.969275] ? __pfx_kthread+0x10/0x10 [ 12.969295] ret_from_fork_asm+0x1a/0x30 [ 12.969324] </TASK> [ 12.969333] [ 12.983217] Allocated by task 209: [ 12.983601] kasan_save_stack+0x45/0x70 [ 12.983985] kasan_save_track+0x18/0x40 [ 12.984353] kasan_save_alloc_info+0x3b/0x50 [ 12.984553] __kasan_kmalloc+0xb7/0xc0 [ 12.984689] __kmalloc_cache_noprof+0x189/0x420 [ 12.984860] kmalloc_double_kzfree+0xa9/0x350 [ 12.985358] kunit_try_run_case+0x1a5/0x480 [ 12.985797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.986301] kthread+0x337/0x6f0 [ 12.986635] ret_from_fork+0x116/0x1d0 [ 12.987004] ret_from_fork_asm+0x1a/0x30 [ 12.987417] [ 12.987576] Freed by task 209: [ 12.987951] kasan_save_stack+0x45/0x70 [ 12.988216] kasan_save_track+0x18/0x40 [ 12.988479] kasan_save_free_info+0x3f/0x60 [ 12.988731] __kasan_slab_free+0x56/0x70 [ 12.989227] kfree+0x222/0x3f0 [ 12.989514] kfree_sensitive+0x67/0x90 [ 12.989835] kmalloc_double_kzfree+0x12b/0x350 [ 12.989988] kunit_try_run_case+0x1a5/0x480 [ 12.990157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.990399] kthread+0x337/0x6f0 [ 12.990537] ret_from_fork+0x116/0x1d0 [ 12.990670] ret_from_fork_asm+0x1a/0x30 [ 12.990808] [ 12.990894] The buggy address belongs to the object at ffff8881025ca060 [ 12.990894] which belongs to the cache kmalloc-16 of size 16 [ 12.991603] The buggy address is located 0 bytes inside of [ 12.991603] 16-byte region [ffff8881025ca060, ffff8881025ca070) [ 12.992772] [ 12.992950] The buggy address belongs to the physical page: [ 12.993461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 12.994263] flags: 0x200000000000000(node=0|zone=2) [ 12.994707] page_type: f5(slab) [ 12.995027] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.995594] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.995847] page dumped because: kasan: bad access detected [ 12.996023] [ 12.996106] Memory state around the buggy address: [ 12.996519] ffff8881025c9f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.997367] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.998007] >ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.998729] ^ [ 12.999330] ffff8881025ca080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.000140] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.000588] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 12.929765] ================================================================== [ 12.931415] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 12.931842] Read of size 1 at addr ffff8881025ca060 by task kunit_try_catch/209 [ 12.932253] [ 12.932698] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.932754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.932766] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.932787] Call Trace: [ 12.932799] <TASK> [ 12.932824] dump_stack_lvl+0x73/0xb0 [ 12.932861] print_report+0xd1/0x610 [ 12.932883] ? __virt_addr_valid+0x1db/0x2d0 [ 12.932905] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.932927] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.932949] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.932972] kasan_report+0x141/0x180 [ 12.932993] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.933017] ? kmalloc_double_kzfree+0x19c/0x350 [ 12.933040] __kasan_check_byte+0x3d/0x50 [ 12.933060] kfree_sensitive+0x22/0x90 [ 12.933083] kmalloc_double_kzfree+0x19c/0x350 [ 12.933105] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 12.933130] ? __schedule+0x10c6/0x2b60 [ 12.933152] ? __pfx_read_tsc+0x10/0x10 [ 12.933172] ? ktime_get_ts64+0x86/0x230 [ 12.933196] kunit_try_run_case+0x1a5/0x480 [ 12.933220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.933253] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.933276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.933299] ? __kthread_parkme+0x82/0x180 [ 12.933330] ? preempt_count_sub+0x50/0x80 [ 12.933353] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.933388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.933411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.933434] kthread+0x337/0x6f0 [ 12.933453] ? trace_preempt_on+0x20/0xc0 [ 12.933475] ? __pfx_kthread+0x10/0x10 [ 12.933495] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.933516] ? calculate_sigpending+0x7b/0xa0 [ 12.933538] ? __pfx_kthread+0x10/0x10 [ 12.933559] ret_from_fork+0x116/0x1d0 [ 12.933577] ? __pfx_kthread+0x10/0x10 [ 12.933597] ret_from_fork_asm+0x1a/0x30 [ 12.933626] </TASK> [ 12.933636] [ 12.947840] Allocated by task 209: [ 12.947974] kasan_save_stack+0x45/0x70 [ 12.948138] kasan_save_track+0x18/0x40 [ 12.948524] kasan_save_alloc_info+0x3b/0x50 [ 12.948923] __kasan_kmalloc+0xb7/0xc0 [ 12.949342] __kmalloc_cache_noprof+0x189/0x420 [ 12.949796] kmalloc_double_kzfree+0xa9/0x350 [ 12.950283] kunit_try_run_case+0x1a5/0x480 [ 12.950696] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.951196] kthread+0x337/0x6f0 [ 12.951499] ret_from_fork+0x116/0x1d0 [ 12.951915] ret_from_fork_asm+0x1a/0x30 [ 12.952328] [ 12.952487] Freed by task 209: [ 12.952793] kasan_save_stack+0x45/0x70 [ 12.953197] kasan_save_track+0x18/0x40 [ 12.953593] kasan_save_free_info+0x3f/0x60 [ 12.953900] __kasan_slab_free+0x56/0x70 [ 12.954044] kfree+0x222/0x3f0 [ 12.954242] kfree_sensitive+0x67/0x90 [ 12.954577] kmalloc_double_kzfree+0x12b/0x350 [ 12.955034] kunit_try_run_case+0x1a5/0x480 [ 12.955489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.956009] kthread+0x337/0x6f0 [ 12.956338] ret_from_fork+0x116/0x1d0 [ 12.956724] ret_from_fork_asm+0x1a/0x30 [ 12.957010] [ 12.957182] The buggy address belongs to the object at ffff8881025ca060 [ 12.957182] which belongs to the cache kmalloc-16 of size 16 [ 12.957691] The buggy address is located 0 bytes inside of [ 12.957691] freed 16-byte region [ffff8881025ca060, ffff8881025ca070) [ 12.958809] [ 12.958995] The buggy address belongs to the physical page: [ 12.959546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 12.959965] flags: 0x200000000000000(node=0|zone=2) [ 12.960198] page_type: f5(slab) [ 12.960508] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.961288] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.962038] page dumped because: kasan: bad access detected [ 12.962561] [ 12.962647] Memory state around the buggy address: [ 12.962803] ffff8881025c9f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.963427] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.964208] >ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 12.964982] ^ [ 12.965593] ffff8881025ca080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.966118] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.966373] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 12.897708] ================================================================== [ 12.898252] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 12.898587] Read of size 1 at addr ffff888102b02e28 by task kunit_try_catch/205 [ 12.899182] [ 12.899506] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.899554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.899741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.899766] Call Trace: [ 12.899780] <TASK> [ 12.899795] dump_stack_lvl+0x73/0xb0 [ 12.899839] print_report+0xd1/0x610 [ 12.899861] ? __virt_addr_valid+0x1db/0x2d0 [ 12.899883] ? kmalloc_uaf2+0x4a8/0x520 [ 12.899902] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.899923] ? kmalloc_uaf2+0x4a8/0x520 [ 12.899942] kasan_report+0x141/0x180 [ 12.899963] ? kmalloc_uaf2+0x4a8/0x520 [ 12.899987] __asan_report_load1_noabort+0x18/0x20 [ 12.900010] kmalloc_uaf2+0x4a8/0x520 [ 12.900030] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 12.900049] ? finish_task_switch.isra.0+0x153/0x700 [ 12.900070] ? __switch_to+0x47/0xf50 [ 12.900118] ? __schedule+0x10c6/0x2b60 [ 12.900140] ? __pfx_read_tsc+0x10/0x10 [ 12.900159] ? ktime_get_ts64+0x86/0x230 [ 12.900182] kunit_try_run_case+0x1a5/0x480 [ 12.900230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.900252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.900275] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.900297] ? __kthread_parkme+0x82/0x180 [ 12.900316] ? preempt_count_sub+0x50/0x80 [ 12.900338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.900361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.900383] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.900407] kthread+0x337/0x6f0 [ 12.900426] ? trace_preempt_on+0x20/0xc0 [ 12.900448] ? __pfx_kthread+0x10/0x10 [ 12.900468] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.900488] ? calculate_sigpending+0x7b/0xa0 [ 12.900512] ? __pfx_kthread+0x10/0x10 [ 12.900532] ret_from_fork+0x116/0x1d0 [ 12.900550] ? __pfx_kthread+0x10/0x10 [ 12.900570] ret_from_fork_asm+0x1a/0x30 [ 12.900600] </TASK> [ 12.900610] [ 12.911072] Allocated by task 205: [ 12.911730] kasan_save_stack+0x45/0x70 [ 12.911927] kasan_save_track+0x18/0x40 [ 12.912071] kasan_save_alloc_info+0x3b/0x50 [ 12.912360] __kasan_kmalloc+0xb7/0xc0 [ 12.912621] __kmalloc_cache_noprof+0x189/0x420 [ 12.912857] kmalloc_uaf2+0xc6/0x520 [ 12.913025] kunit_try_run_case+0x1a5/0x480 [ 12.913488] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.913797] kthread+0x337/0x6f0 [ 12.913936] ret_from_fork+0x116/0x1d0 [ 12.914227] ret_from_fork_asm+0x1a/0x30 [ 12.914699] [ 12.914798] Freed by task 205: [ 12.915037] kasan_save_stack+0x45/0x70 [ 12.915360] kasan_save_track+0x18/0x40 [ 12.915644] kasan_save_free_info+0x3f/0x60 [ 12.915922] __kasan_slab_free+0x56/0x70 [ 12.916169] kfree+0x222/0x3f0 [ 12.916390] kmalloc_uaf2+0x14c/0x520 [ 12.916562] kunit_try_run_case+0x1a5/0x480 [ 12.916747] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.917000] kthread+0x337/0x6f0 [ 12.917432] ret_from_fork+0x116/0x1d0 [ 12.917610] ret_from_fork_asm+0x1a/0x30 [ 12.917801] [ 12.918029] The buggy address belongs to the object at ffff888102b02e00 [ 12.918029] which belongs to the cache kmalloc-64 of size 64 [ 12.918668] The buggy address is located 40 bytes inside of [ 12.918668] freed 64-byte region [ffff888102b02e00, ffff888102b02e40) [ 12.919164] [ 12.919250] The buggy address belongs to the physical page: [ 12.919505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b02 [ 12.919840] flags: 0x200000000000000(node=0|zone=2) [ 12.920066] page_type: f5(slab) [ 12.920851] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.921143] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.921710] page dumped because: kasan: bad access detected [ 12.922076] [ 12.922169] Memory state around the buggy address: [ 12.922537] ffff888102b02d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.923010] ffff888102b02d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.923450] >ffff888102b02e00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.923747] ^ [ 12.923957] ffff888102b02e80: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 12.924658] ffff888102b02f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.924965] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 12.859349] ================================================================== [ 12.860378] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 12.861099] Write of size 33 at addr ffff888102b02d80 by task kunit_try_catch/203 [ 12.862191] [ 12.862373] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.862417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.862443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.862464] Call Trace: [ 12.862475] <TASK> [ 12.862490] dump_stack_lvl+0x73/0xb0 [ 12.862527] print_report+0xd1/0x610 [ 12.862549] ? __virt_addr_valid+0x1db/0x2d0 [ 12.862570] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.862591] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.862612] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.862633] kasan_report+0x141/0x180 [ 12.862654] ? kmalloc_uaf_memset+0x1a3/0x360 [ 12.862679] kasan_check_range+0x10c/0x1c0 [ 12.862702] __asan_memset+0x27/0x50 [ 12.862721] kmalloc_uaf_memset+0x1a3/0x360 [ 12.862741] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 12.862762] ? __schedule+0x10c6/0x2b60 [ 12.862785] ? __pfx_read_tsc+0x10/0x10 [ 12.862805] ? ktime_get_ts64+0x86/0x230 [ 12.862838] kunit_try_run_case+0x1a5/0x480 [ 12.862862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.862884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.862907] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.862929] ? __kthread_parkme+0x82/0x180 [ 12.862949] ? preempt_count_sub+0x50/0x80 [ 12.862971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.862994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.863017] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.863039] kthread+0x337/0x6f0 [ 12.863058] ? trace_preempt_on+0x20/0xc0 [ 12.863080] ? __pfx_kthread+0x10/0x10 [ 12.863100] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.863121] ? calculate_sigpending+0x7b/0xa0 [ 12.863144] ? __pfx_kthread+0x10/0x10 [ 12.863164] ret_from_fork+0x116/0x1d0 [ 12.863182] ? __pfx_kthread+0x10/0x10 [ 12.863202] ret_from_fork_asm+0x1a/0x30 [ 12.863233] </TASK> [ 12.863243] [ 12.878058] Allocated by task 203: [ 12.878430] kasan_save_stack+0x45/0x70 [ 12.878928] kasan_save_track+0x18/0x40 [ 12.879468] kasan_save_alloc_info+0x3b/0x50 [ 12.879900] __kasan_kmalloc+0xb7/0xc0 [ 12.880340] __kmalloc_cache_noprof+0x189/0x420 [ 12.880776] kmalloc_uaf_memset+0xa9/0x360 [ 12.881095] kunit_try_run_case+0x1a5/0x480 [ 12.881415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.881608] kthread+0x337/0x6f0 [ 12.881731] ret_from_fork+0x116/0x1d0 [ 12.881881] ret_from_fork_asm+0x1a/0x30 [ 12.882024] [ 12.882107] Freed by task 203: [ 12.882405] kasan_save_stack+0x45/0x70 [ 12.882852] kasan_save_track+0x18/0x40 [ 12.883285] kasan_save_free_info+0x3f/0x60 [ 12.883694] __kasan_slab_free+0x56/0x70 [ 12.884078] kfree+0x222/0x3f0 [ 12.884494] kmalloc_uaf_memset+0x12b/0x360 [ 12.884904] kunit_try_run_case+0x1a5/0x480 [ 12.885365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.885863] kthread+0x337/0x6f0 [ 12.886197] ret_from_fork+0x116/0x1d0 [ 12.886630] ret_from_fork_asm+0x1a/0x30 [ 12.887030] [ 12.887224] The buggy address belongs to the object at ffff888102b02d80 [ 12.887224] which belongs to the cache kmalloc-64 of size 64 [ 12.887825] The buggy address is located 0 bytes inside of [ 12.887825] freed 64-byte region [ffff888102b02d80, ffff888102b02dc0) [ 12.888439] [ 12.888704] The buggy address belongs to the physical page: [ 12.889340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b02 [ 12.890050] flags: 0x200000000000000(node=0|zone=2) [ 12.890709] page_type: f5(slab) [ 12.891033] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.891708] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.891978] page dumped because: kasan: bad access detected [ 12.892265] [ 12.892470] Memory state around the buggy address: [ 12.892730] ffff888102b02c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.893042] ffff888102b02d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.893332] >ffff888102b02d80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.893708] ^ [ 12.893880] ffff888102b02e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.894247] ffff888102b02e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.894560] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 12.833467] ================================================================== [ 12.834430] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 12.834754] Read of size 1 at addr ffff888102261f88 by task kunit_try_catch/201 [ 12.835075] [ 12.835197] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.835239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.835250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.835270] Call Trace: [ 12.835281] <TASK> [ 12.835295] dump_stack_lvl+0x73/0xb0 [ 12.835323] print_report+0xd1/0x610 [ 12.835344] ? __virt_addr_valid+0x1db/0x2d0 [ 12.835366] ? kmalloc_uaf+0x320/0x380 [ 12.835385] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.835406] ? kmalloc_uaf+0x320/0x380 [ 12.835425] kasan_report+0x141/0x180 [ 12.835446] ? kmalloc_uaf+0x320/0x380 [ 12.835470] __asan_report_load1_noabort+0x18/0x20 [ 12.835493] kmalloc_uaf+0x320/0x380 [ 12.835513] ? __pfx_kmalloc_uaf+0x10/0x10 [ 12.835533] ? __schedule+0x10c6/0x2b60 [ 12.835555] ? __pfx_read_tsc+0x10/0x10 [ 12.835574] ? ktime_get_ts64+0x86/0x230 [ 12.835597] kunit_try_run_case+0x1a5/0x480 [ 12.835621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.835643] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.835666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.835688] ? __kthread_parkme+0x82/0x180 [ 12.835708] ? preempt_count_sub+0x50/0x80 [ 12.835731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.835754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.835776] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.835799] kthread+0x337/0x6f0 [ 12.835830] ? trace_preempt_on+0x20/0xc0 [ 12.835852] ? __pfx_kthread+0x10/0x10 [ 12.835872] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.835893] ? calculate_sigpending+0x7b/0xa0 [ 12.835916] ? __pfx_kthread+0x10/0x10 [ 12.835937] ret_from_fork+0x116/0x1d0 [ 12.835955] ? __pfx_kthread+0x10/0x10 [ 12.835975] ret_from_fork_asm+0x1a/0x30 [ 12.836003] </TASK> [ 12.836013] [ 12.842738] Allocated by task 201: [ 12.842927] kasan_save_stack+0x45/0x70 [ 12.843395] kasan_save_track+0x18/0x40 [ 12.843582] kasan_save_alloc_info+0x3b/0x50 [ 12.843775] __kasan_kmalloc+0xb7/0xc0 [ 12.843972] __kmalloc_cache_noprof+0x189/0x420 [ 12.844193] kmalloc_uaf+0xaa/0x380 [ 12.844389] kunit_try_run_case+0x1a5/0x480 [ 12.844541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.844718] kthread+0x337/0x6f0 [ 12.844857] ret_from_fork+0x116/0x1d0 [ 12.844994] ret_from_fork_asm+0x1a/0x30 [ 12.845215] [ 12.845310] Freed by task 201: [ 12.845581] kasan_save_stack+0x45/0x70 [ 12.846017] kasan_save_track+0x18/0x40 [ 12.846173] kasan_save_free_info+0x3f/0x60 [ 12.846364] __kasan_slab_free+0x56/0x70 [ 12.846503] kfree+0x222/0x3f0 [ 12.846621] kmalloc_uaf+0x12c/0x380 [ 12.846924] kunit_try_run_case+0x1a5/0x480 [ 12.847150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.847549] kthread+0x337/0x6f0 [ 12.847730] ret_from_fork+0x116/0x1d0 [ 12.847935] ret_from_fork_asm+0x1a/0x30 [ 12.848188] [ 12.848287] The buggy address belongs to the object at ffff888102261f80 [ 12.848287] which belongs to the cache kmalloc-16 of size 16 [ 12.848669] The buggy address is located 8 bytes inside of [ 12.848669] freed 16-byte region [ffff888102261f80, ffff888102261f90) [ 12.850758] [ 12.851141] The buggy address belongs to the physical page: [ 12.852012] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102261 [ 12.852771] flags: 0x200000000000000(node=0|zone=2) [ 12.852961] page_type: f5(slab) [ 12.853090] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.853316] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.853535] page dumped because: kasan: bad access detected [ 12.853702] [ 12.853772] Memory state around the buggy address: [ 12.853937] ffff888102261e80: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 12.854151] ffff888102261f00: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 12.854361] >ffff888102261f80: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.854574] ^ [ 12.854700] ffff888102262000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.855253] ffff888102262080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 12.856055] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 12.811686] ================================================================== [ 12.812225] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.812533] Read of size 64 at addr ffff888102b02b04 by task kunit_try_catch/199 [ 12.812973] [ 12.813071] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.813113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.813125] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.813146] Call Trace: [ 12.813158] <TASK> [ 12.813171] dump_stack_lvl+0x73/0xb0 [ 12.813199] print_report+0xd1/0x610 [ 12.813443] ? __virt_addr_valid+0x1db/0x2d0 [ 12.813467] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.813492] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.813513] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.813537] kasan_report+0x141/0x180 [ 12.813559] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.813587] kasan_check_range+0x10c/0x1c0 [ 12.813610] __asan_memmove+0x27/0x70 [ 12.813629] kmalloc_memmove_invalid_size+0x16f/0x330 [ 12.813653] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 12.813678] ? __schedule+0x10c6/0x2b60 [ 12.813700] ? __pfx_read_tsc+0x10/0x10 [ 12.813720] ? ktime_get_ts64+0x86/0x230 [ 12.813744] kunit_try_run_case+0x1a5/0x480 [ 12.813768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.813789] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.813826] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.813849] ? __kthread_parkme+0x82/0x180 [ 12.813869] ? preempt_count_sub+0x50/0x80 [ 12.813891] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.813914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.813937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.813960] kthread+0x337/0x6f0 [ 12.813979] ? trace_preempt_on+0x20/0xc0 [ 12.814001] ? __pfx_kthread+0x10/0x10 [ 12.814021] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.814041] ? calculate_sigpending+0x7b/0xa0 [ 12.814065] ? __pfx_kthread+0x10/0x10 [ 12.814086] ret_from_fork+0x116/0x1d0 [ 12.814112] ? __pfx_kthread+0x10/0x10 [ 12.814132] ret_from_fork_asm+0x1a/0x30 [ 12.814161] </TASK> [ 12.814171] [ 12.822037] Allocated by task 199: [ 12.822308] kasan_save_stack+0x45/0x70 [ 12.822510] kasan_save_track+0x18/0x40 [ 12.822677] kasan_save_alloc_info+0x3b/0x50 [ 12.822874] __kasan_kmalloc+0xb7/0xc0 [ 12.823040] __kmalloc_cache_noprof+0x189/0x420 [ 12.823346] kmalloc_memmove_invalid_size+0xac/0x330 [ 12.823562] kunit_try_run_case+0x1a5/0x480 [ 12.823710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.823897] kthread+0x337/0x6f0 [ 12.824058] ret_from_fork+0x116/0x1d0 [ 12.824242] ret_from_fork_asm+0x1a/0x30 [ 12.824708] [ 12.824832] The buggy address belongs to the object at ffff888102b02b00 [ 12.824832] which belongs to the cache kmalloc-64 of size 64 [ 12.825529] The buggy address is located 4 bytes inside of [ 12.825529] allocated 64-byte region [ffff888102b02b00, ffff888102b02b40) [ 12.826003] [ 12.826077] The buggy address belongs to the physical page: [ 12.826513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b02 [ 12.826832] flags: 0x200000000000000(node=0|zone=2) [ 12.827046] page_type: f5(slab) [ 12.827199] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.827562] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.827883] page dumped because: kasan: bad access detected [ 12.828069] [ 12.828363] Memory state around the buggy address: [ 12.828593] ffff888102b02a00: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 12.828882] ffff888102b02a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.829166] >ffff888102b02b00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.829479] ^ [ 12.829728] ffff888102b02b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.830024] ffff888102b02c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.830283] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 12.789107] ================================================================== [ 12.789823] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 12.790224] Read of size 18446744073709551614 at addr ffff888102b02984 by task kunit_try_catch/197 [ 12.790611] [ 12.790725] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.790768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.790780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.790801] Call Trace: [ 12.790826] <TASK> [ 12.790842] dump_stack_lvl+0x73/0xb0 [ 12.790871] print_report+0xd1/0x610 [ 12.790892] ? __virt_addr_valid+0x1db/0x2d0 [ 12.790914] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.790938] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.790959] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.790999] kasan_report+0x141/0x180 [ 12.791021] ? kmalloc_memmove_negative_size+0x171/0x330 [ 12.791051] kasan_check_range+0x10c/0x1c0 [ 12.791074] __asan_memmove+0x27/0x70 [ 12.791093] kmalloc_memmove_negative_size+0x171/0x330 [ 12.791117] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 12.791142] ? __schedule+0x10c6/0x2b60 [ 12.791165] ? __pfx_read_tsc+0x10/0x10 [ 12.791185] ? ktime_get_ts64+0x86/0x230 [ 12.791208] kunit_try_run_case+0x1a5/0x480 [ 12.791232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.791253] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.791276] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.791299] ? __kthread_parkme+0x82/0x180 [ 12.791319] ? preempt_count_sub+0x50/0x80 [ 12.791341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.791364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.791387] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.791411] kthread+0x337/0x6f0 [ 12.791431] ? trace_preempt_on+0x20/0xc0 [ 12.791453] ? __pfx_kthread+0x10/0x10 [ 12.791473] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.791494] ? calculate_sigpending+0x7b/0xa0 [ 12.791517] ? __pfx_kthread+0x10/0x10 [ 12.791538] ret_from_fork+0x116/0x1d0 [ 12.791556] ? __pfx_kthread+0x10/0x10 [ 12.791576] ret_from_fork_asm+0x1a/0x30 [ 12.791605] </TASK> [ 12.791615] [ 12.799166] Allocated by task 197: [ 12.799510] kasan_save_stack+0x45/0x70 [ 12.799722] kasan_save_track+0x18/0x40 [ 12.799917] kasan_save_alloc_info+0x3b/0x50 [ 12.800135] __kasan_kmalloc+0xb7/0xc0 [ 12.800414] __kmalloc_cache_noprof+0x189/0x420 [ 12.800619] kmalloc_memmove_negative_size+0xac/0x330 [ 12.800844] kunit_try_run_case+0x1a5/0x480 [ 12.800993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.801279] kthread+0x337/0x6f0 [ 12.801625] ret_from_fork+0x116/0x1d0 [ 12.801834] ret_from_fork_asm+0x1a/0x30 [ 12.802022] [ 12.802107] The buggy address belongs to the object at ffff888102b02980 [ 12.802107] which belongs to the cache kmalloc-64 of size 64 [ 12.802701] The buggy address is located 4 bytes inside of [ 12.802701] 64-byte region [ffff888102b02980, ffff888102b029c0) [ 12.803212] [ 12.803296] The buggy address belongs to the physical page: [ 12.803536] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b02 [ 12.803848] flags: 0x200000000000000(node=0|zone=2) [ 12.804081] page_type: f5(slab) [ 12.804395] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 12.804671] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 12.804916] page dumped because: kasan: bad access detected [ 12.805091] [ 12.805162] Memory state around the buggy address: [ 12.805317] ffff888102b02880: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 12.805624] ffff888102b02900: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.806344] >ffff888102b02980: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 12.806629] ^ [ 12.806747] ffff888102b02a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.806976] ffff888102b02a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.807191] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 12.766472] ================================================================== [ 12.766950] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 12.767318] Write of size 16 at addr ffff8881025cc269 by task kunit_try_catch/195 [ 12.767703] [ 12.767827] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.767871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.767883] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.767903] Call Trace: [ 12.767914] <TASK> [ 12.767929] dump_stack_lvl+0x73/0xb0 [ 12.767957] print_report+0xd1/0x610 [ 12.767978] ? __virt_addr_valid+0x1db/0x2d0 [ 12.767999] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.768020] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.768041] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.768063] kasan_report+0x141/0x180 [ 12.768084] ? kmalloc_oob_memset_16+0x166/0x330 [ 12.768128] kasan_check_range+0x10c/0x1c0 [ 12.768150] __asan_memset+0x27/0x50 [ 12.768169] kmalloc_oob_memset_16+0x166/0x330 [ 12.768191] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 12.768213] ? __schedule+0x10c6/0x2b60 [ 12.768235] ? __pfx_read_tsc+0x10/0x10 [ 12.768255] ? ktime_get_ts64+0x86/0x230 [ 12.768279] kunit_try_run_case+0x1a5/0x480 [ 12.768302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.768324] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.768347] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.768369] ? __kthread_parkme+0x82/0x180 [ 12.768389] ? preempt_count_sub+0x50/0x80 [ 12.768412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.768435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.768457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.768480] kthread+0x337/0x6f0 [ 12.768499] ? trace_preempt_on+0x20/0xc0 [ 12.768521] ? __pfx_kthread+0x10/0x10 [ 12.768541] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.768562] ? calculate_sigpending+0x7b/0xa0 [ 12.768585] ? __pfx_kthread+0x10/0x10 [ 12.768606] ret_from_fork+0x116/0x1d0 [ 12.768625] ? __pfx_kthread+0x10/0x10 [ 12.768645] ret_from_fork_asm+0x1a/0x30 [ 12.768674] </TASK> [ 12.768684] [ 12.776283] Allocated by task 195: [ 12.776418] kasan_save_stack+0x45/0x70 [ 12.776564] kasan_save_track+0x18/0x40 [ 12.776699] kasan_save_alloc_info+0x3b/0x50 [ 12.776864] __kasan_kmalloc+0xb7/0xc0 [ 12.777063] __kmalloc_cache_noprof+0x189/0x420 [ 12.777361] kmalloc_oob_memset_16+0xac/0x330 [ 12.777580] kunit_try_run_case+0x1a5/0x480 [ 12.777788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.778069] kthread+0x337/0x6f0 [ 12.778291] ret_from_fork+0x116/0x1d0 [ 12.778691] ret_from_fork_asm+0x1a/0x30 [ 12.778853] [ 12.778926] The buggy address belongs to the object at ffff8881025cc200 [ 12.778926] which belongs to the cache kmalloc-128 of size 128 [ 12.780006] The buggy address is located 105 bytes inside of [ 12.780006] allocated 120-byte region [ffff8881025cc200, ffff8881025cc278) [ 12.780594] [ 12.780687] The buggy address belongs to the physical page: [ 12.780922] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 12.781350] flags: 0x200000000000000(node=0|zone=2) [ 12.781540] page_type: f5(slab) [ 12.781705] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.782023] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.782384] page dumped because: kasan: bad access detected [ 12.782562] [ 12.782633] Memory state around the buggy address: [ 12.782792] ffff8881025cc100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.783119] ffff8881025cc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.783516] >ffff8881025cc200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.783759] ^ [ 12.783988] ffff8881025cc280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.784427] ffff8881025cc300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.784755] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 12.735602] ================================================================== [ 12.736599] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 12.736864] Write of size 8 at addr ffff8881025cc171 by task kunit_try_catch/193 [ 12.737105] [ 12.737199] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.737244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.737257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.737279] Call Trace: [ 12.737292] <TASK> [ 12.737308] dump_stack_lvl+0x73/0xb0 [ 12.737337] print_report+0xd1/0x610 [ 12.737358] ? __virt_addr_valid+0x1db/0x2d0 [ 12.737381] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.737401] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.737422] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.737443] kasan_report+0x141/0x180 [ 12.737464] ? kmalloc_oob_memset_8+0x166/0x330 [ 12.737489] kasan_check_range+0x10c/0x1c0 [ 12.737511] __asan_memset+0x27/0x50 [ 12.737529] kmalloc_oob_memset_8+0x166/0x330 [ 12.737551] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 12.737572] ? __schedule+0x10c6/0x2b60 [ 12.737594] ? __pfx_read_tsc+0x10/0x10 [ 12.737614] ? ktime_get_ts64+0x86/0x230 [ 12.737638] kunit_try_run_case+0x1a5/0x480 [ 12.737661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.737705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.737727] ? __kthread_parkme+0x82/0x180 [ 12.737747] ? preempt_count_sub+0x50/0x80 [ 12.737769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.737792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.737826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.737849] kthread+0x337/0x6f0 [ 12.737868] ? trace_preempt_on+0x20/0xc0 [ 12.737891] ? __pfx_kthread+0x10/0x10 [ 12.737912] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.738359] ? calculate_sigpending+0x7b/0xa0 [ 12.738401] ? __pfx_kthread+0x10/0x10 [ 12.738425] ret_from_fork+0x116/0x1d0 [ 12.738444] ? __pfx_kthread+0x10/0x10 [ 12.738652] ret_from_fork_asm+0x1a/0x30 [ 12.738682] </TASK> [ 12.738693] [ 12.752850] Allocated by task 193: [ 12.753032] kasan_save_stack+0x45/0x70 [ 12.753423] kasan_save_track+0x18/0x40 [ 12.753631] kasan_save_alloc_info+0x3b/0x50 [ 12.754099] __kasan_kmalloc+0xb7/0xc0 [ 12.754440] __kmalloc_cache_noprof+0x189/0x420 [ 12.754772] kmalloc_oob_memset_8+0xac/0x330 [ 12.755137] kunit_try_run_case+0x1a5/0x480 [ 12.755508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.755878] kthread+0x337/0x6f0 [ 12.756028] ret_from_fork+0x116/0x1d0 [ 12.756405] ret_from_fork_asm+0x1a/0x30 [ 12.756954] [ 12.757258] The buggy address belongs to the object at ffff8881025cc100 [ 12.757258] which belongs to the cache kmalloc-128 of size 128 [ 12.758506] The buggy address is located 113 bytes inside of [ 12.758506] allocated 120-byte region [ffff8881025cc100, ffff8881025cc178) [ 12.758896] [ 12.758973] The buggy address belongs to the physical page: [ 12.759189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 12.759508] flags: 0x200000000000000(node=0|zone=2) [ 12.759674] page_type: f5(slab) [ 12.760104] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.760597] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.760901] page dumped because: kasan: bad access detected [ 12.761163] [ 12.761308] Memory state around the buggy address: [ 12.761535] ffff8881025cc000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.761764] ffff8881025cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.762052] >ffff8881025cc100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.762366] ^ [ 12.762775] ffff8881025cc180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.763055] ffff8881025cc200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.763465] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 12.712944] ================================================================== [ 12.713953] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 12.714619] Write of size 4 at addr ffff888102af7975 by task kunit_try_catch/191 [ 12.714949] [ 12.715059] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.715103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.715115] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.715136] Call Trace: [ 12.715150] <TASK> [ 12.715166] dump_stack_lvl+0x73/0xb0 [ 12.715196] print_report+0xd1/0x610 [ 12.715218] ? __virt_addr_valid+0x1db/0x2d0 [ 12.715241] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.715262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.715284] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.715306] kasan_report+0x141/0x180 [ 12.715327] ? kmalloc_oob_memset_4+0x166/0x330 [ 12.715353] kasan_check_range+0x10c/0x1c0 [ 12.715376] __asan_memset+0x27/0x50 [ 12.715395] kmalloc_oob_memset_4+0x166/0x330 [ 12.715417] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 12.715439] ? __schedule+0x10c6/0x2b60 [ 12.715461] ? __pfx_read_tsc+0x10/0x10 [ 12.715482] ? ktime_get_ts64+0x86/0x230 [ 12.715506] kunit_try_run_case+0x1a5/0x480 [ 12.715530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.715552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.715575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.715598] ? __kthread_parkme+0x82/0x180 [ 12.715618] ? preempt_count_sub+0x50/0x80 [ 12.715641] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.715664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.715686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.715709] kthread+0x337/0x6f0 [ 12.715728] ? trace_preempt_on+0x20/0xc0 [ 12.715750] ? __pfx_kthread+0x10/0x10 [ 12.715770] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.715791] ? calculate_sigpending+0x7b/0xa0 [ 12.715825] ? __pfx_kthread+0x10/0x10 [ 12.715847] ret_from_fork+0x116/0x1d0 [ 12.715865] ? __pfx_kthread+0x10/0x10 [ 12.715885] ret_from_fork_asm+0x1a/0x30 [ 12.715916] </TASK> [ 12.715926] [ 12.723560] Allocated by task 191: [ 12.723751] kasan_save_stack+0x45/0x70 [ 12.723973] kasan_save_track+0x18/0x40 [ 12.724200] kasan_save_alloc_info+0x3b/0x50 [ 12.724352] __kasan_kmalloc+0xb7/0xc0 [ 12.724486] __kmalloc_cache_noprof+0x189/0x420 [ 12.724712] kmalloc_oob_memset_4+0xac/0x330 [ 12.724937] kunit_try_run_case+0x1a5/0x480 [ 12.725147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.725529] kthread+0x337/0x6f0 [ 12.725654] ret_from_fork+0x116/0x1d0 [ 12.725788] ret_from_fork_asm+0x1a/0x30 [ 12.725995] [ 12.726092] The buggy address belongs to the object at ffff888102af7900 [ 12.726092] which belongs to the cache kmalloc-128 of size 128 [ 12.726646] The buggy address is located 117 bytes inside of [ 12.726646] allocated 120-byte region [ffff888102af7900, ffff888102af7978) [ 12.727386] [ 12.727478] The buggy address belongs to the physical page: [ 12.727736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af7 [ 12.728000] flags: 0x200000000000000(node=0|zone=2) [ 12.728172] page_type: f5(slab) [ 12.728297] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.728533] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.729212] page dumped because: kasan: bad access detected [ 12.729518] [ 12.729616] Memory state around the buggy address: [ 12.729848] ffff888102af7800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.730069] ffff888102af7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.730674] >ffff888102af7900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.730978] ^ [ 12.731449] ffff888102af7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.731674] ffff888102af7a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.731958] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 12.692579] ================================================================== [ 12.693080] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 12.693539] Write of size 2 at addr ffff8881025cc077 by task kunit_try_catch/189 [ 12.693849] [ 12.693958] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.694003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.694014] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.694034] Call Trace: [ 12.694046] <TASK> [ 12.694060] dump_stack_lvl+0x73/0xb0 [ 12.694110] print_report+0xd1/0x610 [ 12.694131] ? __virt_addr_valid+0x1db/0x2d0 [ 12.694152] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.694172] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.694193] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.694215] kasan_report+0x141/0x180 [ 12.694236] ? kmalloc_oob_memset_2+0x166/0x330 [ 12.694261] kasan_check_range+0x10c/0x1c0 [ 12.694284] __asan_memset+0x27/0x50 [ 12.694303] kmalloc_oob_memset_2+0x166/0x330 [ 12.694324] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 12.694346] ? __schedule+0x10c6/0x2b60 [ 12.694368] ? __pfx_read_tsc+0x10/0x10 [ 12.694388] ? ktime_get_ts64+0x86/0x230 [ 12.694411] kunit_try_run_case+0x1a5/0x480 [ 12.694435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.694457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.694480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.694502] ? __kthread_parkme+0x82/0x180 [ 12.694522] ? preempt_count_sub+0x50/0x80 [ 12.694544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.694567] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.694589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.694611] kthread+0x337/0x6f0 [ 12.694630] ? trace_preempt_on+0x20/0xc0 [ 12.694652] ? __pfx_kthread+0x10/0x10 [ 12.694672] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.694692] ? calculate_sigpending+0x7b/0xa0 [ 12.694715] ? __pfx_kthread+0x10/0x10 [ 12.694735] ret_from_fork+0x116/0x1d0 [ 12.694753] ? __pfx_kthread+0x10/0x10 [ 12.694773] ret_from_fork_asm+0x1a/0x30 [ 12.694802] </TASK> [ 12.694821] [ 12.701915] Allocated by task 189: [ 12.702046] kasan_save_stack+0x45/0x70 [ 12.702188] kasan_save_track+0x18/0x40 [ 12.702326] kasan_save_alloc_info+0x3b/0x50 [ 12.702507] __kasan_kmalloc+0xb7/0xc0 [ 12.702694] __kmalloc_cache_noprof+0x189/0x420 [ 12.703128] kmalloc_oob_memset_2+0xac/0x330 [ 12.703529] kunit_try_run_case+0x1a5/0x480 [ 12.703736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.703965] kthread+0x337/0x6f0 [ 12.704086] ret_from_fork+0x116/0x1d0 [ 12.704361] ret_from_fork_asm+0x1a/0x30 [ 12.704560] [ 12.704657] The buggy address belongs to the object at ffff8881025cc000 [ 12.704657] which belongs to the cache kmalloc-128 of size 128 [ 12.705109] The buggy address is located 119 bytes inside of [ 12.705109] allocated 120-byte region [ffff8881025cc000, ffff8881025cc078) [ 12.705634] [ 12.705736] The buggy address belongs to the physical page: [ 12.705974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 12.706367] flags: 0x200000000000000(node=0|zone=2) [ 12.706584] page_type: f5(slab) [ 12.706703] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.707059] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.707585] page dumped because: kasan: bad access detected [ 12.707828] [ 12.707898] Memory state around the buggy address: [ 12.708143] ffff8881025cbf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.708542] ffff8881025cbf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.708787] >ffff8881025cc000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.709123] ^ [ 12.709374] ffff8881025cc080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.709583] ffff8881025cc100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.709789] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 12.668573] ================================================================== [ 12.669068] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 12.669542] Write of size 128 at addr ffff8881025bdf00 by task kunit_try_catch/187 [ 12.669872] [ 12.669985] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.670029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.670040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.670061] Call Trace: [ 12.670072] <TASK> [ 12.670086] dump_stack_lvl+0x73/0xb0 [ 12.670116] print_report+0xd1/0x610 [ 12.670157] ? __virt_addr_valid+0x1db/0x2d0 [ 12.670179] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.670200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.670221] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.670242] kasan_report+0x141/0x180 [ 12.670317] ? kmalloc_oob_in_memset+0x15f/0x320 [ 12.670365] kasan_check_range+0x10c/0x1c0 [ 12.670388] __asan_memset+0x27/0x50 [ 12.670407] kmalloc_oob_in_memset+0x15f/0x320 [ 12.670428] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 12.670451] ? __schedule+0x10c6/0x2b60 [ 12.670473] ? __pfx_read_tsc+0x10/0x10 [ 12.670492] ? ktime_get_ts64+0x86/0x230 [ 12.670516] kunit_try_run_case+0x1a5/0x480 [ 12.670539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.670561] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.670584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.670624] ? __kthread_parkme+0x82/0x180 [ 12.670645] ? preempt_count_sub+0x50/0x80 [ 12.670668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.670707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.670730] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.670752] kthread+0x337/0x6f0 [ 12.670772] ? trace_preempt_on+0x20/0xc0 [ 12.670794] ? __pfx_kthread+0x10/0x10 [ 12.670826] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.670847] ? calculate_sigpending+0x7b/0xa0 [ 12.670870] ? __pfx_kthread+0x10/0x10 [ 12.670891] ret_from_fork+0x116/0x1d0 [ 12.670908] ? __pfx_kthread+0x10/0x10 [ 12.670928] ret_from_fork_asm+0x1a/0x30 [ 12.670957] </TASK> [ 12.670967] [ 12.679082] Allocated by task 187: [ 12.679390] kasan_save_stack+0x45/0x70 [ 12.679595] kasan_save_track+0x18/0x40 [ 12.679782] kasan_save_alloc_info+0x3b/0x50 [ 12.679964] __kasan_kmalloc+0xb7/0xc0 [ 12.680105] __kmalloc_cache_noprof+0x189/0x420 [ 12.680655] kmalloc_oob_in_memset+0xac/0x320 [ 12.680881] kunit_try_run_case+0x1a5/0x480 [ 12.681026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.681565] kthread+0x337/0x6f0 [ 12.681764] ret_from_fork+0x116/0x1d0 [ 12.681966] ret_from_fork_asm+0x1a/0x30 [ 12.682176] [ 12.682270] The buggy address belongs to the object at ffff8881025bdf00 [ 12.682270] which belongs to the cache kmalloc-128 of size 128 [ 12.683008] The buggy address is located 0 bytes inside of [ 12.683008] allocated 120-byte region [ffff8881025bdf00, ffff8881025bdf78) [ 12.683533] [ 12.683628] The buggy address belongs to the physical page: [ 12.683896] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.684238] flags: 0x200000000000000(node=0|zone=2) [ 12.684410] page_type: f5(slab) [ 12.684528] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.685081] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.685613] page dumped because: kasan: bad access detected [ 12.685942] [ 12.686060] Memory state around the buggy address: [ 12.686693] ffff8881025bde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.686955] ffff8881025bde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.687996] >ffff8881025bdf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.688239] ^ [ 12.688658] ffff8881025bdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.689124] ffff8881025be000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.689607] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 12.641455] ================================================================== [ 12.641918] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 12.642248] Read of size 16 at addr ffff8881025ca040 by task kunit_try_catch/185 [ 12.642801] [ 12.642931] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.642974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.643007] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.643027] Call Trace: [ 12.643038] <TASK> [ 12.643052] dump_stack_lvl+0x73/0xb0 [ 12.643081] print_report+0xd1/0x610 [ 12.643103] ? __virt_addr_valid+0x1db/0x2d0 [ 12.643125] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.643145] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.643183] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.643203] kasan_report+0x141/0x180 [ 12.643224] ? kmalloc_uaf_16+0x47b/0x4c0 [ 12.643249] __asan_report_load16_noabort+0x18/0x20 [ 12.643272] kmalloc_uaf_16+0x47b/0x4c0 [ 12.643293] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 12.643313] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.643338] ? trace_hardirqs_on+0x37/0xe0 [ 12.643360] ? __pfx_read_tsc+0x10/0x10 [ 12.643381] ? ktime_get_ts64+0x86/0x230 [ 12.643404] kunit_try_run_case+0x1a5/0x480 [ 12.643428] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.643530] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.643555] ? __kthread_parkme+0x82/0x180 [ 12.643574] ? preempt_count_sub+0x50/0x80 [ 12.643597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.643620] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.643663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.643686] kthread+0x337/0x6f0 [ 12.643705] ? trace_preempt_on+0x20/0xc0 [ 12.643726] ? __pfx_kthread+0x10/0x10 [ 12.643746] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.643767] ? calculate_sigpending+0x7b/0xa0 [ 12.643790] ? __pfx_kthread+0x10/0x10 [ 12.643822] ret_from_fork+0x116/0x1d0 [ 12.643841] ? __pfx_kthread+0x10/0x10 [ 12.643861] ret_from_fork_asm+0x1a/0x30 [ 12.643890] </TASK> [ 12.643900] [ 12.651777] Allocated by task 185: [ 12.651973] kasan_save_stack+0x45/0x70 [ 12.652333] kasan_save_track+0x18/0x40 [ 12.652533] kasan_save_alloc_info+0x3b/0x50 [ 12.652786] __kasan_kmalloc+0xb7/0xc0 [ 12.652994] __kmalloc_cache_noprof+0x189/0x420 [ 12.653328] kmalloc_uaf_16+0x15b/0x4c0 [ 12.653537] kunit_try_run_case+0x1a5/0x480 [ 12.653731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.653987] kthread+0x337/0x6f0 [ 12.654394] ret_from_fork+0x116/0x1d0 [ 12.654599] ret_from_fork_asm+0x1a/0x30 [ 12.654795] [ 12.654908] Freed by task 185: [ 12.655067] kasan_save_stack+0x45/0x70 [ 12.655359] kasan_save_track+0x18/0x40 [ 12.655563] kasan_save_free_info+0x3f/0x60 [ 12.655799] __kasan_slab_free+0x56/0x70 [ 12.655994] kfree+0x222/0x3f0 [ 12.656203] kmalloc_uaf_16+0x1d6/0x4c0 [ 12.656451] kunit_try_run_case+0x1a5/0x480 [ 12.656641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.656881] kthread+0x337/0x6f0 [ 12.657064] ret_from_fork+0x116/0x1d0 [ 12.657317] ret_from_fork_asm+0x1a/0x30 [ 12.657480] [ 12.657572] The buggy address belongs to the object at ffff8881025ca040 [ 12.657572] which belongs to the cache kmalloc-16 of size 16 [ 12.657981] The buggy address is located 0 bytes inside of [ 12.657981] freed 16-byte region [ffff8881025ca040, ffff8881025ca050) [ 12.659011] [ 12.659238] The buggy address belongs to the physical page: [ 12.659541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 12.659920] flags: 0x200000000000000(node=0|zone=2) [ 12.660151] page_type: f5(slab) [ 12.660318] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.660870] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.661154] page dumped because: kasan: bad access detected [ 12.661324] [ 12.661394] Memory state around the buggy address: [ 12.661545] ffff8881025c9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.661888] ffff8881025c9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.662494] >ffff8881025ca000: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 12.662929] ^ [ 12.663117] ffff8881025ca080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.663611] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.663932] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 12.618136] ================================================================== [ 12.619069] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 12.619444] Write of size 16 at addr ffff888102539fe0 by task kunit_try_catch/183 [ 12.619725] [ 12.619825] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.619869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.619880] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.619901] Call Trace: [ 12.619913] <TASK> [ 12.619927] dump_stack_lvl+0x73/0xb0 [ 12.619956] print_report+0xd1/0x610 [ 12.619977] ? __virt_addr_valid+0x1db/0x2d0 [ 12.619999] ? kmalloc_oob_16+0x452/0x4a0 [ 12.620018] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.620040] ? kmalloc_oob_16+0x452/0x4a0 [ 12.620060] kasan_report+0x141/0x180 [ 12.620081] ? kmalloc_oob_16+0x452/0x4a0 [ 12.620106] __asan_report_store16_noabort+0x1b/0x30 [ 12.620130] kmalloc_oob_16+0x452/0x4a0 [ 12.620151] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 12.620172] ? __schedule+0x10c6/0x2b60 [ 12.620250] ? __pfx_read_tsc+0x10/0x10 [ 12.620272] ? ktime_get_ts64+0x86/0x230 [ 12.620296] kunit_try_run_case+0x1a5/0x480 [ 12.620320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.620342] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.620365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.620387] ? __kthread_parkme+0x82/0x180 [ 12.620407] ? preempt_count_sub+0x50/0x80 [ 12.620430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.620454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.620477] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.620499] kthread+0x337/0x6f0 [ 12.620518] ? trace_preempt_on+0x20/0xc0 [ 12.620540] ? __pfx_kthread+0x10/0x10 [ 12.620560] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.620580] ? calculate_sigpending+0x7b/0xa0 [ 12.620604] ? __pfx_kthread+0x10/0x10 [ 12.620624] ret_from_fork+0x116/0x1d0 [ 12.620642] ? __pfx_kthread+0x10/0x10 [ 12.620662] ret_from_fork_asm+0x1a/0x30 [ 12.620692] </TASK> [ 12.620701] [ 12.628798] Allocated by task 183: [ 12.628953] kasan_save_stack+0x45/0x70 [ 12.629128] kasan_save_track+0x18/0x40 [ 12.629323] kasan_save_alloc_info+0x3b/0x50 [ 12.629756] __kasan_kmalloc+0xb7/0xc0 [ 12.629984] __kmalloc_cache_noprof+0x189/0x420 [ 12.630241] kmalloc_oob_16+0xa8/0x4a0 [ 12.630498] kunit_try_run_case+0x1a5/0x480 [ 12.630698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.631059] kthread+0x337/0x6f0 [ 12.631233] ret_from_fork+0x116/0x1d0 [ 12.631420] ret_from_fork_asm+0x1a/0x30 [ 12.631624] [ 12.631721] The buggy address belongs to the object at ffff888102539fe0 [ 12.631721] which belongs to the cache kmalloc-16 of size 16 [ 12.632183] The buggy address is located 0 bytes inside of [ 12.632183] allocated 13-byte region [ffff888102539fe0, ffff888102539fed) [ 12.632922] [ 12.633055] The buggy address belongs to the physical page: [ 12.633332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 12.633793] flags: 0x200000000000000(node=0|zone=2) [ 12.634023] page_type: f5(slab) [ 12.634149] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.634614] raw: 0000000000000000 0000000000800080 00000000f5000000 0000000000000000 [ 12.634850] page dumped because: kasan: bad access detected [ 12.635493] [ 12.635604] Memory state around the buggy address: [ 12.635842] ffff888102539e80: fa fb fc fc 00 05 fc fc 00 05 fc fc 00 00 fc fc [ 12.636183] ffff888102539f00: 00 06 fc fc 00 06 fc fc 00 00 fc fc fa fb fc fc [ 12.636587] >ffff888102539f80: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 12.636893] ^ [ 12.637097] ffff88810253a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.637433] ffff88810253a080: fb fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb [ 12.637780] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 12.568257] ================================================================== [ 12.568903] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 12.569374] Read of size 1 at addr ffff888100355c00 by task kunit_try_catch/181 [ 12.569665] [ 12.569775] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.569831] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.569843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.569864] Call Trace: [ 12.569877] <TASK> [ 12.569891] dump_stack_lvl+0x73/0xb0 [ 12.569921] print_report+0xd1/0x610 [ 12.569943] ? __virt_addr_valid+0x1db/0x2d0 [ 12.569966] ? krealloc_uaf+0x1b8/0x5e0 [ 12.569986] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.570008] ? krealloc_uaf+0x1b8/0x5e0 [ 12.570029] kasan_report+0x141/0x180 [ 12.570050] ? krealloc_uaf+0x1b8/0x5e0 [ 12.570074] ? krealloc_uaf+0x1b8/0x5e0 [ 12.570095] __kasan_check_byte+0x3d/0x50 [ 12.570116] krealloc_noprof+0x3f/0x340 [ 12.570139] krealloc_uaf+0x1b8/0x5e0 [ 12.570160] ? __pfx_krealloc_uaf+0x10/0x10 [ 12.570180] ? finish_task_switch.isra.0+0x153/0x700 [ 12.570202] ? __switch_to+0x47/0xf50 [ 12.570228] ? __schedule+0x10c6/0x2b60 [ 12.570250] ? __pfx_read_tsc+0x10/0x10 [ 12.570270] ? ktime_get_ts64+0x86/0x230 [ 12.570295] kunit_try_run_case+0x1a5/0x480 [ 12.570332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.570354] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.570377] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.570400] ? __kthread_parkme+0x82/0x180 [ 12.570419] ? preempt_count_sub+0x50/0x80 [ 12.570441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.570464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.570486] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.570509] kthread+0x337/0x6f0 [ 12.570527] ? trace_preempt_on+0x20/0xc0 [ 12.570550] ? __pfx_kthread+0x10/0x10 [ 12.570570] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.570591] ? calculate_sigpending+0x7b/0xa0 [ 12.570614] ? __pfx_kthread+0x10/0x10 [ 12.570634] ret_from_fork+0x116/0x1d0 [ 12.570653] ? __pfx_kthread+0x10/0x10 [ 12.570673] ret_from_fork_asm+0x1a/0x30 [ 12.570703] </TASK> [ 12.570713] [ 12.577912] Allocated by task 181: [ 12.578072] kasan_save_stack+0x45/0x70 [ 12.578288] kasan_save_track+0x18/0x40 [ 12.578460] kasan_save_alloc_info+0x3b/0x50 [ 12.578671] __kasan_kmalloc+0xb7/0xc0 [ 12.578840] __kmalloc_cache_noprof+0x189/0x420 [ 12.579070] krealloc_uaf+0xbb/0x5e0 [ 12.579241] kunit_try_run_case+0x1a5/0x480 [ 12.579391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.579569] kthread+0x337/0x6f0 [ 12.579739] ret_from_fork+0x116/0x1d0 [ 12.579941] ret_from_fork_asm+0x1a/0x30 [ 12.580192] [ 12.580311] Freed by task 181: [ 12.580484] kasan_save_stack+0x45/0x70 [ 12.580687] kasan_save_track+0x18/0x40 [ 12.580898] kasan_save_free_info+0x3f/0x60 [ 12.581061] __kasan_slab_free+0x56/0x70 [ 12.581270] kfree+0x222/0x3f0 [ 12.581417] krealloc_uaf+0x13d/0x5e0 [ 12.581584] kunit_try_run_case+0x1a5/0x480 [ 12.581773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.582007] kthread+0x337/0x6f0 [ 12.582195] ret_from_fork+0x116/0x1d0 [ 12.582351] ret_from_fork_asm+0x1a/0x30 [ 12.582531] [ 12.582631] The buggy address belongs to the object at ffff888100355c00 [ 12.582631] which belongs to the cache kmalloc-256 of size 256 [ 12.583217] The buggy address is located 0 bytes inside of [ 12.583217] freed 256-byte region [ffff888100355c00, ffff888100355d00) [ 12.583654] [ 12.583753] The buggy address belongs to the physical page: [ 12.584003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354 [ 12.584316] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.584626] flags: 0x200000000000040(head|node=0|zone=2) [ 12.584837] page_type: f5(slab) [ 12.585018] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.585364] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.585665] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.585983] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.586278] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff [ 12.586515] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.586746] page dumped because: kasan: bad access detected [ 12.586991] [ 12.587092] Memory state around the buggy address: [ 12.587326] ffff888100355b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.587655] ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.587885] >ffff888100355c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.588102] ^ [ 12.588220] ffff888100355c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.588856] ffff888100355d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.589283] ================================================================== [ 12.590078] ================================================================== [ 12.590379] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 12.591182] Read of size 1 at addr ffff888100355c00 by task kunit_try_catch/181 [ 12.591426] [ 12.591513] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.591556] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.591568] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.591588] Call Trace: [ 12.591599] <TASK> [ 12.591612] dump_stack_lvl+0x73/0xb0 [ 12.591641] print_report+0xd1/0x610 [ 12.591662] ? __virt_addr_valid+0x1db/0x2d0 [ 12.591683] ? krealloc_uaf+0x53c/0x5e0 [ 12.591703] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.591724] ? krealloc_uaf+0x53c/0x5e0 [ 12.591745] kasan_report+0x141/0x180 [ 12.591766] ? krealloc_uaf+0x53c/0x5e0 [ 12.591791] __asan_report_load1_noabort+0x18/0x20 [ 12.591830] krealloc_uaf+0x53c/0x5e0 [ 12.591851] ? __pfx_krealloc_uaf+0x10/0x10 [ 12.591871] ? finish_task_switch.isra.0+0x153/0x700 [ 12.591893] ? __switch_to+0x47/0xf50 [ 12.591917] ? __schedule+0x10c6/0x2b60 [ 12.591938] ? __pfx_read_tsc+0x10/0x10 [ 12.591958] ? ktime_get_ts64+0x86/0x230 [ 12.591980] kunit_try_run_case+0x1a5/0x480 [ 12.592003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.592025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.592057] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.592080] ? __kthread_parkme+0x82/0x180 [ 12.592099] ? preempt_count_sub+0x50/0x80 [ 12.592121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.592144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.592166] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.592189] kthread+0x337/0x6f0 [ 12.592208] ? trace_preempt_on+0x20/0xc0 [ 12.592230] ? __pfx_kthread+0x10/0x10 [ 12.592250] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.592271] ? calculate_sigpending+0x7b/0xa0 [ 12.592293] ? __pfx_kthread+0x10/0x10 [ 12.592314] ret_from_fork+0x116/0x1d0 [ 12.592331] ? __pfx_kthread+0x10/0x10 [ 12.592351] ret_from_fork_asm+0x1a/0x30 [ 12.592380] </TASK> [ 12.592391] [ 12.604255] Allocated by task 181: [ 12.604438] kasan_save_stack+0x45/0x70 [ 12.604632] kasan_save_track+0x18/0x40 [ 12.604808] kasan_save_alloc_info+0x3b/0x50 [ 12.604974] __kasan_kmalloc+0xb7/0xc0 [ 12.605168] __kmalloc_cache_noprof+0x189/0x420 [ 12.605364] krealloc_uaf+0xbb/0x5e0 [ 12.605568] kunit_try_run_case+0x1a5/0x480 [ 12.605758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.605954] kthread+0x337/0x6f0 [ 12.606097] ret_from_fork+0x116/0x1d0 [ 12.606285] ret_from_fork_asm+0x1a/0x30 [ 12.606497] [ 12.606594] Freed by task 181: [ 12.606742] kasan_save_stack+0x45/0x70 [ 12.606892] kasan_save_track+0x18/0x40 [ 12.607073] kasan_save_free_info+0x3f/0x60 [ 12.607298] __kasan_slab_free+0x56/0x70 [ 12.607499] kfree+0x222/0x3f0 [ 12.607636] krealloc_uaf+0x13d/0x5e0 [ 12.607827] kunit_try_run_case+0x1a5/0x480 [ 12.608017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.608282] kthread+0x337/0x6f0 [ 12.608415] ret_from_fork+0x116/0x1d0 [ 12.608551] ret_from_fork_asm+0x1a/0x30 [ 12.608692] [ 12.608765] The buggy address belongs to the object at ffff888100355c00 [ 12.608765] which belongs to the cache kmalloc-256 of size 256 [ 12.609399] The buggy address is located 0 bytes inside of [ 12.609399] freed 256-byte region [ffff888100355c00, ffff888100355d00) [ 12.609837] [ 12.609910] The buggy address belongs to the physical page: [ 12.610242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354 [ 12.610607] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.610929] flags: 0x200000000000040(head|node=0|zone=2) [ 12.611175] page_type: f5(slab) [ 12.611311] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.611616] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.611958] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.612265] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.612603] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff [ 12.612918] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.613255] page dumped because: kasan: bad access detected [ 12.613504] [ 12.613598] Memory state around the buggy address: [ 12.613765] ffff888100355b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.614030] ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.614341] >ffff888100355c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.614556] ^ [ 12.614730] ffff888100355c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.615060] ffff888100355d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.615382] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 12.345442] ================================================================== [ 12.345778] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.346076] Write of size 1 at addr ffff888100a1c8d0 by task kunit_try_catch/175 [ 12.346664] [ 12.346774] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.346829] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.346841] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.346860] Call Trace: [ 12.346871] <TASK> [ 12.346884] dump_stack_lvl+0x73/0xb0 [ 12.346912] print_report+0xd1/0x610 [ 12.346933] ? __virt_addr_valid+0x1db/0x2d0 [ 12.346954] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.346977] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.346998] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.347021] kasan_report+0x141/0x180 [ 12.347042] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.347070] __asan_report_store1_noabort+0x1b/0x30 [ 12.347093] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.347118] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.347141] ? finish_task_switch.isra.0+0x153/0x700 [ 12.347161] ? __switch_to+0x47/0xf50 [ 12.347185] ? __schedule+0x10c6/0x2b60 [ 12.347207] ? __pfx_read_tsc+0x10/0x10 [ 12.347230] krealloc_less_oob+0x1c/0x30 [ 12.347250] kunit_try_run_case+0x1a5/0x480 [ 12.347275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.347297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.347320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.347342] ? __kthread_parkme+0x82/0x180 [ 12.347361] ? preempt_count_sub+0x50/0x80 [ 12.347383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.347459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.347482] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.347505] kthread+0x337/0x6f0 [ 12.347525] ? trace_preempt_on+0x20/0xc0 [ 12.347546] ? __pfx_kthread+0x10/0x10 [ 12.347566] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.347587] ? calculate_sigpending+0x7b/0xa0 [ 12.347610] ? __pfx_kthread+0x10/0x10 [ 12.347630] ret_from_fork+0x116/0x1d0 [ 12.347648] ? __pfx_kthread+0x10/0x10 [ 12.347668] ret_from_fork_asm+0x1a/0x30 [ 12.347697] </TASK> [ 12.347706] [ 12.355467] Allocated by task 175: [ 12.355643] kasan_save_stack+0x45/0x70 [ 12.355861] kasan_save_track+0x18/0x40 [ 12.356017] kasan_save_alloc_info+0x3b/0x50 [ 12.356297] __kasan_krealloc+0x190/0x1f0 [ 12.356469] krealloc_noprof+0xf3/0x340 [ 12.356605] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.356769] krealloc_less_oob+0x1c/0x30 [ 12.356923] kunit_try_run_case+0x1a5/0x480 [ 12.357074] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.357251] kthread+0x337/0x6f0 [ 12.357372] ret_from_fork+0x116/0x1d0 [ 12.357505] ret_from_fork_asm+0x1a/0x30 [ 12.357645] [ 12.357744] The buggy address belongs to the object at ffff888100a1c800 [ 12.357744] which belongs to the cache kmalloc-256 of size 256 [ 12.358747] The buggy address is located 7 bytes to the right of [ 12.358747] allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9) [ 12.359578] [ 12.359656] The buggy address belongs to the physical page: [ 12.359843] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 12.360087] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.360321] flags: 0x200000000000040(head|node=0|zone=2) [ 12.360577] page_type: f5(slab) [ 12.360746] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.361157] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.363113] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.363734] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.364103] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 12.364563] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.364946] page dumped because: kasan: bad access detected [ 12.365549] [ 12.365792] Memory state around the buggy address: [ 12.366183] ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.366541] ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.366864] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.367389] ^ [ 12.367875] ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.368615] ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.369164] ================================================================== [ 12.546458] ================================================================== [ 12.546771] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.547138] Write of size 1 at addr ffff8881029520eb by task kunit_try_catch/179 [ 12.547565] [ 12.547669] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.547710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.547721] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.547741] Call Trace: [ 12.547755] <TASK> [ 12.547769] dump_stack_lvl+0x73/0xb0 [ 12.547796] print_report+0xd1/0x610 [ 12.547830] ? __virt_addr_valid+0x1db/0x2d0 [ 12.547852] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.547875] ? kasan_addr_to_slab+0x11/0xa0 [ 12.547894] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.547917] kasan_report+0x141/0x180 [ 12.547939] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.547967] __asan_report_store1_noabort+0x1b/0x30 [ 12.547990] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.548015] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.548040] ? finish_task_switch.isra.0+0x153/0x700 [ 12.548062] ? __switch_to+0x47/0xf50 [ 12.548086] ? __schedule+0x10c6/0x2b60 [ 12.548143] ? __pfx_read_tsc+0x10/0x10 [ 12.548167] krealloc_large_less_oob+0x1c/0x30 [ 12.548190] kunit_try_run_case+0x1a5/0x480 [ 12.548215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.548237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.548259] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.548283] ? __kthread_parkme+0x82/0x180 [ 12.548303] ? preempt_count_sub+0x50/0x80 [ 12.548325] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.548349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.548371] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.548394] kthread+0x337/0x6f0 [ 12.548414] ? trace_preempt_on+0x20/0xc0 [ 12.548435] ? __pfx_kthread+0x10/0x10 [ 12.548455] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.548475] ? calculate_sigpending+0x7b/0xa0 [ 12.548499] ? __pfx_kthread+0x10/0x10 [ 12.548520] ret_from_fork+0x116/0x1d0 [ 12.548537] ? __pfx_kthread+0x10/0x10 [ 12.548558] ret_from_fork_asm+0x1a/0x30 [ 12.548588] </TASK> [ 12.548597] [ 12.556321] The buggy address belongs to the physical page: [ 12.556523] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.556878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.557264] flags: 0x200000000000040(head|node=0|zone=2) [ 12.557484] page_type: f8(unknown) [ 12.557634] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.557906] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.558130] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.558432] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.558868] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.559420] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.559667] page dumped because: kasan: bad access detected [ 12.559936] [ 12.560025] Memory state around the buggy address: [ 12.560318] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.560600] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.560894] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.561206] ^ [ 12.561402] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.561613] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.562415] ================================================================== [ 12.493683] ================================================================== [ 12.493997] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 12.494496] Write of size 1 at addr ffff8881029520d0 by task kunit_try_catch/179 [ 12.494797] [ 12.494916] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.494957] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.494968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.494988] Call Trace: [ 12.495000] <TASK> [ 12.495014] dump_stack_lvl+0x73/0xb0 [ 12.495041] print_report+0xd1/0x610 [ 12.495062] ? __virt_addr_valid+0x1db/0x2d0 [ 12.495083] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.495115] ? kasan_addr_to_slab+0x11/0xa0 [ 12.495134] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.495158] kasan_report+0x141/0x180 [ 12.495179] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 12.495206] __asan_report_store1_noabort+0x1b/0x30 [ 12.495229] krealloc_less_oob_helper+0xe23/0x11d0 [ 12.495254] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.495278] ? finish_task_switch.isra.0+0x153/0x700 [ 12.495299] ? __switch_to+0x47/0xf50 [ 12.495324] ? __schedule+0x10c6/0x2b60 [ 12.495345] ? __pfx_read_tsc+0x10/0x10 [ 12.495368] krealloc_large_less_oob+0x1c/0x30 [ 12.495390] kunit_try_run_case+0x1a5/0x480 [ 12.495413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495435] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.495457] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.495479] ? __kthread_parkme+0x82/0x180 [ 12.495499] ? preempt_count_sub+0x50/0x80 [ 12.495521] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.495544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.495566] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.495589] kthread+0x337/0x6f0 [ 12.495608] ? trace_preempt_on+0x20/0xc0 [ 12.495629] ? __pfx_kthread+0x10/0x10 [ 12.495649] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.495670] ? calculate_sigpending+0x7b/0xa0 [ 12.495692] ? __pfx_kthread+0x10/0x10 [ 12.495713] ret_from_fork+0x116/0x1d0 [ 12.495730] ? __pfx_kthread+0x10/0x10 [ 12.495750] ret_from_fork_asm+0x1a/0x30 [ 12.495779] </TASK> [ 12.495788] [ 12.504670] The buggy address belongs to the physical page: [ 12.504959] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.505426] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.505705] flags: 0x200000000000040(head|node=0|zone=2) [ 12.505934] page_type: f8(unknown) [ 12.506114] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.506524] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.507111] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.507492] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.507799] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.508127] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.508480] page dumped because: kasan: bad access detected [ 12.508656] [ 12.508755] Memory state around the buggy address: [ 12.508997] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.509462] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.509683] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.510015] ^ [ 12.510468] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.510806] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.511309] ================================================================== [ 12.528405] ================================================================== [ 12.528731] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.529118] Write of size 1 at addr ffff8881029520ea by task kunit_try_catch/179 [ 12.529517] [ 12.529610] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.529651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.529662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.529681] Call Trace: [ 12.529695] <TASK> [ 12.529708] dump_stack_lvl+0x73/0xb0 [ 12.529734] print_report+0xd1/0x610 [ 12.529754] ? __virt_addr_valid+0x1db/0x2d0 [ 12.529774] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.529797] ? kasan_addr_to_slab+0x11/0xa0 [ 12.529829] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.529853] kasan_report+0x141/0x180 [ 12.529874] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.529901] __asan_report_store1_noabort+0x1b/0x30 [ 12.529924] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.529949] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.529972] ? finish_task_switch.isra.0+0x153/0x700 [ 12.529993] ? __switch_to+0x47/0xf50 [ 12.530016] ? __schedule+0x10c6/0x2b60 [ 12.530038] ? __pfx_read_tsc+0x10/0x10 [ 12.530060] krealloc_large_less_oob+0x1c/0x30 [ 12.530082] kunit_try_run_case+0x1a5/0x480 [ 12.530115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.530137] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.530159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.530181] ? __kthread_parkme+0x82/0x180 [ 12.530200] ? preempt_count_sub+0x50/0x80 [ 12.530222] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.530245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.530267] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.530290] kthread+0x337/0x6f0 [ 12.530309] ? trace_preempt_on+0x20/0xc0 [ 12.530330] ? __pfx_kthread+0x10/0x10 [ 12.530350] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.530370] ? calculate_sigpending+0x7b/0xa0 [ 12.530393] ? __pfx_kthread+0x10/0x10 [ 12.530413] ret_from_fork+0x116/0x1d0 [ 12.530431] ? __pfx_kthread+0x10/0x10 [ 12.530450] ret_from_fork_asm+0x1a/0x30 [ 12.530479] </TASK> [ 12.530489] [ 12.538534] The buggy address belongs to the physical page: [ 12.538902] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.539561] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.539851] flags: 0x200000000000040(head|node=0|zone=2) [ 12.540109] page_type: f8(unknown) [ 12.540559] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.540933] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.541592] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.541928] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.542278] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.542618] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.542978] page dumped because: kasan: bad access detected [ 12.543209] [ 12.543279] Memory state around the buggy address: [ 12.543431] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.543641] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.544164] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.544824] ^ [ 12.545336] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.545575] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.545859] ================================================================== [ 12.369855] ================================================================== [ 12.370099] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.370498] Write of size 1 at addr ffff888100a1c8da by task kunit_try_catch/175 [ 12.370914] [ 12.371011] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.371054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.371065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.371085] Call Trace: [ 12.371102] <TASK> [ 12.371117] dump_stack_lvl+0x73/0xb0 [ 12.371143] print_report+0xd1/0x610 [ 12.371164] ? __virt_addr_valid+0x1db/0x2d0 [ 12.371185] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.371207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.371239] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.371263] kasan_report+0x141/0x180 [ 12.371285] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.371312] __asan_report_store1_noabort+0x1b/0x30 [ 12.371336] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.371361] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.371384] ? finish_task_switch.isra.0+0x153/0x700 [ 12.371405] ? __switch_to+0x47/0xf50 [ 12.371429] ? __schedule+0x10c6/0x2b60 [ 12.371451] ? __pfx_read_tsc+0x10/0x10 [ 12.371474] krealloc_less_oob+0x1c/0x30 [ 12.371495] kunit_try_run_case+0x1a5/0x480 [ 12.371520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.371541] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.371564] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.371586] ? __kthread_parkme+0x82/0x180 [ 12.371605] ? preempt_count_sub+0x50/0x80 [ 12.371627] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.371650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.371672] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.371695] kthread+0x337/0x6f0 [ 12.371713] ? trace_preempt_on+0x20/0xc0 [ 12.371735] ? __pfx_kthread+0x10/0x10 [ 12.371754] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.371775] ? calculate_sigpending+0x7b/0xa0 [ 12.371797] ? __pfx_kthread+0x10/0x10 [ 12.371828] ret_from_fork+0x116/0x1d0 [ 12.371845] ? __pfx_kthread+0x10/0x10 [ 12.371865] ret_from_fork_asm+0x1a/0x30 [ 12.371894] </TASK> [ 12.371903] [ 12.380264] Allocated by task 175: [ 12.380530] kasan_save_stack+0x45/0x70 [ 12.380725] kasan_save_track+0x18/0x40 [ 12.380932] kasan_save_alloc_info+0x3b/0x50 [ 12.381115] __kasan_krealloc+0x190/0x1f0 [ 12.381254] krealloc_noprof+0xf3/0x340 [ 12.381584] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.381794] krealloc_less_oob+0x1c/0x30 [ 12.381944] kunit_try_run_case+0x1a5/0x480 [ 12.382435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.382734] kthread+0x337/0x6f0 [ 12.382921] ret_from_fork+0x116/0x1d0 [ 12.383084] ret_from_fork_asm+0x1a/0x30 [ 12.383225] [ 12.383300] The buggy address belongs to the object at ffff888100a1c800 [ 12.383300] which belongs to the cache kmalloc-256 of size 256 [ 12.383788] The buggy address is located 17 bytes to the right of [ 12.383788] allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9) [ 12.384617] [ 12.384690] The buggy address belongs to the physical page: [ 12.384876] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 12.385537] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.385853] flags: 0x200000000000040(head|node=0|zone=2) [ 12.386036] page_type: f5(slab) [ 12.386194] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.386695] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.387043] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.387311] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.387805] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 12.388069] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.388491] page dumped because: kasan: bad access detected [ 12.388938] [ 12.389018] Memory state around the buggy address: [ 12.389195] ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.389540] ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.389926] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.390227] ^ [ 12.390502] ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.390949] ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.391287] ================================================================== [ 12.413176] ================================================================== [ 12.413526] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 12.413864] Write of size 1 at addr ffff888100a1c8eb by task kunit_try_catch/175 [ 12.414227] [ 12.414339] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.414380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.414391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.414411] Call Trace: [ 12.414424] <TASK> [ 12.414437] dump_stack_lvl+0x73/0xb0 [ 12.414463] print_report+0xd1/0x610 [ 12.414484] ? __virt_addr_valid+0x1db/0x2d0 [ 12.414504] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.414527] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.414548] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.414571] kasan_report+0x141/0x180 [ 12.414592] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 12.414620] __asan_report_store1_noabort+0x1b/0x30 [ 12.414643] krealloc_less_oob_helper+0xd47/0x11d0 [ 12.414668] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.414691] ? finish_task_switch.isra.0+0x153/0x700 [ 12.414713] ? __switch_to+0x47/0xf50 [ 12.414737] ? __schedule+0x10c6/0x2b60 [ 12.414758] ? __pfx_read_tsc+0x10/0x10 [ 12.414781] krealloc_less_oob+0x1c/0x30 [ 12.414802] kunit_try_run_case+0x1a5/0x480 [ 12.414837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.414859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.414882] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.414904] ? __kthread_parkme+0x82/0x180 [ 12.414923] ? preempt_count_sub+0x50/0x80 [ 12.414945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.414968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.414990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.415012] kthread+0x337/0x6f0 [ 12.415031] ? trace_preempt_on+0x20/0xc0 [ 12.415053] ? __pfx_kthread+0x10/0x10 [ 12.415073] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.415093] ? calculate_sigpending+0x7b/0xa0 [ 12.415116] ? __pfx_kthread+0x10/0x10 [ 12.415136] ret_from_fork+0x116/0x1d0 [ 12.415154] ? __pfx_kthread+0x10/0x10 [ 12.415173] ret_from_fork_asm+0x1a/0x30 [ 12.415236] </TASK> [ 12.415248] [ 12.422744] Allocated by task 175: [ 12.422892] kasan_save_stack+0x45/0x70 [ 12.423037] kasan_save_track+0x18/0x40 [ 12.423175] kasan_save_alloc_info+0x3b/0x50 [ 12.423325] __kasan_krealloc+0x190/0x1f0 [ 12.423512] krealloc_noprof+0xf3/0x340 [ 12.423703] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.424053] krealloc_less_oob+0x1c/0x30 [ 12.424594] kunit_try_run_case+0x1a5/0x480 [ 12.424825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.425103] kthread+0x337/0x6f0 [ 12.425343] ret_from_fork+0x116/0x1d0 [ 12.425535] ret_from_fork_asm+0x1a/0x30 [ 12.425730] [ 12.425837] The buggy address belongs to the object at ffff888100a1c800 [ 12.425837] which belongs to the cache kmalloc-256 of size 256 [ 12.426472] The buggy address is located 34 bytes to the right of [ 12.426472] allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9) [ 12.427014] [ 12.427134] The buggy address belongs to the physical page: [ 12.427460] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 12.427835] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.428183] flags: 0x200000000000040(head|node=0|zone=2) [ 12.428428] page_type: f5(slab) [ 12.428588] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.428934] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.429268] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.429602] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.430005] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 12.430569] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.430880] page dumped because: kasan: bad access detected [ 12.431167] [ 12.431329] Memory state around the buggy address: [ 12.431555] ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.431889] ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.432292] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.432607] ^ [ 12.432911] ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.433313] ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.433564] ================================================================== [ 12.323138] ================================================================== [ 12.324414] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.324719] Write of size 1 at addr ffff888100a1c8c9 by task kunit_try_catch/175 [ 12.325000] [ 12.325110] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.325151] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.325163] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.325183] Call Trace: [ 12.325195] <TASK> [ 12.325209] dump_stack_lvl+0x73/0xb0 [ 12.325237] print_report+0xd1/0x610 [ 12.325258] ? __virt_addr_valid+0x1db/0x2d0 [ 12.325279] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.325303] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.325324] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.325347] kasan_report+0x141/0x180 [ 12.325368] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.325396] __asan_report_store1_noabort+0x1b/0x30 [ 12.325419] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.325444] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.325467] ? finish_task_switch.isra.0+0x153/0x700 [ 12.325489] ? __switch_to+0x47/0xf50 [ 12.325515] ? __schedule+0x10c6/0x2b60 [ 12.325536] ? __pfx_read_tsc+0x10/0x10 [ 12.325559] krealloc_less_oob+0x1c/0x30 [ 12.325580] kunit_try_run_case+0x1a5/0x480 [ 12.325604] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.325626] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.325649] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.325671] ? __kthread_parkme+0x82/0x180 [ 12.325691] ? preempt_count_sub+0x50/0x80 [ 12.325713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.325736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.325758] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.325781] kthread+0x337/0x6f0 [ 12.325801] ? trace_preempt_on+0x20/0xc0 [ 12.325834] ? __pfx_kthread+0x10/0x10 [ 12.325854] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.325875] ? calculate_sigpending+0x7b/0xa0 [ 12.325898] ? __pfx_kthread+0x10/0x10 [ 12.325918] ret_from_fork+0x116/0x1d0 [ 12.325936] ? __pfx_kthread+0x10/0x10 [ 12.325956] ret_from_fork_asm+0x1a/0x30 [ 12.325985] </TASK> [ 12.325995] [ 12.333860] Allocated by task 175: [ 12.334040] kasan_save_stack+0x45/0x70 [ 12.334508] kasan_save_track+0x18/0x40 [ 12.334724] kasan_save_alloc_info+0x3b/0x50 [ 12.334909] __kasan_krealloc+0x190/0x1f0 [ 12.335054] krealloc_noprof+0xf3/0x340 [ 12.335507] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.335767] krealloc_less_oob+0x1c/0x30 [ 12.335960] kunit_try_run_case+0x1a5/0x480 [ 12.336193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.336428] kthread+0x337/0x6f0 [ 12.336567] ret_from_fork+0x116/0x1d0 [ 12.336755] ret_from_fork_asm+0x1a/0x30 [ 12.336926] [ 12.337002] The buggy address belongs to the object at ffff888100a1c800 [ 12.337002] which belongs to the cache kmalloc-256 of size 256 [ 12.337752] The buggy address is located 0 bytes to the right of [ 12.337752] allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9) [ 12.338135] [ 12.338212] The buggy address belongs to the physical page: [ 12.338392] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 12.338719] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.339064] flags: 0x200000000000040(head|node=0|zone=2) [ 12.339679] page_type: f5(slab) [ 12.339863] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.340340] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.340668] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.340918] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.341489] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 12.341874] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.342367] page dumped because: kasan: bad access detected [ 12.342589] [ 12.342685] Memory state around the buggy address: [ 12.342873] ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.343254] ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.343548] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.343784] ^ [ 12.343973] ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.344598] ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.344937] ================================================================== [ 12.476702] ================================================================== [ 12.477306] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 12.477615] Write of size 1 at addr ffff8881029520c9 by task kunit_try_catch/179 [ 12.477906] [ 12.478018] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.478061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.478072] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.478093] Call Trace: [ 12.478106] <TASK> [ 12.478120] dump_stack_lvl+0x73/0xb0 [ 12.478150] print_report+0xd1/0x610 [ 12.478172] ? __virt_addr_valid+0x1db/0x2d0 [ 12.478195] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.478230] ? kasan_addr_to_slab+0x11/0xa0 [ 12.478250] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.478273] kasan_report+0x141/0x180 [ 12.478294] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 12.478322] __asan_report_store1_noabort+0x1b/0x30 [ 12.478345] krealloc_less_oob_helper+0xd70/0x11d0 [ 12.478370] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.478394] ? finish_task_switch.isra.0+0x153/0x700 [ 12.478416] ? __switch_to+0x47/0xf50 [ 12.478441] ? __schedule+0x10c6/0x2b60 [ 12.478463] ? __pfx_read_tsc+0x10/0x10 [ 12.478488] krealloc_large_less_oob+0x1c/0x30 [ 12.478510] kunit_try_run_case+0x1a5/0x480 [ 12.478535] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.478557] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.478580] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.478603] ? __kthread_parkme+0x82/0x180 [ 12.478622] ? preempt_count_sub+0x50/0x80 [ 12.478644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.478668] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.478691] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.478713] kthread+0x337/0x6f0 [ 12.478732] ? trace_preempt_on+0x20/0xc0 [ 12.478755] ? __pfx_kthread+0x10/0x10 [ 12.478775] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.478796] ? calculate_sigpending+0x7b/0xa0 [ 12.478831] ? __pfx_kthread+0x10/0x10 [ 12.478852] ret_from_fork+0x116/0x1d0 [ 12.478871] ? __pfx_kthread+0x10/0x10 [ 12.478890] ret_from_fork_asm+0x1a/0x30 [ 12.478920] </TASK> [ 12.478931] [ 12.486905] The buggy address belongs to the physical page: [ 12.487125] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.487474] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.487702] flags: 0x200000000000040(head|node=0|zone=2) [ 12.488142] page_type: f8(unknown) [ 12.488430] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.488739] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.488993] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.489312] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.489656] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.490254] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.490502] page dumped because: kasan: bad access detected [ 12.490698] [ 12.490792] Memory state around the buggy address: [ 12.491034] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.491668] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.491946] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.492164] ^ [ 12.492422] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.492868] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.493117] ================================================================== [ 12.511655] ================================================================== [ 12.511895] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 12.512451] Write of size 1 at addr ffff8881029520da by task kunit_try_catch/179 [ 12.512680] [ 12.512761] CPU: 0 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.512800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.512823] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.512847] Call Trace: [ 12.512860] <TASK> [ 12.512872] dump_stack_lvl+0x73/0xb0 [ 12.512899] print_report+0xd1/0x610 [ 12.512919] ? __virt_addr_valid+0x1db/0x2d0 [ 12.512940] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.512962] ? kasan_addr_to_slab+0x11/0xa0 [ 12.512983] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.513005] kasan_report+0x141/0x180 [ 12.513026] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 12.513054] __asan_report_store1_noabort+0x1b/0x30 [ 12.513077] krealloc_less_oob_helper+0xec6/0x11d0 [ 12.513113] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.513137] ? finish_task_switch.isra.0+0x153/0x700 [ 12.513158] ? __switch_to+0x47/0xf50 [ 12.513181] ? __schedule+0x10c6/0x2b60 [ 12.513202] ? __pfx_read_tsc+0x10/0x10 [ 12.513225] krealloc_large_less_oob+0x1c/0x30 [ 12.513248] kunit_try_run_case+0x1a5/0x480 [ 12.513272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.513294] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.513316] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.513339] ? __kthread_parkme+0x82/0x180 [ 12.513358] ? preempt_count_sub+0x50/0x80 [ 12.513380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.513403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.513425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.513521] kthread+0x337/0x6f0 [ 12.513542] ? trace_preempt_on+0x20/0xc0 [ 12.513564] ? __pfx_kthread+0x10/0x10 [ 12.513583] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.513604] ? calculate_sigpending+0x7b/0xa0 [ 12.513626] ? __pfx_kthread+0x10/0x10 [ 12.513647] ret_from_fork+0x116/0x1d0 [ 12.513665] ? __pfx_kthread+0x10/0x10 [ 12.513685] ret_from_fork_asm+0x1a/0x30 [ 12.513713] </TASK> [ 12.513723] [ 12.521486] The buggy address belongs to the physical page: [ 12.521876] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.522208] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.522909] flags: 0x200000000000040(head|node=0|zone=2) [ 12.523178] page_type: f8(unknown) [ 12.523307] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.523672] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.524040] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.524492] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.524784] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.525034] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.525357] page dumped because: kasan: bad access detected [ 12.525612] [ 12.525705] Memory state around the buggy address: [ 12.526039] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.526305] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.526937] >ffff888102952080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 12.527287] ^ [ 12.527542] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.527837] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.528052] ================================================================== [ 12.391833] ================================================================== [ 12.392151] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 12.392561] Write of size 1 at addr ffff888100a1c8ea by task kunit_try_catch/175 [ 12.392909] [ 12.393021] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.393062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.393073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.393093] Call Trace: [ 12.393107] <TASK> [ 12.393121] dump_stack_lvl+0x73/0xb0 [ 12.393148] print_report+0xd1/0x610 [ 12.393169] ? __virt_addr_valid+0x1db/0x2d0 [ 12.393192] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.393262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.393285] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.393308] kasan_report+0x141/0x180 [ 12.393330] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 12.393357] __asan_report_store1_noabort+0x1b/0x30 [ 12.393381] krealloc_less_oob_helper+0xe90/0x11d0 [ 12.393406] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 12.393453] ? finish_task_switch.isra.0+0x153/0x700 [ 12.393475] ? __switch_to+0x47/0xf50 [ 12.393499] ? __schedule+0x10c6/0x2b60 [ 12.393521] ? __pfx_read_tsc+0x10/0x10 [ 12.393544] krealloc_less_oob+0x1c/0x30 [ 12.393565] kunit_try_run_case+0x1a5/0x480 [ 12.393589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.393611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.393634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.393656] ? __kthread_parkme+0x82/0x180 [ 12.393675] ? preempt_count_sub+0x50/0x80 [ 12.393697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.393721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.393743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.393766] kthread+0x337/0x6f0 [ 12.393785] ? trace_preempt_on+0x20/0xc0 [ 12.393807] ? __pfx_kthread+0x10/0x10 [ 12.393838] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.393859] ? calculate_sigpending+0x7b/0xa0 [ 12.393882] ? __pfx_kthread+0x10/0x10 [ 12.393903] ret_from_fork+0x116/0x1d0 [ 12.393921] ? __pfx_kthread+0x10/0x10 [ 12.393941] ret_from_fork_asm+0x1a/0x30 [ 12.393971] </TASK> [ 12.393981] [ 12.402282] Allocated by task 175: [ 12.402583] kasan_save_stack+0x45/0x70 [ 12.402777] kasan_save_track+0x18/0x40 [ 12.402964] kasan_save_alloc_info+0x3b/0x50 [ 12.403156] __kasan_krealloc+0x190/0x1f0 [ 12.403428] krealloc_noprof+0xf3/0x340 [ 12.403602] krealloc_less_oob_helper+0x1aa/0x11d0 [ 12.403805] krealloc_less_oob+0x1c/0x30 [ 12.403987] kunit_try_run_case+0x1a5/0x480 [ 12.404198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.404594] kthread+0x337/0x6f0 [ 12.404772] ret_from_fork+0x116/0x1d0 [ 12.404963] ret_from_fork_asm+0x1a/0x30 [ 12.405184] [ 12.405257] The buggy address belongs to the object at ffff888100a1c800 [ 12.405257] which belongs to the cache kmalloc-256 of size 256 [ 12.405956] The buggy address is located 33 bytes to the right of [ 12.405956] allocated 201-byte region [ffff888100a1c800, ffff888100a1c8c9) [ 12.406347] [ 12.406540] The buggy address belongs to the physical page: [ 12.406797] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a1c [ 12.407265] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.407528] flags: 0x200000000000040(head|node=0|zone=2) [ 12.407781] page_type: f5(slab) [ 12.407937] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.408171] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.408405] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.408640] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.409003] head: 0200000000000001 ffffea0004028701 00000000ffffffff 00000000ffffffff [ 12.409344] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.409694] page dumped because: kasan: bad access detected [ 12.409876] [ 12.409947] Memory state around the buggy address: [ 12.410143] ffff888100a1c780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.410853] ffff888100a1c800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.411316] >ffff888100a1c880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 12.411585] ^ [ 12.411789] ffff888100a1c900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.412026] ffff888100a1c980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.412701] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 12.277695] ================================================================== [ 12.278175] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.278582] Write of size 1 at addr ffff888100355aeb by task kunit_try_catch/173 [ 12.278922] [ 12.279027] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.279070] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.279081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.279104] Call Trace: [ 12.279115] <TASK> [ 12.279129] dump_stack_lvl+0x73/0xb0 [ 12.279157] print_report+0xd1/0x610 [ 12.279178] ? __virt_addr_valid+0x1db/0x2d0 [ 12.279199] ? krealloc_more_oob_helper+0x821/0x930 [ 12.279274] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.279296] ? krealloc_more_oob_helper+0x821/0x930 [ 12.279319] kasan_report+0x141/0x180 [ 12.279340] ? krealloc_more_oob_helper+0x821/0x930 [ 12.279368] __asan_report_store1_noabort+0x1b/0x30 [ 12.279392] krealloc_more_oob_helper+0x821/0x930 [ 12.279413] ? __schedule+0x10c6/0x2b60 [ 12.279436] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.279460] ? finish_task_switch.isra.0+0x153/0x700 [ 12.279481] ? __switch_to+0x47/0xf50 [ 12.279507] ? __schedule+0x10c6/0x2b60 [ 12.279528] ? __pfx_read_tsc+0x10/0x10 [ 12.279551] krealloc_more_oob+0x1c/0x30 [ 12.279571] kunit_try_run_case+0x1a5/0x480 [ 12.279595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.279617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.279640] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.279662] ? __kthread_parkme+0x82/0x180 [ 12.279683] ? preempt_count_sub+0x50/0x80 [ 12.279705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.279728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.279750] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.279772] kthread+0x337/0x6f0 [ 12.279791] ? trace_preempt_on+0x20/0xc0 [ 12.279827] ? __pfx_kthread+0x10/0x10 [ 12.279847] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.279867] ? calculate_sigpending+0x7b/0xa0 [ 12.279890] ? __pfx_kthread+0x10/0x10 [ 12.279911] ret_from_fork+0x116/0x1d0 [ 12.279930] ? __pfx_kthread+0x10/0x10 [ 12.279950] ret_from_fork_asm+0x1a/0x30 [ 12.279979] </TASK> [ 12.279990] [ 12.288470] Allocated by task 173: [ 12.288653] kasan_save_stack+0x45/0x70 [ 12.288846] kasan_save_track+0x18/0x40 [ 12.288984] kasan_save_alloc_info+0x3b/0x50 [ 12.289135] __kasan_krealloc+0x190/0x1f0 [ 12.289276] krealloc_noprof+0xf3/0x340 [ 12.289467] krealloc_more_oob_helper+0x1a9/0x930 [ 12.289693] krealloc_more_oob+0x1c/0x30 [ 12.289906] kunit_try_run_case+0x1a5/0x480 [ 12.290492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.290737] kthread+0x337/0x6f0 [ 12.290915] ret_from_fork+0x116/0x1d0 [ 12.291114] ret_from_fork_asm+0x1a/0x30 [ 12.291386] [ 12.291469] The buggy address belongs to the object at ffff888100355a00 [ 12.291469] which belongs to the cache kmalloc-256 of size 256 [ 12.291897] The buggy address is located 0 bytes to the right of [ 12.291897] allocated 235-byte region [ffff888100355a00, ffff888100355aeb) [ 12.292639] [ 12.292723] The buggy address belongs to the physical page: [ 12.292957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354 [ 12.293386] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.293690] flags: 0x200000000000040(head|node=0|zone=2) [ 12.293953] page_type: f5(slab) [ 12.294099] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.294577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.294835] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.295181] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.295587] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff [ 12.295935] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.296375] page dumped because: kasan: bad access detected [ 12.296613] [ 12.296711] Memory state around the buggy address: [ 12.296937] ffff888100355980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.297222] ffff888100355a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.297609] >ffff888100355a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.297909] ^ [ 12.298192] ffff888100355b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.298700] ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.299013] ================================================================== [ 12.299488] ================================================================== [ 12.299795] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.300121] Write of size 1 at addr ffff888100355af0 by task kunit_try_catch/173 [ 12.300587] [ 12.300706] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.300749] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.300761] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.300781] Call Trace: [ 12.300798] <TASK> [ 12.300826] dump_stack_lvl+0x73/0xb0 [ 12.300858] print_report+0xd1/0x610 [ 12.300879] ? __virt_addr_valid+0x1db/0x2d0 [ 12.300900] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.300924] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.300945] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.300968] kasan_report+0x141/0x180 [ 12.300990] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.301017] __asan_report_store1_noabort+0x1b/0x30 [ 12.301041] krealloc_more_oob_helper+0x7eb/0x930 [ 12.301063] ? __schedule+0x10c6/0x2b60 [ 12.301084] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.301117] ? finish_task_switch.isra.0+0x153/0x700 [ 12.301139] ? __switch_to+0x47/0xf50 [ 12.301163] ? __schedule+0x10c6/0x2b60 [ 12.301184] ? __pfx_read_tsc+0x10/0x10 [ 12.301444] krealloc_more_oob+0x1c/0x30 [ 12.301469] kunit_try_run_case+0x1a5/0x480 [ 12.301492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.301514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.301537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.301560] ? __kthread_parkme+0x82/0x180 [ 12.301579] ? preempt_count_sub+0x50/0x80 [ 12.301602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.301625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.301647] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.301670] kthread+0x337/0x6f0 [ 12.301689] ? trace_preempt_on+0x20/0xc0 [ 12.301711] ? __pfx_kthread+0x10/0x10 [ 12.301731] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.301751] ? calculate_sigpending+0x7b/0xa0 [ 12.301774] ? __pfx_kthread+0x10/0x10 [ 12.301795] ret_from_fork+0x116/0x1d0 [ 12.301827] ? __pfx_kthread+0x10/0x10 [ 12.301848] ret_from_fork_asm+0x1a/0x30 [ 12.301877] </TASK> [ 12.301887] [ 12.309595] Allocated by task 173: [ 12.309724] kasan_save_stack+0x45/0x70 [ 12.309901] kasan_save_track+0x18/0x40 [ 12.310091] kasan_save_alloc_info+0x3b/0x50 [ 12.310300] __kasan_krealloc+0x190/0x1f0 [ 12.310497] krealloc_noprof+0xf3/0x340 [ 12.310769] krealloc_more_oob_helper+0x1a9/0x930 [ 12.311014] krealloc_more_oob+0x1c/0x30 [ 12.311420] kunit_try_run_case+0x1a5/0x480 [ 12.311638] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.311879] kthread+0x337/0x6f0 [ 12.312002] ret_from_fork+0x116/0x1d0 [ 12.312135] ret_from_fork_asm+0x1a/0x30 [ 12.312496] [ 12.312594] The buggy address belongs to the object at ffff888100355a00 [ 12.312594] which belongs to the cache kmalloc-256 of size 256 [ 12.313112] The buggy address is located 5 bytes to the right of [ 12.313112] allocated 235-byte region [ffff888100355a00, ffff888100355aeb) [ 12.313784] [ 12.313895] The buggy address belongs to the physical page: [ 12.314118] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100354 [ 12.314529] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.314850] flags: 0x200000000000040(head|node=0|zone=2) [ 12.315088] page_type: f5(slab) [ 12.315289] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.315607] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.315851] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 12.316086] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.316320] head: 0200000000000001 ffffea000400d501 00000000ffffffff 00000000ffffffff [ 12.316661] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 12.317014] page dumped because: kasan: bad access detected [ 12.317264] [ 12.317364] Memory state around the buggy address: [ 12.317585] ffff888100355980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.318409] ffff888100355a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.318650] >ffff888100355a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 12.318973] ^ [ 12.319547] ffff888100355b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.319825] ffff888100355b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.320132] ================================================================== [ 12.437480] ================================================================== [ 12.437935] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 12.438289] Write of size 1 at addr ffff8881029520eb by task kunit_try_catch/177 [ 12.438719] [ 12.438842] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.438888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.438900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.438921] Call Trace: [ 12.438933] <TASK> [ 12.438949] dump_stack_lvl+0x73/0xb0 [ 12.438979] print_report+0xd1/0x610 [ 12.439001] ? __virt_addr_valid+0x1db/0x2d0 [ 12.439023] ? krealloc_more_oob_helper+0x821/0x930 [ 12.439046] ? kasan_addr_to_slab+0x11/0xa0 [ 12.439065] ? krealloc_more_oob_helper+0x821/0x930 [ 12.439088] kasan_report+0x141/0x180 [ 12.439121] ? krealloc_more_oob_helper+0x821/0x930 [ 12.439148] __asan_report_store1_noabort+0x1b/0x30 [ 12.439172] krealloc_more_oob_helper+0x821/0x930 [ 12.439193] ? __schedule+0x10c6/0x2b60 [ 12.439227] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.439250] ? finish_task_switch.isra.0+0x153/0x700 [ 12.439272] ? __switch_to+0x47/0xf50 [ 12.439297] ? __schedule+0x10c6/0x2b60 [ 12.439318] ? __pfx_read_tsc+0x10/0x10 [ 12.439341] krealloc_large_more_oob+0x1c/0x30 [ 12.439363] kunit_try_run_case+0x1a5/0x480 [ 12.439388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.439410] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.439434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.439456] ? __kthread_parkme+0x82/0x180 [ 12.439476] ? preempt_count_sub+0x50/0x80 [ 12.439498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.439522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.439544] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.439567] kthread+0x337/0x6f0 [ 12.439586] ? trace_preempt_on+0x20/0xc0 [ 12.439608] ? __pfx_kthread+0x10/0x10 [ 12.439628] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.439649] ? calculate_sigpending+0x7b/0xa0 [ 12.439672] ? __pfx_kthread+0x10/0x10 [ 12.439692] ret_from_fork+0x116/0x1d0 [ 12.439711] ? __pfx_kthread+0x10/0x10 [ 12.439730] ret_from_fork_asm+0x1a/0x30 [ 12.439760] </TASK> [ 12.439771] [ 12.447925] The buggy address belongs to the physical page: [ 12.448119] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.448527] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.448831] flags: 0x200000000000040(head|node=0|zone=2) [ 12.449061] page_type: f8(unknown) [ 12.449254] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.449733] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.450081] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.450374] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.450786] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.451162] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.451545] page dumped because: kasan: bad access detected [ 12.451807] [ 12.451918] Memory state around the buggy address: [ 12.452094] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.452470] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.452760] >ffff888102952080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 12.453083] ^ [ 12.453384] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.453674] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.453914] ================================================================== [ 12.454291] ================================================================== [ 12.454549] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 12.454915] Write of size 1 at addr ffff8881029520f0 by task kunit_try_catch/177 [ 12.455457] [ 12.455579] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.455623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.455635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.455655] Call Trace: [ 12.455671] <TASK> [ 12.455686] dump_stack_lvl+0x73/0xb0 [ 12.455713] print_report+0xd1/0x610 [ 12.455734] ? __virt_addr_valid+0x1db/0x2d0 [ 12.455755] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.455778] ? kasan_addr_to_slab+0x11/0xa0 [ 12.455797] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.455834] kasan_report+0x141/0x180 [ 12.455857] ? krealloc_more_oob_helper+0x7eb/0x930 [ 12.455884] __asan_report_store1_noabort+0x1b/0x30 [ 12.455909] krealloc_more_oob_helper+0x7eb/0x930 [ 12.455931] ? __schedule+0x10c6/0x2b60 [ 12.455953] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 12.455977] ? finish_task_switch.isra.0+0x153/0x700 [ 12.455998] ? __switch_to+0x47/0xf50 [ 12.456021] ? __schedule+0x10c6/0x2b60 [ 12.456042] ? __pfx_read_tsc+0x10/0x10 [ 12.456065] krealloc_large_more_oob+0x1c/0x30 [ 12.456087] kunit_try_run_case+0x1a5/0x480 [ 12.456110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.456132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.456154] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.456177] ? __kthread_parkme+0x82/0x180 [ 12.456196] ? preempt_count_sub+0x50/0x80 [ 12.456218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.456241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.456263] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.456286] kthread+0x337/0x6f0 [ 12.456304] ? trace_preempt_on+0x20/0xc0 [ 12.456326] ? __pfx_kthread+0x10/0x10 [ 12.456346] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.456367] ? calculate_sigpending+0x7b/0xa0 [ 12.456389] ? __pfx_kthread+0x10/0x10 [ 12.456410] ret_from_fork+0x116/0x1d0 [ 12.456428] ? __pfx_kthread+0x10/0x10 [ 12.456448] ret_from_fork_asm+0x1a/0x30 [ 12.456477] </TASK> [ 12.456488] [ 12.465454] The buggy address belongs to the physical page: [ 12.465706] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102950 [ 12.466030] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.466485] flags: 0x200000000000040(head|node=0|zone=2) [ 12.466702] page_type: f8(unknown) [ 12.466877] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.467238] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.467578] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.467945] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.468647] head: 0200000000000002 ffffea00040a5401 00000000ffffffff 00000000ffffffff [ 12.468961] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.469374] page dumped because: kasan: bad access detected [ 12.469616] [ 12.469695] Memory state around the buggy address: [ 12.469927] ffff888102951f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.470216] ffff888102952000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.470562] >ffff888102952080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 12.470861] ^ [ 12.471200] ffff888102952100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.471495] ffff888102952180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.471708] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 50.869115] ================================================================== [ 50.869486] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 50.869486] [ 50.869827] Use-after-free read at 0x(____ptrval____) (in kfence-#146): [ 50.870119] test_krealloc+0x6fc/0xbe0 [ 50.870315] kunit_try_run_case+0x1a5/0x480 [ 50.870518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 50.870700] kthread+0x337/0x6f0 [ 50.870892] ret_from_fork+0x116/0x1d0 [ 50.871092] ret_from_fork_asm+0x1a/0x30 [ 50.871271] [ 50.871349] kfence-#146: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 50.871349] [ 50.872351] allocated by task 354 on cpu 1 at 50.868475s (0.003873s ago): [ 50.872632] test_alloc+0x364/0x10f0 [ 50.872819] test_krealloc+0xad/0xbe0 [ 50.873032] kunit_try_run_case+0x1a5/0x480 [ 50.873227] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 50.873455] kthread+0x337/0x6f0 [ 50.873581] ret_from_fork+0x116/0x1d0 [ 50.873739] ret_from_fork_asm+0x1a/0x30 [ 50.873943] [ 50.874043] freed by task 354 on cpu 1 at 50.868738s (0.005302s ago): [ 50.874287] krealloc_noprof+0x108/0x340 [ 50.874459] test_krealloc+0x226/0xbe0 [ 50.875111] kunit_try_run_case+0x1a5/0x480 [ 50.875303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 50.875540] kthread+0x337/0x6f0 [ 50.875701] ret_from_fork+0x116/0x1d0 [ 50.875862] ret_from_fork_asm+0x1a/0x30 [ 50.876058] [ 50.876165] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 50.876520] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.876728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 50.877129] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 50.787001] ================================================================== [ 50.787438] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 50.787438] [ 50.787843] Use-after-free read at 0x(____ptrval____) (in kfence-#145): [ 50.788160] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 50.788624] kunit_try_run_case+0x1a5/0x480 [ 50.789065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 50.789459] kthread+0x337/0x6f0 [ 50.789634] ret_from_fork+0x116/0x1d0 [ 50.789813] ret_from_fork_asm+0x1a/0x30 [ 50.790018] [ 50.790117] kfence-#145: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 50.790117] [ 50.790490] allocated by task 352 on cpu 1 at 50.764416s (0.026071s ago): [ 50.790791] test_alloc+0x2a6/0x10f0 [ 50.791988] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 50.792350] kunit_try_run_case+0x1a5/0x480 [ 50.792555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 50.792948] kthread+0x337/0x6f0 [ 50.793122] ret_from_fork+0x116/0x1d0 [ 50.793396] ret_from_fork_asm+0x1a/0x30 [ 50.793590] [ 50.793677] freed by task 352 on cpu 1 at 50.764518s (0.029156s ago): [ 50.793960] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 50.794455] kunit_try_run_case+0x1a5/0x480 [ 50.794652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 50.794879] kthread+0x337/0x6f0 [ 50.795145] ret_from_fork+0x116/0x1d0 [ 50.795316] ret_from_fork_asm+0x1a/0x30 [ 50.795618] [ 50.795728] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 50.796336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 50.796597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 50.797035] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 25.503890] ================================================================== [ 25.504410] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 25.504410] [ 25.504898] Invalid read at 0x(____ptrval____): [ 25.505109] test_invalid_access+0xf0/0x210 [ 25.505344] kunit_try_run_case+0x1a5/0x480 [ 25.505564] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.505849] kthread+0x337/0x6f0 [ 25.506000] ret_from_fork+0x116/0x1d0 [ 25.506140] ret_from_fork_asm+0x1a/0x30 [ 25.506361] [ 25.506488] CPU: 1 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 25.506937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.507106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.507441] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 25.284687] ================================================================== [ 25.285107] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 25.285107] [ 25.285548] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#141): [ 25.286186] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 25.286371] kunit_try_run_case+0x1a5/0x480 [ 25.286605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.286881] kthread+0x337/0x6f0 [ 25.287062] ret_from_fork+0x116/0x1d0 [ 25.287248] ret_from_fork_asm+0x1a/0x30 [ 25.287481] [ 25.287558] kfence-#141: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 25.287558] [ 25.287986] allocated by task 342 on cpu 0 at 25.284434s (0.003550s ago): [ 25.288307] test_alloc+0x364/0x10f0 [ 25.288496] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 25.288713] kunit_try_run_case+0x1a5/0x480 [ 25.288920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.289199] kthread+0x337/0x6f0 [ 25.289369] ret_from_fork+0x116/0x1d0 [ 25.289540] ret_from_fork_asm+0x1a/0x30 [ 25.289708] [ 25.289810] freed by task 342 on cpu 0 at 25.284572s (0.005233s ago): [ 25.290074] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 25.290248] kunit_try_run_case+0x1a5/0x480 [ 25.290398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.290627] kthread+0x337/0x6f0 [ 25.290860] ret_from_fork+0x116/0x1d0 [ 25.291052] ret_from_fork_asm+0x1a/0x30 [ 25.291295] [ 25.291394] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 25.291740] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.291952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.292694] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 12.046313] ================================================================== [ 12.046757] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 12.047073] Read of size 1 at addr ffff888102261f5f by task kunit_try_catch/155 [ 12.047358] [ 12.047457] CPU: 0 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.047504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.047517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.047539] Call Trace: [ 12.047552] <TASK> [ 12.047571] dump_stack_lvl+0x73/0xb0 [ 12.047600] print_report+0xd1/0x610 [ 12.047621] ? __virt_addr_valid+0x1db/0x2d0 [ 12.047643] ? kmalloc_oob_left+0x361/0x3c0 [ 12.047663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.047684] ? kmalloc_oob_left+0x361/0x3c0 [ 12.047705] kasan_report+0x141/0x180 [ 12.047725] ? kmalloc_oob_left+0x361/0x3c0 [ 12.047750] __asan_report_load1_noabort+0x18/0x20 [ 12.047773] kmalloc_oob_left+0x361/0x3c0 [ 12.047794] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 12.047853] ? __schedule+0x10c6/0x2b60 [ 12.047878] ? __pfx_read_tsc+0x10/0x10 [ 12.047898] ? ktime_get_ts64+0x86/0x230 [ 12.047922] kunit_try_run_case+0x1a5/0x480 [ 12.047948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.047970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.047993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.048015] ? __kthread_parkme+0x82/0x180 [ 12.048035] ? preempt_count_sub+0x50/0x80 [ 12.048058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.048099] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.048122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.048159] kthread+0x337/0x6f0 [ 12.048179] ? trace_preempt_on+0x20/0xc0 [ 12.048217] ? __pfx_kthread+0x10/0x10 [ 12.048237] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.048257] ? calculate_sigpending+0x7b/0xa0 [ 12.048281] ? __pfx_kthread+0x10/0x10 [ 12.048302] ret_from_fork+0x116/0x1d0 [ 12.048320] ? __pfx_kthread+0x10/0x10 [ 12.048340] ret_from_fork_asm+0x1a/0x30 [ 12.048370] </TASK> [ 12.048381] [ 12.055469] Allocated by task 1: [ 12.055617] kasan_save_stack+0x45/0x70 [ 12.055825] kasan_save_track+0x18/0x40 [ 12.056006] kasan_save_alloc_info+0x3b/0x50 [ 12.056311] __kasan_kmalloc+0xb7/0xc0 [ 12.056451] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.056632] kvasprintf+0xc5/0x150 [ 12.056773] __kthread_create_on_node+0x18b/0x3a0 [ 12.057013] kthread_create_on_node+0xab/0xe0 [ 12.057319] create_worker+0x3e5/0x7b0 [ 12.057513] alloc_unbound_pwq+0x8ea/0xdb0 [ 12.057694] apply_wqattrs_prepare+0x332/0xd20 [ 12.057887] apply_workqueue_attrs_locked+0x4d/0xa0 [ 12.058138] alloc_workqueue+0xcc7/0x1ad0 [ 12.058382] latency_fsnotify_init+0x1b/0x50 [ 12.058585] do_one_initcall+0xd8/0x370 [ 12.058759] kernel_init_freeable+0x420/0x6f0 [ 12.058955] kernel_init+0x23/0x1e0 [ 12.059147] ret_from_fork+0x116/0x1d0 [ 12.059367] ret_from_fork_asm+0x1a/0x30 [ 12.059514] [ 12.059588] The buggy address belongs to the object at ffff888102261f40 [ 12.059588] which belongs to the cache kmalloc-16 of size 16 [ 12.060116] The buggy address is located 18 bytes to the right of [ 12.060116] allocated 13-byte region [ffff888102261f40, ffff888102261f4d) [ 12.060761] [ 12.060878] The buggy address belongs to the physical page: [ 12.061148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102261 [ 12.061460] flags: 0x200000000000000(node=0|zone=2) [ 12.061704] page_type: f5(slab) [ 12.061889] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 12.062325] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 12.062661] page dumped because: kasan: bad access detected [ 12.062890] [ 12.062985] Memory state around the buggy address: [ 12.063302] ffff888102261e00: fa fb fc fc 00 02 fc fc 00 05 fc fc 00 02 fc fc [ 12.063570] ffff888102261e80: 00 02 fc fc 00 02 fc fc 00 02 fc fc fa fb fc fc [ 12.063871] >ffff888102261f00: fa fb fc fc fa fb fc fc 00 05 fc fc 00 07 fc fc [ 12.064253] ^ [ 12.064519] ffff888102261f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.064780] ffff888102262000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.065078] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 11.980339] ================================================================== [ 11.981336] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 11.982058] Write of size 1 at addr ffff8881025bdc73 by task kunit_try_catch/153 [ 11.982793] [ 11.983868] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 11.984233] Tainted: [N]=TEST [ 11.984266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.984484] Call Trace: [ 11.984551] <TASK> [ 11.984696] dump_stack_lvl+0x73/0xb0 [ 11.984781] print_report+0xd1/0x610 [ 11.984809] ? __virt_addr_valid+0x1db/0x2d0 [ 11.984854] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.984875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.984896] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.984917] kasan_report+0x141/0x180 [ 11.984938] ? kmalloc_oob_right+0x6f0/0x7f0 [ 11.984963] __asan_report_store1_noabort+0x1b/0x30 [ 11.984986] kmalloc_oob_right+0x6f0/0x7f0 [ 11.985007] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 11.985029] ? __schedule+0x10c6/0x2b60 [ 11.985052] ? __pfx_read_tsc+0x10/0x10 [ 11.985095] ? ktime_get_ts64+0x86/0x230 [ 11.985122] kunit_try_run_case+0x1a5/0x480 [ 11.985148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.985170] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.985193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.985216] ? __kthread_parkme+0x82/0x180 [ 11.985236] ? preempt_count_sub+0x50/0x80 [ 11.985261] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.985283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.985306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.985328] kthread+0x337/0x6f0 [ 11.985347] ? trace_preempt_on+0x20/0xc0 [ 11.985371] ? __pfx_kthread+0x10/0x10 [ 11.985390] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.985411] ? calculate_sigpending+0x7b/0xa0 [ 11.985435] ? __pfx_kthread+0x10/0x10 [ 11.985456] ret_from_fork+0x116/0x1d0 [ 11.985474] ? __pfx_kthread+0x10/0x10 [ 11.985494] ret_from_fork_asm+0x1a/0x30 [ 11.985551] </TASK> [ 11.985623] [ 11.995391] Allocated by task 153: [ 11.995649] kasan_save_stack+0x45/0x70 [ 11.995827] kasan_save_track+0x18/0x40 [ 11.995991] kasan_save_alloc_info+0x3b/0x50 [ 11.996199] __kasan_kmalloc+0xb7/0xc0 [ 11.996378] __kmalloc_cache_noprof+0x189/0x420 [ 11.996560] kmalloc_oob_right+0xa9/0x7f0 [ 11.996762] kunit_try_run_case+0x1a5/0x480 [ 11.996973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.997203] kthread+0x337/0x6f0 [ 11.997373] ret_from_fork+0x116/0x1d0 [ 11.997549] ret_from_fork_asm+0x1a/0x30 [ 11.997725] [ 11.997856] The buggy address belongs to the object at ffff8881025bdc00 [ 11.997856] which belongs to the cache kmalloc-128 of size 128 [ 11.998490] The buggy address is located 0 bytes to the right of [ 11.998490] allocated 115-byte region [ffff8881025bdc00, ffff8881025bdc73) [ 11.999025] [ 11.999224] The buggy address belongs to the physical page: [ 11.999600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.000229] flags: 0x200000000000000(node=0|zone=2) [ 12.000871] page_type: f5(slab) [ 12.001383] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.001712] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.002119] page dumped because: kasan: bad access detected [ 12.002359] [ 12.002465] Memory state around the buggy address: [ 12.002896] ffff8881025bdb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.003261] ffff8881025bdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.003578] >ffff8881025bdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.003879] ^ [ 12.004245] ffff8881025bdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.004535] ffff8881025bdd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.004871] ================================================================== [ 12.006406] ================================================================== [ 12.006724] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 12.007034] Write of size 1 at addr ffff8881025bdc78 by task kunit_try_catch/153 [ 12.007424] [ 12.007540] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.007586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.007597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.007617] Call Trace: [ 12.007633] <TASK> [ 12.007648] dump_stack_lvl+0x73/0xb0 [ 12.007676] print_report+0xd1/0x610 [ 12.007697] ? __virt_addr_valid+0x1db/0x2d0 [ 12.007719] ? kmalloc_oob_right+0x6bd/0x7f0 [ 12.007739] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.007760] ? kmalloc_oob_right+0x6bd/0x7f0 [ 12.007781] kasan_report+0x141/0x180 [ 12.007801] ? kmalloc_oob_right+0x6bd/0x7f0 [ 12.007837] __asan_report_store1_noabort+0x1b/0x30 [ 12.007861] kmalloc_oob_right+0x6bd/0x7f0 [ 12.007882] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 12.007904] ? __schedule+0x10c6/0x2b60 [ 12.007925] ? __pfx_read_tsc+0x10/0x10 [ 12.007945] ? ktime_get_ts64+0x86/0x230 [ 12.007968] kunit_try_run_case+0x1a5/0x480 [ 12.007991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.008013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.008035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.008058] ? __kthread_parkme+0x82/0x180 [ 12.008097] ? preempt_count_sub+0x50/0x80 [ 12.008120] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.008143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.008165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.008188] kthread+0x337/0x6f0 [ 12.008207] ? trace_preempt_on+0x20/0xc0 [ 12.008229] ? __pfx_kthread+0x10/0x10 [ 12.008249] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.008269] ? calculate_sigpending+0x7b/0xa0 [ 12.008292] ? __pfx_kthread+0x10/0x10 [ 12.008313] ret_from_fork+0x116/0x1d0 [ 12.008330] ? __pfx_kthread+0x10/0x10 [ 12.008350] ret_from_fork_asm+0x1a/0x30 [ 12.008379] </TASK> [ 12.008389] [ 12.015002] Allocated by task 153: [ 12.015186] kasan_save_stack+0x45/0x70 [ 12.015360] kasan_save_track+0x18/0x40 [ 12.015505] kasan_save_alloc_info+0x3b/0x50 [ 12.015719] __kasan_kmalloc+0xb7/0xc0 [ 12.015885] __kmalloc_cache_noprof+0x189/0x420 [ 12.016119] kmalloc_oob_right+0xa9/0x7f0 [ 12.016277] kunit_try_run_case+0x1a5/0x480 [ 12.016483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.016659] kthread+0x337/0x6f0 [ 12.016779] ret_from_fork+0x116/0x1d0 [ 12.016926] ret_from_fork_asm+0x1a/0x30 [ 12.017111] [ 12.017204] The buggy address belongs to the object at ffff8881025bdc00 [ 12.017204] which belongs to the cache kmalloc-128 of size 128 [ 12.017724] The buggy address is located 5 bytes to the right of [ 12.017724] allocated 115-byte region [ffff8881025bdc00, ffff8881025bdc73) [ 12.018204] [ 12.018303] The buggy address belongs to the physical page: [ 12.018563] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.018905] flags: 0x200000000000000(node=0|zone=2) [ 12.019149] page_type: f5(slab) [ 12.019292] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.019601] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.019920] page dumped because: kasan: bad access detected [ 12.020159] [ 12.020479] Memory state around the buggy address: [ 12.020689] ffff8881025bdb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.020956] ffff8881025bdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.021203] >ffff8881025bdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.021418] ^ [ 12.021632] ffff8881025bdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.021938] ffff8881025bdd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.022273] ================================================================== [ 12.022801] ================================================================== [ 12.023177] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 12.023517] Read of size 1 at addr ffff8881025bdc80 by task kunit_try_catch/153 [ 12.023808] [ 12.023903] CPU: 1 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.023945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.023956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.023976] Call Trace: [ 12.023989] <TASK> [ 12.024002] dump_stack_lvl+0x73/0xb0 [ 12.024027] print_report+0xd1/0x610 [ 12.024048] ? __virt_addr_valid+0x1db/0x2d0 [ 12.024069] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.024110] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.024131] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.024151] kasan_report+0x141/0x180 [ 12.024172] ? kmalloc_oob_right+0x68a/0x7f0 [ 12.024197] __asan_report_load1_noabort+0x18/0x20 [ 12.024220] kmalloc_oob_right+0x68a/0x7f0 [ 12.024241] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 12.024263] ? __schedule+0x10c6/0x2b60 [ 12.024284] ? __pfx_read_tsc+0x10/0x10 [ 12.024304] ? ktime_get_ts64+0x86/0x230 [ 12.024327] kunit_try_run_case+0x1a5/0x480 [ 12.024349] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.024371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.024393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.024415] ? __kthread_parkme+0x82/0x180 [ 12.024434] ? preempt_count_sub+0x50/0x80 [ 12.024456] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.024479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.024501] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.024523] kthread+0x337/0x6f0 [ 12.024541] ? trace_preempt_on+0x20/0xc0 [ 12.024563] ? __pfx_kthread+0x10/0x10 [ 12.024582] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.024603] ? calculate_sigpending+0x7b/0xa0 [ 12.024625] ? __pfx_kthread+0x10/0x10 [ 12.024646] ret_from_fork+0x116/0x1d0 [ 12.024663] ? __pfx_kthread+0x10/0x10 [ 12.024683] ret_from_fork_asm+0x1a/0x30 [ 12.024712] </TASK> [ 12.024721] [ 12.033779] Allocated by task 153: [ 12.033929] kasan_save_stack+0x45/0x70 [ 12.034164] kasan_save_track+0x18/0x40 [ 12.034338] kasan_save_alloc_info+0x3b/0x50 [ 12.034525] __kasan_kmalloc+0xb7/0xc0 [ 12.034687] __kmalloc_cache_noprof+0x189/0x420 [ 12.034881] kmalloc_oob_right+0xa9/0x7f0 [ 12.035106] kunit_try_run_case+0x1a5/0x480 [ 12.035320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.035528] kthread+0x337/0x6f0 [ 12.035650] ret_from_fork+0x116/0x1d0 [ 12.035784] ret_from_fork_asm+0x1a/0x30 [ 12.035991] [ 12.036112] The buggy address belongs to the object at ffff8881025bdc00 [ 12.036112] which belongs to the cache kmalloc-128 of size 128 [ 12.036573] The buggy address is located 13 bytes to the right of [ 12.036573] allocated 115-byte region [ffff8881025bdc00, ffff8881025bdc73) [ 12.037114] [ 12.037213] The buggy address belongs to the physical page: [ 12.037465] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.037776] flags: 0x200000000000000(node=0|zone=2) [ 12.037992] page_type: f5(slab) [ 12.038139] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.038487] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.038760] page dumped because: kasan: bad access detected [ 12.038944] [ 12.039016] Memory state around the buggy address: [ 12.039267] ffff8881025bdb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.039586] ffff8881025bdc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.039910] >ffff8881025bdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.040156] ^ [ 12.040298] ffff8881025bdd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.040615] ffff8881025bdd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.040940] ==================================================================
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 145.910163] WARNING: CPU: 0 PID: 2763 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 145.911135] Modules linked in: [ 145.911476] CPU: 0 UID: 0 PID: 2763 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.912182] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.912806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.913426] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 145.913901] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.915122] RSP: 0000:ffff888102907c78 EFLAGS: 00010286 [ 145.915665] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 145.916077] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff91a33d3c [ 145.916539] RBP: ffff888102907ca0 R08: 0000000000000000 R09: ffffed10208753c0 [ 145.917159] R10: ffff8881043a9e07 R11: 0000000000000000 R12: ffffffff91a33d28 [ 145.917739] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102907d38 [ 145.917965] FS: 0000000000000000(0000) GS:ffff8881c7672000(0000) knlGS:0000000000000000 [ 145.918320] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.918884] CR2: 00007ffff7ffe000 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.919630] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52442 [ 145.920322] DR3: ffffffff93a52443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.921021] Call Trace: [ 145.921177] <TASK> [ 145.921573] drm_test_rect_calc_vscale+0x108/0x270 [ 145.921880] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 145.922079] ? __schedule+0x10c6/0x2b60 [ 145.922283] ? __pfx_read_tsc+0x10/0x10 [ 145.922727] ? ktime_get_ts64+0x86/0x230 [ 145.923142] kunit_try_run_case+0x1a5/0x480 [ 145.923635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.924093] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.924632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.924814] ? __kthread_parkme+0x82/0x180 [ 145.924964] ? preempt_count_sub+0x50/0x80 [ 145.925135] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.925319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.925585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.926321] kthread+0x337/0x6f0 [ 145.926642] ? trace_preempt_on+0x20/0xc0 [ 145.926979] ? __pfx_kthread+0x10/0x10 [ 145.927138] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.927517] ? calculate_sigpending+0x7b/0xa0 [ 145.927984] ? __pfx_kthread+0x10/0x10 [ 145.928398] ret_from_fork+0x116/0x1d0 [ 145.928823] ? __pfx_kthread+0x10/0x10 [ 145.929077] ret_from_fork_asm+0x1a/0x30 [ 145.929344] </TASK> [ 145.929594] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 145.933820] WARNING: CPU: 0 PID: 2765 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 145.934165] Modules linked in: [ 145.934739] CPU: 0 UID: 0 PID: 2765 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.935931] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.936770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.937642] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 145.938054] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.939502] RSP: 0000:ffff8881045dfc78 EFLAGS: 00010286 [ 145.939687] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 145.939893] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff91a33d74 [ 145.940135] RBP: ffff8881045dfca0 R08: 0000000000000000 R09: ffffed10207461e0 [ 145.940636] R10: ffff888103a30f07 R11: 0000000000000000 R12: ffffffff91a33d60 [ 145.941073] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881045dfd38 [ 145.941390] FS: 0000000000000000(0000) GS:ffff8881c7672000(0000) knlGS:0000000000000000 [ 145.941860] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.942299] CR2: 00007ffff7ffe000 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.942621] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52442 [ 145.942930] DR3: ffffffff93a52443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.943380] Call Trace: [ 145.943559] <TASK> [ 145.943695] drm_test_rect_calc_vscale+0x108/0x270 [ 145.944029] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 145.944453] ? __schedule+0x10c6/0x2b60 [ 145.944744] ? __pfx_read_tsc+0x10/0x10 [ 145.944967] ? ktime_get_ts64+0x86/0x230 [ 145.945286] kunit_try_run_case+0x1a5/0x480 [ 145.945588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.945813] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.946064] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.946547] ? __kthread_parkme+0x82/0x180 [ 145.946830] ? preempt_count_sub+0x50/0x80 [ 145.947072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.947557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.947815] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.948118] kthread+0x337/0x6f0 [ 145.948300] ? trace_preempt_on+0x20/0xc0 [ 145.948499] ? __pfx_kthread+0x10/0x10 [ 145.948697] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.948914] ? calculate_sigpending+0x7b/0xa0 [ 145.949350] ? __pfx_kthread+0x10/0x10 [ 145.949510] ret_from_fork+0x116/0x1d0 [ 145.949702] ? __pfx_kthread+0x10/0x10 [ 145.950027] ret_from_fork_asm+0x1a/0x30 [ 145.950444] </TASK> [ 145.950579] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 145.879250] WARNING: CPU: 1 PID: 2753 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 145.879921] Modules linked in: [ 145.880089] CPU: 1 UID: 0 PID: 2753 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.881123] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.881771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.882350] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 145.882907] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b e5 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.884334] RSP: 0000:ffff8881045bfc78 EFLAGS: 00010286 [ 145.884982] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 145.885275] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff91a33d78 [ 145.885964] RBP: ffff8881045bfca0 R08: 0000000000000000 R09: ffffed1020c14fc0 [ 145.886679] R10: ffff8881060a7e07 R11: 0000000000000000 R12: ffffffff91a33d60 [ 145.886900] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881045bfd38 [ 145.887130] FS: 0000000000000000(0000) GS:ffff8881c7772000(0000) knlGS:0000000000000000 [ 145.887449] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.887883] CR2: ffffffffffffffff CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.888324] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52443 [ 145.888673] DR3: ffffffff93a52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.888971] Call Trace: [ 145.889097] <TASK> [ 145.889199] drm_test_rect_calc_hscale+0x108/0x270 [ 145.889450] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 145.889770] ? __schedule+0x10c6/0x2b60 [ 145.890162] ? __pfx_read_tsc+0x10/0x10 [ 145.890414] ? ktime_get_ts64+0x86/0x230 [ 145.890569] kunit_try_run_case+0x1a5/0x480 [ 145.890885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.891135] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.891506] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.891725] ? __kthread_parkme+0x82/0x180 [ 145.891912] ? preempt_count_sub+0x50/0x80 [ 145.892124] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.892494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.892681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.893392] kthread+0x337/0x6f0 [ 145.893554] ? trace_preempt_on+0x20/0xc0 [ 145.893748] ? __pfx_kthread+0x10/0x10 [ 145.893927] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.894145] ? calculate_sigpending+0x7b/0xa0 [ 145.894946] ? __pfx_kthread+0x10/0x10 [ 145.895456] ret_from_fork+0x116/0x1d0 [ 145.895719] ? __pfx_kthread+0x10/0x10 [ 145.896032] ret_from_fork_asm+0x1a/0x30 [ 145.896664] </TASK> [ 145.896815] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 145.857113] WARNING: CPU: 0 PID: 2751 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 145.858665] Modules linked in: [ 145.859352] CPU: 0 UID: 0 PID: 2751 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.859945] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.860145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.861083] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 145.861681] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 1b e5 1e 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 145.863497] RSP: 0000:ffff888103ec7c78 EFLAGS: 00010286 [ 145.863743] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 145.863965] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff91a33d40 [ 145.864236] RBP: ffff888103ec7ca0 R08: 0000000000000000 R09: ffffed10207460e0 [ 145.864933] R10: ffff888103a30707 R11: 0000000000000000 R12: ffffffff91a33d28 [ 145.865620] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103ec7d38 [ 145.866655] FS: 0000000000000000(0000) GS:ffff8881c7672000(0000) knlGS:0000000000000000 [ 145.867491] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.868023] CR2: 00007ffff7ffe000 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.868335] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52442 [ 145.868549] DR3: ffffffff93a52443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.868757] Call Trace: [ 145.868856] <TASK> [ 145.868958] drm_test_rect_calc_hscale+0x108/0x270 [ 145.869157] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 145.869334] ? __schedule+0x10c6/0x2b60 [ 145.869714] ? __pfx_read_tsc+0x10/0x10 [ 145.870212] ? ktime_get_ts64+0x86/0x230 [ 145.870520] kunit_try_run_case+0x1a5/0x480 [ 145.870703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.870928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.871169] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.871390] ? __kthread_parkme+0x82/0x180 [ 145.871676] ? preempt_count_sub+0x50/0x80 [ 145.871832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.872065] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.872587] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.872828] kthread+0x337/0x6f0 [ 145.873005] ? trace_preempt_on+0x20/0xc0 [ 145.873180] ? __pfx_kthread+0x10/0x10 [ 145.873476] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.873649] ? calculate_sigpending+0x7b/0xa0 [ 145.873882] ? __pfx_kthread+0x10/0x10 [ 145.874098] ret_from_fork+0x116/0x1d0 [ 145.874458] ? __pfx_kthread+0x10/0x10 [ 145.874611] ret_from_fork_asm+0x1a/0x30 [ 145.874852] </TASK> [ 145.875080] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 25.076718] ================================================================== [ 25.077162] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 25.077162] [ 25.077580] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#139): [ 25.077943] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 25.078158] kunit_try_run_case+0x1a5/0x480 [ 25.078405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.078628] kthread+0x337/0x6f0 [ 25.078779] ret_from_fork+0x116/0x1d0 [ 25.078957] ret_from_fork_asm+0x1a/0x30 [ 25.079162] [ 25.079269] kfence-#139: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 25.079269] [ 25.079710] allocated by task 340 on cpu 0 at 25.076513s (0.003195s ago): [ 25.080024] test_alloc+0x364/0x10f0 [ 25.080212] test_kmalloc_aligned_oob_read+0x105/0x560 [ 25.080411] kunit_try_run_case+0x1a5/0x480 [ 25.080566] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.080782] kthread+0x337/0x6f0 [ 25.080968] ret_from_fork+0x116/0x1d0 [ 25.081162] ret_from_fork_asm+0x1a/0x30 [ 25.081363] [ 25.081520] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 25.081914] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.082117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.082479] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-test_corruption
[ 20.500712] ================================================================== [ 20.501153] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 20.501153] [ 20.501517] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#95): [ 20.502250] test_corruption+0x2d2/0x3e0 [ 20.502454] kunit_try_run_case+0x1a5/0x480 [ 20.502634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.502924] kthread+0x337/0x6f0 [ 20.503122] ret_from_fork+0x116/0x1d0 [ 20.503276] ret_from_fork_asm+0x1a/0x30 [ 20.503482] [ 20.503607] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 20.503607] [ 20.503984] allocated by task 328 on cpu 0 at 20.500528s (0.003454s ago): [ 20.504433] test_alloc+0x364/0x10f0 [ 20.504669] test_corruption+0xe6/0x3e0 [ 20.504819] kunit_try_run_case+0x1a5/0x480 [ 20.505026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.505265] kthread+0x337/0x6f0 [ 20.505453] ret_from_fork+0x116/0x1d0 [ 20.505666] ret_from_fork_asm+0x1a/0x30 [ 20.505875] [ 20.505974] freed by task 328 on cpu 0 at 20.500631s (0.005340s ago): [ 20.506297] test_corruption+0x2d2/0x3e0 [ 20.506472] kunit_try_run_case+0x1a5/0x480 [ 20.506689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.506984] kthread+0x337/0x6f0 [ 20.507196] ret_from_fork+0x116/0x1d0 [ 20.507379] ret_from_fork_asm+0x1a/0x30 [ 20.507575] [ 20.507697] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 20.508231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.508398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.508792] ================================================================== [ 20.708650] ================================================================== [ 20.709048] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 20.709048] [ 20.709410] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#97): [ 20.710027] test_corruption+0x131/0x3e0 [ 20.710229] kunit_try_run_case+0x1a5/0x480 [ 20.710674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.710925] kthread+0x337/0x6f0 [ 20.711103] ret_from_fork+0x116/0x1d0 [ 20.711485] ret_from_fork_asm+0x1a/0x30 [ 20.711850] [ 20.711940] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 20.711940] [ 20.712449] allocated by task 330 on cpu 1 at 20.708535s (0.003911s ago): [ 20.712923] test_alloc+0x2a6/0x10f0 [ 20.713126] test_corruption+0xe6/0x3e0 [ 20.713302] kunit_try_run_case+0x1a5/0x480 [ 20.713502] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.713739] kthread+0x337/0x6f0 [ 20.713904] ret_from_fork+0x116/0x1d0 [ 20.714076] ret_from_fork_asm+0x1a/0x30 [ 20.714662] [ 20.714762] freed by task 330 on cpu 1 at 20.708583s (0.006176s ago): [ 20.715033] test_corruption+0x131/0x3e0 [ 20.715360] kunit_try_run_case+0x1a5/0x480 [ 20.715643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.715868] kthread+0x337/0x6f0 [ 20.716204] ret_from_fork+0x116/0x1d0 [ 20.716498] ret_from_fork_asm+0x1a/0x30 [ 20.716662] [ 20.716792] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 20.717432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.717705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.718146] ================================================================== [ 20.812667] ================================================================== [ 20.813064] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 20.813064] [ 20.813450] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#98): [ 20.814084] test_corruption+0x216/0x3e0 [ 20.814449] kunit_try_run_case+0x1a5/0x480 [ 20.814778] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.815007] kthread+0x337/0x6f0 [ 20.815337] ret_from_fork+0x116/0x1d0 [ 20.815520] ret_from_fork_asm+0x1a/0x30 [ 20.815704] [ 20.815805] kfence-#98: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 20.815805] [ 20.816157] allocated by task 330 on cpu 1 at 20.812543s (0.003612s ago): [ 20.816838] test_alloc+0x2a6/0x10f0 [ 20.817043] test_corruption+0x1cb/0x3e0 [ 20.817398] kunit_try_run_case+0x1a5/0x480 [ 20.817606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.817999] kthread+0x337/0x6f0 [ 20.818338] ret_from_fork+0x116/0x1d0 [ 20.818523] ret_from_fork_asm+0x1a/0x30 [ 20.818815] [ 20.818929] freed by task 330 on cpu 1 at 20.812602s (0.006324s ago): [ 20.819360] test_corruption+0x216/0x3e0 [ 20.819536] kunit_try_run_case+0x1a5/0x480 [ 20.819730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.819975] kthread+0x337/0x6f0 [ 20.820124] ret_from_fork+0x116/0x1d0 [ 20.820539] ret_from_fork_asm+0x1a/0x30 [ 20.820820] [ 20.820952] CPU: 1 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 20.821641] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.821923] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.822371] ================================================================== [ 20.604839] ================================================================== [ 20.605329] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 20.605329] [ 20.605701] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#96): [ 20.606111] test_corruption+0x2df/0x3e0 [ 20.606318] kunit_try_run_case+0x1a5/0x480 [ 20.606531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.606780] kthread+0x337/0x6f0 [ 20.606967] ret_from_fork+0x116/0x1d0 [ 20.607231] ret_from_fork_asm+0x1a/0x30 [ 20.607477] [ 20.607594] kfence-#96: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 20.607594] [ 20.608025] allocated by task 328 on cpu 0 at 20.604568s (0.003455s ago): [ 20.608364] test_alloc+0x364/0x10f0 [ 20.608556] test_corruption+0x1cb/0x3e0 [ 20.608752] kunit_try_run_case+0x1a5/0x480 [ 20.608981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.609289] kthread+0x337/0x6f0 [ 20.609501] ret_from_fork+0x116/0x1d0 [ 20.609652] ret_from_fork_asm+0x1a/0x30 [ 20.609791] [ 20.609874] freed by task 328 on cpu 0 at 20.604671s (0.005200s ago): [ 20.610271] test_corruption+0x2df/0x3e0 [ 20.610481] kunit_try_run_case+0x1a5/0x480 [ 20.610690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.610925] kthread+0x337/0x6f0 [ 20.611076] ret_from_fork+0x116/0x1d0 [ 20.611268] ret_from_fork_asm+0x1a/0x30 [ 20.611483] [ 20.611644] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 20.612215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.612476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.612934] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 19.356627] ================================================================== [ 19.357036] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 19.357036] [ 19.357478] Invalid free of 0x(____ptrval____) (in kfence-#84): [ 19.358124] test_invalid_addr_free+0x1e1/0x260 [ 19.358602] kunit_try_run_case+0x1a5/0x480 [ 19.358833] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.359264] kthread+0x337/0x6f0 [ 19.359525] ret_from_fork+0x116/0x1d0 [ 19.359745] ret_from_fork_asm+0x1a/0x30 [ 19.360078] [ 19.360307] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.360307] [ 19.360703] allocated by task 324 on cpu 0 at 19.356523s (0.004178s ago): [ 19.361250] test_alloc+0x364/0x10f0 [ 19.361530] test_invalid_addr_free+0xdb/0x260 [ 19.361804] kunit_try_run_case+0x1a5/0x480 [ 19.362109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.362462] kthread+0x337/0x6f0 [ 19.362656] ret_from_fork+0x116/0x1d0 [ 19.362965] ret_from_fork_asm+0x1a/0x30 [ 19.363218] [ 19.363453] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.363936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.364380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.364882] ================================================================== [ 19.564633] ================================================================== [ 19.565032] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 19.565032] [ 19.565407] Invalid free of 0x(____ptrval____) (in kfence-#86): [ 19.565697] test_invalid_addr_free+0xfb/0x260 [ 19.565896] kunit_try_run_case+0x1a5/0x480 [ 19.566100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.566372] kthread+0x337/0x6f0 [ 19.566540] ret_from_fork+0x116/0x1d0 [ 19.566718] ret_from_fork_asm+0x1a/0x30 [ 19.566922] [ 19.567016] kfence-#86: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.567016] [ 19.567431] allocated by task 326 on cpu 1 at 19.564538s (0.002890s ago): [ 19.567696] test_alloc+0x2a6/0x10f0 [ 19.567881] test_invalid_addr_free+0xdb/0x260 [ 19.568090] kunit_try_run_case+0x1a5/0x480 [ 19.568280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.568515] kthread+0x337/0x6f0 [ 19.568694] ret_from_fork+0x116/0x1d0 [ 19.568872] ret_from_fork_asm+0x1a/0x30 [ 19.569018] [ 19.569117] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.569446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.569646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.570071] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-invalid-free-in-test_double_free
[ 19.148759] ================================================================== [ 19.149275] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 19.149275] [ 19.149594] Invalid free of 0x(____ptrval____) (in kfence-#82): [ 19.149887] test_double_free+0x1d3/0x260 [ 19.150099] kunit_try_run_case+0x1a5/0x480 [ 19.150314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.150537] kthread+0x337/0x6f0 [ 19.150719] ret_from_fork+0x116/0x1d0 [ 19.150912] ret_from_fork_asm+0x1a/0x30 [ 19.151058] [ 19.151166] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 19.151166] [ 19.151555] allocated by task 320 on cpu 0 at 19.148542s (0.003011s ago): [ 19.151891] test_alloc+0x364/0x10f0 [ 19.152037] test_double_free+0xdb/0x260 [ 19.152261] kunit_try_run_case+0x1a5/0x480 [ 19.152479] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.152699] kthread+0x337/0x6f0 [ 19.152891] ret_from_fork+0x116/0x1d0 [ 19.153045] ret_from_fork_asm+0x1a/0x30 [ 19.153283] [ 19.153363] freed by task 320 on cpu 0 at 19.148627s (0.004733s ago): [ 19.153657] test_double_free+0x1e0/0x260 [ 19.153844] kunit_try_run_case+0x1a5/0x480 [ 19.154014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.154192] kthread+0x337/0x6f0 [ 19.154318] ret_from_fork+0x116/0x1d0 [ 19.154488] ret_from_fork_asm+0x1a/0x30 [ 19.154849] [ 19.154977] CPU: 0 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.155365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.155508] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.155926] ================================================================== [ 19.252631] ================================================================== [ 19.253055] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 19.253055] [ 19.253398] Invalid free of 0x(____ptrval____) (in kfence-#83): [ 19.253790] test_double_free+0x112/0x260 [ 19.253995] kunit_try_run_case+0x1a5/0x480 [ 19.254727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.255268] kthread+0x337/0x6f0 [ 19.255539] ret_from_fork+0x116/0x1d0 [ 19.255808] ret_from_fork_asm+0x1a/0x30 [ 19.256088] [ 19.256192] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 19.256192] [ 19.256689] allocated by task 322 on cpu 0 at 19.252480s (0.004207s ago): [ 19.257149] test_alloc+0x2a6/0x10f0 [ 19.257405] test_double_free+0xdb/0x260 [ 19.257566] kunit_try_run_case+0x1a5/0x480 [ 19.257762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.258019] kthread+0x337/0x6f0 [ 19.258336] ret_from_fork+0x116/0x1d0 [ 19.258666] ret_from_fork_asm+0x1a/0x30 [ 19.258841] [ 19.259017] freed by task 322 on cpu 0 at 19.252535s (0.006478s ago): [ 19.259441] test_double_free+0xfa/0x260 [ 19.259703] kunit_try_run_case+0x1a5/0x480 [ 19.259888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.260295] kthread+0x337/0x6f0 [ 19.260527] ret_from_fork+0x116/0x1d0 [ 19.260693] ret_from_fork_asm+0x1a/0x30 [ 19.260904] [ 19.261252] CPU: 0 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 19.261723] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.261928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.262452] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 18.836691] ================================================================== [ 18.837127] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 18.837127] [ 18.837600] Use-after-free read at 0x(____ptrval____) (in kfence-#79): [ 18.837877] test_use_after_free_read+0x129/0x270 [ 18.838105] kunit_try_run_case+0x1a5/0x480 [ 18.838323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.838544] kthread+0x337/0x6f0 [ 18.838706] ret_from_fork+0x116/0x1d0 [ 18.838908] ret_from_fork_asm+0x1a/0x30 [ 18.839090] [ 18.839177] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.839177] [ 18.839548] allocated by task 314 on cpu 1 at 18.836548s (0.002998s ago): [ 18.839840] test_alloc+0x2a6/0x10f0 [ 18.840031] test_use_after_free_read+0xdc/0x270 [ 18.840269] kunit_try_run_case+0x1a5/0x480 [ 18.840458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.840674] kthread+0x337/0x6f0 [ 18.840799] ret_from_fork+0x116/0x1d0 [ 18.840951] ret_from_fork_asm+0x1a/0x30 [ 18.841113] [ 18.841212] freed by task 314 on cpu 1 at 18.836611s (0.004597s ago): [ 18.841647] test_use_after_free_read+0xfb/0x270 [ 18.841839] kunit_try_run_case+0x1a5/0x480 [ 18.841988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.842322] kthread+0x337/0x6f0 [ 18.842498] ret_from_fork+0x116/0x1d0 [ 18.842695] ret_from_fork_asm+0x1a/0x30 [ 18.842911] [ 18.843036] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.843610] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.843773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.844173] ================================================================== [ 18.732675] ================================================================== [ 18.733178] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 18.733178] [ 18.733651] Use-after-free read at 0x(____ptrval____) (in kfence-#78): [ 18.733957] test_use_after_free_read+0x129/0x270 [ 18.734153] kunit_try_run_case+0x1a5/0x480 [ 18.734369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.734620] kthread+0x337/0x6f0 [ 18.734829] ret_from_fork+0x116/0x1d0 [ 18.734970] ret_from_fork_asm+0x1a/0x30 [ 18.735248] [ 18.735352] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.735352] [ 18.735801] allocated by task 312 on cpu 0 at 18.732456s (0.003343s ago): [ 18.736118] test_alloc+0x364/0x10f0 [ 18.736295] test_use_after_free_read+0xdc/0x270 [ 18.736496] kunit_try_run_case+0x1a5/0x480 [ 18.736709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.736978] kthread+0x337/0x6f0 [ 18.737170] ret_from_fork+0x116/0x1d0 [ 18.737353] ret_from_fork_asm+0x1a/0x30 [ 18.737524] [ 18.737634] freed by task 312 on cpu 0 at 18.732529s (0.005100s ago): [ 18.737966] test_use_after_free_read+0x1e7/0x270 [ 18.738206] kunit_try_run_case+0x1a5/0x480 [ 18.738421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.738672] kthread+0x337/0x6f0 [ 18.738853] ret_from_fork+0x116/0x1d0 [ 18.739039] ret_from_fork_asm+0x1a/0x30 [ 18.739181] [ 18.739280] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.740446] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.740665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.741020] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 18.316647] ================================================================== [ 18.317083] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 18.317083] [ 18.317557] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#74): [ 18.317900] test_out_of_bounds_write+0x10d/0x260 [ 18.318125] kunit_try_run_case+0x1a5/0x480 [ 18.318594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.318813] kthread+0x337/0x6f0 [ 18.318987] ret_from_fork+0x116/0x1d0 [ 18.319157] ret_from_fork_asm+0x1a/0x30 [ 18.319382] [ 18.319478] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.319478] [ 18.319844] allocated by task 308 on cpu 0 at 18.316516s (0.003326s ago): [ 18.320122] test_alloc+0x364/0x10f0 [ 18.321268] test_out_of_bounds_write+0xd4/0x260 [ 18.321507] kunit_try_run_case+0x1a5/0x480 [ 18.321798] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.322152] kthread+0x337/0x6f0 [ 18.322416] ret_from_fork+0x116/0x1d0 [ 18.322717] ret_from_fork_asm+0x1a/0x30 [ 18.322951] [ 18.323075] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.323635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.323874] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.324218] ================================================================== [ 18.628568] ================================================================== [ 18.628991] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 18.628991] [ 18.629443] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#77): [ 18.629791] test_out_of_bounds_write+0x10d/0x260 [ 18.629974] kunit_try_run_case+0x1a5/0x480 [ 18.630189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.630447] kthread+0x337/0x6f0 [ 18.630576] ret_from_fork+0x116/0x1d0 [ 18.630907] ret_from_fork_asm+0x1a/0x30 [ 18.631115] [ 18.631261] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.631261] [ 18.631534] allocated by task 310 on cpu 0 at 18.628509s (0.003021s ago): [ 18.631978] test_alloc+0x2a6/0x10f0 [ 18.632513] test_out_of_bounds_write+0xd4/0x260 [ 18.632704] kunit_try_run_case+0x1a5/0x480 [ 18.632888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.633529] kthread+0x337/0x6f0 [ 18.633733] ret_from_fork+0x116/0x1d0 [ 18.633929] ret_from_fork_asm+0x1a/0x30 [ 18.634289] [ 18.634408] CPU: 0 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 18.634839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.635009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.635373] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 17.276684] ================================================================== [ 17.277116] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 17.277116] [ 17.277533] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#64): [ 17.277896] test_out_of_bounds_read+0x216/0x4e0 [ 17.278097] kunit_try_run_case+0x1a5/0x480 [ 17.278330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.278580] kthread+0x337/0x6f0 [ 17.278710] ret_from_fork+0x116/0x1d0 [ 17.278914] ret_from_fork_asm+0x1a/0x30 [ 17.279095] [ 17.279195] kfence-#64: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.279195] [ 17.279569] allocated by task 304 on cpu 0 at 17.276506s (0.003061s ago): [ 17.279855] test_alloc+0x364/0x10f0 [ 17.279990] test_out_of_bounds_read+0x1e2/0x4e0 [ 17.280154] kunit_try_run_case+0x1a5/0x480 [ 17.280507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.280889] kthread+0x337/0x6f0 [ 17.281015] ret_from_fork+0x116/0x1d0 [ 17.281151] ret_from_fork_asm+0x1a/0x30 [ 17.281422] [ 17.281546] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.282035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.282323] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.282596] ================================================================== [ 17.692585] ================================================================== [ 17.693008] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 17.693008] [ 17.693498] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#68): [ 17.693850] test_out_of_bounds_read+0x126/0x4e0 [ 17.694029] kunit_try_run_case+0x1a5/0x480 [ 17.694232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.694551] kthread+0x337/0x6f0 [ 17.694683] ret_from_fork+0x116/0x1d0 [ 17.694863] ret_from_fork_asm+0x1a/0x30 [ 17.695068] [ 17.695190] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.695190] [ 17.695621] allocated by task 306 on cpu 1 at 17.692521s (0.003098s ago): [ 17.696028] test_alloc+0x2a6/0x10f0 [ 17.696237] test_out_of_bounds_read+0xed/0x4e0 [ 17.696465] kunit_try_run_case+0x1a5/0x480 [ 17.696675] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.696869] kthread+0x337/0x6f0 [ 17.697025] ret_from_fork+0x116/0x1d0 [ 17.697335] ret_from_fork_asm+0x1a/0x30 [ 17.697541] [ 17.697687] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.698163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.698375] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.698787] ================================================================== [ 16.861498] ================================================================== [ 16.862130] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.862130] [ 16.862591] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#60): [ 16.862894] test_out_of_bounds_read+0x126/0x4e0 [ 16.863131] kunit_try_run_case+0x1a5/0x480 [ 16.863328] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.863898] kthread+0x337/0x6f0 [ 16.864070] ret_from_fork+0x116/0x1d0 [ 16.864252] ret_from_fork_asm+0x1a/0x30 [ 16.864441] [ 16.864539] kfence-#60: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.864539] [ 16.864938] allocated by task 304 on cpu 0 at 16.860542s (0.004394s ago): [ 16.865898] test_alloc+0x364/0x10f0 [ 16.866184] test_out_of_bounds_read+0xed/0x4e0 [ 16.866377] kunit_try_run_case+0x1a5/0x480 [ 16.866573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.866839] kthread+0x337/0x6f0 [ 16.867017] ret_from_fork+0x116/0x1d0 [ 16.867152] ret_from_fork_asm+0x1a/0x30 [ 16.867370] [ 16.867537] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.867924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.868129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.868767] ================================================================== [ 17.900577] ================================================================== [ 17.900999] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 17.900999] [ 17.901450] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#70): [ 17.901795] test_out_of_bounds_read+0x216/0x4e0 [ 17.902021] kunit_try_run_case+0x1a5/0x480 [ 17.902287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.902467] kthread+0x337/0x6f0 [ 17.902593] ret_from_fork+0x116/0x1d0 [ 17.902726] ret_from_fork_asm+0x1a/0x30 [ 17.902942] [ 17.903066] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.903066] [ 17.903508] allocated by task 306 on cpu 1 at 17.900517s (0.002989s ago): [ 17.903884] test_alloc+0x2a6/0x10f0 [ 17.904076] test_out_of_bounds_read+0x1e2/0x4e0 [ 17.904298] kunit_try_run_case+0x1a5/0x480 [ 17.904517] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.904784] kthread+0x337/0x6f0 [ 17.904967] ret_from_fork+0x116/0x1d0 [ 17.905244] ret_from_fork_asm+0x1a/0x30 [ 17.905411] [ 17.905507] CPU: 1 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 17.905918] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.906179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.906574] ==================================================================
Failure - log-parser-boot/kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 12.136500] ================================================================== [ 12.137633] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 12.137633] [ 12.138270] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . ] (in kfence-#30): [ 12.139574] kmalloc_track_caller_oob_right+0x288/0x520 [ 12.139961] kunit_try_run_case+0x1a5/0x480 [ 12.140332] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.140724] kthread+0x337/0x6f0 [ 12.141032] ret_from_fork+0x116/0x1d0 [ 12.141342] ret_from_fork_asm+0x1a/0x30 [ 12.141799] [ 12.142045] kfence-#30: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 12.142045] [ 12.143103] allocated by task 159 on cpu 1 at 12.134843s (0.008033s ago): [ 12.143664] kmalloc_track_caller_oob_right+0x19a/0x520 [ 12.144082] kunit_try_run_case+0x1a5/0x480 [ 12.144500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.144886] kthread+0x337/0x6f0 [ 12.145186] ret_from_fork+0x116/0x1d0 [ 12.145519] ret_from_fork_asm+0x1a/0x30 [ 12.146072] [ 12.146315] freed by task 159 on cpu 1 at 12.136052s (0.010176s ago): [ 12.147135] kmalloc_track_caller_oob_right+0x288/0x520 [ 12.147434] kunit_try_run_case+0x1a5/0x480 [ 12.147764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.148029] kthread+0x337/0x6f0 [ 12.148411] ret_from_fork+0x116/0x1d0 [ 12.148716] ret_from_fork_asm+0x1a/0x30 [ 12.149009] [ 12.149432] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.150010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.150376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.150905] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 16.520137] ================================================================== [ 16.520679] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 16.521225] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.521540] [ 16.521652] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.521741] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.521800] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.521845] Call Trace: [ 16.521859] <TASK> [ 16.521875] dump_stack_lvl+0x73/0xb0 [ 16.521905] print_report+0xd1/0x610 [ 16.521967] ? __virt_addr_valid+0x1db/0x2d0 [ 16.521991] ? strncpy_from_user+0x2e/0x1d0 [ 16.522034] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.522058] ? strncpy_from_user+0x2e/0x1d0 [ 16.522082] kasan_report+0x141/0x180 [ 16.522118] ? strncpy_from_user+0x2e/0x1d0 [ 16.522147] kasan_check_range+0x10c/0x1c0 [ 16.522171] __kasan_check_write+0x18/0x20 [ 16.522191] strncpy_from_user+0x2e/0x1d0 [ 16.522214] ? __kasan_check_read+0x15/0x20 [ 16.522279] copy_user_test_oob+0x760/0x10f0 [ 16.522343] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.522368] ? finish_task_switch.isra.0+0x153/0x700 [ 16.522392] ? __switch_to+0x47/0xf50 [ 16.522418] ? __schedule+0x10c6/0x2b60 [ 16.522441] ? __pfx_read_tsc+0x10/0x10 [ 16.522463] ? ktime_get_ts64+0x86/0x230 [ 16.522488] kunit_try_run_case+0x1a5/0x480 [ 16.522513] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.522537] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.522562] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.522586] ? __kthread_parkme+0x82/0x180 [ 16.522608] ? preempt_count_sub+0x50/0x80 [ 16.522632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.522657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.522681] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.522706] kthread+0x337/0x6f0 [ 16.522726] ? trace_preempt_on+0x20/0xc0 [ 16.522751] ? __pfx_kthread+0x10/0x10 [ 16.522772] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.522794] ? calculate_sigpending+0x7b/0xa0 [ 16.522832] ? __pfx_kthread+0x10/0x10 [ 16.522854] ret_from_fork+0x116/0x1d0 [ 16.522873] ? __pfx_kthread+0x10/0x10 [ 16.522894] ret_from_fork_asm+0x1a/0x30 [ 16.522924] </TASK> [ 16.522936] [ 16.532687] Allocated by task 302: [ 16.532890] kasan_save_stack+0x45/0x70 [ 16.533096] kasan_save_track+0x18/0x40 [ 16.533263] kasan_save_alloc_info+0x3b/0x50 [ 16.533417] __kasan_kmalloc+0xb7/0xc0 [ 16.533610] __kmalloc_noprof+0x1c9/0x500 [ 16.533825] kunit_kmalloc_array+0x25/0x60 [ 16.534033] copy_user_test_oob+0xab/0x10f0 [ 16.534437] kunit_try_run_case+0x1a5/0x480 [ 16.534739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.535003] kthread+0x337/0x6f0 [ 16.535242] ret_from_fork+0x116/0x1d0 [ 16.535383] ret_from_fork_asm+0x1a/0x30 [ 16.535526] [ 16.535600] The buggy address belongs to the object at ffff888102b16500 [ 16.535600] which belongs to the cache kmalloc-128 of size 128 [ 16.536330] The buggy address is located 0 bytes inside of [ 16.536330] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.537036] [ 16.537116] The buggy address belongs to the physical page: [ 16.537335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.537870] flags: 0x200000000000000(node=0|zone=2) [ 16.538104] page_type: f5(slab) [ 16.538274] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.539141] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.539498] page dumped because: kasan: bad access detected [ 16.540036] [ 16.540216] Memory state around the buggy address: [ 16.540961] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.541705] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.541947] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.542559] ^ [ 16.543456] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.544269] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.544812] ================================================================== [ 16.545745] ================================================================== [ 16.546230] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 16.547081] Write of size 1 at addr ffff888102b16578 by task kunit_try_catch/302 [ 16.548210] [ 16.548398] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.548486] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.548501] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.548523] Call Trace: [ 16.548553] <TASK> [ 16.548570] dump_stack_lvl+0x73/0xb0 [ 16.548600] print_report+0xd1/0x610 [ 16.548625] ? __virt_addr_valid+0x1db/0x2d0 [ 16.548648] ? strncpy_from_user+0x1a5/0x1d0 [ 16.548672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.548696] ? strncpy_from_user+0x1a5/0x1d0 [ 16.548721] kasan_report+0x141/0x180 [ 16.548744] ? strncpy_from_user+0x1a5/0x1d0 [ 16.548772] __asan_report_store1_noabort+0x1b/0x30 [ 16.548798] strncpy_from_user+0x1a5/0x1d0 [ 16.548836] copy_user_test_oob+0x760/0x10f0 [ 16.548869] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.548893] ? finish_task_switch.isra.0+0x153/0x700 [ 16.548916] ? __switch_to+0x47/0xf50 [ 16.548942] ? __schedule+0x10c6/0x2b60 [ 16.548965] ? __pfx_read_tsc+0x10/0x10 [ 16.548987] ? ktime_get_ts64+0x86/0x230 [ 16.549011] kunit_try_run_case+0x1a5/0x480 [ 16.549037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549060] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.549086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.549129] ? __kthread_parkme+0x82/0x180 [ 16.549150] ? preempt_count_sub+0x50/0x80 [ 16.549174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.549199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.549224] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.549249] kthread+0x337/0x6f0 [ 16.549269] ? trace_preempt_on+0x20/0xc0 [ 16.549293] ? __pfx_kthread+0x10/0x10 [ 16.549315] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.549337] ? calculate_sigpending+0x7b/0xa0 [ 16.549361] ? __pfx_kthread+0x10/0x10 [ 16.549383] ret_from_fork+0x116/0x1d0 [ 16.549402] ? __pfx_kthread+0x10/0x10 [ 16.549423] ret_from_fork_asm+0x1a/0x30 [ 16.549455] </TASK> [ 16.549466] [ 16.557971] Allocated by task 302: [ 16.558137] kasan_save_stack+0x45/0x70 [ 16.558285] kasan_save_track+0x18/0x40 [ 16.558425] kasan_save_alloc_info+0x3b/0x50 [ 16.558727] __kasan_kmalloc+0xb7/0xc0 [ 16.558938] __kmalloc_noprof+0x1c9/0x500 [ 16.559153] kunit_kmalloc_array+0x25/0x60 [ 16.559361] copy_user_test_oob+0xab/0x10f0 [ 16.559549] kunit_try_run_case+0x1a5/0x480 [ 16.559700] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.559890] kthread+0x337/0x6f0 [ 16.560015] ret_from_fork+0x116/0x1d0 [ 16.560199] ret_from_fork_asm+0x1a/0x30 [ 16.560395] [ 16.560514] The buggy address belongs to the object at ffff888102b16500 [ 16.560514] which belongs to the cache kmalloc-128 of size 128 [ 16.561020] The buggy address is located 0 bytes to the right of [ 16.561020] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.561599] [ 16.561700] The buggy address belongs to the physical page: [ 16.561992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.562450] flags: 0x200000000000000(node=0|zone=2) [ 16.562693] page_type: f5(slab) [ 16.562904] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.563255] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.563497] page dumped because: kasan: bad access detected [ 16.563777] [ 16.563886] Memory state around the buggy address: [ 16.564129] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.564438] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.564737] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.565054] ^ [ 16.565418] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.565733] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.566055] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 16.465850] ================================================================== [ 16.466122] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 16.466405] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.466750] [ 16.466852] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.466896] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.466909] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.466931] Call Trace: [ 16.466947] <TASK> [ 16.466965] dump_stack_lvl+0x73/0xb0 [ 16.466994] print_report+0xd1/0x610 [ 16.467016] ? __virt_addr_valid+0x1db/0x2d0 [ 16.467039] ? copy_user_test_oob+0x557/0x10f0 [ 16.467064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.467087] ? copy_user_test_oob+0x557/0x10f0 [ 16.467112] kasan_report+0x141/0x180 [ 16.467148] ? copy_user_test_oob+0x557/0x10f0 [ 16.467177] kasan_check_range+0x10c/0x1c0 [ 16.467201] __kasan_check_write+0x18/0x20 [ 16.467221] copy_user_test_oob+0x557/0x10f0 [ 16.467247] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.467271] ? finish_task_switch.isra.0+0x153/0x700 [ 16.467294] ? __switch_to+0x47/0xf50 [ 16.467320] ? __schedule+0x10c6/0x2b60 [ 16.467343] ? __pfx_read_tsc+0x10/0x10 [ 16.467365] ? ktime_get_ts64+0x86/0x230 [ 16.467389] kunit_try_run_case+0x1a5/0x480 [ 16.467414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.467438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.467462] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.467487] ? __kthread_parkme+0x82/0x180 [ 16.467509] ? preempt_count_sub+0x50/0x80 [ 16.467533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.467558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.467582] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.467607] kthread+0x337/0x6f0 [ 16.467628] ? trace_preempt_on+0x20/0xc0 [ 16.467651] ? __pfx_kthread+0x10/0x10 [ 16.467673] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.467696] ? calculate_sigpending+0x7b/0xa0 [ 16.467720] ? __pfx_kthread+0x10/0x10 [ 16.467743] ret_from_fork+0x116/0x1d0 [ 16.467762] ? __pfx_kthread+0x10/0x10 [ 16.467783] ret_from_fork_asm+0x1a/0x30 [ 16.467824] </TASK> [ 16.467835] [ 16.475993] Allocated by task 302: [ 16.476238] kasan_save_stack+0x45/0x70 [ 16.476389] kasan_save_track+0x18/0x40 [ 16.476528] kasan_save_alloc_info+0x3b/0x50 [ 16.476683] __kasan_kmalloc+0xb7/0xc0 [ 16.476829] __kmalloc_noprof+0x1c9/0x500 [ 16.476986] kunit_kmalloc_array+0x25/0x60 [ 16.477138] copy_user_test_oob+0xab/0x10f0 [ 16.478240] kunit_try_run_case+0x1a5/0x480 [ 16.478745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.479464] kthread+0x337/0x6f0 [ 16.480039] ret_from_fork+0x116/0x1d0 [ 16.480612] ret_from_fork_asm+0x1a/0x30 [ 16.481480] [ 16.481746] The buggy address belongs to the object at ffff888102b16500 [ 16.481746] which belongs to the cache kmalloc-128 of size 128 [ 16.483464] The buggy address is located 0 bytes inside of [ 16.483464] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.484341] [ 16.484591] The buggy address belongs to the physical page: [ 16.485459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.486057] flags: 0x200000000000000(node=0|zone=2) [ 16.486848] page_type: f5(slab) [ 16.487304] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.487553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.487788] page dumped because: kasan: bad access detected [ 16.488184] [ 16.488308] Memory state around the buggy address: [ 16.488805] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.489155] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.489802] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.490341] ^ [ 16.490828] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.491048] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.491727] ================================================================== [ 16.441662] ================================================================== [ 16.441983] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 16.442341] Read of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.442580] [ 16.442692] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.442735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.442748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.442770] Call Trace: [ 16.442783] <TASK> [ 16.442797] dump_stack_lvl+0x73/0xb0 [ 16.442835] print_report+0xd1/0x610 [ 16.442858] ? __virt_addr_valid+0x1db/0x2d0 [ 16.442881] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.442905] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.442928] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.442953] kasan_report+0x141/0x180 [ 16.442976] ? copy_user_test_oob+0x4aa/0x10f0 [ 16.443005] kasan_check_range+0x10c/0x1c0 [ 16.443030] __kasan_check_read+0x15/0x20 [ 16.443050] copy_user_test_oob+0x4aa/0x10f0 [ 16.443076] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.443099] ? finish_task_switch.isra.0+0x153/0x700 [ 16.443134] ? __switch_to+0x47/0xf50 [ 16.443161] ? __schedule+0x10c6/0x2b60 [ 16.443183] ? __pfx_read_tsc+0x10/0x10 [ 16.443205] ? ktime_get_ts64+0x86/0x230 [ 16.443230] kunit_try_run_case+0x1a5/0x480 [ 16.443255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.443279] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.443303] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.443328] ? __kthread_parkme+0x82/0x180 [ 16.443350] ? preempt_count_sub+0x50/0x80 [ 16.443374] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.443399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.443424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.443449] kthread+0x337/0x6f0 [ 16.443470] ? trace_preempt_on+0x20/0xc0 [ 16.443494] ? __pfx_kthread+0x10/0x10 [ 16.443515] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.443538] ? calculate_sigpending+0x7b/0xa0 [ 16.443562] ? __pfx_kthread+0x10/0x10 [ 16.443585] ret_from_fork+0x116/0x1d0 [ 16.443605] ? __pfx_kthread+0x10/0x10 [ 16.443626] ret_from_fork_asm+0x1a/0x30 [ 16.443657] </TASK> [ 16.443669] [ 16.456982] Allocated by task 302: [ 16.457368] kasan_save_stack+0x45/0x70 [ 16.457728] kasan_save_track+0x18/0x40 [ 16.458106] kasan_save_alloc_info+0x3b/0x50 [ 16.458513] __kasan_kmalloc+0xb7/0xc0 [ 16.458761] __kmalloc_noprof+0x1c9/0x500 [ 16.458915] kunit_kmalloc_array+0x25/0x60 [ 16.459064] copy_user_test_oob+0xab/0x10f0 [ 16.459238] kunit_try_run_case+0x1a5/0x480 [ 16.459387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.459565] kthread+0x337/0x6f0 [ 16.459689] ret_from_fork+0x116/0x1d0 [ 16.459834] ret_from_fork_asm+0x1a/0x30 [ 16.459996] [ 16.460096] The buggy address belongs to the object at ffff888102b16500 [ 16.460096] which belongs to the cache kmalloc-128 of size 128 [ 16.460575] The buggy address is located 0 bytes inside of [ 16.460575] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.461065] [ 16.461184] The buggy address belongs to the physical page: [ 16.461402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.461691] flags: 0x200000000000000(node=0|zone=2) [ 16.461873] page_type: f5(slab) [ 16.462035] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.462396] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.462681] page dumped because: kasan: bad access detected [ 16.462955] [ 16.463053] Memory state around the buggy address: [ 16.463467] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.463753] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.464016] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.464360] ^ [ 16.464739] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.465044] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.465357] ================================================================== [ 16.492805] ================================================================== [ 16.493499] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 16.493741] Read of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.493987] [ 16.494105] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.494152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.494166] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.494188] Call Trace: [ 16.494241] <TASK> [ 16.494258] dump_stack_lvl+0x73/0xb0 [ 16.494300] print_report+0xd1/0x610 [ 16.494324] ? __virt_addr_valid+0x1db/0x2d0 [ 16.494346] ? copy_user_test_oob+0x604/0x10f0 [ 16.494385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.494408] ? copy_user_test_oob+0x604/0x10f0 [ 16.494432] kasan_report+0x141/0x180 [ 16.494456] ? copy_user_test_oob+0x604/0x10f0 [ 16.494485] kasan_check_range+0x10c/0x1c0 [ 16.494510] __kasan_check_read+0x15/0x20 [ 16.494530] copy_user_test_oob+0x604/0x10f0 [ 16.494557] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.494580] ? finish_task_switch.isra.0+0x153/0x700 [ 16.494604] ? __switch_to+0x47/0xf50 [ 16.494629] ? __schedule+0x10c6/0x2b60 [ 16.494653] ? __pfx_read_tsc+0x10/0x10 [ 16.494674] ? ktime_get_ts64+0x86/0x230 [ 16.494698] kunit_try_run_case+0x1a5/0x480 [ 16.494723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.494747] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.494771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.494796] ? __kthread_parkme+0x82/0x180 [ 16.494852] ? preempt_count_sub+0x50/0x80 [ 16.494876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.494901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.494936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.494961] kthread+0x337/0x6f0 [ 16.494982] ? trace_preempt_on+0x20/0xc0 [ 16.495005] ? __pfx_kthread+0x10/0x10 [ 16.495027] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.495050] ? calculate_sigpending+0x7b/0xa0 [ 16.495080] ? __pfx_kthread+0x10/0x10 [ 16.495116] ret_from_fork+0x116/0x1d0 [ 16.495136] ? __pfx_kthread+0x10/0x10 [ 16.495156] ret_from_fork_asm+0x1a/0x30 [ 16.495188] </TASK> [ 16.495199] [ 16.508523] Allocated by task 302: [ 16.508903] kasan_save_stack+0x45/0x70 [ 16.509205] kasan_save_track+0x18/0x40 [ 16.509494] kasan_save_alloc_info+0x3b/0x50 [ 16.509652] __kasan_kmalloc+0xb7/0xc0 [ 16.509788] __kmalloc_noprof+0x1c9/0x500 [ 16.509938] kunit_kmalloc_array+0x25/0x60 [ 16.510081] copy_user_test_oob+0xab/0x10f0 [ 16.510537] kunit_try_run_case+0x1a5/0x480 [ 16.510966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.511450] kthread+0x337/0x6f0 [ 16.511787] ret_from_fork+0x116/0x1d0 [ 16.512188] ret_from_fork_asm+0x1a/0x30 [ 16.512641] [ 16.512904] The buggy address belongs to the object at ffff888102b16500 [ 16.512904] which belongs to the cache kmalloc-128 of size 128 [ 16.514250] The buggy address is located 0 bytes inside of [ 16.514250] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.514616] [ 16.514691] The buggy address belongs to the physical page: [ 16.514883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.515203] flags: 0x200000000000000(node=0|zone=2) [ 16.515484] page_type: f5(slab) [ 16.515662] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.515985] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.516709] page dumped because: kasan: bad access detected [ 16.517000] [ 16.517081] Memory state around the buggy address: [ 16.517405] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.517734] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.518053] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.518310] ^ [ 16.518631] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.518941] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.519507] ================================================================== [ 16.424315] ================================================================== [ 16.424657] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 16.424970] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.425316] [ 16.425438] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.425484] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.425497] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.425519] Call Trace: [ 16.425533] <TASK> [ 16.425549] dump_stack_lvl+0x73/0xb0 [ 16.425579] print_report+0xd1/0x610 [ 16.425602] ? __virt_addr_valid+0x1db/0x2d0 [ 16.425627] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.425651] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.425675] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.425701] kasan_report+0x141/0x180 [ 16.425725] ? copy_user_test_oob+0x3fd/0x10f0 [ 16.425755] kasan_check_range+0x10c/0x1c0 [ 16.425780] __kasan_check_write+0x18/0x20 [ 16.425800] copy_user_test_oob+0x3fd/0x10f0 [ 16.425838] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.425862] ? finish_task_switch.isra.0+0x153/0x700 [ 16.425886] ? __switch_to+0x47/0xf50 [ 16.425913] ? __schedule+0x10c6/0x2b60 [ 16.425937] ? __pfx_read_tsc+0x10/0x10 [ 16.425959] ? ktime_get_ts64+0x86/0x230 [ 16.425984] kunit_try_run_case+0x1a5/0x480 [ 16.426010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426034] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.426059] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.426084] ? __kthread_parkme+0x82/0x180 [ 16.426115] ? preempt_count_sub+0x50/0x80 [ 16.426140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.426165] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.426190] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.426216] kthread+0x337/0x6f0 [ 16.426236] ? trace_preempt_on+0x20/0xc0 [ 16.426261] ? __pfx_kthread+0x10/0x10 [ 16.426283] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.426306] ? calculate_sigpending+0x7b/0xa0 [ 16.426330] ? __pfx_kthread+0x10/0x10 [ 16.426353] ret_from_fork+0x116/0x1d0 [ 16.426373] ? __pfx_kthread+0x10/0x10 [ 16.426395] ret_from_fork_asm+0x1a/0x30 [ 16.426426] </TASK> [ 16.426438] [ 16.433664] Allocated by task 302: [ 16.433841] kasan_save_stack+0x45/0x70 [ 16.434024] kasan_save_track+0x18/0x40 [ 16.434233] kasan_save_alloc_info+0x3b/0x50 [ 16.434427] __kasan_kmalloc+0xb7/0xc0 [ 16.434597] __kmalloc_noprof+0x1c9/0x500 [ 16.434771] kunit_kmalloc_array+0x25/0x60 [ 16.434976] copy_user_test_oob+0xab/0x10f0 [ 16.435204] kunit_try_run_case+0x1a5/0x480 [ 16.435389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.435599] kthread+0x337/0x6f0 [ 16.435760] ret_from_fork+0x116/0x1d0 [ 16.435948] ret_from_fork_asm+0x1a/0x30 [ 16.436106] [ 16.436207] The buggy address belongs to the object at ffff888102b16500 [ 16.436207] which belongs to the cache kmalloc-128 of size 128 [ 16.436686] The buggy address is located 0 bytes inside of [ 16.436686] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.437124] [ 16.437220] The buggy address belongs to the physical page: [ 16.437459] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.437747] flags: 0x200000000000000(node=0|zone=2) [ 16.437996] page_type: f5(slab) [ 16.438160] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.438463] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.438769] page dumped because: kasan: bad access detected [ 16.439008] [ 16.439093] Memory state around the buggy address: [ 16.439287] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.439557] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.439777] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.440004] ^ [ 16.440295] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.440878] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.441112] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 16.402714] ================================================================== [ 16.403036] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 16.403310] Read of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.403640] [ 16.403739] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.403785] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.403799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.403834] Call Trace: [ 16.403852] <TASK> [ 16.403869] dump_stack_lvl+0x73/0xb0 [ 16.403897] print_report+0xd1/0x610 [ 16.403921] ? __virt_addr_valid+0x1db/0x2d0 [ 16.403944] ? _copy_to_user+0x3c/0x70 [ 16.403964] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.403987] ? _copy_to_user+0x3c/0x70 [ 16.404008] kasan_report+0x141/0x180 [ 16.404031] ? _copy_to_user+0x3c/0x70 [ 16.404055] kasan_check_range+0x10c/0x1c0 [ 16.404079] __kasan_check_read+0x15/0x20 [ 16.404112] _copy_to_user+0x3c/0x70 [ 16.404133] copy_user_test_oob+0x364/0x10f0 [ 16.404161] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.404184] ? finish_task_switch.isra.0+0x153/0x700 [ 16.404207] ? __switch_to+0x47/0xf50 [ 16.404232] ? __schedule+0x10c6/0x2b60 [ 16.404256] ? __pfx_read_tsc+0x10/0x10 [ 16.404277] ? ktime_get_ts64+0x86/0x230 [ 16.404302] kunit_try_run_case+0x1a5/0x480 [ 16.404326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.404350] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.404375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.404399] ? __kthread_parkme+0x82/0x180 [ 16.404421] ? preempt_count_sub+0x50/0x80 [ 16.404445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.404471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.404496] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.404522] kthread+0x337/0x6f0 [ 16.404544] ? trace_preempt_on+0x20/0xc0 [ 16.404570] ? __pfx_kthread+0x10/0x10 [ 16.404593] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.404618] ? calculate_sigpending+0x7b/0xa0 [ 16.404645] ? __pfx_kthread+0x10/0x10 [ 16.404669] ret_from_fork+0x116/0x1d0 [ 16.404688] ? __pfx_kthread+0x10/0x10 [ 16.404711] ret_from_fork_asm+0x1a/0x30 [ 16.404743] </TASK> [ 16.404754] [ 16.412120] Allocated by task 302: [ 16.412278] kasan_save_stack+0x45/0x70 [ 16.412425] kasan_save_track+0x18/0x40 [ 16.412564] kasan_save_alloc_info+0x3b/0x50 [ 16.412715] __kasan_kmalloc+0xb7/0xc0 [ 16.412914] __kmalloc_noprof+0x1c9/0x500 [ 16.413111] kunit_kmalloc_array+0x25/0x60 [ 16.413363] copy_user_test_oob+0xab/0x10f0 [ 16.413557] kunit_try_run_case+0x1a5/0x480 [ 16.413706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.413895] kthread+0x337/0x6f0 [ 16.414028] ret_from_fork+0x116/0x1d0 [ 16.414383] ret_from_fork_asm+0x1a/0x30 [ 16.414584] [ 16.414682] The buggy address belongs to the object at ffff888102b16500 [ 16.414682] which belongs to the cache kmalloc-128 of size 128 [ 16.415234] The buggy address is located 0 bytes inside of [ 16.415234] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.415595] [ 16.415670] The buggy address belongs to the physical page: [ 16.415861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.416209] flags: 0x200000000000000(node=0|zone=2) [ 16.416660] page_type: f5(slab) [ 16.416839] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.417186] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.417417] page dumped because: kasan: bad access detected [ 16.417593] [ 16.417664] Memory state around the buggy address: [ 16.418102] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.418428] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.418746] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.419073] ^ [ 16.419362] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.419636] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.419929] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 16.379025] ================================================================== [ 16.379725] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 16.380038] Write of size 121 at addr ffff888102b16500 by task kunit_try_catch/302 [ 16.380787] [ 16.381043] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.381209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.381226] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.381251] Call Trace: [ 16.381265] <TASK> [ 16.381286] dump_stack_lvl+0x73/0xb0 [ 16.381327] print_report+0xd1/0x610 [ 16.381351] ? __virt_addr_valid+0x1db/0x2d0 [ 16.381376] ? _copy_from_user+0x32/0x90 [ 16.381396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.381419] ? _copy_from_user+0x32/0x90 [ 16.381440] kasan_report+0x141/0x180 [ 16.381464] ? _copy_from_user+0x32/0x90 [ 16.381489] kasan_check_range+0x10c/0x1c0 [ 16.381515] __kasan_check_write+0x18/0x20 [ 16.381535] _copy_from_user+0x32/0x90 [ 16.381557] copy_user_test_oob+0x2be/0x10f0 [ 16.381584] ? __pfx_copy_user_test_oob+0x10/0x10 [ 16.381607] ? finish_task_switch.isra.0+0x153/0x700 [ 16.381631] ? __switch_to+0x47/0xf50 [ 16.381659] ? __schedule+0x10c6/0x2b60 [ 16.381683] ? __pfx_read_tsc+0x10/0x10 [ 16.381704] ? ktime_get_ts64+0x86/0x230 [ 16.381730] kunit_try_run_case+0x1a5/0x480 [ 16.381755] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.381779] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.381803] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.381837] ? __kthread_parkme+0x82/0x180 [ 16.381860] ? preempt_count_sub+0x50/0x80 [ 16.381884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.381909] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.381934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.381959] kthread+0x337/0x6f0 [ 16.381980] ? trace_preempt_on+0x20/0xc0 [ 16.382004] ? __pfx_kthread+0x10/0x10 [ 16.382025] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.382048] ? calculate_sigpending+0x7b/0xa0 [ 16.382074] ? __pfx_kthread+0x10/0x10 [ 16.382104] ret_from_fork+0x116/0x1d0 [ 16.382126] ? __pfx_kthread+0x10/0x10 [ 16.382148] ret_from_fork_asm+0x1a/0x30 [ 16.382179] </TASK> [ 16.382193] [ 16.391654] Allocated by task 302: [ 16.391828] kasan_save_stack+0x45/0x70 [ 16.392000] kasan_save_track+0x18/0x40 [ 16.392157] kasan_save_alloc_info+0x3b/0x50 [ 16.392424] __kasan_kmalloc+0xb7/0xc0 [ 16.392592] __kmalloc_noprof+0x1c9/0x500 [ 16.392778] kunit_kmalloc_array+0x25/0x60 [ 16.392964] copy_user_test_oob+0xab/0x10f0 [ 16.393234] kunit_try_run_case+0x1a5/0x480 [ 16.393454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.393671] kthread+0x337/0x6f0 [ 16.393841] ret_from_fork+0x116/0x1d0 [ 16.394003] ret_from_fork_asm+0x1a/0x30 [ 16.394231] [ 16.394307] The buggy address belongs to the object at ffff888102b16500 [ 16.394307] which belongs to the cache kmalloc-128 of size 128 [ 16.394666] The buggy address is located 0 bytes inside of [ 16.394666] allocated 120-byte region [ffff888102b16500, ffff888102b16578) [ 16.395349] [ 16.395450] The buggy address belongs to the physical page: [ 16.395652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.395950] flags: 0x200000000000000(node=0|zone=2) [ 16.396321] page_type: f5(slab) [ 16.396488] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.396751] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.397132] page dumped because: kasan: bad access detected [ 16.397353] [ 16.397453] Memory state around the buggy address: [ 16.397664] ffff888102b16400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.397926] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.398336] >ffff888102b16500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.398620] ^ [ 16.398916] ffff888102b16580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.399245] ffff888102b16600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.399547] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 16.325936] ================================================================== [ 16.327189] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 16.327723] Read of size 8 at addr ffff888102b16478 by task kunit_try_catch/298 [ 16.328019] [ 16.328204] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.328255] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.328269] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.328293] Call Trace: [ 16.328306] <TASK> [ 16.328325] dump_stack_lvl+0x73/0xb0 [ 16.328356] print_report+0xd1/0x610 [ 16.328382] ? __virt_addr_valid+0x1db/0x2d0 [ 16.328407] ? copy_to_kernel_nofault+0x225/0x260 [ 16.328432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.328456] ? copy_to_kernel_nofault+0x225/0x260 [ 16.328481] kasan_report+0x141/0x180 [ 16.328505] ? copy_to_kernel_nofault+0x225/0x260 [ 16.328535] __asan_report_load8_noabort+0x18/0x20 [ 16.328561] copy_to_kernel_nofault+0x225/0x260 [ 16.328587] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 16.328612] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.328636] ? finish_task_switch.isra.0+0x153/0x700 [ 16.328660] ? __schedule+0x10c6/0x2b60 [ 16.328684] ? trace_hardirqs_on+0x37/0xe0 [ 16.328716] ? __pfx_read_tsc+0x10/0x10 [ 16.328739] ? ktime_get_ts64+0x86/0x230 [ 16.328764] kunit_try_run_case+0x1a5/0x480 [ 16.328792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.328826] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.328858] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.328883] ? __kthread_parkme+0x82/0x180 [ 16.328905] ? preempt_count_sub+0x50/0x80 [ 16.328929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.328955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.328979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.329005] kthread+0x337/0x6f0 [ 16.329025] ? trace_preempt_on+0x20/0xc0 [ 16.329049] ? __pfx_kthread+0x10/0x10 [ 16.329071] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.329093] ? calculate_sigpending+0x7b/0xa0 [ 16.329119] ? __pfx_kthread+0x10/0x10 [ 16.329154] ret_from_fork+0x116/0x1d0 [ 16.329174] ? __pfx_kthread+0x10/0x10 [ 16.329196] ret_from_fork_asm+0x1a/0x30 [ 16.329235] </TASK> [ 16.329247] [ 16.339114] Allocated by task 298: [ 16.339249] kasan_save_stack+0x45/0x70 [ 16.339396] kasan_save_track+0x18/0x40 [ 16.339535] kasan_save_alloc_info+0x3b/0x50 [ 16.339701] __kasan_kmalloc+0xb7/0xc0 [ 16.339901] __kmalloc_cache_noprof+0x189/0x420 [ 16.340158] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.340396] kunit_try_run_case+0x1a5/0x480 [ 16.340573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.340752] kthread+0x337/0x6f0 [ 16.340894] ret_from_fork+0x116/0x1d0 [ 16.341030] ret_from_fork_asm+0x1a/0x30 [ 16.341394] [ 16.341491] The buggy address belongs to the object at ffff888102b16400 [ 16.341491] which belongs to the cache kmalloc-128 of size 128 [ 16.342045] The buggy address is located 0 bytes to the right of [ 16.342045] allocated 120-byte region [ffff888102b16400, ffff888102b16478) [ 16.342562] [ 16.342662] The buggy address belongs to the physical page: [ 16.342968] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.343347] flags: 0x200000000000000(node=0|zone=2) [ 16.343570] page_type: f5(slab) [ 16.343710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.344004] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.344599] page dumped because: kasan: bad access detected [ 16.344829] [ 16.344934] Memory state around the buggy address: [ 16.345141] ffff888102b16300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.345361] ffff888102b16380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.345581] >ffff888102b16400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.345798] ^ [ 16.346325] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.346600] ffff888102b16500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.346824] ================================================================== [ 16.347429] ================================================================== [ 16.347783] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 16.348225] Write of size 8 at addr ffff888102b16478 by task kunit_try_catch/298 [ 16.348564] [ 16.348675] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.348717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.348730] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.348753] Call Trace: [ 16.348766] <TASK> [ 16.348780] dump_stack_lvl+0x73/0xb0 [ 16.348809] print_report+0xd1/0x610 [ 16.348843] ? __virt_addr_valid+0x1db/0x2d0 [ 16.348871] ? copy_to_kernel_nofault+0x99/0x260 [ 16.348896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.348919] ? copy_to_kernel_nofault+0x99/0x260 [ 16.348943] kasan_report+0x141/0x180 [ 16.348966] ? copy_to_kernel_nofault+0x99/0x260 [ 16.348995] kasan_check_range+0x10c/0x1c0 [ 16.349020] __kasan_check_write+0x18/0x20 [ 16.349040] copy_to_kernel_nofault+0x99/0x260 [ 16.349065] copy_to_kernel_nofault_oob+0x288/0x560 [ 16.349090] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 16.349114] ? finish_task_switch.isra.0+0x153/0x700 [ 16.349138] ? __schedule+0x10c6/0x2b60 [ 16.349160] ? trace_hardirqs_on+0x37/0xe0 [ 16.349191] ? __pfx_read_tsc+0x10/0x10 [ 16.349213] ? ktime_get_ts64+0x86/0x230 [ 16.349238] kunit_try_run_case+0x1a5/0x480 [ 16.349262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.349286] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.349311] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.349335] ? __kthread_parkme+0x82/0x180 [ 16.349356] ? preempt_count_sub+0x50/0x80 [ 16.349380] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.349406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.349447] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.349472] kthread+0x337/0x6f0 [ 16.349493] ? trace_preempt_on+0x20/0xc0 [ 16.349516] ? __pfx_kthread+0x10/0x10 [ 16.349538] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.349560] ? calculate_sigpending+0x7b/0xa0 [ 16.349584] ? __pfx_kthread+0x10/0x10 [ 16.349607] ret_from_fork+0x116/0x1d0 [ 16.349626] ? __pfx_kthread+0x10/0x10 [ 16.349648] ret_from_fork_asm+0x1a/0x30 [ 16.349679] </TASK> [ 16.349691] [ 16.357063] Allocated by task 298: [ 16.357194] kasan_save_stack+0x45/0x70 [ 16.357340] kasan_save_track+0x18/0x40 [ 16.357688] kasan_save_alloc_info+0x3b/0x50 [ 16.357914] __kasan_kmalloc+0xb7/0xc0 [ 16.358116] __kmalloc_cache_noprof+0x189/0x420 [ 16.358342] copy_to_kernel_nofault_oob+0x12f/0x560 [ 16.358584] kunit_try_run_case+0x1a5/0x480 [ 16.358954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.359211] kthread+0x337/0x6f0 [ 16.359381] ret_from_fork+0x116/0x1d0 [ 16.359515] ret_from_fork_asm+0x1a/0x30 [ 16.359709] [ 16.359882] The buggy address belongs to the object at ffff888102b16400 [ 16.359882] which belongs to the cache kmalloc-128 of size 128 [ 16.360476] The buggy address is located 0 bytes to the right of [ 16.360476] allocated 120-byte region [ffff888102b16400, ffff888102b16478) [ 16.361061] [ 16.361160] The buggy address belongs to the physical page: [ 16.361425] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 16.361759] flags: 0x200000000000000(node=0|zone=2) [ 16.362057] page_type: f5(slab) [ 16.362209] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 16.362526] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 16.362782] page dumped because: kasan: bad access detected [ 16.363234] [ 16.363333] Memory state around the buggy address: [ 16.363563] ffff888102b16300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 16.363845] ffff888102b16380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.364066] >ffff888102b16400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 16.364285] ^ [ 16.364501] ffff888102b16480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.364723] ffff888102b16500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.365068] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 15.649297] ================================================================== [ 15.649576] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 15.650289] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.650972] [ 15.651178] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.651225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.651248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.651271] Call Trace: [ 15.651290] <TASK> [ 15.651318] dump_stack_lvl+0x73/0xb0 [ 15.651347] print_report+0xd1/0x610 [ 15.651369] ? __virt_addr_valid+0x1db/0x2d0 [ 15.651393] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.651414] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.651437] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.651469] kasan_report+0x141/0x180 [ 15.651492] ? kasan_atomics_helper+0x13b5/0x5450 [ 15.651519] kasan_check_range+0x10c/0x1c0 [ 15.651553] __kasan_check_read+0x15/0x20 [ 15.651573] kasan_atomics_helper+0x13b5/0x5450 [ 15.651597] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.651621] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.651647] ? kasan_atomics+0x152/0x310 [ 15.651674] kasan_atomics+0x1dc/0x310 [ 15.651698] ? __pfx_kasan_atomics+0x10/0x10 [ 15.651723] ? __pfx_read_tsc+0x10/0x10 [ 15.651744] ? ktime_get_ts64+0x86/0x230 [ 15.651768] kunit_try_run_case+0x1a5/0x480 [ 15.651794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.651836] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.651861] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.651886] ? __kthread_parkme+0x82/0x180 [ 15.651917] ? preempt_count_sub+0x50/0x80 [ 15.651941] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.651967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.651991] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.652025] kthread+0x337/0x6f0 [ 15.652046] ? trace_preempt_on+0x20/0xc0 [ 15.652069] ? __pfx_kthread+0x10/0x10 [ 15.652111] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.652135] ? calculate_sigpending+0x7b/0xa0 [ 15.652161] ? __pfx_kthread+0x10/0x10 [ 15.652183] ret_from_fork+0x116/0x1d0 [ 15.652204] ? __pfx_kthread+0x10/0x10 [ 15.652225] ret_from_fork_asm+0x1a/0x30 [ 15.652257] </TASK> [ 15.652269] [ 15.659695] Allocated by task 282: [ 15.659885] kasan_save_stack+0x45/0x70 [ 15.660120] kasan_save_track+0x18/0x40 [ 15.660316] kasan_save_alloc_info+0x3b/0x50 [ 15.660530] __kasan_kmalloc+0xb7/0xc0 [ 15.660747] __kmalloc_cache_noprof+0x189/0x420 [ 15.660965] kasan_atomics+0x95/0x310 [ 15.661230] kunit_try_run_case+0x1a5/0x480 [ 15.661417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.661634] kthread+0x337/0x6f0 [ 15.661833] ret_from_fork+0x116/0x1d0 [ 15.662000] ret_from_fork_asm+0x1a/0x30 [ 15.662227] [ 15.662301] The buggy address belongs to the object at ffff8881025e4100 [ 15.662301] which belongs to the cache kmalloc-64 of size 64 [ 15.662783] The buggy address is located 0 bytes to the right of [ 15.662783] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.663333] [ 15.663408] The buggy address belongs to the physical page: [ 15.663583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.663840] flags: 0x200000000000000(node=0|zone=2) [ 15.664007] page_type: f5(slab) [ 15.664129] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.664743] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.665115] page dumped because: kasan: bad access detected [ 15.665369] [ 15.665464] Memory state around the buggy address: [ 15.665622] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.665852] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.666075] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.666392] ^ [ 15.666590] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.667547] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.668343] ================================================================== [ 15.181266] ================================================================== [ 15.181625] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 15.181929] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.182261] [ 15.182372] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.182416] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.182429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.182450] Call Trace: [ 15.182464] <TASK> [ 15.182478] dump_stack_lvl+0x73/0xb0 [ 15.182507] print_report+0xd1/0x610 [ 15.182528] ? __virt_addr_valid+0x1db/0x2d0 [ 15.182551] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.182572] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.182596] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.182618] kasan_report+0x141/0x180 [ 15.182640] ? kasan_atomics_helper+0x7c7/0x5450 [ 15.182666] kasan_check_range+0x10c/0x1c0 [ 15.182690] __kasan_check_write+0x18/0x20 [ 15.182710] kasan_atomics_helper+0x7c7/0x5450 [ 15.182733] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.182755] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.182781] ? kasan_atomics+0x152/0x310 [ 15.182808] kasan_atomics+0x1dc/0x310 [ 15.182842] ? __pfx_kasan_atomics+0x10/0x10 [ 15.182867] ? __pfx_read_tsc+0x10/0x10 [ 15.182888] ? ktime_get_ts64+0x86/0x230 [ 15.182913] kunit_try_run_case+0x1a5/0x480 [ 15.182938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.182961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.182986] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.183010] ? __kthread_parkme+0x82/0x180 [ 15.183031] ? preempt_count_sub+0x50/0x80 [ 15.183056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.183081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.183116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.183141] kthread+0x337/0x6f0 [ 15.183161] ? trace_preempt_on+0x20/0xc0 [ 15.183185] ? __pfx_kthread+0x10/0x10 [ 15.183206] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.183229] ? calculate_sigpending+0x7b/0xa0 [ 15.183254] ? __pfx_kthread+0x10/0x10 [ 15.183276] ret_from_fork+0x116/0x1d0 [ 15.183295] ? __pfx_kthread+0x10/0x10 [ 15.183317] ret_from_fork_asm+0x1a/0x30 [ 15.183347] </TASK> [ 15.183358] [ 15.190642] Allocated by task 282: [ 15.190809] kasan_save_stack+0x45/0x70 [ 15.190993] kasan_save_track+0x18/0x40 [ 15.191235] kasan_save_alloc_info+0x3b/0x50 [ 15.191391] __kasan_kmalloc+0xb7/0xc0 [ 15.191525] __kmalloc_cache_noprof+0x189/0x420 [ 15.191684] kasan_atomics+0x95/0x310 [ 15.191830] kunit_try_run_case+0x1a5/0x480 [ 15.191994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.192220] kthread+0x337/0x6f0 [ 15.192404] ret_from_fork+0x116/0x1d0 [ 15.192591] ret_from_fork_asm+0x1a/0x30 [ 15.192786] [ 15.192901] The buggy address belongs to the object at ffff8881025e4100 [ 15.192901] which belongs to the cache kmalloc-64 of size 64 [ 15.193709] The buggy address is located 0 bytes to the right of [ 15.193709] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.194242] [ 15.194342] The buggy address belongs to the physical page: [ 15.194596] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.194922] flags: 0x200000000000000(node=0|zone=2) [ 15.195152] page_type: f5(slab) [ 15.195277] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.195593] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.195919] page dumped because: kasan: bad access detected [ 15.196196] [ 15.196269] Memory state around the buggy address: [ 15.196492] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.196770] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.197011] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.197581] ^ [ 15.197775] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.198180] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.198487] ================================================================== [ 15.419827] ================================================================== [ 15.420361] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 15.420650] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.420905] [ 15.421017] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.421059] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.421071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.421093] Call Trace: [ 15.421107] <TASK> [ 15.421122] dump_stack_lvl+0x73/0xb0 [ 15.421149] print_report+0xd1/0x610 [ 15.421172] ? __virt_addr_valid+0x1db/0x2d0 [ 15.421194] ? kasan_atomics_helper+0xf10/0x5450 [ 15.421216] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.421239] ? kasan_atomics_helper+0xf10/0x5450 [ 15.421261] kasan_report+0x141/0x180 [ 15.421284] ? kasan_atomics_helper+0xf10/0x5450 [ 15.421309] kasan_check_range+0x10c/0x1c0 [ 15.421333] __kasan_check_write+0x18/0x20 [ 15.421353] kasan_atomics_helper+0xf10/0x5450 [ 15.421378] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.421403] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.421429] ? kasan_atomics+0x152/0x310 [ 15.421455] kasan_atomics+0x1dc/0x310 [ 15.421479] ? __pfx_kasan_atomics+0x10/0x10 [ 15.421504] ? __pfx_read_tsc+0x10/0x10 [ 15.421526] ? ktime_get_ts64+0x86/0x230 [ 15.421551] kunit_try_run_case+0x1a5/0x480 [ 15.421575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.421598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.421622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.421647] ? __kthread_parkme+0x82/0x180 [ 15.421668] ? preempt_count_sub+0x50/0x80 [ 15.421692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.421717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.421741] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.421765] kthread+0x337/0x6f0 [ 15.421785] ? trace_preempt_on+0x20/0xc0 [ 15.421809] ? __pfx_kthread+0x10/0x10 [ 15.421840] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.421862] ? calculate_sigpending+0x7b/0xa0 [ 15.421886] ? __pfx_kthread+0x10/0x10 [ 15.421908] ret_from_fork+0x116/0x1d0 [ 15.421927] ? __pfx_kthread+0x10/0x10 [ 15.421947] ret_from_fork_asm+0x1a/0x30 [ 15.421978] </TASK> [ 15.421990] [ 15.429865] Allocated by task 282: [ 15.430003] kasan_save_stack+0x45/0x70 [ 15.430223] kasan_save_track+0x18/0x40 [ 15.430483] kasan_save_alloc_info+0x3b/0x50 [ 15.430683] __kasan_kmalloc+0xb7/0xc0 [ 15.430856] __kmalloc_cache_noprof+0x189/0x420 [ 15.431047] kasan_atomics+0x95/0x310 [ 15.431323] kunit_try_run_case+0x1a5/0x480 [ 15.431503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.431713] kthread+0x337/0x6f0 [ 15.431884] ret_from_fork+0x116/0x1d0 [ 15.432047] ret_from_fork_asm+0x1a/0x30 [ 15.432359] [ 15.432436] The buggy address belongs to the object at ffff8881025e4100 [ 15.432436] which belongs to the cache kmalloc-64 of size 64 [ 15.432927] The buggy address is located 0 bytes to the right of [ 15.432927] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.433298] [ 15.433372] The buggy address belongs to the physical page: [ 15.433548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.433793] flags: 0x200000000000000(node=0|zone=2) [ 15.433967] page_type: f5(slab) [ 15.434089] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.434325] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.434582] page dumped because: kasan: bad access detected [ 15.434924] [ 15.435019] Memory state around the buggy address: [ 15.435450] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.435768] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.436107] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.436421] ^ [ 15.436581] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.436800] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.437032] ================================================================== [ 15.477444] ================================================================== [ 15.477679] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 15.479043] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.479585] [ 15.479707] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.479754] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.479768] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.479790] Call Trace: [ 15.479808] <TASK> [ 15.479834] dump_stack_lvl+0x73/0xb0 [ 15.479864] print_report+0xd1/0x610 [ 15.479886] ? __virt_addr_valid+0x1db/0x2d0 [ 15.479908] ? kasan_atomics_helper+0x1079/0x5450 [ 15.479931] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.479954] ? kasan_atomics_helper+0x1079/0x5450 [ 15.479976] kasan_report+0x141/0x180 [ 15.479998] ? kasan_atomics_helper+0x1079/0x5450 [ 15.480025] kasan_check_range+0x10c/0x1c0 [ 15.480049] __kasan_check_write+0x18/0x20 [ 15.480070] kasan_atomics_helper+0x1079/0x5450 [ 15.480321] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.480346] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.480373] ? kasan_atomics+0x152/0x310 [ 15.480401] kasan_atomics+0x1dc/0x310 [ 15.480460] ? __pfx_kasan_atomics+0x10/0x10 [ 15.480484] ? __pfx_read_tsc+0x10/0x10 [ 15.480506] ? ktime_get_ts64+0x86/0x230 [ 15.480532] kunit_try_run_case+0x1a5/0x480 [ 15.480558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.480581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.480607] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.480631] ? __kthread_parkme+0x82/0x180 [ 15.480651] ? preempt_count_sub+0x50/0x80 [ 15.480675] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.480701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.480724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.480749] kthread+0x337/0x6f0 [ 15.480769] ? trace_preempt_on+0x20/0xc0 [ 15.480793] ? __pfx_kthread+0x10/0x10 [ 15.480825] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.480853] ? calculate_sigpending+0x7b/0xa0 [ 15.480878] ? __pfx_kthread+0x10/0x10 [ 15.480900] ret_from_fork+0x116/0x1d0 [ 15.480919] ? __pfx_kthread+0x10/0x10 [ 15.480941] ret_from_fork_asm+0x1a/0x30 [ 15.480971] </TASK> [ 15.480982] [ 15.492485] Allocated by task 282: [ 15.492737] kasan_save_stack+0x45/0x70 [ 15.492940] kasan_save_track+0x18/0x40 [ 15.493419] kasan_save_alloc_info+0x3b/0x50 [ 15.493701] __kasan_kmalloc+0xb7/0xc0 [ 15.494024] __kmalloc_cache_noprof+0x189/0x420 [ 15.494565] kasan_atomics+0x95/0x310 [ 15.494805] kunit_try_run_case+0x1a5/0x480 [ 15.495023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.495746] kthread+0x337/0x6f0 [ 15.495986] ret_from_fork+0x116/0x1d0 [ 15.496418] ret_from_fork_asm+0x1a/0x30 [ 15.496614] [ 15.496709] The buggy address belongs to the object at ffff8881025e4100 [ 15.496709] which belongs to the cache kmalloc-64 of size 64 [ 15.497611] The buggy address is located 0 bytes to the right of [ 15.497611] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.498607] [ 15.498708] The buggy address belongs to the physical page: [ 15.498965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.499553] flags: 0x200000000000000(node=0|zone=2) [ 15.500025] page_type: f5(slab) [ 15.500359] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.500688] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.501019] page dumped because: kasan: bad access detected [ 15.501695] [ 15.501791] Memory state around the buggy address: [ 15.502495] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.502935] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.503390] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.503687] ^ [ 15.503908] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.504571] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.505010] ================================================================== [ 16.288261] ================================================================== [ 16.288583] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 16.288954] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.289344] [ 16.289450] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.289529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.289543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.289563] Call Trace: [ 16.289578] <TASK> [ 16.289594] dump_stack_lvl+0x73/0xb0 [ 16.289622] print_report+0xd1/0x610 [ 16.289644] ? __virt_addr_valid+0x1db/0x2d0 [ 16.289713] ? kasan_atomics_helper+0x5115/0x5450 [ 16.289737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.289759] ? kasan_atomics_helper+0x5115/0x5450 [ 16.289782] kasan_report+0x141/0x180 [ 16.289805] ? kasan_atomics_helper+0x5115/0x5450 [ 16.289844] __asan_report_load8_noabort+0x18/0x20 [ 16.289869] kasan_atomics_helper+0x5115/0x5450 [ 16.289893] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.289915] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.289941] ? kasan_atomics+0x152/0x310 [ 16.290000] kasan_atomics+0x1dc/0x310 [ 16.290024] ? __pfx_kasan_atomics+0x10/0x10 [ 16.290049] ? __pfx_read_tsc+0x10/0x10 [ 16.290070] ? ktime_get_ts64+0x86/0x230 [ 16.290116] kunit_try_run_case+0x1a5/0x480 [ 16.290168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.290191] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.290215] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.290240] ? __kthread_parkme+0x82/0x180 [ 16.290261] ? preempt_count_sub+0x50/0x80 [ 16.290285] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.290310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.290334] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.290359] kthread+0x337/0x6f0 [ 16.290380] ? trace_preempt_on+0x20/0xc0 [ 16.290402] ? __pfx_kthread+0x10/0x10 [ 16.290424] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.290446] ? calculate_sigpending+0x7b/0xa0 [ 16.290470] ? __pfx_kthread+0x10/0x10 [ 16.290492] ret_from_fork+0x116/0x1d0 [ 16.290511] ? __pfx_kthread+0x10/0x10 [ 16.290533] ret_from_fork_asm+0x1a/0x30 [ 16.290564] </TASK> [ 16.290574] [ 16.297943] Allocated by task 282: [ 16.298096] kasan_save_stack+0x45/0x70 [ 16.298290] kasan_save_track+0x18/0x40 [ 16.298486] kasan_save_alloc_info+0x3b/0x50 [ 16.298721] __kasan_kmalloc+0xb7/0xc0 [ 16.298919] __kmalloc_cache_noprof+0x189/0x420 [ 16.299179] kasan_atomics+0x95/0x310 [ 16.299376] kunit_try_run_case+0x1a5/0x480 [ 16.299581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.299833] kthread+0x337/0x6f0 [ 16.300012] ret_from_fork+0x116/0x1d0 [ 16.300229] ret_from_fork_asm+0x1a/0x30 [ 16.300416] [ 16.300492] The buggy address belongs to the object at ffff8881025e4100 [ 16.300492] which belongs to the cache kmalloc-64 of size 64 [ 16.301014] The buggy address is located 0 bytes to the right of [ 16.301014] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.301530] [ 16.301632] The buggy address belongs to the physical page: [ 16.301848] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.302097] flags: 0x200000000000000(node=0|zone=2) [ 16.302263] page_type: f5(slab) [ 16.302387] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.302733] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.303157] page dumped because: kasan: bad access detected [ 16.303409] [ 16.303491] Memory state around the buggy address: [ 16.303649] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.303878] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.304122] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.304387] ^ [ 16.304634] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.304995] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.305366] ================================================================== [ 15.944864] ================================================================== [ 15.945603] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 15.946292] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.946682] [ 15.946771] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.946825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.946839] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.946861] Call Trace: [ 15.946878] <TASK> [ 15.946895] dump_stack_lvl+0x73/0xb0 [ 15.946924] print_report+0xd1/0x610 [ 15.946947] ? __virt_addr_valid+0x1db/0x2d0 [ 15.946969] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.946991] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.947014] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.947037] kasan_report+0x141/0x180 [ 15.947060] ? kasan_atomics_helper+0x1a7f/0x5450 [ 15.947094] kasan_check_range+0x10c/0x1c0 [ 15.947119] __kasan_check_write+0x18/0x20 [ 15.947139] kasan_atomics_helper+0x1a7f/0x5450 [ 15.947163] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.947186] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.947211] ? kasan_atomics+0x152/0x310 [ 15.947239] kasan_atomics+0x1dc/0x310 [ 15.947262] ? __pfx_kasan_atomics+0x10/0x10 [ 15.947288] ? __pfx_read_tsc+0x10/0x10 [ 15.947310] ? ktime_get_ts64+0x86/0x230 [ 15.947335] kunit_try_run_case+0x1a5/0x480 [ 15.947360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.947384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.947408] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.947432] ? __kthread_parkme+0x82/0x180 [ 15.947453] ? preempt_count_sub+0x50/0x80 [ 15.947478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.947503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.947527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.947553] kthread+0x337/0x6f0 [ 15.947573] ? trace_preempt_on+0x20/0xc0 [ 15.947596] ? __pfx_kthread+0x10/0x10 [ 15.947617] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.947640] ? calculate_sigpending+0x7b/0xa0 [ 15.947663] ? __pfx_kthread+0x10/0x10 [ 15.947686] ret_from_fork+0x116/0x1d0 [ 15.947705] ? __pfx_kthread+0x10/0x10 [ 15.947727] ret_from_fork_asm+0x1a/0x30 [ 15.947757] </TASK> [ 15.947768] [ 15.958894] Allocated by task 282: [ 15.959074] kasan_save_stack+0x45/0x70 [ 15.959221] kasan_save_track+0x18/0x40 [ 15.959567] kasan_save_alloc_info+0x3b/0x50 [ 15.959779] __kasan_kmalloc+0xb7/0xc0 [ 15.959991] __kmalloc_cache_noprof+0x189/0x420 [ 15.960209] kasan_atomics+0x95/0x310 [ 15.960421] kunit_try_run_case+0x1a5/0x480 [ 15.960643] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.960928] kthread+0x337/0x6f0 [ 15.961096] ret_from_fork+0x116/0x1d0 [ 15.961338] ret_from_fork_asm+0x1a/0x30 [ 15.961537] [ 15.961636] The buggy address belongs to the object at ffff8881025e4100 [ 15.961636] which belongs to the cache kmalloc-64 of size 64 [ 15.962155] The buggy address is located 0 bytes to the right of [ 15.962155] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.962627] [ 15.962727] The buggy address belongs to the physical page: [ 15.963014] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.963361] flags: 0x200000000000000(node=0|zone=2) [ 15.963622] page_type: f5(slab) [ 15.963786] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.964119] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.964475] page dumped because: kasan: bad access detected [ 15.964744] [ 15.964934] Memory state around the buggy address: [ 15.965173] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.965543] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.965766] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.966108] ^ [ 15.966361] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.966726] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.967004] ================================================================== [ 16.184412] ================================================================== [ 16.184769] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 16.185088] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.185352] [ 16.185439] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.185482] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.185495] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.185516] Call Trace: [ 16.185530] <TASK> [ 16.185546] dump_stack_lvl+0x73/0xb0 [ 16.185574] print_report+0xd1/0x610 [ 16.185596] ? __virt_addr_valid+0x1db/0x2d0 [ 16.185619] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.185641] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.185663] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.185686] kasan_report+0x141/0x180 [ 16.185707] ? kasan_atomics_helper+0x20c8/0x5450 [ 16.185734] kasan_check_range+0x10c/0x1c0 [ 16.185757] __kasan_check_write+0x18/0x20 [ 16.185777] kasan_atomics_helper+0x20c8/0x5450 [ 16.185800] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.186140] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.186173] ? kasan_atomics+0x152/0x310 [ 16.186201] kasan_atomics+0x1dc/0x310 [ 16.186226] ? __pfx_kasan_atomics+0x10/0x10 [ 16.186251] ? __pfx_read_tsc+0x10/0x10 [ 16.186273] ? ktime_get_ts64+0x86/0x230 [ 16.186297] kunit_try_run_case+0x1a5/0x480 [ 16.186322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.186345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.186371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.186395] ? __kthread_parkme+0x82/0x180 [ 16.186416] ? preempt_count_sub+0x50/0x80 [ 16.186441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.186465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.186489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.186514] kthread+0x337/0x6f0 [ 16.186534] ? trace_preempt_on+0x20/0xc0 [ 16.186557] ? __pfx_kthread+0x10/0x10 [ 16.186579] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.186600] ? calculate_sigpending+0x7b/0xa0 [ 16.186624] ? __pfx_kthread+0x10/0x10 [ 16.186647] ret_from_fork+0x116/0x1d0 [ 16.186666] ? __pfx_kthread+0x10/0x10 [ 16.186687] ret_from_fork_asm+0x1a/0x30 [ 16.186718] </TASK> [ 16.186729] [ 16.194981] Allocated by task 282: [ 16.195211] kasan_save_stack+0x45/0x70 [ 16.195423] kasan_save_track+0x18/0x40 [ 16.195605] kasan_save_alloc_info+0x3b/0x50 [ 16.195831] __kasan_kmalloc+0xb7/0xc0 [ 16.195967] __kmalloc_cache_noprof+0x189/0x420 [ 16.196310] kasan_atomics+0x95/0x310 [ 16.196611] kunit_try_run_case+0x1a5/0x480 [ 16.196827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.197104] kthread+0x337/0x6f0 [ 16.197271] ret_from_fork+0x116/0x1d0 [ 16.197455] ret_from_fork_asm+0x1a/0x30 [ 16.197646] [ 16.197741] The buggy address belongs to the object at ffff8881025e4100 [ 16.197741] which belongs to the cache kmalloc-64 of size 64 [ 16.198290] The buggy address is located 0 bytes to the right of [ 16.198290] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.198791] [ 16.198898] The buggy address belongs to the physical page: [ 16.199180] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.199531] flags: 0x200000000000000(node=0|zone=2) [ 16.199756] page_type: f5(slab) [ 16.199951] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.200315] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.200668] page dumped because: kasan: bad access detected [ 16.200917] [ 16.201042] Memory state around the buggy address: [ 16.201300] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.201627] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.201948] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.202296] ^ [ 16.202513] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.202811] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.203029] ================================================================== [ 15.706558] ================================================================== [ 15.706966] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 15.707593] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.708170] [ 15.708285] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.708330] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.708343] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.708365] Call Trace: [ 15.708380] <TASK> [ 15.708396] dump_stack_lvl+0x73/0xb0 [ 15.708422] print_report+0xd1/0x610 [ 15.708444] ? __virt_addr_valid+0x1db/0x2d0 [ 15.708467] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.708488] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.708511] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.708533] kasan_report+0x141/0x180 [ 15.708556] ? kasan_atomics_helper+0x50d4/0x5450 [ 15.708583] __asan_report_store8_noabort+0x1b/0x30 [ 15.708608] kasan_atomics_helper+0x50d4/0x5450 [ 15.708632] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.708654] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.708680] ? kasan_atomics+0x152/0x310 [ 15.708707] kasan_atomics+0x1dc/0x310 [ 15.708730] ? __pfx_kasan_atomics+0x10/0x10 [ 15.708755] ? __pfx_read_tsc+0x10/0x10 [ 15.708776] ? ktime_get_ts64+0x86/0x230 [ 15.708800] kunit_try_run_case+0x1a5/0x480 [ 15.708837] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.708863] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.708888] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.708912] ? __kthread_parkme+0x82/0x180 [ 15.708933] ? preempt_count_sub+0x50/0x80 [ 15.708956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.708981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.709005] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.709029] kthread+0x337/0x6f0 [ 15.709049] ? trace_preempt_on+0x20/0xc0 [ 15.709072] ? __pfx_kthread+0x10/0x10 [ 15.709114] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.709136] ? calculate_sigpending+0x7b/0xa0 [ 15.709160] ? __pfx_kthread+0x10/0x10 [ 15.709195] ret_from_fork+0x116/0x1d0 [ 15.709215] ? __pfx_kthread+0x10/0x10 [ 15.709247] ret_from_fork_asm+0x1a/0x30 [ 15.709277] </TASK> [ 15.709288] [ 15.717202] Allocated by task 282: [ 15.717386] kasan_save_stack+0x45/0x70 [ 15.717567] kasan_save_track+0x18/0x40 [ 15.717726] kasan_save_alloc_info+0x3b/0x50 [ 15.717976] __kasan_kmalloc+0xb7/0xc0 [ 15.718187] __kmalloc_cache_noprof+0x189/0x420 [ 15.718384] kasan_atomics+0x95/0x310 [ 15.718566] kunit_try_run_case+0x1a5/0x480 [ 15.718777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.719004] kthread+0x337/0x6f0 [ 15.719260] ret_from_fork+0x116/0x1d0 [ 15.719405] ret_from_fork_asm+0x1a/0x30 [ 15.719548] [ 15.719621] The buggy address belongs to the object at ffff8881025e4100 [ 15.719621] which belongs to the cache kmalloc-64 of size 64 [ 15.719992] The buggy address is located 0 bytes to the right of [ 15.719992] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.720905] [ 15.721030] The buggy address belongs to the physical page: [ 15.721318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.721696] flags: 0x200000000000000(node=0|zone=2) [ 15.721874] page_type: f5(slab) [ 15.721996] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.722612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.722998] page dumped because: kasan: bad access detected [ 15.723297] [ 15.723389] Memory state around the buggy address: [ 15.723632] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.723925] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.724256] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.724550] ^ [ 15.724781] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.725115] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.725417] ================================================================== [ 15.840691] ================================================================== [ 15.842031] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 15.842572] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.842805] [ 15.842906] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.842952] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.842966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.842988] Call Trace: [ 15.843005] <TASK> [ 15.843022] dump_stack_lvl+0x73/0xb0 [ 15.843051] print_report+0xd1/0x610 [ 15.843075] ? __virt_addr_valid+0x1db/0x2d0 [ 15.843098] ? kasan_atomics_helper+0x1818/0x5450 [ 15.843120] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.843143] ? kasan_atomics_helper+0x1818/0x5450 [ 15.843166] kasan_report+0x141/0x180 [ 15.843188] ? kasan_atomics_helper+0x1818/0x5450 [ 15.843216] kasan_check_range+0x10c/0x1c0 [ 15.843289] __kasan_check_write+0x18/0x20 [ 15.843311] kasan_atomics_helper+0x1818/0x5450 [ 15.843334] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.843408] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.843435] ? kasan_atomics+0x152/0x310 [ 15.843473] kasan_atomics+0x1dc/0x310 [ 15.843497] ? __pfx_kasan_atomics+0x10/0x10 [ 15.843522] ? __pfx_read_tsc+0x10/0x10 [ 15.843545] ? ktime_get_ts64+0x86/0x230 [ 15.843570] kunit_try_run_case+0x1a5/0x480 [ 15.843596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.843620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.843645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.843715] ? __kthread_parkme+0x82/0x180 [ 15.843736] ? preempt_count_sub+0x50/0x80 [ 15.843770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.843794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.843827] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.843851] kthread+0x337/0x6f0 [ 15.843872] ? trace_preempt_on+0x20/0xc0 [ 15.843895] ? __pfx_kthread+0x10/0x10 [ 15.843917] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.843939] ? calculate_sigpending+0x7b/0xa0 [ 15.843963] ? __pfx_kthread+0x10/0x10 [ 15.843986] ret_from_fork+0x116/0x1d0 [ 15.844005] ? __pfx_kthread+0x10/0x10 [ 15.844026] ret_from_fork_asm+0x1a/0x30 [ 15.844056] </TASK> [ 15.844068] [ 15.857784] Allocated by task 282: [ 15.857970] kasan_save_stack+0x45/0x70 [ 15.858561] kasan_save_track+0x18/0x40 [ 15.858760] kasan_save_alloc_info+0x3b/0x50 [ 15.858975] __kasan_kmalloc+0xb7/0xc0 [ 15.859486] __kmalloc_cache_noprof+0x189/0x420 [ 15.859727] kasan_atomics+0x95/0x310 [ 15.859912] kunit_try_run_case+0x1a5/0x480 [ 15.860337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.860773] kthread+0x337/0x6f0 [ 15.861039] ret_from_fork+0x116/0x1d0 [ 15.861364] ret_from_fork_asm+0x1a/0x30 [ 15.861547] [ 15.861641] The buggy address belongs to the object at ffff8881025e4100 [ 15.861641] which belongs to the cache kmalloc-64 of size 64 [ 15.862054] The buggy address is located 0 bytes to the right of [ 15.862054] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.862711] [ 15.862788] The buggy address belongs to the physical page: [ 15.863049] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.863437] flags: 0x200000000000000(node=0|zone=2) [ 15.863647] page_type: f5(slab) [ 15.863808] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.864173] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.864527] page dumped because: kasan: bad access detected [ 15.864772] [ 15.864884] Memory state around the buggy address: [ 15.865104] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.865428] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.865646] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.866166] ^ [ 15.866396] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.866685] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.866922] ================================================================== [ 15.315425] ================================================================== [ 15.315707] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 15.315954] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.316182] [ 15.316270] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.316313] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.316326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.316349] Call Trace: [ 15.316368] <TASK> [ 15.316383] dump_stack_lvl+0x73/0xb0 [ 15.316412] print_report+0xd1/0x610 [ 15.316557] ? __virt_addr_valid+0x1db/0x2d0 [ 15.316584] ? kasan_atomics_helper+0xc70/0x5450 [ 15.316607] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.316631] ? kasan_atomics_helper+0xc70/0x5450 [ 15.316655] kasan_report+0x141/0x180 [ 15.316678] ? kasan_atomics_helper+0xc70/0x5450 [ 15.316705] kasan_check_range+0x10c/0x1c0 [ 15.316730] __kasan_check_write+0x18/0x20 [ 15.316750] kasan_atomics_helper+0xc70/0x5450 [ 15.316773] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.316796] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.316835] ? kasan_atomics+0x152/0x310 [ 15.316867] kasan_atomics+0x1dc/0x310 [ 15.316891] ? __pfx_kasan_atomics+0x10/0x10 [ 15.316916] ? __pfx_read_tsc+0x10/0x10 [ 15.316938] ? ktime_get_ts64+0x86/0x230 [ 15.316963] kunit_try_run_case+0x1a5/0x480 [ 15.316988] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.317012] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.317037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.317061] ? __kthread_parkme+0x82/0x180 [ 15.317082] ? preempt_count_sub+0x50/0x80 [ 15.317115] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.317140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.317166] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.317191] kthread+0x337/0x6f0 [ 15.317211] ? trace_preempt_on+0x20/0xc0 [ 15.317235] ? __pfx_kthread+0x10/0x10 [ 15.317256] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.317278] ? calculate_sigpending+0x7b/0xa0 [ 15.317304] ? __pfx_kthread+0x10/0x10 [ 15.317326] ret_from_fork+0x116/0x1d0 [ 15.317346] ? __pfx_kthread+0x10/0x10 [ 15.317367] ret_from_fork_asm+0x1a/0x30 [ 15.317398] </TASK> [ 15.317409] [ 15.325145] Allocated by task 282: [ 15.325514] kasan_save_stack+0x45/0x70 [ 15.325668] kasan_save_track+0x18/0x40 [ 15.325807] kasan_save_alloc_info+0x3b/0x50 [ 15.326033] __kasan_kmalloc+0xb7/0xc0 [ 15.326383] __kmalloc_cache_noprof+0x189/0x420 [ 15.326575] kasan_atomics+0x95/0x310 [ 15.326730] kunit_try_run_case+0x1a5/0x480 [ 15.326892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.327072] kthread+0x337/0x6f0 [ 15.327196] ret_from_fork+0x116/0x1d0 [ 15.327333] ret_from_fork_asm+0x1a/0x30 [ 15.327475] [ 15.327547] The buggy address belongs to the object at ffff8881025e4100 [ 15.327547] which belongs to the cache kmalloc-64 of size 64 [ 15.327960] The buggy address is located 0 bytes to the right of [ 15.327960] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.328518] [ 15.328630] The buggy address belongs to the physical page: [ 15.328901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.329489] flags: 0x200000000000000(node=0|zone=2) [ 15.329730] page_type: f5(slab) [ 15.329912] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.330339] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.330654] page dumped because: kasan: bad access detected [ 15.330880] [ 15.330982] Memory state around the buggy address: [ 15.331219] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.331532] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.331753] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.332060] ^ [ 15.332514] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.332733] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.332964] ================================================================== [ 16.242669] ================================================================== [ 16.243007] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 16.243418] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.243753] [ 16.243888] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.243935] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.243947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.243969] Call Trace: [ 16.243987] <TASK> [ 16.244003] dump_stack_lvl+0x73/0xb0 [ 16.244061] print_report+0xd1/0x610 [ 16.244105] ? __virt_addr_valid+0x1db/0x2d0 [ 16.244127] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.244149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.244201] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.244223] kasan_report+0x141/0x180 [ 16.244246] ? kasan_atomics_helper+0x4fa5/0x5450 [ 16.244274] __asan_report_load8_noabort+0x18/0x20 [ 16.244300] kasan_atomics_helper+0x4fa5/0x5450 [ 16.244350] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.244373] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.244397] ? kasan_atomics+0x152/0x310 [ 16.244425] kasan_atomics+0x1dc/0x310 [ 16.244448] ? __pfx_kasan_atomics+0x10/0x10 [ 16.244473] ? __pfx_read_tsc+0x10/0x10 [ 16.244523] ? ktime_get_ts64+0x86/0x230 [ 16.244547] kunit_try_run_case+0x1a5/0x480 [ 16.244572] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.244595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.244619] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.244670] ? __kthread_parkme+0x82/0x180 [ 16.244692] ? preempt_count_sub+0x50/0x80 [ 16.244715] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.244740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.244764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.244788] kthread+0x337/0x6f0 [ 16.244809] ? trace_preempt_on+0x20/0xc0 [ 16.244841] ? __pfx_kthread+0x10/0x10 [ 16.244866] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.244889] ? calculate_sigpending+0x7b/0xa0 [ 16.244913] ? __pfx_kthread+0x10/0x10 [ 16.244936] ret_from_fork+0x116/0x1d0 [ 16.244955] ? __pfx_kthread+0x10/0x10 [ 16.244977] ret_from_fork_asm+0x1a/0x30 [ 16.245008] </TASK> [ 16.245019] [ 16.252798] Allocated by task 282: [ 16.253272] kasan_save_stack+0x45/0x70 [ 16.253425] kasan_save_track+0x18/0x40 [ 16.253600] kasan_save_alloc_info+0x3b/0x50 [ 16.254739] __kasan_kmalloc+0xb7/0xc0 [ 16.254955] __kmalloc_cache_noprof+0x189/0x420 [ 16.255268] kasan_atomics+0x95/0x310 [ 16.255549] kunit_try_run_case+0x1a5/0x480 [ 16.256040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.256646] kthread+0x337/0x6f0 [ 16.257105] ret_from_fork+0x116/0x1d0 [ 16.257562] ret_from_fork_asm+0x1a/0x30 [ 16.258031] [ 16.258342] The buggy address belongs to the object at ffff8881025e4100 [ 16.258342] which belongs to the cache kmalloc-64 of size 64 [ 16.259585] The buggy address is located 0 bytes to the right of [ 16.259585] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.260384] [ 16.260669] The buggy address belongs to the physical page: [ 16.261281] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.261526] flags: 0x200000000000000(node=0|zone=2) [ 16.261689] page_type: f5(slab) [ 16.261824] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.262053] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.263120] page dumped because: kasan: bad access detected [ 16.263711] [ 16.263998] Memory state around the buggy address: [ 16.264553] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.265321] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.266048] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.266596] ^ [ 16.266758] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.267068] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.267575] ================================================================== [ 15.891483] ================================================================== [ 15.891811] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 15.892305] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.892679] [ 15.892778] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.892835] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.892853] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.892875] Call Trace: [ 15.892891] <TASK> [ 15.892907] dump_stack_lvl+0x73/0xb0 [ 15.892937] print_report+0xd1/0x610 [ 15.892960] ? __virt_addr_valid+0x1db/0x2d0 [ 15.892982] ? kasan_atomics_helper+0x194a/0x5450 [ 15.893004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.893027] ? kasan_atomics_helper+0x194a/0x5450 [ 15.893049] kasan_report+0x141/0x180 [ 15.893073] ? kasan_atomics_helper+0x194a/0x5450 [ 15.893349] kasan_check_range+0x10c/0x1c0 [ 15.893380] __kasan_check_write+0x18/0x20 [ 15.893401] kasan_atomics_helper+0x194a/0x5450 [ 15.893424] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.893448] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.893474] ? kasan_atomics+0x152/0x310 [ 15.893502] kasan_atomics+0x1dc/0x310 [ 15.893526] ? __pfx_kasan_atomics+0x10/0x10 [ 15.893551] ? __pfx_read_tsc+0x10/0x10 [ 15.893572] ? ktime_get_ts64+0x86/0x230 [ 15.893597] kunit_try_run_case+0x1a5/0x480 [ 15.893622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.893646] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.893670] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.893695] ? __kthread_parkme+0x82/0x180 [ 15.893717] ? preempt_count_sub+0x50/0x80 [ 15.893744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.893769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.893794] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.893828] kthread+0x337/0x6f0 [ 15.893850] ? trace_preempt_on+0x20/0xc0 [ 15.893873] ? __pfx_kthread+0x10/0x10 [ 15.893894] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.893918] ? calculate_sigpending+0x7b/0xa0 [ 15.893942] ? __pfx_kthread+0x10/0x10 [ 15.893965] ret_from_fork+0x116/0x1d0 [ 15.893985] ? __pfx_kthread+0x10/0x10 [ 15.894008] ret_from_fork_asm+0x1a/0x30 [ 15.894039] </TASK> [ 15.894050] [ 15.904921] Allocated by task 282: [ 15.905112] kasan_save_stack+0x45/0x70 [ 15.905731] kasan_save_track+0x18/0x40 [ 15.906034] kasan_save_alloc_info+0x3b/0x50 [ 15.906231] __kasan_kmalloc+0xb7/0xc0 [ 15.906423] __kmalloc_cache_noprof+0x189/0x420 [ 15.906633] kasan_atomics+0x95/0x310 [ 15.906811] kunit_try_run_case+0x1a5/0x480 [ 15.907018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.907592] kthread+0x337/0x6f0 [ 15.907742] ret_from_fork+0x116/0x1d0 [ 15.908160] ret_from_fork_asm+0x1a/0x30 [ 15.908482] [ 15.908587] The buggy address belongs to the object at ffff8881025e4100 [ 15.908587] which belongs to the cache kmalloc-64 of size 64 [ 15.909178] The buggy address is located 0 bytes to the right of [ 15.909178] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.909566] [ 15.909648] The buggy address belongs to the physical page: [ 15.909837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.910352] flags: 0x200000000000000(node=0|zone=2) [ 15.910527] page_type: f5(slab) [ 15.910652] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.911058] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.911750] page dumped because: kasan: bad access detected [ 15.912276] [ 15.912436] Memory state around the buggy address: [ 15.912889] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.913488] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.913710] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.913936] ^ [ 15.914134] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.914780] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.915429] ================================================================== [ 15.437935] ================================================================== [ 15.438548] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 15.438846] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.439122] [ 15.439231] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.439273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.439286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.439307] Call Trace: [ 15.439320] <TASK> [ 15.439334] dump_stack_lvl+0x73/0xb0 [ 15.439360] print_report+0xd1/0x610 [ 15.439384] ? __virt_addr_valid+0x1db/0x2d0 [ 15.439411] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.439434] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.439459] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.439483] kasan_report+0x141/0x180 [ 15.439506] ? kasan_atomics_helper+0xfa9/0x5450 [ 15.439534] kasan_check_range+0x10c/0x1c0 [ 15.439559] __kasan_check_write+0x18/0x20 [ 15.439579] kasan_atomics_helper+0xfa9/0x5450 [ 15.439602] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.439624] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.439650] ? kasan_atomics+0x152/0x310 [ 15.439679] kasan_atomics+0x1dc/0x310 [ 15.439703] ? __pfx_kasan_atomics+0x10/0x10 [ 15.439729] ? __pfx_read_tsc+0x10/0x10 [ 15.439749] ? ktime_get_ts64+0x86/0x230 [ 15.439773] kunit_try_run_case+0x1a5/0x480 [ 15.439798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.439831] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.439856] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.439880] ? __kthread_parkme+0x82/0x180 [ 15.439900] ? preempt_count_sub+0x50/0x80 [ 15.439924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.439948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.439973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.439996] kthread+0x337/0x6f0 [ 15.440017] ? trace_preempt_on+0x20/0xc0 [ 15.440041] ? __pfx_kthread+0x10/0x10 [ 15.440062] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.440084] ? calculate_sigpending+0x7b/0xa0 [ 15.440120] ? __pfx_kthread+0x10/0x10 [ 15.440143] ret_from_fork+0x116/0x1d0 [ 15.440162] ? __pfx_kthread+0x10/0x10 [ 15.440183] ret_from_fork_asm+0x1a/0x30 [ 15.440213] </TASK> [ 15.440225] [ 15.447965] Allocated by task 282: [ 15.448195] kasan_save_stack+0x45/0x70 [ 15.448380] kasan_save_track+0x18/0x40 [ 15.448594] kasan_save_alloc_info+0x3b/0x50 [ 15.448787] __kasan_kmalloc+0xb7/0xc0 [ 15.448969] __kmalloc_cache_noprof+0x189/0x420 [ 15.449219] kasan_atomics+0x95/0x310 [ 15.449408] kunit_try_run_case+0x1a5/0x480 [ 15.449797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.450036] kthread+0x337/0x6f0 [ 15.450206] ret_from_fork+0x116/0x1d0 [ 15.450375] ret_from_fork_asm+0x1a/0x30 [ 15.450578] [ 15.450691] The buggy address belongs to the object at ffff8881025e4100 [ 15.450691] which belongs to the cache kmalloc-64 of size 64 [ 15.451196] The buggy address is located 0 bytes to the right of [ 15.451196] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.451628] [ 15.451703] The buggy address belongs to the physical page: [ 15.451888] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.452238] flags: 0x200000000000000(node=0|zone=2) [ 15.452474] page_type: f5(slab) [ 15.452641] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.452999] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.453502] page dumped because: kasan: bad access detected [ 15.453759] [ 15.453860] Memory state around the buggy address: [ 15.454031] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.454251] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.454471] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.454788] ^ [ 15.455029] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.455450] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.455924] ================================================================== [ 15.567473] ================================================================== [ 15.567836] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 15.568171] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.568505] [ 15.568608] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.568652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.568665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.568687] Call Trace: [ 15.568705] <TASK> [ 15.568722] dump_stack_lvl+0x73/0xb0 [ 15.568750] print_report+0xd1/0x610 [ 15.568772] ? __virt_addr_valid+0x1db/0x2d0 [ 15.568795] ? kasan_atomics_helper+0x1217/0x5450 [ 15.568828] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.568856] ? kasan_atomics_helper+0x1217/0x5450 [ 15.568878] kasan_report+0x141/0x180 [ 15.568901] ? kasan_atomics_helper+0x1217/0x5450 [ 15.568928] kasan_check_range+0x10c/0x1c0 [ 15.568952] __kasan_check_write+0x18/0x20 [ 15.568972] kasan_atomics_helper+0x1217/0x5450 [ 15.568997] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.569019] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.569046] ? kasan_atomics+0x152/0x310 [ 15.569073] kasan_atomics+0x1dc/0x310 [ 15.569108] ? __pfx_kasan_atomics+0x10/0x10 [ 15.569133] ? __pfx_read_tsc+0x10/0x10 [ 15.569155] ? ktime_get_ts64+0x86/0x230 [ 15.569179] kunit_try_run_case+0x1a5/0x480 [ 15.569215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.569239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.569274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.569307] ? __kthread_parkme+0x82/0x180 [ 15.569328] ? preempt_count_sub+0x50/0x80 [ 15.569352] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.569388] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.569413] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.569438] kthread+0x337/0x6f0 [ 15.569459] ? trace_preempt_on+0x20/0xc0 [ 15.569482] ? __pfx_kthread+0x10/0x10 [ 15.569503] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.569526] ? calculate_sigpending+0x7b/0xa0 [ 15.569550] ? __pfx_kthread+0x10/0x10 [ 15.569573] ret_from_fork+0x116/0x1d0 [ 15.569601] ? __pfx_kthread+0x10/0x10 [ 15.569623] ret_from_fork_asm+0x1a/0x30 [ 15.569654] </TASK> [ 15.569676] [ 15.577616] Allocated by task 282: [ 15.577800] kasan_save_stack+0x45/0x70 [ 15.578010] kasan_save_track+0x18/0x40 [ 15.578229] kasan_save_alloc_info+0x3b/0x50 [ 15.578410] __kasan_kmalloc+0xb7/0xc0 [ 15.578625] __kmalloc_cache_noprof+0x189/0x420 [ 15.578822] kasan_atomics+0x95/0x310 [ 15.579020] kunit_try_run_case+0x1a5/0x480 [ 15.579174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.579350] kthread+0x337/0x6f0 [ 15.579473] ret_from_fork+0x116/0x1d0 [ 15.579608] ret_from_fork_asm+0x1a/0x30 [ 15.579750] [ 15.579834] The buggy address belongs to the object at ffff8881025e4100 [ 15.579834] which belongs to the cache kmalloc-64 of size 64 [ 15.580189] The buggy address is located 0 bytes to the right of [ 15.580189] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.580912] [ 15.581034] The buggy address belongs to the physical page: [ 15.581564] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.581926] flags: 0x200000000000000(node=0|zone=2) [ 15.582160] page_type: f5(slab) [ 15.582326] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.582743] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.582990] page dumped because: kasan: bad access detected [ 15.583387] [ 15.583484] Memory state around the buggy address: [ 15.583712] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.584026] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.584453] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.584748] ^ [ 15.584923] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.585142] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.585694] ================================================================== [ 16.078568] ================================================================== [ 16.078865] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 16.079099] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.079577] [ 16.079699] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.079742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.079755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.079776] Call Trace: [ 16.079792] <TASK> [ 16.079808] dump_stack_lvl+0x73/0xb0 [ 16.079847] print_report+0xd1/0x610 [ 16.079869] ? __virt_addr_valid+0x1db/0x2d0 [ 16.079892] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.079914] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.079937] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.079960] kasan_report+0x141/0x180 [ 16.079983] ? kasan_atomics_helper+0x1eaa/0x5450 [ 16.080009] kasan_check_range+0x10c/0x1c0 [ 16.080034] __kasan_check_write+0x18/0x20 [ 16.080054] kasan_atomics_helper+0x1eaa/0x5450 [ 16.080078] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.080111] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.080136] ? kasan_atomics+0x152/0x310 [ 16.080164] kasan_atomics+0x1dc/0x310 [ 16.080187] ? __pfx_kasan_atomics+0x10/0x10 [ 16.080212] ? __pfx_read_tsc+0x10/0x10 [ 16.080234] ? ktime_get_ts64+0x86/0x230 [ 16.080259] kunit_try_run_case+0x1a5/0x480 [ 16.080284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.080308] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.080333] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.080358] ? __kthread_parkme+0x82/0x180 [ 16.080378] ? preempt_count_sub+0x50/0x80 [ 16.080403] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.080427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.080452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.080477] kthread+0x337/0x6f0 [ 16.080498] ? trace_preempt_on+0x20/0xc0 [ 16.080522] ? __pfx_kthread+0x10/0x10 [ 16.080545] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.080567] ? calculate_sigpending+0x7b/0xa0 [ 16.080592] ? __pfx_kthread+0x10/0x10 [ 16.080614] ret_from_fork+0x116/0x1d0 [ 16.080634] ? __pfx_kthread+0x10/0x10 [ 16.080656] ret_from_fork_asm+0x1a/0x30 [ 16.080687] </TASK> [ 16.080698] [ 16.088301] Allocated by task 282: [ 16.088480] kasan_save_stack+0x45/0x70 [ 16.088667] kasan_save_track+0x18/0x40 [ 16.088858] kasan_save_alloc_info+0x3b/0x50 [ 16.089070] __kasan_kmalloc+0xb7/0xc0 [ 16.089223] __kmalloc_cache_noprof+0x189/0x420 [ 16.089427] kasan_atomics+0x95/0x310 [ 16.089599] kunit_try_run_case+0x1a5/0x480 [ 16.089780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.090001] kthread+0x337/0x6f0 [ 16.090203] ret_from_fork+0x116/0x1d0 [ 16.090339] ret_from_fork_asm+0x1a/0x30 [ 16.090479] [ 16.090551] The buggy address belongs to the object at ffff8881025e4100 [ 16.090551] which belongs to the cache kmalloc-64 of size 64 [ 16.090992] The buggy address is located 0 bytes to the right of [ 16.090992] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.091790] [ 16.091873] The buggy address belongs to the physical page: [ 16.092047] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.092667] flags: 0x200000000000000(node=0|zone=2) [ 16.092868] page_type: f5(slab) [ 16.092994] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.093392] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.093739] page dumped because: kasan: bad access detected [ 16.094015] [ 16.094112] Memory state around the buggy address: [ 16.094322] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.094650] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.094960] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.095178] ^ [ 16.095490] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.095789] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.096095] ================================================================== [ 15.333542] ================================================================== [ 15.333904] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 15.334468] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.334759] [ 15.334875] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.334917] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.334931] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.334952] Call Trace: [ 15.334967] <TASK> [ 15.334981] dump_stack_lvl+0x73/0xb0 [ 15.335009] print_report+0xd1/0x610 [ 15.335031] ? __virt_addr_valid+0x1db/0x2d0 [ 15.335054] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.335076] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.335099] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.335122] kasan_report+0x141/0x180 [ 15.335144] ? kasan_atomics_helper+0x4a84/0x5450 [ 15.335171] __asan_report_load4_noabort+0x18/0x20 [ 15.335196] kasan_atomics_helper+0x4a84/0x5450 [ 15.335219] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.335242] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.335267] ? kasan_atomics+0x152/0x310 [ 15.335294] kasan_atomics+0x1dc/0x310 [ 15.335317] ? __pfx_kasan_atomics+0x10/0x10 [ 15.335342] ? __pfx_read_tsc+0x10/0x10 [ 15.335364] ? ktime_get_ts64+0x86/0x230 [ 15.335388] kunit_try_run_case+0x1a5/0x480 [ 15.335412] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.335436] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.335460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.335484] ? __kthread_parkme+0x82/0x180 [ 15.335505] ? preempt_count_sub+0x50/0x80 [ 15.335529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.335554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.335589] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.335614] kthread+0x337/0x6f0 [ 15.335635] ? trace_preempt_on+0x20/0xc0 [ 15.335659] ? __pfx_kthread+0x10/0x10 [ 15.335680] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.335703] ? calculate_sigpending+0x7b/0xa0 [ 15.335727] ? __pfx_kthread+0x10/0x10 [ 15.335749] ret_from_fork+0x116/0x1d0 [ 15.335769] ? __pfx_kthread+0x10/0x10 [ 15.335790] ret_from_fork_asm+0x1a/0x30 [ 15.335831] </TASK> [ 15.335845] [ 15.344545] Allocated by task 282: [ 15.344859] kasan_save_stack+0x45/0x70 [ 15.345286] kasan_save_track+0x18/0x40 [ 15.345547] kasan_save_alloc_info+0x3b/0x50 [ 15.345706] __kasan_kmalloc+0xb7/0xc0 [ 15.345863] __kmalloc_cache_noprof+0x189/0x420 [ 15.346733] kasan_atomics+0x95/0x310 [ 15.346944] kunit_try_run_case+0x1a5/0x480 [ 15.347349] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.347941] kthread+0x337/0x6f0 [ 15.348077] ret_from_fork+0x116/0x1d0 [ 15.348285] ret_from_fork_asm+0x1a/0x30 [ 15.348467] [ 15.348564] The buggy address belongs to the object at ffff8881025e4100 [ 15.348564] which belongs to the cache kmalloc-64 of size 64 [ 15.349075] The buggy address is located 0 bytes to the right of [ 15.349075] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.349918] [ 15.350089] The buggy address belongs to the physical page: [ 15.350398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.350779] flags: 0x200000000000000(node=0|zone=2) [ 15.351090] page_type: f5(slab) [ 15.351263] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.351672] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.352085] page dumped because: kasan: bad access detected [ 15.352303] [ 15.352400] Memory state around the buggy address: [ 15.352603] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.352929] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.353503] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.353874] ^ [ 15.354104] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.354527] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.354891] ================================================================== [ 15.013368] ================================================================== [ 15.013657] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 15.013979] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.014313] [ 15.014415] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.014458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.014470] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.014491] Call Trace: [ 15.014504] <TASK> [ 15.014517] dump_stack_lvl+0x73/0xb0 [ 15.014545] print_report+0xd1/0x610 [ 15.014566] ? __virt_addr_valid+0x1db/0x2d0 [ 15.014586] ? kasan_atomics_helper+0x4b6e/0x5450 [ 15.014607] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.014629] ? kasan_atomics_helper+0x4b6e/0x5450 [ 15.014649] kasan_report+0x141/0x180 [ 15.014671] ? kasan_atomics_helper+0x4b6e/0x5450 [ 15.014696] __asan_report_store4_noabort+0x1b/0x30 [ 15.014720] kasan_atomics_helper+0x4b6e/0x5450 [ 15.014742] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.014762] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.014786] ? kasan_atomics+0x152/0x310 [ 15.014824] kasan_atomics+0x1dc/0x310 [ 15.014845] ? __pfx_kasan_atomics+0x10/0x10 [ 15.014869] ? __pfx_read_tsc+0x10/0x10 [ 15.014888] ? ktime_get_ts64+0x86/0x230 [ 15.014911] kunit_try_run_case+0x1a5/0x480 [ 15.014935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.014956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.014979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.015003] ? __kthread_parkme+0x82/0x180 [ 15.015126] ? preempt_count_sub+0x50/0x80 [ 15.015152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.015194] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.015219] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.015243] kthread+0x337/0x6f0 [ 15.015263] ? trace_preempt_on+0x20/0xc0 [ 15.015433] ? __pfx_kthread+0x10/0x10 [ 15.015459] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.015482] ? calculate_sigpending+0x7b/0xa0 [ 15.015506] ? __pfx_kthread+0x10/0x10 [ 15.015529] ret_from_fork+0x116/0x1d0 [ 15.015548] ? __pfx_kthread+0x10/0x10 [ 15.015569] ret_from_fork_asm+0x1a/0x30 [ 15.015600] </TASK> [ 15.015612] [ 15.023293] Allocated by task 282: [ 15.023479] kasan_save_stack+0x45/0x70 [ 15.023626] kasan_save_track+0x18/0x40 [ 15.023765] kasan_save_alloc_info+0x3b/0x50 [ 15.023929] __kasan_kmalloc+0xb7/0xc0 [ 15.024093] __kmalloc_cache_noprof+0x189/0x420 [ 15.024323] kasan_atomics+0x95/0x310 [ 15.024511] kunit_try_run_case+0x1a5/0x480 [ 15.024717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.024986] kthread+0x337/0x6f0 [ 15.025153] ret_from_fork+0x116/0x1d0 [ 15.025339] ret_from_fork_asm+0x1a/0x30 [ 15.025481] [ 15.025554] The buggy address belongs to the object at ffff8881025e4100 [ 15.025554] which belongs to the cache kmalloc-64 of size 64 [ 15.026106] The buggy address is located 0 bytes to the right of [ 15.026106] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.026530] [ 15.026603] The buggy address belongs to the physical page: [ 15.026776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.027027] flags: 0x200000000000000(node=0|zone=2) [ 15.027321] page_type: f5(slab) [ 15.027487] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.027836] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.028269] page dumped because: kasan: bad access detected [ 15.028524] [ 15.028617] Memory state around the buggy address: [ 15.028838] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.029060] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.029395] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.029710] ^ [ 15.029926] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.030224] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.030454] ================================================================== [ 15.787347] ================================================================== [ 15.787677] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 15.788087] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.788768] [ 15.788903] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.788961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.788975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.788997] Call Trace: [ 15.789013] <TASK> [ 15.789028] dump_stack_lvl+0x73/0xb0 [ 15.789066] print_report+0xd1/0x610 [ 15.789089] ? __virt_addr_valid+0x1db/0x2d0 [ 15.789123] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.789157] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.789189] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.789212] kasan_report+0x141/0x180 [ 15.789235] ? kasan_atomics_helper+0x16e7/0x5450 [ 15.789272] kasan_check_range+0x10c/0x1c0 [ 15.789296] __kasan_check_write+0x18/0x20 [ 15.789316] kasan_atomics_helper+0x16e7/0x5450 [ 15.789339] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.789361] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.789387] ? kasan_atomics+0x152/0x310 [ 15.789414] kasan_atomics+0x1dc/0x310 [ 15.789437] ? __pfx_kasan_atomics+0x10/0x10 [ 15.790009] ? __pfx_read_tsc+0x10/0x10 [ 15.790042] ? ktime_get_ts64+0x86/0x230 [ 15.790081] kunit_try_run_case+0x1a5/0x480 [ 15.790122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.790577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.790615] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.790654] ? __kthread_parkme+0x82/0x180 [ 15.790675] ? preempt_count_sub+0x50/0x80 [ 15.790699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.790997] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.791023] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.791047] kthread+0x337/0x6f0 [ 15.791069] ? trace_preempt_on+0x20/0xc0 [ 15.791092] ? __pfx_kthread+0x10/0x10 [ 15.791114] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.791136] ? calculate_sigpending+0x7b/0xa0 [ 15.791160] ? __pfx_kthread+0x10/0x10 [ 15.791182] ret_from_fork+0x116/0x1d0 [ 15.791201] ? __pfx_kthread+0x10/0x10 [ 15.791222] ret_from_fork_asm+0x1a/0x30 [ 15.791253] </TASK> [ 15.791264] [ 15.802069] Allocated by task 282: [ 15.802240] kasan_save_stack+0x45/0x70 [ 15.802446] kasan_save_track+0x18/0x40 [ 15.802630] kasan_save_alloc_info+0x3b/0x50 [ 15.802838] __kasan_kmalloc+0xb7/0xc0 [ 15.803022] __kmalloc_cache_noprof+0x189/0x420 [ 15.803507] kasan_atomics+0x95/0x310 [ 15.803777] kunit_try_run_case+0x1a5/0x480 [ 15.803969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.804346] kthread+0x337/0x6f0 [ 15.804511] ret_from_fork+0x116/0x1d0 [ 15.804844] ret_from_fork_asm+0x1a/0x30 [ 15.805129] [ 15.805294] The buggy address belongs to the object at ffff8881025e4100 [ 15.805294] which belongs to the cache kmalloc-64 of size 64 [ 15.805800] The buggy address is located 0 bytes to the right of [ 15.805800] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.806531] [ 15.806803] The buggy address belongs to the physical page: [ 15.807053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.807529] flags: 0x200000000000000(node=0|zone=2) [ 15.807864] page_type: f5(slab) [ 15.808033] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.808552] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.808887] page dumped because: kasan: bad access detected [ 15.809294] [ 15.809387] Memory state around the buggy address: [ 15.809578] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.810013] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.810405] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.810843] ^ [ 15.811047] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.811650] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.812024] ================================================================== [ 15.669255] ================================================================== [ 15.669998] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 15.670836] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.671424] [ 15.671540] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.671586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.671599] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.671622] Call Trace: [ 15.671636] <TASK> [ 15.671652] dump_stack_lvl+0x73/0xb0 [ 15.671682] print_report+0xd1/0x610 [ 15.671706] ? __virt_addr_valid+0x1db/0x2d0 [ 15.671730] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.671752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.671775] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.671799] kasan_report+0x141/0x180 [ 15.671836] ? kasan_atomics_helper+0x4eae/0x5450 [ 15.671863] __asan_report_load8_noabort+0x18/0x20 [ 15.671888] kasan_atomics_helper+0x4eae/0x5450 [ 15.671912] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.671936] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.671961] ? kasan_atomics+0x152/0x310 [ 15.671988] kasan_atomics+0x1dc/0x310 [ 15.672011] ? __pfx_kasan_atomics+0x10/0x10 [ 15.672049] ? __pfx_read_tsc+0x10/0x10 [ 15.672071] ? ktime_get_ts64+0x86/0x230 [ 15.672095] kunit_try_run_case+0x1a5/0x480 [ 15.672132] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.672156] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.672181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.672216] ? __kthread_parkme+0x82/0x180 [ 15.672236] ? preempt_count_sub+0x50/0x80 [ 15.672260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.672285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.672309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.672333] kthread+0x337/0x6f0 [ 15.672354] ? trace_preempt_on+0x20/0xc0 [ 15.672377] ? __pfx_kthread+0x10/0x10 [ 15.672398] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.672421] ? calculate_sigpending+0x7b/0xa0 [ 15.672445] ? __pfx_kthread+0x10/0x10 [ 15.672467] ret_from_fork+0x116/0x1d0 [ 15.672486] ? __pfx_kthread+0x10/0x10 [ 15.672507] ret_from_fork_asm+0x1a/0x30 [ 15.672537] </TASK> [ 15.672549] [ 15.680087] Allocated by task 282: [ 15.680419] kasan_save_stack+0x45/0x70 [ 15.680618] kasan_save_track+0x18/0x40 [ 15.680872] kasan_save_alloc_info+0x3b/0x50 [ 15.681023] __kasan_kmalloc+0xb7/0xc0 [ 15.681158] __kmalloc_cache_noprof+0x189/0x420 [ 15.681359] kasan_atomics+0x95/0x310 [ 15.681551] kunit_try_run_case+0x1a5/0x480 [ 15.681784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.682074] kthread+0x337/0x6f0 [ 15.682257] ret_from_fork+0x116/0x1d0 [ 15.682447] ret_from_fork_asm+0x1a/0x30 [ 15.682647] [ 15.682769] The buggy address belongs to the object at ffff8881025e4100 [ 15.682769] which belongs to the cache kmalloc-64 of size 64 [ 15.683364] The buggy address is located 0 bytes to the right of [ 15.683364] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.683920] [ 15.684021] The buggy address belongs to the physical page: [ 15.684370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.684710] flags: 0x200000000000000(node=0|zone=2) [ 15.684949] page_type: f5(slab) [ 15.685138] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.685474] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.685778] page dumped because: kasan: bad access detected [ 15.686076] [ 15.686158] Memory state around the buggy address: [ 15.686382] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.686678] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.687004] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.687331] ^ [ 15.687492] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.687712] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.688066] ================================================================== [ 16.268630] ================================================================== [ 16.268971] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 16.269529] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.270337] [ 16.270480] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.270527] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.270540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.270562] Call Trace: [ 16.270578] <TASK> [ 16.270593] dump_stack_lvl+0x73/0xb0 [ 16.270623] print_report+0xd1/0x610 [ 16.270645] ? __virt_addr_valid+0x1db/0x2d0 [ 16.270668] ? kasan_atomics_helper+0x224c/0x5450 [ 16.270690] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.270712] ? kasan_atomics_helper+0x224c/0x5450 [ 16.270734] kasan_report+0x141/0x180 [ 16.270757] ? kasan_atomics_helper+0x224c/0x5450 [ 16.270784] kasan_check_range+0x10c/0x1c0 [ 16.270809] __kasan_check_write+0x18/0x20 [ 16.270876] kasan_atomics_helper+0x224c/0x5450 [ 16.270900] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.270922] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.270947] ? kasan_atomics+0x152/0x310 [ 16.270975] kasan_atomics+0x1dc/0x310 [ 16.270998] ? __pfx_kasan_atomics+0x10/0x10 [ 16.271023] ? __pfx_read_tsc+0x10/0x10 [ 16.271044] ? ktime_get_ts64+0x86/0x230 [ 16.271069] kunit_try_run_case+0x1a5/0x480 [ 16.271117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.271142] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.271167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.271192] ? __kthread_parkme+0x82/0x180 [ 16.271214] ? preempt_count_sub+0x50/0x80 [ 16.271238] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.271263] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.271286] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.271311] kthread+0x337/0x6f0 [ 16.271331] ? trace_preempt_on+0x20/0xc0 [ 16.271355] ? __pfx_kthread+0x10/0x10 [ 16.271377] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.271399] ? calculate_sigpending+0x7b/0xa0 [ 16.271423] ? __pfx_kthread+0x10/0x10 [ 16.271445] ret_from_fork+0x116/0x1d0 [ 16.271465] ? __pfx_kthread+0x10/0x10 [ 16.271486] ret_from_fork_asm+0x1a/0x30 [ 16.271517] </TASK> [ 16.271528] [ 16.279272] Allocated by task 282: [ 16.279462] kasan_save_stack+0x45/0x70 [ 16.279662] kasan_save_track+0x18/0x40 [ 16.279904] kasan_save_alloc_info+0x3b/0x50 [ 16.280118] __kasan_kmalloc+0xb7/0xc0 [ 16.280311] __kmalloc_cache_noprof+0x189/0x420 [ 16.280558] kasan_atomics+0x95/0x310 [ 16.280750] kunit_try_run_case+0x1a5/0x480 [ 16.280999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.281277] kthread+0x337/0x6f0 [ 16.281479] ret_from_fork+0x116/0x1d0 [ 16.281686] ret_from_fork_asm+0x1a/0x30 [ 16.281891] [ 16.281975] The buggy address belongs to the object at ffff8881025e4100 [ 16.281975] which belongs to the cache kmalloc-64 of size 64 [ 16.282401] The buggy address is located 0 bytes to the right of [ 16.282401] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.282771] [ 16.282878] The buggy address belongs to the physical page: [ 16.283185] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.283531] flags: 0x200000000000000(node=0|zone=2) [ 16.283759] page_type: f5(slab) [ 16.283944] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.284245] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.284487] page dumped because: kasan: bad access detected [ 16.284704] [ 16.284792] Memory state around the buggy address: [ 16.285808] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.286057] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.286372] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.286721] ^ [ 16.286937] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.287284] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.287607] ================================================================== [ 15.725941] ================================================================== [ 15.726396] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 15.726712] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.726957] [ 15.727047] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.727090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.727103] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.727125] Call Trace: [ 15.727142] <TASK> [ 15.727157] dump_stack_lvl+0x73/0xb0 [ 15.727184] print_report+0xd1/0x610 [ 15.727218] ? __virt_addr_valid+0x1db/0x2d0 [ 15.727240] ? kasan_atomics_helper+0x151d/0x5450 [ 15.727261] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.727296] ? kasan_atomics_helper+0x151d/0x5450 [ 15.727319] kasan_report+0x141/0x180 [ 15.727342] ? kasan_atomics_helper+0x151d/0x5450 [ 15.727368] kasan_check_range+0x10c/0x1c0 [ 15.727392] __kasan_check_write+0x18/0x20 [ 15.727411] kasan_atomics_helper+0x151d/0x5450 [ 15.727436] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.727460] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.727486] ? kasan_atomics+0x152/0x310 [ 15.727514] kasan_atomics+0x1dc/0x310 [ 15.727537] ? __pfx_kasan_atomics+0x10/0x10 [ 15.727562] ? __pfx_read_tsc+0x10/0x10 [ 15.727583] ? ktime_get_ts64+0x86/0x230 [ 15.727606] kunit_try_run_case+0x1a5/0x480 [ 15.727631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.727654] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.727678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.727702] ? __kthread_parkme+0x82/0x180 [ 15.727732] ? preempt_count_sub+0x50/0x80 [ 15.727756] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.727780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.727822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.727847] kthread+0x337/0x6f0 [ 15.727867] ? trace_preempt_on+0x20/0xc0 [ 15.727899] ? __pfx_kthread+0x10/0x10 [ 15.727920] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.727943] ? calculate_sigpending+0x7b/0xa0 [ 15.727977] ? __pfx_kthread+0x10/0x10 [ 15.728000] ret_from_fork+0x116/0x1d0 [ 15.728019] ? __pfx_kthread+0x10/0x10 [ 15.728040] ret_from_fork_asm+0x1a/0x30 [ 15.728071] </TASK> [ 15.728081] [ 15.735765] Allocated by task 282: [ 15.735919] kasan_save_stack+0x45/0x70 [ 15.736147] kasan_save_track+0x18/0x40 [ 15.736315] kasan_save_alloc_info+0x3b/0x50 [ 15.736519] __kasan_kmalloc+0xb7/0xc0 [ 15.736704] __kmalloc_cache_noprof+0x189/0x420 [ 15.736901] kasan_atomics+0x95/0x310 [ 15.737094] kunit_try_run_case+0x1a5/0x480 [ 15.737330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.737571] kthread+0x337/0x6f0 [ 15.737744] ret_from_fork+0x116/0x1d0 [ 15.737939] ret_from_fork_asm+0x1a/0x30 [ 15.738163] [ 15.738265] The buggy address belongs to the object at ffff8881025e4100 [ 15.738265] which belongs to the cache kmalloc-64 of size 64 [ 15.738769] The buggy address is located 0 bytes to the right of [ 15.738769] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.739334] [ 15.739458] The buggy address belongs to the physical page: [ 15.739686] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.740028] flags: 0x200000000000000(node=0|zone=2) [ 15.740243] page_type: f5(slab) [ 15.740426] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.740707] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.740993] page dumped because: kasan: bad access detected [ 15.741302] [ 15.741400] Memory state around the buggy address: [ 15.741623] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.741948] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.742267] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.742649] ^ [ 15.742808] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.743036] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.743701] ================================================================== [ 16.059779] ================================================================== [ 16.060029] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 16.060381] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.060645] [ 16.060730] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.060772] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.060785] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.060807] Call Trace: [ 16.060831] <TASK> [ 16.060869] dump_stack_lvl+0x73/0xb0 [ 16.060897] print_report+0xd1/0x610 [ 16.060919] ? __virt_addr_valid+0x1db/0x2d0 [ 16.060941] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.060963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.060986] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.061008] kasan_report+0x141/0x180 [ 16.061031] ? kasan_atomics_helper+0x1e12/0x5450 [ 16.061059] kasan_check_range+0x10c/0x1c0 [ 16.061082] __kasan_check_write+0x18/0x20 [ 16.061113] kasan_atomics_helper+0x1e12/0x5450 [ 16.061163] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.061186] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.061212] ? kasan_atomics+0x152/0x310 [ 16.061238] kasan_atomics+0x1dc/0x310 [ 16.061262] ? __pfx_kasan_atomics+0x10/0x10 [ 16.061287] ? __pfx_read_tsc+0x10/0x10 [ 16.061307] ? ktime_get_ts64+0x86/0x230 [ 16.061332] kunit_try_run_case+0x1a5/0x480 [ 16.061357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.061381] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.061405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.061431] ? __kthread_parkme+0x82/0x180 [ 16.061452] ? preempt_count_sub+0x50/0x80 [ 16.061477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.061505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.061533] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.061559] kthread+0x337/0x6f0 [ 16.061601] ? trace_preempt_on+0x20/0xc0 [ 16.061626] ? __pfx_kthread+0x10/0x10 [ 16.061648] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.061670] ? calculate_sigpending+0x7b/0xa0 [ 16.061696] ? __pfx_kthread+0x10/0x10 [ 16.061719] ret_from_fork+0x116/0x1d0 [ 16.061739] ? __pfx_kthread+0x10/0x10 [ 16.061762] ret_from_fork_asm+0x1a/0x30 [ 16.061793] </TASK> [ 16.061805] [ 16.070229] Allocated by task 282: [ 16.070426] kasan_save_stack+0x45/0x70 [ 16.070627] kasan_save_track+0x18/0x40 [ 16.070766] kasan_save_alloc_info+0x3b/0x50 [ 16.070930] __kasan_kmalloc+0xb7/0xc0 [ 16.071066] __kmalloc_cache_noprof+0x189/0x420 [ 16.071456] kasan_atomics+0x95/0x310 [ 16.071646] kunit_try_run_case+0x1a5/0x480 [ 16.071943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.072192] kthread+0x337/0x6f0 [ 16.072317] ret_from_fork+0x116/0x1d0 [ 16.072453] ret_from_fork_asm+0x1a/0x30 [ 16.072636] [ 16.072734] The buggy address belongs to the object at ffff8881025e4100 [ 16.072734] which belongs to the cache kmalloc-64 of size 64 [ 16.073496] The buggy address is located 0 bytes to the right of [ 16.073496] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.073994] [ 16.074083] The buggy address belongs to the physical page: [ 16.074306] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.074577] flags: 0x200000000000000(node=0|zone=2) [ 16.074745] page_type: f5(slab) [ 16.074879] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.075225] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.075560] page dumped because: kasan: bad access detected [ 16.075788] [ 16.075869] Memory state around the buggy address: [ 16.076026] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.076675] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.076964] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.077290] ^ [ 16.077501] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.077791] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.078070] ================================================================== [ 15.526062] ================================================================== [ 15.526664] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 15.527037] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.527300] [ 15.527412] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.527458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.527472] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.527493] Call Trace: [ 15.527508] <TASK> [ 15.527525] dump_stack_lvl+0x73/0xb0 [ 15.527554] print_report+0xd1/0x610 [ 15.527576] ? __virt_addr_valid+0x1db/0x2d0 [ 15.527598] ? kasan_atomics_helper+0x1148/0x5450 [ 15.527620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.527643] ? kasan_atomics_helper+0x1148/0x5450 [ 15.527666] kasan_report+0x141/0x180 [ 15.527689] ? kasan_atomics_helper+0x1148/0x5450 [ 15.527716] kasan_check_range+0x10c/0x1c0 [ 15.527740] __kasan_check_write+0x18/0x20 [ 15.527760] kasan_atomics_helper+0x1148/0x5450 [ 15.527783] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.527806] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.527842] ? kasan_atomics+0x152/0x310 [ 15.527870] kasan_atomics+0x1dc/0x310 [ 15.527893] ? __pfx_kasan_atomics+0x10/0x10 [ 15.527918] ? __pfx_read_tsc+0x10/0x10 [ 15.527939] ? ktime_get_ts64+0x86/0x230 [ 15.527963] kunit_try_run_case+0x1a5/0x480 [ 15.527989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.528012] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.528036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.528061] ? __kthread_parkme+0x82/0x180 [ 15.528082] ? preempt_count_sub+0x50/0x80 [ 15.528127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.528152] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.528175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.528200] kthread+0x337/0x6f0 [ 15.528220] ? trace_preempt_on+0x20/0xc0 [ 15.528242] ? __pfx_kthread+0x10/0x10 [ 15.528264] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.528286] ? calculate_sigpending+0x7b/0xa0 [ 15.528310] ? __pfx_kthread+0x10/0x10 [ 15.528332] ret_from_fork+0x116/0x1d0 [ 15.528351] ? __pfx_kthread+0x10/0x10 [ 15.528372] ret_from_fork_asm+0x1a/0x30 [ 15.528403] </TASK> [ 15.528414] [ 15.536338] Allocated by task 282: [ 15.536506] kasan_save_stack+0x45/0x70 [ 15.536718] kasan_save_track+0x18/0x40 [ 15.536873] kasan_save_alloc_info+0x3b/0x50 [ 15.537051] __kasan_kmalloc+0xb7/0xc0 [ 15.537364] __kmalloc_cache_noprof+0x189/0x420 [ 15.537592] kasan_atomics+0x95/0x310 [ 15.537802] kunit_try_run_case+0x1a5/0x480 [ 15.538022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.538247] kthread+0x337/0x6f0 [ 15.538414] ret_from_fork+0x116/0x1d0 [ 15.538593] ret_from_fork_asm+0x1a/0x30 [ 15.538826] [ 15.538949] The buggy address belongs to the object at ffff8881025e4100 [ 15.538949] which belongs to the cache kmalloc-64 of size 64 [ 15.539472] The buggy address is located 0 bytes to the right of [ 15.539472] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.540066] [ 15.540252] The buggy address belongs to the physical page: [ 15.540505] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.540888] flags: 0x200000000000000(node=0|zone=2) [ 15.541153] page_type: f5(slab) [ 15.541322] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.541668] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.541991] page dumped because: kasan: bad access detected [ 15.542975] [ 15.543582] Memory state around the buggy address: [ 15.544056] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.544635] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.545264] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.545782] ^ [ 15.546355] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.546891] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.547498] ================================================================== [ 15.604858] ================================================================== [ 15.605211] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 15.605825] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.606192] [ 15.606325] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.606368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.606381] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.606402] Call Trace: [ 15.606416] <TASK> [ 15.606429] dump_stack_lvl+0x73/0xb0 [ 15.606457] print_report+0xd1/0x610 [ 15.606480] ? __virt_addr_valid+0x1db/0x2d0 [ 15.606502] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.606524] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.606547] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.606569] kasan_report+0x141/0x180 [ 15.606593] ? kasan_atomics_helper+0x12e6/0x5450 [ 15.606621] kasan_check_range+0x10c/0x1c0 [ 15.606645] __kasan_check_write+0x18/0x20 [ 15.606665] kasan_atomics_helper+0x12e6/0x5450 [ 15.606688] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.606711] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.606736] ? kasan_atomics+0x152/0x310 [ 15.606763] kasan_atomics+0x1dc/0x310 [ 15.606787] ? __pfx_kasan_atomics+0x10/0x10 [ 15.606823] ? __pfx_read_tsc+0x10/0x10 [ 15.606844] ? ktime_get_ts64+0x86/0x230 [ 15.606868] kunit_try_run_case+0x1a5/0x480 [ 15.606903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.606927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.606951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.606987] ? __kthread_parkme+0x82/0x180 [ 15.607008] ? preempt_count_sub+0x50/0x80 [ 15.607032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.607057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.607091] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.607123] kthread+0x337/0x6f0 [ 15.607155] ? trace_preempt_on+0x20/0xc0 [ 15.607181] ? __pfx_kthread+0x10/0x10 [ 15.607204] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.607229] ? calculate_sigpending+0x7b/0xa0 [ 15.607255] ? __pfx_kthread+0x10/0x10 [ 15.607286] ret_from_fork+0x116/0x1d0 [ 15.607306] ? __pfx_kthread+0x10/0x10 [ 15.607329] ret_from_fork_asm+0x1a/0x30 [ 15.607370] </TASK> [ 15.607381] [ 15.615445] Allocated by task 282: [ 15.615625] kasan_save_stack+0x45/0x70 [ 15.615804] kasan_save_track+0x18/0x40 [ 15.615952] kasan_save_alloc_info+0x3b/0x50 [ 15.616313] __kasan_kmalloc+0xb7/0xc0 [ 15.616497] __kmalloc_cache_noprof+0x189/0x420 [ 15.616713] kasan_atomics+0x95/0x310 [ 15.616908] kunit_try_run_case+0x1a5/0x480 [ 15.617145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.617382] kthread+0x337/0x6f0 [ 15.617508] ret_from_fork+0x116/0x1d0 [ 15.617644] ret_from_fork_asm+0x1a/0x30 [ 15.617786] [ 15.617869] The buggy address belongs to the object at ffff8881025e4100 [ 15.617869] which belongs to the cache kmalloc-64 of size 64 [ 15.618301] The buggy address is located 0 bytes to the right of [ 15.618301] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.619155] [ 15.619280] The buggy address belongs to the physical page: [ 15.619494] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.619772] flags: 0x200000000000000(node=0|zone=2) [ 15.620188] page_type: f5(slab) [ 15.620384] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.620763] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.621166] page dumped because: kasan: bad access detected [ 15.621436] [ 15.621511] Memory state around the buggy address: [ 15.621693] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.622054] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.622428] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.622713] ^ [ 15.622965] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.623312] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.623600] ================================================================== [ 15.867774] ================================================================== [ 15.868087] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 15.868761] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.869334] [ 15.869429] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.869476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.869489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.869511] Call Trace: [ 15.869526] <TASK> [ 15.869686] dump_stack_lvl+0x73/0xb0 [ 15.869723] print_report+0xd1/0x610 [ 15.869747] ? __virt_addr_valid+0x1db/0x2d0 [ 15.869770] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.869791] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.869824] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.869848] kasan_report+0x141/0x180 [ 15.869881] ? kasan_atomics_helper+0x18b1/0x5450 [ 15.869908] kasan_check_range+0x10c/0x1c0 [ 15.869932] __kasan_check_write+0x18/0x20 [ 15.869963] kasan_atomics_helper+0x18b1/0x5450 [ 15.869987] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.870010] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.870035] ? kasan_atomics+0x152/0x310 [ 15.870072] kasan_atomics+0x1dc/0x310 [ 15.870096] ? __pfx_kasan_atomics+0x10/0x10 [ 15.870121] ? __pfx_read_tsc+0x10/0x10 [ 15.870164] ? ktime_get_ts64+0x86/0x230 [ 15.870189] kunit_try_run_case+0x1a5/0x480 [ 15.870214] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.870237] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.870261] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.870286] ? __kthread_parkme+0x82/0x180 [ 15.870308] ? preempt_count_sub+0x50/0x80 [ 15.870332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.870357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.870380] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.870405] kthread+0x337/0x6f0 [ 15.870425] ? trace_preempt_on+0x20/0xc0 [ 15.870448] ? __pfx_kthread+0x10/0x10 [ 15.870470] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.870491] ? calculate_sigpending+0x7b/0xa0 [ 15.870524] ? __pfx_kthread+0x10/0x10 [ 15.870546] ret_from_fork+0x116/0x1d0 [ 15.870566] ? __pfx_kthread+0x10/0x10 [ 15.870597] ret_from_fork_asm+0x1a/0x30 [ 15.870628] </TASK> [ 15.870639] [ 15.881597] Allocated by task 282: [ 15.881735] kasan_save_stack+0x45/0x70 [ 15.881950] kasan_save_track+0x18/0x40 [ 15.882153] kasan_save_alloc_info+0x3b/0x50 [ 15.882345] __kasan_kmalloc+0xb7/0xc0 [ 15.882481] __kmalloc_cache_noprof+0x189/0x420 [ 15.882790] kasan_atomics+0x95/0x310 [ 15.882990] kunit_try_run_case+0x1a5/0x480 [ 15.883274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.883489] kthread+0x337/0x6f0 [ 15.883664] ret_from_fork+0x116/0x1d0 [ 15.883856] ret_from_fork_asm+0x1a/0x30 [ 15.884049] [ 15.884185] The buggy address belongs to the object at ffff8881025e4100 [ 15.884185] which belongs to the cache kmalloc-64 of size 64 [ 15.884691] The buggy address is located 0 bytes to the right of [ 15.884691] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.885209] [ 15.885330] The buggy address belongs to the physical page: [ 15.885548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.885793] flags: 0x200000000000000(node=0|zone=2) [ 15.885969] page_type: f5(slab) [ 15.886131] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.886532] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.886891] page dumped because: kasan: bad access detected [ 15.887172] [ 15.887248] Memory state around the buggy address: [ 15.887408] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.887697] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.888056] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.888516] ^ [ 15.888741] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.889395] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.889940] ================================================================== [ 15.967493] ================================================================== [ 15.967964] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 15.968377] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.968605] [ 15.968691] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.968735] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.968748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.968770] Call Trace: [ 15.968785] <TASK> [ 15.968835] dump_stack_lvl+0x73/0xb0 [ 15.968870] print_report+0xd1/0x610 [ 15.968893] ? __virt_addr_valid+0x1db/0x2d0 [ 15.968917] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.968939] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.968962] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.968985] kasan_report+0x141/0x180 [ 15.969008] ? kasan_atomics_helper+0x1b22/0x5450 [ 15.969054] kasan_check_range+0x10c/0x1c0 [ 15.969078] __kasan_check_write+0x18/0x20 [ 15.969099] kasan_atomics_helper+0x1b22/0x5450 [ 15.969137] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.969167] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.969193] ? kasan_atomics+0x152/0x310 [ 15.969221] kasan_atomics+0x1dc/0x310 [ 15.969261] ? __pfx_kasan_atomics+0x10/0x10 [ 15.969287] ? __pfx_read_tsc+0x10/0x10 [ 15.969309] ? ktime_get_ts64+0x86/0x230 [ 15.969334] kunit_try_run_case+0x1a5/0x480 [ 15.969360] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.969435] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.969461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.969485] ? __kthread_parkme+0x82/0x180 [ 15.969507] ? preempt_count_sub+0x50/0x80 [ 15.969530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.969556] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.969580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.969606] kthread+0x337/0x6f0 [ 15.969626] ? trace_preempt_on+0x20/0xc0 [ 15.969650] ? __pfx_kthread+0x10/0x10 [ 15.969671] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.969693] ? calculate_sigpending+0x7b/0xa0 [ 15.969718] ? __pfx_kthread+0x10/0x10 [ 15.969740] ret_from_fork+0x116/0x1d0 [ 15.969759] ? __pfx_kthread+0x10/0x10 [ 15.969781] ret_from_fork_asm+0x1a/0x30 [ 15.969822] </TASK> [ 15.969833] [ 15.977859] Allocated by task 282: [ 15.978019] kasan_save_stack+0x45/0x70 [ 15.978223] kasan_save_track+0x18/0x40 [ 15.978419] kasan_save_alloc_info+0x3b/0x50 [ 15.978629] __kasan_kmalloc+0xb7/0xc0 [ 15.978934] __kmalloc_cache_noprof+0x189/0x420 [ 15.979105] kasan_atomics+0x95/0x310 [ 15.979295] kunit_try_run_case+0x1a5/0x480 [ 15.979504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.979748] kthread+0x337/0x6f0 [ 15.979904] ret_from_fork+0x116/0x1d0 [ 15.980075] ret_from_fork_asm+0x1a/0x30 [ 15.980308] [ 15.980416] The buggy address belongs to the object at ffff8881025e4100 [ 15.980416] which belongs to the cache kmalloc-64 of size 64 [ 15.980881] The buggy address is located 0 bytes to the right of [ 15.980881] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.981547] [ 15.981628] The buggy address belongs to the physical page: [ 15.981895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.982350] flags: 0x200000000000000(node=0|zone=2) [ 15.982614] page_type: f5(slab) [ 15.982780] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.983080] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.983417] page dumped because: kasan: bad access detected [ 15.983669] [ 15.983773] Memory state around the buggy address: [ 15.984015] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.984361] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.984707] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.985047] ^ [ 15.985346] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.985673] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.985938] ================================================================== [ 16.165051] ================================================================== [ 16.165401] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 16.165770] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.166140] [ 16.166288] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.166332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.166345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.166367] Call Trace: [ 16.166383] <TASK> [ 16.166425] dump_stack_lvl+0x73/0xb0 [ 16.166454] print_report+0xd1/0x610 [ 16.166478] ? __virt_addr_valid+0x1db/0x2d0 [ 16.166501] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.166523] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.166545] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.166568] kasan_report+0x141/0x180 [ 16.166591] ? kasan_atomics_helper+0x4f98/0x5450 [ 16.166617] __asan_report_load8_noabort+0x18/0x20 [ 16.166642] kasan_atomics_helper+0x4f98/0x5450 [ 16.166665] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.166688] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.166713] ? kasan_atomics+0x152/0x310 [ 16.166740] kasan_atomics+0x1dc/0x310 [ 16.166763] ? __pfx_kasan_atomics+0x10/0x10 [ 16.166788] ? __pfx_read_tsc+0x10/0x10 [ 16.166810] ? ktime_get_ts64+0x86/0x230 [ 16.166876] kunit_try_run_case+0x1a5/0x480 [ 16.166902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.166926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.166950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.166974] ? __kthread_parkme+0x82/0x180 [ 16.166995] ? preempt_count_sub+0x50/0x80 [ 16.167019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.167043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.167067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.167111] kthread+0x337/0x6f0 [ 16.167132] ? trace_preempt_on+0x20/0xc0 [ 16.167156] ? __pfx_kthread+0x10/0x10 [ 16.167178] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.167200] ? calculate_sigpending+0x7b/0xa0 [ 16.167224] ? __pfx_kthread+0x10/0x10 [ 16.167247] ret_from_fork+0x116/0x1d0 [ 16.167266] ? __pfx_kthread+0x10/0x10 [ 16.167287] ret_from_fork_asm+0x1a/0x30 [ 16.167370] </TASK> [ 16.167381] [ 16.175262] Allocated by task 282: [ 16.175476] kasan_save_stack+0x45/0x70 [ 16.175687] kasan_save_track+0x18/0x40 [ 16.175876] kasan_save_alloc_info+0x3b/0x50 [ 16.176163] __kasan_kmalloc+0xb7/0xc0 [ 16.176343] __kmalloc_cache_noprof+0x189/0x420 [ 16.176592] kasan_atomics+0x95/0x310 [ 16.176734] kunit_try_run_case+0x1a5/0x480 [ 16.176910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.177195] kthread+0x337/0x6f0 [ 16.177370] ret_from_fork+0x116/0x1d0 [ 16.177528] ret_from_fork_asm+0x1a/0x30 [ 16.177721] [ 16.177850] The buggy address belongs to the object at ffff8881025e4100 [ 16.177850] which belongs to the cache kmalloc-64 of size 64 [ 16.178407] The buggy address is located 0 bytes to the right of [ 16.178407] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.178974] [ 16.179130] The buggy address belongs to the physical page: [ 16.179391] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.179736] flags: 0x200000000000000(node=0|zone=2) [ 16.179991] page_type: f5(slab) [ 16.180242] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.180581] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.180922] page dumped because: kasan: bad access detected [ 16.181200] [ 16.181331] Memory state around the buggy address: [ 16.181555] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.181783] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.182205] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.182517] ^ [ 16.182761] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.183146] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.183429] ================================================================== [ 16.126021] ================================================================== [ 16.126476] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 16.126867] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.127238] [ 16.127378] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.127424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.127437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.127458] Call Trace: [ 16.127475] <TASK> [ 16.127492] dump_stack_lvl+0x73/0xb0 [ 16.127520] print_report+0xd1/0x610 [ 16.127570] ? __virt_addr_valid+0x1db/0x2d0 [ 16.127592] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.127614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.127637] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.127659] kasan_report+0x141/0x180 [ 16.127683] ? kasan_atomics_helper+0x4f71/0x5450 [ 16.127710] __asan_report_load8_noabort+0x18/0x20 [ 16.127735] kasan_atomics_helper+0x4f71/0x5450 [ 16.127759] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.127783] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.127808] ? kasan_atomics+0x152/0x310 [ 16.127850] kasan_atomics+0x1dc/0x310 [ 16.127873] ? __pfx_kasan_atomics+0x10/0x10 [ 16.127898] ? __pfx_read_tsc+0x10/0x10 [ 16.127919] ? ktime_get_ts64+0x86/0x230 [ 16.127944] kunit_try_run_case+0x1a5/0x480 [ 16.127969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.127993] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.128017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.128041] ? __kthread_parkme+0x82/0x180 [ 16.128062] ? preempt_count_sub+0x50/0x80 [ 16.128136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.128164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.128189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.128213] kthread+0x337/0x6f0 [ 16.128234] ? trace_preempt_on+0x20/0xc0 [ 16.128258] ? __pfx_kthread+0x10/0x10 [ 16.128279] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.128302] ? calculate_sigpending+0x7b/0xa0 [ 16.128326] ? __pfx_kthread+0x10/0x10 [ 16.128349] ret_from_fork+0x116/0x1d0 [ 16.128368] ? __pfx_kthread+0x10/0x10 [ 16.128390] ret_from_fork_asm+0x1a/0x30 [ 16.128421] </TASK> [ 16.128432] [ 16.136402] Allocated by task 282: [ 16.136552] kasan_save_stack+0x45/0x70 [ 16.136701] kasan_save_track+0x18/0x40 [ 16.136864] kasan_save_alloc_info+0x3b/0x50 [ 16.137127] __kasan_kmalloc+0xb7/0xc0 [ 16.137320] __kmalloc_cache_noprof+0x189/0x420 [ 16.137574] kasan_atomics+0x95/0x310 [ 16.137768] kunit_try_run_case+0x1a5/0x480 [ 16.138017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.138305] kthread+0x337/0x6f0 [ 16.138487] ret_from_fork+0x116/0x1d0 [ 16.138672] ret_from_fork_asm+0x1a/0x30 [ 16.138869] [ 16.138951] The buggy address belongs to the object at ffff8881025e4100 [ 16.138951] which belongs to the cache kmalloc-64 of size 64 [ 16.139490] The buggy address is located 0 bytes to the right of [ 16.139490] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.139992] [ 16.140123] The buggy address belongs to the physical page: [ 16.140395] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.140756] flags: 0x200000000000000(node=0|zone=2) [ 16.141027] page_type: f5(slab) [ 16.141253] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.141627] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.141995] page dumped because: kasan: bad access detected [ 16.142288] [ 16.142379] Memory state around the buggy address: [ 16.142612] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.142941] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.143339] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.143787] ^ [ 16.144022] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.144384] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.144698] ================================================================== [ 15.744375] ================================================================== [ 15.744713] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 15.745048] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.745449] [ 15.745559] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.745602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.745616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.745648] Call Trace: [ 15.745665] <TASK> [ 15.745679] dump_stack_lvl+0x73/0xb0 [ 15.745707] print_report+0xd1/0x610 [ 15.745738] ? __virt_addr_valid+0x1db/0x2d0 [ 15.745761] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.745783] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.745825] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.745847] kasan_report+0x141/0x180 [ 15.745870] ? kasan_atomics_helper+0x15b6/0x5450 [ 15.745896] kasan_check_range+0x10c/0x1c0 [ 15.745921] __kasan_check_write+0x18/0x20 [ 15.745940] kasan_atomics_helper+0x15b6/0x5450 [ 15.745963] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.745985] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.746010] ? kasan_atomics+0x152/0x310 [ 15.746037] kasan_atomics+0x1dc/0x310 [ 15.746059] ? __pfx_kasan_atomics+0x10/0x10 [ 15.746084] ? __pfx_read_tsc+0x10/0x10 [ 15.746115] ? ktime_get_ts64+0x86/0x230 [ 15.746139] kunit_try_run_case+0x1a5/0x480 [ 15.746173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.746196] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.746232] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.746256] ? __kthread_parkme+0x82/0x180 [ 15.746277] ? preempt_count_sub+0x50/0x80 [ 15.746312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.746336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.746360] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.746384] kthread+0x337/0x6f0 [ 15.746404] ? trace_preempt_on+0x20/0xc0 [ 15.746428] ? __pfx_kthread+0x10/0x10 [ 15.746449] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.746472] ? calculate_sigpending+0x7b/0xa0 [ 15.746497] ? __pfx_kthread+0x10/0x10 [ 15.746520] ret_from_fork+0x116/0x1d0 [ 15.746539] ? __pfx_kthread+0x10/0x10 [ 15.746560] ret_from_fork_asm+0x1a/0x30 [ 15.746592] </TASK> [ 15.746602] [ 15.754562] Allocated by task 282: [ 15.754741] kasan_save_stack+0x45/0x70 [ 15.754896] kasan_save_track+0x18/0x40 [ 15.755123] kasan_save_alloc_info+0x3b/0x50 [ 15.755321] __kasan_kmalloc+0xb7/0xc0 [ 15.755459] __kmalloc_cache_noprof+0x189/0x420 [ 15.755683] kasan_atomics+0x95/0x310 [ 15.755871] kunit_try_run_case+0x1a5/0x480 [ 15.756110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.756301] kthread+0x337/0x6f0 [ 15.756424] ret_from_fork+0x116/0x1d0 [ 15.756558] ret_from_fork_asm+0x1a/0x30 [ 15.756699] [ 15.756771] The buggy address belongs to the object at ffff8881025e4100 [ 15.756771] which belongs to the cache kmalloc-64 of size 64 [ 15.757313] The buggy address is located 0 bytes to the right of [ 15.757313] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.758049] [ 15.758124] The buggy address belongs to the physical page: [ 15.758296] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.758538] flags: 0x200000000000000(node=0|zone=2) [ 15.759437] page_type: f5(slab) [ 15.759740] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.761039] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.762320] page dumped because: kasan: bad access detected [ 15.763141] [ 15.763312] Memory state around the buggy address: [ 15.763703] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.763939] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.764379] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.764973] ^ [ 15.765393] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.765985] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.766593] ================================================================== [ 15.145800] ================================================================== [ 15.146602] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 15.146890] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.147235] [ 15.147327] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.147371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.147384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.147406] Call Trace: [ 15.147424] <TASK> [ 15.147441] dump_stack_lvl+0x73/0xb0 [ 15.147468] print_report+0xd1/0x610 [ 15.147490] ? __virt_addr_valid+0x1db/0x2d0 [ 15.147513] ? kasan_atomics_helper+0x697/0x5450 [ 15.147535] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.147558] ? kasan_atomics_helper+0x697/0x5450 [ 15.147581] kasan_report+0x141/0x180 [ 15.147604] ? kasan_atomics_helper+0x697/0x5450 [ 15.147630] kasan_check_range+0x10c/0x1c0 [ 15.147654] __kasan_check_write+0x18/0x20 [ 15.147674] kasan_atomics_helper+0x697/0x5450 [ 15.147697] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.147721] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.147747] ? kasan_atomics+0x152/0x310 [ 15.147775] kasan_atomics+0x1dc/0x310 [ 15.147798] ? __pfx_kasan_atomics+0x10/0x10 [ 15.147835] ? __pfx_read_tsc+0x10/0x10 [ 15.147856] ? ktime_get_ts64+0x86/0x230 [ 15.147881] kunit_try_run_case+0x1a5/0x480 [ 15.147906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.147929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.147953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.147978] ? __kthread_parkme+0x82/0x180 [ 15.147998] ? preempt_count_sub+0x50/0x80 [ 15.148023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.148047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.148072] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.148105] kthread+0x337/0x6f0 [ 15.148125] ? trace_preempt_on+0x20/0xc0 [ 15.148148] ? __pfx_kthread+0x10/0x10 [ 15.148169] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.148192] ? calculate_sigpending+0x7b/0xa0 [ 15.148216] ? __pfx_kthread+0x10/0x10 [ 15.148238] ret_from_fork+0x116/0x1d0 [ 15.148257] ? __pfx_kthread+0x10/0x10 [ 15.148279] ret_from_fork_asm+0x1a/0x30 [ 15.148310] </TASK> [ 15.148322] [ 15.155597] Allocated by task 282: [ 15.155746] kasan_save_stack+0x45/0x70 [ 15.155959] kasan_save_track+0x18/0x40 [ 15.156141] kasan_save_alloc_info+0x3b/0x50 [ 15.156340] __kasan_kmalloc+0xb7/0xc0 [ 15.156484] __kmalloc_cache_noprof+0x189/0x420 [ 15.156715] kasan_atomics+0x95/0x310 [ 15.156867] kunit_try_run_case+0x1a5/0x480 [ 15.157017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.157194] kthread+0x337/0x6f0 [ 15.157317] ret_from_fork+0x116/0x1d0 [ 15.157453] ret_from_fork_asm+0x1a/0x30 [ 15.157595] [ 15.157668] The buggy address belongs to the object at ffff8881025e4100 [ 15.157668] which belongs to the cache kmalloc-64 of size 64 [ 15.158181] The buggy address is located 0 bytes to the right of [ 15.158181] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.158728] [ 15.158904] The buggy address belongs to the physical page: [ 15.159240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.159591] flags: 0x200000000000000(node=0|zone=2) [ 15.159833] page_type: f5(slab) [ 15.160001] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.160268] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.160497] page dumped because: kasan: bad access detected [ 15.160671] [ 15.160742] Memory state around the buggy address: [ 15.161121] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.161450] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.161779] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.162080] ^ [ 15.162301] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.162521] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.162737] ================================================================== [ 15.293057] ================================================================== [ 15.293795] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 15.294420] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.295048] [ 15.295222] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.295266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.295280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.295302] Call Trace: [ 15.295318] <TASK> [ 15.295333] dump_stack_lvl+0x73/0xb0 [ 15.295362] print_report+0xd1/0x610 [ 15.295385] ? __virt_addr_valid+0x1db/0x2d0 [ 15.295408] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.295429] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.295453] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.295475] kasan_report+0x141/0x180 [ 15.295498] ? kasan_atomics_helper+0xb6a/0x5450 [ 15.295524] kasan_check_range+0x10c/0x1c0 [ 15.295549] __kasan_check_write+0x18/0x20 [ 15.295569] kasan_atomics_helper+0xb6a/0x5450 [ 15.295592] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.295615] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.295641] ? kasan_atomics+0x152/0x310 [ 15.295668] kasan_atomics+0x1dc/0x310 [ 15.295691] ? __pfx_kasan_atomics+0x10/0x10 [ 15.295716] ? __pfx_read_tsc+0x10/0x10 [ 15.295737] ? ktime_get_ts64+0x86/0x230 [ 15.295761] kunit_try_run_case+0x1a5/0x480 [ 15.295786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.295810] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.295845] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.295869] ? __kthread_parkme+0x82/0x180 [ 15.295890] ? preempt_count_sub+0x50/0x80 [ 15.295913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.295938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.295962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.295986] kthread+0x337/0x6f0 [ 15.296006] ? trace_preempt_on+0x20/0xc0 [ 15.296030] ? __pfx_kthread+0x10/0x10 [ 15.296051] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.296073] ? calculate_sigpending+0x7b/0xa0 [ 15.296109] ? __pfx_kthread+0x10/0x10 [ 15.296132] ret_from_fork+0x116/0x1d0 [ 15.296151] ? __pfx_kthread+0x10/0x10 [ 15.296172] ret_from_fork_asm+0x1a/0x30 [ 15.296202] </TASK> [ 15.296213] [ 15.307164] Allocated by task 282: [ 15.307327] kasan_save_stack+0x45/0x70 [ 15.307483] kasan_save_track+0x18/0x40 [ 15.307682] kasan_save_alloc_info+0x3b/0x50 [ 15.307907] __kasan_kmalloc+0xb7/0xc0 [ 15.308071] __kmalloc_cache_noprof+0x189/0x420 [ 15.308277] kasan_atomics+0x95/0x310 [ 15.308453] kunit_try_run_case+0x1a5/0x480 [ 15.308635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.308882] kthread+0x337/0x6f0 [ 15.309031] ret_from_fork+0x116/0x1d0 [ 15.309242] ret_from_fork_asm+0x1a/0x30 [ 15.309428] [ 15.309530] The buggy address belongs to the object at ffff8881025e4100 [ 15.309530] which belongs to the cache kmalloc-64 of size 64 [ 15.309971] The buggy address is located 0 bytes to the right of [ 15.309971] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.310594] [ 15.310694] The buggy address belongs to the physical page: [ 15.310970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.311355] flags: 0x200000000000000(node=0|zone=2) [ 15.311586] page_type: f5(slab) [ 15.311737] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.312056] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.312382] page dumped because: kasan: bad access detected [ 15.312606] [ 15.312694] Memory state around the buggy address: [ 15.312901] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.313241] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.313525] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.313796] ^ [ 15.313998] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.314494] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.314781] ================================================================== [ 15.624080] ================================================================== [ 15.624422] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 15.624669] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.625034] [ 15.625142] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.625185] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.625198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.625219] Call Trace: [ 15.625235] <TASK> [ 15.625249] dump_stack_lvl+0x73/0xb0 [ 15.625276] print_report+0xd1/0x610 [ 15.625299] ? __virt_addr_valid+0x1db/0x2d0 [ 15.625322] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.625345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.625368] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.625392] kasan_report+0x141/0x180 [ 15.625428] ? kasan_atomics_helper+0x49ce/0x5450 [ 15.625455] __asan_report_load4_noabort+0x18/0x20 [ 15.625479] kasan_atomics_helper+0x49ce/0x5450 [ 15.625503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.625526] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.625551] ? kasan_atomics+0x152/0x310 [ 15.625589] kasan_atomics+0x1dc/0x310 [ 15.625613] ? __pfx_kasan_atomics+0x10/0x10 [ 15.625642] ? __pfx_read_tsc+0x10/0x10 [ 15.625678] ? ktime_get_ts64+0x86/0x230 [ 15.625702] kunit_try_run_case+0x1a5/0x480 [ 15.625727] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.625752] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.625777] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.625801] ? __kthread_parkme+0x82/0x180 [ 15.625831] ? preempt_count_sub+0x50/0x80 [ 15.625854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.625880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.625905] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.625929] kthread+0x337/0x6f0 [ 15.625950] ? trace_preempt_on+0x20/0xc0 [ 15.625973] ? __pfx_kthread+0x10/0x10 [ 15.625994] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.626016] ? calculate_sigpending+0x7b/0xa0 [ 15.626041] ? __pfx_kthread+0x10/0x10 [ 15.626063] ret_from_fork+0x116/0x1d0 [ 15.626083] ? __pfx_kthread+0x10/0x10 [ 15.626114] ret_from_fork_asm+0x1a/0x30 [ 15.626144] </TASK> [ 15.626155] [ 15.633728] Allocated by task 282: [ 15.634194] kasan_save_stack+0x45/0x70 [ 15.634605] kasan_save_track+0x18/0x40 [ 15.634755] kasan_save_alloc_info+0x3b/0x50 [ 15.636154] __kasan_kmalloc+0xb7/0xc0 [ 15.636500] __kmalloc_cache_noprof+0x189/0x420 [ 15.636939] kasan_atomics+0x95/0x310 [ 15.637268] kunit_try_run_case+0x1a5/0x480 [ 15.637630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.638060] kthread+0x337/0x6f0 [ 15.638413] ret_from_fork+0x116/0x1d0 [ 15.638742] ret_from_fork_asm+0x1a/0x30 [ 15.638902] [ 15.638979] The buggy address belongs to the object at ffff8881025e4100 [ 15.638979] which belongs to the cache kmalloc-64 of size 64 [ 15.639786] The buggy address is located 0 bytes to the right of [ 15.639786] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.641092] [ 15.641295] The buggy address belongs to the physical page: [ 15.641824] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.642604] flags: 0x200000000000000(node=0|zone=2) [ 15.642938] page_type: f5(slab) [ 15.643063] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.643734] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.644451] page dumped because: kasan: bad access detected [ 15.644874] [ 15.644947] Memory state around the buggy address: [ 15.645123] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.645644] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.646107] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.646738] ^ [ 15.646960] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.647839] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.648282] ================================================================== [ 15.986479] ================================================================== [ 15.986860] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 15.987358] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.987923] [ 15.988029] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.988072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.988085] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.988107] Call Trace: [ 15.988125] <TASK> [ 15.988142] dump_stack_lvl+0x73/0xb0 [ 15.988171] print_report+0xd1/0x610 [ 15.988194] ? __virt_addr_valid+0x1db/0x2d0 [ 15.988231] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.988254] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.988277] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.988299] kasan_report+0x141/0x180 [ 15.988322] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.988349] kasan_check_range+0x10c/0x1c0 [ 15.988373] __kasan_check_write+0x18/0x20 [ 15.988393] kasan_atomics_helper+0x1c18/0x5450 [ 15.988417] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.988440] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.988465] ? kasan_atomics+0x152/0x310 [ 15.988514] kasan_atomics+0x1dc/0x310 [ 15.988538] ? __pfx_kasan_atomics+0x10/0x10 [ 15.988563] ? __pfx_read_tsc+0x10/0x10 [ 15.988586] ? ktime_get_ts64+0x86/0x230 [ 15.988610] kunit_try_run_case+0x1a5/0x480 [ 15.988636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.988661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.988686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.988728] ? __kthread_parkme+0x82/0x180 [ 15.988749] ? preempt_count_sub+0x50/0x80 [ 15.988774] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.988799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.988862] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.988888] kthread+0x337/0x6f0 [ 15.988909] ? trace_preempt_on+0x20/0xc0 [ 15.988969] ? __pfx_kthread+0x10/0x10 [ 15.988992] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.989014] ? calculate_sigpending+0x7b/0xa0 [ 15.989038] ? __pfx_kthread+0x10/0x10 [ 15.989060] ret_from_fork+0x116/0x1d0 [ 15.989079] ? __pfx_kthread+0x10/0x10 [ 15.989111] ret_from_fork_asm+0x1a/0x30 [ 15.989144] </TASK> [ 15.989155] [ 15.997597] Allocated by task 282: [ 15.997808] kasan_save_stack+0x45/0x70 [ 15.998019] kasan_save_track+0x18/0x40 [ 15.998211] kasan_save_alloc_info+0x3b/0x50 [ 15.998421] __kasan_kmalloc+0xb7/0xc0 [ 15.998691] __kmalloc_cache_noprof+0x189/0x420 [ 15.998860] kasan_atomics+0x95/0x310 [ 15.999056] kunit_try_run_case+0x1a5/0x480 [ 15.999274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.999538] kthread+0x337/0x6f0 [ 15.999728] ret_from_fork+0x116/0x1d0 [ 15.999951] ret_from_fork_asm+0x1a/0x30 [ 16.000153] [ 16.000267] The buggy address belongs to the object at ffff8881025e4100 [ 16.000267] which belongs to the cache kmalloc-64 of size 64 [ 16.000767] The buggy address is located 0 bytes to the right of [ 16.000767] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.001334] [ 16.001434] The buggy address belongs to the physical page: [ 16.001707] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.002063] flags: 0x200000000000000(node=0|zone=2) [ 16.002325] page_type: f5(slab) [ 16.002502] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.002809] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.003054] page dumped because: kasan: bad access detected [ 16.003465] [ 16.003561] Memory state around the buggy address: [ 16.003785] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.004083] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.004426] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.004685] ^ [ 16.004965] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.005335] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.005648] ================================================================== [ 15.688584] ================================================================== [ 15.688931] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 15.689311] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.689655] [ 15.689751] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.689795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.689808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.689841] Call Trace: [ 15.689854] <TASK> [ 15.689869] dump_stack_lvl+0x73/0xb0 [ 15.689896] print_report+0xd1/0x610 [ 15.689918] ? __virt_addr_valid+0x1db/0x2d0 [ 15.689941] ? kasan_atomics_helper+0x1467/0x5450 [ 15.689963] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.689986] ? kasan_atomics_helper+0x1467/0x5450 [ 15.690009] kasan_report+0x141/0x180 [ 15.690032] ? kasan_atomics_helper+0x1467/0x5450 [ 15.690058] kasan_check_range+0x10c/0x1c0 [ 15.690083] __kasan_check_write+0x18/0x20 [ 15.690103] kasan_atomics_helper+0x1467/0x5450 [ 15.690126] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.690149] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.690174] ? kasan_atomics+0x152/0x310 [ 15.690200] kasan_atomics+0x1dc/0x310 [ 15.690234] ? __pfx_kasan_atomics+0x10/0x10 [ 15.690258] ? __pfx_read_tsc+0x10/0x10 [ 15.690279] ? ktime_get_ts64+0x86/0x230 [ 15.690315] kunit_try_run_case+0x1a5/0x480 [ 15.690340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.690364] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.690388] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.690412] ? __kthread_parkme+0x82/0x180 [ 15.690444] ? preempt_count_sub+0x50/0x80 [ 15.690477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.690501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.690525] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.690560] kthread+0x337/0x6f0 [ 15.690581] ? trace_preempt_on+0x20/0xc0 [ 15.690604] ? __pfx_kthread+0x10/0x10 [ 15.690625] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.690647] ? calculate_sigpending+0x7b/0xa0 [ 15.690671] ? __pfx_kthread+0x10/0x10 [ 15.690693] ret_from_fork+0x116/0x1d0 [ 15.690712] ? __pfx_kthread+0x10/0x10 [ 15.690733] ret_from_fork_asm+0x1a/0x30 [ 15.690763] </TASK> [ 15.690774] [ 15.698871] Allocated by task 282: [ 15.699070] kasan_save_stack+0x45/0x70 [ 15.699293] kasan_save_track+0x18/0x40 [ 15.699483] kasan_save_alloc_info+0x3b/0x50 [ 15.699674] __kasan_kmalloc+0xb7/0xc0 [ 15.699884] __kmalloc_cache_noprof+0x189/0x420 [ 15.700075] kasan_atomics+0x95/0x310 [ 15.700283] kunit_try_run_case+0x1a5/0x480 [ 15.700452] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.700710] kthread+0x337/0x6f0 [ 15.700858] ret_from_fork+0x116/0x1d0 [ 15.701064] ret_from_fork_asm+0x1a/0x30 [ 15.701260] [ 15.701362] The buggy address belongs to the object at ffff8881025e4100 [ 15.701362] which belongs to the cache kmalloc-64 of size 64 [ 15.701738] The buggy address is located 0 bytes to the right of [ 15.701738] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.702119] [ 15.702195] The buggy address belongs to the physical page: [ 15.702370] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.702614] flags: 0x200000000000000(node=0|zone=2) [ 15.702779] page_type: f5(slab) [ 15.702949] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.703609] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.703957] page dumped because: kasan: bad access detected [ 15.704206] [ 15.704301] Memory state around the buggy address: [ 15.704523] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.704856] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.705242] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.705464] ^ [ 15.705622] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.705851] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.706066] ================================================================== [ 15.456606] ================================================================== [ 15.456974] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 15.457309] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.457726] [ 15.457835] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.457881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.457896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.457917] Call Trace: [ 15.457933] <TASK> [ 15.457947] dump_stack_lvl+0x73/0xb0 [ 15.457976] print_report+0xd1/0x610 [ 15.457998] ? __virt_addr_valid+0x1db/0x2d0 [ 15.458021] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.458042] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.458065] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.458088] kasan_report+0x141/0x180 [ 15.458123] ? kasan_atomics_helper+0x4a36/0x5450 [ 15.458150] __asan_report_load4_noabort+0x18/0x20 [ 15.458175] kasan_atomics_helper+0x4a36/0x5450 [ 15.458197] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.458220] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.458271] ? kasan_atomics+0x152/0x310 [ 15.458298] kasan_atomics+0x1dc/0x310 [ 15.458321] ? __pfx_kasan_atomics+0x10/0x10 [ 15.458364] ? __pfx_read_tsc+0x10/0x10 [ 15.458384] ? ktime_get_ts64+0x86/0x230 [ 15.458408] kunit_try_run_case+0x1a5/0x480 [ 15.458450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.458474] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.458498] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.458521] ? __kthread_parkme+0x82/0x180 [ 15.458542] ? preempt_count_sub+0x50/0x80 [ 15.458566] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.458590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.458632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.458656] kthread+0x337/0x6f0 [ 15.458677] ? trace_preempt_on+0x20/0xc0 [ 15.458700] ? __pfx_kthread+0x10/0x10 [ 15.458721] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.458744] ? calculate_sigpending+0x7b/0xa0 [ 15.458767] ? __pfx_kthread+0x10/0x10 [ 15.458807] ret_from_fork+0x116/0x1d0 [ 15.458836] ? __pfx_kthread+0x10/0x10 [ 15.458857] ret_from_fork_asm+0x1a/0x30 [ 15.458888] </TASK> [ 15.458899] [ 15.467027] Allocated by task 282: [ 15.467199] kasan_save_stack+0x45/0x70 [ 15.467426] kasan_save_track+0x18/0x40 [ 15.467609] kasan_save_alloc_info+0x3b/0x50 [ 15.467823] __kasan_kmalloc+0xb7/0xc0 [ 15.468005] __kmalloc_cache_noprof+0x189/0x420 [ 15.468192] kasan_atomics+0x95/0x310 [ 15.468385] kunit_try_run_case+0x1a5/0x480 [ 15.468601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.469015] kthread+0x337/0x6f0 [ 15.469215] ret_from_fork+0x116/0x1d0 [ 15.469371] ret_from_fork_asm+0x1a/0x30 [ 15.469583] [ 15.469699] The buggy address belongs to the object at ffff8881025e4100 [ 15.469699] which belongs to the cache kmalloc-64 of size 64 [ 15.470271] The buggy address is located 0 bytes to the right of [ 15.470271] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.470843] [ 15.470945] The buggy address belongs to the physical page: [ 15.471327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.471626] flags: 0x200000000000000(node=0|zone=2) [ 15.471791] page_type: f5(slab) [ 15.472125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.472454] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.472767] page dumped because: kasan: bad access detected [ 15.473022] [ 15.474005] Memory state around the buggy address: [ 15.474200] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.474435] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.474660] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.476199] ^ [ 15.476543] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.476767] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.477001] ================================================================== [ 16.223043] ================================================================== [ 16.223480] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 16.223807] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.224243] [ 16.224373] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.224418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.224431] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.224453] Call Trace: [ 16.224468] <TASK> [ 16.224485] dump_stack_lvl+0x73/0xb0 [ 16.224543] print_report+0xd1/0x610 [ 16.224565] ? __virt_addr_valid+0x1db/0x2d0 [ 16.224587] ? kasan_atomics_helper+0x218a/0x5450 [ 16.224609] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.224632] ? kasan_atomics_helper+0x218a/0x5450 [ 16.224654] kasan_report+0x141/0x180 [ 16.224676] ? kasan_atomics_helper+0x218a/0x5450 [ 16.224733] kasan_check_range+0x10c/0x1c0 [ 16.224758] __kasan_check_write+0x18/0x20 [ 16.224801] kasan_atomics_helper+0x218a/0x5450 [ 16.224862] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.224910] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.224936] ? kasan_atomics+0x152/0x310 [ 16.224964] kasan_atomics+0x1dc/0x310 [ 16.224987] ? __pfx_kasan_atomics+0x10/0x10 [ 16.225012] ? __pfx_read_tsc+0x10/0x10 [ 16.225033] ? ktime_get_ts64+0x86/0x230 [ 16.225057] kunit_try_run_case+0x1a5/0x480 [ 16.225102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.225126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.225151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.225175] ? __kthread_parkme+0x82/0x180 [ 16.225196] ? preempt_count_sub+0x50/0x80 [ 16.225220] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.225245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.225269] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.225326] kthread+0x337/0x6f0 [ 16.225347] ? trace_preempt_on+0x20/0xc0 [ 16.225370] ? __pfx_kthread+0x10/0x10 [ 16.225394] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.225420] ? calculate_sigpending+0x7b/0xa0 [ 16.225474] ? __pfx_kthread+0x10/0x10 [ 16.225498] ret_from_fork+0x116/0x1d0 [ 16.225517] ? __pfx_kthread+0x10/0x10 [ 16.225539] ret_from_fork_asm+0x1a/0x30 [ 16.225570] </TASK> [ 16.225581] [ 16.233910] Allocated by task 282: [ 16.234124] kasan_save_stack+0x45/0x70 [ 16.234327] kasan_save_track+0x18/0x40 [ 16.234518] kasan_save_alloc_info+0x3b/0x50 [ 16.234726] __kasan_kmalloc+0xb7/0xc0 [ 16.234920] __kmalloc_cache_noprof+0x189/0x420 [ 16.235161] kasan_atomics+0x95/0x310 [ 16.235349] kunit_try_run_case+0x1a5/0x480 [ 16.235561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.235792] kthread+0x337/0x6f0 [ 16.235928] ret_from_fork+0x116/0x1d0 [ 16.236063] ret_from_fork_asm+0x1a/0x30 [ 16.236318] [ 16.236417] The buggy address belongs to the object at ffff8881025e4100 [ 16.236417] which belongs to the cache kmalloc-64 of size 64 [ 16.236974] The buggy address is located 0 bytes to the right of [ 16.236974] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.237550] [ 16.237640] The buggy address belongs to the physical page: [ 16.237925] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.238310] flags: 0x200000000000000(node=0|zone=2) [ 16.238553] page_type: f5(slab) [ 16.238729] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.239126] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.239456] page dumped because: kasan: bad access detected [ 16.239712] [ 16.239810] Memory state around the buggy address: [ 16.239981] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.240307] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.240667] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.241001] ^ [ 16.241189] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.241477] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.241870] ================================================================== [ 15.253065] ================================================================== [ 15.253308] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 15.253629] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.253979] [ 15.254085] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.254128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.254141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.254163] Call Trace: [ 15.254178] <TASK> [ 15.254194] dump_stack_lvl+0x73/0xb0 [ 15.254220] print_report+0xd1/0x610 [ 15.254242] ? __virt_addr_valid+0x1db/0x2d0 [ 15.254265] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.254287] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.254310] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.254331] kasan_report+0x141/0x180 [ 15.254353] ? kasan_atomics_helper+0xa2b/0x5450 [ 15.254379] kasan_check_range+0x10c/0x1c0 [ 15.254417] __kasan_check_write+0x18/0x20 [ 15.254436] kasan_atomics_helper+0xa2b/0x5450 [ 15.254459] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.254483] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.254509] ? kasan_atomics+0x152/0x310 [ 15.254536] kasan_atomics+0x1dc/0x310 [ 15.254559] ? __pfx_kasan_atomics+0x10/0x10 [ 15.254584] ? __pfx_read_tsc+0x10/0x10 [ 15.254605] ? ktime_get_ts64+0x86/0x230 [ 15.254630] kunit_try_run_case+0x1a5/0x480 [ 15.254654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.254678] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.254703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.254727] ? __kthread_parkme+0x82/0x180 [ 15.254747] ? preempt_count_sub+0x50/0x80 [ 15.254771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.254795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.254828] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.254854] kthread+0x337/0x6f0 [ 15.254874] ? trace_preempt_on+0x20/0xc0 [ 15.254898] ? __pfx_kthread+0x10/0x10 [ 15.254918] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.254941] ? calculate_sigpending+0x7b/0xa0 [ 15.254964] ? __pfx_kthread+0x10/0x10 [ 15.254987] ret_from_fork+0x116/0x1d0 [ 15.255006] ? __pfx_kthread+0x10/0x10 [ 15.255027] ret_from_fork_asm+0x1a/0x30 [ 15.255057] </TASK> [ 15.255068] [ 15.262504] Allocated by task 282: [ 15.262678] kasan_save_stack+0x45/0x70 [ 15.262882] kasan_save_track+0x18/0x40 [ 15.263024] kasan_save_alloc_info+0x3b/0x50 [ 15.263393] __kasan_kmalloc+0xb7/0xc0 [ 15.263534] __kmalloc_cache_noprof+0x189/0x420 [ 15.263692] kasan_atomics+0x95/0x310 [ 15.263837] kunit_try_run_case+0x1a5/0x480 [ 15.264043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.264582] kthread+0x337/0x6f0 [ 15.264741] ret_from_fork+0x116/0x1d0 [ 15.264934] ret_from_fork_asm+0x1a/0x30 [ 15.265146] [ 15.265226] The buggy address belongs to the object at ffff8881025e4100 [ 15.265226] which belongs to the cache kmalloc-64 of size 64 [ 15.265685] The buggy address is located 0 bytes to the right of [ 15.265685] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.266189] [ 15.266289] The buggy address belongs to the physical page: [ 15.266551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.266801] flags: 0x200000000000000(node=0|zone=2) [ 15.266976] page_type: f5(slab) [ 15.267179] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.267525] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.267881] page dumped because: kasan: bad access detected [ 15.268185] [ 15.268279] Memory state around the buggy address: [ 15.268488] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.268715] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.269048] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.269350] ^ [ 15.269571] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.269851] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.270165] ================================================================== [ 15.104787] ================================================================== [ 15.105603] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 15.106259] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.106886] [ 15.107061] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.107105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.107118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.107139] Call Trace: [ 15.107155] <TASK> [ 15.107171] dump_stack_lvl+0x73/0xb0 [ 15.107199] print_report+0xd1/0x610 [ 15.107221] ? __virt_addr_valid+0x1db/0x2d0 [ 15.107243] ? kasan_atomics_helper+0x565/0x5450 [ 15.107264] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.107288] ? kasan_atomics_helper+0x565/0x5450 [ 15.107310] kasan_report+0x141/0x180 [ 15.107332] ? kasan_atomics_helper+0x565/0x5450 [ 15.107359] kasan_check_range+0x10c/0x1c0 [ 15.107383] __kasan_check_write+0x18/0x20 [ 15.107403] kasan_atomics_helper+0x565/0x5450 [ 15.107426] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.107449] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.107474] ? kasan_atomics+0x152/0x310 [ 15.107501] kasan_atomics+0x1dc/0x310 [ 15.107524] ? __pfx_kasan_atomics+0x10/0x10 [ 15.107549] ? __pfx_read_tsc+0x10/0x10 [ 15.107570] ? ktime_get_ts64+0x86/0x230 [ 15.107594] kunit_try_run_case+0x1a5/0x480 [ 15.107619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.107642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.107667] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.107692] ? __kthread_parkme+0x82/0x180 [ 15.107713] ? preempt_count_sub+0x50/0x80 [ 15.107737] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.107762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.107786] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.107821] kthread+0x337/0x6f0 [ 15.107842] ? trace_preempt_on+0x20/0xc0 [ 15.107865] ? __pfx_kthread+0x10/0x10 [ 15.107887] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.107909] ? calculate_sigpending+0x7b/0xa0 [ 15.107934] ? __pfx_kthread+0x10/0x10 [ 15.107956] ret_from_fork+0x116/0x1d0 [ 15.107975] ? __pfx_kthread+0x10/0x10 [ 15.107997] ret_from_fork_asm+0x1a/0x30 [ 15.108028] </TASK> [ 15.108040] [ 15.119791] Allocated by task 282: [ 15.119988] kasan_save_stack+0x45/0x70 [ 15.120267] kasan_save_track+0x18/0x40 [ 15.120448] kasan_save_alloc_info+0x3b/0x50 [ 15.120631] __kasan_kmalloc+0xb7/0xc0 [ 15.120798] __kmalloc_cache_noprof+0x189/0x420 [ 15.120999] kasan_atomics+0x95/0x310 [ 15.121242] kunit_try_run_case+0x1a5/0x480 [ 15.121391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.121568] kthread+0x337/0x6f0 [ 15.121696] ret_from_fork+0x116/0x1d0 [ 15.121892] ret_from_fork_asm+0x1a/0x30 [ 15.122092] [ 15.122190] The buggy address belongs to the object at ffff8881025e4100 [ 15.122190] which belongs to the cache kmalloc-64 of size 64 [ 15.122926] The buggy address is located 0 bytes to the right of [ 15.122926] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.123420] [ 15.123513] The buggy address belongs to the physical page: [ 15.123688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.123946] flags: 0x200000000000000(node=0|zone=2) [ 15.124222] page_type: f5(slab) [ 15.124391] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.124738] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.125044] page dumped because: kasan: bad access detected [ 15.125301] [ 15.125382] Memory state around the buggy address: [ 15.125605] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.125878] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.126223] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.126494] ^ [ 15.126688] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.126973] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.127281] ================================================================== [ 15.066792] ================================================================== [ 15.067344] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 15.067639] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.067910] [ 15.068000] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.068044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.068058] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.068080] Call Trace: [ 15.068098] <TASK> [ 15.068113] dump_stack_lvl+0x73/0xb0 [ 15.068140] print_report+0xd1/0x610 [ 15.068162] ? __virt_addr_valid+0x1db/0x2d0 [ 15.068185] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.068207] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.068230] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.068252] kasan_report+0x141/0x180 [ 15.068275] ? kasan_atomics_helper+0x4a0/0x5450 [ 15.068301] kasan_check_range+0x10c/0x1c0 [ 15.068325] __kasan_check_write+0x18/0x20 [ 15.068345] kasan_atomics_helper+0x4a0/0x5450 [ 15.068369] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.068392] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.068417] ? kasan_atomics+0x152/0x310 [ 15.068444] kasan_atomics+0x1dc/0x310 [ 15.068467] ? __pfx_kasan_atomics+0x10/0x10 [ 15.068493] ? __pfx_read_tsc+0x10/0x10 [ 15.068514] ? ktime_get_ts64+0x86/0x230 [ 15.068539] kunit_try_run_case+0x1a5/0x480 [ 15.068563] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.068587] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.068611] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.068635] ? __kthread_parkme+0x82/0x180 [ 15.068655] ? preempt_count_sub+0x50/0x80 [ 15.068679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.068703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.068727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.068751] kthread+0x337/0x6f0 [ 15.068772] ? trace_preempt_on+0x20/0xc0 [ 15.068795] ? __pfx_kthread+0x10/0x10 [ 15.068825] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.068853] ? calculate_sigpending+0x7b/0xa0 [ 15.068877] ? __pfx_kthread+0x10/0x10 [ 15.068899] ret_from_fork+0x116/0x1d0 [ 15.068918] ? __pfx_kthread+0x10/0x10 [ 15.068938] ret_from_fork_asm+0x1a/0x30 [ 15.068969] </TASK> [ 15.068981] [ 15.076436] Allocated by task 282: [ 15.076564] kasan_save_stack+0x45/0x70 [ 15.076707] kasan_save_track+0x18/0x40 [ 15.076860] kasan_save_alloc_info+0x3b/0x50 [ 15.077012] __kasan_kmalloc+0xb7/0xc0 [ 15.077146] __kmalloc_cache_noprof+0x189/0x420 [ 15.077543] kasan_atomics+0x95/0x310 [ 15.077736] kunit_try_run_case+0x1a5/0x480 [ 15.077954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.078364] kthread+0x337/0x6f0 [ 15.078536] ret_from_fork+0x116/0x1d0 [ 15.078727] ret_from_fork_asm+0x1a/0x30 [ 15.078938] [ 15.079040] The buggy address belongs to the object at ffff8881025e4100 [ 15.079040] which belongs to the cache kmalloc-64 of size 64 [ 15.079967] The buggy address is located 0 bytes to the right of [ 15.079967] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.080381] [ 15.080456] The buggy address belongs to the physical page: [ 15.080631] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.080915] flags: 0x200000000000000(node=0|zone=2) [ 15.081156] page_type: f5(slab) [ 15.081325] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.081665] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.081944] page dumped because: kasan: bad access detected [ 15.082120] [ 15.082192] Memory state around the buggy address: [ 15.082348] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.082568] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.083235] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.083560] ^ [ 15.083786] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.084123] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.084398] ================================================================== [ 16.024145] ================================================================== [ 16.024851] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 16.025208] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.025543] [ 16.025646] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.025689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.025702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.025745] Call Trace: [ 16.025759] <TASK> [ 16.025774] dump_stack_lvl+0x73/0xb0 [ 16.025801] print_report+0xd1/0x610 [ 16.025835] ? __virt_addr_valid+0x1db/0x2d0 [ 16.025858] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.025879] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.025904] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.025946] kasan_report+0x141/0x180 [ 16.025968] ? kasan_atomics_helper+0x1ce1/0x5450 [ 16.025996] kasan_check_range+0x10c/0x1c0 [ 16.026020] __kasan_check_write+0x18/0x20 [ 16.026040] kasan_atomics_helper+0x1ce1/0x5450 [ 16.026064] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.026087] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.026125] ? kasan_atomics+0x152/0x310 [ 16.026153] kasan_atomics+0x1dc/0x310 [ 16.026177] ? __pfx_kasan_atomics+0x10/0x10 [ 16.026202] ? __pfx_read_tsc+0x10/0x10 [ 16.026224] ? ktime_get_ts64+0x86/0x230 [ 16.026248] kunit_try_run_case+0x1a5/0x480 [ 16.026274] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.026297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.026322] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.026347] ? __kthread_parkme+0x82/0x180 [ 16.026369] ? preempt_count_sub+0x50/0x80 [ 16.026393] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.026419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.026443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.026468] kthread+0x337/0x6f0 [ 16.026489] ? trace_preempt_on+0x20/0xc0 [ 16.026513] ? __pfx_kthread+0x10/0x10 [ 16.026535] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.026558] ? calculate_sigpending+0x7b/0xa0 [ 16.026584] ? __pfx_kthread+0x10/0x10 [ 16.026609] ret_from_fork+0x116/0x1d0 [ 16.026629] ? __pfx_kthread+0x10/0x10 [ 16.026654] ret_from_fork_asm+0x1a/0x30 [ 16.026687] </TASK> [ 16.026698] [ 16.034045] Allocated by task 282: [ 16.034299] kasan_save_stack+0x45/0x70 [ 16.034441] kasan_save_track+0x18/0x40 [ 16.034575] kasan_save_alloc_info+0x3b/0x50 [ 16.034747] __kasan_kmalloc+0xb7/0xc0 [ 16.034942] __kmalloc_cache_noprof+0x189/0x420 [ 16.035160] kasan_atomics+0x95/0x310 [ 16.035500] kunit_try_run_case+0x1a5/0x480 [ 16.035655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.035846] kthread+0x337/0x6f0 [ 16.036038] ret_from_fork+0x116/0x1d0 [ 16.036392] ret_from_fork_asm+0x1a/0x30 [ 16.036593] [ 16.036695] The buggy address belongs to the object at ffff8881025e4100 [ 16.036695] which belongs to the cache kmalloc-64 of size 64 [ 16.037066] The buggy address is located 0 bytes to the right of [ 16.037066] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.037601] [ 16.037700] The buggy address belongs to the physical page: [ 16.037891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.038220] flags: 0x200000000000000(node=0|zone=2) [ 16.038458] page_type: f5(slab) [ 16.038641] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.038914] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.039137] page dumped because: kasan: bad access detected [ 16.039309] [ 16.039379] Memory state around the buggy address: [ 16.039531] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.039834] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.040144] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.040451] ^ [ 16.040669] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.041305] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.041518] ================================================================== [ 15.048578] ================================================================== [ 15.049073] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 15.049712] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.049999] [ 15.050087] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.050139] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.050152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.050174] Call Trace: [ 15.050191] <TASK> [ 15.050207] dump_stack_lvl+0x73/0xb0 [ 15.050234] print_report+0xd1/0x610 [ 15.050256] ? __virt_addr_valid+0x1db/0x2d0 [ 15.050279] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.050301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.050324] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.050347] kasan_report+0x141/0x180 [ 15.050371] ? kasan_atomics_helper+0x4b54/0x5450 [ 15.050397] __asan_report_load4_noabort+0x18/0x20 [ 15.050423] kasan_atomics_helper+0x4b54/0x5450 [ 15.050446] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.050469] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.050495] ? kasan_atomics+0x152/0x310 [ 15.050522] kasan_atomics+0x1dc/0x310 [ 15.050546] ? __pfx_kasan_atomics+0x10/0x10 [ 15.050571] ? __pfx_read_tsc+0x10/0x10 [ 15.050591] ? ktime_get_ts64+0x86/0x230 [ 15.050616] kunit_try_run_case+0x1a5/0x480 [ 15.050642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.050664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.050689] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.050714] ? __kthread_parkme+0x82/0x180 [ 15.050735] ? preempt_count_sub+0x50/0x80 [ 15.050760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.050784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.050808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.050843] kthread+0x337/0x6f0 [ 15.050863] ? trace_preempt_on+0x20/0xc0 [ 15.050886] ? __pfx_kthread+0x10/0x10 [ 15.050908] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.050930] ? calculate_sigpending+0x7b/0xa0 [ 15.050955] ? __pfx_kthread+0x10/0x10 [ 15.050979] ret_from_fork+0x116/0x1d0 [ 15.051001] ? __pfx_kthread+0x10/0x10 [ 15.051022] ret_from_fork_asm+0x1a/0x30 [ 15.051054] </TASK> [ 15.051064] [ 15.058358] Allocated by task 282: [ 15.058540] kasan_save_stack+0x45/0x70 [ 15.058744] kasan_save_track+0x18/0x40 [ 15.058947] kasan_save_alloc_info+0x3b/0x50 [ 15.059199] __kasan_kmalloc+0xb7/0xc0 [ 15.059339] __kmalloc_cache_noprof+0x189/0x420 [ 15.059527] kasan_atomics+0x95/0x310 [ 15.059717] kunit_try_run_case+0x1a5/0x480 [ 15.059937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.060187] kthread+0x337/0x6f0 [ 15.060343] ret_from_fork+0x116/0x1d0 [ 15.060501] ret_from_fork_asm+0x1a/0x30 [ 15.060702] [ 15.060794] The buggy address belongs to the object at ffff8881025e4100 [ 15.060794] which belongs to the cache kmalloc-64 of size 64 [ 15.061299] The buggy address is located 0 bytes to the right of [ 15.061299] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.061782] [ 15.061890] The buggy address belongs to the physical page: [ 15.062147] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.062442] flags: 0x200000000000000(node=0|zone=2) [ 15.062690] page_type: f5(slab) [ 15.062847] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.063196] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.063508] page dumped because: kasan: bad access detected [ 15.063717] [ 15.063825] Memory state around the buggy address: [ 15.064020] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.064340] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.064589] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.064805] ^ [ 15.065045] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.065590] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.065871] ================================================================== [ 15.812764] ================================================================== [ 15.813173] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 15.813907] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.814508] [ 15.814722] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.814850] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.814865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.814887] Call Trace: [ 15.814905] <TASK> [ 15.814923] dump_stack_lvl+0x73/0xb0 [ 15.814952] print_report+0xd1/0x610 [ 15.814975] ? __virt_addr_valid+0x1db/0x2d0 [ 15.814998] ? kasan_atomics_helper+0x177f/0x5450 [ 15.815019] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.815043] ? kasan_atomics_helper+0x177f/0x5450 [ 15.815066] kasan_report+0x141/0x180 [ 15.815088] ? kasan_atomics_helper+0x177f/0x5450 [ 15.815115] kasan_check_range+0x10c/0x1c0 [ 15.815139] __kasan_check_write+0x18/0x20 [ 15.815159] kasan_atomics_helper+0x177f/0x5450 [ 15.815183] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.815206] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.815231] ? kasan_atomics+0x152/0x310 [ 15.815258] kasan_atomics+0x1dc/0x310 [ 15.815282] ? __pfx_kasan_atomics+0x10/0x10 [ 15.815307] ? __pfx_read_tsc+0x10/0x10 [ 15.815328] ? ktime_get_ts64+0x86/0x230 [ 15.815352] kunit_try_run_case+0x1a5/0x480 [ 15.815377] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.815399] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.815423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.815447] ? __kthread_parkme+0x82/0x180 [ 15.815468] ? preempt_count_sub+0x50/0x80 [ 15.815491] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.815516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.815541] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.815565] kthread+0x337/0x6f0 [ 15.815585] ? trace_preempt_on+0x20/0xc0 [ 15.815608] ? __pfx_kthread+0x10/0x10 [ 15.815631] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.815654] ? calculate_sigpending+0x7b/0xa0 [ 15.815679] ? __pfx_kthread+0x10/0x10 [ 15.815701] ret_from_fork+0x116/0x1d0 [ 15.815720] ? __pfx_kthread+0x10/0x10 [ 15.815741] ret_from_fork_asm+0x1a/0x30 [ 15.815772] </TASK> [ 15.815783] [ 15.825725] Allocated by task 282: [ 15.826006] kasan_save_stack+0x45/0x70 [ 15.826295] kasan_save_track+0x18/0x40 [ 15.826461] kasan_save_alloc_info+0x3b/0x50 [ 15.826682] __kasan_kmalloc+0xb7/0xc0 [ 15.827036] __kmalloc_cache_noprof+0x189/0x420 [ 15.827224] kasan_atomics+0x95/0x310 [ 15.827560] kunit_try_run_case+0x1a5/0x480 [ 15.827737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.828156] kthread+0x337/0x6f0 [ 15.828397] ret_from_fork+0x116/0x1d0 [ 15.828548] ret_from_fork_asm+0x1a/0x30 [ 15.828748] [ 15.828860] The buggy address belongs to the object at ffff8881025e4100 [ 15.828860] which belongs to the cache kmalloc-64 of size 64 [ 15.829546] The buggy address is located 0 bytes to the right of [ 15.829546] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.830190] [ 15.830431] The buggy address belongs to the physical page: [ 15.831360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.831618] flags: 0x200000000000000(node=0|zone=2) [ 15.831790] page_type: f5(slab) [ 15.831945] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.832190] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.832423] page dumped because: kasan: bad access detected [ 15.832600] [ 15.832675] Memory state around the buggy address: [ 15.833375] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.834502] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.835613] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.836560] ^ [ 15.837289] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.838337] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.839297] ================================================================== [ 14.941328] ================================================================== [ 14.942739] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 14.943963] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 14.944883] [ 14.945353] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.945406] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.945420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.945442] Call Trace: [ 14.945457] <TASK> [ 14.945472] dump_stack_lvl+0x73/0xb0 [ 14.945504] print_report+0xd1/0x610 [ 14.945525] ? __virt_addr_valid+0x1db/0x2d0 [ 14.945548] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.945569] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.945591] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.945613] kasan_report+0x141/0x180 [ 14.945634] ? kasan_atomics_helper+0x4bbc/0x5450 [ 14.945659] __asan_report_load4_noabort+0x18/0x20 [ 14.945683] kasan_atomics_helper+0x4bbc/0x5450 [ 14.945705] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.945725] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.945750] ? kasan_atomics+0x152/0x310 [ 14.945776] kasan_atomics+0x1dc/0x310 [ 14.945797] ? __pfx_kasan_atomics+0x10/0x10 [ 14.946116] ? __pfx_read_tsc+0x10/0x10 [ 14.946144] ? ktime_get_ts64+0x86/0x230 [ 14.946171] kunit_try_run_case+0x1a5/0x480 [ 14.946246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.946270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.946295] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.946319] ? __kthread_parkme+0x82/0x180 [ 14.946339] ? preempt_count_sub+0x50/0x80 [ 14.946362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.946385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.946408] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.946431] kthread+0x337/0x6f0 [ 14.946450] ? trace_preempt_on+0x20/0xc0 [ 14.946473] ? __pfx_kthread+0x10/0x10 [ 14.946492] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.946513] ? calculate_sigpending+0x7b/0xa0 [ 14.946536] ? __pfx_kthread+0x10/0x10 [ 14.946557] ret_from_fork+0x116/0x1d0 [ 14.946575] ? __pfx_kthread+0x10/0x10 [ 14.946595] ret_from_fork_asm+0x1a/0x30 [ 14.946626] </TASK> [ 14.946636] [ 14.960521] Allocated by task 282: [ 14.960789] kasan_save_stack+0x45/0x70 [ 14.960961] kasan_save_track+0x18/0x40 [ 14.961109] kasan_save_alloc_info+0x3b/0x50 [ 14.961650] __kasan_kmalloc+0xb7/0xc0 [ 14.962025] __kmalloc_cache_noprof+0x189/0x420 [ 14.962514] kasan_atomics+0x95/0x310 [ 14.962877] kunit_try_run_case+0x1a5/0x480 [ 14.963314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.963794] kthread+0x337/0x6f0 [ 14.963944] ret_from_fork+0x116/0x1d0 [ 14.964078] ret_from_fork_asm+0x1a/0x30 [ 14.964221] [ 14.964388] The buggy address belongs to the object at ffff8881025e4100 [ 14.964388] which belongs to the cache kmalloc-64 of size 64 [ 14.965682] The buggy address is located 0 bytes to the right of [ 14.965682] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 14.966931] [ 14.967098] The buggy address belongs to the physical page: [ 14.967436] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 14.967689] flags: 0x200000000000000(node=0|zone=2) [ 14.967873] page_type: f5(slab) [ 14.967997] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.968251] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.968718] page dumped because: kasan: bad access detected [ 14.968950] [ 14.969051] Memory state around the buggy address: [ 14.969234] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.969668] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.970018] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.970431] ^ [ 14.970646] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.970955] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.971240] ================================================================== [ 15.401871] ================================================================== [ 15.402246] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 15.402534] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.402844] [ 15.403027] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.403074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.403088] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.403110] Call Trace: [ 15.403130] <TASK> [ 15.403148] dump_stack_lvl+0x73/0xb0 [ 15.403177] print_report+0xd1/0x610 [ 15.403201] ? __virt_addr_valid+0x1db/0x2d0 [ 15.403224] ? kasan_atomics_helper+0xe78/0x5450 [ 15.403246] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.403268] ? kasan_atomics_helper+0xe78/0x5450 [ 15.403290] kasan_report+0x141/0x180 [ 15.403313] ? kasan_atomics_helper+0xe78/0x5450 [ 15.403339] kasan_check_range+0x10c/0x1c0 [ 15.403363] __kasan_check_write+0x18/0x20 [ 15.403383] kasan_atomics_helper+0xe78/0x5450 [ 15.403406] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.403428] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.403454] ? kasan_atomics+0x152/0x310 [ 15.403481] kasan_atomics+0x1dc/0x310 [ 15.403505] ? __pfx_kasan_atomics+0x10/0x10 [ 15.403529] ? __pfx_read_tsc+0x10/0x10 [ 15.403552] ? ktime_get_ts64+0x86/0x230 [ 15.403576] kunit_try_run_case+0x1a5/0x480 [ 15.403601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.403624] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.403648] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.403672] ? __kthread_parkme+0x82/0x180 [ 15.403693] ? preempt_count_sub+0x50/0x80 [ 15.403717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.403742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.403766] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.403790] kthread+0x337/0x6f0 [ 15.403823] ? trace_preempt_on+0x20/0xc0 [ 15.403848] ? __pfx_kthread+0x10/0x10 [ 15.403869] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.403892] ? calculate_sigpending+0x7b/0xa0 [ 15.403917] ? __pfx_kthread+0x10/0x10 [ 15.403940] ret_from_fork+0x116/0x1d0 [ 15.403960] ? __pfx_kthread+0x10/0x10 [ 15.403981] ret_from_fork_asm+0x1a/0x30 [ 15.404012] </TASK> [ 15.404024] [ 15.412076] Allocated by task 282: [ 15.412272] kasan_save_stack+0x45/0x70 [ 15.412471] kasan_save_track+0x18/0x40 [ 15.412648] kasan_save_alloc_info+0x3b/0x50 [ 15.412868] __kasan_kmalloc+0xb7/0xc0 [ 15.413043] __kmalloc_cache_noprof+0x189/0x420 [ 15.413260] kasan_atomics+0x95/0x310 [ 15.413444] kunit_try_run_case+0x1a5/0x480 [ 15.413627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.413880] kthread+0x337/0x6f0 [ 15.414051] ret_from_fork+0x116/0x1d0 [ 15.414273] ret_from_fork_asm+0x1a/0x30 [ 15.414469] [ 15.414557] The buggy address belongs to the object at ffff8881025e4100 [ 15.414557] which belongs to the cache kmalloc-64 of size 64 [ 15.415040] The buggy address is located 0 bytes to the right of [ 15.415040] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.415556] [ 15.415640] The buggy address belongs to the physical page: [ 15.415879] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.416269] flags: 0x200000000000000(node=0|zone=2) [ 15.416472] page_type: f5(slab) [ 15.416635] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.416929] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.417290] page dumped because: kasan: bad access detected [ 15.417500] [ 15.417600] Memory state around the buggy address: [ 15.417790] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.418112] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.418345] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.418563] ^ [ 15.418720] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.419010] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.419321] ================================================================== [ 15.217107] ================================================================== [ 15.217493] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 15.217794] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.218043] [ 15.218132] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.218174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.218186] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.218208] Call Trace: [ 15.218224] <TASK> [ 15.218239] dump_stack_lvl+0x73/0xb0 [ 15.218265] print_report+0xd1/0x610 [ 15.218288] ? __virt_addr_valid+0x1db/0x2d0 [ 15.218310] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.218332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.218355] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.218378] kasan_report+0x141/0x180 [ 15.218403] ? kasan_atomics_helper+0x8f9/0x5450 [ 15.218429] kasan_check_range+0x10c/0x1c0 [ 15.218453] __kasan_check_write+0x18/0x20 [ 15.218474] kasan_atomics_helper+0x8f9/0x5450 [ 15.218496] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.218519] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.218545] ? kasan_atomics+0x152/0x310 [ 15.218573] kasan_atomics+0x1dc/0x310 [ 15.218596] ? __pfx_kasan_atomics+0x10/0x10 [ 15.218621] ? __pfx_read_tsc+0x10/0x10 [ 15.218642] ? ktime_get_ts64+0x86/0x230 [ 15.218667] kunit_try_run_case+0x1a5/0x480 [ 15.218692] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.218717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.218743] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.218771] ? __kthread_parkme+0x82/0x180 [ 15.218792] ? preempt_count_sub+0x50/0x80 [ 15.218826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.218852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.218878] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.218902] kthread+0x337/0x6f0 [ 15.218934] ? trace_preempt_on+0x20/0xc0 [ 15.218958] ? __pfx_kthread+0x10/0x10 [ 15.218979] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.219001] ? calculate_sigpending+0x7b/0xa0 [ 15.219027] ? __pfx_kthread+0x10/0x10 [ 15.219049] ret_from_fork+0x116/0x1d0 [ 15.219069] ? __pfx_kthread+0x10/0x10 [ 15.219091] ret_from_fork_asm+0x1a/0x30 [ 15.219122] </TASK> [ 15.219134] [ 15.226717] Allocated by task 282: [ 15.226876] kasan_save_stack+0x45/0x70 [ 15.227083] kasan_save_track+0x18/0x40 [ 15.227294] kasan_save_alloc_info+0x3b/0x50 [ 15.227517] __kasan_kmalloc+0xb7/0xc0 [ 15.227709] __kmalloc_cache_noprof+0x189/0x420 [ 15.227943] kasan_atomics+0x95/0x310 [ 15.228162] kunit_try_run_case+0x1a5/0x480 [ 15.228386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.228617] kthread+0x337/0x6f0 [ 15.228770] ret_from_fork+0x116/0x1d0 [ 15.228921] ret_from_fork_asm+0x1a/0x30 [ 15.229065] [ 15.229139] The buggy address belongs to the object at ffff8881025e4100 [ 15.229139] which belongs to the cache kmalloc-64 of size 64 [ 15.229852] The buggy address is located 0 bytes to the right of [ 15.229852] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.230594] [ 15.230699] The buggy address belongs to the physical page: [ 15.230885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.231130] flags: 0x200000000000000(node=0|zone=2) [ 15.231293] page_type: f5(slab) [ 15.231472] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.231822] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.232247] page dumped because: kasan: bad access detected [ 15.232499] [ 15.232594] Memory state around the buggy address: [ 15.232826] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.233114] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.233380] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.233596] ^ [ 15.233832] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.234253] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.234550] ================================================================== [ 15.548712] ================================================================== [ 15.549059] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 15.549707] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.550202] [ 15.550330] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.550377] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.550390] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.550412] Call Trace: [ 15.550428] <TASK> [ 15.550443] dump_stack_lvl+0x73/0xb0 [ 15.550472] print_report+0xd1/0x610 [ 15.550494] ? __virt_addr_valid+0x1db/0x2d0 [ 15.550517] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.550539] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.550562] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.550584] kasan_report+0x141/0x180 [ 15.550607] ? kasan_atomics_helper+0x4a02/0x5450 [ 15.550634] __asan_report_load4_noabort+0x18/0x20 [ 15.550659] kasan_atomics_helper+0x4a02/0x5450 [ 15.550683] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.550706] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.550731] ? kasan_atomics+0x152/0x310 [ 15.550759] kasan_atomics+0x1dc/0x310 [ 15.550782] ? __pfx_kasan_atomics+0x10/0x10 [ 15.550808] ? __pfx_read_tsc+0x10/0x10 [ 15.550841] ? ktime_get_ts64+0x86/0x230 [ 15.550866] kunit_try_run_case+0x1a5/0x480 [ 15.550893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.550915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.550940] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.550964] ? __kthread_parkme+0x82/0x180 [ 15.550985] ? preempt_count_sub+0x50/0x80 [ 15.551009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.551034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.551057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.551082] kthread+0x337/0x6f0 [ 15.551103] ? trace_preempt_on+0x20/0xc0 [ 15.551126] ? __pfx_kthread+0x10/0x10 [ 15.551147] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.551170] ? calculate_sigpending+0x7b/0xa0 [ 15.551193] ? __pfx_kthread+0x10/0x10 [ 15.551215] ret_from_fork+0x116/0x1d0 [ 15.551234] ? __pfx_kthread+0x10/0x10 [ 15.551255] ret_from_fork_asm+0x1a/0x30 [ 15.551286] </TASK> [ 15.551308] [ 15.559120] Allocated by task 282: [ 15.559318] kasan_save_stack+0x45/0x70 [ 15.559520] kasan_save_track+0x18/0x40 [ 15.559721] kasan_save_alloc_info+0x3b/0x50 [ 15.559967] __kasan_kmalloc+0xb7/0xc0 [ 15.560218] __kmalloc_cache_noprof+0x189/0x420 [ 15.560470] kasan_atomics+0x95/0x310 [ 15.560608] kunit_try_run_case+0x1a5/0x480 [ 15.560826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.561062] kthread+0x337/0x6f0 [ 15.561319] ret_from_fork+0x116/0x1d0 [ 15.561458] ret_from_fork_asm+0x1a/0x30 [ 15.561642] [ 15.561739] The buggy address belongs to the object at ffff8881025e4100 [ 15.561739] which belongs to the cache kmalloc-64 of size 64 [ 15.562291] The buggy address is located 0 bytes to the right of [ 15.562291] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.562834] [ 15.562939] The buggy address belongs to the physical page: [ 15.563199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.563537] flags: 0x200000000000000(node=0|zone=2) [ 15.563782] page_type: f5(slab) [ 15.563973] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.564323] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.564653] page dumped because: kasan: bad access detected [ 15.564843] [ 15.564922] Memory state around the buggy address: [ 15.565085] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.565308] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.565528] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.565906] ^ [ 15.566192] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.566509] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.566836] ================================================================== [ 14.971869] ================================================================== [ 14.972360] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 14.972648] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 14.972969] [ 14.973071] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.973116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.973128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.973151] Call Trace: [ 14.973163] <TASK> [ 14.973179] dump_stack_lvl+0x73/0xb0 [ 14.973206] print_report+0xd1/0x610 [ 14.973228] ? __virt_addr_valid+0x1db/0x2d0 [ 14.973249] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.973270] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.973292] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.973313] kasan_report+0x141/0x180 [ 14.973334] ? kasan_atomics_helper+0x4ba2/0x5450 [ 14.973360] __asan_report_store4_noabort+0x1b/0x30 [ 14.973384] kasan_atomics_helper+0x4ba2/0x5450 [ 14.973405] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.973427] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.973451] ? kasan_atomics+0x152/0x310 [ 14.973477] kasan_atomics+0x1dc/0x310 [ 14.973499] ? __pfx_kasan_atomics+0x10/0x10 [ 14.973522] ? __pfx_read_tsc+0x10/0x10 [ 14.973542] ? ktime_get_ts64+0x86/0x230 [ 14.973565] kunit_try_run_case+0x1a5/0x480 [ 14.973588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.973611] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.973633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.973657] ? __kthread_parkme+0x82/0x180 [ 14.973676] ? preempt_count_sub+0x50/0x80 [ 14.973698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.973722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.973744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.973768] kthread+0x337/0x6f0 [ 14.973787] ? trace_preempt_on+0x20/0xc0 [ 14.973809] ? __pfx_kthread+0x10/0x10 [ 14.973994] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.974016] ? calculate_sigpending+0x7b/0xa0 [ 14.974039] ? __pfx_kthread+0x10/0x10 [ 14.974060] ret_from_fork+0x116/0x1d0 [ 14.974078] ? __pfx_kthread+0x10/0x10 [ 14.974111] ret_from_fork_asm+0x1a/0x30 [ 14.974140] </TASK> [ 14.974150] [ 14.982269] Allocated by task 282: [ 14.982448] kasan_save_stack+0x45/0x70 [ 14.982623] kasan_save_track+0x18/0x40 [ 14.982796] kasan_save_alloc_info+0x3b/0x50 [ 14.983000] __kasan_kmalloc+0xb7/0xc0 [ 14.983168] __kmalloc_cache_noprof+0x189/0x420 [ 14.983431] kasan_atomics+0x95/0x310 [ 14.983601] kunit_try_run_case+0x1a5/0x480 [ 14.983750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.983994] kthread+0x337/0x6f0 [ 14.984198] ret_from_fork+0x116/0x1d0 [ 14.984389] ret_from_fork_asm+0x1a/0x30 [ 14.984529] [ 14.984701] The buggy address belongs to the object at ffff8881025e4100 [ 14.984701] which belongs to the cache kmalloc-64 of size 64 [ 14.985184] The buggy address is located 0 bytes to the right of [ 14.985184] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 14.985795] [ 14.985888] The buggy address belongs to the physical page: [ 14.986063] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 14.986306] flags: 0x200000000000000(node=0|zone=2) [ 14.986471] page_type: f5(slab) [ 14.986635] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.987006] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.987605] page dumped because: kasan: bad access detected [ 14.987782] [ 14.987864] Memory state around the buggy address: [ 14.988019] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.988691] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.989045] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.989634] ^ [ 14.989789] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.990217] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.990723] ================================================================== [ 15.767390] ================================================================== [ 15.768077] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 15.768681] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.769779] [ 15.769975] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.770034] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.770047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.770069] Call Trace: [ 15.770085] <TASK> [ 15.770100] dump_stack_lvl+0x73/0xb0 [ 15.770140] print_report+0xd1/0x610 [ 15.770162] ? __virt_addr_valid+0x1db/0x2d0 [ 15.770183] ? kasan_atomics_helper+0x164f/0x5450 [ 15.770216] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.770238] ? kasan_atomics_helper+0x164f/0x5450 [ 15.770261] kasan_report+0x141/0x180 [ 15.770283] ? kasan_atomics_helper+0x164f/0x5450 [ 15.770309] kasan_check_range+0x10c/0x1c0 [ 15.770333] __kasan_check_write+0x18/0x20 [ 15.770354] kasan_atomics_helper+0x164f/0x5450 [ 15.770386] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.770408] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.770433] ? kasan_atomics+0x152/0x310 [ 15.770471] kasan_atomics+0x1dc/0x310 [ 15.770495] ? __pfx_kasan_atomics+0x10/0x10 [ 15.770520] ? __pfx_read_tsc+0x10/0x10 [ 15.770541] ? ktime_get_ts64+0x86/0x230 [ 15.770574] kunit_try_run_case+0x1a5/0x480 [ 15.770598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.770632] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.770657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.770680] ? __kthread_parkme+0x82/0x180 [ 15.770701] ? preempt_count_sub+0x50/0x80 [ 15.770725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.770750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.770774] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.770798] kthread+0x337/0x6f0 [ 15.770826] ? trace_preempt_on+0x20/0xc0 [ 15.770850] ? __pfx_kthread+0x10/0x10 [ 15.770871] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.770894] ? calculate_sigpending+0x7b/0xa0 [ 15.770917] ? __pfx_kthread+0x10/0x10 [ 15.770940] ret_from_fork+0x116/0x1d0 [ 15.770958] ? __pfx_kthread+0x10/0x10 [ 15.770979] ret_from_fork_asm+0x1a/0x30 [ 15.771010] </TASK> [ 15.771021] [ 15.778906] Allocated by task 282: [ 15.779045] kasan_save_stack+0x45/0x70 [ 15.779458] kasan_save_track+0x18/0x40 [ 15.779617] kasan_save_alloc_info+0x3b/0x50 [ 15.779843] __kasan_kmalloc+0xb7/0xc0 [ 15.779979] __kmalloc_cache_noprof+0x189/0x420 [ 15.780138] kasan_atomics+0x95/0x310 [ 15.780295] kunit_try_run_case+0x1a5/0x480 [ 15.780529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.780922] kthread+0x337/0x6f0 [ 15.781095] ret_from_fork+0x116/0x1d0 [ 15.781314] ret_from_fork_asm+0x1a/0x30 [ 15.781511] [ 15.781597] The buggy address belongs to the object at ffff8881025e4100 [ 15.781597] which belongs to the cache kmalloc-64 of size 64 [ 15.782086] The buggy address is located 0 bytes to the right of [ 15.782086] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.782619] [ 15.782719] The buggy address belongs to the physical page: [ 15.782959] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.783327] flags: 0x200000000000000(node=0|zone=2) [ 15.783556] page_type: f5(slab) [ 15.783736] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.784060] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.784467] page dumped because: kasan: bad access detected [ 15.784711] [ 15.784830] Memory state around the buggy address: [ 15.785053] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.785349] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.785568] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.785786] ^ [ 15.786045] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.786568] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.786950] ================================================================== [ 15.378835] ================================================================== [ 15.379515] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 15.379916] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.380307] [ 15.380408] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.380454] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.380531] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.380554] Call Trace: [ 15.380619] <TASK> [ 15.380637] dump_stack_lvl+0x73/0xb0 [ 15.380668] print_report+0xd1/0x610 [ 15.380690] ? __virt_addr_valid+0x1db/0x2d0 [ 15.380712] ? kasan_atomics_helper+0xde0/0x5450 [ 15.380735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.380757] ? kasan_atomics_helper+0xde0/0x5450 [ 15.380779] kasan_report+0x141/0x180 [ 15.380801] ? kasan_atomics_helper+0xde0/0x5450 [ 15.380839] kasan_check_range+0x10c/0x1c0 [ 15.380868] __kasan_check_write+0x18/0x20 [ 15.380888] kasan_atomics_helper+0xde0/0x5450 [ 15.380911] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.380935] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.380961] ? kasan_atomics+0x152/0x310 [ 15.380988] kasan_atomics+0x1dc/0x310 [ 15.381011] ? __pfx_kasan_atomics+0x10/0x10 [ 15.381035] ? __pfx_read_tsc+0x10/0x10 [ 15.381057] ? ktime_get_ts64+0x86/0x230 [ 15.381081] kunit_try_run_case+0x1a5/0x480 [ 15.381207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.381231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.381256] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.381281] ? __kthread_parkme+0x82/0x180 [ 15.381302] ? preempt_count_sub+0x50/0x80 [ 15.381326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.381351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.381375] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.381400] kthread+0x337/0x6f0 [ 15.381420] ? trace_preempt_on+0x20/0xc0 [ 15.381444] ? __pfx_kthread+0x10/0x10 [ 15.381466] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.381488] ? calculate_sigpending+0x7b/0xa0 [ 15.381513] ? __pfx_kthread+0x10/0x10 [ 15.381535] ret_from_fork+0x116/0x1d0 [ 15.381554] ? __pfx_kthread+0x10/0x10 [ 15.381575] ret_from_fork_asm+0x1a/0x30 [ 15.381608] </TASK> [ 15.381619] [ 15.391214] Allocated by task 282: [ 15.391394] kasan_save_stack+0x45/0x70 [ 15.391573] kasan_save_track+0x18/0x40 [ 15.391766] kasan_save_alloc_info+0x3b/0x50 [ 15.391985] __kasan_kmalloc+0xb7/0xc0 [ 15.392682] __kmalloc_cache_noprof+0x189/0x420 [ 15.392902] kasan_atomics+0x95/0x310 [ 15.393094] kunit_try_run_case+0x1a5/0x480 [ 15.393473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.393829] kthread+0x337/0x6f0 [ 15.394008] ret_from_fork+0x116/0x1d0 [ 15.394311] ret_from_fork_asm+0x1a/0x30 [ 15.394477] [ 15.394692] The buggy address belongs to the object at ffff8881025e4100 [ 15.394692] which belongs to the cache kmalloc-64 of size 64 [ 15.395317] The buggy address is located 0 bytes to the right of [ 15.395317] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.395992] [ 15.396103] The buggy address belongs to the physical page: [ 15.396302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.396783] flags: 0x200000000000000(node=0|zone=2) [ 15.397113] page_type: f5(slab) [ 15.397357] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.397764] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.398175] page dumped because: kasan: bad access detected [ 15.398413] [ 15.398626] Memory state around the buggy address: [ 15.398834] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.399228] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.399499] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.399753] ^ [ 15.399990] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.400292] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.400625] ================================================================== [ 15.916359] ================================================================== [ 15.917103] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 15.917687] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.917931] [ 15.918022] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.918066] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.918108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.918129] Call Trace: [ 15.918146] <TASK> [ 15.918161] dump_stack_lvl+0x73/0xb0 [ 15.918212] print_report+0xd1/0x610 [ 15.918236] ? __virt_addr_valid+0x1db/0x2d0 [ 15.918259] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.918281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.918304] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.918327] kasan_report+0x141/0x180 [ 15.918349] ? kasan_atomics_helper+0x19e3/0x5450 [ 15.918377] kasan_check_range+0x10c/0x1c0 [ 15.918423] __kasan_check_write+0x18/0x20 [ 15.918443] kasan_atomics_helper+0x19e3/0x5450 [ 15.918466] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.918490] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.918517] ? kasan_atomics+0x152/0x310 [ 15.918544] kasan_atomics+0x1dc/0x310 [ 15.918568] ? __pfx_kasan_atomics+0x10/0x10 [ 15.918611] ? __pfx_read_tsc+0x10/0x10 [ 15.918633] ? ktime_get_ts64+0x86/0x230 [ 15.918659] kunit_try_run_case+0x1a5/0x480 [ 15.918685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.918708] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.918732] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.918756] ? __kthread_parkme+0x82/0x180 [ 15.918777] ? preempt_count_sub+0x50/0x80 [ 15.918801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.918836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.918877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.918903] kthread+0x337/0x6f0 [ 15.918923] ? trace_preempt_on+0x20/0xc0 [ 15.918946] ? __pfx_kthread+0x10/0x10 [ 15.918967] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.918989] ? calculate_sigpending+0x7b/0xa0 [ 15.919014] ? __pfx_kthread+0x10/0x10 [ 15.919051] ret_from_fork+0x116/0x1d0 [ 15.919071] ? __pfx_kthread+0x10/0x10 [ 15.919110] ret_from_fork_asm+0x1a/0x30 [ 15.919141] </TASK> [ 15.919152] [ 15.931662] Allocated by task 282: [ 15.931797] kasan_save_stack+0x45/0x70 [ 15.932264] kasan_save_track+0x18/0x40 [ 15.932624] kasan_save_alloc_info+0x3b/0x50 [ 15.933032] __kasan_kmalloc+0xb7/0xc0 [ 15.933408] __kmalloc_cache_noprof+0x189/0x420 [ 15.933834] kasan_atomics+0x95/0x310 [ 15.934210] kunit_try_run_case+0x1a5/0x480 [ 15.934601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.935014] kthread+0x337/0x6f0 [ 15.935299] ret_from_fork+0x116/0x1d0 [ 15.935648] ret_from_fork_asm+0x1a/0x30 [ 15.935861] [ 15.935938] The buggy address belongs to the object at ffff8881025e4100 [ 15.935938] which belongs to the cache kmalloc-64 of size 64 [ 15.936807] The buggy address is located 0 bytes to the right of [ 15.936807] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.937697] [ 15.937780] The buggy address belongs to the physical page: [ 15.937969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.938561] flags: 0x200000000000000(node=0|zone=2) [ 15.939016] page_type: f5(slab) [ 15.939353] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.940020] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.940668] page dumped because: kasan: bad access detected [ 15.940863] [ 15.940938] Memory state around the buggy address: [ 15.941129] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.941777] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.942429] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.943058] ^ [ 15.943419] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.943643] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.943962] ================================================================== [ 16.203645] ================================================================== [ 16.204009] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 16.204838] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.205214] [ 16.205328] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.205372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.205384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.205406] Call Trace: [ 16.205420] <TASK> [ 16.205436] dump_stack_lvl+0x73/0xb0 [ 16.205463] print_report+0xd1/0x610 [ 16.205486] ? __virt_addr_valid+0x1db/0x2d0 [ 16.205508] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.205570] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.205595] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.205617] kasan_report+0x141/0x180 [ 16.205640] ? kasan_atomics_helper+0x4fb2/0x5450 [ 16.205667] __asan_report_load8_noabort+0x18/0x20 [ 16.205723] kasan_atomics_helper+0x4fb2/0x5450 [ 16.205748] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.205771] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.205797] ? kasan_atomics+0x152/0x310 [ 16.205834] kasan_atomics+0x1dc/0x310 [ 16.205859] ? __pfx_kasan_atomics+0x10/0x10 [ 16.205915] ? __pfx_read_tsc+0x10/0x10 [ 16.205937] ? ktime_get_ts64+0x86/0x230 [ 16.205961] kunit_try_run_case+0x1a5/0x480 [ 16.205986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.206009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.206063] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.206107] ? __kthread_parkme+0x82/0x180 [ 16.206130] ? preempt_count_sub+0x50/0x80 [ 16.206153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.206206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.206230] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.206255] kthread+0x337/0x6f0 [ 16.206276] ? trace_preempt_on+0x20/0xc0 [ 16.206299] ? __pfx_kthread+0x10/0x10 [ 16.206320] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.206343] ? calculate_sigpending+0x7b/0xa0 [ 16.206366] ? __pfx_kthread+0x10/0x10 [ 16.206389] ret_from_fork+0x116/0x1d0 [ 16.206408] ? __pfx_kthread+0x10/0x10 [ 16.206429] ret_from_fork_asm+0x1a/0x30 [ 16.206460] </TASK> [ 16.206501] [ 16.214439] Allocated by task 282: [ 16.214621] kasan_save_stack+0x45/0x70 [ 16.214867] kasan_save_track+0x18/0x40 [ 16.215064] kasan_save_alloc_info+0x3b/0x50 [ 16.215305] __kasan_kmalloc+0xb7/0xc0 [ 16.215514] __kmalloc_cache_noprof+0x189/0x420 [ 16.215766] kasan_atomics+0x95/0x310 [ 16.215960] kunit_try_run_case+0x1a5/0x480 [ 16.216208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.216460] kthread+0x337/0x6f0 [ 16.216642] ret_from_fork+0x116/0x1d0 [ 16.216781] ret_from_fork_asm+0x1a/0x30 [ 16.216940] [ 16.217017] The buggy address belongs to the object at ffff8881025e4100 [ 16.217017] which belongs to the cache kmalloc-64 of size 64 [ 16.217528] The buggy address is located 0 bytes to the right of [ 16.217528] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.218161] [ 16.218244] The buggy address belongs to the physical page: [ 16.218422] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.218670] flags: 0x200000000000000(node=0|zone=2) [ 16.218951] page_type: f5(slab) [ 16.219185] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.219530] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.219908] page dumped because: kasan: bad access detected [ 16.220203] [ 16.220332] Memory state around the buggy address: [ 16.220552] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.220889] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.221261] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.221539] ^ [ 16.221698] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.222017] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.222369] ================================================================== [ 16.096844] ================================================================== [ 16.097097] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 16.097331] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.097559] [ 16.097644] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.098773] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.098795] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.098842] Call Trace: [ 16.098860] <TASK> [ 16.098876] dump_stack_lvl+0x73/0xb0 [ 16.098914] print_report+0xd1/0x610 [ 16.098937] ? __virt_addr_valid+0x1db/0x2d0 [ 16.098960] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.098982] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.099005] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.099027] kasan_report+0x141/0x180 [ 16.099051] ? kasan_atomics_helper+0x1f43/0x5450 [ 16.099579] kasan_check_range+0x10c/0x1c0 [ 16.099635] __kasan_check_write+0x18/0x20 [ 16.099661] kasan_atomics_helper+0x1f43/0x5450 [ 16.099685] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.099709] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.099736] ? kasan_atomics+0x152/0x310 [ 16.099764] kasan_atomics+0x1dc/0x310 [ 16.099787] ? __pfx_kasan_atomics+0x10/0x10 [ 16.099812] ? __pfx_read_tsc+0x10/0x10 [ 16.099843] ? ktime_get_ts64+0x86/0x230 [ 16.099867] kunit_try_run_case+0x1a5/0x480 [ 16.099892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.099915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.099940] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.099964] ? __kthread_parkme+0x82/0x180 [ 16.099984] ? preempt_count_sub+0x50/0x80 [ 16.100009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.100034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.100058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.100106] kthread+0x337/0x6f0 [ 16.100127] ? trace_preempt_on+0x20/0xc0 [ 16.100150] ? __pfx_kthread+0x10/0x10 [ 16.100172] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.100194] ? calculate_sigpending+0x7b/0xa0 [ 16.100219] ? __pfx_kthread+0x10/0x10 [ 16.100241] ret_from_fork+0x116/0x1d0 [ 16.100260] ? __pfx_kthread+0x10/0x10 [ 16.100282] ret_from_fork_asm+0x1a/0x30 [ 16.100313] </TASK> [ 16.100324] [ 16.117402] Allocated by task 282: [ 16.117597] kasan_save_stack+0x45/0x70 [ 16.117789] kasan_save_track+0x18/0x40 [ 16.118028] kasan_save_alloc_info+0x3b/0x50 [ 16.118299] __kasan_kmalloc+0xb7/0xc0 [ 16.118437] __kmalloc_cache_noprof+0x189/0x420 [ 16.118664] kasan_atomics+0x95/0x310 [ 16.118868] kunit_try_run_case+0x1a5/0x480 [ 16.119049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.119366] kthread+0x337/0x6f0 [ 16.119497] ret_from_fork+0x116/0x1d0 [ 16.119629] ret_from_fork_asm+0x1a/0x30 [ 16.119840] [ 16.119974] The buggy address belongs to the object at ffff8881025e4100 [ 16.119974] which belongs to the cache kmalloc-64 of size 64 [ 16.120580] The buggy address is located 0 bytes to the right of [ 16.120580] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.121164] [ 16.121264] The buggy address belongs to the physical page: [ 16.121470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.121868] flags: 0x200000000000000(node=0|zone=2) [ 16.122068] page_type: f5(slab) [ 16.122294] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.122655] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.122990] page dumped because: kasan: bad access detected [ 16.123273] [ 16.123374] Memory state around the buggy address: [ 16.123630] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.123877] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.124179] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.124497] ^ [ 16.124696] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.125057] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.125289] ================================================================== [ 15.586196] ================================================================== [ 15.586739] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 15.587014] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.587514] [ 15.587614] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.587657] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.587682] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.587703] Call Trace: [ 15.587717] <TASK> [ 15.587733] dump_stack_lvl+0x73/0xb0 [ 15.587771] print_report+0xd1/0x610 [ 15.587794] ? __virt_addr_valid+0x1db/0x2d0 [ 15.587827] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.587849] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.587872] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.587894] kasan_report+0x141/0x180 [ 15.587917] ? kasan_atomics_helper+0x49e8/0x5450 [ 15.587944] __asan_report_load4_noabort+0x18/0x20 [ 15.587969] kasan_atomics_helper+0x49e8/0x5450 [ 15.587993] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.588016] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.588041] ? kasan_atomics+0x152/0x310 [ 15.588068] kasan_atomics+0x1dc/0x310 [ 15.588091] ? __pfx_kasan_atomics+0x10/0x10 [ 15.588116] ? __pfx_read_tsc+0x10/0x10 [ 15.588138] ? ktime_get_ts64+0x86/0x230 [ 15.588163] kunit_try_run_case+0x1a5/0x480 [ 15.588188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.588211] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.588235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.588270] ? __kthread_parkme+0x82/0x180 [ 15.588291] ? preempt_count_sub+0x50/0x80 [ 15.588315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.588351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.588374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.588399] kthread+0x337/0x6f0 [ 15.588420] ? trace_preempt_on+0x20/0xc0 [ 15.588453] ? __pfx_kthread+0x10/0x10 [ 15.588475] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.588498] ? calculate_sigpending+0x7b/0xa0 [ 15.588532] ? __pfx_kthread+0x10/0x10 [ 15.588555] ret_from_fork+0x116/0x1d0 [ 15.588574] ? __pfx_kthread+0x10/0x10 [ 15.588595] ret_from_fork_asm+0x1a/0x30 [ 15.588634] </TASK> [ 15.588645] [ 15.596666] Allocated by task 282: [ 15.596799] kasan_save_stack+0x45/0x70 [ 15.596981] kasan_save_track+0x18/0x40 [ 15.597270] kasan_save_alloc_info+0x3b/0x50 [ 15.597511] __kasan_kmalloc+0xb7/0xc0 [ 15.597683] __kmalloc_cache_noprof+0x189/0x420 [ 15.597903] kasan_atomics+0x95/0x310 [ 15.598111] kunit_try_run_case+0x1a5/0x480 [ 15.598310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.598532] kthread+0x337/0x6f0 [ 15.598721] ret_from_fork+0x116/0x1d0 [ 15.598891] ret_from_fork_asm+0x1a/0x30 [ 15.599102] [ 15.599195] The buggy address belongs to the object at ffff8881025e4100 [ 15.599195] which belongs to the cache kmalloc-64 of size 64 [ 15.599550] The buggy address is located 0 bytes to the right of [ 15.599550] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.600004] [ 15.600111] The buggy address belongs to the physical page: [ 15.600367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.600723] flags: 0x200000000000000(node=0|zone=2) [ 15.600975] page_type: f5(slab) [ 15.601240] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.601591] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.601946] page dumped because: kasan: bad access detected [ 15.602261] [ 15.602335] Memory state around the buggy address: [ 15.602492] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.602712] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.603038] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.603408] ^ [ 15.603663] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.603994] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.604365] ================================================================== [ 15.127671] ================================================================== [ 15.128101] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 15.128766] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.129119] [ 15.129229] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.129272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.129285] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.129307] Call Trace: [ 15.129322] <TASK> [ 15.129336] dump_stack_lvl+0x73/0xb0 [ 15.129363] print_report+0xd1/0x610 [ 15.129384] ? __virt_addr_valid+0x1db/0x2d0 [ 15.129407] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.129428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.129452] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.129474] kasan_report+0x141/0x180 [ 15.129497] ? kasan_atomics_helper+0x5fe/0x5450 [ 15.129523] kasan_check_range+0x10c/0x1c0 [ 15.129547] __kasan_check_write+0x18/0x20 [ 15.129567] kasan_atomics_helper+0x5fe/0x5450 [ 15.129590] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.129613] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.129638] ? kasan_atomics+0x152/0x310 [ 15.129665] kasan_atomics+0x1dc/0x310 [ 15.129688] ? __pfx_kasan_atomics+0x10/0x10 [ 15.129713] ? __pfx_read_tsc+0x10/0x10 [ 15.129734] ? ktime_get_ts64+0x86/0x230 [ 15.129759] kunit_try_run_case+0x1a5/0x480 [ 15.129784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.129807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.129842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.129866] ? __kthread_parkme+0x82/0x180 [ 15.129887] ? preempt_count_sub+0x50/0x80 [ 15.129911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.129936] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.129959] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.129984] kthread+0x337/0x6f0 [ 15.130005] ? trace_preempt_on+0x20/0xc0 [ 15.130028] ? __pfx_kthread+0x10/0x10 [ 15.130050] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.130072] ? calculate_sigpending+0x7b/0xa0 [ 15.130104] ? __pfx_kthread+0x10/0x10 [ 15.130126] ret_from_fork+0x116/0x1d0 [ 15.130145] ? __pfx_kthread+0x10/0x10 [ 15.130166] ret_from_fork_asm+0x1a/0x30 [ 15.130197] </TASK> [ 15.130209] [ 15.137715] Allocated by task 282: [ 15.137908] kasan_save_stack+0x45/0x70 [ 15.138117] kasan_save_track+0x18/0x40 [ 15.138312] kasan_save_alloc_info+0x3b/0x50 [ 15.138502] __kasan_kmalloc+0xb7/0xc0 [ 15.138678] __kmalloc_cache_noprof+0x189/0x420 [ 15.138886] kasan_atomics+0x95/0x310 [ 15.139073] kunit_try_run_case+0x1a5/0x480 [ 15.139299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.139537] kthread+0x337/0x6f0 [ 15.139664] ret_from_fork+0x116/0x1d0 [ 15.139799] ret_from_fork_asm+0x1a/0x30 [ 15.140003] [ 15.140109] The buggy address belongs to the object at ffff8881025e4100 [ 15.140109] which belongs to the cache kmalloc-64 of size 64 [ 15.140543] The buggy address is located 0 bytes to the right of [ 15.140543] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.141091] [ 15.141186] The buggy address belongs to the physical page: [ 15.141410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.141736] flags: 0x200000000000000(node=0|zone=2) [ 15.141954] page_type: f5(slab) [ 15.142077] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.142430] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.142733] page dumped because: kasan: bad access detected [ 15.142938] [ 15.143023] Memory state around the buggy address: [ 15.143390] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.143688] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.143948] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.144317] ^ [ 15.144511] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.144804] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.145111] ================================================================== [ 15.505932] ================================================================== [ 15.506654] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 15.506985] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.507751] [ 15.508009] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.508057] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.508071] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.508205] Call Trace: [ 15.508226] <TASK> [ 15.508245] dump_stack_lvl+0x73/0xb0 [ 15.508276] print_report+0xd1/0x610 [ 15.508300] ? __virt_addr_valid+0x1db/0x2d0 [ 15.508323] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.508345] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.508369] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.508392] kasan_report+0x141/0x180 [ 15.508414] ? kasan_atomics_helper+0x4a1c/0x5450 [ 15.508440] __asan_report_load4_noabort+0x18/0x20 [ 15.508464] kasan_atomics_helper+0x4a1c/0x5450 [ 15.508488] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.508511] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.508536] ? kasan_atomics+0x152/0x310 [ 15.508563] kasan_atomics+0x1dc/0x310 [ 15.508586] ? __pfx_kasan_atomics+0x10/0x10 [ 15.508610] ? __pfx_read_tsc+0x10/0x10 [ 15.508632] ? ktime_get_ts64+0x86/0x230 [ 15.508657] kunit_try_run_case+0x1a5/0x480 [ 15.508682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.508705] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.508729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.508755] ? __kthread_parkme+0x82/0x180 [ 15.508775] ? preempt_count_sub+0x50/0x80 [ 15.508800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.508839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.508868] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.508892] kthread+0x337/0x6f0 [ 15.508913] ? trace_preempt_on+0x20/0xc0 [ 15.508936] ? __pfx_kthread+0x10/0x10 [ 15.508957] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.508980] ? calculate_sigpending+0x7b/0xa0 [ 15.509004] ? __pfx_kthread+0x10/0x10 [ 15.509026] ret_from_fork+0x116/0x1d0 [ 15.509045] ? __pfx_kthread+0x10/0x10 [ 15.509066] ret_from_fork_asm+0x1a/0x30 [ 15.509097] </TASK> [ 15.509108] [ 15.516922] Allocated by task 282: [ 15.517110] kasan_save_stack+0x45/0x70 [ 15.517288] kasan_save_track+0x18/0x40 [ 15.517501] kasan_save_alloc_info+0x3b/0x50 [ 15.517718] __kasan_kmalloc+0xb7/0xc0 [ 15.517895] __kmalloc_cache_noprof+0x189/0x420 [ 15.518139] kasan_atomics+0x95/0x310 [ 15.518324] kunit_try_run_case+0x1a5/0x480 [ 15.518540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.518789] kthread+0x337/0x6f0 [ 15.518987] ret_from_fork+0x116/0x1d0 [ 15.519173] ret_from_fork_asm+0x1a/0x30 [ 15.519451] [ 15.519525] The buggy address belongs to the object at ffff8881025e4100 [ 15.519525] which belongs to the cache kmalloc-64 of size 64 [ 15.520206] The buggy address is located 0 bytes to the right of [ 15.520206] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.520772] [ 15.520981] The buggy address belongs to the physical page: [ 15.521440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.521799] flags: 0x200000000000000(node=0|zone=2) [ 15.522048] page_type: f5(slab) [ 15.522370] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.522725] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.523064] page dumped because: kasan: bad access detected [ 15.523306] [ 15.523391] Memory state around the buggy address: [ 15.523556] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.523780] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.524169] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.524518] ^ [ 15.524769] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.525135] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.525444] ================================================================== [ 14.991288] ================================================================== [ 14.991585] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 14.992079] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 14.992566] [ 14.992661] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.992704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.992717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.992738] Call Trace: [ 14.992750] <TASK> [ 14.992763] dump_stack_lvl+0x73/0xb0 [ 14.992790] print_report+0xd1/0x610 [ 14.992825] ? __virt_addr_valid+0x1db/0x2d0 [ 14.992851] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.992872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.992894] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.992915] kasan_report+0x141/0x180 [ 14.992936] ? kasan_atomics_helper+0x4b88/0x5450 [ 14.992962] __asan_report_load4_noabort+0x18/0x20 [ 14.992986] kasan_atomics_helper+0x4b88/0x5450 [ 14.993007] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.993029] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.993053] ? kasan_atomics+0x152/0x310 [ 14.993078] kasan_atomics+0x1dc/0x310 [ 14.993101] ? __pfx_kasan_atomics+0x10/0x10 [ 14.993124] ? __pfx_read_tsc+0x10/0x10 [ 14.993145] ? ktime_get_ts64+0x86/0x230 [ 14.993168] kunit_try_run_case+0x1a5/0x480 [ 14.993192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.993282] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.993306] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.993330] ? __kthread_parkme+0x82/0x180 [ 14.993349] ? preempt_count_sub+0x50/0x80 [ 14.993372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.993395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.993418] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.993442] kthread+0x337/0x6f0 [ 14.993461] ? trace_preempt_on+0x20/0xc0 [ 14.993483] ? __pfx_kthread+0x10/0x10 [ 14.993503] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.993524] ? calculate_sigpending+0x7b/0xa0 [ 14.993547] ? __pfx_kthread+0x10/0x10 [ 14.993569] ret_from_fork+0x116/0x1d0 [ 14.993587] ? __pfx_kthread+0x10/0x10 [ 14.993607] ret_from_fork_asm+0x1a/0x30 [ 14.993636] </TASK> [ 14.993646] [ 15.002843] Allocated by task 282: [ 15.003030] kasan_save_stack+0x45/0x70 [ 15.003433] kasan_save_track+0x18/0x40 [ 15.003633] kasan_save_alloc_info+0x3b/0x50 [ 15.003850] __kasan_kmalloc+0xb7/0xc0 [ 15.003986] __kmalloc_cache_noprof+0x189/0x420 [ 15.004144] kasan_atomics+0x95/0x310 [ 15.004307] kunit_try_run_case+0x1a5/0x480 [ 15.005339] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.005751] kthread+0x337/0x6f0 [ 15.006066] ret_from_fork+0x116/0x1d0 [ 15.006510] ret_from_fork_asm+0x1a/0x30 [ 15.006962] [ 15.007070] The buggy address belongs to the object at ffff8881025e4100 [ 15.007070] which belongs to the cache kmalloc-64 of size 64 [ 15.007917] The buggy address is located 0 bytes to the right of [ 15.007917] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.008478] [ 15.008578] The buggy address belongs to the physical page: [ 15.008785] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.009157] flags: 0x200000000000000(node=0|zone=2) [ 15.009331] page_type: f5(slab) [ 15.009452] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.009791] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.010172] page dumped because: kasan: bad access detected [ 15.010456] [ 15.010556] Memory state around the buggy address: [ 15.010750] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.011039] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.011408] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.011622] ^ [ 15.011996] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.012529] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.012808] ================================================================== [ 16.145361] ================================================================== [ 16.145719] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 16.146084] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.146347] [ 16.146434] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.146476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.146490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.146512] Call Trace: [ 16.146529] <TASK> [ 16.146544] dump_stack_lvl+0x73/0xb0 [ 16.146569] print_report+0xd1/0x610 [ 16.146591] ? __virt_addr_valid+0x1db/0x2d0 [ 16.146613] ? kasan_atomics_helper+0x2006/0x5450 [ 16.146635] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.146657] ? kasan_atomics_helper+0x2006/0x5450 [ 16.146679] kasan_report+0x141/0x180 [ 16.146702] ? kasan_atomics_helper+0x2006/0x5450 [ 16.146728] kasan_check_range+0x10c/0x1c0 [ 16.146751] __kasan_check_write+0x18/0x20 [ 16.146771] kasan_atomics_helper+0x2006/0x5450 [ 16.146794] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.147235] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.147276] ? kasan_atomics+0x152/0x310 [ 16.147305] kasan_atomics+0x1dc/0x310 [ 16.147330] ? __pfx_kasan_atomics+0x10/0x10 [ 16.147355] ? __pfx_read_tsc+0x10/0x10 [ 16.147376] ? ktime_get_ts64+0x86/0x230 [ 16.147401] kunit_try_run_case+0x1a5/0x480 [ 16.147426] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.147449] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.147474] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.147499] ? __kthread_parkme+0x82/0x180 [ 16.147520] ? preempt_count_sub+0x50/0x80 [ 16.147544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.147568] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.147592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.147617] kthread+0x337/0x6f0 [ 16.147638] ? trace_preempt_on+0x20/0xc0 [ 16.147661] ? __pfx_kthread+0x10/0x10 [ 16.147682] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.147704] ? calculate_sigpending+0x7b/0xa0 [ 16.147729] ? __pfx_kthread+0x10/0x10 [ 16.147751] ret_from_fork+0x116/0x1d0 [ 16.147771] ? __pfx_kthread+0x10/0x10 [ 16.147792] ret_from_fork_asm+0x1a/0x30 [ 16.147840] </TASK> [ 16.147852] [ 16.156262] Allocated by task 282: [ 16.156453] kasan_save_stack+0x45/0x70 [ 16.156691] kasan_save_track+0x18/0x40 [ 16.156940] kasan_save_alloc_info+0x3b/0x50 [ 16.157185] __kasan_kmalloc+0xb7/0xc0 [ 16.157377] __kmalloc_cache_noprof+0x189/0x420 [ 16.157612] kasan_atomics+0x95/0x310 [ 16.157843] kunit_try_run_case+0x1a5/0x480 [ 16.158032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.158317] kthread+0x337/0x6f0 [ 16.158493] ret_from_fork+0x116/0x1d0 [ 16.158664] ret_from_fork_asm+0x1a/0x30 [ 16.158807] [ 16.158963] The buggy address belongs to the object at ffff8881025e4100 [ 16.158963] which belongs to the cache kmalloc-64 of size 64 [ 16.159520] The buggy address is located 0 bytes to the right of [ 16.159520] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.160009] [ 16.160163] The buggy address belongs to the physical page: [ 16.160444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.160767] flags: 0x200000000000000(node=0|zone=2) [ 16.161048] page_type: f5(slab) [ 16.161264] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.161595] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.161962] page dumped because: kasan: bad access detected [ 16.162251] [ 16.162365] Memory state around the buggy address: [ 16.162571] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.162912] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.163280] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.163658] ^ [ 16.163845] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.164150] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.164465] ================================================================== [ 15.198903] ================================================================== [ 15.199143] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 15.199371] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.199596] [ 15.199679] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.199721] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.199734] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.199756] Call Trace: [ 15.199770] <TASK> [ 15.199785] dump_stack_lvl+0x73/0xb0 [ 15.199923] print_report+0xd1/0x610 [ 15.199951] ? __virt_addr_valid+0x1db/0x2d0 [ 15.199974] ? kasan_atomics_helper+0x860/0x5450 [ 15.200004] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.200028] ? kasan_atomics_helper+0x860/0x5450 [ 15.200051] kasan_report+0x141/0x180 [ 15.200074] ? kasan_atomics_helper+0x860/0x5450 [ 15.200101] kasan_check_range+0x10c/0x1c0 [ 15.200125] __kasan_check_write+0x18/0x20 [ 15.200145] kasan_atomics_helper+0x860/0x5450 [ 15.200168] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.200191] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.200216] ? kasan_atomics+0x152/0x310 [ 15.200244] kasan_atomics+0x1dc/0x310 [ 15.200267] ? __pfx_kasan_atomics+0x10/0x10 [ 15.200291] ? __pfx_read_tsc+0x10/0x10 [ 15.200313] ? ktime_get_ts64+0x86/0x230 [ 15.200337] kunit_try_run_case+0x1a5/0x480 [ 15.200361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.200385] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.200409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.200434] ? __kthread_parkme+0x82/0x180 [ 15.200455] ? preempt_count_sub+0x50/0x80 [ 15.200478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.200503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.200527] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.200552] kthread+0x337/0x6f0 [ 15.200573] ? trace_preempt_on+0x20/0xc0 [ 15.200596] ? __pfx_kthread+0x10/0x10 [ 15.200617] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.200639] ? calculate_sigpending+0x7b/0xa0 [ 15.200663] ? __pfx_kthread+0x10/0x10 [ 15.200686] ret_from_fork+0x116/0x1d0 [ 15.200705] ? __pfx_kthread+0x10/0x10 [ 15.200727] ret_from_fork_asm+0x1a/0x30 [ 15.200757] </TASK> [ 15.200768] [ 15.208954] Allocated by task 282: [ 15.209091] kasan_save_stack+0x45/0x70 [ 15.209291] kasan_save_track+0x18/0x40 [ 15.209485] kasan_save_alloc_info+0x3b/0x50 [ 15.209675] __kasan_kmalloc+0xb7/0xc0 [ 15.209855] __kmalloc_cache_noprof+0x189/0x420 [ 15.210077] kasan_atomics+0x95/0x310 [ 15.210246] kunit_try_run_case+0x1a5/0x480 [ 15.210436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.210642] kthread+0x337/0x6f0 [ 15.210765] ret_from_fork+0x116/0x1d0 [ 15.210913] ret_from_fork_asm+0x1a/0x30 [ 15.211055] [ 15.211212] The buggy address belongs to the object at ffff8881025e4100 [ 15.211212] which belongs to the cache kmalloc-64 of size 64 [ 15.211740] The buggy address is located 0 bytes to the right of [ 15.211740] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.212461] [ 15.212543] The buggy address belongs to the physical page: [ 15.212720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.213026] flags: 0x200000000000000(node=0|zone=2) [ 15.213498] page_type: f5(slab) [ 15.213670] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.213982] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.214309] page dumped because: kasan: bad access detected [ 15.214547] [ 15.214622] Memory state around the buggy address: [ 15.214827] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.215133] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.215414] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.215687] ^ [ 15.215903] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.216288] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.216564] ================================================================== [ 16.041960] ================================================================== [ 16.042349] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 16.042705] Write of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.043065] [ 16.043249] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.043292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.043325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.043346] Call Trace: [ 16.043364] <TASK> [ 16.043380] dump_stack_lvl+0x73/0xb0 [ 16.043407] print_report+0xd1/0x610 [ 16.043430] ? __virt_addr_valid+0x1db/0x2d0 [ 16.043452] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.043474] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.043516] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.043539] kasan_report+0x141/0x180 [ 16.043561] ? kasan_atomics_helper+0x1d7a/0x5450 [ 16.043589] kasan_check_range+0x10c/0x1c0 [ 16.043612] __kasan_check_write+0x18/0x20 [ 16.043633] kasan_atomics_helper+0x1d7a/0x5450 [ 16.043656] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.043694] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.043720] ? kasan_atomics+0x152/0x310 [ 16.043747] kasan_atomics+0x1dc/0x310 [ 16.043770] ? __pfx_kasan_atomics+0x10/0x10 [ 16.043796] ? __pfx_read_tsc+0x10/0x10 [ 16.043829] ? ktime_get_ts64+0x86/0x230 [ 16.043854] kunit_try_run_case+0x1a5/0x480 [ 16.043879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.043903] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.043927] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.043952] ? __kthread_parkme+0x82/0x180 [ 16.043973] ? preempt_count_sub+0x50/0x80 [ 16.043998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.044022] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.044047] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.044071] kthread+0x337/0x6f0 [ 16.044092] ? trace_preempt_on+0x20/0xc0 [ 16.044115] ? __pfx_kthread+0x10/0x10 [ 16.044137] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.044159] ? calculate_sigpending+0x7b/0xa0 [ 16.044184] ? __pfx_kthread+0x10/0x10 [ 16.044206] ret_from_fork+0x116/0x1d0 [ 16.044226] ? __pfx_kthread+0x10/0x10 [ 16.044248] ret_from_fork_asm+0x1a/0x30 [ 16.044278] </TASK> [ 16.044289] [ 16.051636] Allocated by task 282: [ 16.051765] kasan_save_stack+0x45/0x70 [ 16.051917] kasan_save_track+0x18/0x40 [ 16.052050] kasan_save_alloc_info+0x3b/0x50 [ 16.052196] __kasan_kmalloc+0xb7/0xc0 [ 16.052327] __kmalloc_cache_noprof+0x189/0x420 [ 16.052517] kasan_atomics+0x95/0x310 [ 16.052851] kunit_try_run_case+0x1a5/0x480 [ 16.053293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.053543] kthread+0x337/0x6f0 [ 16.053712] ret_from_fork+0x116/0x1d0 [ 16.053906] ret_from_fork_asm+0x1a/0x30 [ 16.054154] [ 16.054250] The buggy address belongs to the object at ffff8881025e4100 [ 16.054250] which belongs to the cache kmalloc-64 of size 64 [ 16.054622] The buggy address is located 0 bytes to the right of [ 16.054622] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.055087] [ 16.055184] The buggy address belongs to the physical page: [ 16.055442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.055808] flags: 0x200000000000000(node=0|zone=2) [ 16.056038] page_type: f5(slab) [ 16.056293] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.056588] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.056858] page dumped because: kasan: bad access detected [ 16.057028] [ 16.057146] Memory state around the buggy address: [ 16.057366] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.057681] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.058011] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.058309] ^ [ 16.058462] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.058673] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.059005] ================================================================== [ 16.006164] ================================================================== [ 16.006591] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 16.006929] Read of size 8 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 16.007383] [ 16.007522] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 16.007564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.007578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.007599] Call Trace: [ 16.007614] <TASK> [ 16.007628] dump_stack_lvl+0x73/0xb0 [ 16.007656] print_report+0xd1/0x610 [ 16.007715] ? __virt_addr_valid+0x1db/0x2d0 [ 16.007738] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.007760] ? kasan_complete_mode_report_info+0x2a/0x200 [ 16.007783] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.007806] kasan_report+0x141/0x180 [ 16.007873] ? kasan_atomics_helper+0x4f30/0x5450 [ 16.007900] __asan_report_load8_noabort+0x18/0x20 [ 16.007925] kasan_atomics_helper+0x4f30/0x5450 [ 16.007948] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 16.007971] ? __kmalloc_cache_noprof+0x189/0x420 [ 16.008027] ? kasan_atomics+0x152/0x310 [ 16.008054] kasan_atomics+0x1dc/0x310 [ 16.008078] ? __pfx_kasan_atomics+0x10/0x10 [ 16.008112] ? __pfx_read_tsc+0x10/0x10 [ 16.008134] ? ktime_get_ts64+0x86/0x230 [ 16.008189] kunit_try_run_case+0x1a5/0x480 [ 16.008215] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.008239] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.008264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.008288] ? __kthread_parkme+0x82/0x180 [ 16.008309] ? preempt_count_sub+0x50/0x80 [ 16.008364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.008390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.008414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.008439] kthread+0x337/0x6f0 [ 16.008459] ? trace_preempt_on+0x20/0xc0 [ 16.008507] ? __pfx_kthread+0x10/0x10 [ 16.008529] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.008553] ? calculate_sigpending+0x7b/0xa0 [ 16.008578] ? __pfx_kthread+0x10/0x10 [ 16.008603] ret_from_fork+0x116/0x1d0 [ 16.008623] ? __pfx_kthread+0x10/0x10 [ 16.008646] ret_from_fork_asm+0x1a/0x30 [ 16.008676] </TASK> [ 16.008687] [ 16.015736] Allocated by task 282: [ 16.015878] kasan_save_stack+0x45/0x70 [ 16.016021] kasan_save_track+0x18/0x40 [ 16.016323] kasan_save_alloc_info+0x3b/0x50 [ 16.016552] __kasan_kmalloc+0xb7/0xc0 [ 16.016742] __kmalloc_cache_noprof+0x189/0x420 [ 16.016976] kasan_atomics+0x95/0x310 [ 16.017221] kunit_try_run_case+0x1a5/0x480 [ 16.017666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.017928] kthread+0x337/0x6f0 [ 16.018106] ret_from_fork+0x116/0x1d0 [ 16.018296] ret_from_fork_asm+0x1a/0x30 [ 16.018516] [ 16.018613] The buggy address belongs to the object at ffff8881025e4100 [ 16.018613] which belongs to the cache kmalloc-64 of size 64 [ 16.019019] The buggy address is located 0 bytes to the right of [ 16.019019] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 16.019642] [ 16.019889] The buggy address belongs to the physical page: [ 16.020200] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 16.020559] flags: 0x200000000000000(node=0|zone=2) [ 16.020802] page_type: f5(slab) [ 16.020974] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 16.021283] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 16.021588] page dumped because: kasan: bad access detected [ 16.021766] [ 16.021848] Memory state around the buggy address: [ 16.022006] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.022229] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 16.022569] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 16.022893] ^ [ 16.023117] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.023433] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 16.023746] ================================================================== [ 15.031024] ================================================================== [ 15.031490] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 15.031726] Read of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.032056] [ 15.032165] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.032209] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.032222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.032244] Call Trace: [ 15.032257] <TASK> [ 15.032272] dump_stack_lvl+0x73/0xb0 [ 15.032298] print_report+0xd1/0x610 [ 15.032321] ? __virt_addr_valid+0x1db/0x2d0 [ 15.032343] ? kasan_atomics_helper+0x3df/0x5450 [ 15.032365] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.032389] ? kasan_atomics_helper+0x3df/0x5450 [ 15.032411] kasan_report+0x141/0x180 [ 15.032434] ? kasan_atomics_helper+0x3df/0x5450 [ 15.032460] kasan_check_range+0x10c/0x1c0 [ 15.032483] __kasan_check_read+0x15/0x20 [ 15.032503] kasan_atomics_helper+0x3df/0x5450 [ 15.032527] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.032550] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.032575] ? kasan_atomics+0x152/0x310 [ 15.032603] kasan_atomics+0x1dc/0x310 [ 15.032626] ? __pfx_kasan_atomics+0x10/0x10 [ 15.032651] ? __pfx_read_tsc+0x10/0x10 [ 15.032672] ? ktime_get_ts64+0x86/0x230 [ 15.032696] kunit_try_run_case+0x1a5/0x480 [ 15.032720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.032744] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.032768] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.032792] ? __kthread_parkme+0x82/0x180 [ 15.032823] ? preempt_count_sub+0x50/0x80 [ 15.032853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.032877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.032901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.032926] kthread+0x337/0x6f0 [ 15.032946] ? trace_preempt_on+0x20/0xc0 [ 15.032969] ? __pfx_kthread+0x10/0x10 [ 15.032990] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.033012] ? calculate_sigpending+0x7b/0xa0 [ 15.033036] ? __pfx_kthread+0x10/0x10 [ 15.033058] ret_from_fork+0x116/0x1d0 [ 15.033077] ? __pfx_kthread+0x10/0x10 [ 15.033110] ret_from_fork_asm+0x1a/0x30 [ 15.033142] </TASK> [ 15.033152] [ 15.040742] Allocated by task 282: [ 15.040943] kasan_save_stack+0x45/0x70 [ 15.041207] kasan_save_track+0x18/0x40 [ 15.041377] kasan_save_alloc_info+0x3b/0x50 [ 15.041576] __kasan_kmalloc+0xb7/0xc0 [ 15.041741] __kmalloc_cache_noprof+0x189/0x420 [ 15.041972] kasan_atomics+0x95/0x310 [ 15.042171] kunit_try_run_case+0x1a5/0x480 [ 15.042360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.042566] kthread+0x337/0x6f0 [ 15.042690] ret_from_fork+0x116/0x1d0 [ 15.042895] ret_from_fork_asm+0x1a/0x30 [ 15.043093] [ 15.043192] The buggy address belongs to the object at ffff8881025e4100 [ 15.043192] which belongs to the cache kmalloc-64 of size 64 [ 15.043659] The buggy address is located 0 bytes to the right of [ 15.043659] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.044190] [ 15.044264] The buggy address belongs to the physical page: [ 15.044503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.044810] flags: 0x200000000000000(node=0|zone=2) [ 15.045040] page_type: f5(slab) [ 15.045322] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.045612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.045853] page dumped because: kasan: bad access detected [ 15.046030] [ 15.046102] Memory state around the buggy address: [ 15.046260] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.046480] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.046698] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.046974] ^ [ 15.047333] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.047654] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.047981] ================================================================== [ 15.084876] ================================================================== [ 15.085213] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 15.085546] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.085899] [ 15.086079] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.086123] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.086136] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.086157] Call Trace: [ 15.086171] <TASK> [ 15.086186] dump_stack_lvl+0x73/0xb0 [ 15.086213] print_report+0xd1/0x610 [ 15.086236] ? __virt_addr_valid+0x1db/0x2d0 [ 15.086259] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.086281] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.086304] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.086327] kasan_report+0x141/0x180 [ 15.086350] ? kasan_atomics_helper+0x4b3a/0x5450 [ 15.086377] __asan_report_store4_noabort+0x1b/0x30 [ 15.086403] kasan_atomics_helper+0x4b3a/0x5450 [ 15.086427] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.086450] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.086475] ? kasan_atomics+0x152/0x310 [ 15.086502] kasan_atomics+0x1dc/0x310 [ 15.086526] ? __pfx_kasan_atomics+0x10/0x10 [ 15.086550] ? __pfx_read_tsc+0x10/0x10 [ 15.086572] ? ktime_get_ts64+0x86/0x230 [ 15.086597] kunit_try_run_case+0x1a5/0x480 [ 15.086621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.086645] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.086669] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.086694] ? __kthread_parkme+0x82/0x180 [ 15.086716] ? preempt_count_sub+0x50/0x80 [ 15.086741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.086765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.086790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.086825] kthread+0x337/0x6f0 [ 15.086846] ? trace_preempt_on+0x20/0xc0 [ 15.086869] ? __pfx_kthread+0x10/0x10 [ 15.086891] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.086913] ? calculate_sigpending+0x7b/0xa0 [ 15.086937] ? __pfx_kthread+0x10/0x10 [ 15.086959] ret_from_fork+0x116/0x1d0 [ 15.086978] ? __pfx_kthread+0x10/0x10 [ 15.086999] ret_from_fork_asm+0x1a/0x30 [ 15.087029] </TASK> [ 15.087040] [ 15.095582] Allocated by task 282: [ 15.095714] kasan_save_stack+0x45/0x70 [ 15.095870] kasan_save_track+0x18/0x40 [ 15.096008] kasan_save_alloc_info+0x3b/0x50 [ 15.096158] __kasan_kmalloc+0xb7/0xc0 [ 15.096292] __kmalloc_cache_noprof+0x189/0x420 [ 15.096472] kasan_atomics+0x95/0x310 [ 15.096610] kunit_try_run_case+0x1a5/0x480 [ 15.096759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.096954] kthread+0x337/0x6f0 [ 15.097081] ret_from_fork+0x116/0x1d0 [ 15.097217] ret_from_fork_asm+0x1a/0x30 [ 15.097359] [ 15.097431] The buggy address belongs to the object at ffff8881025e4100 [ 15.097431] which belongs to the cache kmalloc-64 of size 64 [ 15.097804] The buggy address is located 0 bytes to the right of [ 15.097804] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.098187] [ 15.098263] The buggy address belongs to the physical page: [ 15.098437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.098680] flags: 0x200000000000000(node=0|zone=2) [ 15.098854] page_type: f5(slab) [ 15.098977] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.099212] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.099440] page dumped because: kasan: bad access detected [ 15.099701] [ 15.099871] Memory state around the buggy address: [ 15.100272] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.100869] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.101529] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.102122] ^ [ 15.102524] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.103143] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.103767] ================================================================== [ 15.355630] ================================================================== [ 15.356253] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 15.356640] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.357013] [ 15.357230] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.357341] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.357356] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.357378] Call Trace: [ 15.357395] <TASK> [ 15.357410] dump_stack_lvl+0x73/0xb0 [ 15.357439] print_report+0xd1/0x610 [ 15.357588] ? __virt_addr_valid+0x1db/0x2d0 [ 15.357614] ? kasan_atomics_helper+0xd47/0x5450 [ 15.357636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.357660] ? kasan_atomics_helper+0xd47/0x5450 [ 15.357682] kasan_report+0x141/0x180 [ 15.357705] ? kasan_atomics_helper+0xd47/0x5450 [ 15.357731] kasan_check_range+0x10c/0x1c0 [ 15.357755] __kasan_check_write+0x18/0x20 [ 15.357775] kasan_atomics_helper+0xd47/0x5450 [ 15.357798] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.357835] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.357861] ? kasan_atomics+0x152/0x310 [ 15.357888] kasan_atomics+0x1dc/0x310 [ 15.357911] ? __pfx_kasan_atomics+0x10/0x10 [ 15.357936] ? __pfx_read_tsc+0x10/0x10 [ 15.357957] ? ktime_get_ts64+0x86/0x230 [ 15.357981] kunit_try_run_case+0x1a5/0x480 [ 15.358006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.358030] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.358055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.358079] ? __kthread_parkme+0x82/0x180 [ 15.358112] ? preempt_count_sub+0x50/0x80 [ 15.358138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.358164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.358189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.358213] kthread+0x337/0x6f0 [ 15.358233] ? trace_preempt_on+0x20/0xc0 [ 15.358257] ? __pfx_kthread+0x10/0x10 [ 15.358278] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.358301] ? calculate_sigpending+0x7b/0xa0 [ 15.358325] ? __pfx_kthread+0x10/0x10 [ 15.358347] ret_from_fork+0x116/0x1d0 [ 15.358366] ? __pfx_kthread+0x10/0x10 [ 15.358388] ret_from_fork_asm+0x1a/0x30 [ 15.358418] </TASK> [ 15.358429] [ 15.368131] Allocated by task 282: [ 15.368514] kasan_save_stack+0x45/0x70 [ 15.368790] kasan_save_track+0x18/0x40 [ 15.369001] kasan_save_alloc_info+0x3b/0x50 [ 15.369364] __kasan_kmalloc+0xb7/0xc0 [ 15.369557] __kmalloc_cache_noprof+0x189/0x420 [ 15.369867] kasan_atomics+0x95/0x310 [ 15.370061] kunit_try_run_case+0x1a5/0x480 [ 15.370391] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.370642] kthread+0x337/0x6f0 [ 15.370919] ret_from_fork+0x116/0x1d0 [ 15.371069] ret_from_fork_asm+0x1a/0x30 [ 15.371285] [ 15.371386] The buggy address belongs to the object at ffff8881025e4100 [ 15.371386] which belongs to the cache kmalloc-64 of size 64 [ 15.371879] The buggy address is located 0 bytes to the right of [ 15.371879] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.372794] [ 15.372920] The buggy address belongs to the physical page: [ 15.373327] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.373670] flags: 0x200000000000000(node=0|zone=2) [ 15.373974] page_type: f5(slab) [ 15.374176] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.374588] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.374977] page dumped because: kasan: bad access detected [ 15.375318] [ 15.375397] Memory state around the buggy address: [ 15.375618] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.376104] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.376472] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.376883] ^ [ 15.377228] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.377527] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.377939] ================================================================== [ 15.163157] ================================================================== [ 15.163396] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 15.163635] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.164037] [ 15.164148] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.164191] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.164203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.164225] Call Trace: [ 15.164239] <TASK> [ 15.164253] dump_stack_lvl+0x73/0xb0 [ 15.164281] print_report+0xd1/0x610 [ 15.164303] ? __virt_addr_valid+0x1db/0x2d0 [ 15.164326] ? kasan_atomics_helper+0x72f/0x5450 [ 15.164347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.164370] ? kasan_atomics_helper+0x72f/0x5450 [ 15.164392] kasan_report+0x141/0x180 [ 15.164415] ? kasan_atomics_helper+0x72f/0x5450 [ 15.164442] kasan_check_range+0x10c/0x1c0 [ 15.164466] __kasan_check_write+0x18/0x20 [ 15.164486] kasan_atomics_helper+0x72f/0x5450 [ 15.164509] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.164531] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.164556] ? kasan_atomics+0x152/0x310 [ 15.164583] kasan_atomics+0x1dc/0x310 [ 15.164606] ? __pfx_kasan_atomics+0x10/0x10 [ 15.164631] ? __pfx_read_tsc+0x10/0x10 [ 15.164652] ? ktime_get_ts64+0x86/0x230 [ 15.164677] kunit_try_run_case+0x1a5/0x480 [ 15.164702] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.164725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.164749] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.164774] ? __kthread_parkme+0x82/0x180 [ 15.164794] ? preempt_count_sub+0x50/0x80 [ 15.164831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.164861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.164885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.164911] kthread+0x337/0x6f0 [ 15.164931] ? trace_preempt_on+0x20/0xc0 [ 15.164955] ? __pfx_kthread+0x10/0x10 [ 15.164975] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.164998] ? calculate_sigpending+0x7b/0xa0 [ 15.165022] ? __pfx_kthread+0x10/0x10 [ 15.165045] ret_from_fork+0x116/0x1d0 [ 15.165064] ? __pfx_kthread+0x10/0x10 [ 15.165085] ret_from_fork_asm+0x1a/0x30 [ 15.165116] </TASK> [ 15.165127] [ 15.172886] Allocated by task 282: [ 15.173019] kasan_save_stack+0x45/0x70 [ 15.173338] kasan_save_track+0x18/0x40 [ 15.173532] kasan_save_alloc_info+0x3b/0x50 [ 15.173726] __kasan_kmalloc+0xb7/0xc0 [ 15.173873] __kmalloc_cache_noprof+0x189/0x420 [ 15.174103] kasan_atomics+0x95/0x310 [ 15.174299] kunit_try_run_case+0x1a5/0x480 [ 15.174476] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.174740] kthread+0x337/0x6f0 [ 15.174903] ret_from_fork+0x116/0x1d0 [ 15.175073] ret_from_fork_asm+0x1a/0x30 [ 15.175261] [ 15.175359] The buggy address belongs to the object at ffff8881025e4100 [ 15.175359] which belongs to the cache kmalloc-64 of size 64 [ 15.175782] The buggy address is located 0 bytes to the right of [ 15.175782] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.176323] [ 15.176421] The buggy address belongs to the physical page: [ 15.176680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.177051] flags: 0x200000000000000(node=0|zone=2) [ 15.177322] page_type: f5(slab) [ 15.177448] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.177766] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.178132] page dumped because: kasan: bad access detected [ 15.178358] [ 15.178436] Memory state around the buggy address: [ 15.178632] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.178914] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.179263] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.179557] ^ [ 15.179756] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.180058] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.180356] ================================================================== [ 15.235202] ================================================================== [ 15.235509] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 15.235740] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.235982] [ 15.236067] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.236111] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.236124] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.236146] Call Trace: [ 15.236163] <TASK> [ 15.236180] dump_stack_lvl+0x73/0xb0 [ 15.236206] print_report+0xd1/0x610 [ 15.236227] ? __virt_addr_valid+0x1db/0x2d0 [ 15.236251] ? kasan_atomics_helper+0x992/0x5450 [ 15.236273] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.236295] ? kasan_atomics_helper+0x992/0x5450 [ 15.236318] kasan_report+0x141/0x180 [ 15.236341] ? kasan_atomics_helper+0x992/0x5450 [ 15.236367] kasan_check_range+0x10c/0x1c0 [ 15.236391] __kasan_check_write+0x18/0x20 [ 15.236411] kasan_atomics_helper+0x992/0x5450 [ 15.236434] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.236456] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.236482] ? kasan_atomics+0x152/0x310 [ 15.236509] kasan_atomics+0x1dc/0x310 [ 15.236532] ? __pfx_kasan_atomics+0x10/0x10 [ 15.236557] ? __pfx_read_tsc+0x10/0x10 [ 15.236579] ? ktime_get_ts64+0x86/0x230 [ 15.236604] kunit_try_run_case+0x1a5/0x480 [ 15.236628] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.236652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.236676] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.236700] ? __kthread_parkme+0x82/0x180 [ 15.236721] ? preempt_count_sub+0x50/0x80 [ 15.236746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.236770] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.236795] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.236829] kthread+0x337/0x6f0 [ 15.236853] ? trace_preempt_on+0x20/0xc0 [ 15.236876] ? __pfx_kthread+0x10/0x10 [ 15.236897] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.236919] ? calculate_sigpending+0x7b/0xa0 [ 15.236943] ? __pfx_kthread+0x10/0x10 [ 15.236965] ret_from_fork+0x116/0x1d0 [ 15.236984] ? __pfx_kthread+0x10/0x10 [ 15.237006] ret_from_fork_asm+0x1a/0x30 [ 15.237036] </TASK> [ 15.237047] [ 15.244780] Allocated by task 282: [ 15.244971] kasan_save_stack+0x45/0x70 [ 15.245173] kasan_save_track+0x18/0x40 [ 15.245366] kasan_save_alloc_info+0x3b/0x50 [ 15.245544] __kasan_kmalloc+0xb7/0xc0 [ 15.245723] __kmalloc_cache_noprof+0x189/0x420 [ 15.245893] kasan_atomics+0x95/0x310 [ 15.246029] kunit_try_run_case+0x1a5/0x480 [ 15.246406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.246663] kthread+0x337/0x6f0 [ 15.246852] ret_from_fork+0x116/0x1d0 [ 15.247047] ret_from_fork_asm+0x1a/0x30 [ 15.247276] [ 15.247380] The buggy address belongs to the object at ffff8881025e4100 [ 15.247380] which belongs to the cache kmalloc-64 of size 64 [ 15.247841] The buggy address is located 0 bytes to the right of [ 15.247841] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.248385] [ 15.248480] The buggy address belongs to the physical page: [ 15.248667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.248925] flags: 0x200000000000000(node=0|zone=2) [ 15.249154] page_type: f5(slab) [ 15.249418] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.249758] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.250002] page dumped because: kasan: bad access detected [ 15.250380] [ 15.250477] Memory state around the buggy address: [ 15.250703] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.251041] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.251514] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.251797] ^ [ 15.251986] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.252307] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.252579] ================================================================== [ 15.270669] ================================================================== [ 15.271003] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 15.271350] Write of size 4 at addr ffff8881025e4130 by task kunit_try_catch/282 [ 15.271583] [ 15.271675] CPU: 1 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 15.271725] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.271738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.271761] Call Trace: [ 15.271774] <TASK> [ 15.271790] dump_stack_lvl+0x73/0xb0 [ 15.271829] print_report+0xd1/0x610 [ 15.271852] ? __virt_addr_valid+0x1db/0x2d0 [ 15.271875] ? kasan_atomics_helper+0xac7/0x5450 [ 15.271898] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.271921] ? kasan_atomics_helper+0xac7/0x5450 [ 15.271945] kasan_report+0x141/0x180 [ 15.271968] ? kasan_atomics_helper+0xac7/0x5450 [ 15.271994] kasan_check_range+0x10c/0x1c0 [ 15.272019] __kasan_check_write+0x18/0x20 [ 15.272039] kasan_atomics_helper+0xac7/0x5450 [ 15.272062] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.272085] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.272122] ? kasan_atomics+0x152/0x310 [ 15.272149] kasan_atomics+0x1dc/0x310 [ 15.272172] ? __pfx_kasan_atomics+0x10/0x10 [ 15.272197] ? __pfx_read_tsc+0x10/0x10 [ 15.272218] ? ktime_get_ts64+0x86/0x230 [ 15.272241] kunit_try_run_case+0x1a5/0x480 [ 15.272267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.272290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.272315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.272338] ? __kthread_parkme+0x82/0x180 [ 15.272358] ? preempt_count_sub+0x50/0x80 [ 15.272382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.272407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.272431] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.272455] kthread+0x337/0x6f0 [ 15.272475] ? trace_preempt_on+0x20/0xc0 [ 15.272498] ? __pfx_kthread+0x10/0x10 [ 15.272520] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.272542] ? calculate_sigpending+0x7b/0xa0 [ 15.272565] ? __pfx_kthread+0x10/0x10 [ 15.272588] ret_from_fork+0x116/0x1d0 [ 15.272607] ? __pfx_kthread+0x10/0x10 [ 15.272629] ret_from_fork_asm+0x1a/0x30 [ 15.272659] </TASK> [ 15.272671] [ 15.281182] Allocated by task 282: [ 15.281498] kasan_save_stack+0x45/0x70 [ 15.281861] kasan_save_track+0x18/0x40 [ 15.282228] kasan_save_alloc_info+0x3b/0x50 [ 15.282605] __kasan_kmalloc+0xb7/0xc0 [ 15.282943] __kmalloc_cache_noprof+0x189/0x420 [ 15.283161] kasan_atomics+0x95/0x310 [ 15.283296] kunit_try_run_case+0x1a5/0x480 [ 15.283445] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.283622] kthread+0x337/0x6f0 [ 15.283763] ret_from_fork+0x116/0x1d0 [ 15.283910] ret_from_fork_asm+0x1a/0x30 [ 15.284054] [ 15.284128] The buggy address belongs to the object at ffff8881025e4100 [ 15.284128] which belongs to the cache kmalloc-64 of size 64 [ 15.284485] The buggy address is located 0 bytes to the right of [ 15.284485] allocated 48-byte region [ffff8881025e4100, ffff8881025e4130) [ 15.284864] [ 15.284937] The buggy address belongs to the physical page: [ 15.285111] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e4 [ 15.285355] flags: 0x200000000000000(node=0|zone=2) [ 15.285521] page_type: f5(slab) [ 15.285834] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.286458] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.287228] page dumped because: kasan: bad access detected [ 15.287696] [ 15.287863] Memory state around the buggy address: [ 15.288296] ffff8881025e4000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.288907] ffff8881025e4080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.289498] >ffff8881025e4100: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.290099] ^ [ 15.290509] ffff8881025e4180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.291110] ffff8881025e4200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.291691] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 14.840566] ================================================================== [ 14.841138] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.841505] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.842006] [ 14.842116] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.842161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.842173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.842194] Call Trace: [ 14.842208] <TASK> [ 14.842223] dump_stack_lvl+0x73/0xb0 [ 14.842251] print_report+0xd1/0x610 [ 14.842273] ? __virt_addr_valid+0x1db/0x2d0 [ 14.842317] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.842344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.842366] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.842394] kasan_report+0x141/0x180 [ 14.842416] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.842448] kasan_check_range+0x10c/0x1c0 [ 14.842470] __kasan_check_write+0x18/0x20 [ 14.842490] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 14.842517] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.842546] ? ret_from_fork_asm+0x1a/0x30 [ 14.842567] ? kthread+0x337/0x6f0 [ 14.842591] kasan_bitops_generic+0x121/0x1c0 [ 14.842613] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.842637] ? __pfx_read_tsc+0x10/0x10 [ 14.842659] ? ktime_get_ts64+0x86/0x230 [ 14.842681] kunit_try_run_case+0x1a5/0x480 [ 14.842705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.842746] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.842771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.842794] ? __kthread_parkme+0x82/0x180 [ 14.842823] ? preempt_count_sub+0x50/0x80 [ 14.842847] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.842870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.842893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.842917] kthread+0x337/0x6f0 [ 14.842937] ? trace_preempt_on+0x20/0xc0 [ 14.842960] ? __pfx_kthread+0x10/0x10 [ 14.842980] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.843001] ? calculate_sigpending+0x7b/0xa0 [ 14.843024] ? __pfx_kthread+0x10/0x10 [ 14.843045] ret_from_fork+0x116/0x1d0 [ 14.843063] ? __pfx_kthread+0x10/0x10 [ 14.843083] ret_from_fork_asm+0x1a/0x30 [ 14.843126] </TASK> [ 14.843137] [ 14.851266] Allocated by task 278: [ 14.851448] kasan_save_stack+0x45/0x70 [ 14.851613] kasan_save_track+0x18/0x40 [ 14.851830] kasan_save_alloc_info+0x3b/0x50 [ 14.852019] __kasan_kmalloc+0xb7/0xc0 [ 14.852221] __kmalloc_cache_noprof+0x189/0x420 [ 14.852453] kasan_bitops_generic+0x92/0x1c0 [ 14.852662] kunit_try_run_case+0x1a5/0x480 [ 14.852888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.853229] kthread+0x337/0x6f0 [ 14.853381] ret_from_fork+0x116/0x1d0 [ 14.853571] ret_from_fork_asm+0x1a/0x30 [ 14.853764] [ 14.853854] The buggy address belongs to the object at ffff8881025ca080 [ 14.853854] which belongs to the cache kmalloc-16 of size 16 [ 14.854355] The buggy address is located 8 bytes inside of [ 14.854355] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.854710] [ 14.854785] The buggy address belongs to the physical page: [ 14.854969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.855341] flags: 0x200000000000000(node=0|zone=2) [ 14.855761] page_type: f5(slab) [ 14.855942] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.856472] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.856804] page dumped because: kasan: bad access detected [ 14.857040] [ 14.857150] Memory state around the buggy address: [ 14.857368] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.857672] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.857902] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.858118] ^ [ 14.858242] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.858558] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.858902] ================================================================== [ 14.788686] ================================================================== [ 14.789063] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.789477] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.790606] [ 14.790729] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.790786] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.790799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.790831] Call Trace: [ 14.790846] <TASK> [ 14.790860] dump_stack_lvl+0x73/0xb0 [ 14.790889] print_report+0xd1/0x610 [ 14.790910] ? __virt_addr_valid+0x1db/0x2d0 [ 14.790932] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.790959] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.790981] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.791008] kasan_report+0x141/0x180 [ 14.791029] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.791061] kasan_check_range+0x10c/0x1c0 [ 14.791085] __kasan_check_write+0x18/0x20 [ 14.791104] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 14.791131] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.791160] ? ret_from_fork_asm+0x1a/0x30 [ 14.791182] ? kthread+0x337/0x6f0 [ 14.791205] kasan_bitops_generic+0x121/0x1c0 [ 14.791228] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.791252] ? __pfx_read_tsc+0x10/0x10 [ 14.791272] ? ktime_get_ts64+0x86/0x230 [ 14.791295] kunit_try_run_case+0x1a5/0x480 [ 14.791321] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.791344] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.791366] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.791389] ? __kthread_parkme+0x82/0x180 [ 14.791409] ? preempt_count_sub+0x50/0x80 [ 14.791431] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.791455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.791478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.791501] kthread+0x337/0x6f0 [ 14.791520] ? trace_preempt_on+0x20/0xc0 [ 14.791542] ? __pfx_kthread+0x10/0x10 [ 14.791563] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.791583] ? calculate_sigpending+0x7b/0xa0 [ 14.791606] ? __pfx_kthread+0x10/0x10 [ 14.791627] ret_from_fork+0x116/0x1d0 [ 14.791645] ? __pfx_kthread+0x10/0x10 [ 14.791665] ret_from_fork_asm+0x1a/0x30 [ 14.791694] </TASK> [ 14.791704] [ 14.807591] Allocated by task 278: [ 14.807740] kasan_save_stack+0x45/0x70 [ 14.807904] kasan_save_track+0x18/0x40 [ 14.808043] kasan_save_alloc_info+0x3b/0x50 [ 14.808194] __kasan_kmalloc+0xb7/0xc0 [ 14.808361] __kmalloc_cache_noprof+0x189/0x420 [ 14.808547] kasan_bitops_generic+0x92/0x1c0 [ 14.808698] kunit_try_run_case+0x1a5/0x480 [ 14.808910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.809249] kthread+0x337/0x6f0 [ 14.809403] ret_from_fork+0x116/0x1d0 [ 14.809569] ret_from_fork_asm+0x1a/0x30 [ 14.809744] [ 14.809828] The buggy address belongs to the object at ffff8881025ca080 [ 14.809828] which belongs to the cache kmalloc-16 of size 16 [ 14.810451] The buggy address is located 8 bytes inside of [ 14.810451] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.810945] [ 14.811025] The buggy address belongs to the physical page: [ 14.811380] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.811739] flags: 0x200000000000000(node=0|zone=2) [ 14.811959] page_type: f5(slab) [ 14.812141] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.812380] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.812705] page dumped because: kasan: bad access detected [ 14.812940] [ 14.813012] Memory state around the buggy address: [ 14.813168] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.813551] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.813875] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.814221] ^ [ 14.814345] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.814561] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.814883] ================================================================== [ 14.859469] ================================================================== [ 14.860219] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.860563] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.860911] [ 14.860997] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.861063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.861075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.861096] Call Trace: [ 14.861108] <TASK> [ 14.861123] dump_stack_lvl+0x73/0xb0 [ 14.861149] print_report+0xd1/0x610 [ 14.861170] ? __virt_addr_valid+0x1db/0x2d0 [ 14.861191] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.861218] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.861240] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.861268] kasan_report+0x141/0x180 [ 14.861291] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.861322] kasan_check_range+0x10c/0x1c0 [ 14.861346] __kasan_check_write+0x18/0x20 [ 14.861365] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 14.861392] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.861421] ? ret_from_fork_asm+0x1a/0x30 [ 14.861442] ? kthread+0x337/0x6f0 [ 14.861488] kasan_bitops_generic+0x121/0x1c0 [ 14.861512] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.861537] ? __pfx_read_tsc+0x10/0x10 [ 14.861556] ? ktime_get_ts64+0x86/0x230 [ 14.861579] kunit_try_run_case+0x1a5/0x480 [ 14.861603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.861625] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.861665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.861689] ? __kthread_parkme+0x82/0x180 [ 14.861708] ? preempt_count_sub+0x50/0x80 [ 14.861731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.861754] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.861778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.861800] kthread+0x337/0x6f0 [ 14.861829] ? trace_preempt_on+0x20/0xc0 [ 14.861851] ? __pfx_kthread+0x10/0x10 [ 14.861871] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.861892] ? calculate_sigpending+0x7b/0xa0 [ 14.861915] ? __pfx_kthread+0x10/0x10 [ 14.861936] ret_from_fork+0x116/0x1d0 [ 14.861954] ? __pfx_kthread+0x10/0x10 [ 14.861975] ret_from_fork_asm+0x1a/0x30 [ 14.862005] </TASK> [ 14.862015] [ 14.870027] Allocated by task 278: [ 14.870203] kasan_save_stack+0x45/0x70 [ 14.870464] kasan_save_track+0x18/0x40 [ 14.870602] kasan_save_alloc_info+0x3b/0x50 [ 14.870755] __kasan_kmalloc+0xb7/0xc0 [ 14.870898] __kmalloc_cache_noprof+0x189/0x420 [ 14.871053] kasan_bitops_generic+0x92/0x1c0 [ 14.871515] kunit_try_run_case+0x1a5/0x480 [ 14.871727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.872014] kthread+0x337/0x6f0 [ 14.872299] ret_from_fork+0x116/0x1d0 [ 14.872487] ret_from_fork_asm+0x1a/0x30 [ 14.872676] [ 14.872774] The buggy address belongs to the object at ffff8881025ca080 [ 14.872774] which belongs to the cache kmalloc-16 of size 16 [ 14.873353] The buggy address is located 8 bytes inside of [ 14.873353] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.873761] [ 14.873844] The buggy address belongs to the physical page: [ 14.874017] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.874582] flags: 0x200000000000000(node=0|zone=2) [ 14.874830] page_type: f5(slab) [ 14.874996] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.875329] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.875657] page dumped because: kasan: bad access detected [ 14.875848] [ 14.875918] Memory state around the buggy address: [ 14.876241] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.876512] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.876729] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.877054] ^ [ 14.877225] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.877535] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.877880] ================================================================== [ 14.915692] ================================================================== [ 14.915959] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.916232] Read of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.916647] [ 14.916795] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.916852] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.916864] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.916884] Call Trace: [ 14.916897] <TASK> [ 14.916910] dump_stack_lvl+0x73/0xb0 [ 14.916937] print_report+0xd1/0x610 [ 14.916958] ? __virt_addr_valid+0x1db/0x2d0 [ 14.916981] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.917008] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.917030] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.917057] kasan_report+0x141/0x180 [ 14.917078] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.917119] __asan_report_load8_noabort+0x18/0x20 [ 14.917144] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 14.917172] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.917199] ? ret_from_fork_asm+0x1a/0x30 [ 14.917221] ? kthread+0x337/0x6f0 [ 14.917245] kasan_bitops_generic+0x121/0x1c0 [ 14.917268] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.917292] ? __pfx_read_tsc+0x10/0x10 [ 14.917312] ? ktime_get_ts64+0x86/0x230 [ 14.917335] kunit_try_run_case+0x1a5/0x480 [ 14.917359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.917381] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.917405] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.917427] ? __kthread_parkme+0x82/0x180 [ 14.917447] ? preempt_count_sub+0x50/0x80 [ 14.917470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.917493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.917515] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.917538] kthread+0x337/0x6f0 [ 14.917557] ? trace_preempt_on+0x20/0xc0 [ 14.917579] ? __pfx_kthread+0x10/0x10 [ 14.917599] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.917621] ? calculate_sigpending+0x7b/0xa0 [ 14.917644] ? __pfx_kthread+0x10/0x10 [ 14.917665] ret_from_fork+0x116/0x1d0 [ 14.917683] ? __pfx_kthread+0x10/0x10 [ 14.917703] ret_from_fork_asm+0x1a/0x30 [ 14.917756] </TASK> [ 14.917765] [ 14.925404] Allocated by task 278: [ 14.925535] kasan_save_stack+0x45/0x70 [ 14.925678] kasan_save_track+0x18/0x40 [ 14.925825] kasan_save_alloc_info+0x3b/0x50 [ 14.926037] __kasan_kmalloc+0xb7/0xc0 [ 14.926378] __kmalloc_cache_noprof+0x189/0x420 [ 14.926624] kasan_bitops_generic+0x92/0x1c0 [ 14.926869] kunit_try_run_case+0x1a5/0x480 [ 14.927101] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.927375] kthread+0x337/0x6f0 [ 14.927563] ret_from_fork+0x116/0x1d0 [ 14.927717] ret_from_fork_asm+0x1a/0x30 [ 14.927869] [ 14.927970] The buggy address belongs to the object at ffff8881025ca080 [ 14.927970] which belongs to the cache kmalloc-16 of size 16 [ 14.928735] The buggy address is located 8 bytes inside of [ 14.928735] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.929176] [ 14.929252] The buggy address belongs to the physical page: [ 14.929426] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.930121] flags: 0x200000000000000(node=0|zone=2) [ 14.930376] page_type: f5(slab) [ 14.930543] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.930790] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.931062] page dumped because: kasan: bad access detected [ 14.931326] [ 14.931421] Memory state around the buggy address: [ 14.931658] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.931929] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.932244] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.932555] ^ [ 14.932677] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.933026] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.933443] ================================================================== [ 14.750871] ================================================================== [ 14.751416] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.751799] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.752125] [ 14.752222] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.752265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.752278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.752298] Call Trace: [ 14.752310] <TASK> [ 14.752323] dump_stack_lvl+0x73/0xb0 [ 14.752350] print_report+0xd1/0x610 [ 14.752371] ? __virt_addr_valid+0x1db/0x2d0 [ 14.752394] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.752420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.752442] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.752469] kasan_report+0x141/0x180 [ 14.752491] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.752522] kasan_check_range+0x10c/0x1c0 [ 14.752544] __kasan_check_write+0x18/0x20 [ 14.752564] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 14.752591] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.752620] ? ret_from_fork_asm+0x1a/0x30 [ 14.752642] ? kthread+0x337/0x6f0 [ 14.752666] kasan_bitops_generic+0x121/0x1c0 [ 14.752689] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.752713] ? __pfx_read_tsc+0x10/0x10 [ 14.752734] ? ktime_get_ts64+0x86/0x230 [ 14.752757] kunit_try_run_case+0x1a5/0x480 [ 14.752781] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.752803] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.752837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.752866] ? __kthread_parkme+0x82/0x180 [ 14.752886] ? preempt_count_sub+0x50/0x80 [ 14.752909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.752933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.752956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.752979] kthread+0x337/0x6f0 [ 14.752998] ? trace_preempt_on+0x20/0xc0 [ 14.753021] ? __pfx_kthread+0x10/0x10 [ 14.753042] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.753062] ? calculate_sigpending+0x7b/0xa0 [ 14.753086] ? __pfx_kthread+0x10/0x10 [ 14.753118] ret_from_fork+0x116/0x1d0 [ 14.753136] ? __pfx_kthread+0x10/0x10 [ 14.753157] ret_from_fork_asm+0x1a/0x30 [ 14.753187] </TASK> [ 14.753197] [ 14.760754] Allocated by task 278: [ 14.760895] kasan_save_stack+0x45/0x70 [ 14.761038] kasan_save_track+0x18/0x40 [ 14.761175] kasan_save_alloc_info+0x3b/0x50 [ 14.761324] __kasan_kmalloc+0xb7/0xc0 [ 14.761458] __kmalloc_cache_noprof+0x189/0x420 [ 14.761682] kasan_bitops_generic+0x92/0x1c0 [ 14.761903] kunit_try_run_case+0x1a5/0x480 [ 14.762111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.762505] kthread+0x337/0x6f0 [ 14.762678] ret_from_fork+0x116/0x1d0 [ 14.762874] ret_from_fork_asm+0x1a/0x30 [ 14.763067] [ 14.763160] The buggy address belongs to the object at ffff8881025ca080 [ 14.763160] which belongs to the cache kmalloc-16 of size 16 [ 14.763650] The buggy address is located 8 bytes inside of [ 14.763650] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.764012] [ 14.764084] The buggy address belongs to the physical page: [ 14.764257] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.764498] flags: 0x200000000000000(node=0|zone=2) [ 14.764745] page_type: f5(slab) [ 14.764927] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.765491] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.765842] page dumped because: kasan: bad access detected [ 14.766102] [ 14.766199] Memory state around the buggy address: [ 14.766431] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.766715] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.766982] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.767488] ^ [ 14.767618] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.767850] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.768284] ================================================================== [ 14.878439] ================================================================== [ 14.878805] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.879249] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.879542] [ 14.879652] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.879715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.879727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.879749] Call Trace: [ 14.879762] <TASK> [ 14.879776] dump_stack_lvl+0x73/0xb0 [ 14.879802] print_report+0xd1/0x610 [ 14.879834] ? __virt_addr_valid+0x1db/0x2d0 [ 14.879856] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.879902] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.879924] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.879951] kasan_report+0x141/0x180 [ 14.879973] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.880004] kasan_check_range+0x10c/0x1c0 [ 14.880028] __kasan_check_write+0x18/0x20 [ 14.880047] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 14.880074] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.880103] ? ret_from_fork_asm+0x1a/0x30 [ 14.880124] ? kthread+0x337/0x6f0 [ 14.880148] kasan_bitops_generic+0x121/0x1c0 [ 14.880170] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.880194] ? __pfx_read_tsc+0x10/0x10 [ 14.880215] ? ktime_get_ts64+0x86/0x230 [ 14.880237] kunit_try_run_case+0x1a5/0x480 [ 14.880262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.880284] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.880307] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.880331] ? __kthread_parkme+0x82/0x180 [ 14.880350] ? preempt_count_sub+0x50/0x80 [ 14.880372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.880396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.880419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.880443] kthread+0x337/0x6f0 [ 14.880462] ? trace_preempt_on+0x20/0xc0 [ 14.880484] ? __pfx_kthread+0x10/0x10 [ 14.880504] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.880525] ? calculate_sigpending+0x7b/0xa0 [ 14.880548] ? __pfx_kthread+0x10/0x10 [ 14.880569] ret_from_fork+0x116/0x1d0 [ 14.880586] ? __pfx_kthread+0x10/0x10 [ 14.880606] ret_from_fork_asm+0x1a/0x30 [ 14.880635] </TASK> [ 14.880644] [ 14.888566] Allocated by task 278: [ 14.888743] kasan_save_stack+0x45/0x70 [ 14.888957] kasan_save_track+0x18/0x40 [ 14.889184] kasan_save_alloc_info+0x3b/0x50 [ 14.889387] __kasan_kmalloc+0xb7/0xc0 [ 14.889568] __kmalloc_cache_noprof+0x189/0x420 [ 14.889721] kasan_bitops_generic+0x92/0x1c0 [ 14.889876] kunit_try_run_case+0x1a5/0x480 [ 14.890019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.890504] kthread+0x337/0x6f0 [ 14.890674] ret_from_fork+0x116/0x1d0 [ 14.890848] ret_from_fork_asm+0x1a/0x30 [ 14.890998] [ 14.891075] The buggy address belongs to the object at ffff8881025ca080 [ 14.891075] which belongs to the cache kmalloc-16 of size 16 [ 14.891540] The buggy address is located 8 bytes inside of [ 14.891540] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.892030] [ 14.892104] The buggy address belongs to the physical page: [ 14.892273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.892504] flags: 0x200000000000000(node=0|zone=2) [ 14.892663] page_type: f5(slab) [ 14.892781] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.893555] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.893899] page dumped because: kasan: bad access detected [ 14.894224] [ 14.894304] Memory state around the buggy address: [ 14.894458] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.894682] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.894916] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.895392] ^ [ 14.895566] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.895891] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.896225] ================================================================== [ 14.897161] ================================================================== [ 14.897479] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.897806] Read of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.898210] [ 14.898322] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.898365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.898377] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.898399] Call Trace: [ 14.898417] <TASK> [ 14.898433] dump_stack_lvl+0x73/0xb0 [ 14.898461] print_report+0xd1/0x610 [ 14.898482] ? __virt_addr_valid+0x1db/0x2d0 [ 14.898504] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.898530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.898553] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.898579] kasan_report+0x141/0x180 [ 14.898601] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.898633] kasan_check_range+0x10c/0x1c0 [ 14.898655] __kasan_check_read+0x15/0x20 [ 14.898673] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 14.898700] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.898728] ? ret_from_fork_asm+0x1a/0x30 [ 14.898751] ? kthread+0x337/0x6f0 [ 14.898774] kasan_bitops_generic+0x121/0x1c0 [ 14.898797] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.898834] ? __pfx_read_tsc+0x10/0x10 [ 14.898854] ? ktime_get_ts64+0x86/0x230 [ 14.898877] kunit_try_run_case+0x1a5/0x480 [ 14.898901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.898923] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.898946] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.898969] ? __kthread_parkme+0x82/0x180 [ 14.898988] ? preempt_count_sub+0x50/0x80 [ 14.899011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.899034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.899057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.899080] kthread+0x337/0x6f0 [ 14.899109] ? trace_preempt_on+0x20/0xc0 [ 14.899155] ? __pfx_kthread+0x10/0x10 [ 14.899175] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.899196] ? calculate_sigpending+0x7b/0xa0 [ 14.899219] ? __pfx_kthread+0x10/0x10 [ 14.899240] ret_from_fork+0x116/0x1d0 [ 14.899258] ? __pfx_kthread+0x10/0x10 [ 14.899278] ret_from_fork_asm+0x1a/0x30 [ 14.899308] </TASK> [ 14.899318] [ 14.907087] Allocated by task 278: [ 14.907446] kasan_save_stack+0x45/0x70 [ 14.907642] kasan_save_track+0x18/0x40 [ 14.907842] kasan_save_alloc_info+0x3b/0x50 [ 14.908050] __kasan_kmalloc+0xb7/0xc0 [ 14.908439] __kmalloc_cache_noprof+0x189/0x420 [ 14.908605] kasan_bitops_generic+0x92/0x1c0 [ 14.908755] kunit_try_run_case+0x1a5/0x480 [ 14.908918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.909244] kthread+0x337/0x6f0 [ 14.909415] ret_from_fork+0x116/0x1d0 [ 14.909628] ret_from_fork_asm+0x1a/0x30 [ 14.909862] [ 14.909960] The buggy address belongs to the object at ffff8881025ca080 [ 14.909960] which belongs to the cache kmalloc-16 of size 16 [ 14.910466] The buggy address is located 8 bytes inside of [ 14.910466] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.910831] [ 14.910926] The buggy address belongs to the physical page: [ 14.911196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.911549] flags: 0x200000000000000(node=0|zone=2) [ 14.911783] page_type: f5(slab) [ 14.911966] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.912506] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.912910] page dumped because: kasan: bad access detected [ 14.913127] [ 14.913223] Memory state around the buggy address: [ 14.913449] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.913729] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.914037] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.914342] ^ [ 14.914467] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.914808] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915121] ================================================================== [ 14.815874] ================================================================== [ 14.816244] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.816606] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.816890] [ 14.816979] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.817023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.817035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.817057] Call Trace: [ 14.817073] <TASK> [ 14.817090] dump_stack_lvl+0x73/0xb0 [ 14.817127] print_report+0xd1/0x610 [ 14.817149] ? __virt_addr_valid+0x1db/0x2d0 [ 14.817170] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.817197] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.817220] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.817248] kasan_report+0x141/0x180 [ 14.817269] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.817301] kasan_check_range+0x10c/0x1c0 [ 14.817324] __kasan_check_write+0x18/0x20 [ 14.817343] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 14.817370] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.817409] ? ret_from_fork_asm+0x1a/0x30 [ 14.817430] ? kthread+0x337/0x6f0 [ 14.817454] kasan_bitops_generic+0x121/0x1c0 [ 14.817477] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.817501] ? __pfx_read_tsc+0x10/0x10 [ 14.817521] ? ktime_get_ts64+0x86/0x230 [ 14.817544] kunit_try_run_case+0x1a5/0x480 [ 14.817568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.817590] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.817614] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.817636] ? __kthread_parkme+0x82/0x180 [ 14.817656] ? preempt_count_sub+0x50/0x80 [ 14.817678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.817701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.817724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.817747] kthread+0x337/0x6f0 [ 14.817766] ? trace_preempt_on+0x20/0xc0 [ 14.817787] ? __pfx_kthread+0x10/0x10 [ 14.817807] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.817840] ? calculate_sigpending+0x7b/0xa0 [ 14.817863] ? __pfx_kthread+0x10/0x10 [ 14.817885] ret_from_fork+0x116/0x1d0 [ 14.817903] ? __pfx_kthread+0x10/0x10 [ 14.817924] ret_from_fork_asm+0x1a/0x30 [ 14.817953] </TASK> [ 14.817963] [ 14.828070] Allocated by task 278: [ 14.828568] kasan_save_stack+0x45/0x70 [ 14.828759] kasan_save_track+0x18/0x40 [ 14.828956] kasan_save_alloc_info+0x3b/0x50 [ 14.829494] __kasan_kmalloc+0xb7/0xc0 [ 14.829760] __kmalloc_cache_noprof+0x189/0x420 [ 14.830188] kasan_bitops_generic+0x92/0x1c0 [ 14.830398] kunit_try_run_case+0x1a5/0x480 [ 14.830590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.830837] kthread+0x337/0x6f0 [ 14.830994] ret_from_fork+0x116/0x1d0 [ 14.831252] ret_from_fork_asm+0x1a/0x30 [ 14.831434] [ 14.831525] The buggy address belongs to the object at ffff8881025ca080 [ 14.831525] which belongs to the cache kmalloc-16 of size 16 [ 14.832482] The buggy address is located 8 bytes inside of [ 14.832482] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.833486] [ 14.833751] The buggy address belongs to the physical page: [ 14.834210] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.834552] flags: 0x200000000000000(node=0|zone=2) [ 14.834771] page_type: f5(slab) [ 14.834936] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.835680] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.836014] page dumped because: kasan: bad access detected [ 14.836656] [ 14.836758] Memory state around the buggy address: [ 14.836989] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.837736] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.838172] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.838633] ^ [ 14.838799] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.839036] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.839389] ================================================================== [ 14.769187] ================================================================== [ 14.769557] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.769886] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.770540] [ 14.770659] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.770702] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.770714] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.770734] Call Trace: [ 14.770748] <TASK> [ 14.770762] dump_stack_lvl+0x73/0xb0 [ 14.770790] print_report+0xd1/0x610 [ 14.770823] ? __virt_addr_valid+0x1db/0x2d0 [ 14.770844] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.770871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.770894] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.770923] kasan_report+0x141/0x180 [ 14.770944] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.770976] kasan_check_range+0x10c/0x1c0 [ 14.771000] __kasan_check_write+0x18/0x20 [ 14.771019] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 14.771046] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 14.771074] ? ret_from_fork_asm+0x1a/0x30 [ 14.771096] ? kthread+0x337/0x6f0 [ 14.771119] kasan_bitops_generic+0x121/0x1c0 [ 14.771142] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.771167] ? __pfx_read_tsc+0x10/0x10 [ 14.771187] ? ktime_get_ts64+0x86/0x230 [ 14.771210] kunit_try_run_case+0x1a5/0x480 [ 14.771233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.771256] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.771278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.771301] ? __kthread_parkme+0x82/0x180 [ 14.771320] ? preempt_count_sub+0x50/0x80 [ 14.771342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.771366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.771389] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.771412] kthread+0x337/0x6f0 [ 14.771431] ? trace_preempt_on+0x20/0xc0 [ 14.771453] ? __pfx_kthread+0x10/0x10 [ 14.771473] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.771494] ? calculate_sigpending+0x7b/0xa0 [ 14.771517] ? __pfx_kthread+0x10/0x10 [ 14.771538] ret_from_fork+0x116/0x1d0 [ 14.771556] ? __pfx_kthread+0x10/0x10 [ 14.771577] ret_from_fork_asm+0x1a/0x30 [ 14.771606] </TASK> [ 14.771616] [ 14.779629] Allocated by task 278: [ 14.779805] kasan_save_stack+0x45/0x70 [ 14.780019] kasan_save_track+0x18/0x40 [ 14.780347] kasan_save_alloc_info+0x3b/0x50 [ 14.780509] __kasan_kmalloc+0xb7/0xc0 [ 14.780698] __kmalloc_cache_noprof+0x189/0x420 [ 14.780895] kasan_bitops_generic+0x92/0x1c0 [ 14.781124] kunit_try_run_case+0x1a5/0x480 [ 14.781302] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.781541] kthread+0x337/0x6f0 [ 14.781711] ret_from_fork+0x116/0x1d0 [ 14.781905] ret_from_fork_asm+0x1a/0x30 [ 14.782073] [ 14.782180] The buggy address belongs to the object at ffff8881025ca080 [ 14.782180] which belongs to the cache kmalloc-16 of size 16 [ 14.782632] The buggy address is located 8 bytes inside of [ 14.782632] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.783050] [ 14.783185] The buggy address belongs to the physical page: [ 14.783440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.783780] flags: 0x200000000000000(node=0|zone=2) [ 14.783974] page_type: f5(slab) [ 14.784147] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.784481] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.784776] page dumped because: kasan: bad access detected [ 14.785024] [ 14.785134] Memory state around the buggy address: [ 14.785325] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.785614] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.785866] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.786083] ^ [ 14.786216] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.786644] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.787272] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 14.658284] ================================================================== [ 14.658637] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.659019] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.659866] [ 14.659991] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.660035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.660047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.660068] Call Trace: [ 14.660084] <TASK> [ 14.660098] dump_stack_lvl+0x73/0xb0 [ 14.660128] print_report+0xd1/0x610 [ 14.660150] ? __virt_addr_valid+0x1db/0x2d0 [ 14.660172] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.660198] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.660220] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.660245] kasan_report+0x141/0x180 [ 14.660267] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.660297] kasan_check_range+0x10c/0x1c0 [ 14.660321] __kasan_check_write+0x18/0x20 [ 14.660342] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 14.660369] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.660397] ? ret_from_fork_asm+0x1a/0x30 [ 14.660419] ? kthread+0x337/0x6f0 [ 14.660443] kasan_bitops_generic+0x116/0x1c0 [ 14.660466] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.660491] ? __pfx_read_tsc+0x10/0x10 [ 14.660511] ? ktime_get_ts64+0x86/0x230 [ 14.660536] kunit_try_run_case+0x1a5/0x480 [ 14.660560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.660582] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.660606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.660629] ? __kthread_parkme+0x82/0x180 [ 14.660649] ? preempt_count_sub+0x50/0x80 [ 14.660672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.660695] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.660718] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.660741] kthread+0x337/0x6f0 [ 14.660761] ? trace_preempt_on+0x20/0xc0 [ 14.660783] ? __pfx_kthread+0x10/0x10 [ 14.660804] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.660835] ? calculate_sigpending+0x7b/0xa0 [ 14.660863] ? __pfx_kthread+0x10/0x10 [ 14.660886] ret_from_fork+0x116/0x1d0 [ 14.660904] ? __pfx_kthread+0x10/0x10 [ 14.660925] ret_from_fork_asm+0x1a/0x30 [ 14.660955] </TASK> [ 14.660965] [ 14.668714] Allocated by task 278: [ 14.668888] kasan_save_stack+0x45/0x70 [ 14.669076] kasan_save_track+0x18/0x40 [ 14.669240] kasan_save_alloc_info+0x3b/0x50 [ 14.669391] __kasan_kmalloc+0xb7/0xc0 [ 14.669526] __kmalloc_cache_noprof+0x189/0x420 [ 14.669684] kasan_bitops_generic+0x92/0x1c0 [ 14.669843] kunit_try_run_case+0x1a5/0x480 [ 14.669991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.670167] kthread+0x337/0x6f0 [ 14.670287] ret_from_fork+0x116/0x1d0 [ 14.670478] ret_from_fork_asm+0x1a/0x30 [ 14.670673] [ 14.670767] The buggy address belongs to the object at ffff8881025ca080 [ 14.670767] which belongs to the cache kmalloc-16 of size 16 [ 14.671666] The buggy address is located 8 bytes inside of [ 14.671666] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.672060] [ 14.672132] The buggy address belongs to the physical page: [ 14.672305] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.672544] flags: 0x200000000000000(node=0|zone=2) [ 14.672706] page_type: f5(slab) [ 14.672899] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.673435] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.673774] page dumped because: kasan: bad access detected [ 14.674040] [ 14.674165] Memory state around the buggy address: [ 14.674397] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.674717] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.675019] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.675328] ^ [ 14.675508] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.675784] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.676071] ================================================================== [ 14.677063] ================================================================== [ 14.677364] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.677717] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.678004] [ 14.678089] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.678140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.678151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.678172] Call Trace: [ 14.678184] <TASK> [ 14.678197] dump_stack_lvl+0x73/0xb0 [ 14.678224] print_report+0xd1/0x610 [ 14.678246] ? __virt_addr_valid+0x1db/0x2d0 [ 14.678267] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.678292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.678315] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.678340] kasan_report+0x141/0x180 [ 14.678361] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.678392] kasan_check_range+0x10c/0x1c0 [ 14.678415] __kasan_check_write+0x18/0x20 [ 14.678434] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 14.678459] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.678486] ? ret_from_fork_asm+0x1a/0x30 [ 14.678508] ? kthread+0x337/0x6f0 [ 14.678531] kasan_bitops_generic+0x116/0x1c0 [ 14.678554] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.678579] ? __pfx_read_tsc+0x10/0x10 [ 14.678599] ? ktime_get_ts64+0x86/0x230 [ 14.678623] kunit_try_run_case+0x1a5/0x480 [ 14.678646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.678669] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.678692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.678715] ? __kthread_parkme+0x82/0x180 [ 14.678735] ? preempt_count_sub+0x50/0x80 [ 14.678757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.678781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.678804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.678839] kthread+0x337/0x6f0 [ 14.678858] ? trace_preempt_on+0x20/0xc0 [ 14.678881] ? __pfx_kthread+0x10/0x10 [ 14.678901] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.678923] ? calculate_sigpending+0x7b/0xa0 [ 14.678946] ? __pfx_kthread+0x10/0x10 [ 14.678968] ret_from_fork+0x116/0x1d0 [ 14.678985] ? __pfx_kthread+0x10/0x10 [ 14.679006] ret_from_fork_asm+0x1a/0x30 [ 14.679035] </TASK> [ 14.679045] [ 14.687038] Allocated by task 278: [ 14.687390] kasan_save_stack+0x45/0x70 [ 14.687586] kasan_save_track+0x18/0x40 [ 14.687773] kasan_save_alloc_info+0x3b/0x50 [ 14.687978] __kasan_kmalloc+0xb7/0xc0 [ 14.688265] __kmalloc_cache_noprof+0x189/0x420 [ 14.688485] kasan_bitops_generic+0x92/0x1c0 [ 14.688664] kunit_try_run_case+0x1a5/0x480 [ 14.688807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.688994] kthread+0x337/0x6f0 [ 14.689167] ret_from_fork+0x116/0x1d0 [ 14.689357] ret_from_fork_asm+0x1a/0x30 [ 14.689557] [ 14.689649] The buggy address belongs to the object at ffff8881025ca080 [ 14.689649] which belongs to the cache kmalloc-16 of size 16 [ 14.690292] The buggy address is located 8 bytes inside of [ 14.690292] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.690751] [ 14.690832] The buggy address belongs to the physical page: [ 14.691052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.691326] flags: 0x200000000000000(node=0|zone=2) [ 14.691557] page_type: f5(slab) [ 14.691726] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.692059] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.692432] page dumped because: kasan: bad access detected [ 14.692648] [ 14.692743] Memory state around the buggy address: [ 14.692958] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.693286] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.693543] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.693759] ^ [ 14.693893] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.694112] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.694422] ================================================================== [ 14.732343] ================================================================== [ 14.732628] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.733014] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.733393] [ 14.733492] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.733535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.733548] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.733569] Call Trace: [ 14.733586] <TASK> [ 14.733600] dump_stack_lvl+0x73/0xb0 [ 14.733628] print_report+0xd1/0x610 [ 14.733649] ? __virt_addr_valid+0x1db/0x2d0 [ 14.733671] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.733696] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.733718] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.733744] kasan_report+0x141/0x180 [ 14.733765] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.733795] kasan_check_range+0x10c/0x1c0 [ 14.733830] __kasan_check_write+0x18/0x20 [ 14.733848] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 14.733874] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.733901] ? ret_from_fork_asm+0x1a/0x30 [ 14.733923] ? kthread+0x337/0x6f0 [ 14.733947] kasan_bitops_generic+0x116/0x1c0 [ 14.733969] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.733994] ? __pfx_read_tsc+0x10/0x10 [ 14.734014] ? ktime_get_ts64+0x86/0x230 [ 14.734038] kunit_try_run_case+0x1a5/0x480 [ 14.734061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.734083] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.734106] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.734129] ? __kthread_parkme+0x82/0x180 [ 14.734149] ? preempt_count_sub+0x50/0x80 [ 14.734171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.734195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.734218] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.734241] kthread+0x337/0x6f0 [ 14.734260] ? trace_preempt_on+0x20/0xc0 [ 14.734282] ? __pfx_kthread+0x10/0x10 [ 14.734302] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.734323] ? calculate_sigpending+0x7b/0xa0 [ 14.734347] ? __pfx_kthread+0x10/0x10 [ 14.734367] ret_from_fork+0x116/0x1d0 [ 14.734386] ? __pfx_kthread+0x10/0x10 [ 14.734405] ret_from_fork_asm+0x1a/0x30 [ 14.734435] </TASK> [ 14.734444] [ 14.742579] Allocated by task 278: [ 14.742766] kasan_save_stack+0x45/0x70 [ 14.742979] kasan_save_track+0x18/0x40 [ 14.743172] kasan_save_alloc_info+0x3b/0x50 [ 14.743365] __kasan_kmalloc+0xb7/0xc0 [ 14.743518] __kmalloc_cache_noprof+0x189/0x420 [ 14.743747] kasan_bitops_generic+0x92/0x1c0 [ 14.743965] kunit_try_run_case+0x1a5/0x480 [ 14.744180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.744398] kthread+0x337/0x6f0 [ 14.744523] ret_from_fork+0x116/0x1d0 [ 14.744657] ret_from_fork_asm+0x1a/0x30 [ 14.744797] [ 14.744906] The buggy address belongs to the object at ffff8881025ca080 [ 14.744906] which belongs to the cache kmalloc-16 of size 16 [ 14.745431] The buggy address is located 8 bytes inside of [ 14.745431] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.745962] [ 14.746035] The buggy address belongs to the physical page: [ 14.746435] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.746742] flags: 0x200000000000000(node=0|zone=2) [ 14.746963] page_type: f5(slab) [ 14.747088] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.747505] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.747853] page dumped because: kasan: bad access detected [ 14.748106] [ 14.748217] Memory state around the buggy address: [ 14.748452] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.748745] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.749038] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.749367] ^ [ 14.749547] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.749826] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.750089] ================================================================== [ 14.592181] ================================================================== [ 14.592574] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.592854] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.593082] [ 14.593172] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.593216] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.593227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.593250] Call Trace: [ 14.593262] <TASK> [ 14.593276] dump_stack_lvl+0x73/0xb0 [ 14.593305] print_report+0xd1/0x610 [ 14.593327] ? __virt_addr_valid+0x1db/0x2d0 [ 14.593350] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.593374] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.593397] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.593422] kasan_report+0x141/0x180 [ 14.593443] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.593472] kasan_check_range+0x10c/0x1c0 [ 14.593496] __kasan_check_write+0x18/0x20 [ 14.593515] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 14.593540] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.593567] ? ret_from_fork_asm+0x1a/0x30 [ 14.593589] ? kthread+0x337/0x6f0 [ 14.593613] kasan_bitops_generic+0x116/0x1c0 [ 14.593636] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.593661] ? __pfx_read_tsc+0x10/0x10 [ 14.593682] ? ktime_get_ts64+0x86/0x230 [ 14.593706] kunit_try_run_case+0x1a5/0x480 [ 14.593731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.593753] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.593778] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.593801] ? __kthread_parkme+0x82/0x180 [ 14.593832] ? preempt_count_sub+0x50/0x80 [ 14.593855] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.593878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.593901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.593925] kthread+0x337/0x6f0 [ 14.593944] ? trace_preempt_on+0x20/0xc0 [ 14.593967] ? __pfx_kthread+0x10/0x10 [ 14.593987] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.594008] ? calculate_sigpending+0x7b/0xa0 [ 14.594031] ? __pfx_kthread+0x10/0x10 [ 14.594051] ret_from_fork+0x116/0x1d0 [ 14.594071] ? __pfx_kthread+0x10/0x10 [ 14.594090] ret_from_fork_asm+0x1a/0x30 [ 14.594119] </TASK> [ 14.594130] [ 14.603526] Allocated by task 278: [ 14.603720] kasan_save_stack+0x45/0x70 [ 14.603973] kasan_save_track+0x18/0x40 [ 14.604269] kasan_save_alloc_info+0x3b/0x50 [ 14.604490] __kasan_kmalloc+0xb7/0xc0 [ 14.604703] __kmalloc_cache_noprof+0x189/0x420 [ 14.605003] kasan_bitops_generic+0x92/0x1c0 [ 14.605232] kunit_try_run_case+0x1a5/0x480 [ 14.605412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.605671] kthread+0x337/0x6f0 [ 14.605915] ret_from_fork+0x116/0x1d0 [ 14.606229] ret_from_fork_asm+0x1a/0x30 [ 14.606373] [ 14.606473] The buggy address belongs to the object at ffff8881025ca080 [ 14.606473] which belongs to the cache kmalloc-16 of size 16 [ 14.607234] The buggy address is located 8 bytes inside of [ 14.607234] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.607723] [ 14.607830] The buggy address belongs to the physical page: [ 14.608234] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.608604] flags: 0x200000000000000(node=0|zone=2) [ 14.608864] page_type: f5(slab) [ 14.609042] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.609375] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.609684] page dumped because: kasan: bad access detected [ 14.609962] [ 14.610058] Memory state around the buggy address: [ 14.610261] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.610638] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.610933] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.611331] ^ [ 14.611506] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.611788] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.612158] ================================================================== [ 14.695484] ================================================================== [ 14.695850] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.696397] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.696731] [ 14.696856] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.696898] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.696911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.696932] Call Trace: [ 14.696945] <TASK> [ 14.696960] dump_stack_lvl+0x73/0xb0 [ 14.696986] print_report+0xd1/0x610 [ 14.697007] ? __virt_addr_valid+0x1db/0x2d0 [ 14.697029] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.697054] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.697076] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.697113] kasan_report+0x141/0x180 [ 14.697135] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.697164] kasan_check_range+0x10c/0x1c0 [ 14.697188] __kasan_check_write+0x18/0x20 [ 14.697207] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 14.697232] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.697259] ? ret_from_fork_asm+0x1a/0x30 [ 14.697280] ? kthread+0x337/0x6f0 [ 14.697304] kasan_bitops_generic+0x116/0x1c0 [ 14.697328] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.697353] ? __pfx_read_tsc+0x10/0x10 [ 14.697373] ? ktime_get_ts64+0x86/0x230 [ 14.697396] kunit_try_run_case+0x1a5/0x480 [ 14.697420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.697442] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.697466] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.697490] ? __kthread_parkme+0x82/0x180 [ 14.697510] ? preempt_count_sub+0x50/0x80 [ 14.697533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.697557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.697580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.697603] kthread+0x337/0x6f0 [ 14.697622] ? trace_preempt_on+0x20/0xc0 [ 14.697643] ? __pfx_kthread+0x10/0x10 [ 14.697664] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.697685] ? calculate_sigpending+0x7b/0xa0 [ 14.697708] ? __pfx_kthread+0x10/0x10 [ 14.697728] ret_from_fork+0x116/0x1d0 [ 14.697747] ? __pfx_kthread+0x10/0x10 [ 14.697767] ret_from_fork_asm+0x1a/0x30 [ 14.697796] </TASK> [ 14.697806] [ 14.705555] Allocated by task 278: [ 14.705731] kasan_save_stack+0x45/0x70 [ 14.705942] kasan_save_track+0x18/0x40 [ 14.706116] kasan_save_alloc_info+0x3b/0x50 [ 14.706300] __kasan_kmalloc+0xb7/0xc0 [ 14.706461] __kmalloc_cache_noprof+0x189/0x420 [ 14.706663] kasan_bitops_generic+0x92/0x1c0 [ 14.706850] kunit_try_run_case+0x1a5/0x480 [ 14.707053] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.707303] kthread+0x337/0x6f0 [ 14.707468] ret_from_fork+0x116/0x1d0 [ 14.707602] ret_from_fork_asm+0x1a/0x30 [ 14.707743] [ 14.707826] The buggy address belongs to the object at ffff8881025ca080 [ 14.707826] which belongs to the cache kmalloc-16 of size 16 [ 14.708544] The buggy address is located 8 bytes inside of [ 14.708544] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.709042] [ 14.709115] The buggy address belongs to the physical page: [ 14.709289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.709616] flags: 0x200000000000000(node=0|zone=2) [ 14.709941] page_type: f5(slab) [ 14.710108] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.710538] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.710767] page dumped because: kasan: bad access detected [ 14.710952] [ 14.711023] Memory state around the buggy address: [ 14.711232] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.711552] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.711878] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.712168] ^ [ 14.712292] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.712508] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.712958] ================================================================== [ 14.613017] ================================================================== [ 14.613311] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.614209] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.614567] [ 14.614679] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.614724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.614756] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.614777] Call Trace: [ 14.614791] <TASK> [ 14.614832] dump_stack_lvl+0x73/0xb0 [ 14.614860] print_report+0xd1/0x610 [ 14.614882] ? __virt_addr_valid+0x1db/0x2d0 [ 14.614903] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.614929] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.614951] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.614977] kasan_report+0x141/0x180 [ 14.614998] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.615029] kasan_check_range+0x10c/0x1c0 [ 14.615053] __kasan_check_write+0x18/0x20 [ 14.615072] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 14.615108] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.615136] ? ret_from_fork_asm+0x1a/0x30 [ 14.615159] ? kthread+0x337/0x6f0 [ 14.615182] kasan_bitops_generic+0x116/0x1c0 [ 14.615226] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.615251] ? __pfx_read_tsc+0x10/0x10 [ 14.615271] ? ktime_get_ts64+0x86/0x230 [ 14.615295] kunit_try_run_case+0x1a5/0x480 [ 14.615319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.615341] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.615365] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.615389] ? __kthread_parkme+0x82/0x180 [ 14.615424] ? preempt_count_sub+0x50/0x80 [ 14.615447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.615472] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.615495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.615519] kthread+0x337/0x6f0 [ 14.615537] ? trace_preempt_on+0x20/0xc0 [ 14.615561] ? __pfx_kthread+0x10/0x10 [ 14.615581] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.615603] ? calculate_sigpending+0x7b/0xa0 [ 14.615626] ? __pfx_kthread+0x10/0x10 [ 14.615647] ret_from_fork+0x116/0x1d0 [ 14.615665] ? __pfx_kthread+0x10/0x10 [ 14.615686] ret_from_fork_asm+0x1a/0x30 [ 14.615715] </TASK> [ 14.615726] [ 14.626482] Allocated by task 278: [ 14.626855] kasan_save_stack+0x45/0x70 [ 14.627070] kasan_save_track+0x18/0x40 [ 14.627338] kasan_save_alloc_info+0x3b/0x50 [ 14.627548] __kasan_kmalloc+0xb7/0xc0 [ 14.627730] __kmalloc_cache_noprof+0x189/0x420 [ 14.627956] kasan_bitops_generic+0x92/0x1c0 [ 14.628480] kunit_try_run_case+0x1a5/0x480 [ 14.628684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.629026] kthread+0x337/0x6f0 [ 14.629371] ret_from_fork+0x116/0x1d0 [ 14.629623] ret_from_fork_asm+0x1a/0x30 [ 14.629923] [ 14.630025] The buggy address belongs to the object at ffff8881025ca080 [ 14.630025] which belongs to the cache kmalloc-16 of size 16 [ 14.630780] The buggy address is located 8 bytes inside of [ 14.630780] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.631536] [ 14.631829] The buggy address belongs to the physical page: [ 14.632090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.632505] flags: 0x200000000000000(node=0|zone=2) [ 14.632730] page_type: f5(slab) [ 14.633072] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.633442] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.633866] page dumped because: kasan: bad access detected [ 14.634182] [ 14.634261] Memory state around the buggy address: [ 14.634669] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.634998] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.635526] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.635942] ^ [ 14.636226] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.636638] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.637019] ================================================================== [ 14.713967] ================================================================== [ 14.714361] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.714709] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.715021] [ 14.715145] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.715187] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.715199] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.715220] Call Trace: [ 14.715235] <TASK> [ 14.715249] dump_stack_lvl+0x73/0xb0 [ 14.715276] print_report+0xd1/0x610 [ 14.715298] ? __virt_addr_valid+0x1db/0x2d0 [ 14.715319] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.715344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.715366] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.715392] kasan_report+0x141/0x180 [ 14.715414] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.715447] kasan_check_range+0x10c/0x1c0 [ 14.715471] __kasan_check_write+0x18/0x20 [ 14.715491] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 14.715517] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.715545] ? ret_from_fork_asm+0x1a/0x30 [ 14.715567] ? kthread+0x337/0x6f0 [ 14.715591] kasan_bitops_generic+0x116/0x1c0 [ 14.715616] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.715640] ? __pfx_read_tsc+0x10/0x10 [ 14.715660] ? ktime_get_ts64+0x86/0x230 [ 14.715683] kunit_try_run_case+0x1a5/0x480 [ 14.715707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.715729] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.715752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.715776] ? __kthread_parkme+0x82/0x180 [ 14.715795] ? preempt_count_sub+0x50/0x80 [ 14.715829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.715852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.715875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.715899] kthread+0x337/0x6f0 [ 14.715917] ? trace_preempt_on+0x20/0xc0 [ 14.715940] ? __pfx_kthread+0x10/0x10 [ 14.715960] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.715981] ? calculate_sigpending+0x7b/0xa0 [ 14.716003] ? __pfx_kthread+0x10/0x10 [ 14.716025] ret_from_fork+0x116/0x1d0 [ 14.716043] ? __pfx_kthread+0x10/0x10 [ 14.716063] ret_from_fork_asm+0x1a/0x30 [ 14.716093] </TASK> [ 14.716102] [ 14.723713] Allocated by task 278: [ 14.723902] kasan_save_stack+0x45/0x70 [ 14.724075] kasan_save_track+0x18/0x40 [ 14.724254] kasan_save_alloc_info+0x3b/0x50 [ 14.724457] __kasan_kmalloc+0xb7/0xc0 [ 14.724628] __kmalloc_cache_noprof+0x189/0x420 [ 14.724841] kasan_bitops_generic+0x92/0x1c0 [ 14.725037] kunit_try_run_case+0x1a5/0x480 [ 14.725246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.725492] kthread+0x337/0x6f0 [ 14.725646] ret_from_fork+0x116/0x1d0 [ 14.725839] ret_from_fork_asm+0x1a/0x30 [ 14.726020] [ 14.726105] The buggy address belongs to the object at ffff8881025ca080 [ 14.726105] which belongs to the cache kmalloc-16 of size 16 [ 14.726484] The buggy address is located 8 bytes inside of [ 14.726484] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.726864] [ 14.726974] The buggy address belongs to the physical page: [ 14.727228] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.727662] flags: 0x200000000000000(node=0|zone=2) [ 14.727908] page_type: f5(slab) [ 14.728078] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.728412] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.728641] page dumped because: kasan: bad access detected [ 14.728821] [ 14.728897] Memory state around the buggy address: [ 14.729162] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.729489] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.729820] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.730115] ^ [ 14.730253] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.730526] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.730790] ================================================================== [ 14.639075] ================================================================== [ 14.639517] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.639935] Write of size 8 at addr ffff8881025ca088 by task kunit_try_catch/278 [ 14.640450] [ 14.640630] CPU: 1 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.640675] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.640792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.640827] Call Trace: [ 14.640842] <TASK> [ 14.640863] dump_stack_lvl+0x73/0xb0 [ 14.640892] print_report+0xd1/0x610 [ 14.640913] ? __virt_addr_valid+0x1db/0x2d0 [ 14.640936] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.640961] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.640982] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.641008] kasan_report+0x141/0x180 [ 14.641029] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.641059] kasan_check_range+0x10c/0x1c0 [ 14.641082] __kasan_check_write+0x18/0x20 [ 14.641113] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 14.641139] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 14.641166] ? ret_from_fork_asm+0x1a/0x30 [ 14.641187] ? kthread+0x337/0x6f0 [ 14.641212] kasan_bitops_generic+0x116/0x1c0 [ 14.641236] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 14.641261] ? __pfx_read_tsc+0x10/0x10 [ 14.641281] ? ktime_get_ts64+0x86/0x230 [ 14.641304] kunit_try_run_case+0x1a5/0x480 [ 14.641329] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.641352] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 14.641375] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.641398] ? __kthread_parkme+0x82/0x180 [ 14.641418] ? preempt_count_sub+0x50/0x80 [ 14.641441] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.641464] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.641488] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.641511] kthread+0x337/0x6f0 [ 14.641530] ? trace_preempt_on+0x20/0xc0 [ 14.641553] ? __pfx_kthread+0x10/0x10 [ 14.641574] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.641595] ? calculate_sigpending+0x7b/0xa0 [ 14.641620] ? __pfx_kthread+0x10/0x10 [ 14.641641] ret_from_fork+0x116/0x1d0 [ 14.641659] ? __pfx_kthread+0x10/0x10 [ 14.641680] ret_from_fork_asm+0x1a/0x30 [ 14.641709] </TASK> [ 14.641720] [ 14.650325] Allocated by task 278: [ 14.650511] kasan_save_stack+0x45/0x70 [ 14.650691] kasan_save_track+0x18/0x40 [ 14.650839] kasan_save_alloc_info+0x3b/0x50 [ 14.651032] __kasan_kmalloc+0xb7/0xc0 [ 14.651347] __kmalloc_cache_noprof+0x189/0x420 [ 14.651569] kasan_bitops_generic+0x92/0x1c0 [ 14.651762] kunit_try_run_case+0x1a5/0x480 [ 14.651950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.652203] kthread+0x337/0x6f0 [ 14.652349] ret_from_fork+0x116/0x1d0 [ 14.652516] ret_from_fork_asm+0x1a/0x30 [ 14.652684] [ 14.652780] The buggy address belongs to the object at ffff8881025ca080 [ 14.652780] which belongs to the cache kmalloc-16 of size 16 [ 14.653249] The buggy address is located 8 bytes inside of [ 14.653249] allocated 9-byte region [ffff8881025ca080, ffff8881025ca089) [ 14.653690] [ 14.653776] The buggy address belongs to the physical page: [ 14.654048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025ca [ 14.654494] flags: 0x200000000000000(node=0|zone=2) [ 14.654677] page_type: f5(slab) [ 14.654799] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 14.655041] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 14.655269] page dumped because: kasan: bad access detected [ 14.655479] [ 14.655573] Memory state around the buggy address: [ 14.655797] ffff8881025c9f80: fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.656177] ffff8881025ca000: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 14.656492] >ffff8881025ca080: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.656807] ^ [ 14.656993] ffff8881025ca100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.657259] ffff8881025ca180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.657475] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 14.556146] ================================================================== [ 14.557320] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 14.557877] Read of size 1 at addr ffff8881025e0a90 by task kunit_try_catch/276 [ 14.558528] [ 14.558721] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.558765] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.558777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.558798] Call Trace: [ 14.558827] <TASK> [ 14.558842] dump_stack_lvl+0x73/0xb0 [ 14.558871] print_report+0xd1/0x610 [ 14.558893] ? __virt_addr_valid+0x1db/0x2d0 [ 14.558915] ? strnlen+0x73/0x80 [ 14.558932] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.558955] ? strnlen+0x73/0x80 [ 14.558973] kasan_report+0x141/0x180 [ 14.558995] ? strnlen+0x73/0x80 [ 14.559019] __asan_report_load1_noabort+0x18/0x20 [ 14.559044] strnlen+0x73/0x80 [ 14.559065] kasan_strings+0x615/0xe80 [ 14.559086] ? trace_hardirqs_on+0x37/0xe0 [ 14.559112] ? __pfx_kasan_strings+0x10/0x10 [ 14.559134] ? finish_task_switch.isra.0+0x153/0x700 [ 14.559155] ? __switch_to+0x47/0xf50 [ 14.559181] ? __schedule+0x10c6/0x2b60 [ 14.559204] ? __pfx_read_tsc+0x10/0x10 [ 14.559224] ? ktime_get_ts64+0x86/0x230 [ 14.559248] kunit_try_run_case+0x1a5/0x480 [ 14.559273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.559296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.559321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.559346] ? __kthread_parkme+0x82/0x180 [ 14.559366] ? preempt_count_sub+0x50/0x80 [ 14.559388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.559412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.559436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.559460] kthread+0x337/0x6f0 [ 14.559479] ? trace_preempt_on+0x20/0xc0 [ 14.559501] ? __pfx_kthread+0x10/0x10 [ 14.559521] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.559543] ? calculate_sigpending+0x7b/0xa0 [ 14.559566] ? __pfx_kthread+0x10/0x10 [ 14.559587] ret_from_fork+0x116/0x1d0 [ 14.559605] ? __pfx_kthread+0x10/0x10 [ 14.559625] ret_from_fork_asm+0x1a/0x30 [ 14.559655] </TASK> [ 14.559665] [ 14.571297] Allocated by task 276: [ 14.571607] kasan_save_stack+0x45/0x70 [ 14.571962] kasan_save_track+0x18/0x40 [ 14.572339] kasan_save_alloc_info+0x3b/0x50 [ 14.572719] __kasan_kmalloc+0xb7/0xc0 [ 14.573075] __kmalloc_cache_noprof+0x189/0x420 [ 14.573480] kasan_strings+0xc0/0xe80 [ 14.573827] kunit_try_run_case+0x1a5/0x480 [ 14.574270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.574766] kthread+0x337/0x6f0 [ 14.575077] ret_from_fork+0x116/0x1d0 [ 14.575419] ret_from_fork_asm+0x1a/0x30 [ 14.575780] [ 14.575996] Freed by task 276: [ 14.576304] kasan_save_stack+0x45/0x70 [ 14.576666] kasan_save_track+0x18/0x40 [ 14.576865] kasan_save_free_info+0x3f/0x60 [ 14.577012] __kasan_slab_free+0x56/0x70 [ 14.577228] kfree+0x222/0x3f0 [ 14.577513] kasan_strings+0x2aa/0xe80 [ 14.577852] kunit_try_run_case+0x1a5/0x480 [ 14.578281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.578764] kthread+0x337/0x6f0 [ 14.579067] ret_from_fork+0x116/0x1d0 [ 14.579413] ret_from_fork_asm+0x1a/0x30 [ 14.579741] [ 14.579822] The buggy address belongs to the object at ffff8881025e0a80 [ 14.579822] which belongs to the cache kmalloc-32 of size 32 [ 14.580357] The buggy address is located 16 bytes inside of [ 14.580357] freed 32-byte region [ffff8881025e0a80, ffff8881025e0aa0) [ 14.581398] [ 14.581588] The buggy address belongs to the physical page: [ 14.582072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e0 [ 14.582624] flags: 0x200000000000000(node=0|zone=2) [ 14.582793] page_type: f5(slab) [ 14.582927] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.583286] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.583936] page dumped because: kasan: bad access detected [ 14.584464] [ 14.584622] Memory state around the buggy address: [ 14.585045] ffff8881025e0980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.585654] ffff8881025e0a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.586289] >ffff8881025e0a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.586896] ^ [ 14.587028] ffff8881025e0b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.587544] ffff8881025e0b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.588224] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strlen
[ 14.530099] ================================================================== [ 14.530450] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 14.530709] Read of size 1 at addr ffff8881025e0a90 by task kunit_try_catch/276 [ 14.531038] [ 14.531493] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.531541] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.531554] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.531575] Call Trace: [ 14.531737] <TASK> [ 14.531754] dump_stack_lvl+0x73/0xb0 [ 14.531783] print_report+0xd1/0x610 [ 14.531806] ? __virt_addr_valid+0x1db/0x2d0 [ 14.531841] ? strlen+0x8f/0xb0 [ 14.531858] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.531881] ? strlen+0x8f/0xb0 [ 14.531898] kasan_report+0x141/0x180 [ 14.531920] ? strlen+0x8f/0xb0 [ 14.531942] __asan_report_load1_noabort+0x18/0x20 [ 14.531966] strlen+0x8f/0xb0 [ 14.531984] kasan_strings+0x57b/0xe80 [ 14.532005] ? trace_hardirqs_on+0x37/0xe0 [ 14.532027] ? __pfx_kasan_strings+0x10/0x10 [ 14.532047] ? finish_task_switch.isra.0+0x153/0x700 [ 14.532069] ? __switch_to+0x47/0xf50 [ 14.532103] ? __schedule+0x10c6/0x2b60 [ 14.532125] ? __pfx_read_tsc+0x10/0x10 [ 14.532146] ? ktime_get_ts64+0x86/0x230 [ 14.532169] kunit_try_run_case+0x1a5/0x480 [ 14.532195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.532220] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.532246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.532269] ? __kthread_parkme+0x82/0x180 [ 14.532291] ? preempt_count_sub+0x50/0x80 [ 14.532313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.532338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.532361] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.532384] kthread+0x337/0x6f0 [ 14.532404] ? trace_preempt_on+0x20/0xc0 [ 14.532426] ? __pfx_kthread+0x10/0x10 [ 14.532448] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.532469] ? calculate_sigpending+0x7b/0xa0 [ 14.532492] ? __pfx_kthread+0x10/0x10 [ 14.532512] ret_from_fork+0x116/0x1d0 [ 14.532531] ? __pfx_kthread+0x10/0x10 [ 14.532551] ret_from_fork_asm+0x1a/0x30 [ 14.532580] </TASK> [ 14.532591] [ 14.541956] Allocated by task 276: [ 14.542095] kasan_save_stack+0x45/0x70 [ 14.542717] kasan_save_track+0x18/0x40 [ 14.542908] kasan_save_alloc_info+0x3b/0x50 [ 14.543130] __kasan_kmalloc+0xb7/0xc0 [ 14.543398] __kmalloc_cache_noprof+0x189/0x420 [ 14.543778] kasan_strings+0xc0/0xe80 [ 14.543932] kunit_try_run_case+0x1a5/0x480 [ 14.544261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.544460] kthread+0x337/0x6f0 [ 14.544737] ret_from_fork+0x116/0x1d0 [ 14.544912] ret_from_fork_asm+0x1a/0x30 [ 14.545213] [ 14.545311] Freed by task 276: [ 14.545647] kasan_save_stack+0x45/0x70 [ 14.545850] kasan_save_track+0x18/0x40 [ 14.546024] kasan_save_free_info+0x3f/0x60 [ 14.546441] __kasan_slab_free+0x56/0x70 [ 14.546625] kfree+0x222/0x3f0 [ 14.546899] kasan_strings+0x2aa/0xe80 [ 14.547056] kunit_try_run_case+0x1a5/0x480 [ 14.547296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.547520] kthread+0x337/0x6f0 [ 14.547684] ret_from_fork+0x116/0x1d0 [ 14.547872] ret_from_fork_asm+0x1a/0x30 [ 14.548055] [ 14.548137] The buggy address belongs to the object at ffff8881025e0a80 [ 14.548137] which belongs to the cache kmalloc-32 of size 32 [ 14.548619] The buggy address is located 16 bytes inside of [ 14.548619] freed 32-byte region [ffff8881025e0a80, ffff8881025e0aa0) [ 14.549620] [ 14.549795] The buggy address belongs to the physical page: [ 14.550195] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e0 [ 14.550580] flags: 0x200000000000000(node=0|zone=2) [ 14.550882] page_type: f5(slab) [ 14.551010] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.551623] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.551965] page dumped because: kasan: bad access detected [ 14.552219] [ 14.552375] Memory state around the buggy address: [ 14.552690] ffff8881025e0980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.553026] ffff8881025e0a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.553544] >ffff8881025e0a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.553896] ^ [ 14.554082] ffff8881025e0b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.554640] ffff8881025e0b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.555378] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 14.504003] ================================================================== [ 14.504973] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 14.505696] Read of size 1 at addr ffff8881025e0a90 by task kunit_try_catch/276 [ 14.506231] [ 14.506338] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.506392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.506405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.506426] Call Trace: [ 14.506442] <TASK> [ 14.506457] dump_stack_lvl+0x73/0xb0 [ 14.506487] print_report+0xd1/0x610 [ 14.506509] ? __virt_addr_valid+0x1db/0x2d0 [ 14.506532] ? kasan_strings+0xcbc/0xe80 [ 14.506554] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.506576] ? kasan_strings+0xcbc/0xe80 [ 14.506597] kasan_report+0x141/0x180 [ 14.506618] ? kasan_strings+0xcbc/0xe80 [ 14.506644] __asan_report_load1_noabort+0x18/0x20 [ 14.506667] kasan_strings+0xcbc/0xe80 [ 14.506687] ? trace_hardirqs_on+0x37/0xe0 [ 14.506710] ? __pfx_kasan_strings+0x10/0x10 [ 14.506730] ? finish_task_switch.isra.0+0x153/0x700 [ 14.506753] ? __switch_to+0x47/0xf50 [ 14.506778] ? __schedule+0x10c6/0x2b60 [ 14.506800] ? __pfx_read_tsc+0x10/0x10 [ 14.506836] ? ktime_get_ts64+0x86/0x230 [ 14.506860] kunit_try_run_case+0x1a5/0x480 [ 14.506884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.506906] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.506929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.506953] ? __kthread_parkme+0x82/0x180 [ 14.506973] ? preempt_count_sub+0x50/0x80 [ 14.506996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.507019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.507042] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.507066] kthread+0x337/0x6f0 [ 14.507086] ? trace_preempt_on+0x20/0xc0 [ 14.507121] ? __pfx_kthread+0x10/0x10 [ 14.507141] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.507163] ? calculate_sigpending+0x7b/0xa0 [ 14.507186] ? __pfx_kthread+0x10/0x10 [ 14.507206] ret_from_fork+0x116/0x1d0 [ 14.507225] ? __pfx_kthread+0x10/0x10 [ 14.507245] ret_from_fork_asm+0x1a/0x30 [ 14.507275] </TASK> [ 14.507285] [ 14.516669] Allocated by task 276: [ 14.516867] kasan_save_stack+0x45/0x70 [ 14.517060] kasan_save_track+0x18/0x40 [ 14.517442] kasan_save_alloc_info+0x3b/0x50 [ 14.517717] __kasan_kmalloc+0xb7/0xc0 [ 14.517871] __kmalloc_cache_noprof+0x189/0x420 [ 14.518184] kasan_strings+0xc0/0xe80 [ 14.518344] kunit_try_run_case+0x1a5/0x480 [ 14.518558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.518790] kthread+0x337/0x6f0 [ 14.518977] ret_from_fork+0x116/0x1d0 [ 14.519146] ret_from_fork_asm+0x1a/0x30 [ 14.519290] [ 14.519390] Freed by task 276: [ 14.519552] kasan_save_stack+0x45/0x70 [ 14.519726] kasan_save_track+0x18/0x40 [ 14.520468] kasan_save_free_info+0x3f/0x60 [ 14.520654] __kasan_slab_free+0x56/0x70 [ 14.520986] kfree+0x222/0x3f0 [ 14.521126] kasan_strings+0x2aa/0xe80 [ 14.521447] kunit_try_run_case+0x1a5/0x480 [ 14.521713] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.521920] kthread+0x337/0x6f0 [ 14.522089] ret_from_fork+0x116/0x1d0 [ 14.522438] ret_from_fork_asm+0x1a/0x30 [ 14.522638] [ 14.522795] The buggy address belongs to the object at ffff8881025e0a80 [ 14.522795] which belongs to the cache kmalloc-32 of size 32 [ 14.523469] The buggy address is located 16 bytes inside of [ 14.523469] freed 32-byte region [ffff8881025e0a80, ffff8881025e0aa0) [ 14.524104] [ 14.524366] The buggy address belongs to the physical page: [ 14.524588] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e0 [ 14.525047] flags: 0x200000000000000(node=0|zone=2) [ 14.525386] page_type: f5(slab) [ 14.525517] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.526004] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.526369] page dumped because: kasan: bad access detected [ 14.526699] [ 14.526780] Memory state around the buggy address: [ 14.526987] ffff8881025e0980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.527489] ffff8881025e0a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.527858] >ffff8881025e0a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.528153] ^ [ 14.528468] ffff8881025e0b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.528733] ffff8881025e0b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.529173] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 14.467740] ================================================================== [ 14.469947] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 14.470551] Read of size 1 at addr ffff8881025e0a90 by task kunit_try_catch/276 [ 14.470789] [ 14.471822] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.471876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.471890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.471913] Call Trace: [ 14.471927] <TASK> [ 14.471943] dump_stack_lvl+0x73/0xb0 [ 14.471978] print_report+0xd1/0x610 [ 14.472003] ? __virt_addr_valid+0x1db/0x2d0 [ 14.472025] ? strcmp+0xb0/0xc0 [ 14.472043] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.472065] ? strcmp+0xb0/0xc0 [ 14.472090] kasan_report+0x141/0x180 [ 14.472113] ? strcmp+0xb0/0xc0 [ 14.472134] __asan_report_load1_noabort+0x18/0x20 [ 14.472158] strcmp+0xb0/0xc0 [ 14.472177] kasan_strings+0x431/0xe80 [ 14.472197] ? trace_hardirqs_on+0x37/0xe0 [ 14.472221] ? __pfx_kasan_strings+0x10/0x10 [ 14.472242] ? finish_task_switch.isra.0+0x153/0x700 [ 14.472263] ? __switch_to+0x47/0xf50 [ 14.472288] ? __schedule+0x10c6/0x2b60 [ 14.472310] ? __pfx_read_tsc+0x10/0x10 [ 14.472331] ? ktime_get_ts64+0x86/0x230 [ 14.472353] kunit_try_run_case+0x1a5/0x480 [ 14.472378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.472401] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.472423] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.472447] ? __kthread_parkme+0x82/0x180 [ 14.472468] ? preempt_count_sub+0x50/0x80 [ 14.472490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.472514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.472538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.472561] kthread+0x337/0x6f0 [ 14.472580] ? trace_preempt_on+0x20/0xc0 [ 14.472601] ? __pfx_kthread+0x10/0x10 [ 14.472621] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.472642] ? calculate_sigpending+0x7b/0xa0 [ 14.472666] ? __pfx_kthread+0x10/0x10 [ 14.472687] ret_from_fork+0x116/0x1d0 [ 14.472705] ? __pfx_kthread+0x10/0x10 [ 14.472725] ret_from_fork_asm+0x1a/0x30 [ 14.472755] </TASK> [ 14.472765] [ 14.488184] Allocated by task 276: [ 14.488650] kasan_save_stack+0x45/0x70 [ 14.488888] kasan_save_track+0x18/0x40 [ 14.489030] kasan_save_alloc_info+0x3b/0x50 [ 14.489217] __kasan_kmalloc+0xb7/0xc0 [ 14.489355] __kmalloc_cache_noprof+0x189/0x420 [ 14.489513] kasan_strings+0xc0/0xe80 [ 14.489646] kunit_try_run_case+0x1a5/0x480 [ 14.489794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.489984] kthread+0x337/0x6f0 [ 14.490488] ret_from_fork+0x116/0x1d0 [ 14.490857] ret_from_fork_asm+0x1a/0x30 [ 14.491206] [ 14.491372] Freed by task 276: [ 14.491688] kasan_save_stack+0x45/0x70 [ 14.492086] kasan_save_track+0x18/0x40 [ 14.492471] kasan_save_free_info+0x3f/0x60 [ 14.492873] __kasan_slab_free+0x56/0x70 [ 14.493316] kfree+0x222/0x3f0 [ 14.493603] kasan_strings+0x2aa/0xe80 [ 14.493964] kunit_try_run_case+0x1a5/0x480 [ 14.494430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.495029] kthread+0x337/0x6f0 [ 14.495379] ret_from_fork+0x116/0x1d0 [ 14.495735] ret_from_fork_asm+0x1a/0x30 [ 14.496092] [ 14.496272] The buggy address belongs to the object at ffff8881025e0a80 [ 14.496272] which belongs to the cache kmalloc-32 of size 32 [ 14.496672] The buggy address is located 16 bytes inside of [ 14.496672] freed 32-byte region [ffff8881025e0a80, ffff8881025e0aa0) [ 14.497032] [ 14.497411] The buggy address belongs to the physical page: [ 14.497624] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e0 [ 14.497953] flags: 0x200000000000000(node=0|zone=2) [ 14.498511] page_type: f5(slab) [ 14.498771] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.499332] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.499646] page dumped because: kasan: bad access detected [ 14.499896] [ 14.499985] Memory state around the buggy address: [ 14.500477] ffff8881025e0980: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.501156] ffff8881025e0a00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.501659] >ffff8881025e0a80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.501974] ^ [ 14.502327] ffff8881025e0b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.502829] ffff8881025e0b80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 14.503299] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 14.438361] ================================================================== [ 14.438776] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 14.439034] Read of size 1 at addr ffff8881025e0998 by task kunit_try_catch/274 [ 14.439331] [ 14.439519] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.439566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.439578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.439599] Call Trace: [ 14.439611] <TASK> [ 14.439625] dump_stack_lvl+0x73/0xb0 [ 14.439653] print_report+0xd1/0x610 [ 14.439675] ? __virt_addr_valid+0x1db/0x2d0 [ 14.439696] ? memcmp+0x1b4/0x1d0 [ 14.439714] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.439736] ? memcmp+0x1b4/0x1d0 [ 14.439755] kasan_report+0x141/0x180 [ 14.439776] ? memcmp+0x1b4/0x1d0 [ 14.439799] __asan_report_load1_noabort+0x18/0x20 [ 14.439837] memcmp+0x1b4/0x1d0 [ 14.439857] kasan_memcmp+0x18f/0x390 [ 14.439877] ? trace_hardirqs_on+0x37/0xe0 [ 14.439900] ? __pfx_kasan_memcmp+0x10/0x10 [ 14.439920] ? finish_task_switch.isra.0+0x153/0x700 [ 14.439943] ? __switch_to+0x47/0xf50 [ 14.439972] ? __pfx_read_tsc+0x10/0x10 [ 14.439992] ? ktime_get_ts64+0x86/0x230 [ 14.440015] kunit_try_run_case+0x1a5/0x480 [ 14.440039] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.440061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.440085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.440108] ? __kthread_parkme+0x82/0x180 [ 14.440129] ? preempt_count_sub+0x50/0x80 [ 14.440151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.440187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.440260] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.440286] kthread+0x337/0x6f0 [ 14.440305] ? trace_preempt_on+0x20/0xc0 [ 14.440328] ? __pfx_kthread+0x10/0x10 [ 14.440348] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.440370] ? calculate_sigpending+0x7b/0xa0 [ 14.440393] ? __pfx_kthread+0x10/0x10 [ 14.440414] ret_from_fork+0x116/0x1d0 [ 14.440433] ? __pfx_kthread+0x10/0x10 [ 14.440453] ret_from_fork_asm+0x1a/0x30 [ 14.440483] </TASK> [ 14.440493] [ 14.448222] Allocated by task 274: [ 14.448407] kasan_save_stack+0x45/0x70 [ 14.448611] kasan_save_track+0x18/0x40 [ 14.448862] kasan_save_alloc_info+0x3b/0x50 [ 14.449060] __kasan_kmalloc+0xb7/0xc0 [ 14.449469] __kmalloc_cache_noprof+0x189/0x420 [ 14.449686] kasan_memcmp+0xb7/0x390 [ 14.449868] kunit_try_run_case+0x1a5/0x480 [ 14.450076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.450449] kthread+0x337/0x6f0 [ 14.450594] ret_from_fork+0x116/0x1d0 [ 14.450786] ret_from_fork_asm+0x1a/0x30 [ 14.450959] [ 14.451033] The buggy address belongs to the object at ffff8881025e0980 [ 14.451033] which belongs to the cache kmalloc-32 of size 32 [ 14.451728] The buggy address is located 0 bytes to the right of [ 14.451728] allocated 24-byte region [ffff8881025e0980, ffff8881025e0998) [ 14.452334] [ 14.452417] The buggy address belongs to the physical page: [ 14.452594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025e0 [ 14.452853] flags: 0x200000000000000(node=0|zone=2) [ 14.453018] page_type: f5(slab) [ 14.453160] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 14.453499] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 14.454188] page dumped because: kasan: bad access detected [ 14.454563] [ 14.454660] Memory state around the buggy address: [ 14.454892] ffff8881025e0880: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 14.455217] ffff8881025e0900: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 14.455530] >ffff8881025e0980: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.455747] ^ [ 14.455897] ffff8881025e0a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.456424] ffff8881025e0a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.456746] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 14.409300] ================================================================== [ 14.410827] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 14.411841] Read of size 1 at addr ffff888103a37c4a by task kunit_try_catch/270 [ 14.412070] [ 14.412915] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.412966] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.412978] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.413001] Call Trace: [ 14.413014] <TASK> [ 14.413028] dump_stack_lvl+0x73/0xb0 [ 14.413059] print_report+0xd1/0x610 [ 14.413273] ? __virt_addr_valid+0x1db/0x2d0 [ 14.413304] ? kasan_alloca_oob_right+0x329/0x390 [ 14.413340] ? kasan_addr_to_slab+0x11/0xa0 [ 14.413361] ? kasan_alloca_oob_right+0x329/0x390 [ 14.413385] kasan_report+0x141/0x180 [ 14.413438] ? kasan_alloca_oob_right+0x329/0x390 [ 14.413466] __asan_report_load1_noabort+0x18/0x20 [ 14.413491] kasan_alloca_oob_right+0x329/0x390 [ 14.413515] ? finish_task_switch.isra.0+0x153/0x700 [ 14.413538] ? rt_mutex_adjust_prio_chain+0x195e/0x20e0 [ 14.413562] ? trace_hardirqs_on+0x37/0xe0 [ 14.413588] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 14.413613] ? __schedule+0x10c6/0x2b60 [ 14.413636] ? __pfx_read_tsc+0x10/0x10 [ 14.413657] ? ktime_get_ts64+0x86/0x230 [ 14.413681] kunit_try_run_case+0x1a5/0x480 [ 14.413706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.413728] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.413752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.413775] ? __kthread_parkme+0x82/0x180 [ 14.413795] ? preempt_count_sub+0x50/0x80 [ 14.413830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.413854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.413877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.413901] kthread+0x337/0x6f0 [ 14.413919] ? trace_preempt_on+0x20/0xc0 [ 14.413941] ? __pfx_kthread+0x10/0x10 [ 14.413960] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.413982] ? calculate_sigpending+0x7b/0xa0 [ 14.414006] ? __pfx_kthread+0x10/0x10 [ 14.414027] ret_from_fork+0x116/0x1d0 [ 14.414045] ? __pfx_kthread+0x10/0x10 [ 14.414066] ret_from_fork_asm+0x1a/0x30 [ 14.414117] </TASK> [ 14.414128] [ 14.425186] The buggy address belongs to stack of task kunit_try_catch/270 [ 14.425836] [ 14.425924] The buggy address belongs to the physical page: [ 14.426528] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a37 [ 14.426953] flags: 0x200000000000000(node=0|zone=2) [ 14.427333] raw: 0200000000000000 ffffea00040e8dc8 ffffea00040e8dc8 0000000000000000 [ 14.427667] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.428016] page dumped because: kasan: bad access detected [ 14.428505] [ 14.428602] Memory state around the buggy address: [ 14.428762] ffff888103a37b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.429287] ffff888103a37b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.429704] >ffff888103a37c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 14.430107] ^ [ 14.430390] ffff888103a37c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 14.430871] ffff888103a37d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.431370] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 14.388420] ================================================================== [ 14.388881] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 14.389582] Read of size 1 at addr ffff888103af7c3f by task kunit_try_catch/268 [ 14.389901] [ 14.390013] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.390058] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.390070] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.390093] Call Trace: [ 14.390106] <TASK> [ 14.390121] dump_stack_lvl+0x73/0xb0 [ 14.390151] print_report+0xd1/0x610 [ 14.390174] ? __virt_addr_valid+0x1db/0x2d0 [ 14.390197] ? kasan_alloca_oob_left+0x320/0x380 [ 14.390220] ? kasan_addr_to_slab+0x11/0xa0 [ 14.390241] ? kasan_alloca_oob_left+0x320/0x380 [ 14.390265] kasan_report+0x141/0x180 [ 14.390587] ? kasan_alloca_oob_left+0x320/0x380 [ 14.390617] __asan_report_load1_noabort+0x18/0x20 [ 14.390642] kasan_alloca_oob_left+0x320/0x380 [ 14.390665] ? __kasan_check_write+0x18/0x20 [ 14.390685] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.390708] ? finish_task_switch.isra.0+0x153/0x700 [ 14.390732] ? rt_mutex_adjust_prio_chain+0x195e/0x20e0 [ 14.390755] ? trace_hardirqs_on+0x37/0xe0 [ 14.390780] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 14.390804] ? __kasan_check_write+0x18/0x20 [ 14.390837] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.390864] ? trace_hardirqs_on+0x37/0xe0 [ 14.390887] ? __pfx_read_tsc+0x10/0x10 [ 14.390908] ? ktime_get_ts64+0x86/0x230 [ 14.390931] kunit_try_run_case+0x1a5/0x480 [ 14.390958] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.390984] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.391008] ? __kthread_parkme+0x82/0x180 [ 14.391029] ? preempt_count_sub+0x50/0x80 [ 14.391052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.391077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.391116] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.391141] kthread+0x337/0x6f0 [ 14.391161] ? trace_preempt_on+0x20/0xc0 [ 14.391184] ? __pfx_kthread+0x10/0x10 [ 14.391301] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.391332] ? calculate_sigpending+0x7b/0xa0 [ 14.391360] ? __pfx_kthread+0x10/0x10 [ 14.391383] ret_from_fork+0x116/0x1d0 [ 14.391403] ? __pfx_kthread+0x10/0x10 [ 14.391424] ret_from_fork_asm+0x1a/0x30 [ 14.391458] </TASK> [ 14.391470] [ 14.400079] The buggy address belongs to stack of task kunit_try_catch/268 [ 14.400427] [ 14.400526] The buggy address belongs to the physical page: [ 14.400786] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103af7 [ 14.401255] flags: 0x200000000000000(node=0|zone=2) [ 14.401457] raw: 0200000000000000 ffffea00040ebdc8 ffffea00040ebdc8 0000000000000000 [ 14.401774] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.402079] page dumped because: kasan: bad access detected [ 14.402312] [ 14.402385] Memory state around the buggy address: [ 14.402618] ffff888103af7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.403032] ffff888103af7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.403484] >ffff888103af7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 14.403873] ^ [ 14.404087] ffff888103af7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 14.404419] ffff888103af7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.404705] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 14.368633] ================================================================== [ 14.369306] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 14.369668] Read of size 1 at addr ffff888103b07d02 by task kunit_try_catch/266 [ 14.369996] [ 14.370082] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.370125] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.370137] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.370157] Call Trace: [ 14.370168] <TASK> [ 14.370182] dump_stack_lvl+0x73/0xb0 [ 14.370209] print_report+0xd1/0x610 [ 14.370243] ? __virt_addr_valid+0x1db/0x2d0 [ 14.370264] ? kasan_stack_oob+0x2b5/0x300 [ 14.370283] ? kasan_addr_to_slab+0x11/0xa0 [ 14.370303] ? kasan_stack_oob+0x2b5/0x300 [ 14.370323] kasan_report+0x141/0x180 [ 14.370345] ? kasan_stack_oob+0x2b5/0x300 [ 14.370369] __asan_report_load1_noabort+0x18/0x20 [ 14.370393] kasan_stack_oob+0x2b5/0x300 [ 14.370413] ? __pfx_kasan_stack_oob+0x10/0x10 [ 14.370432] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.370461] ? __pfx_kasan_stack_oob+0x10/0x10 [ 14.370486] kunit_try_run_case+0x1a5/0x480 [ 14.370510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.370533] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.370556] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.370579] ? __kthread_parkme+0x82/0x180 [ 14.370599] ? preempt_count_sub+0x50/0x80 [ 14.370623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.370646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.370669] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.370693] kthread+0x337/0x6f0 [ 14.370712] ? trace_preempt_on+0x20/0xc0 [ 14.370734] ? __pfx_kthread+0x10/0x10 [ 14.370755] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.370776] ? calculate_sigpending+0x7b/0xa0 [ 14.370801] ? __pfx_kthread+0x10/0x10 [ 14.370834] ret_from_fork+0x116/0x1d0 [ 14.370852] ? __pfx_kthread+0x10/0x10 [ 14.370873] ret_from_fork_asm+0x1a/0x30 [ 14.370903] </TASK> [ 14.370914] [ 14.378111] The buggy address belongs to stack of task kunit_try_catch/266 [ 14.378539] and is located at offset 138 in frame: [ 14.378769] kasan_stack_oob+0x0/0x300 [ 14.379083] [ 14.379196] This frame has 4 objects: [ 14.379451] [48, 49) '__assertion' [ 14.379473] [64, 72) 'array' [ 14.379625] [96, 112) '__assertion' [ 14.379788] [128, 138) 'stack_array' [ 14.379954] [ 14.380239] The buggy address belongs to the physical page: [ 14.380475] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103b07 [ 14.380719] flags: 0x200000000000000(node=0|zone=2) [ 14.380972] raw: 0200000000000000 ffffea00040ec1c8 ffffea00040ec1c8 0000000000000000 [ 14.381667] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 14.381948] page dumped because: kasan: bad access detected [ 14.382181] [ 14.382276] Memory state around the buggy address: [ 14.382769] ffff888103b07c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.383073] ffff888103b07c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 14.383294] >ffff888103b07d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 14.383511] ^ [ 14.383658] ffff888103b07d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 14.383992] ffff888103b07e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.384502] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 14.347960] ================================================================== [ 14.348767] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 14.349072] Read of size 1 at addr ffffffff93a63e8d by task kunit_try_catch/262 [ 14.349605] [ 14.349750] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.349796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.349808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.349844] Call Trace: [ 14.349856] <TASK> [ 14.349870] dump_stack_lvl+0x73/0xb0 [ 14.349899] print_report+0xd1/0x610 [ 14.349921] ? __virt_addr_valid+0x1db/0x2d0 [ 14.349943] ? kasan_global_oob_right+0x286/0x2d0 [ 14.349964] ? kasan_addr_to_slab+0x11/0xa0 [ 14.349984] ? kasan_global_oob_right+0x286/0x2d0 [ 14.350006] kasan_report+0x141/0x180 [ 14.350028] ? kasan_global_oob_right+0x286/0x2d0 [ 14.350054] __asan_report_load1_noabort+0x18/0x20 [ 14.350078] kasan_global_oob_right+0x286/0x2d0 [ 14.350099] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 14.350123] ? __schedule+0x10c6/0x2b60 [ 14.350147] ? __pfx_read_tsc+0x10/0x10 [ 14.350167] ? ktime_get_ts64+0x86/0x230 [ 14.350192] kunit_try_run_case+0x1a5/0x480 [ 14.350273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.350296] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.350319] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.350342] ? __kthread_parkme+0x82/0x180 [ 14.350363] ? preempt_count_sub+0x50/0x80 [ 14.350387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.350410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.350434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.350458] kthread+0x337/0x6f0 [ 14.350478] ? trace_preempt_on+0x20/0xc0 [ 14.350501] ? __pfx_kthread+0x10/0x10 [ 14.350521] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.350543] ? calculate_sigpending+0x7b/0xa0 [ 14.350566] ? __pfx_kthread+0x10/0x10 [ 14.350588] ret_from_fork+0x116/0x1d0 [ 14.350605] ? __pfx_kthread+0x10/0x10 [ 14.350626] ret_from_fork_asm+0x1a/0x30 [ 14.350656] </TASK> [ 14.350666] [ 14.358228] The buggy address belongs to the variable: [ 14.358616] global_array+0xd/0x40 [ 14.358837] [ 14.358949] The buggy address belongs to the physical page: [ 14.359270] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x15aa63 [ 14.359594] flags: 0x200000000002000(reserved|node=0|zone=2) [ 14.359795] raw: 0200000000002000 ffffea00056a98c8 ffffea00056a98c8 0000000000000000 [ 14.360043] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.360353] page dumped because: kasan: bad access detected [ 14.360649] [ 14.360743] Memory state around the buggy address: [ 14.360982] ffffffff93a63d80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.361375] ffffffff93a63e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.361648] >ffffffff93a63e80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 14.361955] ^ [ 14.362137] ffffffff93a63f00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 14.362471] ffffffff93a63f80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 14.362771] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 14.298556] ================================================================== [ 14.299090] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.299733] Free of addr ffff8881025cca01 by task kunit_try_catch/258 [ 14.300026] [ 14.300148] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.300195] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.300208] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.300231] Call Trace: [ 14.300244] <TASK> [ 14.300259] dump_stack_lvl+0x73/0xb0 [ 14.300288] print_report+0xd1/0x610 [ 14.300309] ? __virt_addr_valid+0x1db/0x2d0 [ 14.300331] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.300352] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300378] kasan_report_invalid_free+0x10a/0x130 [ 14.300402] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300429] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300453] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300476] check_slab_allocation+0x11f/0x130 [ 14.300498] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.300522] mempool_free+0x2ec/0x380 [ 14.300548] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.300573] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.300597] ? update_load_avg+0x1be/0x21b0 [ 14.300619] ? native_smp_send_reschedule+0x43/0x70 [ 14.300642] ? finish_task_switch.isra.0+0x153/0x700 [ 14.300666] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.300690] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 14.300717] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.300739] ? __pfx_mempool_kfree+0x10/0x10 [ 14.300763] ? __pfx_read_tsc+0x10/0x10 [ 14.300784] ? ktime_get_ts64+0x86/0x230 [ 14.300832] kunit_try_run_case+0x1a5/0x480 [ 14.300863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.300886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.300909] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.300933] ? __kthread_parkme+0x82/0x180 [ 14.300953] ? preempt_count_sub+0x50/0x80 [ 14.300976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.300999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.301022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.301045] kthread+0x337/0x6f0 [ 14.301064] ? trace_preempt_on+0x20/0xc0 [ 14.301087] ? __pfx_kthread+0x10/0x10 [ 14.301107] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.301129] ? calculate_sigpending+0x7b/0xa0 [ 14.301151] ? __pfx_kthread+0x10/0x10 [ 14.301173] ret_from_fork+0x116/0x1d0 [ 14.301190] ? __pfx_kthread+0x10/0x10 [ 14.301211] ret_from_fork_asm+0x1a/0x30 [ 14.301241] </TASK> [ 14.301250] [ 14.311096] Allocated by task 258: [ 14.311461] kasan_save_stack+0x45/0x70 [ 14.311656] kasan_save_track+0x18/0x40 [ 14.311808] kasan_save_alloc_info+0x3b/0x50 [ 14.312026] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.312367] remove_element+0x11e/0x190 [ 14.312531] mempool_alloc_preallocated+0x4d/0x90 [ 14.312747] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 14.312985] mempool_kmalloc_invalid_free+0xed/0x140 [ 14.313365] kunit_try_run_case+0x1a5/0x480 [ 14.313524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.313702] kthread+0x337/0x6f0 [ 14.313837] ret_from_fork+0x116/0x1d0 [ 14.313972] ret_from_fork_asm+0x1a/0x30 [ 14.314122] [ 14.314371] The buggy address belongs to the object at ffff8881025cca00 [ 14.314371] which belongs to the cache kmalloc-128 of size 128 [ 14.314936] The buggy address is located 1 bytes inside of [ 14.314936] 128-byte region [ffff8881025cca00, ffff8881025cca80) [ 14.315782] [ 14.315878] The buggy address belongs to the physical page: [ 14.316058] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 14.316688] flags: 0x200000000000000(node=0|zone=2) [ 14.316950] page_type: f5(slab) [ 14.317118] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.317517] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.317828] page dumped because: kasan: bad access detected [ 14.318077] [ 14.318329] Memory state around the buggy address: [ 14.318544] ffff8881025cc900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.318842] ffff8881025cc980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.319137] >ffff8881025cca00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.319437] ^ [ 14.319665] ffff8881025cca80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.319969] ffff8881025ccb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.320281] ================================================================== [ 14.326565] ================================================================== [ 14.327080] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.327534] Free of addr ffff888103a74001 by task kunit_try_catch/260 [ 14.327796] [ 14.327897] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.327942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.327955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.327974] Call Trace: [ 14.327987] <TASK> [ 14.328000] dump_stack_lvl+0x73/0xb0 [ 14.328029] print_report+0xd1/0x610 [ 14.328051] ? __virt_addr_valid+0x1db/0x2d0 [ 14.328075] ? kasan_addr_to_slab+0x11/0xa0 [ 14.328104] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328130] kasan_report_invalid_free+0x10a/0x130 [ 14.328154] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328183] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328206] __kasan_mempool_poison_object+0x102/0x1d0 [ 14.328230] mempool_free+0x2ec/0x380 [ 14.328257] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 14.328282] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 14.328310] ? __kasan_check_write+0x18/0x20 [ 14.328329] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.328351] ? finish_task_switch.isra.0+0x153/0x700 [ 14.328376] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 14.328401] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 14.328426] ? __kasan_check_write+0x18/0x20 [ 14.328447] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.328469] ? __pfx_mempool_kfree+0x10/0x10 [ 14.328494] ? __pfx_read_tsc+0x10/0x10 [ 14.328514] ? ktime_get_ts64+0x86/0x230 [ 14.328546] kunit_try_run_case+0x1a5/0x480 [ 14.328571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.328597] ? queued_spin_lock_slowpath+0x116/0xb40 [ 14.328621] ? __kthread_parkme+0x82/0x180 [ 14.328639] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 14.328664] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.328689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.328711] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.328735] kthread+0x337/0x6f0 [ 14.328754] ? trace_preempt_on+0x20/0xc0 [ 14.328778] ? __pfx_kthread+0x10/0x10 [ 14.328798] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.328830] ? calculate_sigpending+0x7b/0xa0 [ 14.328860] ? __pfx_kthread+0x10/0x10 [ 14.328882] ret_from_fork+0x116/0x1d0 [ 14.328901] ? __pfx_kthread+0x10/0x10 [ 14.328922] ret_from_fork_asm+0x1a/0x30 [ 14.328951] </TASK> [ 14.328961] [ 14.338324] The buggy address belongs to the physical page: [ 14.338576] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.338907] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.339212] flags: 0x200000000000040(head|node=0|zone=2) [ 14.339391] page_type: f8(unknown) [ 14.339519] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.339751] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.340152] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.340698] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.341295] head: 0200000000000002 ffffea00040e9d01 00000000ffffffff 00000000ffffffff [ 14.341530] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.342071] page dumped because: kasan: bad access detected [ 14.342489] [ 14.342587] Memory state around the buggy address: [ 14.342823] ffff888103a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.343126] ffff888103a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.343346] >ffff888103a74000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.343605] ^ [ 14.343905] ffff888103a74080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.344324] ffff888103a74100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.344632] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 14.229800] ================================================================== [ 14.230598] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.230880] Free of addr ffff888102b16100 by task kunit_try_catch/252 [ 14.231140] [ 14.231254] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.231299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.231311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.231334] Call Trace: [ 14.231347] <TASK> [ 14.231362] dump_stack_lvl+0x73/0xb0 [ 14.231392] print_report+0xd1/0x610 [ 14.231414] ? __virt_addr_valid+0x1db/0x2d0 [ 14.231438] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.231461] ? mempool_double_free_helper+0x184/0x370 [ 14.231485] kasan_report_invalid_free+0x10a/0x130 [ 14.231509] ? mempool_double_free_helper+0x184/0x370 [ 14.231535] ? mempool_double_free_helper+0x184/0x370 [ 14.231557] ? mempool_double_free_helper+0x184/0x370 [ 14.231580] check_slab_allocation+0x101/0x130 [ 14.231601] __kasan_mempool_poison_object+0x91/0x1d0 [ 14.231626] mempool_free+0x2ec/0x380 [ 14.231652] mempool_double_free_helper+0x184/0x370 [ 14.231676] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.231699] ? update_load_avg+0x1be/0x21b0 [ 14.231722] ? update_load_avg+0x1be/0x21b0 [ 14.231742] ? update_curr+0x80/0x810 [ 14.231764] ? irqentry_exit+0x2a/0x60 [ 14.231785] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.231823] mempool_kmalloc_double_free+0xed/0x140 [ 14.231847] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.231873] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.231896] ? __pfx_mempool_kfree+0x10/0x10 [ 14.231920] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.231945] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 14.231970] kunit_try_run_case+0x1a5/0x480 [ 14.231996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.232018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.232041] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.232064] ? __kthread_parkme+0x82/0x180 [ 14.232084] ? preempt_count_sub+0x50/0x80 [ 14.232116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.232140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.232163] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.232187] kthread+0x337/0x6f0 [ 14.232205] ? trace_preempt_on+0x20/0xc0 [ 14.232228] ? __pfx_kthread+0x10/0x10 [ 14.232248] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.232280] ? calculate_sigpending+0x7b/0xa0 [ 14.232305] ? __pfx_kthread+0x10/0x10 [ 14.232326] ret_from_fork+0x116/0x1d0 [ 14.232344] ? __pfx_kthread+0x10/0x10 [ 14.232366] ret_from_fork_asm+0x1a/0x30 [ 14.232396] </TASK> [ 14.232407] [ 14.242123] Allocated by task 252: [ 14.242360] kasan_save_stack+0x45/0x70 [ 14.242608] kasan_save_track+0x18/0x40 [ 14.242857] kasan_save_alloc_info+0x3b/0x50 [ 14.243047] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.243347] remove_element+0x11e/0x190 [ 14.243676] mempool_alloc_preallocated+0x4d/0x90 [ 14.243891] mempool_double_free_helper+0x8a/0x370 [ 14.244380] mempool_kmalloc_double_free+0xed/0x140 [ 14.244569] kunit_try_run_case+0x1a5/0x480 [ 14.244779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.245028] kthread+0x337/0x6f0 [ 14.245201] ret_from_fork+0x116/0x1d0 [ 14.245335] ret_from_fork_asm+0x1a/0x30 [ 14.245600] [ 14.245702] Freed by task 252: [ 14.245878] kasan_save_stack+0x45/0x70 [ 14.246074] kasan_save_track+0x18/0x40 [ 14.246255] kasan_save_free_info+0x3f/0x60 [ 14.246462] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.246633] mempool_free+0x2ec/0x380 [ 14.246770] mempool_double_free_helper+0x109/0x370 [ 14.246944] mempool_kmalloc_double_free+0xed/0x140 [ 14.247115] kunit_try_run_case+0x1a5/0x480 [ 14.247299] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.247550] kthread+0x337/0x6f0 [ 14.247716] ret_from_fork+0x116/0x1d0 [ 14.248057] ret_from_fork_asm+0x1a/0x30 [ 14.248464] [ 14.248563] The buggy address belongs to the object at ffff888102b16100 [ 14.248563] which belongs to the cache kmalloc-128 of size 128 [ 14.249033] The buggy address is located 0 bytes inside of [ 14.249033] 128-byte region [ffff888102b16100, ffff888102b16180) [ 14.249702] [ 14.249803] The buggy address belongs to the physical page: [ 14.250029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 14.250615] flags: 0x200000000000000(node=0|zone=2) [ 14.250835] page_type: f5(slab) [ 14.250982] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.251217] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.251661] page dumped because: kasan: bad access detected [ 14.252057] [ 14.252161] Memory state around the buggy address: [ 14.252443] ffff888102b16000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.252780] ffff888102b16080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.253105] >ffff888102b16100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.253471] ^ [ 14.253633] ffff888102b16180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.253947] ffff888102b16200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.254205] ================================================================== [ 14.258513] ================================================================== [ 14.259059] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.259371] Free of addr ffff888103ab0000 by task kunit_try_catch/254 [ 14.259711] [ 14.259835] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.259878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.259890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.259911] Call Trace: [ 14.259923] <TASK> [ 14.259938] dump_stack_lvl+0x73/0xb0 [ 14.259965] print_report+0xd1/0x610 [ 14.259987] ? __virt_addr_valid+0x1db/0x2d0 [ 14.260009] ? kasan_addr_to_slab+0x11/0xa0 [ 14.260029] ? mempool_double_free_helper+0x184/0x370 [ 14.260054] kasan_report_invalid_free+0x10a/0x130 [ 14.260077] ? mempool_double_free_helper+0x184/0x370 [ 14.260104] ? mempool_double_free_helper+0x184/0x370 [ 14.260126] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 14.260150] mempool_free+0x2ec/0x380 [ 14.260177] mempool_double_free_helper+0x184/0x370 [ 14.260200] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.260227] ? irqentry_exit+0x2a/0x60 [ 14.260248] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.260274] mempool_kmalloc_large_double_free+0xed/0x140 [ 14.260298] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.260341] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.260365] ? __pfx_mempool_kfree+0x10/0x10 [ 14.260388] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.260415] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 14.260442] kunit_try_run_case+0x1a5/0x480 [ 14.260466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.260489] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.260513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.260537] ? __kthread_parkme+0x82/0x180 [ 14.260557] ? preempt_count_sub+0x50/0x80 [ 14.260581] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.260605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.260628] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.260652] kthread+0x337/0x6f0 [ 14.260670] ? trace_preempt_on+0x20/0xc0 [ 14.260694] ? __pfx_kthread+0x10/0x10 [ 14.260714] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.260735] ? calculate_sigpending+0x7b/0xa0 [ 14.260759] ? __pfx_kthread+0x10/0x10 [ 14.260780] ret_from_fork+0x116/0x1d0 [ 14.260799] ? __pfx_kthread+0x10/0x10 [ 14.260830] ret_from_fork_asm+0x1a/0x30 [ 14.260866] </TASK> [ 14.260876] [ 14.269286] The buggy address belongs to the physical page: [ 14.269475] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab0 [ 14.269890] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.270344] flags: 0x200000000000040(head|node=0|zone=2) [ 14.270687] page_type: f8(unknown) [ 14.270881] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.271196] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.271516] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.271774] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.272022] head: 0200000000000002 ffffea00040eac01 00000000ffffffff 00000000ffffffff [ 14.272259] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.272596] page dumped because: kasan: bad access detected [ 14.273001] [ 14.273099] Memory state around the buggy address: [ 14.273323] ffff888103aaff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.273686] ffff888103aaff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.273985] >ffff888103ab0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.274512] ^ [ 14.274660] ffff888103ab0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.274935] ffff888103ab0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.275407] ================================================================== [ 14.279300] ================================================================== [ 14.279837] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 14.280196] Free of addr ffff888103a74000 by task kunit_try_catch/256 [ 14.280460] [ 14.280783] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.280855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.280867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.280889] Call Trace: [ 14.280904] <TASK> [ 14.280920] dump_stack_lvl+0x73/0xb0 [ 14.280951] print_report+0xd1/0x610 [ 14.280973] ? __virt_addr_valid+0x1db/0x2d0 [ 14.280998] ? kasan_addr_to_slab+0x11/0xa0 [ 14.281017] ? mempool_double_free_helper+0x184/0x370 [ 14.281041] kasan_report_invalid_free+0x10a/0x130 [ 14.281066] ? mempool_double_free_helper+0x184/0x370 [ 14.281092] ? mempool_double_free_helper+0x184/0x370 [ 14.281114] __kasan_mempool_poison_pages+0x115/0x130 [ 14.281138] mempool_free+0x290/0x380 [ 14.281165] mempool_double_free_helper+0x184/0x370 [ 14.281189] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 14.281422] ? update_load_avg+0x1be/0x21b0 [ 14.281450] ? dequeue_entities+0x27e/0x1740 [ 14.281475] ? finish_task_switch.isra.0+0x153/0x700 [ 14.281500] mempool_page_alloc_double_free+0xe8/0x140 [ 14.281525] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 14.281552] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.281576] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.281602] ? __pfx_read_tsc+0x10/0x10 [ 14.281624] ? ktime_get_ts64+0x86/0x230 [ 14.281648] kunit_try_run_case+0x1a5/0x480 [ 14.281673] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.281696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.281720] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.281742] ? __kthread_parkme+0x82/0x180 [ 14.281763] ? preempt_count_sub+0x50/0x80 [ 14.281786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.281809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.281847] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.281871] kthread+0x337/0x6f0 [ 14.281891] ? trace_preempt_on+0x20/0xc0 [ 14.281914] ? __pfx_kthread+0x10/0x10 [ 14.281935] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.281955] ? calculate_sigpending+0x7b/0xa0 [ 14.281979] ? __pfx_kthread+0x10/0x10 [ 14.282000] ret_from_fork+0x116/0x1d0 [ 14.282019] ? __pfx_kthread+0x10/0x10 [ 14.282040] ret_from_fork_asm+0x1a/0x30 [ 14.282070] </TASK> [ 14.282081] [ 14.291466] The buggy address belongs to the physical page: [ 14.291700] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.292035] flags: 0x200000000000000(node=0|zone=2) [ 14.292372] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.292638] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.292894] page dumped because: kasan: bad access detected [ 14.293070] [ 14.293141] Memory state around the buggy address: [ 14.293372] ffff888103a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.293691] ffff888103a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.294093] >ffff888103a74000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.294500] ^ [ 14.294640] ffff888103a74080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.294977] ffff888103a74100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.295419] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 14.201572] ================================================================== [ 14.202402] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.202738] Read of size 1 at addr ffff888103a74000 by task kunit_try_catch/250 [ 14.203042] [ 14.203848] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.203899] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.204025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.204053] Call Trace: [ 14.204065] <TASK> [ 14.204081] dump_stack_lvl+0x73/0xb0 [ 14.204128] print_report+0xd1/0x610 [ 14.204151] ? __virt_addr_valid+0x1db/0x2d0 [ 14.204207] ? mempool_uaf_helper+0x392/0x400 [ 14.204312] ? kasan_addr_to_slab+0x11/0xa0 [ 14.204334] ? mempool_uaf_helper+0x392/0x400 [ 14.204356] kasan_report+0x141/0x180 [ 14.204377] ? mempool_uaf_helper+0x392/0x400 [ 14.204404] __asan_report_load1_noabort+0x18/0x20 [ 14.204428] mempool_uaf_helper+0x392/0x400 [ 14.204450] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.204473] ? __kasan_check_write+0x18/0x20 [ 14.204493] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.204513] ? irqentry_exit+0x2a/0x60 [ 14.204536] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 14.204562] mempool_page_alloc_uaf+0xed/0x140 [ 14.204585] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 14.204611] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 14.204636] ? __pfx_mempool_free_pages+0x10/0x10 [ 14.204660] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 14.204686] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 14.204710] kunit_try_run_case+0x1a5/0x480 [ 14.204735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.204757] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.204780] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.204803] ? __kthread_parkme+0x82/0x180 [ 14.204839] ? preempt_count_sub+0x50/0x80 [ 14.204866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.204891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.204913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.204937] kthread+0x337/0x6f0 [ 14.204956] ? trace_preempt_on+0x20/0xc0 [ 14.204978] ? __pfx_kthread+0x10/0x10 [ 14.204998] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.205020] ? calculate_sigpending+0x7b/0xa0 [ 14.205042] ? __pfx_kthread+0x10/0x10 [ 14.205065] ret_from_fork+0x116/0x1d0 [ 14.205084] ? __pfx_kthread+0x10/0x10 [ 14.205105] ret_from_fork_asm+0x1a/0x30 [ 14.205135] </TASK> [ 14.205145] [ 14.219515] The buggy address belongs to the physical page: [ 14.219929] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.220767] flags: 0x200000000000000(node=0|zone=2) [ 14.221034] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 14.221666] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 14.222001] page dumped because: kasan: bad access detected [ 14.222749] [ 14.223012] Memory state around the buggy address: [ 14.223509] ffff888103a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.223961] ffff888103a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.224697] >ffff888103a74000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.225382] ^ [ 14.225558] ffff888103a74080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.225865] ffff888103a74100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.226527] ================================================================== [ 14.134009] ================================================================== [ 14.135617] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.136821] Read of size 1 at addr ffff888103a74000 by task kunit_try_catch/246 [ 14.137061] [ 14.137533] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.137729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.137780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.137804] Call Trace: [ 14.137827] <TASK> [ 14.137843] dump_stack_lvl+0x73/0xb0 [ 14.137876] print_report+0xd1/0x610 [ 14.137900] ? __virt_addr_valid+0x1db/0x2d0 [ 14.137922] ? mempool_uaf_helper+0x392/0x400 [ 14.137943] ? kasan_addr_to_slab+0x11/0xa0 [ 14.137964] ? mempool_uaf_helper+0x392/0x400 [ 14.137986] kasan_report+0x141/0x180 [ 14.138008] ? mempool_uaf_helper+0x392/0x400 [ 14.138034] __asan_report_load1_noabort+0x18/0x20 [ 14.138057] mempool_uaf_helper+0x392/0x400 [ 14.138104] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.138129] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.138151] ? finish_task_switch.isra.0+0x153/0x700 [ 14.138176] mempool_kmalloc_large_uaf+0xef/0x140 [ 14.138216] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 14.138242] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.138265] ? __pfx_mempool_kfree+0x10/0x10 [ 14.138290] ? __pfx_read_tsc+0x10/0x10 [ 14.138310] ? ktime_get_ts64+0x86/0x230 [ 14.138333] kunit_try_run_case+0x1a5/0x480 [ 14.138359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.138381] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.138404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.138428] ? __kthread_parkme+0x82/0x180 [ 14.138447] ? preempt_count_sub+0x50/0x80 [ 14.138470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.138493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.138516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.138539] kthread+0x337/0x6f0 [ 14.138558] ? trace_preempt_on+0x20/0xc0 [ 14.138581] ? __pfx_kthread+0x10/0x10 [ 14.138601] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.138623] ? calculate_sigpending+0x7b/0xa0 [ 14.138647] ? __pfx_kthread+0x10/0x10 [ 14.138669] ret_from_fork+0x116/0x1d0 [ 14.138687] ? __pfx_kthread+0x10/0x10 [ 14.138707] ret_from_fork_asm+0x1a/0x30 [ 14.138737] </TASK> [ 14.138748] [ 14.155502] The buggy address belongs to the physical page: [ 14.155914] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.156449] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.156728] flags: 0x200000000000040(head|node=0|zone=2) [ 14.157216] page_type: f8(unknown) [ 14.157610] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.158057] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.158651] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.159188] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.159608] head: 0200000000000002 ffffea00040e9d01 00000000ffffffff 00000000ffffffff [ 14.159955] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.160548] page dumped because: kasan: bad access detected [ 14.160830] [ 14.160935] Memory state around the buggy address: [ 14.161272] ffff888103a73f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.161609] ffff888103a73f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.161954] >ffff888103a74000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.162378] ^ [ 14.162584] ffff888103a74080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.162913] ffff888103a74100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 14.163315] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 14.167760] ================================================================== [ 14.168373] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.168656] Read of size 1 at addr ffff888102b16240 by task kunit_try_catch/248 [ 14.168990] [ 14.169132] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.169177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.169245] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.169270] Call Trace: [ 14.169283] <TASK> [ 14.169298] dump_stack_lvl+0x73/0xb0 [ 14.169330] print_report+0xd1/0x610 [ 14.169353] ? __virt_addr_valid+0x1db/0x2d0 [ 14.169377] ? mempool_uaf_helper+0x392/0x400 [ 14.169399] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.169422] ? mempool_uaf_helper+0x392/0x400 [ 14.169444] kasan_report+0x141/0x180 [ 14.169466] ? mempool_uaf_helper+0x392/0x400 [ 14.169493] __asan_report_load1_noabort+0x18/0x20 [ 14.169517] mempool_uaf_helper+0x392/0x400 [ 14.169540] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.169564] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.169588] ? finish_task_switch.isra.0+0x153/0x700 [ 14.169614] mempool_slab_uaf+0xea/0x140 [ 14.169635] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 14.169661] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.169686] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.169712] ? __pfx_read_tsc+0x10/0x10 [ 14.169734] ? ktime_get_ts64+0x86/0x230 [ 14.169759] kunit_try_run_case+0x1a5/0x480 [ 14.169784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.169807] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.169843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.169866] ? __kthread_parkme+0x82/0x180 [ 14.169887] ? preempt_count_sub+0x50/0x80 [ 14.169910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.169933] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.169957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.169980] kthread+0x337/0x6f0 [ 14.170000] ? trace_preempt_on+0x20/0xc0 [ 14.170023] ? __pfx_kthread+0x10/0x10 [ 14.170044] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.170065] ? calculate_sigpending+0x7b/0xa0 [ 14.170108] ? __pfx_kthread+0x10/0x10 [ 14.170129] ret_from_fork+0x116/0x1d0 [ 14.170148] ? __pfx_kthread+0x10/0x10 [ 14.170168] ret_from_fork_asm+0x1a/0x30 [ 14.170249] </TASK> [ 14.170261] [ 14.178121] Allocated by task 248: [ 14.178340] kasan_save_stack+0x45/0x70 [ 14.178547] kasan_save_track+0x18/0x40 [ 14.178739] kasan_save_alloc_info+0x3b/0x50 [ 14.178965] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.179311] remove_element+0x11e/0x190 [ 14.179514] mempool_alloc_preallocated+0x4d/0x90 [ 14.179737] mempool_uaf_helper+0x96/0x400 [ 14.179947] mempool_slab_uaf+0xea/0x140 [ 14.180105] kunit_try_run_case+0x1a5/0x480 [ 14.180398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.180643] kthread+0x337/0x6f0 [ 14.180769] ret_from_fork+0x116/0x1d0 [ 14.180919] ret_from_fork_asm+0x1a/0x30 [ 14.181063] [ 14.181166] Freed by task 248: [ 14.181369] kasan_save_stack+0x45/0x70 [ 14.181571] kasan_save_track+0x18/0x40 [ 14.181761] kasan_save_free_info+0x3f/0x60 [ 14.181990] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.182241] mempool_free+0x2ec/0x380 [ 14.182428] mempool_uaf_helper+0x11a/0x400 [ 14.182635] mempool_slab_uaf+0xea/0x140 [ 14.182838] kunit_try_run_case+0x1a5/0x480 [ 14.183045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.183295] kthread+0x337/0x6f0 [ 14.183428] ret_from_fork+0x116/0x1d0 [ 14.183583] ret_from_fork_asm+0x1a/0x30 [ 14.183770] [ 14.184955] The buggy address belongs to the object at ffff888102b16240 [ 14.184955] which belongs to the cache test_cache of size 123 [ 14.185938] The buggy address is located 0 bytes inside of [ 14.185938] freed 123-byte region [ffff888102b16240, ffff888102b162bb) [ 14.186937] [ 14.187275] The buggy address belongs to the physical page: [ 14.187524] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b16 [ 14.188082] flags: 0x200000000000000(node=0|zone=2) [ 14.188568] page_type: f5(slab) [ 14.188912] raw: 0200000000000000 ffff888102b14000 dead000000000122 0000000000000000 [ 14.189587] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.189926] page dumped because: kasan: bad access detected [ 14.190171] [ 14.190677] Memory state around the buggy address: [ 14.190900] ffff888102b16100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.191553] ffff888102b16180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.192000] >ffff888102b16200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 14.192525] ^ [ 14.192763] ffff888102b16280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.193075] ffff888102b16300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.193889] ================================================================== [ 14.105689] ================================================================== [ 14.106422] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 14.106742] Read of size 1 at addr ffff8881025cc600 by task kunit_try_catch/244 [ 14.107065] [ 14.107222] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.107347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.107363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.107384] Call Trace: [ 14.107396] <TASK> [ 14.107412] dump_stack_lvl+0x73/0xb0 [ 14.107443] print_report+0xd1/0x610 [ 14.107490] ? __virt_addr_valid+0x1db/0x2d0 [ 14.107513] ? mempool_uaf_helper+0x392/0x400 [ 14.107535] ? kasan_complete_mode_report_info+0x64/0x200 [ 14.107557] ? mempool_uaf_helper+0x392/0x400 [ 14.107579] kasan_report+0x141/0x180 [ 14.107601] ? mempool_uaf_helper+0x392/0x400 [ 14.107644] __asan_report_load1_noabort+0x18/0x20 [ 14.107668] mempool_uaf_helper+0x392/0x400 [ 14.107691] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 14.107711] ? update_load_avg+0x1be/0x21b0 [ 14.107735] ? dequeue_entities+0x27e/0x1740 [ 14.107761] ? finish_task_switch.isra.0+0x153/0x700 [ 14.107786] mempool_kmalloc_uaf+0xef/0x140 [ 14.107808] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 14.107844] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.107868] ? __pfx_mempool_kfree+0x10/0x10 [ 14.107911] ? __pfx_read_tsc+0x10/0x10 [ 14.107932] ? ktime_get_ts64+0x86/0x230 [ 14.107956] kunit_try_run_case+0x1a5/0x480 [ 14.107981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.108004] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.108028] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.108051] ? __kthread_parkme+0x82/0x180 [ 14.108072] ? preempt_count_sub+0x50/0x80 [ 14.108112] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.108136] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.108159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.108183] kthread+0x337/0x6f0 [ 14.108202] ? trace_preempt_on+0x20/0xc0 [ 14.108296] ? __pfx_kthread+0x10/0x10 [ 14.108318] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.108340] ? calculate_sigpending+0x7b/0xa0 [ 14.108364] ? __pfx_kthread+0x10/0x10 [ 14.108385] ret_from_fork+0x116/0x1d0 [ 14.108405] ? __pfx_kthread+0x10/0x10 [ 14.108424] ret_from_fork_asm+0x1a/0x30 [ 14.108455] </TASK> [ 14.108465] [ 14.117584] Allocated by task 244: [ 14.117751] kasan_save_stack+0x45/0x70 [ 14.117984] kasan_save_track+0x18/0x40 [ 14.118182] kasan_save_alloc_info+0x3b/0x50 [ 14.118618] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.118989] remove_element+0x11e/0x190 [ 14.119284] mempool_alloc_preallocated+0x4d/0x90 [ 14.119490] mempool_uaf_helper+0x96/0x400 [ 14.119717] mempool_kmalloc_uaf+0xef/0x140 [ 14.119946] kunit_try_run_case+0x1a5/0x480 [ 14.120149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.120408] kthread+0x337/0x6f0 [ 14.120574] ret_from_fork+0x116/0x1d0 [ 14.120861] ret_from_fork_asm+0x1a/0x30 [ 14.121037] [ 14.121133] Freed by task 244: [ 14.121337] kasan_save_stack+0x45/0x70 [ 14.121555] kasan_save_track+0x18/0x40 [ 14.121727] kasan_save_free_info+0x3f/0x60 [ 14.121887] __kasan_mempool_poison_object+0x131/0x1d0 [ 14.122194] mempool_free+0x2ec/0x380 [ 14.122494] mempool_uaf_helper+0x11a/0x400 [ 14.122670] mempool_kmalloc_uaf+0xef/0x140 [ 14.122881] kunit_try_run_case+0x1a5/0x480 [ 14.123057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.123653] kthread+0x337/0x6f0 [ 14.123844] ret_from_fork+0x116/0x1d0 [ 14.123980] ret_from_fork_asm+0x1a/0x30 [ 14.124307] [ 14.124410] The buggy address belongs to the object at ffff8881025cc600 [ 14.124410] which belongs to the cache kmalloc-128 of size 128 [ 14.125036] The buggy address is located 0 bytes inside of [ 14.125036] freed 128-byte region [ffff8881025cc600, ffff8881025cc680) [ 14.125516] [ 14.125686] The buggy address belongs to the physical page: [ 14.125953] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025cc [ 14.126316] flags: 0x200000000000000(node=0|zone=2) [ 14.126550] page_type: f5(slab) [ 14.126710] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.126953] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.127798] page dumped because: kasan: bad access detected [ 14.128072] [ 14.128180] Memory state around the buggy address: [ 14.128522] ffff8881025cc500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.128840] ffff8881025cc580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.129209] >ffff8881025cc600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.129569] ^ [ 14.129739] ffff8881025cc680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.130046] ffff8881025cc700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.130450] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 14.077081] ================================================================== [ 14.077945] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.078306] Read of size 1 at addr ffff888102b132bb by task kunit_try_catch/242 [ 14.078701] [ 14.078825] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.078869] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.078882] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.078903] Call Trace: [ 14.078916] <TASK> [ 14.078951] dump_stack_lvl+0x73/0xb0 [ 14.078996] print_report+0xd1/0x610 [ 14.079018] ? __virt_addr_valid+0x1db/0x2d0 [ 14.079042] ? mempool_oob_right_helper+0x318/0x380 [ 14.079064] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.079086] ? mempool_oob_right_helper+0x318/0x380 [ 14.079109] kasan_report+0x141/0x180 [ 14.079131] ? mempool_oob_right_helper+0x318/0x380 [ 14.079159] __asan_report_load1_noabort+0x18/0x20 [ 14.079185] mempool_oob_right_helper+0x318/0x380 [ 14.079224] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.079248] ? update_load_avg+0x1be/0x21b0 [ 14.079275] ? finish_task_switch.isra.0+0x153/0x700 [ 14.079301] mempool_slab_oob_right+0xed/0x140 [ 14.079383] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 14.079415] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 14.079441] ? __pfx_mempool_free_slab+0x10/0x10 [ 14.079469] ? __pfx_read_tsc+0x10/0x10 [ 14.079491] ? ktime_get_ts64+0x86/0x230 [ 14.079534] kunit_try_run_case+0x1a5/0x480 [ 14.079560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.079583] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.079606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.079629] ? __kthread_parkme+0x82/0x180 [ 14.079650] ? preempt_count_sub+0x50/0x80 [ 14.079674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.079699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.079722] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.079746] kthread+0x337/0x6f0 [ 14.079766] ? trace_preempt_on+0x20/0xc0 [ 14.079789] ? __pfx_kthread+0x10/0x10 [ 14.079810] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.079842] ? calculate_sigpending+0x7b/0xa0 [ 14.079866] ? __pfx_kthread+0x10/0x10 [ 14.079887] ret_from_fork+0x116/0x1d0 [ 14.079906] ? __pfx_kthread+0x10/0x10 [ 14.079927] ret_from_fork_asm+0x1a/0x30 [ 14.079957] </TASK> [ 14.079967] [ 14.088856] Allocated by task 242: [ 14.089046] kasan_save_stack+0x45/0x70 [ 14.089271] kasan_save_track+0x18/0x40 [ 14.089406] kasan_save_alloc_info+0x3b/0x50 [ 14.089807] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 14.090087] remove_element+0x11e/0x190 [ 14.090245] mempool_alloc_preallocated+0x4d/0x90 [ 14.090523] mempool_oob_right_helper+0x8a/0x380 [ 14.090780] mempool_slab_oob_right+0xed/0x140 [ 14.091164] kunit_try_run_case+0x1a5/0x480 [ 14.091581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.091837] kthread+0x337/0x6f0 [ 14.091999] ret_from_fork+0x116/0x1d0 [ 14.092188] ret_from_fork_asm+0x1a/0x30 [ 14.092409] [ 14.092509] The buggy address belongs to the object at ffff888102b13240 [ 14.092509] which belongs to the cache test_cache of size 123 [ 14.093085] The buggy address is located 0 bytes to the right of [ 14.093085] allocated 123-byte region [ffff888102b13240, ffff888102b132bb) [ 14.093620] [ 14.093691] The buggy address belongs to the physical page: [ 14.093874] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b13 [ 14.094107] flags: 0x200000000000000(node=0|zone=2) [ 14.094625] page_type: f5(slab) [ 14.094844] raw: 0200000000000000 ffff888101a35dc0 dead000000000122 0000000000000000 [ 14.095210] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 14.095648] page dumped because: kasan: bad access detected [ 14.095963] [ 14.096038] Memory state around the buggy address: [ 14.096332] ffff888102b13180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.096658] ffff888102b13200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 14.096972] >ffff888102b13280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 14.097558] ^ [ 14.097766] ffff888102b13300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.098107] ffff888102b13380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.098500] ================================================================== [ 14.047397] ================================================================== [ 14.047928] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.048494] Read of size 1 at addr ffff888103a76001 by task kunit_try_catch/240 [ 14.048848] [ 14.049211] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.049262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.049275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.049297] Call Trace: [ 14.049311] <TASK> [ 14.049326] dump_stack_lvl+0x73/0xb0 [ 14.049359] print_report+0xd1/0x610 [ 14.049381] ? __virt_addr_valid+0x1db/0x2d0 [ 14.049427] ? mempool_oob_right_helper+0x318/0x380 [ 14.049451] ? kasan_addr_to_slab+0x11/0xa0 [ 14.049470] ? mempool_oob_right_helper+0x318/0x380 [ 14.049494] kasan_report+0x141/0x180 [ 14.049516] ? mempool_oob_right_helper+0x318/0x380 [ 14.049543] __asan_report_load1_noabort+0x18/0x20 [ 14.049567] mempool_oob_right_helper+0x318/0x380 [ 14.049590] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.049616] ? __pfx_sched_clock_cpu+0x10/0x10 [ 14.049639] ? finish_task_switch.isra.0+0x153/0x700 [ 14.049664] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 14.049688] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 14.049716] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.049740] ? __pfx_mempool_kfree+0x10/0x10 [ 14.049765] ? __pfx_read_tsc+0x10/0x10 [ 14.049786] ? ktime_get_ts64+0x86/0x230 [ 14.049810] kunit_try_run_case+0x1a5/0x480 [ 14.049848] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.049870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.049894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.049917] ? __kthread_parkme+0x82/0x180 [ 14.049938] ? preempt_count_sub+0x50/0x80 [ 14.049960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.049984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.050008] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.050031] kthread+0x337/0x6f0 [ 14.050050] ? trace_preempt_on+0x20/0xc0 [ 14.050073] ? __pfx_kthread+0x10/0x10 [ 14.050108] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.050129] ? calculate_sigpending+0x7b/0xa0 [ 14.050153] ? __pfx_kthread+0x10/0x10 [ 14.050173] ret_from_fork+0x116/0x1d0 [ 14.050192] ? __pfx_kthread+0x10/0x10 [ 14.050212] ret_from_fork_asm+0x1a/0x30 [ 14.050242] </TASK> [ 14.050252] [ 14.062674] The buggy address belongs to the physical page: [ 14.063010] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a74 [ 14.063751] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 14.064100] flags: 0x200000000000040(head|node=0|zone=2) [ 14.064661] page_type: f8(unknown) [ 14.064931] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.065420] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.065871] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 14.066371] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 14.066722] head: 0200000000000002 ffffea00040e9d01 00000000ffffffff 00000000ffffffff [ 14.067067] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 14.067742] page dumped because: kasan: bad access detected [ 14.068172] [ 14.068365] Memory state around the buggy address: [ 14.068694] ffff888103a75f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.069156] ffff888103a75f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 14.069707] >ffff888103a76000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.070014] ^ [ 14.070474] ffff888103a76080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.070773] ffff888103a76100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 14.071123] ================================================================== [ 14.018518] ================================================================== [ 14.018980] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 14.019604] Read of size 1 at addr ffff888102af7d73 by task kunit_try_catch/238 [ 14.020002] [ 14.020249] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 14.020305] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.020317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.020342] Call Trace: [ 14.020355] <TASK> [ 14.020374] dump_stack_lvl+0x73/0xb0 [ 14.020407] print_report+0xd1/0x610 [ 14.020430] ? __virt_addr_valid+0x1db/0x2d0 [ 14.020455] ? mempool_oob_right_helper+0x318/0x380 [ 14.020478] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.020501] ? mempool_oob_right_helper+0x318/0x380 [ 14.020525] kasan_report+0x141/0x180 [ 14.020547] ? mempool_oob_right_helper+0x318/0x380 [ 14.020574] __asan_report_load1_noabort+0x18/0x20 [ 14.020598] mempool_oob_right_helper+0x318/0x380 [ 14.020623] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 14.020645] ? update_load_avg+0x1be/0x21b0 [ 14.020670] ? dequeue_entities+0x27e/0x1740 [ 14.020696] ? finish_task_switch.isra.0+0x153/0x700 [ 14.020722] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.020745] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 14.020770] ? __pfx_mempool_kmalloc+0x10/0x10 [ 14.020796] ? __pfx_mempool_kfree+0x10/0x10 [ 14.020832] ? __pfx_read_tsc+0x10/0x10 [ 14.020861] ? ktime_get_ts64+0x86/0x230 [ 14.020886] kunit_try_run_case+0x1a5/0x480 [ 14.020913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.020934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.020959] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.020982] ? __kthread_parkme+0x82/0x180 [ 14.021004] ? preempt_count_sub+0x50/0x80 [ 14.021026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.021049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.021073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.021108] kthread+0x337/0x6f0 [ 14.021128] ? trace_preempt_on+0x20/0xc0 [ 14.021151] ? __pfx_kthread+0x10/0x10 [ 14.021172] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.021193] ? calculate_sigpending+0x7b/0xa0 [ 14.021240] ? __pfx_kthread+0x10/0x10 [ 14.021261] ret_from_fork+0x116/0x1d0 [ 14.021281] ? __pfx_kthread+0x10/0x10 [ 14.021301] ret_from_fork_asm+0x1a/0x30 [ 14.021332] </TASK> [ 14.021343] [ 14.031861] Allocated by task 238: [ 14.032077] kasan_save_stack+0x45/0x70 [ 14.032283] kasan_save_track+0x18/0x40 [ 14.032451] kasan_save_alloc_info+0x3b/0x50 [ 14.032750] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 14.033008] remove_element+0x11e/0x190 [ 14.033153] mempool_alloc_preallocated+0x4d/0x90 [ 14.033317] mempool_oob_right_helper+0x8a/0x380 [ 14.033540] mempool_kmalloc_oob_right+0xf2/0x150 [ 14.034056] kunit_try_run_case+0x1a5/0x480 [ 14.034875] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.035431] kthread+0x337/0x6f0 [ 14.035617] ret_from_fork+0x116/0x1d0 [ 14.035796] ret_from_fork_asm+0x1a/0x30 [ 14.035992] [ 14.036086] The buggy address belongs to the object at ffff888102af7d00 [ 14.036086] which belongs to the cache kmalloc-128 of size 128 [ 14.036913] The buggy address is located 0 bytes to the right of [ 14.036913] allocated 115-byte region [ffff888102af7d00, ffff888102af7d73) [ 14.038507] [ 14.038646] The buggy address belongs to the physical page: [ 14.038861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af7 [ 14.039292] flags: 0x200000000000000(node=0|zone=2) [ 14.039651] page_type: f5(slab) [ 14.039825] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.040154] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.040571] page dumped because: kasan: bad access detected [ 14.040759] [ 14.040871] Memory state around the buggy address: [ 14.041122] ffff888102af7c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.041522] ffff888102af7c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.041779] >ffff888102af7d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.042109] ^ [ 14.042472] ffff888102af7d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.042976] ffff888102af7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 14.043353] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 13.449427] ================================================================== [ 13.449868] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 13.450152] Read of size 1 at addr ffff8881025d4280 by task kunit_try_catch/232 [ 13.450591] [ 13.451027] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.451078] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.451091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.451114] Call Trace: [ 13.451127] <TASK> [ 13.451146] dump_stack_lvl+0x73/0xb0 [ 13.451179] print_report+0xd1/0x610 [ 13.451201] ? __virt_addr_valid+0x1db/0x2d0 [ 13.451276] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.451300] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.451335] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.451359] kasan_report+0x141/0x180 [ 13.451381] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.451408] ? kmem_cache_double_destroy+0x1bf/0x380 [ 13.451432] __kasan_check_byte+0x3d/0x50 [ 13.451452] kmem_cache_destroy+0x25/0x1d0 [ 13.451476] kmem_cache_double_destroy+0x1bf/0x380 [ 13.451499] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 13.451523] ? finish_task_switch.isra.0+0x153/0x700 [ 13.451545] ? __switch_to+0x47/0xf50 [ 13.451574] ? __pfx_read_tsc+0x10/0x10 [ 13.451594] ? ktime_get_ts64+0x86/0x230 [ 13.451619] kunit_try_run_case+0x1a5/0x480 [ 13.451644] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.451666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.451691] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.451713] ? __kthread_parkme+0x82/0x180 [ 13.451734] ? preempt_count_sub+0x50/0x80 [ 13.451757] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.451780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.451804] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.451837] kthread+0x337/0x6f0 [ 13.451856] ? trace_preempt_on+0x20/0xc0 [ 13.451880] ? __pfx_kthread+0x10/0x10 [ 13.451901] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.451922] ? calculate_sigpending+0x7b/0xa0 [ 13.451946] ? __pfx_kthread+0x10/0x10 [ 13.451968] ret_from_fork+0x116/0x1d0 [ 13.451986] ? __pfx_kthread+0x10/0x10 [ 13.452007] ret_from_fork_asm+0x1a/0x30 [ 13.452037] </TASK> [ 13.452048] [ 13.463660] Allocated by task 232: [ 13.464033] kasan_save_stack+0x45/0x70 [ 13.464473] kasan_save_track+0x18/0x40 [ 13.464682] kasan_save_alloc_info+0x3b/0x50 [ 13.465018] __kasan_slab_alloc+0x91/0xa0 [ 13.465468] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.465901] __kmem_cache_create_args+0x169/0x240 [ 13.466488] kmem_cache_double_destroy+0xd5/0x380 [ 13.466739] kunit_try_run_case+0x1a5/0x480 [ 13.467077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.467511] kthread+0x337/0x6f0 [ 13.467848] ret_from_fork+0x116/0x1d0 [ 13.468211] ret_from_fork_asm+0x1a/0x30 [ 13.468702] [ 13.468975] Freed by task 232: [ 13.469420] kasan_save_stack+0x45/0x70 [ 13.469738] kasan_save_track+0x18/0x40 [ 13.469938] kasan_save_free_info+0x3f/0x60 [ 13.470386] __kasan_slab_free+0x56/0x70 [ 13.470696] kmem_cache_free+0x249/0x420 [ 13.471000] slab_kmem_cache_release+0x2e/0x40 [ 13.471397] kmem_cache_release+0x16/0x20 [ 13.471723] kobject_put+0x181/0x450 [ 13.472054] sysfs_slab_release+0x16/0x20 [ 13.472409] kmem_cache_destroy+0xf0/0x1d0 [ 13.472900] kmem_cache_double_destroy+0x14e/0x380 [ 13.473421] kunit_try_run_case+0x1a5/0x480 [ 13.473605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.473869] kthread+0x337/0x6f0 [ 13.474021] ret_from_fork+0x116/0x1d0 [ 13.474207] ret_from_fork_asm+0x1a/0x30 [ 13.474389] [ 13.474473] The buggy address belongs to the object at ffff8881025d4280 [ 13.474473] which belongs to the cache kmem_cache of size 208 [ 13.475527] The buggy address is located 0 bytes inside of [ 13.475527] freed 208-byte region [ffff8881025d4280, ffff8881025d4350) [ 13.476412] [ 13.476500] The buggy address belongs to the physical page: [ 13.477041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025d4 [ 13.477552] flags: 0x200000000000000(node=0|zone=2) [ 13.477784] page_type: f5(slab) [ 13.477949] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 13.478638] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 13.479402] page dumped because: kasan: bad access detected [ 13.479603] [ 13.479678] Memory state around the buggy address: [ 13.479851] ffff8881025d4180: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.480086] ffff8881025d4200: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.480305] >ffff8881025d4280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.480518] ^ [ 13.480636] ffff8881025d4300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 13.480899] ffff8881025d4380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.481225] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 13.379614] ================================================================== [ 13.380139] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.380495] Read of size 1 at addr ffff8881025da000 by task kunit_try_catch/230 [ 13.380821] [ 13.380932] CPU: 1 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.380979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.380991] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.381013] Call Trace: [ 13.381374] <TASK> [ 13.381525] dump_stack_lvl+0x73/0xb0 [ 13.381565] print_report+0xd1/0x610 [ 13.381587] ? __virt_addr_valid+0x1db/0x2d0 [ 13.381609] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.381631] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.381652] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.381675] kasan_report+0x141/0x180 [ 13.381697] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.381723] __asan_report_load1_noabort+0x18/0x20 [ 13.381746] kmem_cache_rcu_uaf+0x3e3/0x510 [ 13.381768] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 13.381790] ? finish_task_switch.isra.0+0x153/0x700 [ 13.381827] ? __switch_to+0x47/0xf50 [ 13.381855] ? __pfx_read_tsc+0x10/0x10 [ 13.381874] ? ktime_get_ts64+0x86/0x230 [ 13.381897] kunit_try_run_case+0x1a5/0x480 [ 13.381922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.381943] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.381966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.381988] ? __kthread_parkme+0x82/0x180 [ 13.382008] ? preempt_count_sub+0x50/0x80 [ 13.382030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.382052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.382074] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.382097] kthread+0x337/0x6f0 [ 13.382115] ? trace_preempt_on+0x20/0xc0 [ 13.382137] ? __pfx_kthread+0x10/0x10 [ 13.382156] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.382177] ? calculate_sigpending+0x7b/0xa0 [ 13.382199] ? __pfx_kthread+0x10/0x10 [ 13.382219] ret_from_fork+0x116/0x1d0 [ 13.382237] ? __pfx_kthread+0x10/0x10 [ 13.382256] ret_from_fork_asm+0x1a/0x30 [ 13.382285] </TASK> [ 13.382296] [ 13.395515] Allocated by task 230: [ 13.395848] kasan_save_stack+0x45/0x70 [ 13.396059] kasan_save_track+0x18/0x40 [ 13.396451] kasan_save_alloc_info+0x3b/0x50 [ 13.396808] __kasan_slab_alloc+0x91/0xa0 [ 13.396974] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.397215] kmem_cache_rcu_uaf+0x155/0x510 [ 13.397687] kunit_try_run_case+0x1a5/0x480 [ 13.398081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.398600] kthread+0x337/0x6f0 [ 13.399094] ret_from_fork+0x116/0x1d0 [ 13.399492] ret_from_fork_asm+0x1a/0x30 [ 13.399639] [ 13.399713] Freed by task 0: [ 13.399836] kasan_save_stack+0x45/0x70 [ 13.399974] kasan_save_track+0x18/0x40 [ 13.400142] kasan_save_free_info+0x3f/0x60 [ 13.400579] __kasan_slab_free+0x56/0x70 [ 13.400949] slab_free_after_rcu_debug+0xe4/0x310 [ 13.401484] rcu_core+0x66f/0x1c40 [ 13.401830] rcu_core_si+0x12/0x20 [ 13.402175] handle_softirqs+0x209/0x730 [ 13.402682] __irq_exit_rcu+0xc9/0x110 [ 13.403037] irq_exit_rcu+0x12/0x20 [ 13.403388] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.403895] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.404071] [ 13.404174] Last potentially related work creation: [ 13.404644] kasan_save_stack+0x45/0x70 [ 13.405016] kasan_record_aux_stack+0xb2/0xc0 [ 13.405485] kmem_cache_free+0x131/0x420 [ 13.405805] kmem_cache_rcu_uaf+0x194/0x510 [ 13.405963] kunit_try_run_case+0x1a5/0x480 [ 13.406124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.406741] kthread+0x337/0x6f0 [ 13.407475] ret_from_fork+0x116/0x1d0 [ 13.407842] ret_from_fork_asm+0x1a/0x30 [ 13.408210] [ 13.408429] The buggy address belongs to the object at ffff8881025da000 [ 13.408429] which belongs to the cache test_cache of size 200 [ 13.408892] The buggy address is located 0 bytes inside of [ 13.408892] freed 200-byte region [ffff8881025da000, ffff8881025da0c8) [ 13.409643] [ 13.409810] The buggy address belongs to the physical page: [ 13.410533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025da [ 13.411335] flags: 0x200000000000000(node=0|zone=2) [ 13.411774] page_type: f5(slab) [ 13.412082] raw: 0200000000000000 ffff8881025d4140 dead000000000122 0000000000000000 [ 13.412440] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.413093] page dumped because: kasan: bad access detected [ 13.413665] [ 13.413739] Memory state around the buggy address: [ 13.413910] ffff8881025d9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.414154] ffff8881025d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.414837] >ffff8881025da000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.415629] ^ [ 13.415938] ffff8881025da080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.416628] ffff8881025da100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.417130] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 13.322410] ================================================================== [ 13.322861] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 13.323256] Free of addr ffff888102b0d001 by task kunit_try_catch/228 [ 13.323497] [ 13.323743] CPU: 0 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.323790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.323802] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.323837] Call Trace: [ 13.323849] <TASK> [ 13.323865] dump_stack_lvl+0x73/0xb0 [ 13.323897] print_report+0xd1/0x610 [ 13.323920] ? __virt_addr_valid+0x1db/0x2d0 [ 13.323945] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.323966] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.323991] kasan_report_invalid_free+0x10a/0x130 [ 13.324014] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.324039] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.324089] check_slab_allocation+0x11f/0x130 [ 13.324110] __kasan_slab_pre_free+0x28/0x40 [ 13.324130] kmem_cache_free+0xed/0x420 [ 13.324149] ? kasan_save_track+0x18/0x40 [ 13.324168] ? kasan_save_stack+0x45/0x70 [ 13.324187] ? kmem_cache_invalid_free+0x1d8/0x460 [ 13.324210] ? kmem_cache_invalid_free+0x157/0x460 [ 13.324238] kmem_cache_invalid_free+0x1d8/0x460 [ 13.324263] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 13.324286] ? finish_task_switch.isra.0+0x153/0x700 [ 13.324309] ? __switch_to+0x47/0xf50 [ 13.324395] ? __pfx_read_tsc+0x10/0x10 [ 13.324421] ? ktime_get_ts64+0x86/0x230 [ 13.324445] kunit_try_run_case+0x1a5/0x480 [ 13.324473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.324495] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.324520] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.324564] ? __kthread_parkme+0x82/0x180 [ 13.324584] ? preempt_count_sub+0x50/0x80 [ 13.324606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.324630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.324652] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.324675] kthread+0x337/0x6f0 [ 13.324694] ? trace_preempt_on+0x20/0xc0 [ 13.324716] ? __pfx_kthread+0x10/0x10 [ 13.324737] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.324757] ? calculate_sigpending+0x7b/0xa0 [ 13.324781] ? __pfx_kthread+0x10/0x10 [ 13.324802] ret_from_fork+0x116/0x1d0 [ 13.324829] ? __pfx_kthread+0x10/0x10 [ 13.324855] ret_from_fork_asm+0x1a/0x30 [ 13.324885] </TASK> [ 13.324896] [ 13.334330] Allocated by task 228: [ 13.334466] kasan_save_stack+0x45/0x70 [ 13.334607] kasan_save_track+0x18/0x40 [ 13.334746] kasan_save_alloc_info+0x3b/0x50 [ 13.335008] __kasan_slab_alloc+0x91/0xa0 [ 13.335382] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.335667] kmem_cache_invalid_free+0x157/0x460 [ 13.335916] kunit_try_run_case+0x1a5/0x480 [ 13.336156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.336488] kthread+0x337/0x6f0 [ 13.336615] ret_from_fork+0x116/0x1d0 [ 13.336777] ret_from_fork_asm+0x1a/0x30 [ 13.337030] [ 13.337122] The buggy address belongs to the object at ffff888102b0d000 [ 13.337122] which belongs to the cache test_cache of size 200 [ 13.337780] The buggy address is located 1 bytes inside of [ 13.337780] 200-byte region [ffff888102b0d000, ffff888102b0d0c8) [ 13.338437] [ 13.338528] The buggy address belongs to the physical page: [ 13.338722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0d [ 13.339056] flags: 0x200000000000000(node=0|zone=2) [ 13.339463] page_type: f5(slab) [ 13.339640] raw: 0200000000000000 ffff888101a35b40 dead000000000122 0000000000000000 [ 13.340025] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.340473] page dumped because: kasan: bad access detected [ 13.340731] [ 13.340835] Memory state around the buggy address: [ 13.341085] ffff888102b0cf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.341499] ffff888102b0cf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.341784] >ffff888102b0d000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.342092] ^ [ 13.342356] ffff888102b0d080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.342733] ffff888102b0d100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.343130] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 13.281114] ================================================================== [ 13.281736] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 13.282051] Free of addr ffff888102b0b000 by task kunit_try_catch/226 [ 13.283040] [ 13.283360] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.283410] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.283422] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.283454] Call Trace: [ 13.283466] <TASK> [ 13.283483] dump_stack_lvl+0x73/0xb0 [ 13.283515] print_report+0xd1/0x610 [ 13.283537] ? __virt_addr_valid+0x1db/0x2d0 [ 13.283561] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.283581] ? kmem_cache_double_free+0x1e5/0x480 [ 13.283606] kasan_report_invalid_free+0x10a/0x130 [ 13.283629] ? kmem_cache_double_free+0x1e5/0x480 [ 13.283654] ? kmem_cache_double_free+0x1e5/0x480 [ 13.283677] check_slab_allocation+0x101/0x130 [ 13.283697] __kasan_slab_pre_free+0x28/0x40 [ 13.283717] kmem_cache_free+0xed/0x420 [ 13.283737] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.283758] ? kmem_cache_double_free+0x1e5/0x480 [ 13.283784] kmem_cache_double_free+0x1e5/0x480 [ 13.283807] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 13.283839] ? finish_task_switch.isra.0+0x153/0x700 [ 13.283860] ? __switch_to+0x47/0xf50 [ 13.283889] ? __pfx_read_tsc+0x10/0x10 [ 13.283908] ? ktime_get_ts64+0x86/0x230 [ 13.283932] kunit_try_run_case+0x1a5/0x480 [ 13.283956] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.283978] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.284001] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.284023] ? __kthread_parkme+0x82/0x180 [ 13.284043] ? preempt_count_sub+0x50/0x80 [ 13.284065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.284088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.284110] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.284132] kthread+0x337/0x6f0 [ 13.284150] ? trace_preempt_on+0x20/0xc0 [ 13.284173] ? __pfx_kthread+0x10/0x10 [ 13.284193] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.284280] ? calculate_sigpending+0x7b/0xa0 [ 13.284304] ? __pfx_kthread+0x10/0x10 [ 13.284324] ret_from_fork+0x116/0x1d0 [ 13.284342] ? __pfx_kthread+0x10/0x10 [ 13.284362] ret_from_fork_asm+0x1a/0x30 [ 13.284392] </TASK> [ 13.284401] [ 13.295392] Allocated by task 226: [ 13.295886] kasan_save_stack+0x45/0x70 [ 13.296554] kasan_save_track+0x18/0x40 [ 13.296759] kasan_save_alloc_info+0x3b/0x50 [ 13.297065] __kasan_slab_alloc+0x91/0xa0 [ 13.297398] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.297733] kmem_cache_double_free+0x14f/0x480 [ 13.297958] kunit_try_run_case+0x1a5/0x480 [ 13.298169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.298678] kthread+0x337/0x6f0 [ 13.298966] ret_from_fork+0x116/0x1d0 [ 13.299343] ret_from_fork_asm+0x1a/0x30 [ 13.299665] [ 13.299768] Freed by task 226: [ 13.300096] kasan_save_stack+0x45/0x70 [ 13.300476] kasan_save_track+0x18/0x40 [ 13.300677] kasan_save_free_info+0x3f/0x60 [ 13.300903] __kasan_slab_free+0x56/0x70 [ 13.301572] kmem_cache_free+0x249/0x420 [ 13.301766] kmem_cache_double_free+0x16a/0x480 [ 13.302062] kunit_try_run_case+0x1a5/0x480 [ 13.302393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.302860] kthread+0x337/0x6f0 [ 13.303045] ret_from_fork+0x116/0x1d0 [ 13.303425] ret_from_fork_asm+0x1a/0x30 [ 13.303805] [ 13.303926] The buggy address belongs to the object at ffff888102b0b000 [ 13.303926] which belongs to the cache test_cache of size 200 [ 13.304631] The buggy address is located 0 bytes inside of [ 13.304631] 200-byte region [ffff888102b0b000, ffff888102b0b0c8) [ 13.305500] [ 13.305609] The buggy address belongs to the physical page: [ 13.305827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b0b [ 13.306623] flags: 0x200000000000000(node=0|zone=2) [ 13.306844] page_type: f5(slab) [ 13.307349] raw: 0200000000000000 ffff888101a35a00 dead000000000122 0000000000000000 [ 13.307949] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.308587] page dumped because: kasan: bad access detected [ 13.308859] [ 13.308955] Memory state around the buggy address: [ 13.309391] ffff888102b0af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.309897] ffff888102b0af80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.310460] >ffff888102b0b000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.310839] ^ [ 13.310991] ffff888102b0b080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 13.311652] ffff888102b0b100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.311951] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 13.240100] ================================================================== [ 13.240632] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 13.240957] Read of size 1 at addr ffff8881025d70c8 by task kunit_try_catch/224 [ 13.241506] [ 13.241603] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.241649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.241687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.241709] Call Trace: [ 13.241721] <TASK> [ 13.241737] dump_stack_lvl+0x73/0xb0 [ 13.241769] print_report+0xd1/0x610 [ 13.241792] ? __virt_addr_valid+0x1db/0x2d0 [ 13.241827] ? kmem_cache_oob+0x402/0x530 [ 13.241849] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.241871] ? kmem_cache_oob+0x402/0x530 [ 13.241893] kasan_report+0x141/0x180 [ 13.241914] ? kmem_cache_oob+0x402/0x530 [ 13.241960] __asan_report_load1_noabort+0x18/0x20 [ 13.241983] kmem_cache_oob+0x402/0x530 [ 13.242004] ? trace_hardirqs_on+0x37/0xe0 [ 13.242027] ? __pfx_kmem_cache_oob+0x10/0x10 [ 13.242050] ? __kasan_check_write+0x18/0x20 [ 13.242068] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.242097] ? __pfx_read_tsc+0x10/0x10 [ 13.242117] ? ktime_get_ts64+0x86/0x230 [ 13.242141] kunit_try_run_case+0x1a5/0x480 [ 13.242166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.242188] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 13.242222] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.242245] ? __kthread_parkme+0x82/0x180 [ 13.242265] ? preempt_count_sub+0x50/0x80 [ 13.242288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.242311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.242333] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.242356] kthread+0x337/0x6f0 [ 13.242375] ? trace_preempt_on+0x20/0xc0 [ 13.242396] ? __pfx_kthread+0x10/0x10 [ 13.242415] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.242436] ? calculate_sigpending+0x7b/0xa0 [ 13.242460] ? __pfx_kthread+0x10/0x10 [ 13.242480] ret_from_fork+0x116/0x1d0 [ 13.242498] ? __pfx_kthread+0x10/0x10 [ 13.242518] ret_from_fork_asm+0x1a/0x30 [ 13.242547] </TASK> [ 13.242558] [ 13.251052] Allocated by task 224: [ 13.251413] kasan_save_stack+0x45/0x70 [ 13.251563] kasan_save_track+0x18/0x40 [ 13.251698] kasan_save_alloc_info+0x3b/0x50 [ 13.251870] __kasan_slab_alloc+0x91/0xa0 [ 13.252065] kmem_cache_alloc_noprof+0x123/0x3f0 [ 13.252299] kmem_cache_oob+0x157/0x530 [ 13.252476] kunit_try_run_case+0x1a5/0x480 [ 13.252859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.253130] kthread+0x337/0x6f0 [ 13.253303] ret_from_fork+0x116/0x1d0 [ 13.253431] ret_from_fork_asm+0x1a/0x30 [ 13.253565] [ 13.253636] The buggy address belongs to the object at ffff8881025d7000 [ 13.253636] which belongs to the cache test_cache of size 200 [ 13.254234] The buggy address is located 0 bytes to the right of [ 13.254234] allocated 200-byte region [ffff8881025d7000, ffff8881025d70c8) [ 13.254882] [ 13.255042] The buggy address belongs to the physical page: [ 13.255548] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025d7 [ 13.256178] flags: 0x200000000000000(node=0|zone=2) [ 13.256526] page_type: f5(slab) [ 13.256655] raw: 0200000000000000 ffff8881025d4000 dead000000000122 0000000000000000 [ 13.256902] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 13.257462] page dumped because: kasan: bad access detected [ 13.257715] [ 13.257797] Memory state around the buggy address: [ 13.258032] ffff8881025d6f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.258385] ffff8881025d7000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.258722] >ffff8881025d7080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 13.259055] ^ [ 13.259549] ffff8881025d7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.260018] ffff8881025d7180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.261155] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 13.192028] ================================================================== [ 13.192538] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 13.192768] Read of size 8 at addr ffff888102b05b80 by task kunit_try_catch/217 [ 13.194403] [ 13.194894] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.194947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.194960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.194981] Call Trace: [ 13.194995] <TASK> [ 13.195011] dump_stack_lvl+0x73/0xb0 [ 13.195045] print_report+0xd1/0x610 [ 13.195068] ? __virt_addr_valid+0x1db/0x2d0 [ 13.195090] ? workqueue_uaf+0x4d6/0x560 [ 13.195112] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.195135] ? workqueue_uaf+0x4d6/0x560 [ 13.195157] kasan_report+0x141/0x180 [ 13.195180] ? workqueue_uaf+0x4d6/0x560 [ 13.195206] __asan_report_load8_noabort+0x18/0x20 [ 13.195231] workqueue_uaf+0x4d6/0x560 [ 13.195253] ? __pfx_workqueue_uaf+0x10/0x10 [ 13.195276] ? __schedule+0x10c6/0x2b60 [ 13.195299] ? __pfx_read_tsc+0x10/0x10 [ 13.195321] ? ktime_get_ts64+0x86/0x230 [ 13.195347] kunit_try_run_case+0x1a5/0x480 [ 13.195373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.195397] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.195422] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.195446] ? __kthread_parkme+0x82/0x180 [ 13.195468] ? preempt_count_sub+0x50/0x80 [ 13.195492] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.195516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.195540] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.195565] kthread+0x337/0x6f0 [ 13.195585] ? trace_preempt_on+0x20/0xc0 [ 13.195608] ? __pfx_kthread+0x10/0x10 [ 13.195629] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.195651] ? calculate_sigpending+0x7b/0xa0 [ 13.195675] ? __pfx_kthread+0x10/0x10 [ 13.195697] ret_from_fork+0x116/0x1d0 [ 13.195716] ? __pfx_kthread+0x10/0x10 [ 13.195737] ret_from_fork_asm+0x1a/0x30 [ 13.195768] </TASK> [ 13.195779] [ 13.209059] Allocated by task 217: [ 13.209414] kasan_save_stack+0x45/0x70 [ 13.209898] kasan_save_track+0x18/0x40 [ 13.210409] kasan_save_alloc_info+0x3b/0x50 [ 13.210632] __kasan_kmalloc+0xb7/0xc0 [ 13.211008] __kmalloc_cache_noprof+0x189/0x420 [ 13.211231] workqueue_uaf+0x152/0x560 [ 13.211682] kunit_try_run_case+0x1a5/0x480 [ 13.212143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.212650] kthread+0x337/0x6f0 [ 13.212976] ret_from_fork+0x116/0x1d0 [ 13.213145] ret_from_fork_asm+0x1a/0x30 [ 13.213623] [ 13.213826] Freed by task 9: [ 13.214114] kasan_save_stack+0x45/0x70 [ 13.214414] kasan_save_track+0x18/0x40 [ 13.214681] kasan_save_free_info+0x3f/0x60 [ 13.214841] __kasan_slab_free+0x56/0x70 [ 13.214978] kfree+0x222/0x3f0 [ 13.215104] workqueue_uaf_work+0x12/0x20 [ 13.215497] process_one_work+0x5ee/0xf60 [ 13.215936] worker_thread+0x758/0x1220 [ 13.216399] kthread+0x337/0x6f0 [ 13.216771] ret_from_fork+0x116/0x1d0 [ 13.217179] ret_from_fork_asm+0x1a/0x30 [ 13.217796] [ 13.218007] Last potentially related work creation: [ 13.218491] kasan_save_stack+0x45/0x70 [ 13.218633] kasan_record_aux_stack+0xb2/0xc0 [ 13.218781] __queue_work+0x626/0xeb0 [ 13.218928] queue_work_on+0xb6/0xc0 [ 13.219058] workqueue_uaf+0x26d/0x560 [ 13.219429] kunit_try_run_case+0x1a5/0x480 [ 13.219879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.220491] kthread+0x337/0x6f0 [ 13.220918] ret_from_fork+0x116/0x1d0 [ 13.221353] ret_from_fork_asm+0x1a/0x30 [ 13.221794] [ 13.222071] The buggy address belongs to the object at ffff888102b05b80 [ 13.222071] which belongs to the cache kmalloc-32 of size 32 [ 13.223695] The buggy address is located 0 bytes inside of [ 13.223695] freed 32-byte region [ffff888102b05b80, ffff888102b05ba0) [ 13.224070] [ 13.224242] The buggy address belongs to the physical page: [ 13.224838] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b05 [ 13.225600] flags: 0x200000000000000(node=0|zone=2) [ 13.226068] page_type: f5(slab) [ 13.226437] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.226958] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.227437] page dumped because: kasan: bad access detected [ 13.228069] [ 13.228238] Memory state around the buggy address: [ 13.228781] ffff888102b05a80: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.229263] ffff888102b05b00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.229856] >ffff888102b05b80: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 13.230077] ^ [ 13.230198] ffff888102b05c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.230417] ffff888102b05c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.230633] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 13.153331] ================================================================== [ 13.154536] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 13.155025] Read of size 4 at addr ffff888102b05b00 by task swapper/0/0 [ 13.155532] [ 13.155877] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.155924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.155936] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.155958] Call Trace: [ 13.156081] <IRQ> [ 13.156103] dump_stack_lvl+0x73/0xb0 [ 13.156137] print_report+0xd1/0x610 [ 13.156160] ? __virt_addr_valid+0x1db/0x2d0 [ 13.156184] ? rcu_uaf_reclaim+0x50/0x60 [ 13.156203] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.156225] ? rcu_uaf_reclaim+0x50/0x60 [ 13.156245] kasan_report+0x141/0x180 [ 13.156267] ? rcu_uaf_reclaim+0x50/0x60 [ 13.156291] __asan_report_load4_noabort+0x18/0x20 [ 13.156315] rcu_uaf_reclaim+0x50/0x60 [ 13.156335] rcu_core+0x66f/0x1c40 [ 13.156364] ? __pfx_rcu_core+0x10/0x10 [ 13.156385] ? ktime_get+0x6b/0x150 [ 13.156407] ? handle_softirqs+0x18e/0x730 [ 13.156433] rcu_core_si+0x12/0x20 [ 13.156455] handle_softirqs+0x209/0x730 [ 13.156475] ? hrtimer_interrupt+0x2fe/0x780 [ 13.156497] ? __pfx_handle_softirqs+0x10/0x10 [ 13.156524] __irq_exit_rcu+0xc9/0x110 [ 13.156544] irq_exit_rcu+0x12/0x20 [ 13.156563] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.156588] </IRQ> [ 13.156614] <TASK> [ 13.156625] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.156719] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 13.156956] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 23 52 21 00 fb f4 <e9> 3c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 13.157039] RSP: 0000:ffffffff92607dd8 EFLAGS: 00010216 [ 13.157125] RAX: ffff8881c7672000 RBX: ffffffff9261cac0 RCX: ffffffff91477125 [ 13.157170] RDX: ffffed102b60618b RSI: 0000000000000004 RDI: 00000000000159cc [ 13.157213] RBP: ffffffff92607de0 R08: 0000000000000001 R09: ffffed102b60618a [ 13.157255] R10: ffff88815b030c53 R11: 0000000000011400 R12: 0000000000000000 [ 13.157298] R13: fffffbfff24c3958 R14: ffffffff931b1a90 R15: 0000000000000000 [ 13.157358] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 13.157411] ? default_idle+0xd/0x20 [ 13.157430] arch_cpu_idle+0xd/0x20 [ 13.157447] default_idle_call+0x48/0x80 [ 13.157466] do_idle+0x379/0x4f0 [ 13.157491] ? __pfx_do_idle+0x10/0x10 [ 13.157512] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.157534] ? trace_preempt_on+0x20/0xc0 [ 13.157555] ? schedule+0x86/0x2e0 [ 13.157575] ? preempt_count_sub+0x50/0x80 [ 13.157598] cpu_startup_entry+0x5c/0x70 [ 13.157617] rest_init+0x11a/0x140 [ 13.157635] ? acpi_subsystem_init+0x5d/0x150 [ 13.157660] start_kernel+0x330/0x410 [ 13.157681] x86_64_start_reservations+0x1c/0x30 [ 13.157701] x86_64_start_kernel+0x10d/0x120 [ 13.157722] common_startup_64+0x13e/0x148 [ 13.157755] </TASK> [ 13.157765] [ 13.173082] Allocated by task 215: [ 13.173272] kasan_save_stack+0x45/0x70 [ 13.173449] kasan_save_track+0x18/0x40 [ 13.173587] kasan_save_alloc_info+0x3b/0x50 [ 13.173737] __kasan_kmalloc+0xb7/0xc0 [ 13.173964] __kmalloc_cache_noprof+0x189/0x420 [ 13.174311] rcu_uaf+0xb0/0x330 [ 13.174491] kunit_try_run_case+0x1a5/0x480 [ 13.174717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.174981] kthread+0x337/0x6f0 [ 13.175260] ret_from_fork+0x116/0x1d0 [ 13.175429] ret_from_fork_asm+0x1a/0x30 [ 13.175650] [ 13.175723] Freed by task 0: [ 13.175874] kasan_save_stack+0x45/0x70 [ 13.176140] kasan_save_track+0x18/0x40 [ 13.176450] kasan_save_free_info+0x3f/0x60 [ 13.176648] __kasan_slab_free+0x56/0x70 [ 13.176883] kfree+0x222/0x3f0 [ 13.177018] rcu_uaf_reclaim+0x1f/0x60 [ 13.177312] rcu_core+0x66f/0x1c40 [ 13.177499] rcu_core_si+0x12/0x20 [ 13.177657] handle_softirqs+0x209/0x730 [ 13.177868] __irq_exit_rcu+0xc9/0x110 [ 13.178052] irq_exit_rcu+0x12/0x20 [ 13.178285] sysvec_apic_timer_interrupt+0x81/0x90 [ 13.178454] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 13.178624] [ 13.178740] Last potentially related work creation: [ 13.179034] kasan_save_stack+0x45/0x70 [ 13.179375] kasan_record_aux_stack+0xb2/0xc0 [ 13.179595] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 13.179831] call_rcu+0x12/0x20 [ 13.179996] rcu_uaf+0x168/0x330 [ 13.180257] kunit_try_run_case+0x1a5/0x480 [ 13.180442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.180718] kthread+0x337/0x6f0 [ 13.180918] ret_from_fork+0x116/0x1d0 [ 13.181100] ret_from_fork_asm+0x1a/0x30 [ 13.181456] [ 13.181573] The buggy address belongs to the object at ffff888102b05b00 [ 13.181573] which belongs to the cache kmalloc-32 of size 32 [ 13.182095] The buggy address is located 0 bytes inside of [ 13.182095] freed 32-byte region [ffff888102b05b00, ffff888102b05b20) [ 13.182684] [ 13.182787] The buggy address belongs to the physical page: [ 13.182992] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b05 [ 13.183318] flags: 0x200000000000000(node=0|zone=2) [ 13.183558] page_type: f5(slab) [ 13.183740] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.184117] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.184524] page dumped because: kasan: bad access detected [ 13.184820] [ 13.184913] Memory state around the buggy address: [ 13.185069] ffff888102b05a00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.185467] ffff888102b05a80: 00 00 05 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.185795] >ffff888102b05b00: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 13.186171] ^ [ 13.186428] ffff888102b05b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.186741] ffff888102b05c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.187050] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 13.118333] ================================================================== [ 13.118702] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 13.119541] Read of size 1 at addr ffff888102af7a78 by task kunit_try_catch/213 [ 13.119882] [ 13.119973] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.120015] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.120027] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.120047] Call Trace: [ 13.120060] <TASK> [ 13.120074] dump_stack_lvl+0x73/0xb0 [ 13.120102] print_report+0xd1/0x610 [ 13.120123] ? __virt_addr_valid+0x1db/0x2d0 [ 13.120144] ? ksize_uaf+0x5e4/0x6c0 [ 13.120164] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.120185] ? ksize_uaf+0x5e4/0x6c0 [ 13.120205] kasan_report+0x141/0x180 [ 13.120226] ? ksize_uaf+0x5e4/0x6c0 [ 13.120251] __asan_report_load1_noabort+0x18/0x20 [ 13.120274] ksize_uaf+0x5e4/0x6c0 [ 13.120294] ? __pfx_ksize_uaf+0x10/0x10 [ 13.120326] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.120351] ? trace_hardirqs_on+0x37/0xe0 [ 13.120373] ? __pfx_read_tsc+0x10/0x10 [ 13.120404] ? ktime_get_ts64+0x86/0x230 [ 13.120426] kunit_try_run_case+0x1a5/0x480 [ 13.120450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.120473] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.120497] ? __kthread_parkme+0x82/0x180 [ 13.120517] ? preempt_count_sub+0x50/0x80 [ 13.120539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.120563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.120585] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.120608] kthread+0x337/0x6f0 [ 13.120627] ? trace_preempt_on+0x20/0xc0 [ 13.120648] ? __pfx_kthread+0x10/0x10 [ 13.120668] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.120689] ? calculate_sigpending+0x7b/0xa0 [ 13.120712] ? __pfx_kthread+0x10/0x10 [ 13.120732] ret_from_fork+0x116/0x1d0 [ 13.120750] ? __pfx_kthread+0x10/0x10 [ 13.120770] ret_from_fork_asm+0x1a/0x30 [ 13.120799] </TASK> [ 13.120808] [ 13.129093] Allocated by task 213: [ 13.129312] kasan_save_stack+0x45/0x70 [ 13.129463] kasan_save_track+0x18/0x40 [ 13.129600] kasan_save_alloc_info+0x3b/0x50 [ 13.129752] __kasan_kmalloc+0xb7/0xc0 [ 13.131423] __kmalloc_cache_noprof+0x189/0x420 [ 13.132037] ksize_uaf+0xaa/0x6c0 [ 13.132618] kunit_try_run_case+0x1a5/0x480 [ 13.133048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.133259] kthread+0x337/0x6f0 [ 13.133386] ret_from_fork+0x116/0x1d0 [ 13.133522] ret_from_fork_asm+0x1a/0x30 [ 13.133662] [ 13.133735] Freed by task 213: [ 13.133988] kasan_save_stack+0x45/0x70 [ 13.134495] kasan_save_track+0x18/0x40 [ 13.134696] kasan_save_free_info+0x3f/0x60 [ 13.134954] __kasan_slab_free+0x56/0x70 [ 13.135180] kfree+0x222/0x3f0 [ 13.135520] ksize_uaf+0x12c/0x6c0 [ 13.135702] kunit_try_run_case+0x1a5/0x480 [ 13.135957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.136371] kthread+0x337/0x6f0 [ 13.136542] ret_from_fork+0x116/0x1d0 [ 13.136758] ret_from_fork_asm+0x1a/0x30 [ 13.136976] [ 13.137119] The buggy address belongs to the object at ffff888102af7a00 [ 13.137119] which belongs to the cache kmalloc-128 of size 128 [ 13.137758] The buggy address is located 120 bytes inside of [ 13.137758] freed 128-byte region [ffff888102af7a00, ffff888102af7a80) [ 13.138555] [ 13.138682] The buggy address belongs to the physical page: [ 13.138932] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af7 [ 13.139190] flags: 0x200000000000000(node=0|zone=2) [ 13.139433] page_type: f5(slab) [ 13.139604] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.140148] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.140485] page dumped because: kasan: bad access detected [ 13.140662] [ 13.140734] Memory state around the buggy address: [ 13.141112] ffff888102af7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.141665] ffff888102af7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.142009] >ffff888102af7a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.142330] ^ [ 13.142841] ffff888102af7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.143161] ffff888102af7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.143634] ================================================================== [ 13.095862] ================================================================== [ 13.096179] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 13.096624] Read of size 1 at addr ffff888102af7a00 by task kunit_try_catch/213 [ 13.097050] [ 13.097191] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.097244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.097255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.097274] Call Trace: [ 13.097288] <TASK> [ 13.097302] dump_stack_lvl+0x73/0xb0 [ 13.097388] print_report+0xd1/0x610 [ 13.097409] ? __virt_addr_valid+0x1db/0x2d0 [ 13.097429] ? ksize_uaf+0x5fe/0x6c0 [ 13.097449] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.097481] ? ksize_uaf+0x5fe/0x6c0 [ 13.097502] kasan_report+0x141/0x180 [ 13.097523] ? ksize_uaf+0x5fe/0x6c0 [ 13.097559] __asan_report_load1_noabort+0x18/0x20 [ 13.097582] ksize_uaf+0x5fe/0x6c0 [ 13.097602] ? __pfx_ksize_uaf+0x10/0x10 [ 13.097622] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.097646] ? trace_hardirqs_on+0x37/0xe0 [ 13.097668] ? __pfx_read_tsc+0x10/0x10 [ 13.097688] ? ktime_get_ts64+0x86/0x230 [ 13.097710] kunit_try_run_case+0x1a5/0x480 [ 13.097734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097765] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.097788] ? __kthread_parkme+0x82/0x180 [ 13.097807] ? preempt_count_sub+0x50/0x80 [ 13.097845] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.097869] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.097891] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.097913] kthread+0x337/0x6f0 [ 13.097932] ? trace_preempt_on+0x20/0xc0 [ 13.097953] ? __pfx_kthread+0x10/0x10 [ 13.097982] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.098003] ? calculate_sigpending+0x7b/0xa0 [ 13.098025] ? __pfx_kthread+0x10/0x10 [ 13.098056] ret_from_fork+0x116/0x1d0 [ 13.098074] ? __pfx_kthread+0x10/0x10 [ 13.098094] ret_from_fork_asm+0x1a/0x30 [ 13.098123] </TASK> [ 13.098133] [ 13.106002] Allocated by task 213: [ 13.106293] kasan_save_stack+0x45/0x70 [ 13.106535] kasan_save_track+0x18/0x40 [ 13.106717] kasan_save_alloc_info+0x3b/0x50 [ 13.106880] __kasan_kmalloc+0xb7/0xc0 [ 13.107109] __kmalloc_cache_noprof+0x189/0x420 [ 13.107416] ksize_uaf+0xaa/0x6c0 [ 13.107591] kunit_try_run_case+0x1a5/0x480 [ 13.107801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.108057] kthread+0x337/0x6f0 [ 13.108437] ret_from_fork+0x116/0x1d0 [ 13.108583] ret_from_fork_asm+0x1a/0x30 [ 13.108728] [ 13.108801] Freed by task 213: [ 13.108930] kasan_save_stack+0x45/0x70 [ 13.109073] kasan_save_track+0x18/0x40 [ 13.109272] kasan_save_free_info+0x3f/0x60 [ 13.109504] __kasan_slab_free+0x56/0x70 [ 13.109699] kfree+0x222/0x3f0 [ 13.109866] ksize_uaf+0x12c/0x6c0 [ 13.110040] kunit_try_run_case+0x1a5/0x480 [ 13.110245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.110633] kthread+0x337/0x6f0 [ 13.110823] ret_from_fork+0x116/0x1d0 [ 13.111011] ret_from_fork_asm+0x1a/0x30 [ 13.111307] [ 13.111391] The buggy address belongs to the object at ffff888102af7a00 [ 13.111391] which belongs to the cache kmalloc-128 of size 128 [ 13.111866] The buggy address is located 0 bytes inside of [ 13.111866] freed 128-byte region [ffff888102af7a00, ffff888102af7a80) [ 13.112788] [ 13.112908] The buggy address belongs to the physical page: [ 13.113148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af7 [ 13.113649] flags: 0x200000000000000(node=0|zone=2) [ 13.113908] page_type: f5(slab) [ 13.114076] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.114443] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.114712] page dumped because: kasan: bad access detected [ 13.114934] [ 13.115030] Memory state around the buggy address: [ 13.115415] ffff888102af7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.115668] ffff888102af7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.116026] >ffff888102af7a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.116512] ^ [ 13.116720] ffff888102af7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.117037] ffff888102af7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.117294] ================================================================== [ 13.072408] ================================================================== [ 13.073139] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 13.073494] Read of size 1 at addr ffff888102af7a00 by task kunit_try_catch/213 [ 13.073961] [ 13.074070] CPU: 0 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 13.074130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.074142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.074177] Call Trace: [ 13.074189] <TASK> [ 13.074205] dump_stack_lvl+0x73/0xb0 [ 13.074237] print_report+0xd1/0x610 [ 13.074259] ? __virt_addr_valid+0x1db/0x2d0 [ 13.074282] ? ksize_uaf+0x19d/0x6c0 [ 13.074302] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.074392] ? ksize_uaf+0x19d/0x6c0 [ 13.074433] kasan_report+0x141/0x180 [ 13.074455] ? ksize_uaf+0x19d/0x6c0 [ 13.074479] ? ksize_uaf+0x19d/0x6c0 [ 13.074499] __kasan_check_byte+0x3d/0x50 [ 13.074520] ksize+0x20/0x60 [ 13.074541] ksize_uaf+0x19d/0x6c0 [ 13.074561] ? __pfx_ksize_uaf+0x10/0x10 [ 13.074582] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.074607] ? trace_hardirqs_on+0x37/0xe0 [ 13.074629] ? __pfx_read_tsc+0x10/0x10 [ 13.074650] ? ktime_get_ts64+0x86/0x230 [ 13.074686] kunit_try_run_case+0x1a5/0x480 [ 13.074711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.074746] ? queued_spin_lock_slowpath+0x116/0xb40 [ 13.074771] ? __kthread_parkme+0x82/0x180 [ 13.074791] ? preempt_count_sub+0x50/0x80 [ 13.074829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.074853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.074875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.074909] kthread+0x337/0x6f0 [ 13.074928] ? trace_preempt_on+0x20/0xc0 [ 13.074949] ? __pfx_kthread+0x10/0x10 [ 13.074981] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.075004] ? calculate_sigpending+0x7b/0xa0 [ 13.075028] ? __pfx_kthread+0x10/0x10 [ 13.075060] ret_from_fork+0x116/0x1d0 [ 13.075078] ? __pfx_kthread+0x10/0x10 [ 13.075109] ret_from_fork_asm+0x1a/0x30 [ 13.075150] </TASK> [ 13.075162] [ 13.083747] Allocated by task 213: [ 13.083927] kasan_save_stack+0x45/0x70 [ 13.084154] kasan_save_track+0x18/0x40 [ 13.084598] kasan_save_alloc_info+0x3b/0x50 [ 13.084808] __kasan_kmalloc+0xb7/0xc0 [ 13.085034] __kmalloc_cache_noprof+0x189/0x420 [ 13.085362] ksize_uaf+0xaa/0x6c0 [ 13.085518] kunit_try_run_case+0x1a5/0x480 [ 13.085742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.085982] kthread+0x337/0x6f0 [ 13.086163] ret_from_fork+0x116/0x1d0 [ 13.086424] ret_from_fork_asm+0x1a/0x30 [ 13.086633] [ 13.086705] Freed by task 213: [ 13.086829] kasan_save_stack+0x45/0x70 [ 13.086966] kasan_save_track+0x18/0x40 [ 13.087194] kasan_save_free_info+0x3f/0x60 [ 13.087457] __kasan_slab_free+0x56/0x70 [ 13.087835] kfree+0x222/0x3f0 [ 13.088005] ksize_uaf+0x12c/0x6c0 [ 13.088328] kunit_try_run_case+0x1a5/0x480 [ 13.088501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.088783] kthread+0x337/0x6f0 [ 13.088932] ret_from_fork+0x116/0x1d0 [ 13.089148] ret_from_fork_asm+0x1a/0x30 [ 13.089455] [ 13.089544] The buggy address belongs to the object at ffff888102af7a00 [ 13.089544] which belongs to the cache kmalloc-128 of size 128 [ 13.089976] The buggy address is located 0 bytes inside of [ 13.089976] freed 128-byte region [ffff888102af7a00, ffff888102af7a80) [ 13.090494] [ 13.090592] The buggy address belongs to the physical page: [ 13.090998] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102af7 [ 13.091394] flags: 0x200000000000000(node=0|zone=2) [ 13.091648] page_type: f5(slab) [ 13.091861] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.092274] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.092759] page dumped because: kasan: bad access detected [ 13.093007] [ 13.093103] Memory state around the buggy address: [ 13.093446] ffff888102af7900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.093765] ffff888102af7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.094017] >ffff888102af7a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.094336] ^ [ 13.094501] ffff888102af7a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.094909] ffff888102af7b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.095341] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 12.258788] ================================================================== [ 12.259408] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 12.259874] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/171 [ 12.260143] [ 12.260256] CPU: 1 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.260299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.260311] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.260331] Call Trace: [ 12.260343] <TASK> [ 12.260358] dump_stack_lvl+0x73/0xb0 [ 12.260387] print_report+0xd1/0x610 [ 12.260408] ? __virt_addr_valid+0x1db/0x2d0 [ 12.260430] ? page_alloc_uaf+0x356/0x3d0 [ 12.260451] ? kasan_addr_to_slab+0x11/0xa0 [ 12.260471] ? page_alloc_uaf+0x356/0x3d0 [ 12.260492] kasan_report+0x141/0x180 [ 12.260513] ? page_alloc_uaf+0x356/0x3d0 [ 12.260539] __asan_report_load1_noabort+0x18/0x20 [ 12.260562] page_alloc_uaf+0x356/0x3d0 [ 12.260583] ? __pfx_page_alloc_uaf+0x10/0x10 [ 12.260605] ? __schedule+0x10c6/0x2b60 [ 12.260627] ? __pfx_read_tsc+0x10/0x10 [ 12.260647] ? ktime_get_ts64+0x86/0x230 [ 12.260670] kunit_try_run_case+0x1a5/0x480 [ 12.260695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.260717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.260740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.260762] ? __kthread_parkme+0x82/0x180 [ 12.260782] ? preempt_count_sub+0x50/0x80 [ 12.260805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.260842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.260865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.260888] kthread+0x337/0x6f0 [ 12.260907] ? trace_preempt_on+0x20/0xc0 [ 12.260929] ? __pfx_kthread+0x10/0x10 [ 12.260949] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.260969] ? calculate_sigpending+0x7b/0xa0 [ 12.260992] ? __pfx_kthread+0x10/0x10 [ 12.261013] ret_from_fork+0x116/0x1d0 [ 12.261031] ? __pfx_kthread+0x10/0x10 [ 12.261051] ret_from_fork_asm+0x1a/0x30 [ 12.261080] </TASK> [ 12.261090] [ 12.268483] The buggy address belongs to the physical page: [ 12.268706] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00 [ 12.268979] flags: 0x200000000000000(node=0|zone=2) [ 12.269301] page_type: f0(buddy) [ 12.269483] raw: 0200000000000000 ffff88817fffc5c8 ffff88817fffc5c8 0000000000000000 [ 12.269831] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000 [ 12.270175] page dumped because: kasan: bad access detected [ 12.270536] [ 12.270612] Memory state around the buggy address: [ 12.270837] ffff8881039fff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.271277] ffff8881039fff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.271551] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.271882] ^ [ 12.272033] ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.272429] ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.272703] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-invalid-free-in-kfree
[ 12.237038] ================================================================== [ 12.237578] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 12.237880] Free of addr ffff88810294c001 by task kunit_try_catch/167 [ 12.238153] [ 12.238313] CPU: 0 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.238357] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.238369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.238389] Call Trace: [ 12.238401] <TASK> [ 12.238415] dump_stack_lvl+0x73/0xb0 [ 12.238444] print_report+0xd1/0x610 [ 12.238465] ? __virt_addr_valid+0x1db/0x2d0 [ 12.238487] ? kasan_addr_to_slab+0x11/0xa0 [ 12.238506] ? kfree+0x274/0x3f0 [ 12.238527] kasan_report_invalid_free+0x10a/0x130 [ 12.238551] ? kfree+0x274/0x3f0 [ 12.238573] ? kfree+0x274/0x3f0 [ 12.238593] __kasan_kfree_large+0x86/0xd0 [ 12.238613] free_large_kmalloc+0x4b/0x110 [ 12.238636] kfree+0x274/0x3f0 [ 12.238660] kmalloc_large_invalid_free+0x120/0x2b0 [ 12.238682] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 12.238705] ? __schedule+0x10c6/0x2b60 [ 12.238727] ? __pfx_read_tsc+0x10/0x10 [ 12.238746] ? ktime_get_ts64+0x86/0x230 [ 12.238770] kunit_try_run_case+0x1a5/0x480 [ 12.238794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.238828] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.238851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.238874] ? __kthread_parkme+0x82/0x180 [ 12.238894] ? preempt_count_sub+0x50/0x80 [ 12.238917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.238940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.238962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.238985] kthread+0x337/0x6f0 [ 12.239004] ? trace_preempt_on+0x20/0xc0 [ 12.239025] ? __pfx_kthread+0x10/0x10 [ 12.239046] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.239066] ? calculate_sigpending+0x7b/0xa0 [ 12.239089] ? __pfx_kthread+0x10/0x10 [ 12.239110] ret_from_fork+0x116/0x1d0 [ 12.239128] ? __pfx_kthread+0x10/0x10 [ 12.239148] ret_from_fork_asm+0x1a/0x30 [ 12.239177] </TASK> [ 12.239187] [ 12.246889] The buggy address belongs to the physical page: [ 12.247348] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c [ 12.247622] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.247865] flags: 0x200000000000040(head|node=0|zone=2) [ 12.248400] page_type: f8(unknown) [ 12.248599] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.248972] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.249319] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.249560] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.249794] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff [ 12.250375] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.250720] page dumped because: kasan: bad access detected [ 12.250969] [ 12.251041] Memory state around the buggy address: [ 12.251426] ffff88810294bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.251753] ffff88810294bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.252064] >ffff88810294c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.252520] ^ [ 12.252645] ffff88810294c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.252906] ffff88810294c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.253240] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 12.218861] ================================================================== [ 12.219349] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 12.219640] Read of size 1 at addr ffff888102b40000 by task kunit_try_catch/165 [ 12.220203] [ 12.220394] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.220440] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.220452] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.220474] Call Trace: [ 12.220486] <TASK> [ 12.220501] dump_stack_lvl+0x73/0xb0 [ 12.220531] print_report+0xd1/0x610 [ 12.220553] ? __virt_addr_valid+0x1db/0x2d0 [ 12.220575] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.220595] ? kasan_addr_to_slab+0x11/0xa0 [ 12.220614] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.220634] kasan_report+0x141/0x180 [ 12.220655] ? kmalloc_large_uaf+0x2f1/0x340 [ 12.220680] __asan_report_load1_noabort+0x18/0x20 [ 12.220703] kmalloc_large_uaf+0x2f1/0x340 [ 12.220723] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 12.220744] ? __schedule+0x10c6/0x2b60 [ 12.220766] ? __pfx_read_tsc+0x10/0x10 [ 12.220786] ? ktime_get_ts64+0x86/0x230 [ 12.220810] kunit_try_run_case+0x1a5/0x480 [ 12.220856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.220877] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.220900] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.220923] ? __kthread_parkme+0x82/0x180 [ 12.220942] ? preempt_count_sub+0x50/0x80 [ 12.220965] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.220988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.221010] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.221034] kthread+0x337/0x6f0 [ 12.221054] ? trace_preempt_on+0x20/0xc0 [ 12.221076] ? __pfx_kthread+0x10/0x10 [ 12.221096] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.221116] ? calculate_sigpending+0x7b/0xa0 [ 12.221140] ? __pfx_kthread+0x10/0x10 [ 12.221160] ret_from_fork+0x116/0x1d0 [ 12.221178] ? __pfx_kthread+0x10/0x10 [ 12.221198] ret_from_fork_asm+0x1a/0x30 [ 12.221245] </TASK> [ 12.221256] [ 12.228601] The buggy address belongs to the physical page: [ 12.228831] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b40 [ 12.229130] flags: 0x200000000000000(node=0|zone=2) [ 12.229311] raw: 0200000000000000 ffffea00040ad108 ffff88815b139f80 0000000000000000 [ 12.229601] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.229955] page dumped because: kasan: bad access detected [ 12.230206] [ 12.230300] Memory state around the buggy address: [ 12.230523] ffff888102b3ff00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.231071] ffff888102b3ff80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.231295] >ffff888102b40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.231653] ^ [ 12.231837] ffff888102b40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.232143] ffff888102b40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.232483] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 12.182690] ================================================================== [ 12.183157] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 12.183404] Write of size 1 at addr ffff88810294e00a by task kunit_try_catch/163 [ 12.183637] [ 12.183725] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.183768] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.183779] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.183800] Call Trace: [ 12.183825] <TASK> [ 12.183840] dump_stack_lvl+0x73/0xb0 [ 12.183867] print_report+0xd1/0x610 [ 12.183887] ? __virt_addr_valid+0x1db/0x2d0 [ 12.183908] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.183929] ? kasan_addr_to_slab+0x11/0xa0 [ 12.183948] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.183969] kasan_report+0x141/0x180 [ 12.183989] ? kmalloc_large_oob_right+0x2e9/0x330 [ 12.184014] __asan_report_store1_noabort+0x1b/0x30 [ 12.184037] kmalloc_large_oob_right+0x2e9/0x330 [ 12.184058] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 12.184080] ? __schedule+0x10c6/0x2b60 [ 12.184102] ? __pfx_read_tsc+0x10/0x10 [ 12.184121] ? ktime_get_ts64+0x86/0x230 [ 12.184143] kunit_try_run_case+0x1a5/0x480 [ 12.184167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.184188] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.184210] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.184232] ? __kthread_parkme+0x82/0x180 [ 12.184251] ? preempt_count_sub+0x50/0x80 [ 12.184273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.184296] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.184318] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.184340] kthread+0x337/0x6f0 [ 12.184358] ? trace_preempt_on+0x20/0xc0 [ 12.184379] ? __pfx_kthread+0x10/0x10 [ 12.184398] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.184418] ? calculate_sigpending+0x7b/0xa0 [ 12.184440] ? __pfx_kthread+0x10/0x10 [ 12.184460] ret_from_fork+0x116/0x1d0 [ 12.184477] ? __pfx_kthread+0x10/0x10 [ 12.184497] ret_from_fork_asm+0x1a/0x30 [ 12.184526] </TASK> [ 12.184536] [ 12.203201] The buggy address belongs to the physical page: [ 12.203914] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10294c [ 12.204953] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.205680] flags: 0x200000000000040(head|node=0|zone=2) [ 12.206331] page_type: f8(unknown) [ 12.206704] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.206957] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.207227] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.208078] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.208867] head: 0200000000000002 ffffea00040a5301 00000000ffffffff 00000000ffffffff [ 12.209109] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.210030] page dumped because: kasan: bad access detected [ 12.210744] [ 12.210926] Memory state around the buggy address: [ 12.211601] ffff88810294df00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.211909] ffff88810294df80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.212176] >ffff88810294e000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.212951] ^ [ 12.213363] ffff88810294e080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.214096] ffff88810294e100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.214763] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 12.155596] ================================================================== [ 12.156304] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 12.156759] Write of size 1 at addr ffff888102b8df00 by task kunit_try_catch/161 [ 12.157209] [ 12.157602] CPU: 1 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.157651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.157663] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.157684] Call Trace: [ 12.157697] <TASK> [ 12.157714] dump_stack_lvl+0x73/0xb0 [ 12.157746] print_report+0xd1/0x610 [ 12.157768] ? __virt_addr_valid+0x1db/0x2d0 [ 12.157792] ? kmalloc_big_oob_right+0x316/0x370 [ 12.157824] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.157846] ? kmalloc_big_oob_right+0x316/0x370 [ 12.157868] kasan_report+0x141/0x180 [ 12.157889] ? kmalloc_big_oob_right+0x316/0x370 [ 12.157915] __asan_report_store1_noabort+0x1b/0x30 [ 12.157938] kmalloc_big_oob_right+0x316/0x370 [ 12.157960] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 12.157982] ? __schedule+0x10c6/0x2b60 [ 12.158005] ? __pfx_read_tsc+0x10/0x10 [ 12.158026] ? ktime_get_ts64+0x86/0x230 [ 12.158051] kunit_try_run_case+0x1a5/0x480 [ 12.158075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.158210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.158236] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.158259] ? __kthread_parkme+0x82/0x180 [ 12.158279] ? preempt_count_sub+0x50/0x80 [ 12.158303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.158326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.158349] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.158373] kthread+0x337/0x6f0 [ 12.158392] ? trace_preempt_on+0x20/0xc0 [ 12.158415] ? __pfx_kthread+0x10/0x10 [ 12.158435] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.158456] ? calculate_sigpending+0x7b/0xa0 [ 12.158480] ? __pfx_kthread+0x10/0x10 [ 12.158501] ret_from_fork+0x116/0x1d0 [ 12.158519] ? __pfx_kthread+0x10/0x10 [ 12.158539] ret_from_fork_asm+0x1a/0x30 [ 12.158568] </TASK> [ 12.158578] [ 12.168729] Allocated by task 161: [ 12.168913] kasan_save_stack+0x45/0x70 [ 12.169091] kasan_save_track+0x18/0x40 [ 12.169609] kasan_save_alloc_info+0x3b/0x50 [ 12.169897] __kasan_kmalloc+0xb7/0xc0 [ 12.170183] __kmalloc_cache_noprof+0x189/0x420 [ 12.170496] kmalloc_big_oob_right+0xa9/0x370 [ 12.170822] kunit_try_run_case+0x1a5/0x480 [ 12.171105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.171442] kthread+0x337/0x6f0 [ 12.171590] ret_from_fork+0x116/0x1d0 [ 12.171926] ret_from_fork_asm+0x1a/0x30 [ 12.172278] [ 12.172483] The buggy address belongs to the object at ffff888102b8c000 [ 12.172483] which belongs to the cache kmalloc-8k of size 8192 [ 12.173040] The buggy address is located 0 bytes to the right of [ 12.173040] allocated 7936-byte region [ffff888102b8c000, ffff888102b8df00) [ 12.173617] [ 12.173718] The buggy address belongs to the physical page: [ 12.174015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b88 [ 12.174415] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.174789] flags: 0x200000000000040(head|node=0|zone=2) [ 12.175052] page_type: f5(slab) [ 12.175255] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.175603] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.175984] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 12.176367] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 12.176718] head: 0200000000000003 ffffea00040ae201 00000000ffffffff 00000000ffffffff [ 12.177066] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.177436] page dumped because: kasan: bad access detected [ 12.177718] [ 12.177821] Memory state around the buggy address: [ 12.178061] ffff888102b8de00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.178345] ffff888102b8de80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.178654] >ffff888102b8df00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.178978] ^ [ 12.179162] ffff888102b8df80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.179414] ffff888102b8e000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.179686] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 12.102288] ================================================================== [ 12.102706] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.103539] Write of size 1 at addr ffff8881025bdd78 by task kunit_try_catch/159 [ 12.104922] [ 12.105412] CPU: 1 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.105463] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.105475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.105496] Call Trace: [ 12.105519] <TASK> [ 12.105534] dump_stack_lvl+0x73/0xb0 [ 12.105564] print_report+0xd1/0x610 [ 12.105585] ? __virt_addr_valid+0x1db/0x2d0 [ 12.105606] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.105630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.105651] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.105675] kasan_report+0x141/0x180 [ 12.105696] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.105724] __asan_report_store1_noabort+0x1b/0x30 [ 12.105748] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 12.105771] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 12.105796] ? __schedule+0x10c6/0x2b60 [ 12.105827] ? __pfx_read_tsc+0x10/0x10 [ 12.105847] ? ktime_get_ts64+0x86/0x230 [ 12.105869] kunit_try_run_case+0x1a5/0x480 [ 12.105894] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.105916] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.105938] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.105961] ? __kthread_parkme+0x82/0x180 [ 12.105980] ? preempt_count_sub+0x50/0x80 [ 12.106003] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.106026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.106048] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.106070] kthread+0x337/0x6f0 [ 12.106232] ? trace_preempt_on+0x20/0xc0 [ 12.106406] ? __pfx_kthread+0x10/0x10 [ 12.106427] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.106448] ? calculate_sigpending+0x7b/0xa0 [ 12.106471] ? __pfx_kthread+0x10/0x10 [ 12.106492] ret_from_fork+0x116/0x1d0 [ 12.106510] ? __pfx_kthread+0x10/0x10 [ 12.106529] ret_from_fork_asm+0x1a/0x30 [ 12.106558] </TASK> [ 12.106569] [ 12.120547] Allocated by task 159: [ 12.120936] kasan_save_stack+0x45/0x70 [ 12.121253] kasan_save_track+0x18/0x40 [ 12.121648] kasan_save_alloc_info+0x3b/0x50 [ 12.122013] __kasan_kmalloc+0xb7/0xc0 [ 12.122440] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 12.122790] kmalloc_track_caller_oob_right+0x99/0x520 [ 12.123154] kunit_try_run_case+0x1a5/0x480 [ 12.123659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.124041] kthread+0x337/0x6f0 [ 12.124397] ret_from_fork+0x116/0x1d0 [ 12.124896] ret_from_fork_asm+0x1a/0x30 [ 12.125078] [ 12.125384] The buggy address belongs to the object at ffff8881025bdd00 [ 12.125384] which belongs to the cache kmalloc-128 of size 128 [ 12.126191] The buggy address is located 0 bytes to the right of [ 12.126191] allocated 120-byte region [ffff8881025bdd00, ffff8881025bdd78) [ 12.127026] [ 12.127240] The buggy address belongs to the physical page: [ 12.127732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1025bd [ 12.128067] flags: 0x200000000000000(node=0|zone=2) [ 12.128452] page_type: f5(slab) [ 12.128633] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.128973] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.129722] page dumped because: kasan: bad access detected [ 12.130257] [ 12.130439] Memory state around the buggy address: [ 12.130707] ffff8881025bdc00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.131317] ffff8881025bdc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.131714] >ffff8881025bdd00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 12.132092] ^ [ 12.132647] ffff8881025bdd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.133075] ffff8881025bde00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.133625] ==================================================================
Failure - log-parser-boot/kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 12.070254] ================================================================== [ 12.070849] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 12.071291] Read of size 1 at addr ffff888102903000 by task kunit_try_catch/157 [ 12.071531] [ 12.071651] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 12.071693] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.071704] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.071725] Call Trace: [ 12.071736] <TASK> [ 12.071749] dump_stack_lvl+0x73/0xb0 [ 12.071778] print_report+0xd1/0x610 [ 12.071799] ? __virt_addr_valid+0x1db/0x2d0 [ 12.071835] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.071858] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.071879] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.071902] kasan_report+0x141/0x180 [ 12.071924] ? kmalloc_node_oob_right+0x369/0x3c0 [ 12.071951] __asan_report_load1_noabort+0x18/0x20 [ 12.071974] kmalloc_node_oob_right+0x369/0x3c0 [ 12.071998] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 12.072021] ? __schedule+0x10c6/0x2b60 [ 12.072043] ? __pfx_read_tsc+0x10/0x10 [ 12.072063] ? ktime_get_ts64+0x86/0x230 [ 12.072087] kunit_try_run_case+0x1a5/0x480 [ 12.072111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.072133] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.072156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.072178] ? __kthread_parkme+0x82/0x180 [ 12.072198] ? preempt_count_sub+0x50/0x80 [ 12.072236] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.072260] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.072282] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.072305] kthread+0x337/0x6f0 [ 12.072324] ? trace_preempt_on+0x20/0xc0 [ 12.072346] ? __pfx_kthread+0x10/0x10 [ 12.072366] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.072387] ? calculate_sigpending+0x7b/0xa0 [ 12.072410] ? __pfx_kthread+0x10/0x10 [ 12.072430] ret_from_fork+0x116/0x1d0 [ 12.072448] ? __pfx_kthread+0x10/0x10 [ 12.072468] ret_from_fork_asm+0x1a/0x30 [ 12.072497] </TASK> [ 12.072507] [ 12.083462] Allocated by task 157: [ 12.083611] kasan_save_stack+0x45/0x70 [ 12.084014] kasan_save_track+0x18/0x40 [ 12.084364] kasan_save_alloc_info+0x3b/0x50 [ 12.084725] __kasan_kmalloc+0xb7/0xc0 [ 12.085021] __kmalloc_cache_node_noprof+0x188/0x420 [ 12.085240] kmalloc_node_oob_right+0xab/0x3c0 [ 12.085717] kunit_try_run_case+0x1a5/0x480 [ 12.085919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.086483] kthread+0x337/0x6f0 [ 12.086755] ret_from_fork+0x116/0x1d0 [ 12.086942] ret_from_fork_asm+0x1a/0x30 [ 12.087379] [ 12.087578] The buggy address belongs to the object at ffff888102902000 [ 12.087578] which belongs to the cache kmalloc-4k of size 4096 [ 12.088114] The buggy address is located 0 bytes to the right of [ 12.088114] allocated 4096-byte region [ffff888102902000, ffff888102903000) [ 12.088503] [ 12.088580] The buggy address belongs to the physical page: [ 12.088832] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102900 [ 12.089367] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.089989] flags: 0x200000000000040(head|node=0|zone=2) [ 12.090653] page_type: f5(slab) [ 12.091071] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.091752] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.092232] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 12.092875] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 12.093236] head: 0200000000000003 ffffea00040a4001 00000000ffffffff 00000000ffffffff [ 12.094027] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 12.094949] page dumped because: kasan: bad access detected [ 12.095329] [ 12.095580] Memory state around the buggy address: [ 12.096071] ffff888102902f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.096547] ffff888102902f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.097275] >ffff888102903000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.097761] ^ [ 12.097894] ffff888102903080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.098120] ffff888102903100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.098335] ==================================================================
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 145.242680] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 145.242779] WARNING: CPU: 0 PID: 2568 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 145.244432] Modules linked in: [ 145.244852] CPU: 0 UID: 0 PID: 2568 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.245522] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.245859] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.246501] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 145.246730] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 ad 1d 80 00 48 c7 c1 20 8c 9e 91 4c 89 f2 48 c7 c7 e0 88 9e 91 48 89 c6 e8 b4 a7 77 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 145.247769] RSP: 0000:ffff888100a2fd18 EFLAGS: 00010286 [ 145.248011] RAX: 0000000000000000 RBX: ffff888107a24000 RCX: 1ffffffff24e4cf0 [ 145.248630] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 145.249005] RBP: ffff888100a2fd48 R08: 0000000000000000 R09: fffffbfff24e4cf0 [ 145.249432] R10: 0000000000000003 R11: 00000000000386b8 R12: ffff888102db5000 [ 145.249873] R13: ffff888107a240f8 R14: ffff888108421e80 R15: ffff88810039fb40 [ 145.250331] FS: 0000000000000000(0000) GS:ffff8881c7672000(0000) knlGS:0000000000000000 [ 145.250644] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.250881] CR2: 00007ffff7ffe000 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.251182] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52442 [ 145.251895] DR3: ffffffff93a52443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.252444] Call Trace: [ 145.252685] <TASK> [ 145.252879] ? trace_preempt_on+0x20/0xc0 [ 145.253190] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 145.253541] drm_gem_shmem_free_wrapper+0x12/0x20 [ 145.253775] __kunit_action_free+0x57/0x70 [ 145.253968] kunit_remove_resource+0x133/0x200 [ 145.254193] ? preempt_count_sub+0x50/0x80 [ 145.254723] kunit_cleanup+0x7a/0x120 [ 145.254890] kunit_try_run_case_cleanup+0xbd/0xf0 [ 145.255476] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 145.255882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.256153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.256659] kthread+0x337/0x6f0 [ 145.256926] ? trace_preempt_on+0x20/0xc0 [ 145.257146] ? __pfx_kthread+0x10/0x10 [ 145.257500] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.257721] ? calculate_sigpending+0x7b/0xa0 [ 145.257933] ? __pfx_kthread+0x10/0x10 [ 145.258119] ret_from_fork+0x116/0x1d0 [ 145.258636] ? __pfx_kthread+0x10/0x10 [ 145.258806] ret_from_fork_asm+0x1a/0x30 [ 145.259114] </TASK> [ 145.259271] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 145.104414] WARNING: CPU: 0 PID: 2549 at drivers/gpu/drm/drm_framebuffer.c:869 drm_framebuffer_init+0x49/0x8d0 [ 145.105040] Modules linked in: [ 145.105312] CPU: 0 UID: 0 PID: 2549 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.106543] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.107101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.107896] RIP: 0010:drm_framebuffer_init+0x49/0x8d0 [ 145.108097] Code: 89 e5 41 57 41 56 41 55 41 54 53 48 89 f3 48 83 ec 28 80 3c 11 00 48 89 7d c8 0f 85 1c 07 00 00 48 8b 75 c8 48 39 33 74 20 90 <0f> 0b 90 41 bf ea ff ff ff 48 83 c4 28 44 89 f8 5b 41 5c 41 5d 41 [ 145.109991] RSP: 0000:ffff888102cd7b20 EFLAGS: 00010246 [ 145.110244] RAX: ffff888102cd7ba8 RBX: ffff888102cd7c28 RCX: 1ffff1102059af8e [ 145.111160] RDX: dffffc0000000000 RSI: ffff88810303d000 RDI: ffff88810303d000 [ 145.111879] RBP: ffff888102cd7b70 R08: ffff88810303d000 R09: ffffffff919d8f60 [ 145.112118] R10: 0000000000000003 R11: 000000004bdcfc70 R12: 1ffff1102059af71 [ 145.112902] R13: ffff888102cd7c70 R14: ffff888102cd7db8 R15: 0000000000000000 [ 145.113766] FS: 0000000000000000(0000) GS:ffff8881c7672000(0000) knlGS:0000000000000000 [ 145.114418] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.114865] CR2: 00007ffff7ffe000 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.115088] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52442 [ 145.115722] DR3: ffffffff93a52443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.116472] Call Trace: [ 145.116770] <TASK> [ 145.117081] ? trace_preempt_on+0x20/0xc0 [ 145.117563] ? add_dr+0xc1/0x1d0 [ 145.117714] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 145.117909] ? add_dr+0x148/0x1d0 [ 145.118058] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 145.118558] ? __drmm_add_action+0x1a4/0x280 [ 145.118886] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.119432] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.119850] ? __drmm_add_action_or_reset+0x22/0x50 [ 145.120053] ? __schedule+0x10c6/0x2b60 [ 145.120600] ? __pfx_read_tsc+0x10/0x10 [ 145.120964] ? ktime_get_ts64+0x86/0x230 [ 145.121136] kunit_try_run_case+0x1a5/0x480 [ 145.121710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.122175] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.122658] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.122839] ? __kthread_parkme+0x82/0x180 [ 145.122991] ? preempt_count_sub+0x50/0x80 [ 145.123156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.123717] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.124373] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.124987] kthread+0x337/0x6f0 [ 145.125502] ? trace_preempt_on+0x20/0xc0 [ 145.125903] ? __pfx_kthread+0x10/0x10 [ 145.126220] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.126570] ? calculate_sigpending+0x7b/0xa0 [ 145.126990] ? __pfx_kthread+0x10/0x10 [ 145.127148] ret_from_fork+0x116/0x1d0 [ 145.127557] ? __pfx_kthread+0x10/0x10 [ 145.127957] ret_from_fork_asm+0x1a/0x30 [ 145.128488] </TASK> [ 145.128633] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 145.070240] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 145.070367] WARNING: CPU: 1 PID: 2545 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 145.071004] Modules linked in: [ 145.071178] CPU: 1 UID: 0 PID: 2545 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 145.072831] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 145.073871] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 145.074589] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 145.074964] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 2b 44 87 00 48 c7 c1 00 3a 9d 91 4c 89 fa 48 c7 c7 60 3a 9d 91 48 89 c6 e8 32 ce 7e fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 145.075897] RSP: 0000:ffff888102db7b68 EFLAGS: 00010282 [ 145.076277] RAX: 0000000000000000 RBX: ffff888102db7c40 RCX: 1ffffffff24e4cf0 [ 145.076764] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 145.077091] RBP: ffff888102db7b90 R08: 0000000000000000 R09: fffffbfff24e4cf0 [ 145.077579] R10: 0000000000000003 R11: 0000000000036d18 R12: ffff888102db7c18 [ 145.078006] R13: ffff88810306f000 R14: ffff888102d49000 R15: ffff888106f88280 [ 145.078318] FS: 0000000000000000(0000) GS:ffff8881c7772000(0000) knlGS:0000000000000000 [ 145.078929] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 145.079347] CR2: ffffffffffffffff CR3: 00000001596bc000 CR4: 00000000000006f0 [ 145.079747] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52443 [ 145.080180] DR3: ffffffff93a52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 145.080568] Call Trace: [ 145.080707] <TASK> [ 145.080854] drm_test_framebuffer_free+0x1ab/0x610 [ 145.081113] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 145.081745] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.082038] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 145.082700] ? __drmm_add_action_or_reset+0x22/0x50 [ 145.082907] ? __schedule+0x10c6/0x2b60 [ 145.083333] ? __pfx_read_tsc+0x10/0x10 [ 145.083657] ? ktime_get_ts64+0x86/0x230 [ 145.083932] kunit_try_run_case+0x1a5/0x480 [ 145.084131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.084617] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 145.084834] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 145.085072] ? __kthread_parkme+0x82/0x180 [ 145.085477] ? preempt_count_sub+0x50/0x80 [ 145.085815] ? __pfx_kunit_try_run_case+0x10/0x10 [ 145.086160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 145.086635] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 145.086893] kthread+0x337/0x6f0 [ 145.087061] ? trace_preempt_on+0x20/0xc0 [ 145.087449] ? __pfx_kthread+0x10/0x10 [ 145.087614] ? _raw_spin_unlock_irq+0x47/0x80 [ 145.087831] ? calculate_sigpending+0x7b/0xa0 [ 145.088063] ? __pfx_kthread+0x10/0x10 [ 145.088232] ret_from_fork+0x116/0x1d0 [ 145.088896] ? __pfx_kthread+0x10/0x10 [ 145.089080] ret_from_fork_asm+0x1a/0x30 [ 145.089563] </TASK> [ 145.089837] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 143.766895] WARNING: CPU: 0 PID: 1975 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 143.767358] Modules linked in: [ 143.767524] CPU: 0 UID: 0 PID: 1975 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 143.767846] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 143.768020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 143.769473] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 143.770421] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 36 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 143.772648] RSP: 0000:ffff88810a077c90 EFLAGS: 00010246 [ 143.773480] RAX: dffffc0000000000 RBX: ffff888109e16000 RCX: 0000000000000000 [ 143.774074] RDX: 1ffff110213c2c32 RSI: ffffffff8ec07878 RDI: ffff888109e16190 [ 143.774305] RBP: ffff88810a077ca0 R08: 1ffff11020073f69 R09: ffffed102140ef65 [ 143.774516] R10: 0000000000000003 R11: ffffffff8e185968 R12: 0000000000000000 [ 143.774721] R13: ffff88810a077d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 143.774927] FS: 0000000000000000(0000) GS:ffff8881c7672000(0000) knlGS:0000000000000000 [ 143.776344] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.776702] CR2: 00007ffff7ffe000 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 143.777174] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52442 [ 143.777714] DR3: ffffffff93a52443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 143.777998] Call Trace: [ 143.778142] <TASK> [ 143.778761] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 143.779378] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 143.779813] ? __schedule+0x10c6/0x2b60 [ 143.780429] ? __pfx_read_tsc+0x10/0x10 [ 143.780648] ? ktime_get_ts64+0x86/0x230 [ 143.780851] kunit_try_run_case+0x1a5/0x480 [ 143.781061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.781322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 143.781662] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 143.781834] ? __kthread_parkme+0x82/0x180 [ 143.782059] ? preempt_count_sub+0x50/0x80 [ 143.782354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.782536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 143.782799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 143.783155] kthread+0x337/0x6f0 [ 143.783488] ? trace_preempt_on+0x20/0xc0 [ 143.783708] ? __pfx_kthread+0x10/0x10 [ 143.783874] ? _raw_spin_unlock_irq+0x47/0x80 [ 143.784101] ? calculate_sigpending+0x7b/0xa0 [ 143.784364] ? __pfx_kthread+0x10/0x10 [ 143.784554] ret_from_fork+0x116/0x1d0 [ 143.784754] ? __pfx_kthread+0x10/0x10 [ 143.784979] ret_from_fork_asm+0x1a/0x30 [ 143.785249] </TASK> [ 143.785396] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 143.846753] WARNING: CPU: 1 PID: 1983 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 143.847303] Modules linked in: [ 143.847543] CPU: 1 UID: 0 PID: 1983 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 143.847999] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 143.848260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 143.848829] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 143.849580] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d e9 02 36 26 02 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d c3 cc cc cc cc 48 89 df e8 68 [ 143.850559] RSP: 0000:ffff888109217c90 EFLAGS: 00010246 [ 143.850901] RAX: dffffc0000000000 RBX: ffff888101b5a000 RCX: 0000000000000000 [ 143.851301] RDX: 1ffff1102036b432 RSI: ffffffff8ec07878 RDI: ffff888101b5a190 [ 143.851686] RBP: ffff888109217ca0 R08: 1ffff11020073f69 R09: ffffed1021242f65 [ 143.851961] R10: 0000000000000003 R11: ffffffff8e185968 R12: 0000000000000000 [ 143.852330] R13: ffff888109217d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 143.852749] FS: 0000000000000000(0000) GS:ffff8881c7772000(0000) knlGS:0000000000000000 [ 143.853125] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 143.853518] CR2: ffffffffffffffff CR3: 00000001596bc000 CR4: 00000000000006f0 [ 143.853810] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52443 [ 143.854084] DR3: ffffffff93a52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 143.854706] Call Trace: [ 143.854843] <TASK> [ 143.855022] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 143.855372] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 143.855908] ? __schedule+0x10c6/0x2b60 [ 143.856123] ? __pfx_read_tsc+0x10/0x10 [ 143.856663] ? ktime_get_ts64+0x86/0x230 [ 143.856886] kunit_try_run_case+0x1a5/0x480 [ 143.857108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.857469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 143.857948] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 143.859093] ? __kthread_parkme+0x82/0x180 [ 143.859340] ? preempt_count_sub+0x50/0x80 [ 143.859509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 143.859677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 143.859858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 143.860064] kthread+0x337/0x6f0 [ 143.860697] ? trace_preempt_on+0x20/0xc0 [ 143.861404] ? __pfx_kthread+0x10/0x10 [ 143.861861] ? _raw_spin_unlock_irq+0x47/0x80 [ 143.862048] ? calculate_sigpending+0x7b/0xa0 [ 143.862584] ? __pfx_kthread+0x10/0x10 [ 143.863031] ret_from_fork+0x116/0x1d0 [ 143.863716] ? __pfx_kthread+0x10/0x10 [ 143.864360] ret_from_fork_asm+0x1a/0x30 [ 143.864571] </TASK> [ 143.864689] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 113.630782] WARNING: CPU: 1 PID: 673 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 113.631101] Modules linked in: [ 113.631853] CPU: 1 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 113.632450] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 113.632843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 113.633568] RIP: 0010:intlog10+0x2a/0x40 [ 113.634025] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 87 b9 86 02 90 <0f> 0b 90 31 c0 e9 7c b9 86 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 113.635101] RSP: 0000:ffff88810463fcb0 EFLAGS: 00010246 [ 113.635332] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110208c7fb4 [ 113.636417] RDX: 1ffffffff2312dec RSI: 1ffff110208c7fb3 RDI: 0000000000000000 [ 113.636787] RBP: ffff88810463fd60 R08: 0000000000000000 R09: ffffed102034d0c0 [ 113.637099] R10: ffff888101a68607 R11: 0000000000000000 R12: 1ffff110208c7f97 [ 113.637666] R13: ffffffff91896f60 R14: 0000000000000000 R15: ffff88810463fd38 [ 113.638099] FS: 0000000000000000(0000) GS:ffff8881c7772000(0000) knlGS:0000000000000000 [ 113.638771] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.639506] CR2: ffff888153f26fe0 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 113.639825] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52443 [ 113.640144] DR3: ffffffff93a52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 113.640756] Call Trace: [ 113.640892] <TASK> [ 113.641210] ? intlog10_test+0xf2/0x220 [ 113.641608] ? __pfx_intlog10_test+0x10/0x10 [ 113.641814] ? __schedule+0x10c6/0x2b60 [ 113.642017] ? __pfx_read_tsc+0x10/0x10 [ 113.642590] ? ktime_get_ts64+0x86/0x230 [ 113.642793] kunit_try_run_case+0x1a5/0x480 [ 113.643176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.643633] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 113.643988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 113.644639] ? __kthread_parkme+0x82/0x180 [ 113.644854] ? preempt_count_sub+0x50/0x80 [ 113.645340] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.645574] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 113.645822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 113.646062] kthread+0x337/0x6f0 [ 113.646238] ? trace_preempt_on+0x20/0xc0 [ 113.646878] ? __pfx_kthread+0x10/0x10 [ 113.647047] ? _raw_spin_unlock_irq+0x47/0x80 [ 113.647629] ? calculate_sigpending+0x7b/0xa0 [ 113.647951] ? __pfx_kthread+0x10/0x10 [ 113.648129] ret_from_fork+0x116/0x1d0 [ 113.648370] ? __pfx_kthread+0x10/0x10 [ 113.648923] ret_from_fork_asm+0x1a/0x30 [ 113.649132] </TASK> [ 113.649632] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 113.590255] WARNING: CPU: 1 PID: 655 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 113.590925] Modules linked in: [ 113.591418] CPU: 1 UID: 0 PID: 655 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc7 #1 PREEMPT(voluntary) [ 113.591895] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 113.592129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 113.592840] RIP: 0010:intlog2+0xdf/0x110 [ 113.593299] Code: 89 91 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 5f c7 55 ff 8b 45 e4 eb [ 113.594330] RSP: 0000:ffff888103fbfcb0 EFLAGS: 00010246 [ 113.594742] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110207f7fb4 [ 113.595167] RDX: 1ffffffff2312e40 RSI: 1ffff110207f7fb3 RDI: 0000000000000000 [ 113.595688] RBP: ffff888103fbfd60 R08: 0000000000000000 R09: ffffed102111a460 [ 113.595994] R10: ffff8881088d2307 R11: 0000000000000000 R12: 1ffff110207f7f97 [ 113.596738] R13: ffffffff91897200 R14: 0000000000000000 R15: ffff888103fbfd38 [ 113.597134] FS: 0000000000000000(0000) GS:ffff8881c7772000(0000) knlGS:0000000000000000 [ 113.597706] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 113.598088] CR2: ffff888153f26fe0 CR3: 00000001596bc000 CR4: 00000000000006f0 [ 113.598712] DR0: ffffffff93a52440 DR1: ffffffff93a52441 DR2: ffffffff93a52443 [ 113.599139] DR3: ffffffff93a52445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 113.599666] Call Trace: [ 113.599944] <TASK> [ 113.600206] ? intlog2_test+0xf2/0x220 [ 113.600671] ? __pfx_intlog2_test+0x10/0x10 [ 113.601128] ? __schedule+0x10c6/0x2b60 [ 113.601685] ? __pfx_read_tsc+0x10/0x10 [ 113.601892] ? ktime_get_ts64+0x86/0x230 [ 113.602226] kunit_try_run_case+0x1a5/0x480 [ 113.602674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.603046] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 113.603518] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 113.603905] ? __kthread_parkme+0x82/0x180 [ 113.604452] ? preempt_count_sub+0x50/0x80 [ 113.604698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 113.605014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 113.605460] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 113.605832] kthread+0x337/0x6f0 [ 113.606137] ? trace_preempt_on+0x20/0xc0 [ 113.606511] ? __pfx_kthread+0x10/0x10 [ 113.606844] ? _raw_spin_unlock_irq+0x47/0x80 [ 113.607062] ? calculate_sigpending+0x7b/0xa0 [ 113.607571] ? __pfx_kthread+0x10/0x10 [ 113.607764] ret_from_fork+0x116/0x1d0 [ 113.608117] ? __pfx_kthread+0x10/0x10 [ 113.608760] ret_from_fork_asm+0x1a/0x30 [ 113.609015] </TASK> [ 113.609374] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot/oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
KNOWN ISSUE - qemu-x86_64: Oops: general protection fault, probably for non-canonical address - KASAN: null-ptr-deref - kunit_test_null_dereference
[ 113.016237] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI