Date
May 13, 2025, 12:07 p.m.
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.068411] ================================================================== [ 11.068853] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.069182] Write of size 16 at addr ffff888101d83600 by task kunit_try_catch/183 [ 11.069560] [ 11.069668] CPU: 0 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.069717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.069728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.069749] Call Trace: [ 11.069761] <TASK> [ 11.069777] dump_stack_lvl+0x73/0xb0 [ 11.069804] print_report+0xd1/0x650 [ 11.069850] ? __virt_addr_valid+0x1db/0x2d0 [ 11.069873] ? kmalloc_oob_16+0x452/0x4a0 [ 11.069893] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.069914] ? kmalloc_oob_16+0x452/0x4a0 [ 11.069935] kasan_report+0x141/0x180 [ 11.069958] ? kmalloc_oob_16+0x452/0x4a0 [ 11.069984] __asan_report_store16_noabort+0x1b/0x30 [ 11.070024] kmalloc_oob_16+0x452/0x4a0 [ 11.070045] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.070067] ? __schedule+0x10cc/0x2b60 [ 11.070088] ? __pfx_read_tsc+0x10/0x10 [ 11.070108] ? ktime_get_ts64+0x86/0x230 [ 11.070133] kunit_try_run_case+0x1a5/0x480 [ 11.070156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.070192] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.070233] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.070256] ? __kthread_parkme+0x82/0x180 [ 11.070277] ? preempt_count_sub+0x50/0x80 [ 11.070300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.070323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.070345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.070367] kthread+0x337/0x6f0 [ 11.070387] ? trace_preempt_on+0x20/0xc0 [ 11.070411] ? __pfx_kthread+0x10/0x10 [ 11.070431] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.070451] ? calculate_sigpending+0x7b/0xa0 [ 11.070480] ? __pfx_kthread+0x10/0x10 [ 11.070501] ret_from_fork+0x116/0x1d0 [ 11.070519] ? __pfx_kthread+0x10/0x10 [ 11.070630] ret_from_fork_asm+0x1a/0x30 [ 11.070662] </TASK> [ 11.070674] [ 11.079829] Allocated by task 183: [ 11.079989] kasan_save_stack+0x45/0x70 [ 11.080161] kasan_save_track+0x18/0x40 [ 11.080479] kasan_save_alloc_info+0x3b/0x50 [ 11.080739] __kasan_kmalloc+0xb7/0xc0 [ 11.081151] __kmalloc_cache_noprof+0x189/0x420 [ 11.081444] kmalloc_oob_16+0xa8/0x4a0 [ 11.081748] kunit_try_run_case+0x1a5/0x480 [ 11.082047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.082305] kthread+0x337/0x6f0 [ 11.082469] ret_from_fork+0x116/0x1d0 [ 11.082664] ret_from_fork_asm+0x1a/0x30 [ 11.083110] [ 11.083230] The buggy address belongs to the object at ffff888101d83600 [ 11.083230] which belongs to the cache kmalloc-16 of size 16 [ 11.083946] The buggy address is located 0 bytes inside of [ 11.083946] allocated 13-byte region [ffff888101d83600, ffff888101d8360d) [ 11.084740] [ 11.084900] The buggy address belongs to the physical page: [ 11.085139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 11.085807] flags: 0x200000000000000(node=0|zone=2) [ 11.086092] page_type: f5(slab) [ 11.086268] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.086808] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.087201] page dumped because: kasan: bad access detected [ 11.087510] [ 11.087661] Memory state around the buggy address: [ 11.087827] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.088286] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 11.088671] >ffff888101d83600: 00 05 fc fc 00 00 fc fc fc fc fc fc fc fc fc fc [ 11.088983] ^ [ 11.089144] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.089711] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.090119] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.042246] ================================================================== [ 11.042668] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.042963] Read of size 1 at addr ffff888100356c00 by task kunit_try_catch/181 [ 11.043354] [ 11.043450] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.043526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.043539] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.043558] Call Trace: [ 11.043569] <TASK> [ 11.043583] dump_stack_lvl+0x73/0xb0 [ 11.043611] print_report+0xd1/0x650 [ 11.043644] ? __virt_addr_valid+0x1db/0x2d0 [ 11.043666] ? krealloc_uaf+0x53c/0x5e0 [ 11.043687] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.043744] ? krealloc_uaf+0x53c/0x5e0 [ 11.043766] kasan_report+0x141/0x180 [ 11.043788] ? krealloc_uaf+0x53c/0x5e0 [ 11.043815] __asan_report_load1_noabort+0x18/0x20 [ 11.043835] krealloc_uaf+0x53c/0x5e0 [ 11.043856] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.043907] ? finish_task_switch.isra.0+0x153/0x700 [ 11.043947] ? __switch_to+0x47/0xf50 [ 11.043973] ? __schedule+0x10cc/0x2b60 [ 11.043995] ? __pfx_read_tsc+0x10/0x10 [ 11.044014] ? ktime_get_ts64+0x86/0x230 [ 11.044038] kunit_try_run_case+0x1a5/0x480 [ 11.044061] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.044083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.044105] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.044126] ? __kthread_parkme+0x82/0x180 [ 11.044146] ? preempt_count_sub+0x50/0x80 [ 11.044168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.044224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.044264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.044287] kthread+0x337/0x6f0 [ 11.044306] ? trace_preempt_on+0x20/0xc0 [ 11.044329] ? __pfx_kthread+0x10/0x10 [ 11.044349] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.044369] ? calculate_sigpending+0x7b/0xa0 [ 11.044392] ? __pfx_kthread+0x10/0x10 [ 11.044413] ret_from_fork+0x116/0x1d0 [ 11.044430] ? __pfx_kthread+0x10/0x10 [ 11.044450] ret_from_fork_asm+0x1a/0x30 [ 11.044482] </TASK> [ 11.044492] [ 11.052224] Allocated by task 181: [ 11.052411] kasan_save_stack+0x45/0x70 [ 11.052867] kasan_save_track+0x18/0x40 [ 11.053071] kasan_save_alloc_info+0x3b/0x50 [ 11.053409] __kasan_kmalloc+0xb7/0xc0 [ 11.053682] __kmalloc_cache_noprof+0x189/0x420 [ 11.053893] krealloc_uaf+0xbb/0x5e0 [ 11.054050] kunit_try_run_case+0x1a5/0x480 [ 11.054214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.054503] kthread+0x337/0x6f0 [ 11.054750] ret_from_fork+0x116/0x1d0 [ 11.054929] ret_from_fork_asm+0x1a/0x30 [ 11.055067] [ 11.055137] Freed by task 181: [ 11.055249] kasan_save_stack+0x45/0x70 [ 11.055385] kasan_save_track+0x18/0x40 [ 11.055521] kasan_save_free_info+0x3f/0x60 [ 11.055799] __kasan_slab_free+0x56/0x70 [ 11.056024] kfree+0x222/0x3f0 [ 11.056185] krealloc_uaf+0x13d/0x5e0 [ 11.056375] kunit_try_run_case+0x1a5/0x480 [ 11.056585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.056899] kthread+0x337/0x6f0 [ 11.057254] ret_from_fork+0x116/0x1d0 [ 11.057453] ret_from_fork_asm+0x1a/0x30 [ 11.057889] [ 11.057968] The buggy address belongs to the object at ffff888100356c00 [ 11.057968] which belongs to the cache kmalloc-256 of size 256 [ 11.058493] The buggy address is located 0 bytes inside of [ 11.058493] freed 256-byte region [ffff888100356c00, ffff888100356d00) [ 11.058850] [ 11.058925] The buggy address belongs to the physical page: [ 11.059302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 11.059885] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.060267] flags: 0x200000000000040(head|node=0|zone=2) [ 11.060507] page_type: f5(slab) [ 11.060706] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.060940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.061170] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.061399] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.061639] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 11.061984] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.062328] page dumped because: kasan: bad access detected [ 11.062589] [ 11.062692] Memory state around the buggy address: [ 11.062920] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.063541] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.064076] >ffff888100356c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.064511] ^ [ 11.064750] ffff888100356c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.065039] ffff888100356d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.065378] ================================================================== [ 11.017951] ================================================================== [ 11.018434] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.018849] Read of size 1 at addr ffff888100356c00 by task kunit_try_catch/181 [ 11.019117] [ 11.019228] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.019276] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.019288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.019308] Call Trace: [ 11.019320] <TASK> [ 11.019335] dump_stack_lvl+0x73/0xb0 [ 11.019363] print_report+0xd1/0x650 [ 11.019386] ? __virt_addr_valid+0x1db/0x2d0 [ 11.019409] ? krealloc_uaf+0x1b8/0x5e0 [ 11.019431] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.019470] ? krealloc_uaf+0x1b8/0x5e0 [ 11.019492] kasan_report+0x141/0x180 [ 11.019514] ? krealloc_uaf+0x1b8/0x5e0 [ 11.019539] ? krealloc_uaf+0x1b8/0x5e0 [ 11.019561] __kasan_check_byte+0x3d/0x50 [ 11.019583] krealloc_noprof+0x3f/0x340 [ 11.019608] krealloc_uaf+0x1b8/0x5e0 [ 11.019642] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.019663] ? finish_task_switch.isra.0+0x153/0x700 [ 11.019685] ? __switch_to+0x47/0xf50 [ 11.019711] ? __schedule+0x10cc/0x2b60 [ 11.019733] ? __pfx_read_tsc+0x10/0x10 [ 11.019753] ? ktime_get_ts64+0x86/0x230 [ 11.019778] kunit_try_run_case+0x1a5/0x480 [ 11.019803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.019824] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.019846] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.019868] ? __kthread_parkme+0x82/0x180 [ 11.019889] ? preempt_count_sub+0x50/0x80 [ 11.019911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.019934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.019956] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.019978] kthread+0x337/0x6f0 [ 11.019997] ? trace_preempt_on+0x20/0xc0 [ 11.020021] ? __pfx_kthread+0x10/0x10 [ 11.020041] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.020060] ? calculate_sigpending+0x7b/0xa0 [ 11.020084] ? __pfx_kthread+0x10/0x10 [ 11.020105] ret_from_fork+0x116/0x1d0 [ 11.020123] ? __pfx_kthread+0x10/0x10 [ 11.020143] ret_from_fork_asm+0x1a/0x30 [ 11.020174] </TASK> [ 11.020213] [ 11.028089] Allocated by task 181: [ 11.028219] kasan_save_stack+0x45/0x70 [ 11.028601] kasan_save_track+0x18/0x40 [ 11.028859] kasan_save_alloc_info+0x3b/0x50 [ 11.029066] __kasan_kmalloc+0xb7/0xc0 [ 11.029311] __kmalloc_cache_noprof+0x189/0x420 [ 11.029459] krealloc_uaf+0xbb/0x5e0 [ 11.029735] kunit_try_run_case+0x1a5/0x480 [ 11.029914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.030198] kthread+0x337/0x6f0 [ 11.030371] ret_from_fork+0x116/0x1d0 [ 11.030603] ret_from_fork_asm+0x1a/0x30 [ 11.030758] [ 11.030827] Freed by task 181: [ 11.030935] kasan_save_stack+0x45/0x70 [ 11.031064] kasan_save_track+0x18/0x40 [ 11.031198] kasan_save_free_info+0x3f/0x60 [ 11.031462] __kasan_slab_free+0x56/0x70 [ 11.031940] kfree+0x222/0x3f0 [ 11.032104] krealloc_uaf+0x13d/0x5e0 [ 11.032285] kunit_try_run_case+0x1a5/0x480 [ 11.032585] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.032826] kthread+0x337/0x6f0 [ 11.032944] ret_from_fork+0x116/0x1d0 [ 11.033070] ret_from_fork_asm+0x1a/0x30 [ 11.033203] [ 11.033272] The buggy address belongs to the object at ffff888100356c00 [ 11.033272] which belongs to the cache kmalloc-256 of size 256 [ 11.033998] The buggy address is located 0 bytes inside of [ 11.033998] freed 256-byte region [ffff888100356c00, ffff888100356d00) [ 11.034977] [ 11.035065] The buggy address belongs to the physical page: [ 11.035347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 11.035865] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.036087] flags: 0x200000000000040(head|node=0|zone=2) [ 11.036256] page_type: f5(slab) [ 11.036375] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.036871] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.037427] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.037959] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.038301] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 11.038529] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.038846] page dumped because: kasan: bad access detected [ 11.039229] [ 11.039365] Memory state around the buggy address: [ 11.039604] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.039922] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.040388] >ffff888100356c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.040671] ^ [ 11.040910] ffff888100356c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.041152] ffff888100356d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.041468] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 10.929734] ================================================================== [ 10.930741] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 10.931643] Write of size 1 at addr ffff888102aa60d0 by task kunit_try_catch/179 [ 10.932283] [ 10.932372] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.932418] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.932429] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.932449] Call Trace: [ 10.932462] <TASK> [ 10.932477] dump_stack_lvl+0x73/0xb0 [ 10.932505] print_report+0xd1/0x650 [ 10.932538] ? __virt_addr_valid+0x1db/0x2d0 [ 10.932561] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.932584] ? kasan_addr_to_slab+0x11/0xa0 [ 10.932604] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.932641] kasan_report+0x141/0x180 [ 10.932663] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.932692] __asan_report_store1_noabort+0x1b/0x30 [ 10.932713] krealloc_less_oob_helper+0xe23/0x11d0 [ 10.932738] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.932762] ? finish_task_switch.isra.0+0x153/0x700 [ 10.932782] ? __switch_to+0x47/0xf50 [ 10.932807] ? __schedule+0x10cc/0x2b60 [ 10.932828] ? __pfx_read_tsc+0x10/0x10 [ 10.932852] krealloc_large_less_oob+0x1c/0x30 [ 10.932874] kunit_try_run_case+0x1a5/0x480 [ 10.932898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.932919] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.932941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.932962] ? __kthread_parkme+0x82/0x180 [ 10.932982] ? preempt_count_sub+0x50/0x80 [ 10.933005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.933027] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.933049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.933072] kthread+0x337/0x6f0 [ 10.933091] ? trace_preempt_on+0x20/0xc0 [ 10.933114] ? __pfx_kthread+0x10/0x10 [ 10.933134] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.933154] ? calculate_sigpending+0x7b/0xa0 [ 10.933176] ? __pfx_kthread+0x10/0x10 [ 10.933209] ret_from_fork+0x116/0x1d0 [ 10.933227] ? __pfx_kthread+0x10/0x10 [ 10.933247] ret_from_fork_asm+0x1a/0x30 [ 10.933278] </TASK> [ 10.933288] [ 10.946635] The buggy address belongs to the physical page: [ 10.947204] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4 [ 10.948157] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.948940] flags: 0x200000000000040(head|node=0|zone=2) [ 10.949242] page_type: f8(unknown) [ 10.949673] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.950085] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.950666] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.951437] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.952056] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff [ 10.952345] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.953113] page dumped because: kasan: bad access detected [ 10.953679] [ 10.953840] Memory state around the buggy address: [ 10.954294] ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.954833] ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.955051] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.955389] ^ [ 10.955973] ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.956853] ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.957516] ================================================================== [ 10.716395] ================================================================== [ 10.717356] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 10.718243] Write of size 1 at addr ffff888100356ac9 by task kunit_try_catch/175 [ 10.718560] [ 10.718680] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.718729] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.718741] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.718762] Call Trace: [ 10.718774] <TASK> [ 10.718789] dump_stack_lvl+0x73/0xb0 [ 10.718818] print_report+0xd1/0x650 [ 10.718841] ? __virt_addr_valid+0x1db/0x2d0 [ 10.719062] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.719087] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.719109] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.719133] kasan_report+0x141/0x180 [ 10.719156] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.719420] __asan_report_store1_noabort+0x1b/0x30 [ 10.719449] krealloc_less_oob_helper+0xd70/0x11d0 [ 10.719476] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.719501] ? finish_task_switch.isra.0+0x153/0x700 [ 10.719582] ? __switch_to+0x47/0xf50 [ 10.719625] ? __schedule+0x10cc/0x2b60 [ 10.719647] ? __pfx_read_tsc+0x10/0x10 [ 10.719672] krealloc_less_oob+0x1c/0x30 [ 10.719694] kunit_try_run_case+0x1a5/0x480 [ 10.719718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.719739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.719763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.719785] ? __kthread_parkme+0x82/0x180 [ 10.719807] ? preempt_count_sub+0x50/0x80 [ 10.719831] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.719855] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.719877] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.719899] kthread+0x337/0x6f0 [ 10.719920] ? trace_preempt_on+0x20/0xc0 [ 10.719943] ? __pfx_kthread+0x10/0x10 [ 10.719963] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.719983] ? calculate_sigpending+0x7b/0xa0 [ 10.720007] ? __pfx_kthread+0x10/0x10 [ 10.720029] ret_from_fork+0x116/0x1d0 [ 10.720048] ? __pfx_kthread+0x10/0x10 [ 10.720069] ret_from_fork_asm+0x1a/0x30 [ 10.720100] </TASK> [ 10.720112] [ 10.732464] Allocated by task 175: [ 10.732848] kasan_save_stack+0x45/0x70 [ 10.733172] kasan_save_track+0x18/0x40 [ 10.733382] kasan_save_alloc_info+0x3b/0x50 [ 10.733749] __kasan_krealloc+0x190/0x1f0 [ 10.734090] krealloc_noprof+0xf3/0x340 [ 10.734418] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.734931] krealloc_less_oob+0x1c/0x30 [ 10.735203] kunit_try_run_case+0x1a5/0x480 [ 10.735508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.735917] kthread+0x337/0x6f0 [ 10.736074] ret_from_fork+0x116/0x1d0 [ 10.736488] ret_from_fork_asm+0x1a/0x30 [ 10.736782] [ 10.736995] The buggy address belongs to the object at ffff888100356a00 [ 10.736995] which belongs to the cache kmalloc-256 of size 256 [ 10.737926] The buggy address is located 0 bytes to the right of [ 10.737926] allocated 201-byte region [ffff888100356a00, ffff888100356ac9) [ 10.738800] [ 10.738903] The buggy address belongs to the physical page: [ 10.739133] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.739945] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.740464] flags: 0x200000000000040(head|node=0|zone=2) [ 10.740907] page_type: f5(slab) [ 10.741068] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.741836] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.742306] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.743009] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.743757] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.744153] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.744469] page dumped because: kasan: bad access detected [ 10.744952] [ 10.745049] Memory state around the buggy address: [ 10.745428] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.745885] ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.746359] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.746839] ^ [ 10.747086] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.747697] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.748149] ================================================================== [ 10.896963] ================================================================== [ 10.897452] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 10.897995] Write of size 1 at addr ffff888102aa60c9 by task kunit_try_catch/179 [ 10.898855] [ 10.898960] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.899009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.899021] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.899042] Call Trace: [ 10.899055] <TASK> [ 10.899072] dump_stack_lvl+0x73/0xb0 [ 10.899103] print_report+0xd1/0x650 [ 10.899126] ? __virt_addr_valid+0x1db/0x2d0 [ 10.899149] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.899173] ? kasan_addr_to_slab+0x11/0xa0 [ 10.899359] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.899385] kasan_report+0x141/0x180 [ 10.899422] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.899451] __asan_report_store1_noabort+0x1b/0x30 [ 10.899501] krealloc_less_oob_helper+0xd70/0x11d0 [ 10.899528] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.899564] ? finish_task_switch.isra.0+0x153/0x700 [ 10.899588] ? __switch_to+0x47/0xf50 [ 10.899625] ? __schedule+0x10cc/0x2b60 [ 10.899646] ? __pfx_read_tsc+0x10/0x10 [ 10.899671] krealloc_large_less_oob+0x1c/0x30 [ 10.899693] kunit_try_run_case+0x1a5/0x480 [ 10.899719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.899740] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.899762] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.899784] ? __kthread_parkme+0x82/0x180 [ 10.899805] ? preempt_count_sub+0x50/0x80 [ 10.899827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.899850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.899872] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.899894] kthread+0x337/0x6f0 [ 10.899914] ? trace_preempt_on+0x20/0xc0 [ 10.899937] ? __pfx_kthread+0x10/0x10 [ 10.899958] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.899978] ? calculate_sigpending+0x7b/0xa0 [ 10.900001] ? __pfx_kthread+0x10/0x10 [ 10.900022] ret_from_fork+0x116/0x1d0 [ 10.900040] ? __pfx_kthread+0x10/0x10 [ 10.900061] ret_from_fork_asm+0x1a/0x30 [ 10.900093] </TASK> [ 10.900104] [ 10.917015] The buggy address belongs to the physical page: [ 10.917847] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4 [ 10.918546] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.919159] flags: 0x200000000000040(head|node=0|zone=2) [ 10.919504] page_type: f8(unknown) [ 10.919966] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.920767] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.921463] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.921844] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.922790] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff [ 10.923571] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.924356] page dumped because: kasan: bad access detected [ 10.924902] [ 10.924981] Memory state around the buggy address: [ 10.925139] ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.925964] ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.926941] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.927644] ^ [ 10.928134] ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.928912] ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.929320] ================================================================== [ 10.770412] ================================================================== [ 10.770903] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 10.771250] Write of size 1 at addr ffff888100356ada by task kunit_try_catch/175 [ 10.771548] [ 10.772373] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.772426] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.772438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.772459] Call Trace: [ 10.772473] <TASK> [ 10.772488] dump_stack_lvl+0x73/0xb0 [ 10.772525] print_report+0xd1/0x650 [ 10.772548] ? __virt_addr_valid+0x1db/0x2d0 [ 10.772570] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.772594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.772625] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.772649] kasan_report+0x141/0x180 [ 10.772671] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.772701] __asan_report_store1_noabort+0x1b/0x30 [ 10.772722] krealloc_less_oob_helper+0xec6/0x11d0 [ 10.772748] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.772771] ? finish_task_switch.isra.0+0x153/0x700 [ 10.772793] ? __switch_to+0x47/0xf50 [ 10.772818] ? __schedule+0x10cc/0x2b60 [ 10.772840] ? __pfx_read_tsc+0x10/0x10 [ 10.772863] krealloc_less_oob+0x1c/0x30 [ 10.772885] kunit_try_run_case+0x1a5/0x480 [ 10.772908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.772929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.772952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.772973] ? __kthread_parkme+0x82/0x180 [ 10.772993] ? preempt_count_sub+0x50/0x80 [ 10.773015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.773038] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.773061] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.773083] kthread+0x337/0x6f0 [ 10.773102] ? trace_preempt_on+0x20/0xc0 [ 10.773124] ? __pfx_kthread+0x10/0x10 [ 10.773144] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.773164] ? calculate_sigpending+0x7b/0xa0 [ 10.773187] ? __pfx_kthread+0x10/0x10 [ 10.773209] ret_from_fork+0x116/0x1d0 [ 10.773227] ? __pfx_kthread+0x10/0x10 [ 10.773247] ret_from_fork_asm+0x1a/0x30 [ 10.773278] </TASK> [ 10.773288] [ 10.788269] Allocated by task 175: [ 10.788710] kasan_save_stack+0x45/0x70 [ 10.789110] kasan_save_track+0x18/0x40 [ 10.789465] kasan_save_alloc_info+0x3b/0x50 [ 10.789916] __kasan_krealloc+0x190/0x1f0 [ 10.790063] krealloc_noprof+0xf3/0x340 [ 10.790214] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.790757] krealloc_less_oob+0x1c/0x30 [ 10.791292] kunit_try_run_case+0x1a5/0x480 [ 10.791838] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.792322] kthread+0x337/0x6f0 [ 10.792447] ret_from_fork+0x116/0x1d0 [ 10.792768] ret_from_fork_asm+0x1a/0x30 [ 10.793174] [ 10.793347] The buggy address belongs to the object at ffff888100356a00 [ 10.793347] which belongs to the cache kmalloc-256 of size 256 [ 10.794666] The buggy address is located 17 bytes to the right of [ 10.794666] allocated 201-byte region [ffff888100356a00, ffff888100356ac9) [ 10.795039] [ 10.795114] The buggy address belongs to the physical page: [ 10.795595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.796436] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.797191] flags: 0x200000000000040(head|node=0|zone=2) [ 10.797886] page_type: f5(slab) [ 10.798234] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.798686] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.799387] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.799962] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.800214] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.800972] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.801753] page dumped because: kasan: bad access detected [ 10.802275] [ 10.802383] Memory state around the buggy address: [ 10.803021] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.803552] ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.804004] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.804465] ^ [ 10.804866] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.805550] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.806200] ================================================================== [ 10.996917] ================================================================== [ 10.997197] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 10.997712] Write of size 1 at addr ffff888102aa60eb by task kunit_try_catch/179 [ 10.998013] [ 10.998101] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.998145] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.998157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.998176] Call Trace: [ 10.998188] <TASK> [ 10.998201] dump_stack_lvl+0x73/0xb0 [ 10.998227] print_report+0xd1/0x650 [ 10.998248] ? __virt_addr_valid+0x1db/0x2d0 [ 10.998270] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.998293] ? kasan_addr_to_slab+0x11/0xa0 [ 10.998313] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.998337] kasan_report+0x141/0x180 [ 10.998359] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.998388] __asan_report_store1_noabort+0x1b/0x30 [ 10.998408] krealloc_less_oob_helper+0xd47/0x11d0 [ 10.998434] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.998457] ? finish_task_switch.isra.0+0x153/0x700 [ 10.998484] ? __switch_to+0x47/0xf50 [ 10.998508] ? __schedule+0x10cc/0x2b60 [ 10.998530] ? __pfx_read_tsc+0x10/0x10 [ 10.998553] krealloc_large_less_oob+0x1c/0x30 [ 10.998575] kunit_try_run_case+0x1a5/0x480 [ 10.998599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.998632] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.998654] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.998675] ? __kthread_parkme+0x82/0x180 [ 10.998695] ? preempt_count_sub+0x50/0x80 [ 10.998718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.998740] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.998817] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.998840] kthread+0x337/0x6f0 [ 10.998859] ? trace_preempt_on+0x20/0xc0 [ 10.998882] ? __pfx_kthread+0x10/0x10 [ 10.998903] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.998923] ? calculate_sigpending+0x7b/0xa0 [ 10.998945] ? __pfx_kthread+0x10/0x10 [ 10.998967] ret_from_fork+0x116/0x1d0 [ 10.998985] ? __pfx_kthread+0x10/0x10 [ 10.999005] ret_from_fork_asm+0x1a/0x30 [ 10.999036] </TASK> [ 10.999045] [ 11.007078] The buggy address belongs to the physical page: [ 11.007400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4 [ 11.007823] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.008103] flags: 0x200000000000040(head|node=0|zone=2) [ 11.008350] page_type: f8(unknown) [ 11.008508] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.008890] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.009242] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.009754] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.010076] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff [ 11.010358] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.010586] page dumped because: kasan: bad access detected [ 11.010841] [ 11.011006] Memory state around the buggy address: [ 11.011214] ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.011429] ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.011968] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.012442] ^ [ 11.012734] ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.013061] ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.013365] ================================================================== [ 10.958362] ================================================================== [ 10.958864] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 10.959111] Write of size 1 at addr ffff888102aa60da by task kunit_try_catch/179 [ 10.959342] [ 10.959523] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.959580] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.959592] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.959621] Call Trace: [ 10.959636] <TASK> [ 10.959650] dump_stack_lvl+0x73/0xb0 [ 10.959675] print_report+0xd1/0x650 [ 10.959697] ? __virt_addr_valid+0x1db/0x2d0 [ 10.959720] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.959743] ? kasan_addr_to_slab+0x11/0xa0 [ 10.959763] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.959786] kasan_report+0x141/0x180 [ 10.959809] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.959837] __asan_report_store1_noabort+0x1b/0x30 [ 10.959857] krealloc_less_oob_helper+0xec6/0x11d0 [ 10.959883] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.959907] ? finish_task_switch.isra.0+0x153/0x700 [ 10.959928] ? __switch_to+0x47/0xf50 [ 10.959953] ? __schedule+0x10cc/0x2b60 [ 10.959974] ? __pfx_read_tsc+0x10/0x10 [ 10.959997] krealloc_large_less_oob+0x1c/0x30 [ 10.960019] kunit_try_run_case+0x1a5/0x480 [ 10.960042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.960063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.960085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.960106] ? __kthread_parkme+0x82/0x180 [ 10.960126] ? preempt_count_sub+0x50/0x80 [ 10.960148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.960171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.960203] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.960225] kthread+0x337/0x6f0 [ 10.960244] ? trace_preempt_on+0x20/0xc0 [ 10.960266] ? __pfx_kthread+0x10/0x10 [ 10.960286] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.960306] ? calculate_sigpending+0x7b/0xa0 [ 10.960329] ? __pfx_kthread+0x10/0x10 [ 10.960350] ret_from_fork+0x116/0x1d0 [ 10.960378] ? __pfx_kthread+0x10/0x10 [ 10.960546] ret_from_fork_asm+0x1a/0x30 [ 10.960579] </TASK> [ 10.960589] [ 10.973173] The buggy address belongs to the physical page: [ 10.973434] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4 [ 10.973879] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.974158] flags: 0x200000000000040(head|node=0|zone=2) [ 10.974471] page_type: f8(unknown) [ 10.974663] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.975057] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.975361] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.975812] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.976079] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff [ 10.976379] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.976910] page dumped because: kasan: bad access detected [ 10.977092] [ 10.977280] Memory state around the buggy address: [ 10.977583] ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.977834] ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.978207] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.978472] ^ [ 10.978769] ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.979140] ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.979490] ================================================================== [ 10.806711] ================================================================== [ 10.807132] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 10.807886] Write of size 1 at addr ffff888100356aea by task kunit_try_catch/175 [ 10.808622] [ 10.808827] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.808887] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.808899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.808919] Call Trace: [ 10.808931] <TASK> [ 10.808947] dump_stack_lvl+0x73/0xb0 [ 10.808975] print_report+0xd1/0x650 [ 10.809007] ? __virt_addr_valid+0x1db/0x2d0 [ 10.809030] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.809054] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.809086] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.809110] kasan_report+0x141/0x180 [ 10.809133] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.809162] __asan_report_store1_noabort+0x1b/0x30 [ 10.809191] krealloc_less_oob_helper+0xe90/0x11d0 [ 10.809224] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.809248] ? finish_task_switch.isra.0+0x153/0x700 [ 10.809279] ? __switch_to+0x47/0xf50 [ 10.809305] ? __schedule+0x10cc/0x2b60 [ 10.809326] ? __pfx_read_tsc+0x10/0x10 [ 10.809351] krealloc_less_oob+0x1c/0x30 [ 10.809381] kunit_try_run_case+0x1a5/0x480 [ 10.809404] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.809425] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.809459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.809481] ? __kthread_parkme+0x82/0x180 [ 10.809501] ? preempt_count_sub+0x50/0x80 [ 10.809524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.809546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.809569] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.809591] kthread+0x337/0x6f0 [ 10.809610] ? trace_preempt_on+0x20/0xc0 [ 10.809640] ? __pfx_kthread+0x10/0x10 [ 10.809661] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.809681] ? calculate_sigpending+0x7b/0xa0 [ 10.809704] ? __pfx_kthread+0x10/0x10 [ 10.809726] ret_from_fork+0x116/0x1d0 [ 10.809744] ? __pfx_kthread+0x10/0x10 [ 10.809765] ret_from_fork_asm+0x1a/0x30 [ 10.809796] </TASK> [ 10.809807] [ 10.817542] Allocated by task 175: [ 10.817699] kasan_save_stack+0x45/0x70 [ 10.817899] kasan_save_track+0x18/0x40 [ 10.818116] kasan_save_alloc_info+0x3b/0x50 [ 10.818376] __kasan_krealloc+0x190/0x1f0 [ 10.818642] krealloc_noprof+0xf3/0x340 [ 10.818834] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.819068] krealloc_less_oob+0x1c/0x30 [ 10.819224] kunit_try_run_case+0x1a5/0x480 [ 10.819442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.819688] kthread+0x337/0x6f0 [ 10.819940] ret_from_fork+0x116/0x1d0 [ 10.820103] ret_from_fork_asm+0x1a/0x30 [ 10.820309] [ 10.820445] The buggy address belongs to the object at ffff888100356a00 [ 10.820445] which belongs to the cache kmalloc-256 of size 256 [ 10.820938] The buggy address is located 33 bytes to the right of [ 10.820938] allocated 201-byte region [ffff888100356a00, ffff888100356ac9) [ 10.821305] [ 10.821378] The buggy address belongs to the physical page: [ 10.821668] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.822024] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.822381] flags: 0x200000000000040(head|node=0|zone=2) [ 10.822648] page_type: f5(slab) [ 10.822818] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.823147] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.823487] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.823729] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.824005] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.824592] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.824906] page dumped because: kasan: bad access detected [ 10.825136] [ 10.825245] Memory state around the buggy address: [ 10.825451] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.825761] ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.826062] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.826377] ^ [ 10.826650] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.826965] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.827300] ================================================================== [ 10.827957] ================================================================== [ 10.828384] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 10.828643] Write of size 1 at addr ffff888100356aeb by task kunit_try_catch/175 [ 10.829160] [ 10.829248] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.829292] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.829304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.829323] Call Trace: [ 10.829336] <TASK> [ 10.829351] dump_stack_lvl+0x73/0xb0 [ 10.829377] print_report+0xd1/0x650 [ 10.829398] ? __virt_addr_valid+0x1db/0x2d0 [ 10.829420] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.829443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.829465] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.829488] kasan_report+0x141/0x180 [ 10.829510] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.829538] __asan_report_store1_noabort+0x1b/0x30 [ 10.829558] krealloc_less_oob_helper+0xd47/0x11d0 [ 10.829584] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.829607] ? finish_task_switch.isra.0+0x153/0x700 [ 10.829638] ? __switch_to+0x47/0xf50 [ 10.829663] ? __schedule+0x10cc/0x2b60 [ 10.829684] ? __pfx_read_tsc+0x10/0x10 [ 10.829707] krealloc_less_oob+0x1c/0x30 [ 10.829729] kunit_try_run_case+0x1a5/0x480 [ 10.829763] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.829794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.829817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.829838] ? __kthread_parkme+0x82/0x180 [ 10.829870] ? preempt_count_sub+0x50/0x80 [ 10.829892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.829915] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.829938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.829960] kthread+0x337/0x6f0 [ 10.829979] ? trace_preempt_on+0x20/0xc0 [ 10.830002] ? __pfx_kthread+0x10/0x10 [ 10.830023] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.830043] ? calculate_sigpending+0x7b/0xa0 [ 10.830066] ? __pfx_kthread+0x10/0x10 [ 10.830087] ret_from_fork+0x116/0x1d0 [ 10.830106] ? __pfx_kthread+0x10/0x10 [ 10.830126] ret_from_fork_asm+0x1a/0x30 [ 10.830157] </TASK> [ 10.830167] [ 10.837928] Allocated by task 175: [ 10.838135] kasan_save_stack+0x45/0x70 [ 10.838352] kasan_save_track+0x18/0x40 [ 10.838546] kasan_save_alloc_info+0x3b/0x50 [ 10.838756] __kasan_krealloc+0x190/0x1f0 [ 10.838924] krealloc_noprof+0xf3/0x340 [ 10.839062] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.839249] krealloc_less_oob+0x1c/0x30 [ 10.839491] kunit_try_run_case+0x1a5/0x480 [ 10.839715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.839994] kthread+0x337/0x6f0 [ 10.840120] ret_from_fork+0x116/0x1d0 [ 10.840472] ret_from_fork_asm+0x1a/0x30 [ 10.840675] [ 10.840770] The buggy address belongs to the object at ffff888100356a00 [ 10.840770] which belongs to the cache kmalloc-256 of size 256 [ 10.841267] The buggy address is located 34 bytes to the right of [ 10.841267] allocated 201-byte region [ffff888100356a00, ffff888100356ac9) [ 10.841709] [ 10.841782] The buggy address belongs to the physical page: [ 10.841957] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.842203] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.842568] flags: 0x200000000000040(head|node=0|zone=2) [ 10.842826] page_type: f5(slab) [ 10.842994] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.843515] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.843870] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.844209] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.844476] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.844719] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.844946] page dumped because: kasan: bad access detected [ 10.845202] [ 10.845299] Memory state around the buggy address: [ 10.845551] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.845901] ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.846305] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.846635] ^ [ 10.846848] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.847190] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.847475] ================================================================== [ 10.979990] ================================================================== [ 10.980299] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 10.980827] Write of size 1 at addr ffff888102aa60ea by task kunit_try_catch/179 [ 10.981133] [ 10.981244] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.981288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.981299] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.981319] Call Trace: [ 10.981333] <TASK> [ 10.981347] dump_stack_lvl+0x73/0xb0 [ 10.981375] print_report+0xd1/0x650 [ 10.981396] ? __virt_addr_valid+0x1db/0x2d0 [ 10.981419] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.981442] ? kasan_addr_to_slab+0x11/0xa0 [ 10.981462] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.981486] kasan_report+0x141/0x180 [ 10.981518] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.981546] __asan_report_store1_noabort+0x1b/0x30 [ 10.981640] krealloc_less_oob_helper+0xe90/0x11d0 [ 10.981666] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.981690] ? finish_task_switch.isra.0+0x153/0x700 [ 10.981711] ? __switch_to+0x47/0xf50 [ 10.981737] ? __schedule+0x10cc/0x2b60 [ 10.981757] ? __pfx_read_tsc+0x10/0x10 [ 10.981782] krealloc_large_less_oob+0x1c/0x30 [ 10.981804] kunit_try_run_case+0x1a5/0x480 [ 10.981827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.981849] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.981870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.981892] ? __kthread_parkme+0x82/0x180 [ 10.981911] ? preempt_count_sub+0x50/0x80 [ 10.981934] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.981956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.981979] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.982001] kthread+0x337/0x6f0 [ 10.982020] ? trace_preempt_on+0x20/0xc0 [ 10.982043] ? __pfx_kthread+0x10/0x10 [ 10.982063] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.982083] ? calculate_sigpending+0x7b/0xa0 [ 10.982106] ? __pfx_kthread+0x10/0x10 [ 10.982127] ret_from_fork+0x116/0x1d0 [ 10.982145] ? __pfx_kthread+0x10/0x10 [ 10.982165] ret_from_fork_asm+0x1a/0x30 [ 10.982196] </TASK> [ 10.982205] [ 10.990225] The buggy address belongs to the physical page: [ 10.990404] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa4 [ 10.990793] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.991073] flags: 0x200000000000040(head|node=0|zone=2) [ 10.991242] page_type: f8(unknown) [ 10.991367] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.991829] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.992181] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.992537] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.993296] head: 0200000000000002 ffffea00040aa901 00000000ffffffff 00000000ffffffff [ 10.993699] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.993929] page dumped because: kasan: bad access detected [ 10.994162] [ 10.994319] Memory state around the buggy address: [ 10.994548] ffff888102aa5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.994805] ffff888102aa6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.995018] >ffff888102aa6080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.995327] ^ [ 10.995627] ffff888102aa6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.996019] ffff888102aa6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.996355] ================================================================== [ 10.749315] ================================================================== [ 10.749668] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 10.750042] Write of size 1 at addr ffff888100356ad0 by task kunit_try_catch/175 [ 10.750402] [ 10.750525] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.750571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.750583] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.750603] Call Trace: [ 10.750625] <TASK> [ 10.750640] dump_stack_lvl+0x73/0xb0 [ 10.750666] print_report+0xd1/0x650 [ 10.750688] ? __virt_addr_valid+0x1db/0x2d0 [ 10.750721] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.750745] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.750767] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.750790] kasan_report+0x141/0x180 [ 10.750813] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.750841] __asan_report_store1_noabort+0x1b/0x30 [ 10.750862] krealloc_less_oob_helper+0xe23/0x11d0 [ 10.750888] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.750912] ? finish_task_switch.isra.0+0x153/0x700 [ 10.750934] ? __switch_to+0x47/0xf50 [ 10.750960] ? __schedule+0x10cc/0x2b60 [ 10.750981] ? __pfx_read_tsc+0x10/0x10 [ 10.751006] krealloc_less_oob+0x1c/0x30 [ 10.751027] kunit_try_run_case+0x1a5/0x480 [ 10.751051] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.751072] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.751095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.751116] ? __kthread_parkme+0x82/0x180 [ 10.751136] ? preempt_count_sub+0x50/0x80 [ 10.751159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.751191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.751214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.751237] kthread+0x337/0x6f0 [ 10.751256] ? trace_preempt_on+0x20/0xc0 [ 10.751279] ? __pfx_kthread+0x10/0x10 [ 10.751300] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.751320] ? calculate_sigpending+0x7b/0xa0 [ 10.751343] ? __pfx_kthread+0x10/0x10 [ 10.751365] ret_from_fork+0x116/0x1d0 [ 10.751383] ? __pfx_kthread+0x10/0x10 [ 10.751403] ret_from_fork_asm+0x1a/0x30 [ 10.751435] </TASK> [ 10.751445] [ 10.759124] Allocated by task 175: [ 10.759249] kasan_save_stack+0x45/0x70 [ 10.759433] kasan_save_track+0x18/0x40 [ 10.759836] kasan_save_alloc_info+0x3b/0x50 [ 10.760042] __kasan_krealloc+0x190/0x1f0 [ 10.760239] krealloc_noprof+0xf3/0x340 [ 10.760432] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.760599] krealloc_less_oob+0x1c/0x30 [ 10.760746] kunit_try_run_case+0x1a5/0x480 [ 10.760902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.761431] kthread+0x337/0x6f0 [ 10.761600] ret_from_fork+0x116/0x1d0 [ 10.761798] ret_from_fork_asm+0x1a/0x30 [ 10.761961] [ 10.762031] The buggy address belongs to the object at ffff888100356a00 [ 10.762031] which belongs to the cache kmalloc-256 of size 256 [ 10.762377] The buggy address is located 7 bytes to the right of [ 10.762377] allocated 201-byte region [ffff888100356a00, ffff888100356ac9) [ 10.763237] [ 10.763384] The buggy address belongs to the physical page: [ 10.763628] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.763916] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.764246] flags: 0x200000000000040(head|node=0|zone=2) [ 10.764482] page_type: f5(slab) [ 10.764719] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.764950] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.765178] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.765534] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.766021] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.766343] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.766777] page dumped because: kasan: bad access detected [ 10.767002] [ 10.767076] Memory state around the buggy address: [ 10.767309] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.767522] ffff888100356a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.767743] >ffff888100356a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.768057] ^ [ 10.768320] ffff888100356b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.768783] ffff888100356b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.769196] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 10.692112] ================================================================== [ 10.692734] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 10.693052] Write of size 1 at addr ffff8881003568f0 by task kunit_try_catch/173 [ 10.693344] [ 10.693457] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.693503] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.693669] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.693694] Call Trace: [ 10.693707] <TASK> [ 10.693722] dump_stack_lvl+0x73/0xb0 [ 10.693751] print_report+0xd1/0x650 [ 10.693773] ? __virt_addr_valid+0x1db/0x2d0 [ 10.693795] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.693818] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.693840] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.693864] kasan_report+0x141/0x180 [ 10.693886] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.693915] __asan_report_store1_noabort+0x1b/0x30 [ 10.693935] krealloc_more_oob_helper+0x7eb/0x930 [ 10.693957] ? __schedule+0x10cc/0x2b60 [ 10.693979] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.694003] ? finish_task_switch.isra.0+0x153/0x700 [ 10.694024] ? __switch_to+0x47/0xf50 [ 10.694050] ? __schedule+0x10cc/0x2b60 [ 10.694070] ? __pfx_read_tsc+0x10/0x10 [ 10.694094] krealloc_more_oob+0x1c/0x30 [ 10.694115] kunit_try_run_case+0x1a5/0x480 [ 10.694138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.694159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.694181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.694203] ? __kthread_parkme+0x82/0x180 [ 10.694223] ? preempt_count_sub+0x50/0x80 [ 10.694246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.694269] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.694291] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.694314] kthread+0x337/0x6f0 [ 10.694333] ? trace_preempt_on+0x20/0xc0 [ 10.694356] ? __pfx_kthread+0x10/0x10 [ 10.694376] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.694398] ? calculate_sigpending+0x7b/0xa0 [ 10.694421] ? __pfx_kthread+0x10/0x10 [ 10.694442] ret_from_fork+0x116/0x1d0 [ 10.694459] ? __pfx_kthread+0x10/0x10 [ 10.694485] ret_from_fork_asm+0x1a/0x30 [ 10.694516] </TASK> [ 10.694574] [ 10.702421] Allocated by task 173: [ 10.702815] kasan_save_stack+0x45/0x70 [ 10.703021] kasan_save_track+0x18/0x40 [ 10.703213] kasan_save_alloc_info+0x3b/0x50 [ 10.703423] __kasan_krealloc+0x190/0x1f0 [ 10.703644] krealloc_noprof+0xf3/0x340 [ 10.703880] krealloc_more_oob_helper+0x1a9/0x930 [ 10.704088] krealloc_more_oob+0x1c/0x30 [ 10.704346] kunit_try_run_case+0x1a5/0x480 [ 10.704505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.704779] kthread+0x337/0x6f0 [ 10.704924] ret_from_fork+0x116/0x1d0 [ 10.705092] ret_from_fork_asm+0x1a/0x30 [ 10.705331] [ 10.705703] The buggy address belongs to the object at ffff888100356800 [ 10.705703] which belongs to the cache kmalloc-256 of size 256 [ 10.706130] The buggy address is located 5 bytes to the right of [ 10.706130] allocated 235-byte region [ffff888100356800, ffff8881003568eb) [ 10.706816] [ 10.706892] The buggy address belongs to the physical page: [ 10.707066] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.707365] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.707712] flags: 0x200000000000040(head|node=0|zone=2) [ 10.707960] page_type: f5(slab) [ 10.708082] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.708312] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.708626] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.708981] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.709327] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.709686] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.710073] page dumped because: kasan: bad access detected [ 10.710314] [ 10.710408] Memory state around the buggy address: [ 10.710571] ffff888100356780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.711212] ffff888100356800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.711444] >ffff888100356880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 10.711746] ^ [ 10.712192] ffff888100356900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.712487] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.712795] ================================================================== [ 10.873461] ================================================================== [ 10.873994] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 10.874372] Write of size 1 at addr ffff8881020160f0 by task kunit_try_catch/177 [ 10.874648] [ 10.874914] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.875031] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.875054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.875073] Call Trace: [ 10.875085] <TASK> [ 10.875101] dump_stack_lvl+0x73/0xb0 [ 10.875131] print_report+0xd1/0x650 [ 10.875153] ? __virt_addr_valid+0x1db/0x2d0 [ 10.875176] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.875199] ? kasan_addr_to_slab+0x11/0xa0 [ 10.875220] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.875243] kasan_report+0x141/0x180 [ 10.875274] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.875303] __asan_report_store1_noabort+0x1b/0x30 [ 10.875323] krealloc_more_oob_helper+0x7eb/0x930 [ 10.875345] ? __schedule+0x10cc/0x2b60 [ 10.875367] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.875391] ? finish_task_switch.isra.0+0x153/0x700 [ 10.875413] ? __switch_to+0x47/0xf50 [ 10.875438] ? __schedule+0x10cc/0x2b60 [ 10.875459] ? __pfx_read_tsc+0x10/0x10 [ 10.875484] krealloc_large_more_oob+0x1c/0x30 [ 10.875506] kunit_try_run_case+0x1a5/0x480 [ 10.875547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.875569] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.875592] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.875624] ? __kthread_parkme+0x82/0x180 [ 10.875645] ? preempt_count_sub+0x50/0x80 [ 10.875668] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.875691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.875714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.875736] kthread+0x337/0x6f0 [ 10.875756] ? trace_preempt_on+0x20/0xc0 [ 10.875779] ? __pfx_kthread+0x10/0x10 [ 10.875800] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.875820] ? calculate_sigpending+0x7b/0xa0 [ 10.875843] ? __pfx_kthread+0x10/0x10 [ 10.875865] ret_from_fork+0x116/0x1d0 [ 10.875883] ? __pfx_kthread+0x10/0x10 [ 10.875903] ret_from_fork_asm+0x1a/0x30 [ 10.875934] </TASK> [ 10.875945] [ 10.886741] The buggy address belongs to the physical page: [ 10.886993] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102014 [ 10.887670] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.888118] flags: 0x200000000000040(head|node=0|zone=2) [ 10.888342] page_type: f8(unknown) [ 10.888729] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.889095] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.889544] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.889942] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.890375] head: 0200000000000002 ffffea0004080501 00000000ffffffff 00000000ffffffff [ 10.890712] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.891133] page dumped because: kasan: bad access detected [ 10.891520] [ 10.891705] Memory state around the buggy address: [ 10.891947] ffff888102015f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.892266] ffff888102016000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.892558] >ffff888102016080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 10.893075] ^ [ 10.893399] ffff888102016100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.893848] ffff888102016180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.894101] ================================================================== [ 10.667293] ================================================================== [ 10.668429] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.668979] Write of size 1 at addr ffff8881003568eb by task kunit_try_catch/173 [ 10.669474] [ 10.669649] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.669698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.669710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.669729] Call Trace: [ 10.669741] <TASK> [ 10.669755] dump_stack_lvl+0x73/0xb0 [ 10.669782] print_report+0xd1/0x650 [ 10.669805] ? __virt_addr_valid+0x1db/0x2d0 [ 10.669827] ? krealloc_more_oob_helper+0x821/0x930 [ 10.669850] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.669872] ? krealloc_more_oob_helper+0x821/0x930 [ 10.669896] kasan_report+0x141/0x180 [ 10.669918] ? krealloc_more_oob_helper+0x821/0x930 [ 10.669947] __asan_report_store1_noabort+0x1b/0x30 [ 10.669967] krealloc_more_oob_helper+0x821/0x930 [ 10.669989] ? __schedule+0x10cc/0x2b60 [ 10.670011] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.670034] ? finish_task_switch.isra.0+0x153/0x700 [ 10.670055] ? __switch_to+0x47/0xf50 [ 10.670082] ? __schedule+0x10cc/0x2b60 [ 10.670102] ? __pfx_read_tsc+0x10/0x10 [ 10.670126] krealloc_more_oob+0x1c/0x30 [ 10.670148] kunit_try_run_case+0x1a5/0x480 [ 10.670172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.670203] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.670225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.670247] ? __kthread_parkme+0x82/0x180 [ 10.670268] ? preempt_count_sub+0x50/0x80 [ 10.670291] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.670314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.670336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.670358] kthread+0x337/0x6f0 [ 10.670378] ? trace_preempt_on+0x20/0xc0 [ 10.670401] ? __pfx_kthread+0x10/0x10 [ 10.670421] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.670441] ? calculate_sigpending+0x7b/0xa0 [ 10.670468] ? __pfx_kthread+0x10/0x10 [ 10.670490] ret_from_fork+0x116/0x1d0 [ 10.670507] ? __pfx_kthread+0x10/0x10 [ 10.670539] ret_from_fork_asm+0x1a/0x30 [ 10.670572] </TASK> [ 10.670583] [ 10.681123] Allocated by task 173: [ 10.681267] kasan_save_stack+0x45/0x70 [ 10.681413] kasan_save_track+0x18/0x40 [ 10.681548] kasan_save_alloc_info+0x3b/0x50 [ 10.681816] __kasan_krealloc+0x190/0x1f0 [ 10.682017] krealloc_noprof+0xf3/0x340 [ 10.682241] krealloc_more_oob_helper+0x1a9/0x930 [ 10.682478] krealloc_more_oob+0x1c/0x30 [ 10.682726] kunit_try_run_case+0x1a5/0x480 [ 10.682903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.683147] kthread+0x337/0x6f0 [ 10.683568] ret_from_fork+0x116/0x1d0 [ 10.683779] ret_from_fork_asm+0x1a/0x30 [ 10.683921] [ 10.683994] The buggy address belongs to the object at ffff888100356800 [ 10.683994] which belongs to the cache kmalloc-256 of size 256 [ 10.684476] The buggy address is located 0 bytes to the right of [ 10.684476] allocated 235-byte region [ffff888100356800, ffff8881003568eb) [ 10.685083] [ 10.685159] The buggy address belongs to the physical page: [ 10.685337] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100356 [ 10.685901] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.686243] flags: 0x200000000000040(head|node=0|zone=2) [ 10.686481] page_type: f5(slab) [ 10.686713] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.687102] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.687454] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.687937] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.688271] head: 0200000000000001 ffffea000400d581 00000000ffffffff 00000000ffffffff [ 10.688644] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.688872] page dumped because: kasan: bad access detected [ 10.689091] [ 10.689187] Memory state around the buggy address: [ 10.689434] ffff888100356780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.689710] ffff888100356800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.689924] >ffff888100356880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 10.690292] ^ [ 10.690678] ffff888100356900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.691015] ffff888100356980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.691356] ================================================================== [ 10.853495] ================================================================== [ 10.853977] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.854350] Write of size 1 at addr ffff8881020160eb by task kunit_try_catch/177 [ 10.854777] [ 10.854905] CPU: 0 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.854954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.854966] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.854986] Call Trace: [ 10.854998] <TASK> [ 10.855012] dump_stack_lvl+0x73/0xb0 [ 10.855039] print_report+0xd1/0x650 [ 10.855062] ? __virt_addr_valid+0x1db/0x2d0 [ 10.855085] ? krealloc_more_oob_helper+0x821/0x930 [ 10.855120] ? kasan_addr_to_slab+0x11/0xa0 [ 10.855140] ? krealloc_more_oob_helper+0x821/0x930 [ 10.855164] kasan_report+0x141/0x180 [ 10.855198] ? krealloc_more_oob_helper+0x821/0x930 [ 10.855227] __asan_report_store1_noabort+0x1b/0x30 [ 10.855248] krealloc_more_oob_helper+0x821/0x930 [ 10.855281] ? __schedule+0x10cc/0x2b60 [ 10.855360] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.855384] ? finish_task_switch.isra.0+0x153/0x700 [ 10.855405] ? __switch_to+0x47/0xf50 [ 10.855440] ? __schedule+0x10cc/0x2b60 [ 10.855461] ? __pfx_read_tsc+0x10/0x10 [ 10.855484] krealloc_large_more_oob+0x1c/0x30 [ 10.855518] kunit_try_run_case+0x1a5/0x480 [ 10.855542] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.855563] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.855586] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.855630] ? __kthread_parkme+0x82/0x180 [ 10.855651] ? preempt_count_sub+0x50/0x80 [ 10.855674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.855707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.855729] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.855751] kthread+0x337/0x6f0 [ 10.855770] ? trace_preempt_on+0x20/0xc0 [ 10.855794] ? __pfx_kthread+0x10/0x10 [ 10.855815] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.855835] ? calculate_sigpending+0x7b/0xa0 [ 10.855860] ? __pfx_kthread+0x10/0x10 [ 10.855882] ret_from_fork+0x116/0x1d0 [ 10.855900] ? __pfx_kthread+0x10/0x10 [ 10.855920] ret_from_fork_asm+0x1a/0x30 [ 10.855951] </TASK> [ 10.855963] [ 10.865005] The buggy address belongs to the physical page: [ 10.865268] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102014 [ 10.865505] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.865825] flags: 0x200000000000040(head|node=0|zone=2) [ 10.866481] page_type: f8(unknown) [ 10.866893] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.867454] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.867842] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.868301] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.868661] head: 0200000000000002 ffffea0004080501 00000000ffffffff 00000000ffffffff [ 10.868980] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.869468] page dumped because: kasan: bad access detected [ 10.869775] [ 10.869858] Memory state around the buggy address: [ 10.870125] ffff888102015f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.870536] ffff888102016000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.871195] >ffff888102016080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 10.871576] ^ [ 10.871976] ffff888102016100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.872369] ffff888102016180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.872775] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.467930] ================================================================== [ 10.468700] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.469557] Read of size 1 at addr ffff8881038d1000 by task kunit_try_catch/157 [ 10.470764] [ 10.470891] CPU: 0 UID: 0 PID: 157 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.470943] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.470955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.470976] Call Trace: [ 10.470989] <TASK> [ 10.471007] dump_stack_lvl+0x73/0xb0 [ 10.471037] print_report+0xd1/0x650 [ 10.471059] ? __virt_addr_valid+0x1db/0x2d0 [ 10.471084] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.471107] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.471129] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.471153] kasan_report+0x141/0x180 [ 10.471175] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.471239] __asan_report_load1_noabort+0x18/0x20 [ 10.471259] kmalloc_node_oob_right+0x369/0x3c0 [ 10.471389] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.471419] ? __schedule+0x10cc/0x2b60 [ 10.471442] ? __pfx_read_tsc+0x10/0x10 [ 10.471464] ? ktime_get_ts64+0x86/0x230 [ 10.471489] kunit_try_run_case+0x1a5/0x480 [ 10.471514] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.471595] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.471633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.471655] ? __kthread_parkme+0x82/0x180 [ 10.471676] ? preempt_count_sub+0x50/0x80 [ 10.471701] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.471724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.471747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.471769] kthread+0x337/0x6f0 [ 10.471789] ? trace_preempt_on+0x20/0xc0 [ 10.471813] ? __pfx_kthread+0x10/0x10 [ 10.471833] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.471853] ? calculate_sigpending+0x7b/0xa0 [ 10.471877] ? __pfx_kthread+0x10/0x10 [ 10.471898] ret_from_fork+0x116/0x1d0 [ 10.471916] ? __pfx_kthread+0x10/0x10 [ 10.471937] ret_from_fork_asm+0x1a/0x30 [ 10.471968] </TASK> [ 10.471979] [ 10.482752] Allocated by task 157: [ 10.482992] kasan_save_stack+0x45/0x70 [ 10.483198] kasan_save_track+0x18/0x40 [ 10.483374] kasan_save_alloc_info+0x3b/0x50 [ 10.483675] __kasan_kmalloc+0xb7/0xc0 [ 10.483853] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.484065] kmalloc_node_oob_right+0xab/0x3c0 [ 10.484638] kunit_try_run_case+0x1a5/0x480 [ 10.485001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.485314] kthread+0x337/0x6f0 [ 10.485783] ret_from_fork+0x116/0x1d0 [ 10.485957] ret_from_fork_asm+0x1a/0x30 [ 10.486147] [ 10.486231] The buggy address belongs to the object at ffff8881038d0000 [ 10.486231] which belongs to the cache kmalloc-4k of size 4096 [ 10.487068] The buggy address is located 0 bytes to the right of [ 10.487068] allocated 4096-byte region [ffff8881038d0000, ffff8881038d1000) [ 10.487933] [ 10.488029] The buggy address belongs to the physical page: [ 10.488440] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038d0 [ 10.489249] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.489573] flags: 0x200000000000040(head|node=0|zone=2) [ 10.489887] page_type: f5(slab) [ 10.490063] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.490857] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.491346] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.491851] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.492301] head: 0200000000000003 ffffea00040e3401 00000000ffffffff 00000000ffffffff [ 10.492865] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.493292] page dumped because: kasan: bad access detected [ 10.493540] [ 10.493802] Memory state around the buggy address: [ 10.494020] ffff8881038d0f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.494674] ffff8881038d0f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.495076] >ffff8881038d1000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.495794] ^ [ 10.495974] ffff8881038d1080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.496437] ffff8881038d1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.496923] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.422746] ================================================================== [ 10.423944] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.424701] Read of size 1 at addr ffff888101c8693f by task kunit_try_catch/155 [ 10.425566] [ 10.425723] CPU: 1 UID: 0 PID: 155 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.425774] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.425836] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.425858] Call Trace: [ 10.425871] <TASK> [ 10.425888] dump_stack_lvl+0x73/0xb0 [ 10.425967] print_report+0xd1/0x650 [ 10.425989] ? __virt_addr_valid+0x1db/0x2d0 [ 10.426024] ? kmalloc_oob_left+0x361/0x3c0 [ 10.426045] ? kasan_complete_mode_report_info+0x64/0x200 [ 10.426067] ? kmalloc_oob_left+0x361/0x3c0 [ 10.426089] kasan_report+0x141/0x180 [ 10.426110] ? kmalloc_oob_left+0x361/0x3c0 [ 10.426137] __asan_report_load1_noabort+0x18/0x20 [ 10.426157] kmalloc_oob_left+0x361/0x3c0 [ 10.426195] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.426219] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.426244] kunit_try_run_case+0x1a5/0x480 [ 10.426269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.426290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.426312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.426334] ? __kthread_parkme+0x82/0x180 [ 10.426354] ? preempt_count_sub+0x50/0x80 [ 10.426379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.426402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.426424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.426446] kthread+0x337/0x6f0 [ 10.426470] ? trace_preempt_on+0x20/0xc0 [ 10.426494] ? __pfx_kthread+0x10/0x10 [ 10.426514] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.426556] ? calculate_sigpending+0x7b/0xa0 [ 10.426579] ? __pfx_kthread+0x10/0x10 [ 10.426601] ret_from_fork+0x116/0x1d0 [ 10.426628] ? __pfx_kthread+0x10/0x10 [ 10.426649] ret_from_fork_asm+0x1a/0x30 [ 10.426681] </TASK> [ 10.426692] [ 10.440161] Allocated by task 1: [ 10.440607] kasan_save_stack+0x45/0x70 [ 10.441031] kasan_save_track+0x18/0x40 [ 10.441446] kasan_save_alloc_info+0x3b/0x50 [ 10.441971] __kasan_kmalloc+0xb7/0xc0 [ 10.442199] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.442431] kvasprintf+0xc5/0x150 [ 10.442599] __kthread_create_on_node+0x18b/0x3a0 [ 10.443066] kthread_create_on_node+0xab/0xe0 [ 10.443534] cryptomgr_notify+0x704/0x9f0 [ 10.444006] notifier_call_chain+0xcb/0x250 [ 10.444428] blocking_notifier_call_chain+0x64/0x90 [ 10.444821] crypto_alg_mod_lookup+0x21f/0x440 [ 10.445108] crypto_alloc_tfm_node+0xc5/0x1f0 [ 10.445388] crypto_alloc_sig+0x23/0x30 [ 10.445889] public_key_verify_signature+0x208/0x9f0 [ 10.446388] x509_check_for_self_signed+0x2cb/0x480 [ 10.446743] x509_cert_parse+0x59c/0x830 [ 10.447187] x509_key_preparse+0x68/0x8a0 [ 10.447581] asymmetric_key_preparse+0xb1/0x160 [ 10.448097] __key_create_or_update+0x43d/0xcc0 [ 10.448405] key_create_or_update+0x17/0x20 [ 10.448890] x509_load_certificate_list+0x174/0x200 [ 10.449175] regulatory_init_db+0xee/0x3a0 [ 10.449325] do_one_initcall+0xd8/0x370 [ 10.449458] kernel_init_freeable+0x420/0x6f0 [ 10.449644] kernel_init+0x23/0x1e0 [ 10.449805] ret_from_fork+0x116/0x1d0 [ 10.449995] ret_from_fork_asm+0x1a/0x30 [ 10.450202] [ 10.450304] Freed by task 0: [ 10.450505] kasan_save_stack+0x45/0x70 [ 10.450785] kasan_save_track+0x18/0x40 [ 10.450921] kasan_save_free_info+0x3f/0x60 [ 10.451125] __kasan_slab_free+0x56/0x70 [ 10.451877] kfree+0x222/0x3f0 [ 10.452082] free_kthread_struct+0xeb/0x150 [ 10.452463] free_task+0xf3/0x130 [ 10.452822] __put_task_struct+0x1c8/0x480 [ 10.453218] delayed_put_task_struct+0x10a/0x150 [ 10.453540] rcu_core+0x66f/0x1c40 [ 10.453929] rcu_core_si+0x12/0x20 [ 10.454228] handle_softirqs+0x209/0x730 [ 10.454785] __irq_exit_rcu+0xc9/0x110 [ 10.454991] irq_exit_rcu+0x12/0x20 [ 10.455170] sysvec_apic_timer_interrupt+0x81/0x90 [ 10.455453] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 10.455780] [ 10.456036] The buggy address belongs to the object at ffff888101c86920 [ 10.456036] which belongs to the cache kmalloc-16 of size 16 [ 10.456906] The buggy address is located 15 bytes to the right of [ 10.456906] allocated 16-byte region [ffff888101c86920, ffff888101c86930) [ 10.457759] [ 10.457862] The buggy address belongs to the physical page: [ 10.458055] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c86 [ 10.459014] flags: 0x200000000000000(node=0|zone=2) [ 10.459258] page_type: f5(slab) [ 10.459673] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.459984] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.460489] page dumped because: kasan: bad access detected [ 10.460928] [ 10.461153] Memory state around the buggy address: [ 10.461507] ffff888101c86800: 00 04 fc fc 00 00 fc fc 00 04 fc fc 00 04 fc fc [ 10.461884] ffff888101c86880: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 10.462345] >ffff888101c86900: fa fb fc fc fa fb fc fc 00 07 fc fc fc fc fc fc [ 10.462999] ^ [ 10.463179] ffff888101c86980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.463688] ffff888101c86a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.464156] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.363013] ================================================================== [ 10.363256] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.363478] Write of size 1 at addr ffff8881029ce078 by task kunit_try_catch/153 [ 10.363877] [ 10.364050] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.364095] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.364106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.364125] Call Trace: [ 10.364136] <TASK> [ 10.364150] dump_stack_lvl+0x73/0xb0 [ 10.364175] print_report+0xd1/0x650 [ 10.364197] ? __virt_addr_valid+0x1db/0x2d0 [ 10.364219] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.364258] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.364288] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.364310] kasan_report+0x141/0x180 [ 10.364332] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.364359] __asan_report_store1_noabort+0x1b/0x30 [ 10.364380] kmalloc_oob_right+0x6bd/0x7f0 [ 10.364402] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.364425] ? __schedule+0x10cc/0x2b60 [ 10.364446] ? __pfx_read_tsc+0x10/0x10 [ 10.364466] ? ktime_get_ts64+0x86/0x230 [ 10.364490] kunit_try_run_case+0x1a5/0x480 [ 10.364530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.364551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.364572] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.364594] ? __kthread_parkme+0x82/0x180 [ 10.364624] ? preempt_count_sub+0x50/0x80 [ 10.364648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.364671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.364693] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.364715] kthread+0x337/0x6f0 [ 10.364734] ? trace_preempt_on+0x20/0xc0 [ 10.364768] ? __pfx_kthread+0x10/0x10 [ 10.364788] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.364808] ? calculate_sigpending+0x7b/0xa0 [ 10.364831] ? __pfx_kthread+0x10/0x10 [ 10.364852] ret_from_fork+0x116/0x1d0 [ 10.364870] ? __pfx_kthread+0x10/0x10 [ 10.364890] ret_from_fork_asm+0x1a/0x30 [ 10.364921] </TASK> [ 10.364931] [ 10.378209] Allocated by task 153: [ 10.378349] kasan_save_stack+0x45/0x70 [ 10.378499] kasan_save_track+0x18/0x40 [ 10.378663] kasan_save_alloc_info+0x3b/0x50 [ 10.378962] __kasan_kmalloc+0xb7/0xc0 [ 10.379339] __kmalloc_cache_noprof+0x189/0x420 [ 10.379786] kmalloc_oob_right+0xa9/0x7f0 [ 10.380180] kunit_try_run_case+0x1a5/0x480 [ 10.380383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.380556] kthread+0x337/0x6f0 [ 10.380700] ret_from_fork+0x116/0x1d0 [ 10.380893] ret_from_fork_asm+0x1a/0x30 [ 10.381295] [ 10.381486] The buggy address belongs to the object at ffff8881029ce000 [ 10.381486] which belongs to the cache kmalloc-128 of size 128 [ 10.382647] The buggy address is located 5 bytes to the right of [ 10.382647] allocated 115-byte region [ffff8881029ce000, ffff8881029ce073) [ 10.383264] [ 10.383392] The buggy address belongs to the physical page: [ 10.383856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 10.384421] flags: 0x200000000000000(node=0|zone=2) [ 10.384923] page_type: f5(slab) [ 10.385221] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.385562] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.386108] page dumped because: kasan: bad access detected [ 10.386325] [ 10.386506] Memory state around the buggy address: [ 10.386940] ffff8881029cdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.387889] ffff8881029cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.388299] >ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.388920] ^ [ 10.389136] ffff8881029ce080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.389410] ffff8881029ce100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.390080] ================================================================== [ 10.328419] ================================================================== [ 10.329289] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.330370] Write of size 1 at addr ffff8881029ce073 by task kunit_try_catch/153 [ 10.331304] [ 10.332407] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.332756] Tainted: [N]=TEST [ 10.332788] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.333022] Call Trace: [ 10.333093] <TASK> [ 10.333236] dump_stack_lvl+0x73/0xb0 [ 10.333320] print_report+0xd1/0x650 [ 10.333349] ? __virt_addr_valid+0x1db/0x2d0 [ 10.333375] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.333396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.333418] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.333440] kasan_report+0x141/0x180 [ 10.333462] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.333489] __asan_report_store1_noabort+0x1b/0x30 [ 10.333509] kmalloc_oob_right+0x6f0/0x7f0 [ 10.333547] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.333569] ? __schedule+0x10cc/0x2b60 [ 10.333592] ? __pfx_read_tsc+0x10/0x10 [ 10.333624] ? ktime_get_ts64+0x86/0x230 [ 10.333651] kunit_try_run_case+0x1a5/0x480 [ 10.333678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.333699] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.333723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.333744] ? __kthread_parkme+0x82/0x180 [ 10.333766] ? preempt_count_sub+0x50/0x80 [ 10.333791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.333814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.333837] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.333859] kthread+0x337/0x6f0 [ 10.333879] ? trace_preempt_on+0x20/0xc0 [ 10.333903] ? __pfx_kthread+0x10/0x10 [ 10.333924] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.333944] ? calculate_sigpending+0x7b/0xa0 [ 10.333968] ? __pfx_kthread+0x10/0x10 [ 10.333989] ret_from_fork+0x116/0x1d0 [ 10.334007] ? __pfx_kthread+0x10/0x10 [ 10.334027] ret_from_fork_asm+0x1a/0x30 [ 10.334083] </TASK> [ 10.334148] [ 10.345602] Allocated by task 153: [ 10.345869] kasan_save_stack+0x45/0x70 [ 10.346097] kasan_save_track+0x18/0x40 [ 10.346493] kasan_save_alloc_info+0x3b/0x50 [ 10.346856] __kasan_kmalloc+0xb7/0xc0 [ 10.347238] __kmalloc_cache_noprof+0x189/0x420 [ 10.347391] kmalloc_oob_right+0xa9/0x7f0 [ 10.347569] kunit_try_run_case+0x1a5/0x480 [ 10.347984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.348506] kthread+0x337/0x6f0 [ 10.348893] ret_from_fork+0x116/0x1d0 [ 10.349268] ret_from_fork_asm+0x1a/0x30 [ 10.349448] [ 10.349639] The buggy address belongs to the object at ffff8881029ce000 [ 10.349639] which belongs to the cache kmalloc-128 of size 128 [ 10.350925] The buggy address is located 0 bytes to the right of [ 10.350925] allocated 115-byte region [ffff8881029ce000, ffff8881029ce073) [ 10.351484] [ 10.351792] The buggy address belongs to the physical page: [ 10.352582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 10.353550] flags: 0x200000000000000(node=0|zone=2) [ 10.354359] page_type: f5(slab) [ 10.354911] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.355684] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.356485] page dumped because: kasan: bad access detected [ 10.356686] [ 10.356768] Memory state around the buggy address: [ 10.357296] ffff8881029cdf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.358088] ffff8881029cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.358775] >ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.359602] ^ [ 10.360423] ffff8881029ce080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.360899] ffff8881029ce100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.361413] ================================================================== [ 10.391111] ================================================================== [ 10.392000] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.392673] Read of size 1 at addr ffff8881029ce080 by task kunit_try_catch/153 [ 10.393096] [ 10.393333] CPU: 0 UID: 0 PID: 153 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.393382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.393393] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.393413] Call Trace: [ 10.393428] <TASK> [ 10.393444] dump_stack_lvl+0x73/0xb0 [ 10.393471] print_report+0xd1/0x650 [ 10.393494] ? __virt_addr_valid+0x1db/0x2d0 [ 10.393516] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.393537] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.393577] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.393599] kasan_report+0x141/0x180 [ 10.393633] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.393660] __asan_report_load1_noabort+0x18/0x20 [ 10.393680] kmalloc_oob_right+0x68a/0x7f0 [ 10.393702] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.393725] ? __schedule+0x10cc/0x2b60 [ 10.393746] ? __pfx_read_tsc+0x10/0x10 [ 10.393766] ? ktime_get_ts64+0x86/0x230 [ 10.393790] kunit_try_run_case+0x1a5/0x480 [ 10.393814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.393835] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.393857] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.393879] ? __kthread_parkme+0x82/0x180 [ 10.393899] ? preempt_count_sub+0x50/0x80 [ 10.393924] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.393947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.393969] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.393991] kthread+0x337/0x6f0 [ 10.394010] ? trace_preempt_on+0x20/0xc0 [ 10.394032] ? __pfx_kthread+0x10/0x10 [ 10.394053] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.394072] ? calculate_sigpending+0x7b/0xa0 [ 10.394096] ? __pfx_kthread+0x10/0x10 [ 10.394117] ret_from_fork+0x116/0x1d0 [ 10.394135] ? __pfx_kthread+0x10/0x10 [ 10.394155] ret_from_fork_asm+0x1a/0x30 [ 10.394186] </TASK> [ 10.394196] [ 10.405401] Allocated by task 153: [ 10.405780] kasan_save_stack+0x45/0x70 [ 10.405930] kasan_save_track+0x18/0x40 [ 10.406279] kasan_save_alloc_info+0x3b/0x50 [ 10.406720] __kasan_kmalloc+0xb7/0xc0 [ 10.407163] __kmalloc_cache_noprof+0x189/0x420 [ 10.407479] kmalloc_oob_right+0xa9/0x7f0 [ 10.407667] kunit_try_run_case+0x1a5/0x480 [ 10.407873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.408463] kthread+0x337/0x6f0 [ 10.408844] ret_from_fork+0x116/0x1d0 [ 10.409182] ret_from_fork_asm+0x1a/0x30 [ 10.409516] [ 10.409809] The buggy address belongs to the object at ffff8881029ce000 [ 10.409809] which belongs to the cache kmalloc-128 of size 128 [ 10.410719] The buggy address is located 13 bytes to the right of [ 10.410719] allocated 115-byte region [ffff8881029ce000, ffff8881029ce073) [ 10.411086] [ 10.411157] The buggy address belongs to the physical page: [ 10.411713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 10.412530] flags: 0x200000000000000(node=0|zone=2) [ 10.413004] page_type: f5(slab) [ 10.413377] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.414198] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.415085] page dumped because: kasan: bad access detected [ 10.415686] [ 10.415846] Memory state around the buggy address: [ 10.416160] ffff8881029cdf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.416882] ffff8881029ce000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.417544] >ffff8881029ce080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.417985] ^ [ 10.418310] ffff8881029ce100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.418852] ffff8881029ce180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.419610] ==================================================================
Failure - log-parser-boot - exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_vscale
------------[ cut here ]------------ [ 164.173204] WARNING: CPU: 0 PID: 2771 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 164.173936] Modules linked in: [ 164.174223] CPU: 0 UID: 0 PID: 2771 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 164.174869] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.175142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.175668] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 164.175959] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 c9 1d 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.176861] RSP: 0000:ffff88810c7bfc78 EFLAGS: 00010286 [ 164.177117] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 164.177478] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff924315b4 [ 164.178025] RBP: ffff88810c7bfca0 R08: 0000000000000000 R09: ffffed10214e3200 [ 164.178388] R10: ffff88810a719007 R11: 0000000000000000 R12: ffffffff924315a0 [ 164.178830] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810c7bfd38 [ 164.179172] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 164.179656] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.179977] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 164.180316] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 164.180634] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.181058] Call Trace: [ 164.181260] <TASK> [ 164.181388] drm_test_rect_calc_vscale+0x108/0x270 [ 164.181870] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 164.182112] ? __schedule+0x10cc/0x2b60 [ 164.182363] ? __pfx_read_tsc+0x10/0x10 [ 164.182691] ? ktime_get_ts64+0x86/0x230 [ 164.182940] kunit_try_run_case+0x1a5/0x480 [ 164.183169] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.183438] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.183823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.184070] ? __kthread_parkme+0x82/0x180 [ 164.184352] ? preempt_count_sub+0x50/0x80 [ 164.184710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.184962] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.185246] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.185543] kthread+0x337/0x6f0 [ 164.185950] ? trace_preempt_on+0x20/0xc0 [ 164.186226] ? __pfx_kthread+0x10/0x10 [ 164.186428] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.186802] ? calculate_sigpending+0x7b/0xa0 [ 164.187034] ? __pfx_kthread+0x10/0x10 [ 164.187283] ret_from_fork+0x116/0x1d0 [ 164.187623] ? __pfx_kthread+0x10/0x10 [ 164.187837] ret_from_fork_asm+0x1a/0x30 [ 164.188112] </TASK> [ 164.188247] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 164.154020] WARNING: CPU: 0 PID: 2769 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_vscale+0x130/0x190 [ 164.154736] Modules linked in: [ 164.155094] CPU: 0 UID: 0 PID: 2769 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 164.156254] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.156971] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.157772] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 164.158184] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 c9 1d 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.159264] RSP: 0000:ffff888107d67c78 EFLAGS: 00010286 [ 164.159456] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 164.159696] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff9243157c [ 164.159963] RBP: ffff888107d67ca0 R08: 0000000000000000 R09: ffffed10214e27c0 [ 164.160285] R10: ffff88810a713e07 R11: 0000000000000000 R12: ffffffff92431568 [ 164.160704] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888107d67d38 [ 164.160980] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 164.161289] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.161612] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 164.161999] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 164.162342] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.162736] Call Trace: [ 164.162919] <TASK> [ 164.163098] drm_test_rect_calc_vscale+0x108/0x270 [ 164.163395] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 164.163781] ? __schedule+0x10cc/0x2b60 [ 164.164017] ? __pfx_read_tsc+0x10/0x10 [ 164.164268] ? ktime_get_ts64+0x86/0x230 [ 164.164506] kunit_try_run_case+0x1a5/0x480 [ 164.164870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.165117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.165406] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.165875] ? __kthread_parkme+0x82/0x180 [ 164.166163] ? preempt_count_sub+0x50/0x80 [ 164.166356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.166753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.167028] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.167316] kthread+0x337/0x6f0 [ 164.167654] ? trace_preempt_on+0x20/0xc0 [ 164.167892] ? __pfx_kthread+0x10/0x10 [ 164.168138] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.168390] ? calculate_sigpending+0x7b/0xa0 [ 164.168732] ? __pfx_kthread+0x10/0x10 [ 164.168966] ret_from_fork+0x116/0x1d0 [ 164.169186] ? __pfx_kthread+0x10/0x10 [ 164.169417] ret_from_fork_asm+0x1a/0x30 [ 164.169895] </TASK> [ 164.170032] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-cpu-pid-at-driversgpudrmdrm_rect-drm_rect_calc_hscale
------------[ cut here ]------------ [ 164.095968] WARNING: CPU: 0 PID: 2757 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 164.096457] Modules linked in: [ 164.096756] CPU: 0 UID: 0 PID: 2757 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 164.098158] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.098337] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.098866] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 164.099484] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.100857] RSP: 0000:ffff88810c5afc78 EFLAGS: 00010286 [ 164.101047] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 164.101293] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff92431580 [ 164.101997] RBP: ffff88810c5afca0 R08: 0000000000000000 R09: ffffed10214e2740 [ 164.102365] R10: ffff88810a713a07 R11: 0000000000000000 R12: ffffffff92431568 [ 164.102845] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810c5afd38 [ 164.103273] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 164.103996] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.104223] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 164.104691] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 164.105099] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.105523] Call Trace: [ 164.105914] <TASK> [ 164.106076] drm_test_rect_calc_hscale+0x108/0x270 [ 164.106285] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 164.106778] ? __schedule+0x10cc/0x2b60 [ 164.107125] ? __pfx_read_tsc+0x10/0x10 [ 164.107410] ? ktime_get_ts64+0x86/0x230 [ 164.107673] kunit_try_run_case+0x1a5/0x480 [ 164.107909] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.108145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.108397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.108973] ? __kthread_parkme+0x82/0x180 [ 164.109140] ? preempt_count_sub+0x50/0x80 [ 164.109771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.110005] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.110258] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.110485] kthread+0x337/0x6f0 [ 164.111103] ? trace_preempt_on+0x20/0xc0 [ 164.111343] ? __pfx_kthread+0x10/0x10 [ 164.111505] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.111991] ? calculate_sigpending+0x7b/0xa0 [ 164.112419] ? __pfx_kthread+0x10/0x10 [ 164.112935] ret_from_fork+0x116/0x1d0 [ 164.113134] ? __pfx_kthread+0x10/0x10 [ 164.113282] ret_from_fork_asm+0x1a/0x30 [ 164.113708] </TASK> [ 164.113813] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 164.116582] WARNING: CPU: 1 PID: 2759 at drivers/gpu/drm/drm_rect.c:137 drm_rect_calc_hscale+0x125/0x190 [ 164.117977] Modules linked in: [ 164.118309] CPU: 1 UID: 0 PID: 2759 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 164.119436] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 164.120333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 164.121241] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 164.121854] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 164.122368] RSP: 0000:ffff888101d27c78 EFLAGS: 00010286 [ 164.122563] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 164.122884] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff924315b8 [ 164.123394] RBP: ffff888101d27ca0 R08: 0000000000000000 R09: ffffed10207b86e0 [ 164.123901] R10: ffff888103dc3707 R11: 0000000000000000 R12: ffffffff924315a0 [ 164.124194] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888101d27d38 [ 164.124923] FS: 0000000000000000(0000) GS:ffff8881c0577000(0000) knlGS:0000000000000000 [ 164.125716] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 164.126246] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 164.127022] DR0: ffffffff9444d4c4 DR1: ffffffff9444d4c9 DR2: ffffffff9444d4ca [ 164.127499] DR3: ffffffff9444d4cb DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 164.128198] Call Trace: [ 164.128414] <TASK> [ 164.128587] drm_test_rect_calc_hscale+0x108/0x270 [ 164.129211] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 164.129754] ? __schedule+0x10cc/0x2b60 [ 164.129908] ? __pfx_read_tsc+0x10/0x10 [ 164.130052] ? ktime_get_ts64+0x86/0x230 [ 164.130295] kunit_try_run_case+0x1a5/0x480 [ 164.130819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.131409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 164.131926] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 164.132445] ? __kthread_parkme+0x82/0x180 [ 164.132938] ? preempt_count_sub+0x50/0x80 [ 164.133420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 164.133958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 164.134170] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 164.134871] kthread+0x337/0x6f0 [ 164.135277] ? trace_preempt_on+0x20/0xc0 [ 164.135721] ? __pfx_kthread+0x10/0x10 [ 164.136172] ? _raw_spin_unlock_irq+0x47/0x80 [ 164.136367] ? calculate_sigpending+0x7b/0xa0 [ 164.136579] ? __pfx_kthread+0x10/0x10 [ 164.136957] ret_from_fork+0x116/0x1d0 [ 164.137384] ? __pfx_kthread+0x10/0x10 [ 164.137848] ret_from_fork_asm+0x1a/0x30 [ 164.138276] </TASK> [ 164.138502] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 11.612140] ================================================================== [ 11.612491] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 11.612890] Read of size 1 at addr ffff8881026a8b00 by task kunit_try_catch/213 [ 11.613210] [ 11.613326] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.613373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.613384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.613404] Call Trace: [ 11.613425] <TASK> [ 11.613439] dump_stack_lvl+0x73/0xb0 [ 11.613466] print_report+0xd1/0x650 [ 11.613500] ? __virt_addr_valid+0x1db/0x2d0 [ 11.613522] ? ksize_uaf+0x5fe/0x6c0 [ 11.613585] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.613626] ? ksize_uaf+0x5fe/0x6c0 [ 11.613647] kasan_report+0x141/0x180 [ 11.613670] ? ksize_uaf+0x5fe/0x6c0 [ 11.613706] __asan_report_load1_noabort+0x18/0x20 [ 11.613727] ksize_uaf+0x5fe/0x6c0 [ 11.613748] ? __pfx_ksize_uaf+0x10/0x10 [ 11.613769] ? __schedule+0x10cc/0x2b60 [ 11.613791] ? __pfx_read_tsc+0x10/0x10 [ 11.613810] ? ktime_get_ts64+0x86/0x230 [ 11.613843] kunit_try_run_case+0x1a5/0x480 [ 11.613866] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.613887] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.613920] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.613941] ? __kthread_parkme+0x82/0x180 [ 11.613961] ? preempt_count_sub+0x50/0x80 [ 11.613986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.614009] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.614031] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.614054] kthread+0x337/0x6f0 [ 11.614082] ? trace_preempt_on+0x20/0xc0 [ 11.614105] ? __pfx_kthread+0x10/0x10 [ 11.614126] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.614156] ? calculate_sigpending+0x7b/0xa0 [ 11.614179] ? __pfx_kthread+0x10/0x10 [ 11.614201] ret_from_fork+0x116/0x1d0 [ 11.614218] ? __pfx_kthread+0x10/0x10 [ 11.614239] ret_from_fork_asm+0x1a/0x30 [ 11.614280] </TASK> [ 11.614292] [ 11.621934] Allocated by task 213: [ 11.622069] kasan_save_stack+0x45/0x70 [ 11.622211] kasan_save_track+0x18/0x40 [ 11.622489] kasan_save_alloc_info+0x3b/0x50 [ 11.622717] __kasan_kmalloc+0xb7/0xc0 [ 11.622909] __kmalloc_cache_noprof+0x189/0x420 [ 11.623125] ksize_uaf+0xaa/0x6c0 [ 11.623463] kunit_try_run_case+0x1a5/0x480 [ 11.623781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.623977] kthread+0x337/0x6f0 [ 11.624175] ret_from_fork+0x116/0x1d0 [ 11.624372] ret_from_fork_asm+0x1a/0x30 [ 11.624622] [ 11.624740] Freed by task 213: [ 11.624893] kasan_save_stack+0x45/0x70 [ 11.625102] kasan_save_track+0x18/0x40 [ 11.625312] kasan_save_free_info+0x3f/0x60 [ 11.625509] __kasan_slab_free+0x56/0x70 [ 11.625712] kfree+0x222/0x3f0 [ 11.625828] ksize_uaf+0x12c/0x6c0 [ 11.625954] kunit_try_run_case+0x1a5/0x480 [ 11.626097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.626750] kthread+0x337/0x6f0 [ 11.626946] ret_from_fork+0x116/0x1d0 [ 11.627136] ret_from_fork_asm+0x1a/0x30 [ 11.627573] [ 11.627709] The buggy address belongs to the object at ffff8881026a8b00 [ 11.627709] which belongs to the cache kmalloc-128 of size 128 [ 11.628136] The buggy address is located 0 bytes inside of [ 11.628136] freed 128-byte region [ffff8881026a8b00, ffff8881026a8b80) [ 11.628553] [ 11.628669] The buggy address belongs to the physical page: [ 11.628944] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.629389] flags: 0x200000000000000(node=0|zone=2) [ 11.629719] page_type: f5(slab) [ 11.629917] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.630180] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.630456] page dumped because: kasan: bad access detected [ 11.630746] [ 11.630858] Memory state around the buggy address: [ 11.631288] ffff8881026a8a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.631871] ffff8881026a8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.632147] >ffff8881026a8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.632545] ^ [ 11.632807] ffff8881026a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.633107] ffff8881026a8c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.633444] ================================================================== [ 11.588474] ================================================================== [ 11.589179] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 11.589607] Read of size 1 at addr ffff8881026a8b00 by task kunit_try_catch/213 [ 11.590045] [ 11.590198] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.590247] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.590259] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.590278] Call Trace: [ 11.590290] <TASK> [ 11.590306] dump_stack_lvl+0x73/0xb0 [ 11.590347] print_report+0xd1/0x650 [ 11.590369] ? __virt_addr_valid+0x1db/0x2d0 [ 11.590394] ? ksize_uaf+0x19d/0x6c0 [ 11.590425] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.590448] ? ksize_uaf+0x19d/0x6c0 [ 11.590477] kasan_report+0x141/0x180 [ 11.590499] ? ksize_uaf+0x19d/0x6c0 [ 11.590523] ? ksize_uaf+0x19d/0x6c0 [ 11.590547] __kasan_check_byte+0x3d/0x50 [ 11.590569] ksize+0x20/0x60 [ 11.590590] ksize_uaf+0x19d/0x6c0 [ 11.590611] ? __pfx_ksize_uaf+0x10/0x10 [ 11.590642] ? __schedule+0x10cc/0x2b60 [ 11.590664] ? __pfx_read_tsc+0x10/0x10 [ 11.590685] ? ktime_get_ts64+0x86/0x230 [ 11.590719] kunit_try_run_case+0x1a5/0x480 [ 11.590744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.590765] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.590798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.590820] ? __kthread_parkme+0x82/0x180 [ 11.590840] ? preempt_count_sub+0x50/0x80 [ 11.590865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.590888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.590910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.590942] kthread+0x337/0x6f0 [ 11.590961] ? trace_preempt_on+0x20/0xc0 [ 11.590985] ? __pfx_kthread+0x10/0x10 [ 11.591016] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.591037] ? calculate_sigpending+0x7b/0xa0 [ 11.591061] ? __pfx_kthread+0x10/0x10 [ 11.591082] ret_from_fork+0x116/0x1d0 [ 11.591100] ? __pfx_kthread+0x10/0x10 [ 11.591120] ret_from_fork_asm+0x1a/0x30 [ 11.591152] </TASK> [ 11.591163] [ 11.599273] Allocated by task 213: [ 11.599404] kasan_save_stack+0x45/0x70 [ 11.599548] kasan_save_track+0x18/0x40 [ 11.599812] kasan_save_alloc_info+0x3b/0x50 [ 11.600030] __kasan_kmalloc+0xb7/0xc0 [ 11.600242] __kmalloc_cache_noprof+0x189/0x420 [ 11.600439] ksize_uaf+0xaa/0x6c0 [ 11.600562] kunit_try_run_case+0x1a5/0x480 [ 11.600719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.601267] kthread+0x337/0x6f0 [ 11.601464] ret_from_fork+0x116/0x1d0 [ 11.601864] ret_from_fork_asm+0x1a/0x30 [ 11.602057] [ 11.602154] Freed by task 213: [ 11.602390] kasan_save_stack+0x45/0x70 [ 11.602671] kasan_save_track+0x18/0x40 [ 11.602884] kasan_save_free_info+0x3f/0x60 [ 11.603074] __kasan_slab_free+0x56/0x70 [ 11.603275] kfree+0x222/0x3f0 [ 11.603430] ksize_uaf+0x12c/0x6c0 [ 11.603840] kunit_try_run_case+0x1a5/0x480 [ 11.604174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.604429] kthread+0x337/0x6f0 [ 11.604706] ret_from_fork+0x116/0x1d0 [ 11.604894] ret_from_fork_asm+0x1a/0x30 [ 11.605076] [ 11.605148] The buggy address belongs to the object at ffff8881026a8b00 [ 11.605148] which belongs to the cache kmalloc-128 of size 128 [ 11.605491] The buggy address is located 0 bytes inside of [ 11.605491] freed 128-byte region [ffff8881026a8b00, ffff8881026a8b80) [ 11.606011] [ 11.606130] The buggy address belongs to the physical page: [ 11.606474] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.606812] flags: 0x200000000000000(node=0|zone=2) [ 11.606976] page_type: f5(slab) [ 11.607098] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.607670] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.608043] page dumped because: kasan: bad access detected [ 11.608433] [ 11.609509] Memory state around the buggy address: [ 11.609750] ffff8881026a8a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.609964] ffff8881026a8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.610175] >ffff8881026a8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.610400] ^ [ 11.610570] ffff8881026a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.610897] ffff8881026a8c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.611248] ================================================================== [ 11.634021] ================================================================== [ 11.634386] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 11.634772] Read of size 1 at addr ffff8881026a8b78 by task kunit_try_catch/213 [ 11.635035] [ 11.635122] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.635167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.635179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.635199] Call Trace: [ 11.635224] <TASK> [ 11.635239] dump_stack_lvl+0x73/0xb0 [ 11.635266] print_report+0xd1/0x650 [ 11.635299] ? __virt_addr_valid+0x1db/0x2d0 [ 11.635321] ? ksize_uaf+0x5e4/0x6c0 [ 11.635341] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.635363] ? ksize_uaf+0x5e4/0x6c0 [ 11.635385] kasan_report+0x141/0x180 [ 11.635407] ? ksize_uaf+0x5e4/0x6c0 [ 11.635433] __asan_report_load1_noabort+0x18/0x20 [ 11.635453] ksize_uaf+0x5e4/0x6c0 [ 11.635474] ? __pfx_ksize_uaf+0x10/0x10 [ 11.635496] ? __schedule+0x10cc/0x2b60 [ 11.635518] ? __pfx_read_tsc+0x10/0x10 [ 11.635589] ? ktime_get_ts64+0x86/0x230 [ 11.635627] kunit_try_run_case+0x1a5/0x480 [ 11.635653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.635684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.635708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.635729] ? __kthread_parkme+0x82/0x180 [ 11.635760] ? preempt_count_sub+0x50/0x80 [ 11.635784] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.635807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.635829] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.635853] kthread+0x337/0x6f0 [ 11.635872] ? trace_preempt_on+0x20/0xc0 [ 11.635895] ? __pfx_kthread+0x10/0x10 [ 11.635916] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.635936] ? calculate_sigpending+0x7b/0xa0 [ 11.635960] ? __pfx_kthread+0x10/0x10 [ 11.635981] ret_from_fork+0x116/0x1d0 [ 11.635999] ? __pfx_kthread+0x10/0x10 [ 11.636020] ret_from_fork_asm+0x1a/0x30 [ 11.636052] </TASK> [ 11.636062] [ 11.643820] Allocated by task 213: [ 11.644002] kasan_save_stack+0x45/0x70 [ 11.644378] kasan_save_track+0x18/0x40 [ 11.644674] kasan_save_alloc_info+0x3b/0x50 [ 11.644897] __kasan_kmalloc+0xb7/0xc0 [ 11.645082] __kmalloc_cache_noprof+0x189/0x420 [ 11.645386] ksize_uaf+0xaa/0x6c0 [ 11.645638] kunit_try_run_case+0x1a5/0x480 [ 11.645834] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.646074] kthread+0x337/0x6f0 [ 11.646195] ret_from_fork+0x116/0x1d0 [ 11.646395] ret_from_fork_asm+0x1a/0x30 [ 11.646604] [ 11.646708] Freed by task 213: [ 11.646904] kasan_save_stack+0x45/0x70 [ 11.647085] kasan_save_track+0x18/0x40 [ 11.647220] kasan_save_free_info+0x3f/0x60 [ 11.647361] __kasan_slab_free+0x56/0x70 [ 11.647498] kfree+0x222/0x3f0 [ 11.647622] ksize_uaf+0x12c/0x6c0 [ 11.647798] kunit_try_run_case+0x1a5/0x480 [ 11.648067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.648505] kthread+0x337/0x6f0 [ 11.648936] ret_from_fork+0x116/0x1d0 [ 11.649139] ret_from_fork_asm+0x1a/0x30 [ 11.649316] [ 11.649389] The buggy address belongs to the object at ffff8881026a8b00 [ 11.649389] which belongs to the cache kmalloc-128 of size 128 [ 11.650048] The buggy address is located 120 bytes inside of [ 11.650048] freed 128-byte region [ffff8881026a8b00, ffff8881026a8b80) [ 11.650839] [ 11.650971] The buggy address belongs to the physical page: [ 11.651233] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.651554] flags: 0x200000000000000(node=0|zone=2) [ 11.651732] page_type: f5(slab) [ 11.651989] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.652425] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.652841] page dumped because: kasan: bad access detected [ 11.653048] [ 11.653144] Memory state around the buggy address: [ 11.653727] ffff8881026a8a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.654041] ffff8881026a8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.654390] >ffff8881026a8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.654795] ^ [ 11.655090] ffff8881026a8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.655405] ffff8881026a8c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.655677] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 11.538243] ================================================================== [ 11.538887] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.539164] Read of size 1 at addr ffff8881026a8a78 by task kunit_try_catch/211 [ 11.539503] [ 11.539598] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.539654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.539666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.539686] Call Trace: [ 11.539700] <TASK> [ 11.539714] dump_stack_lvl+0x73/0xb0 [ 11.539740] print_report+0xd1/0x650 [ 11.539761] ? __virt_addr_valid+0x1db/0x2d0 [ 11.539783] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.539805] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.539827] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.539851] kasan_report+0x141/0x180 [ 11.539873] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.539901] __asan_report_load1_noabort+0x18/0x20 [ 11.539921] ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.539945] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.539967] ? finish_task_switch.isra.0+0x153/0x700 [ 11.539988] ? __switch_to+0x47/0xf50 [ 11.540014] ? __schedule+0x10cc/0x2b60 [ 11.540035] ? __pfx_read_tsc+0x10/0x10 [ 11.540055] ? ktime_get_ts64+0x86/0x230 [ 11.540078] kunit_try_run_case+0x1a5/0x480 [ 11.540101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.540122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.540144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.540167] ? __kthread_parkme+0x82/0x180 [ 11.540187] ? preempt_count_sub+0x50/0x80 [ 11.540210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.540233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.540255] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.540278] kthread+0x337/0x6f0 [ 11.540297] ? trace_preempt_on+0x20/0xc0 [ 11.540320] ? __pfx_kthread+0x10/0x10 [ 11.540341] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.540361] ? calculate_sigpending+0x7b/0xa0 [ 11.540384] ? __pfx_kthread+0x10/0x10 [ 11.540405] ret_from_fork+0x116/0x1d0 [ 11.540424] ? __pfx_kthread+0x10/0x10 [ 11.540453] ret_from_fork_asm+0x1a/0x30 [ 11.540484] </TASK> [ 11.540493] [ 11.550944] Allocated by task 211: [ 11.551251] kasan_save_stack+0x45/0x70 [ 11.551404] kasan_save_track+0x18/0x40 [ 11.551535] kasan_save_alloc_info+0x3b/0x50 [ 11.551688] __kasan_kmalloc+0xb7/0xc0 [ 11.551822] __kmalloc_cache_noprof+0x189/0x420 [ 11.551971] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.552117] kunit_try_run_case+0x1a5/0x480 [ 11.552599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.553125] kthread+0x337/0x6f0 [ 11.553499] ret_from_fork+0x116/0x1d0 [ 11.553886] ret_from_fork_asm+0x1a/0x30 [ 11.554300] [ 11.554504] The buggy address belongs to the object at ffff8881026a8a00 [ 11.554504] which belongs to the cache kmalloc-128 of size 128 [ 11.555635] The buggy address is located 5 bytes to the right of [ 11.555635] allocated 115-byte region [ffff8881026a8a00, ffff8881026a8a73) [ 11.556845] [ 11.557043] The buggy address belongs to the physical page: [ 11.557580] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.558113] flags: 0x200000000000000(node=0|zone=2) [ 11.558357] page_type: f5(slab) [ 11.558696] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.558932] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.559156] page dumped because: kasan: bad access detected [ 11.559717] [ 11.559877] Memory state around the buggy address: [ 11.560397] ffff8881026a8900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.561053] ffff8881026a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.561723] >ffff8881026a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.562304] ^ [ 11.562521] ffff8881026a8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.562744] ffff8881026a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.562954] ================================================================== [ 11.520720] ================================================================== [ 11.521179] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.521545] Read of size 1 at addr ffff8881026a8a73 by task kunit_try_catch/211 [ 11.521846] [ 11.521948] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.521993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.522004] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.522024] Call Trace: [ 11.522036] <TASK> [ 11.522050] dump_stack_lvl+0x73/0xb0 [ 11.522076] print_report+0xd1/0x650 [ 11.522098] ? __virt_addr_valid+0x1db/0x2d0 [ 11.522120] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.522143] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.522165] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.522199] kasan_report+0x141/0x180 [ 11.522221] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.522250] __asan_report_load1_noabort+0x18/0x20 [ 11.522270] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.522294] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.522316] ? finish_task_switch.isra.0+0x153/0x700 [ 11.522337] ? __switch_to+0x47/0xf50 [ 11.522363] ? __schedule+0x10cc/0x2b60 [ 11.522384] ? __pfx_read_tsc+0x10/0x10 [ 11.522404] ? ktime_get_ts64+0x86/0x230 [ 11.522428] kunit_try_run_case+0x1a5/0x480 [ 11.522452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.522479] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.522501] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.522523] ? __kthread_parkme+0x82/0x180 [ 11.522543] ? preempt_count_sub+0x50/0x80 [ 11.522567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.522590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.522622] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.522646] kthread+0x337/0x6f0 [ 11.522666] ? trace_preempt_on+0x20/0xc0 [ 11.522690] ? __pfx_kthread+0x10/0x10 [ 11.522710] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.522730] ? calculate_sigpending+0x7b/0xa0 [ 11.522755] ? __pfx_kthread+0x10/0x10 [ 11.522777] ret_from_fork+0x116/0x1d0 [ 11.522794] ? __pfx_kthread+0x10/0x10 [ 11.522815] ret_from_fork_asm+0x1a/0x30 [ 11.522847] </TASK> [ 11.522858] [ 11.529945] Allocated by task 211: [ 11.530085] kasan_save_stack+0x45/0x70 [ 11.530279] kasan_save_track+0x18/0x40 [ 11.530486] kasan_save_alloc_info+0x3b/0x50 [ 11.530702] __kasan_kmalloc+0xb7/0xc0 [ 11.530889] __kmalloc_cache_noprof+0x189/0x420 [ 11.531067] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.531321] kunit_try_run_case+0x1a5/0x480 [ 11.531535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.531757] kthread+0x337/0x6f0 [ 11.531913] ret_from_fork+0x116/0x1d0 [ 11.532043] ret_from_fork_asm+0x1a/0x30 [ 11.532179] [ 11.532288] The buggy address belongs to the object at ffff8881026a8a00 [ 11.532288] which belongs to the cache kmalloc-128 of size 128 [ 11.532837] The buggy address is located 0 bytes to the right of [ 11.532837] allocated 115-byte region [ffff8881026a8a00, ffff8881026a8a73) [ 11.533235] [ 11.533309] The buggy address belongs to the physical page: [ 11.533480] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.534157] flags: 0x200000000000000(node=0|zone=2) [ 11.534556] page_type: f5(slab) [ 11.534687] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.534916] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.535138] page dumped because: kasan: bad access detected [ 11.535307] [ 11.535452] Memory state around the buggy address: [ 11.535687] ffff8881026a8900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.536014] ffff8881026a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.536336] >ffff8881026a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.536689] ^ [ 11.537002] ffff8881026a8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.537479] ffff8881026a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.537747] ================================================================== [ 11.563484] ================================================================== [ 11.563882] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.564795] Read of size 1 at addr ffff8881026a8a7f by task kunit_try_catch/211 [ 11.565630] [ 11.565890] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.565937] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.565948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.566007] Call Trace: [ 11.566022] <TASK> [ 11.566038] dump_stack_lvl+0x73/0xb0 [ 11.566076] print_report+0xd1/0x650 [ 11.566099] ? __virt_addr_valid+0x1db/0x2d0 [ 11.566122] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.566144] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.566193] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.566225] kasan_report+0x141/0x180 [ 11.566248] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.566312] __asan_report_load1_noabort+0x18/0x20 [ 11.566333] ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.566366] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.566389] ? finish_task_switch.isra.0+0x153/0x700 [ 11.566411] ? __switch_to+0x47/0xf50 [ 11.566436] ? __schedule+0x10cc/0x2b60 [ 11.566458] ? __pfx_read_tsc+0x10/0x10 [ 11.566482] ? ktime_get_ts64+0x86/0x230 [ 11.566508] kunit_try_run_case+0x1a5/0x480 [ 11.566532] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.566553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.566575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.566597] ? __kthread_parkme+0x82/0x180 [ 11.566627] ? preempt_count_sub+0x50/0x80 [ 11.566650] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.566673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.566696] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.566719] kthread+0x337/0x6f0 [ 11.566739] ? trace_preempt_on+0x20/0xc0 [ 11.566761] ? __pfx_kthread+0x10/0x10 [ 11.566782] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.566802] ? calculate_sigpending+0x7b/0xa0 [ 11.566825] ? __pfx_kthread+0x10/0x10 [ 11.566847] ret_from_fork+0x116/0x1d0 [ 11.566864] ? __pfx_kthread+0x10/0x10 [ 11.566885] ret_from_fork_asm+0x1a/0x30 [ 11.566916] </TASK> [ 11.566927] [ 11.575766] Allocated by task 211: [ 11.575894] kasan_save_stack+0x45/0x70 [ 11.576048] kasan_save_track+0x18/0x40 [ 11.576318] kasan_save_alloc_info+0x3b/0x50 [ 11.576544] __kasan_kmalloc+0xb7/0xc0 [ 11.576743] __kmalloc_cache_noprof+0x189/0x420 [ 11.576960] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.577220] kunit_try_run_case+0x1a5/0x480 [ 11.577406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.577663] kthread+0x337/0x6f0 [ 11.577781] ret_from_fork+0x116/0x1d0 [ 11.577908] ret_from_fork_asm+0x1a/0x30 [ 11.578063] [ 11.578160] The buggy address belongs to the object at ffff8881026a8a00 [ 11.578160] which belongs to the cache kmalloc-128 of size 128 [ 11.578758] The buggy address is located 12 bytes to the right of [ 11.578758] allocated 115-byte region [ffff8881026a8a00, ffff8881026a8a73) [ 11.579299] [ 11.579395] The buggy address belongs to the physical page: [ 11.579652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.579966] flags: 0x200000000000000(node=0|zone=2) [ 11.580122] page_type: f5(slab) [ 11.580245] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.580667] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.581016] page dumped because: kasan: bad access detected [ 11.581278] [ 11.581446] Memory state around the buggy address: [ 11.581610] ffff8881026a8900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.582051] ffff8881026a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.582330] >ffff8881026a8a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.582681] ^ [ 11.582884] ffff8881026a8a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.583118] ffff8881026a8b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.583656] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.495308] ================================================================== [ 11.495676] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.495994] Free of addr ffff888101c869a0 by task kunit_try_catch/209 [ 11.496262] [ 11.496383] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.496444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.496458] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.496489] Call Trace: [ 11.496501] <TASK> [ 11.496516] dump_stack_lvl+0x73/0xb0 [ 11.496544] print_report+0xd1/0x650 [ 11.496567] ? __virt_addr_valid+0x1db/0x2d0 [ 11.496594] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.496633] ? kfree_sensitive+0x2e/0x90 [ 11.496705] kasan_report_invalid_free+0x10a/0x130 [ 11.496737] ? kfree_sensitive+0x2e/0x90 [ 11.496763] ? kfree_sensitive+0x2e/0x90 [ 11.496786] check_slab_allocation+0x101/0x130 [ 11.496812] __kasan_slab_pre_free+0x28/0x40 [ 11.496835] kfree+0xf0/0x3f0 [ 11.496854] ? kfree_sensitive+0x2e/0x90 [ 11.496880] kfree_sensitive+0x2e/0x90 [ 11.496902] kmalloc_double_kzfree+0x19c/0x350 [ 11.496928] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.496957] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 11.496985] ? __pfx_read_tsc+0x10/0x10 [ 11.497007] ? ktime_get_ts64+0x86/0x230 [ 11.497034] kunit_try_run_case+0x1a5/0x480 [ 11.497060] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.497084] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 11.497109] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.497134] ? __kthread_parkme+0x82/0x180 [ 11.497157] ? preempt_count_sub+0x50/0x80 [ 11.497196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.497224] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.497251] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.497279] kthread+0x337/0x6f0 [ 11.497299] ? trace_preempt_on+0x20/0xc0 [ 11.497324] ? __pfx_kthread+0x10/0x10 [ 11.497347] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.497369] ? calculate_sigpending+0x7b/0xa0 [ 11.497395] ? __pfx_kthread+0x10/0x10 [ 11.497419] ret_from_fork+0x116/0x1d0 [ 11.497438] ? __pfx_kthread+0x10/0x10 [ 11.497461] ret_from_fork_asm+0x1a/0x30 [ 11.497498] </TASK> [ 11.497508] [ 11.505684] Allocated by task 209: [ 11.505848] kasan_save_stack+0x45/0x70 [ 11.506109] kasan_save_track+0x18/0x40 [ 11.506303] kasan_save_alloc_info+0x3b/0x50 [ 11.506521] __kasan_kmalloc+0xb7/0xc0 [ 11.506774] __kmalloc_cache_noprof+0x189/0x420 [ 11.506952] kmalloc_double_kzfree+0xa9/0x350 [ 11.507158] kunit_try_run_case+0x1a5/0x480 [ 11.507364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.507681] kthread+0x337/0x6f0 [ 11.507849] ret_from_fork+0x116/0x1d0 [ 11.508018] ret_from_fork_asm+0x1a/0x30 [ 11.508198] [ 11.508285] Freed by task 209: [ 11.508422] kasan_save_stack+0x45/0x70 [ 11.508752] kasan_save_track+0x18/0x40 [ 11.508944] kasan_save_free_info+0x3f/0x60 [ 11.509149] __kasan_slab_free+0x56/0x70 [ 11.509330] kfree+0x222/0x3f0 [ 11.509487] kfree_sensitive+0x67/0x90 [ 11.509722] kmalloc_double_kzfree+0x12b/0x350 [ 11.509938] kunit_try_run_case+0x1a5/0x480 [ 11.510111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.510310] kthread+0x337/0x6f0 [ 11.510528] ret_from_fork+0x116/0x1d0 [ 11.510741] ret_from_fork_asm+0x1a/0x30 [ 11.510999] [ 11.511079] The buggy address belongs to the object at ffff888101c869a0 [ 11.511079] which belongs to the cache kmalloc-16 of size 16 [ 11.511632] The buggy address is located 0 bytes inside of [ 11.511632] 16-byte region [ffff888101c869a0, ffff888101c869b0) [ 11.511958] [ 11.512029] The buggy address belongs to the physical page: [ 11.512376] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c86 [ 11.513156] flags: 0x200000000000000(node=0|zone=2) [ 11.513401] page_type: f5(slab) [ 11.513572] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.513887] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.514111] page dumped because: kasan: bad access detected [ 11.514279] [ 11.514348] Memory state around the buggy address: [ 11.514506] ffff888101c86880: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.515049] ffff888101c86900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.515369] >ffff888101c86980: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.515807] ^ [ 11.515975] ffff888101c86a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.516410] ffff888101c86a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.516641] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.465356] ================================================================== [ 11.466493] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.467095] Read of size 1 at addr ffff888101c869a0 by task kunit_try_catch/209 [ 11.467708] [ 11.467893] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.467944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.467955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.467975] Call Trace: [ 11.467987] <TASK> [ 11.468004] dump_stack_lvl+0x73/0xb0 [ 11.468034] print_report+0xd1/0x650 [ 11.468057] ? __virt_addr_valid+0x1db/0x2d0 [ 11.468081] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.468103] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.468125] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.468149] kasan_report+0x141/0x180 [ 11.468172] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.468200] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.468223] __kasan_check_byte+0x3d/0x50 [ 11.468246] kfree_sensitive+0x22/0x90 [ 11.468271] kmalloc_double_kzfree+0x19c/0x350 [ 11.468294] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.468320] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 11.468344] ? __pfx_read_tsc+0x10/0x10 [ 11.468364] ? ktime_get_ts64+0x86/0x230 [ 11.468389] kunit_try_run_case+0x1a5/0x480 [ 11.468413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.468434] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 11.468455] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.468478] ? __kthread_parkme+0x82/0x180 [ 11.468498] ? preempt_count_sub+0x50/0x80 [ 11.468523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.468547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.468570] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.468592] kthread+0x337/0x6f0 [ 11.468622] ? trace_preempt_on+0x20/0xc0 [ 11.468717] ? __pfx_kthread+0x10/0x10 [ 11.468739] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.468759] ? calculate_sigpending+0x7b/0xa0 [ 11.468784] ? __pfx_kthread+0x10/0x10 [ 11.468806] ret_from_fork+0x116/0x1d0 [ 11.468824] ? __pfx_kthread+0x10/0x10 [ 11.468845] ret_from_fork_asm+0x1a/0x30 [ 11.468881] </TASK> [ 11.468892] [ 11.479641] Allocated by task 209: [ 11.479968] kasan_save_stack+0x45/0x70 [ 11.480166] kasan_save_track+0x18/0x40 [ 11.480491] kasan_save_alloc_info+0x3b/0x50 [ 11.480859] __kasan_kmalloc+0xb7/0xc0 [ 11.481062] __kmalloc_cache_noprof+0x189/0x420 [ 11.481431] kmalloc_double_kzfree+0xa9/0x350 [ 11.481769] kunit_try_run_case+0x1a5/0x480 [ 11.481935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.482184] kthread+0x337/0x6f0 [ 11.482652] ret_from_fork+0x116/0x1d0 [ 11.482851] ret_from_fork_asm+0x1a/0x30 [ 11.483281] [ 11.483385] Freed by task 209: [ 11.483534] kasan_save_stack+0x45/0x70 [ 11.484019] kasan_save_track+0x18/0x40 [ 11.484287] kasan_save_free_info+0x3f/0x60 [ 11.484495] __kasan_slab_free+0x56/0x70 [ 11.484873] kfree+0x222/0x3f0 [ 11.485046] kfree_sensitive+0x67/0x90 [ 11.485204] kmalloc_double_kzfree+0x12b/0x350 [ 11.485488] kunit_try_run_case+0x1a5/0x480 [ 11.485728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.486212] kthread+0x337/0x6f0 [ 11.486396] ret_from_fork+0x116/0x1d0 [ 11.486668] ret_from_fork_asm+0x1a/0x30 [ 11.486828] [ 11.486922] The buggy address belongs to the object at ffff888101c869a0 [ 11.486922] which belongs to the cache kmalloc-16 of size 16 [ 11.487768] The buggy address is located 0 bytes inside of [ 11.487768] freed 16-byte region [ffff888101c869a0, ffff888101c869b0) [ 11.488339] [ 11.488673] The buggy address belongs to the physical page: [ 11.489007] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c86 [ 11.489509] flags: 0x200000000000000(node=0|zone=2) [ 11.489889] page_type: f5(slab) [ 11.490074] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.490531] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.490947] page dumped because: kasan: bad access detected [ 11.491192] [ 11.491464] Memory state around the buggy address: [ 11.491781] ffff888101c86880: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.492293] ffff888101c86900: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.492845] >ffff888101c86980: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.493232] ^ [ 11.493448] ffff888101c86a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.494061] ffff888101c86a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.494359] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.427961] ================================================================== [ 11.428422] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.428727] Read of size 1 at addr ffff8881026b6828 by task kunit_try_catch/205 [ 11.429118] [ 11.429327] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.429478] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.429490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.429510] Call Trace: [ 11.429522] <TASK> [ 11.429537] dump_stack_lvl+0x73/0xb0 [ 11.429565] print_report+0xd1/0x650 [ 11.429588] ? __virt_addr_valid+0x1db/0x2d0 [ 11.429691] ? kmalloc_uaf2+0x4a8/0x520 [ 11.429712] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.429733] ? kmalloc_uaf2+0x4a8/0x520 [ 11.429754] kasan_report+0x141/0x180 [ 11.429777] ? kmalloc_uaf2+0x4a8/0x520 [ 11.429825] __asan_report_load1_noabort+0x18/0x20 [ 11.429846] kmalloc_uaf2+0x4a8/0x520 [ 11.429866] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.429886] ? finish_task_switch.isra.0+0x153/0x700 [ 11.429907] ? __switch_to+0x47/0xf50 [ 11.429935] ? __schedule+0x10cc/0x2b60 [ 11.429957] ? __pfx_read_tsc+0x10/0x10 [ 11.429994] ? ktime_get_ts64+0x86/0x230 [ 11.430019] kunit_try_run_case+0x1a5/0x480 [ 11.430043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.430064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.430086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.430108] ? __kthread_parkme+0x82/0x180 [ 11.430128] ? preempt_count_sub+0x50/0x80 [ 11.430151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.430174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.430208] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.430231] kthread+0x337/0x6f0 [ 11.430250] ? trace_preempt_on+0x20/0xc0 [ 11.430273] ? __pfx_kthread+0x10/0x10 [ 11.430294] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.430314] ? calculate_sigpending+0x7b/0xa0 [ 11.430338] ? __pfx_kthread+0x10/0x10 [ 11.430359] ret_from_fork+0x116/0x1d0 [ 11.430377] ? __pfx_kthread+0x10/0x10 [ 11.430397] ret_from_fork_asm+0x1a/0x30 [ 11.430429] </TASK> [ 11.430440] [ 11.442382] Allocated by task 205: [ 11.442739] kasan_save_stack+0x45/0x70 [ 11.443174] kasan_save_track+0x18/0x40 [ 11.443460] kasan_save_alloc_info+0x3b/0x50 [ 11.443682] __kasan_kmalloc+0xb7/0xc0 [ 11.444074] __kmalloc_cache_noprof+0x189/0x420 [ 11.444554] kmalloc_uaf2+0xc6/0x520 [ 11.444839] kunit_try_run_case+0x1a5/0x480 [ 11.444987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.445154] kthread+0x337/0x6f0 [ 11.445463] ret_from_fork+0x116/0x1d0 [ 11.445893] ret_from_fork_asm+0x1a/0x30 [ 11.446287] [ 11.446447] Freed by task 205: [ 11.446763] kasan_save_stack+0x45/0x70 [ 11.447192] kasan_save_track+0x18/0x40 [ 11.447646] kasan_save_free_info+0x3f/0x60 [ 11.447914] __kasan_slab_free+0x56/0x70 [ 11.448054] kfree+0x222/0x3f0 [ 11.448167] kmalloc_uaf2+0x14c/0x520 [ 11.448505] kunit_try_run_case+0x1a5/0x480 [ 11.448951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.449468] kthread+0x337/0x6f0 [ 11.449845] ret_from_fork+0x116/0x1d0 [ 11.450265] ret_from_fork_asm+0x1a/0x30 [ 11.450440] [ 11.450518] The buggy address belongs to the object at ffff8881026b6800 [ 11.450518] which belongs to the cache kmalloc-64 of size 64 [ 11.451696] The buggy address is located 40 bytes inside of [ 11.451696] freed 64-byte region [ffff8881026b6800, ffff8881026b6840) [ 11.452133] [ 11.452252] The buggy address belongs to the physical page: [ 11.452842] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b6 [ 11.453564] flags: 0x200000000000000(node=0|zone=2) [ 11.454050] page_type: f5(slab) [ 11.454183] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.454448] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.454912] page dumped because: kasan: bad access detected [ 11.455436] [ 11.455675] Memory state around the buggy address: [ 11.455939] ffff8881026b6700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.456155] ffff8881026b6780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.456789] >ffff8881026b6800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.457507] ^ [ 11.457986] ffff8881026b6880: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.458469] ffff8881026b6900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.459041] ==================================================================
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 109.013869] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 48.131376] ================================================================== [ 48.131812] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 48.131812] [ 48.132178] Use-after-free read at 0x(____ptrval____) (in kfence-#136): [ 48.132590] test_krealloc+0x6fc/0xbe0 [ 48.132933] kunit_try_run_case+0x1a5/0x480 [ 48.133110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.133423] kthread+0x337/0x6f0 [ 48.133590] ret_from_fork+0x116/0x1d0 [ 48.133797] ret_from_fork_asm+0x1a/0x30 [ 48.133996] [ 48.134089] kfence-#136: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 48.134089] [ 48.135002] allocated by task 354 on cpu 1 at 48.130769s (0.004230s ago): [ 48.135388] test_alloc+0x364/0x10f0 [ 48.135551] test_krealloc+0xad/0xbe0 [ 48.135738] kunit_try_run_case+0x1a5/0x480 [ 48.135930] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.136159] kthread+0x337/0x6f0 [ 48.136314] ret_from_fork+0x116/0x1d0 [ 48.136504] ret_from_fork_asm+0x1a/0x30 [ 48.136669] [ 48.136744] freed by task 354 on cpu 1 at 48.130979s (0.005763s ago): [ 48.136986] krealloc_noprof+0x108/0x340 [ 48.137186] test_krealloc+0x226/0xbe0 [ 48.137380] kunit_try_run_case+0x1a5/0x480 [ 48.137830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.138058] kthread+0x337/0x6f0 [ 48.138269] ret_from_fork+0x116/0x1d0 [ 48.138411] ret_from_fork_asm+0x1a/0x30 [ 48.138603] [ 48.138738] CPU: 1 UID: 0 PID: 354 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 48.139267] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.139437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.139781] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 48.051874] ================================================================== [ 48.052320] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.052320] [ 48.052751] Use-after-free read at 0x(____ptrval____) (in kfence-#135): [ 48.053085] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.053313] kunit_try_run_case+0x1a5/0x480 [ 48.053510] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.053763] kthread+0x337/0x6f0 [ 48.053893] ret_from_fork+0x116/0x1d0 [ 48.054084] ret_from_fork_asm+0x1a/0x30 [ 48.054386] [ 48.054477] kfence-#135: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 48.054477] [ 48.054812] allocated by task 352 on cpu 1 at 48.026771s (0.028039s ago): [ 48.055148] test_alloc+0x2a6/0x10f0 [ 48.055391] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 48.055890] kunit_try_run_case+0x1a5/0x480 [ 48.056082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.056332] kthread+0x337/0x6f0 [ 48.056487] ret_from_fork+0x116/0x1d0 [ 48.056663] ret_from_fork_asm+0x1a/0x30 [ 48.056827] [ 48.056924] freed by task 352 on cpu 1 at 48.026869s (0.030052s ago): [ 48.057176] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 48.058058] kunit_try_run_case+0x1a5/0x480 [ 48.058337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.058659] kthread+0x337/0x6f0 [ 48.058895] ret_from_fork+0x116/0x1d0 [ 48.059135] ret_from_fork_asm+0x1a/0x30 [ 48.059454] [ 48.059587] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 48.060077] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.060258] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.060600] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 22.767503] ================================================================== [ 22.767980] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 22.767980] [ 22.768880] Invalid read at 0x(____ptrval____): [ 22.769759] test_invalid_access+0xf0/0x210 [ 22.769981] kunit_try_run_case+0x1a5/0x480 [ 22.770178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.770404] kthread+0x337/0x6f0 [ 22.771104] ret_from_fork+0x116/0x1d0 [ 22.771274] ret_from_fork_asm+0x1a/0x30 [ 22.771528] [ 22.771651] CPU: 0 UID: 0 PID: 348 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 22.772152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.772673] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.773103] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 22.547091] ================================================================== [ 22.547557] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.547557] [ 22.547962] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#130): [ 22.549057] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.549333] kunit_try_run_case+0x1a5/0x480 [ 22.549594] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.550074] kthread+0x337/0x6f0 [ 22.550377] ret_from_fork+0x116/0x1d0 [ 22.550562] ret_from_fork_asm+0x1a/0x30 [ 22.550779] [ 22.551101] kfence-#130: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 22.551101] [ 22.551640] allocated by task 342 on cpu 0 at 22.546808s (0.004830s ago): [ 22.551942] test_alloc+0x364/0x10f0 [ 22.552361] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 22.552600] kunit_try_run_case+0x1a5/0x480 [ 22.552943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.553277] kthread+0x337/0x6f0 [ 22.553468] ret_from_fork+0x116/0x1d0 [ 22.553788] ret_from_fork_asm+0x1a/0x30 [ 22.553989] [ 22.554084] freed by task 342 on cpu 0 at 22.546949s (0.007133s ago): [ 22.554588] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.554936] kunit_try_run_case+0x1a5/0x480 [ 22.555220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.555482] kthread+0x337/0x6f0 [ 22.555824] ret_from_fork+0x116/0x1d0 [ 22.556097] ret_from_fork_asm+0x1a/0x30 [ 22.556378] [ 22.556542] CPU: 0 UID: 0 PID: 342 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 22.557050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.557494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.557966] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 22.339037] ================================================================== [ 22.339741] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 22.339741] [ 22.340081] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#128): [ 22.340515] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 22.340851] kunit_try_run_case+0x1a5/0x480 [ 22.341012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.341187] kthread+0x337/0x6f0 [ 22.341353] ret_from_fork+0x116/0x1d0 [ 22.341548] ret_from_fork_asm+0x1a/0x30 [ 22.341763] [ 22.341863] kfence-#128: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 22.341863] [ 22.342311] allocated by task 340 on cpu 1 at 22.338827s (0.003482s ago): [ 22.342569] test_alloc+0x364/0x10f0 [ 22.342748] test_kmalloc_aligned_oob_read+0x105/0x560 [ 22.342992] kunit_try_run_case+0x1a5/0x480 [ 22.343209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.343456] kthread+0x337/0x6f0 [ 22.343603] ret_from_fork+0x116/0x1d0 [ 22.343763] ret_from_fork_asm+0x1a/0x30 [ 22.343970] [ 22.344099] CPU: 1 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 22.344601] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.344754] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.345095] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 17.763048] ================================================================== [ 17.763515] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 17.763515] [ 17.763902] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#84): [ 17.764303] test_corruption+0x2df/0x3e0 [ 17.764453] kunit_try_run_case+0x1a5/0x480 [ 17.764604] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.765028] kthread+0x337/0x6f0 [ 17.765208] ret_from_fork+0x116/0x1d0 [ 17.765410] ret_from_fork_asm+0x1a/0x30 [ 17.765552] [ 17.765717] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.765717] [ 17.766109] allocated by task 328 on cpu 0 at 17.762807s (0.003300s ago): [ 17.766484] test_alloc+0x364/0x10f0 [ 17.766679] test_corruption+0x1cb/0x3e0 [ 17.766849] kunit_try_run_case+0x1a5/0x480 [ 17.766998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.767265] kthread+0x337/0x6f0 [ 17.767440] ret_from_fork+0x116/0x1d0 [ 17.767685] ret_from_fork_asm+0x1a/0x30 [ 17.767862] [ 17.767947] freed by task 328 on cpu 0 at 17.762883s (0.005062s ago): [ 17.768239] test_corruption+0x2df/0x3e0 [ 17.768403] kunit_try_run_case+0x1a5/0x480 [ 17.768593] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.768828] kthread+0x337/0x6f0 [ 17.768951] ret_from_fork+0x116/0x1d0 [ 17.769109] ret_from_fork_asm+0x1a/0x30 [ 17.769309] [ 17.769462] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 17.769893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.770035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.770747] ================================================================== [ 18.698885] ================================================================== [ 18.699336] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 18.699336] [ 18.699752] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#93): [ 18.700130] test_corruption+0x216/0x3e0 [ 18.700303] kunit_try_run_case+0x1a5/0x480 [ 18.700470] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.700745] kthread+0x337/0x6f0 [ 18.700918] ret_from_fork+0x116/0x1d0 [ 18.701055] ret_from_fork_asm+0x1a/0x30 [ 18.701340] [ 18.701442] kfence-#93: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.701442] [ 18.701832] allocated by task 330 on cpu 0 at 18.698759s (0.003071s ago): [ 18.702108] test_alloc+0x2a6/0x10f0 [ 18.702241] test_corruption+0x1cb/0x3e0 [ 18.702441] kunit_try_run_case+0x1a5/0x480 [ 18.702674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.702926] kthread+0x337/0x6f0 [ 18.703051] ret_from_fork+0x116/0x1d0 [ 18.703231] ret_from_fork_asm+0x1a/0x30 [ 18.703436] [ 18.703533] freed by task 330 on cpu 0 at 18.698811s (0.004720s ago): [ 18.703839] test_corruption+0x216/0x3e0 [ 18.703982] kunit_try_run_case+0x1a5/0x480 [ 18.704178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.704445] kthread+0x337/0x6f0 [ 18.704626] ret_from_fork+0x116/0x1d0 [ 18.704790] ret_from_fork_asm+0x1a/0x30 [ 18.704993] [ 18.705103] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 18.705597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.705808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.706148] ================================================================== [ 17.451005] ================================================================== [ 17.451507] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 17.451507] [ 17.451891] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#81): [ 17.452448] test_corruption+0x2d2/0x3e0 [ 17.452699] kunit_try_run_case+0x1a5/0x480 [ 17.452920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.453125] kthread+0x337/0x6f0 [ 17.453435] ret_from_fork+0x116/0x1d0 [ 17.453632] ret_from_fork_asm+0x1a/0x30 [ 17.453804] [ 17.453924] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.453924] [ 17.454348] allocated by task 328 on cpu 0 at 17.450838s (0.003507s ago): [ 17.454718] test_alloc+0x364/0x10f0 [ 17.454906] test_corruption+0xe6/0x3e0 [ 17.455106] kunit_try_run_case+0x1a5/0x480 [ 17.455384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.455641] kthread+0x337/0x6f0 [ 17.455834] ret_from_fork+0x116/0x1d0 [ 17.455999] ret_from_fork_asm+0x1a/0x30 [ 17.456142] [ 17.456217] freed by task 328 on cpu 0 at 17.450929s (0.005286s ago): [ 17.456686] test_corruption+0x2d2/0x3e0 [ 17.456848] kunit_try_run_case+0x1a5/0x480 [ 17.456993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.457555] kthread+0x337/0x6f0 [ 17.457752] ret_from_fork+0x116/0x1d0 [ 17.457931] ret_from_fork_asm+0x1a/0x30 [ 17.458116] [ 17.458695] CPU: 0 UID: 0 PID: 328 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 17.459448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.459605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.460003] ================================================================== [ 18.386933] ================================================================== [ 18.387369] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 18.387369] [ 18.387684] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#90): [ 18.388283] test_corruption+0x131/0x3e0 [ 18.388509] kunit_try_run_case+0x1a5/0x480 [ 18.388729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.388953] kthread+0x337/0x6f0 [ 18.389122] ret_from_fork+0x116/0x1d0 [ 18.389334] ret_from_fork_asm+0x1a/0x30 [ 18.389562] [ 18.389713] kfence-#90: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.389713] [ 18.390154] allocated by task 330 on cpu 0 at 18.386805s (0.003347s ago): [ 18.390441] test_alloc+0x2a6/0x10f0 [ 18.390583] test_corruption+0xe6/0x3e0 [ 18.390791] kunit_try_run_case+0x1a5/0x480 [ 18.391004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.391219] kthread+0x337/0x6f0 [ 18.391342] ret_from_fork+0x116/0x1d0 [ 18.391643] ret_from_fork_asm+0x1a/0x30 [ 18.391844] [ 18.391919] freed by task 330 on cpu 0 at 18.386854s (0.005062s ago): [ 18.392128] test_corruption+0x131/0x3e0 [ 18.392322] kunit_try_run_case+0x1a5/0x480 [ 18.392561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.392832] kthread+0x337/0x6f0 [ 18.393008] ret_from_fork+0x116/0x1d0 [ 18.393195] ret_from_fork_asm+0x1a/0x30 [ 18.393367] [ 18.393489] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 18.393865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.394069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.394603] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 17.138983] ================================================================== [ 17.139451] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 17.139451] [ 17.139893] Invalid free of 0x(____ptrval____) (in kfence-#78): [ 17.140166] test_invalid_addr_free+0x1e1/0x260 [ 17.140325] kunit_try_run_case+0x1a5/0x480 [ 17.140524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.140785] kthread+0x337/0x6f0 [ 17.140978] ret_from_fork+0x116/0x1d0 [ 17.141110] ret_from_fork_asm+0x1a/0x30 [ 17.141281] [ 17.141383] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.141383] [ 17.141845] allocated by task 324 on cpu 0 at 17.138873s (0.002970s ago): [ 17.142168] test_alloc+0x364/0x10f0 [ 17.142351] test_invalid_addr_free+0xdb/0x260 [ 17.142566] kunit_try_run_case+0x1a5/0x480 [ 17.142780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.142954] kthread+0x337/0x6f0 [ 17.143075] ret_from_fork+0x116/0x1d0 [ 17.143204] ret_from_fork_asm+0x1a/0x30 [ 17.143371] [ 17.143482] CPU: 0 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 17.144022] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.144211] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.144584] ================================================================== [ 17.242940] ================================================================== [ 17.243335] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 17.243335] [ 17.243830] Invalid free of 0x(____ptrval____) (in kfence-#79): [ 17.244067] test_invalid_addr_free+0xfb/0x260 [ 17.244279] kunit_try_run_case+0x1a5/0x480 [ 17.244542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.244816] kthread+0x337/0x6f0 [ 17.244980] ret_from_fork+0x116/0x1d0 [ 17.245123] ret_from_fork_asm+0x1a/0x30 [ 17.245342] [ 17.245457] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.245457] [ 17.245870] allocated by task 326 on cpu 1 at 17.242852s (0.003016s ago): [ 17.246201] test_alloc+0x2a6/0x10f0 [ 17.246378] test_invalid_addr_free+0xdb/0x260 [ 17.246530] kunit_try_run_case+0x1a5/0x480 [ 17.247095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.247484] kthread+0x337/0x6f0 [ 17.247674] ret_from_fork+0x116/0x1d0 [ 17.247863] ret_from_fork_asm+0x1a/0x30 [ 17.248011] [ 17.248106] CPU: 1 UID: 0 PID: 326 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 17.248542] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.248751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.249116] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 16.931016] ================================================================== [ 16.931484] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 16.931484] [ 16.931876] Invalid free of 0x(____ptrval____) (in kfence-#76): [ 16.932134] test_double_free+0x1d3/0x260 [ 16.932344] kunit_try_run_case+0x1a5/0x480 [ 16.932663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.932926] kthread+0x337/0x6f0 [ 16.933099] ret_from_fork+0x116/0x1d0 [ 16.933348] ret_from_fork_asm+0x1a/0x30 [ 16.933495] [ 16.933569] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.933569] [ 16.934016] allocated by task 320 on cpu 0 at 16.930833s (0.003181s ago): [ 16.934432] test_alloc+0x364/0x10f0 [ 16.934577] test_double_free+0xdb/0x260 [ 16.934725] kunit_try_run_case+0x1a5/0x480 [ 16.934872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.935138] kthread+0x337/0x6f0 [ 16.935357] ret_from_fork+0x116/0x1d0 [ 16.935657] ret_from_fork_asm+0x1a/0x30 [ 16.936066] [ 16.936695] freed by task 320 on cpu 0 at 16.930893s (0.005799s ago): [ 16.937001] test_double_free+0x1e0/0x260 [ 16.937249] kunit_try_run_case+0x1a5/0x480 [ 16.937545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.937968] kthread+0x337/0x6f0 [ 16.938238] ret_from_fork+0x116/0x1d0 [ 16.938447] ret_from_fork_asm+0x1a/0x30 [ 16.938789] [ 16.939013] CPU: 0 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.939655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.939952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.940447] ================================================================== [ 17.035094] ================================================================== [ 17.035497] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 17.035497] [ 17.035870] Invalid free of 0x(____ptrval____) (in kfence-#77): [ 17.036149] test_double_free+0x112/0x260 [ 17.036358] kunit_try_run_case+0x1a5/0x480 [ 17.036744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.036992] kthread+0x337/0x6f0 [ 17.037136] ret_from_fork+0x116/0x1d0 [ 17.037299] ret_from_fork_asm+0x1a/0x30 [ 17.037525] [ 17.037621] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.037621] [ 17.037949] allocated by task 322 on cpu 1 at 17.034833s (0.003113s ago): [ 17.038204] test_alloc+0x2a6/0x10f0 [ 17.038391] test_double_free+0xdb/0x260 [ 17.038784] kunit_try_run_case+0x1a5/0x480 [ 17.038970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.039143] kthread+0x337/0x6f0 [ 17.039420] ret_from_fork+0x116/0x1d0 [ 17.039623] ret_from_fork_asm+0x1a/0x30 [ 17.039795] [ 17.039889] freed by task 322 on cpu 1 at 17.034885s (0.005002s ago): [ 17.040131] test_double_free+0xfa/0x260 [ 17.040270] kunit_try_run_case+0x1a5/0x480 [ 17.040457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.040719] kthread+0x337/0x6f0 [ 17.040955] ret_from_fork+0x116/0x1d0 [ 17.041115] ret_from_fork_asm+0x1a/0x30 [ 17.041364] [ 17.041468] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 17.042009] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.042151] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.042580] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 16.619071] ================================================================== [ 16.619472] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.619472] [ 16.619998] Use-after-free read at 0x(____ptrval____) (in kfence-#73): [ 16.620301] test_use_after_free_read+0x129/0x270 [ 16.620532] kunit_try_run_case+0x1a5/0x480 [ 16.620799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.621039] kthread+0x337/0x6f0 [ 16.621166] ret_from_fork+0x116/0x1d0 [ 16.621399] ret_from_fork_asm+0x1a/0x30 [ 16.621693] [ 16.621798] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.621798] [ 16.622229] allocated by task 314 on cpu 1 at 16.618872s (0.003355s ago): [ 16.622640] test_alloc+0x2a6/0x10f0 [ 16.622833] test_use_after_free_read+0xdc/0x270 [ 16.623044] kunit_try_run_case+0x1a5/0x480 [ 16.623337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.623626] kthread+0x337/0x6f0 [ 16.623801] ret_from_fork+0x116/0x1d0 [ 16.624004] ret_from_fork_asm+0x1a/0x30 [ 16.624320] [ 16.624396] freed by task 314 on cpu 1 at 16.618928s (0.005466s ago): [ 16.624644] test_use_after_free_read+0xfb/0x270 [ 16.625023] kunit_try_run_case+0x1a5/0x480 [ 16.625308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.625569] kthread+0x337/0x6f0 [ 16.625757] ret_from_fork+0x116/0x1d0 [ 16.625944] ret_from_fork_asm+0x1a/0x30 [ 16.626171] [ 16.626379] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.626985] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.627168] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.627535] ================================================================== [ 16.515026] ================================================================== [ 16.515467] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.515467] [ 16.515931] Use-after-free read at 0x(____ptrval____) (in kfence-#72): [ 16.516191] test_use_after_free_read+0x129/0x270 [ 16.516360] kunit_try_run_case+0x1a5/0x480 [ 16.516669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.516933] kthread+0x337/0x6f0 [ 16.517072] ret_from_fork+0x116/0x1d0 [ 16.517269] ret_from_fork_asm+0x1a/0x30 [ 16.517459] [ 16.517535] kfence-#72: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.517535] [ 16.517931] allocated by task 312 on cpu 0 at 16.514827s (0.003102s ago): [ 16.518263] test_alloc+0x364/0x10f0 [ 16.518763] test_use_after_free_read+0xdc/0x270 [ 16.519002] kunit_try_run_case+0x1a5/0x480 [ 16.519209] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.519731] kthread+0x337/0x6f0 [ 16.519910] ret_from_fork+0x116/0x1d0 [ 16.520105] ret_from_fork_asm+0x1a/0x30 [ 16.520543] [ 16.520637] freed by task 312 on cpu 0 at 16.514878s (0.005757s ago): [ 16.520929] test_use_after_free_read+0x1e7/0x270 [ 16.521151] kunit_try_run_case+0x1a5/0x480 [ 16.521353] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.521849] kthread+0x337/0x6f0 [ 16.522077] ret_from_fork+0x116/0x1d0 [ 16.522383] ret_from_fork_asm+0x1a/0x30 [ 16.522657] [ 16.522765] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.523456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.523729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.524113] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.387846] ================================================================== [ 11.389336] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.389730] Write of size 33 at addr ffff8881026b6780 by task kunit_try_catch/203 [ 11.389965] [ 11.390057] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.390105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.390116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.390138] Call Trace: [ 11.390150] <TASK> [ 11.390166] dump_stack_lvl+0x73/0xb0 [ 11.390414] print_report+0xd1/0x650 [ 11.390437] ? __virt_addr_valid+0x1db/0x2d0 [ 11.390461] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.390493] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.390515] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.390730] kasan_report+0x141/0x180 [ 11.390757] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.390785] kasan_check_range+0x10c/0x1c0 [ 11.390809] __asan_memset+0x27/0x50 [ 11.390829] kmalloc_uaf_memset+0x1a3/0x360 [ 11.390850] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.390872] ? __schedule+0x10cc/0x2b60 [ 11.390896] ? __pfx_read_tsc+0x10/0x10 [ 11.390916] ? ktime_get_ts64+0x86/0x230 [ 11.390940] kunit_try_run_case+0x1a5/0x480 [ 11.390964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.390985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.391008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.391030] ? __kthread_parkme+0x82/0x180 [ 11.391050] ? preempt_count_sub+0x50/0x80 [ 11.391074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.391097] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.391119] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.391142] kthread+0x337/0x6f0 [ 11.391163] ? trace_preempt_on+0x20/0xc0 [ 11.391195] ? __pfx_kthread+0x10/0x10 [ 11.391216] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.391236] ? calculate_sigpending+0x7b/0xa0 [ 11.391259] ? __pfx_kthread+0x10/0x10 [ 11.391280] ret_from_fork+0x116/0x1d0 [ 11.391298] ? __pfx_kthread+0x10/0x10 [ 11.391318] ret_from_fork_asm+0x1a/0x30 [ 11.391349] </TASK> [ 11.391359] [ 11.408298] Allocated by task 203: [ 11.408692] kasan_save_stack+0x45/0x70 [ 11.409032] kasan_save_track+0x18/0x40 [ 11.409171] kasan_save_alloc_info+0x3b/0x50 [ 11.409874] __kasan_kmalloc+0xb7/0xc0 [ 11.410479] __kmalloc_cache_noprof+0x189/0x420 [ 11.410981] kmalloc_uaf_memset+0xa9/0x360 [ 11.411328] kunit_try_run_case+0x1a5/0x480 [ 11.411484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.411688] kthread+0x337/0x6f0 [ 11.412027] ret_from_fork+0x116/0x1d0 [ 11.412375] ret_from_fork_asm+0x1a/0x30 [ 11.412750] [ 11.412961] Freed by task 203: [ 11.413310] kasan_save_stack+0x45/0x70 [ 11.413699] kasan_save_track+0x18/0x40 [ 11.414137] kasan_save_free_info+0x3f/0x60 [ 11.414630] __kasan_slab_free+0x56/0x70 [ 11.414855] kfree+0x222/0x3f0 [ 11.414968] kmalloc_uaf_memset+0x12b/0x360 [ 11.415111] kunit_try_run_case+0x1a5/0x480 [ 11.415417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.415963] kthread+0x337/0x6f0 [ 11.416324] ret_from_fork+0x116/0x1d0 [ 11.416750] ret_from_fork_asm+0x1a/0x30 [ 11.417162] [ 11.417336] The buggy address belongs to the object at ffff8881026b6780 [ 11.417336] which belongs to the cache kmalloc-64 of size 64 [ 11.418528] The buggy address is located 0 bytes inside of [ 11.418528] freed 64-byte region [ffff8881026b6780, ffff8881026b67c0) [ 11.419044] [ 11.419128] The buggy address belongs to the physical page: [ 11.419364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026b6 [ 11.419751] flags: 0x200000000000000(node=0|zone=2) [ 11.419917] page_type: f5(slab) [ 11.420039] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.420282] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.420697] page dumped because: kasan: bad access detected [ 11.421254] [ 11.421380] Memory state around the buggy address: [ 11.421842] ffff8881026b6680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.422138] ffff8881026b6700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.422884] >ffff8881026b6780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.423396] ^ [ 11.423692] ffff8881026b6800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.423988] ffff8881026b6880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.424368] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.350982] ================================================================== [ 11.352503] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.353294] Read of size 1 at addr ffff888101d83648 by task kunit_try_catch/201 [ 11.354009] [ 11.354211] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.354259] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.354272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.354292] Call Trace: [ 11.354473] <TASK> [ 11.354505] dump_stack_lvl+0x73/0xb0 [ 11.354549] print_report+0xd1/0x650 [ 11.354573] ? __virt_addr_valid+0x1db/0x2d0 [ 11.354595] ? kmalloc_uaf+0x320/0x380 [ 11.354624] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.354647] ? kmalloc_uaf+0x320/0x380 [ 11.354668] kasan_report+0x141/0x180 [ 11.354690] ? kmalloc_uaf+0x320/0x380 [ 11.354715] __asan_report_load1_noabort+0x18/0x20 [ 11.354736] kmalloc_uaf+0x320/0x380 [ 11.354756] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.354777] ? __schedule+0x10cc/0x2b60 [ 11.354799] ? __pfx_read_tsc+0x10/0x10 [ 11.354819] ? ktime_get_ts64+0x86/0x230 [ 11.354843] kunit_try_run_case+0x1a5/0x480 [ 11.354868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.354889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.354912] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.354933] ? __kthread_parkme+0x82/0x180 [ 11.354954] ? preempt_count_sub+0x50/0x80 [ 11.354978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.355002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.355026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.355049] kthread+0x337/0x6f0 [ 11.355068] ? trace_preempt_on+0x20/0xc0 [ 11.355091] ? __pfx_kthread+0x10/0x10 [ 11.355112] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.355132] ? calculate_sigpending+0x7b/0xa0 [ 11.355156] ? __pfx_kthread+0x10/0x10 [ 11.355177] ret_from_fork+0x116/0x1d0 [ 11.355195] ? __pfx_kthread+0x10/0x10 [ 11.355216] ret_from_fork_asm+0x1a/0x30 [ 11.355246] </TASK> [ 11.355257] [ 11.369515] Allocated by task 201: [ 11.369837] kasan_save_stack+0x45/0x70 [ 11.369997] kasan_save_track+0x18/0x40 [ 11.370132] kasan_save_alloc_info+0x3b/0x50 [ 11.370502] __kasan_kmalloc+0xb7/0xc0 [ 11.370958] __kmalloc_cache_noprof+0x189/0x420 [ 11.371507] kmalloc_uaf+0xaa/0x380 [ 11.372050] kunit_try_run_case+0x1a5/0x480 [ 11.372418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.372716] kthread+0x337/0x6f0 [ 11.373055] ret_from_fork+0x116/0x1d0 [ 11.373445] ret_from_fork_asm+0x1a/0x30 [ 11.373871] [ 11.373980] Freed by task 201: [ 11.374140] kasan_save_stack+0x45/0x70 [ 11.374545] kasan_save_track+0x18/0x40 [ 11.374880] kasan_save_free_info+0x3f/0x60 [ 11.375031] __kasan_slab_free+0x56/0x70 [ 11.375171] kfree+0x222/0x3f0 [ 11.375483] kmalloc_uaf+0x12c/0x380 [ 11.376054] kunit_try_run_case+0x1a5/0x480 [ 11.376530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.377251] kthread+0x337/0x6f0 [ 11.377599] ret_from_fork+0x116/0x1d0 [ 11.377956] ret_from_fork_asm+0x1a/0x30 [ 11.378260] [ 11.378475] The buggy address belongs to the object at ffff888101d83640 [ 11.378475] which belongs to the cache kmalloc-16 of size 16 [ 11.379114] The buggy address is located 8 bytes inside of [ 11.379114] freed 16-byte region [ffff888101d83640, ffff888101d83650) [ 11.380229] [ 11.380382] The buggy address belongs to the physical page: [ 11.380733] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 11.380977] flags: 0x200000000000000(node=0|zone=2) [ 11.381143] page_type: f5(slab) [ 11.381282] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.381734] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.382050] page dumped because: kasan: bad access detected [ 11.382377] [ 11.382449] Memory state around the buggy address: [ 11.382750] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 11.383145] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 11.383685] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc fc fc fc fc [ 11.383930] ^ [ 11.384220] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.384503] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.384903] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.317386] ================================================================== [ 11.318078] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.318699] Read of size 64 at addr ffff8881029cfc84 by task kunit_try_catch/199 [ 11.319481] [ 11.319710] CPU: 0 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.319760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.319772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.319792] Call Trace: [ 11.319805] <TASK> [ 11.319820] dump_stack_lvl+0x73/0xb0 [ 11.319848] print_report+0xd1/0x650 [ 11.319872] ? __virt_addr_valid+0x1db/0x2d0 [ 11.319894] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.319918] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.319939] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.319964] kasan_report+0x141/0x180 [ 11.319985] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.320014] kasan_check_range+0x10c/0x1c0 [ 11.320038] __asan_memmove+0x27/0x70 [ 11.320060] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.320084] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.320109] ? __schedule+0x10cc/0x2b60 [ 11.320131] ? __pfx_read_tsc+0x10/0x10 [ 11.320151] ? ktime_get_ts64+0x86/0x230 [ 11.320176] kunit_try_run_case+0x1a5/0x480 [ 11.320200] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.320221] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.320243] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.320264] ? __kthread_parkme+0x82/0x180 [ 11.320284] ? preempt_count_sub+0x50/0x80 [ 11.320308] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.320330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.320352] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.320374] kthread+0x337/0x6f0 [ 11.320394] ? trace_preempt_on+0x20/0xc0 [ 11.320416] ? __pfx_kthread+0x10/0x10 [ 11.320437] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.320456] ? calculate_sigpending+0x7b/0xa0 [ 11.320479] ? __pfx_kthread+0x10/0x10 [ 11.320501] ret_from_fork+0x116/0x1d0 [ 11.320518] ? __pfx_kthread+0x10/0x10 [ 11.320558] ret_from_fork_asm+0x1a/0x30 [ 11.320588] </TASK> [ 11.320599] [ 11.328858] Allocated by task 199: [ 11.328988] kasan_save_stack+0x45/0x70 [ 11.329135] kasan_save_track+0x18/0x40 [ 11.329272] kasan_save_alloc_info+0x3b/0x50 [ 11.329417] __kasan_kmalloc+0xb7/0xc0 [ 11.329549] __kmalloc_cache_noprof+0x189/0x420 [ 11.330602] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.331443] kunit_try_run_case+0x1a5/0x480 [ 11.332232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.333080] kthread+0x337/0x6f0 [ 11.333743] ret_from_fork+0x116/0x1d0 [ 11.334390] ret_from_fork_asm+0x1a/0x30 [ 11.335074] [ 11.335504] The buggy address belongs to the object at ffff8881029cfc80 [ 11.335504] which belongs to the cache kmalloc-64 of size 64 [ 11.337207] The buggy address is located 4 bytes inside of [ 11.337207] allocated 64-byte region [ffff8881029cfc80, ffff8881029cfcc0) [ 11.339104] [ 11.339533] The buggy address belongs to the physical page: [ 11.340571] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cf [ 11.341483] flags: 0x200000000000000(node=0|zone=2) [ 11.341850] page_type: f5(slab) [ 11.341984] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.342645] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.343484] page dumped because: kasan: bad access detected [ 11.344325] [ 11.344702] Memory state around the buggy address: [ 11.345084] ffff8881029cfb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.345690] ffff8881029cfc00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.346228] >ffff8881029cfc80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.346838] ^ [ 11.347010] ffff8881029cfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.347681] ffff8881029cfd80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.348290] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.288803] ================================================================== [ 11.289364] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.289748] Read of size 18446744073709551614 at addr ffff8881029cfc04 by task kunit_try_catch/197 [ 11.290261] [ 11.290424] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.290487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.290499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.290520] Call Trace: [ 11.290541] <TASK> [ 11.290557] dump_stack_lvl+0x73/0xb0 [ 11.290587] print_report+0xd1/0x650 [ 11.290609] ? __virt_addr_valid+0x1db/0x2d0 [ 11.290653] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.290677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.290721] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.290764] kasan_report+0x141/0x180 [ 11.290787] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.290817] kasan_check_range+0x10c/0x1c0 [ 11.290842] __asan_memmove+0x27/0x70 [ 11.290862] kmalloc_memmove_negative_size+0x171/0x330 [ 11.290906] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.290940] kunit_try_run_case+0x1a5/0x480 [ 11.290964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.290985] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.291009] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.291031] ? __kthread_parkme+0x82/0x180 [ 11.291052] ? preempt_count_sub+0x50/0x80 [ 11.291076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.291100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.291122] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.291145] kthread+0x337/0x6f0 [ 11.291166] ? trace_preempt_on+0x20/0xc0 [ 11.291198] ? __pfx_kthread+0x10/0x10 [ 11.291219] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.291239] ? calculate_sigpending+0x7b/0xa0 [ 11.291263] ? __pfx_kthread+0x10/0x10 [ 11.291285] ret_from_fork+0x116/0x1d0 [ 11.291303] ? __pfx_kthread+0x10/0x10 [ 11.291339] ret_from_fork_asm+0x1a/0x30 [ 11.291372] </TASK> [ 11.291383] [ 11.302142] Allocated by task 197: [ 11.302341] kasan_save_stack+0x45/0x70 [ 11.302744] kasan_save_track+0x18/0x40 [ 11.302957] kasan_save_alloc_info+0x3b/0x50 [ 11.303286] __kasan_kmalloc+0xb7/0xc0 [ 11.303472] __kmalloc_cache_noprof+0x189/0x420 [ 11.303855] kmalloc_memmove_negative_size+0xac/0x330 [ 11.304087] kunit_try_run_case+0x1a5/0x480 [ 11.304441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.304913] kthread+0x337/0x6f0 [ 11.305197] ret_from_fork+0x116/0x1d0 [ 11.305514] ret_from_fork_asm+0x1a/0x30 [ 11.305696] [ 11.305790] The buggy address belongs to the object at ffff8881029cfc00 [ 11.305790] which belongs to the cache kmalloc-64 of size 64 [ 11.306682] The buggy address is located 4 bytes inside of [ 11.306682] 64-byte region [ffff8881029cfc00, ffff8881029cfc40) [ 11.307459] [ 11.307572] The buggy address belongs to the physical page: [ 11.307954] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029cf [ 11.308584] flags: 0x200000000000000(node=0|zone=2) [ 11.308888] page_type: f5(slab) [ 11.309295] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.309805] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.310117] page dumped because: kasan: bad access detected [ 11.310843] [ 11.310967] Memory state around the buggy address: [ 11.311177] ffff8881029cfb00: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 11.311459] ffff8881029cfb80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.312125] >ffff8881029cfc00: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.312812] ^ [ 11.313046] ffff8881029cfc80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.313355] ffff8881029cfd00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.313929] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.260238] ================================================================== [ 11.260787] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.261391] Write of size 16 at addr ffff8881026a8969 by task kunit_try_catch/195 [ 11.262085] [ 11.262365] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.262417] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.262430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.262451] Call Trace: [ 11.262468] <TASK> [ 11.262485] dump_stack_lvl+0x73/0xb0 [ 11.262515] print_report+0xd1/0x650 [ 11.262537] ? __virt_addr_valid+0x1db/0x2d0 [ 11.262560] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.262581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.262603] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.262636] kasan_report+0x141/0x180 [ 11.262659] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.262687] kasan_check_range+0x10c/0x1c0 [ 11.262710] __asan_memset+0x27/0x50 [ 11.262730] kmalloc_oob_memset_16+0x166/0x330 [ 11.262753] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.262776] ? __schedule+0x10cc/0x2b60 [ 11.262798] ? __pfx_read_tsc+0x10/0x10 [ 11.262818] ? ktime_get_ts64+0x86/0x230 [ 11.262842] kunit_try_run_case+0x1a5/0x480 [ 11.262865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.262894] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.262915] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.262937] ? __kthread_parkme+0x82/0x180 [ 11.262957] ? preempt_count_sub+0x50/0x80 [ 11.262980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.263003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.263025] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.263047] kthread+0x337/0x6f0 [ 11.263067] ? trace_preempt_on+0x20/0xc0 [ 11.263090] ? __pfx_kthread+0x10/0x10 [ 11.263110] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.263130] ? calculate_sigpending+0x7b/0xa0 [ 11.263153] ? __pfx_kthread+0x10/0x10 [ 11.263175] ret_from_fork+0x116/0x1d0 [ 11.263192] ? __pfx_kthread+0x10/0x10 [ 11.263212] ret_from_fork_asm+0x1a/0x30 [ 11.263244] </TASK> [ 11.263254] [ 11.273946] Allocated by task 195: [ 11.274121] kasan_save_stack+0x45/0x70 [ 11.274546] kasan_save_track+0x18/0x40 [ 11.274918] kasan_save_alloc_info+0x3b/0x50 [ 11.275230] __kasan_kmalloc+0xb7/0xc0 [ 11.275530] __kmalloc_cache_noprof+0x189/0x420 [ 11.275774] kmalloc_oob_memset_16+0xac/0x330 [ 11.276162] kunit_try_run_case+0x1a5/0x480 [ 11.276514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.276963] kthread+0x337/0x6f0 [ 11.277125] ret_from_fork+0x116/0x1d0 [ 11.277466] ret_from_fork_asm+0x1a/0x30 [ 11.277738] [ 11.278041] The buggy address belongs to the object at ffff8881026a8900 [ 11.278041] which belongs to the cache kmalloc-128 of size 128 [ 11.278880] The buggy address is located 105 bytes inside of [ 11.278880] allocated 120-byte region [ffff8881026a8900, ffff8881026a8978) [ 11.279493] [ 11.279704] The buggy address belongs to the physical page: [ 11.280059] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.280481] flags: 0x200000000000000(node=0|zone=2) [ 11.280983] page_type: f5(slab) [ 11.281244] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.281815] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.282275] page dumped because: kasan: bad access detected [ 11.282639] [ 11.282739] Memory state around the buggy address: [ 11.282947] ffff8881026a8800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.283500] ffff8881026a8880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.284088] >ffff8881026a8900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.284491] ^ [ 11.285138] ffff8881026a8980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.285649] ffff8881026a8a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.285975] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.234440] ================================================================== [ 11.234999] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.235323] Write of size 8 at addr ffff8881026a8871 by task kunit_try_catch/193 [ 11.235718] [ 11.235838] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.235884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.235896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.235916] Call Trace: [ 11.235938] <TASK> [ 11.235955] dump_stack_lvl+0x73/0xb0 [ 11.235983] print_report+0xd1/0x650 [ 11.236005] ? __virt_addr_valid+0x1db/0x2d0 [ 11.236028] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.236050] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.236072] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.236094] kasan_report+0x141/0x180 [ 11.236116] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.236143] kasan_check_range+0x10c/0x1c0 [ 11.236166] __asan_memset+0x27/0x50 [ 11.236198] kmalloc_oob_memset_8+0x166/0x330 [ 11.236221] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.236244] ? __schedule+0x10cc/0x2b60 [ 11.236266] ? __pfx_read_tsc+0x10/0x10 [ 11.236286] ? ktime_get_ts64+0x86/0x230 [ 11.236310] kunit_try_run_case+0x1a5/0x480 [ 11.236334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.236355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.236377] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.236399] ? __kthread_parkme+0x82/0x180 [ 11.236419] ? preempt_count_sub+0x50/0x80 [ 11.236443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.236466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.236489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.236511] kthread+0x337/0x6f0 [ 11.236539] ? trace_preempt_on+0x20/0xc0 [ 11.236563] ? __pfx_kthread+0x10/0x10 [ 11.236583] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.236603] ? calculate_sigpending+0x7b/0xa0 [ 11.236636] ? __pfx_kthread+0x10/0x10 [ 11.236658] ret_from_fork+0x116/0x1d0 [ 11.236675] ? __pfx_kthread+0x10/0x10 [ 11.236696] ret_from_fork_asm+0x1a/0x30 [ 11.236727] </TASK> [ 11.236737] [ 11.246990] Allocated by task 193: [ 11.247149] kasan_save_stack+0x45/0x70 [ 11.247736] kasan_save_track+0x18/0x40 [ 11.247918] kasan_save_alloc_info+0x3b/0x50 [ 11.248115] __kasan_kmalloc+0xb7/0xc0 [ 11.248437] __kmalloc_cache_noprof+0x189/0x420 [ 11.248813] kmalloc_oob_memset_8+0xac/0x330 [ 11.249018] kunit_try_run_case+0x1a5/0x480 [ 11.249214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.249622] kthread+0x337/0x6f0 [ 11.249779] ret_from_fork+0x116/0x1d0 [ 11.250083] ret_from_fork_asm+0x1a/0x30 [ 11.250430] [ 11.250564] The buggy address belongs to the object at ffff8881026a8800 [ 11.250564] which belongs to the cache kmalloc-128 of size 128 [ 11.250967] The buggy address is located 113 bytes inside of [ 11.250967] allocated 120-byte region [ffff8881026a8800, ffff8881026a8878) [ 11.251540] [ 11.251653] The buggy address belongs to the physical page: [ 11.251840] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.252609] flags: 0x200000000000000(node=0|zone=2) [ 11.252891] page_type: f5(slab) [ 11.253039] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.253393] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.253892] page dumped because: kasan: bad access detected [ 11.254157] [ 11.254272] Memory state around the buggy address: [ 11.254709] ffff8881026a8700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.255015] ffff8881026a8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.255513] >ffff8881026a8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.255950] ^ [ 11.256329] ffff8881026a8880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.256914] ffff8881026a8900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.257227] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 16.306931] ================================================================== [ 16.307387] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.307387] [ 16.307890] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#70): [ 16.308195] test_out_of_bounds_write+0x10d/0x260 [ 16.308806] kunit_try_run_case+0x1a5/0x480 [ 16.309039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.309300] kthread+0x337/0x6f0 [ 16.309469] ret_from_fork+0x116/0x1d0 [ 16.309681] ret_from_fork_asm+0x1a/0x30 [ 16.309852] [ 16.309956] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.309956] [ 16.310844] allocated by task 308 on cpu 0 at 16.306811s (0.004030s ago): [ 16.311121] test_alloc+0x364/0x10f0 [ 16.311445] test_out_of_bounds_write+0xd4/0x260 [ 16.311743] kunit_try_run_case+0x1a5/0x480 [ 16.311940] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.312383] kthread+0x337/0x6f0 [ 16.312627] ret_from_fork+0x116/0x1d0 [ 16.312784] ret_from_fork_asm+0x1a/0x30 [ 16.313107] [ 16.313221] CPU: 0 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.313877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.314135] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.314593] ================================================================== [ 16.410938] ================================================================== [ 16.411404] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.411404] [ 16.411870] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#71): [ 16.412160] test_out_of_bounds_write+0x10d/0x260 [ 16.412391] kunit_try_run_case+0x1a5/0x480 [ 16.412553] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.412832] kthread+0x337/0x6f0 [ 16.412962] ret_from_fork+0x116/0x1d0 [ 16.413157] ret_from_fork_asm+0x1a/0x30 [ 16.413398] [ 16.413473] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.413473] [ 16.413873] allocated by task 310 on cpu 1 at 16.410878s (0.002993s ago): [ 16.414154] test_alloc+0x2a6/0x10f0 [ 16.414383] test_out_of_bounds_write+0xd4/0x260 [ 16.414590] kunit_try_run_case+0x1a5/0x480 [ 16.414789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.415004] kthread+0x337/0x6f0 [ 16.415178] ret_from_fork+0x116/0x1d0 [ 16.415379] ret_from_fork_asm+0x1a/0x30 [ 16.415561] [ 16.415669] CPU: 1 UID: 0 PID: 310 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.416146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.416361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.416647] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 16.098902] ================================================================== [ 16.099352] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.099352] [ 16.099802] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#68): [ 16.100111] test_out_of_bounds_read+0x126/0x4e0 [ 16.100322] kunit_try_run_case+0x1a5/0x480 [ 16.100477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.100777] kthread+0x337/0x6f0 [ 16.100991] ret_from_fork+0x116/0x1d0 [ 16.101156] ret_from_fork_asm+0x1a/0x30 [ 16.101361] [ 16.101438] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.101438] [ 16.101825] allocated by task 306 on cpu 0 at 16.098844s (0.002979s ago): [ 16.102152] test_alloc+0x2a6/0x10f0 [ 16.102405] test_out_of_bounds_read+0xed/0x4e0 [ 16.102601] kunit_try_run_case+0x1a5/0x480 [ 16.102785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.103048] kthread+0x337/0x6f0 [ 16.103467] ret_from_fork+0x116/0x1d0 [ 16.103696] ret_from_fork_asm+0x1a/0x30 [ 16.103857] [ 16.103987] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.104427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.104639] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.105006] ================================================================== [ 15.890990] ================================================================== [ 15.891415] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 15.891415] [ 15.891837] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#66): [ 15.892170] test_out_of_bounds_read+0x216/0x4e0 [ 15.892410] kunit_try_run_case+0x1a5/0x480 [ 15.892607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.892867] kthread+0x337/0x6f0 [ 15.893038] ret_from_fork+0x116/0x1d0 [ 15.893235] ret_from_fork_asm+0x1a/0x30 [ 15.893389] [ 15.893468] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.893468] [ 15.893861] allocated by task 304 on cpu 0 at 15.890821s (0.003038s ago): [ 15.894192] test_alloc+0x364/0x10f0 [ 15.894471] test_out_of_bounds_read+0x1e2/0x4e0 [ 15.894695] kunit_try_run_case+0x1a5/0x480 [ 15.894889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.895093] kthread+0x337/0x6f0 [ 15.895217] ret_from_fork+0x116/0x1d0 [ 15.895453] ret_from_fork_asm+0x1a/0x30 [ 15.895669] [ 15.895792] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.896167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.896437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.896900] ================================================================== [ 15.579728] ================================================================== [ 15.580264] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.580264] [ 15.580765] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#63): [ 15.581084] test_out_of_bounds_read+0x126/0x4e0 [ 15.581283] kunit_try_run_case+0x1a5/0x480 [ 15.581528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.581795] kthread+0x337/0x6f0 [ 15.581928] ret_from_fork+0x116/0x1d0 [ 15.582124] ret_from_fork_asm+0x1a/0x30 [ 15.582454] [ 15.582543] kfence-#63: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.582543] [ 15.582882] allocated by task 304 on cpu 0 at 15.578820s (0.004060s ago): [ 15.583207] test_alloc+0x364/0x10f0 [ 15.583411] test_out_of_bounds_read+0xed/0x4e0 [ 15.583640] kunit_try_run_case+0x1a5/0x480 [ 15.583789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.584007] kthread+0x337/0x6f0 [ 15.584183] ret_from_fork+0x116/0x1d0 [ 15.584482] ret_from_fork_asm+0x1a/0x30 [ 15.584703] [ 15.584833] CPU: 0 UID: 0 PID: 304 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.585225] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.585434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.585827] ================================================================== [ 16.202848] ================================================================== [ 16.203193] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.203193] [ 16.203506] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#69): [ 16.204142] test_out_of_bounds_read+0x216/0x4e0 [ 16.204608] kunit_try_run_case+0x1a5/0x480 [ 16.205019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.205234] kthread+0x337/0x6f0 [ 16.205364] ret_from_fork+0x116/0x1d0 [ 16.205502] ret_from_fork_asm+0x1a/0x30 [ 16.205658] [ 16.205735] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.205735] [ 16.206010] allocated by task 306 on cpu 0 at 16.202799s (0.003209s ago): [ 16.206321] test_alloc+0x2a6/0x10f0 [ 16.206664] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.207072] kunit_try_run_case+0x1a5/0x480 [ 16.207506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.207976] kthread+0x337/0x6f0 [ 16.208125] ret_from_fork+0x116/0x1d0 [ 16.208450] ret_from_fork_asm+0x1a/0x30 [ 16.208635] [ 16.208758] CPU: 0 UID: 0 PID: 306 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 16.209288] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.209492] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.209951] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 10.526883] ================================================================== [ 10.527846] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 10.527846] [ 10.528292] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#31): [ 10.529120] kmalloc_track_caller_oob_right+0x288/0x520 [ 10.529432] kunit_try_run_case+0x1a5/0x480 [ 10.529645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.529863] kthread+0x337/0x6f0 [ 10.530062] ret_from_fork+0x116/0x1d0 [ 10.530273] ret_from_fork_asm+0x1a/0x30 [ 10.530501] [ 10.531121] kfence-#31: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 10.531121] [ 10.531882] allocated by task 159 on cpu 0 at 10.525241s (0.006542s ago): [ 10.532380] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.533187] kunit_try_run_case+0x1a5/0x480 [ 10.533429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.533835] kthread+0x337/0x6f0 [ 10.534039] ret_from_fork+0x116/0x1d0 [ 10.534316] ret_from_fork_asm+0x1a/0x30 [ 10.534775] [ 10.534984] freed by task 159 on cpu 0 at 10.526423s (0.008487s ago): [ 10.535232] kmalloc_track_caller_oob_right+0x288/0x520 [ 10.535486] kunit_try_run_case+0x1a5/0x480 [ 10.535716] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.535932] kthread+0x337/0x6f0 [ 10.536146] ret_from_fork+0x116/0x1d0 [ 10.536358] ret_from_fork_asm+0x1a/0x30 [ 10.536567] [ 10.536750] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.537217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.537443] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.537822] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.311280] ================================================================== [ 15.311914] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.312341] Write of size 1 at addr ffff8881029cec78 by task kunit_try_catch/302 [ 15.312681] [ 15.312946] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.312996] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.313010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.313032] Call Trace: [ 15.313048] <TASK> [ 15.313064] dump_stack_lvl+0x73/0xb0 [ 15.313163] print_report+0xd1/0x650 [ 15.313196] ? __virt_addr_valid+0x1db/0x2d0 [ 15.313221] ? strncpy_from_user+0x1a5/0x1d0 [ 15.313245] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.313269] ? strncpy_from_user+0x1a5/0x1d0 [ 15.313293] kasan_report+0x141/0x180 [ 15.313317] ? strncpy_from_user+0x1a5/0x1d0 [ 15.313348] __asan_report_store1_noabort+0x1b/0x30 [ 15.313371] strncpy_from_user+0x1a5/0x1d0 [ 15.313398] copy_user_test_oob+0x760/0x10f0 [ 15.313422] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.313442] ? finish_task_switch.isra.0+0x153/0x700 [ 15.313465] ? __switch_to+0x47/0xf50 [ 15.313491] ? __schedule+0x10cc/0x2b60 [ 15.313513] ? __pfx_read_tsc+0x10/0x10 [ 15.313534] ? ktime_get_ts64+0x86/0x230 [ 15.313559] kunit_try_run_case+0x1a5/0x480 [ 15.313583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.313606] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.313642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.313667] ? __kthread_parkme+0x82/0x180 [ 15.313690] ? preempt_count_sub+0x50/0x80 [ 15.313714] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.313739] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.313763] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.313787] kthread+0x337/0x6f0 [ 15.313807] ? trace_preempt_on+0x20/0xc0 [ 15.313832] ? __pfx_kthread+0x10/0x10 [ 15.313853] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.313875] ? calculate_sigpending+0x7b/0xa0 [ 15.313899] ? __pfx_kthread+0x10/0x10 [ 15.313921] ret_from_fork+0x116/0x1d0 [ 15.313940] ? __pfx_kthread+0x10/0x10 [ 15.313962] ret_from_fork_asm+0x1a/0x30 [ 15.313994] </TASK> [ 15.314005] [ 15.323580] Allocated by task 302: [ 15.323888] kasan_save_stack+0x45/0x70 [ 15.324047] kasan_save_track+0x18/0x40 [ 15.324365] kasan_save_alloc_info+0x3b/0x50 [ 15.324696] __kasan_kmalloc+0xb7/0xc0 [ 15.324842] __kmalloc_noprof+0x1c9/0x500 [ 15.325163] kunit_kmalloc_array+0x25/0x60 [ 15.325413] copy_user_test_oob+0xab/0x10f0 [ 15.325756] kunit_try_run_case+0x1a5/0x480 [ 15.325968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.326297] kthread+0x337/0x6f0 [ 15.326450] ret_from_fork+0x116/0x1d0 [ 15.326648] ret_from_fork_asm+0x1a/0x30 [ 15.326840] [ 15.326932] The buggy address belongs to the object at ffff8881029cec00 [ 15.326932] which belongs to the cache kmalloc-128 of size 128 [ 15.327710] The buggy address is located 0 bytes to the right of [ 15.327710] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.328270] [ 15.328498] The buggy address belongs to the physical page: [ 15.328720] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.329165] flags: 0x200000000000000(node=0|zone=2) [ 15.329472] page_type: f5(slab) [ 15.329606] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.330040] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.330574] page dumped because: kasan: bad access detected [ 15.330888] [ 15.330969] Memory state around the buggy address: [ 15.331339] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.331670] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.331981] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.332508] ^ [ 15.332804] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.333182] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.333554] ================================================================== [ 15.287119] ================================================================== [ 15.287730] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.288131] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.288534] [ 15.288843] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.288977] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.288994] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.289017] Call Trace: [ 15.289031] <TASK> [ 15.289047] dump_stack_lvl+0x73/0xb0 [ 15.289076] print_report+0xd1/0x650 [ 15.289101] ? __virt_addr_valid+0x1db/0x2d0 [ 15.289125] ? strncpy_from_user+0x2e/0x1d0 [ 15.289149] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.289173] ? strncpy_from_user+0x2e/0x1d0 [ 15.289199] kasan_report+0x141/0x180 [ 15.289223] ? strncpy_from_user+0x2e/0x1d0 [ 15.289251] kasan_check_range+0x10c/0x1c0 [ 15.289277] __kasan_check_write+0x18/0x20 [ 15.289297] strncpy_from_user+0x2e/0x1d0 [ 15.289320] ? __kasan_check_read+0x15/0x20 [ 15.289343] copy_user_test_oob+0x760/0x10f0 [ 15.289366] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.289387] ? finish_task_switch.isra.0+0x153/0x700 [ 15.289410] ? __switch_to+0x47/0xf50 [ 15.289436] ? __schedule+0x10cc/0x2b60 [ 15.289458] ? __pfx_read_tsc+0x10/0x10 [ 15.289479] ? ktime_get_ts64+0x86/0x230 [ 15.289504] kunit_try_run_case+0x1a5/0x480 [ 15.289529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.289551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.289573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.289596] ? __kthread_parkme+0x82/0x180 [ 15.289631] ? preempt_count_sub+0x50/0x80 [ 15.289655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.289680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.289704] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.289727] kthread+0x337/0x6f0 [ 15.289749] ? trace_preempt_on+0x20/0xc0 [ 15.289773] ? __pfx_kthread+0x10/0x10 [ 15.289795] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.289816] ? calculate_sigpending+0x7b/0xa0 [ 15.289841] ? __pfx_kthread+0x10/0x10 [ 15.289864] ret_from_fork+0x116/0x1d0 [ 15.289883] ? __pfx_kthread+0x10/0x10 [ 15.289905] ret_from_fork_asm+0x1a/0x30 [ 15.289936] </TASK> [ 15.289948] [ 15.299982] Allocated by task 302: [ 15.300153] kasan_save_stack+0x45/0x70 [ 15.300691] kasan_save_track+0x18/0x40 [ 15.300860] kasan_save_alloc_info+0x3b/0x50 [ 15.301200] __kasan_kmalloc+0xb7/0xc0 [ 15.301479] __kmalloc_noprof+0x1c9/0x500 [ 15.301681] kunit_kmalloc_array+0x25/0x60 [ 15.301979] copy_user_test_oob+0xab/0x10f0 [ 15.302324] kunit_try_run_case+0x1a5/0x480 [ 15.302684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.302998] kthread+0x337/0x6f0 [ 15.303169] ret_from_fork+0x116/0x1d0 [ 15.303496] ret_from_fork_asm+0x1a/0x30 [ 15.303779] [ 15.303859] The buggy address belongs to the object at ffff8881029cec00 [ 15.303859] which belongs to the cache kmalloc-128 of size 128 [ 15.304599] The buggy address is located 0 bytes inside of [ 15.304599] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.305165] [ 15.305271] The buggy address belongs to the physical page: [ 15.305496] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.305855] flags: 0x200000000000000(node=0|zone=2) [ 15.306071] page_type: f5(slab) [ 15.306245] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.306568] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.307310] page dumped because: kasan: bad access detected [ 15.307638] [ 15.307742] Memory state around the buggy address: [ 15.308089] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.308551] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.308970] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.309455] ^ [ 15.309835] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.310253] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.310638] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.235713] ================================================================== [ 15.236004] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.236394] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.237252] [ 15.237429] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.237476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.237489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.237512] Call Trace: [ 15.237526] <TASK> [ 15.237542] dump_stack_lvl+0x73/0xb0 [ 15.237568] print_report+0xd1/0x650 [ 15.237592] ? __virt_addr_valid+0x1db/0x2d0 [ 15.237627] ? copy_user_test_oob+0x557/0x10f0 [ 15.237649] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.237673] ? copy_user_test_oob+0x557/0x10f0 [ 15.237695] kasan_report+0x141/0x180 [ 15.237718] ? copy_user_test_oob+0x557/0x10f0 [ 15.237745] kasan_check_range+0x10c/0x1c0 [ 15.237770] __kasan_check_write+0x18/0x20 [ 15.237791] copy_user_test_oob+0x557/0x10f0 [ 15.237814] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.237835] ? finish_task_switch.isra.0+0x153/0x700 [ 15.237858] ? __switch_to+0x47/0xf50 [ 15.237884] ? __schedule+0x10cc/0x2b60 [ 15.237907] ? __pfx_read_tsc+0x10/0x10 [ 15.237928] ? ktime_get_ts64+0x86/0x230 [ 15.237953] kunit_try_run_case+0x1a5/0x480 [ 15.237978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.238001] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.238024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.238047] ? __kthread_parkme+0x82/0x180 [ 15.238069] ? preempt_count_sub+0x50/0x80 [ 15.238093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.238117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.238141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.238185] kthread+0x337/0x6f0 [ 15.238207] ? trace_preempt_on+0x20/0xc0 [ 15.238230] ? __pfx_kthread+0x10/0x10 [ 15.238253] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.238274] ? calculate_sigpending+0x7b/0xa0 [ 15.238299] ? __pfx_kthread+0x10/0x10 [ 15.238322] ret_from_fork+0x116/0x1d0 [ 15.238341] ? __pfx_kthread+0x10/0x10 [ 15.238363] ret_from_fork_asm+0x1a/0x30 [ 15.238395] </TASK> [ 15.238408] [ 15.250472] Allocated by task 302: [ 15.250819] kasan_save_stack+0x45/0x70 [ 15.251202] kasan_save_track+0x18/0x40 [ 15.251388] kasan_save_alloc_info+0x3b/0x50 [ 15.251537] __kasan_kmalloc+0xb7/0xc0 [ 15.251794] __kmalloc_noprof+0x1c9/0x500 [ 15.252156] kunit_kmalloc_array+0x25/0x60 [ 15.252546] copy_user_test_oob+0xab/0x10f0 [ 15.252938] kunit_try_run_case+0x1a5/0x480 [ 15.253338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.253608] kthread+0x337/0x6f0 [ 15.253740] ret_from_fork+0x116/0x1d0 [ 15.253873] ret_from_fork_asm+0x1a/0x30 [ 15.254012] [ 15.254084] The buggy address belongs to the object at ffff8881029cec00 [ 15.254084] which belongs to the cache kmalloc-128 of size 128 [ 15.255057] The buggy address is located 0 bytes inside of [ 15.255057] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.256103] [ 15.256286] The buggy address belongs to the physical page: [ 15.256770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.257465] flags: 0x200000000000000(node=0|zone=2) [ 15.257806] page_type: f5(slab) [ 15.257933] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.258189] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.258857] page dumped because: kasan: bad access detected [ 15.259357] [ 15.259515] Memory state around the buggy address: [ 15.259945] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.260547] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.260775] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.260988] ^ [ 15.261211] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.261428] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.261707] ================================================================== [ 15.262729] ================================================================== [ 15.263418] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.264175] Read of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.264958] [ 15.265140] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.265204] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.265217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.265239] Call Trace: [ 15.265254] <TASK> [ 15.265271] dump_stack_lvl+0x73/0xb0 [ 15.265297] print_report+0xd1/0x650 [ 15.265321] ? __virt_addr_valid+0x1db/0x2d0 [ 15.265345] ? copy_user_test_oob+0x604/0x10f0 [ 15.265366] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.265390] ? copy_user_test_oob+0x604/0x10f0 [ 15.265411] kasan_report+0x141/0x180 [ 15.265435] ? copy_user_test_oob+0x604/0x10f0 [ 15.265461] kasan_check_range+0x10c/0x1c0 [ 15.265487] __kasan_check_read+0x15/0x20 [ 15.265507] copy_user_test_oob+0x604/0x10f0 [ 15.265531] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.265551] ? finish_task_switch.isra.0+0x153/0x700 [ 15.265575] ? __switch_to+0x47/0xf50 [ 15.265602] ? __schedule+0x10cc/0x2b60 [ 15.265633] ? __pfx_read_tsc+0x10/0x10 [ 15.265654] ? ktime_get_ts64+0x86/0x230 [ 15.265679] kunit_try_run_case+0x1a5/0x480 [ 15.265704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.265726] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.265750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.265773] ? __kthread_parkme+0x82/0x180 [ 15.265794] ? preempt_count_sub+0x50/0x80 [ 15.265818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.265843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.265867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.265890] kthread+0x337/0x6f0 [ 15.265911] ? trace_preempt_on+0x20/0xc0 [ 15.265935] ? __pfx_kthread+0x10/0x10 [ 15.265958] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.265979] ? calculate_sigpending+0x7b/0xa0 [ 15.266004] ? __pfx_kthread+0x10/0x10 [ 15.266026] ret_from_fork+0x116/0x1d0 [ 15.266046] ? __pfx_kthread+0x10/0x10 [ 15.266067] ret_from_fork_asm+0x1a/0x30 [ 15.266100] </TASK> [ 15.266111] [ 15.275422] Allocated by task 302: [ 15.275584] kasan_save_stack+0x45/0x70 [ 15.275805] kasan_save_track+0x18/0x40 [ 15.275993] kasan_save_alloc_info+0x3b/0x50 [ 15.276138] __kasan_kmalloc+0xb7/0xc0 [ 15.276291] __kmalloc_noprof+0x1c9/0x500 [ 15.276520] kunit_kmalloc_array+0x25/0x60 [ 15.276851] copy_user_test_oob+0xab/0x10f0 [ 15.277636] kunit_try_run_case+0x1a5/0x480 [ 15.278076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.278284] kthread+0x337/0x6f0 [ 15.278503] ret_from_fork+0x116/0x1d0 [ 15.278902] ret_from_fork_asm+0x1a/0x30 [ 15.279172] [ 15.279270] The buggy address belongs to the object at ffff8881029cec00 [ 15.279270] which belongs to the cache kmalloc-128 of size 128 [ 15.279989] The buggy address is located 0 bytes inside of [ 15.279989] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.280756] [ 15.280860] The buggy address belongs to the physical page: [ 15.281056] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.281651] flags: 0x200000000000000(node=0|zone=2) [ 15.281949] page_type: f5(slab) [ 15.282280] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.282605] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.282935] page dumped because: kasan: bad access detected [ 15.283163] [ 15.283487] Memory state around the buggy address: [ 15.283733] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.284181] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.284633] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.285044] ^ [ 15.285444] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.285867] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.286229] ================================================================== [ 15.179526] ================================================================== [ 15.180198] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.180827] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.181487] [ 15.181687] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.181737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.181751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.181773] Call Trace: [ 15.181786] <TASK> [ 15.181804] dump_stack_lvl+0x73/0xb0 [ 15.181831] print_report+0xd1/0x650 [ 15.181855] ? __virt_addr_valid+0x1db/0x2d0 [ 15.181879] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.181900] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.181925] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.181946] kasan_report+0x141/0x180 [ 15.181970] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.181996] kasan_check_range+0x10c/0x1c0 [ 15.182022] __kasan_check_write+0x18/0x20 [ 15.182043] copy_user_test_oob+0x3fd/0x10f0 [ 15.182066] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.182086] ? finish_task_switch.isra.0+0x153/0x700 [ 15.182109] ? __switch_to+0x47/0xf50 [ 15.182136] ? __schedule+0x10cc/0x2b60 [ 15.182158] ? __pfx_read_tsc+0x10/0x10 [ 15.182202] ? ktime_get_ts64+0x86/0x230 [ 15.182227] kunit_try_run_case+0x1a5/0x480 [ 15.182251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.182275] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.182297] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.182320] ? __kthread_parkme+0x82/0x180 [ 15.182342] ? preempt_count_sub+0x50/0x80 [ 15.182366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.182390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.182414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.182439] kthread+0x337/0x6f0 [ 15.182459] ? trace_preempt_on+0x20/0xc0 [ 15.182489] ? __pfx_kthread+0x10/0x10 [ 15.182511] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.182532] ? calculate_sigpending+0x7b/0xa0 [ 15.182557] ? __pfx_kthread+0x10/0x10 [ 15.182580] ret_from_fork+0x116/0x1d0 [ 15.182599] ? __pfx_kthread+0x10/0x10 [ 15.182631] ret_from_fork_asm+0x1a/0x30 [ 15.182663] </TASK> [ 15.182674] [ 15.194666] Allocated by task 302: [ 15.194800] kasan_save_stack+0x45/0x70 [ 15.194944] kasan_save_track+0x18/0x40 [ 15.195080] kasan_save_alloc_info+0x3b/0x50 [ 15.195372] __kasan_kmalloc+0xb7/0xc0 [ 15.195722] __kmalloc_noprof+0x1c9/0x500 [ 15.196081] kunit_kmalloc_array+0x25/0x60 [ 15.196484] copy_user_test_oob+0xab/0x10f0 [ 15.196874] kunit_try_run_case+0x1a5/0x480 [ 15.197281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.197771] kthread+0x337/0x6f0 [ 15.198076] ret_from_fork+0x116/0x1d0 [ 15.198449] ret_from_fork_asm+0x1a/0x30 [ 15.198828] [ 15.198989] The buggy address belongs to the object at ffff8881029cec00 [ 15.198989] which belongs to the cache kmalloc-128 of size 128 [ 15.199550] The buggy address is located 0 bytes inside of [ 15.199550] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.199916] [ 15.199990] The buggy address belongs to the physical page: [ 15.200186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.200857] flags: 0x200000000000000(node=0|zone=2) [ 15.201312] page_type: f5(slab) [ 15.201624] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.202300] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.202965] page dumped because: kasan: bad access detected [ 15.203468] [ 15.203636] Memory state around the buggy address: [ 15.204060] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.204651] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.204868] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.205082] ^ [ 15.205571] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206203] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.206835] ================================================================== [ 15.207687] ================================================================== [ 15.208343] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.208691] Read of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.208922] [ 15.209008] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.209055] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.209068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.209090] Call Trace: [ 15.209103] <TASK> [ 15.209119] dump_stack_lvl+0x73/0xb0 [ 15.209147] print_report+0xd1/0x650 [ 15.209197] ? __virt_addr_valid+0x1db/0x2d0 [ 15.209221] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.209243] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.209267] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.209289] kasan_report+0x141/0x180 [ 15.209314] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.209341] kasan_check_range+0x10c/0x1c0 [ 15.209367] __kasan_check_read+0x15/0x20 [ 15.209387] copy_user_test_oob+0x4aa/0x10f0 [ 15.209411] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.209431] ? finish_task_switch.isra.0+0x153/0x700 [ 15.209455] ? __switch_to+0x47/0xf50 [ 15.209482] ? __schedule+0x10cc/0x2b60 [ 15.209505] ? __pfx_read_tsc+0x10/0x10 [ 15.209526] ? ktime_get_ts64+0x86/0x230 [ 15.209551] kunit_try_run_case+0x1a5/0x480 [ 15.209575] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.209598] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.209629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.209653] ? __kthread_parkme+0x82/0x180 [ 15.209674] ? preempt_count_sub+0x50/0x80 [ 15.209698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.209723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.209747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.209770] kthread+0x337/0x6f0 [ 15.209792] ? trace_preempt_on+0x20/0xc0 [ 15.209815] ? __pfx_kthread+0x10/0x10 [ 15.209837] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.209858] ? calculate_sigpending+0x7b/0xa0 [ 15.209884] ? __pfx_kthread+0x10/0x10 [ 15.209907] ret_from_fork+0x116/0x1d0 [ 15.209925] ? __pfx_kthread+0x10/0x10 [ 15.209947] ret_from_fork_asm+0x1a/0x30 [ 15.209980] </TASK> [ 15.209991] [ 15.222208] Allocated by task 302: [ 15.222534] kasan_save_stack+0x45/0x70 [ 15.222905] kasan_save_track+0x18/0x40 [ 15.223273] kasan_save_alloc_info+0x3b/0x50 [ 15.223671] __kasan_kmalloc+0xb7/0xc0 [ 15.224033] __kmalloc_noprof+0x1c9/0x500 [ 15.224424] kunit_kmalloc_array+0x25/0x60 [ 15.224632] copy_user_test_oob+0xab/0x10f0 [ 15.224778] kunit_try_run_case+0x1a5/0x480 [ 15.224928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.225106] kthread+0x337/0x6f0 [ 15.225376] ret_from_fork+0x116/0x1d0 [ 15.225730] ret_from_fork_asm+0x1a/0x30 [ 15.226102] [ 15.226283] The buggy address belongs to the object at ffff8881029cec00 [ 15.226283] which belongs to the cache kmalloc-128 of size 128 [ 15.227353] The buggy address is located 0 bytes inside of [ 15.227353] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.228416] [ 15.228578] The buggy address belongs to the physical page: [ 15.228821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.229064] flags: 0x200000000000000(node=0|zone=2) [ 15.229378] page_type: f5(slab) [ 15.229683] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.230345] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.231005] page dumped because: kasan: bad access detected [ 15.231514] [ 15.231690] Memory state around the buggy address: [ 15.231936] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.232155] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.232791] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.233425] ^ [ 15.233971] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.234251] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.234874] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.148289] ================================================================== [ 15.148975] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.149558] Read of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.150315] [ 15.150503] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.150568] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.150584] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.150626] Call Trace: [ 15.150643] <TASK> [ 15.150659] dump_stack_lvl+0x73/0xb0 [ 15.150689] print_report+0xd1/0x650 [ 15.150715] ? __virt_addr_valid+0x1db/0x2d0 [ 15.150742] ? _copy_to_user+0x3c/0x70 [ 15.150763] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.150791] ? _copy_to_user+0x3c/0x70 [ 15.150814] kasan_report+0x141/0x180 [ 15.150839] ? _copy_to_user+0x3c/0x70 [ 15.150866] kasan_check_range+0x10c/0x1c0 [ 15.150893] __kasan_check_read+0x15/0x20 [ 15.150916] _copy_to_user+0x3c/0x70 [ 15.150938] copy_user_test_oob+0x364/0x10f0 [ 15.150964] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.150987] ? finish_task_switch.isra.0+0x153/0x700 [ 15.151014] ? __switch_to+0x47/0xf50 [ 15.151043] ? __schedule+0x10cc/0x2b60 [ 15.151068] ? __pfx_read_tsc+0x10/0x10 [ 15.151091] ? ktime_get_ts64+0x86/0x230 [ 15.151118] kunit_try_run_case+0x1a5/0x480 [ 15.151144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.151192] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.151218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.151244] ? __kthread_parkme+0x82/0x180 [ 15.151269] ? preempt_count_sub+0x50/0x80 [ 15.151295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.151323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.151352] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.151382] kthread+0x337/0x6f0 [ 15.151403] ? trace_preempt_on+0x20/0xc0 [ 15.151430] ? __pfx_kthread+0x10/0x10 [ 15.151453] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.151477] ? calculate_sigpending+0x7b/0xa0 [ 15.151505] ? __pfx_kthread+0x10/0x10 [ 15.151530] ret_from_fork+0x116/0x1d0 [ 15.151550] ? __pfx_kthread+0x10/0x10 [ 15.151573] ret_from_fork_asm+0x1a/0x30 [ 15.151607] </TASK> [ 15.151627] [ 15.163513] Allocated by task 302: [ 15.163694] kasan_save_stack+0x45/0x70 [ 15.164048] kasan_save_track+0x18/0x40 [ 15.164436] kasan_save_alloc_info+0x3b/0x50 [ 15.164805] __kasan_kmalloc+0xb7/0xc0 [ 15.164944] __kmalloc_noprof+0x1c9/0x500 [ 15.165087] kunit_kmalloc_array+0x25/0x60 [ 15.165391] copy_user_test_oob+0xab/0x10f0 [ 15.165786] kunit_try_run_case+0x1a5/0x480 [ 15.166191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.166676] kthread+0x337/0x6f0 [ 15.166983] ret_from_fork+0x116/0x1d0 [ 15.167297] ret_from_fork_asm+0x1a/0x30 [ 15.167442] [ 15.167518] The buggy address belongs to the object at ffff8881029cec00 [ 15.167518] which belongs to the cache kmalloc-128 of size 128 [ 15.167889] The buggy address is located 0 bytes inside of [ 15.167889] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.168414] [ 15.168578] The buggy address belongs to the physical page: [ 15.169061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.169750] flags: 0x200000000000000(node=0|zone=2) [ 15.170200] page_type: f5(slab) [ 15.170502] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.171180] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.171816] page dumped because: kasan: bad access detected [ 15.172320] [ 15.172482] Memory state around the buggy address: [ 15.172901] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.173328] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.173548] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.173775] ^ [ 15.173990] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.174297] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.174915] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 15.117015] ================================================================== [ 15.118368] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.118677] Write of size 121 at addr ffff8881029cec00 by task kunit_try_catch/302 [ 15.118910] [ 15.119007] CPU: 0 UID: 0 PID: 302 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.119061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.119076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.119099] Call Trace: [ 15.119114] <TASK> [ 15.119134] dump_stack_lvl+0x73/0xb0 [ 15.119195] print_report+0xd1/0x650 [ 15.119223] ? __virt_addr_valid+0x1db/0x2d0 [ 15.119249] ? _copy_from_user+0x32/0x90 [ 15.119269] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.119294] ? _copy_from_user+0x32/0x90 [ 15.119315] kasan_report+0x141/0x180 [ 15.119339] ? _copy_from_user+0x32/0x90 [ 15.119365] kasan_check_range+0x10c/0x1c0 [ 15.119390] __kasan_check_write+0x18/0x20 [ 15.119411] _copy_from_user+0x32/0x90 [ 15.119432] copy_user_test_oob+0x2be/0x10f0 [ 15.119456] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.119476] ? finish_task_switch.isra.0+0x153/0x700 [ 15.119501] ? __switch_to+0x47/0xf50 [ 15.119529] ? __schedule+0x10cc/0x2b60 [ 15.119553] ? __pfx_read_tsc+0x10/0x10 [ 15.119575] ? ktime_get_ts64+0x86/0x230 [ 15.119602] kunit_try_run_case+0x1a5/0x480 [ 15.119636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.119658] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.119683] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.119706] ? __kthread_parkme+0x82/0x180 [ 15.119728] ? preempt_count_sub+0x50/0x80 [ 15.119753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.119777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.119801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.119824] kthread+0x337/0x6f0 [ 15.119846] ? trace_preempt_on+0x20/0xc0 [ 15.119871] ? __pfx_kthread+0x10/0x10 [ 15.119892] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.119913] ? calculate_sigpending+0x7b/0xa0 [ 15.119939] ? __pfx_kthread+0x10/0x10 [ 15.119961] ret_from_fork+0x116/0x1d0 [ 15.119981] ? __pfx_kthread+0x10/0x10 [ 15.120003] ret_from_fork_asm+0x1a/0x30 [ 15.120037] </TASK> [ 15.120050] [ 15.132540] Allocated by task 302: [ 15.132729] kasan_save_stack+0x45/0x70 [ 15.132875] kasan_save_track+0x18/0x40 [ 15.133013] kasan_save_alloc_info+0x3b/0x50 [ 15.133159] __kasan_kmalloc+0xb7/0xc0 [ 15.133531] __kmalloc_noprof+0x1c9/0x500 [ 15.133901] kunit_kmalloc_array+0x25/0x60 [ 15.134302] copy_user_test_oob+0xab/0x10f0 [ 15.134714] kunit_try_run_case+0x1a5/0x480 [ 15.135084] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.135571] kthread+0x337/0x6f0 [ 15.135878] ret_from_fork+0x116/0x1d0 [ 15.136082] ret_from_fork_asm+0x1a/0x30 [ 15.136367] [ 15.136537] The buggy address belongs to the object at ffff8881029cec00 [ 15.136537] which belongs to the cache kmalloc-128 of size 128 [ 15.137302] The buggy address is located 0 bytes inside of [ 15.137302] allocated 120-byte region [ffff8881029cec00, ffff8881029cec78) [ 15.138087] [ 15.138186] The buggy address belongs to the physical page: [ 15.138693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.139343] flags: 0x200000000000000(node=0|zone=2) [ 15.139519] page_type: f5(slab) [ 15.139654] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.139897] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.140135] page dumped because: kasan: bad access detected [ 15.140637] [ 15.140798] Memory state around the buggy address: [ 15.141236] ffff8881029ceb00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.141870] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.142512] >ffff8881029cec00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.143135] ^ [ 15.143794] ffff8881029cec80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.144442] ffff8881029ced00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.144834] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 15.076262] ================================================================== [ 15.076914] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.077589] Write of size 8 at addr ffff8881029ceb78 by task kunit_try_catch/298 [ 15.078307] [ 15.078570] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.078630] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.078644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.078666] Call Trace: [ 15.078679] <TASK> [ 15.078695] dump_stack_lvl+0x73/0xb0 [ 15.078757] print_report+0xd1/0x650 [ 15.078781] ? __virt_addr_valid+0x1db/0x2d0 [ 15.078816] ? copy_to_kernel_nofault+0x99/0x260 [ 15.078841] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.078865] ? copy_to_kernel_nofault+0x99/0x260 [ 15.078891] kasan_report+0x141/0x180 [ 15.078915] ? copy_to_kernel_nofault+0x99/0x260 [ 15.078945] kasan_check_range+0x10c/0x1c0 [ 15.078972] __kasan_check_write+0x18/0x20 [ 15.078993] copy_to_kernel_nofault+0x99/0x260 [ 15.079020] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.079045] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.079070] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.079095] ? trace_hardirqs_on+0x37/0xe0 [ 15.079129] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.079158] kunit_try_run_case+0x1a5/0x480 [ 15.079202] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.079225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.079249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.079272] ? __kthread_parkme+0x82/0x180 [ 15.079293] ? preempt_count_sub+0x50/0x80 [ 15.079318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.079342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.079369] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.079395] kthread+0x337/0x6f0 [ 15.079416] ? trace_preempt_on+0x20/0xc0 [ 15.079439] ? __pfx_kthread+0x10/0x10 [ 15.079461] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.079483] ? calculate_sigpending+0x7b/0xa0 [ 15.079508] ? __pfx_kthread+0x10/0x10 [ 15.079532] ret_from_fork+0x116/0x1d0 [ 15.079551] ? __pfx_kthread+0x10/0x10 [ 15.079573] ret_from_fork_asm+0x1a/0x30 [ 15.079605] </TASK> [ 15.079625] [ 15.091971] Allocated by task 298: [ 15.092364] kasan_save_stack+0x45/0x70 [ 15.092604] kasan_save_track+0x18/0x40 [ 15.092948] kasan_save_alloc_info+0x3b/0x50 [ 15.093291] __kasan_kmalloc+0xb7/0xc0 [ 15.093552] __kmalloc_cache_noprof+0x189/0x420 [ 15.093875] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.094036] kunit_try_run_case+0x1a5/0x480 [ 15.094222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.094770] kthread+0x337/0x6f0 [ 15.095110] ret_from_fork+0x116/0x1d0 [ 15.095510] ret_from_fork_asm+0x1a/0x30 [ 15.095913] [ 15.096099] The buggy address belongs to the object at ffff8881029ceb00 [ 15.096099] which belongs to the cache kmalloc-128 of size 128 [ 15.096907] The buggy address is located 0 bytes to the right of [ 15.096907] allocated 120-byte region [ffff8881029ceb00, ffff8881029ceb78) [ 15.097767] [ 15.097894] The buggy address belongs to the physical page: [ 15.098240] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.098788] flags: 0x200000000000000(node=0|zone=2) [ 15.098948] page_type: f5(slab) [ 15.099071] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.099647] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.100337] page dumped because: kasan: bad access detected [ 15.100853] [ 15.101045] Memory state around the buggy address: [ 15.101506] ffff8881029cea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.101981] ffff8881029cea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.102474] >ffff8881029ceb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.102926] ^ [ 15.103133] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.103793] ffff8881029cec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104454] ================================================================== [ 15.050037] ================================================================== [ 15.050954] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.052211] Read of size 8 at addr ffff8881029ceb78 by task kunit_try_catch/298 [ 15.052456] [ 15.052561] CPU: 0 UID: 0 PID: 298 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.052624] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.052696] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.052722] Call Trace: [ 15.052736] <TASK> [ 15.052754] dump_stack_lvl+0x73/0xb0 [ 15.052789] print_report+0xd1/0x650 [ 15.052815] ? __virt_addr_valid+0x1db/0x2d0 [ 15.052840] ? copy_to_kernel_nofault+0x225/0x260 [ 15.052866] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.052891] ? copy_to_kernel_nofault+0x225/0x260 [ 15.052916] kasan_report+0x141/0x180 [ 15.052940] ? copy_to_kernel_nofault+0x225/0x260 [ 15.052971] __asan_report_load8_noabort+0x18/0x20 [ 15.052993] copy_to_kernel_nofault+0x225/0x260 [ 15.053020] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.053046] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.053070] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 15.053096] ? trace_hardirqs_on+0x37/0xe0 [ 15.053129] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.053158] kunit_try_run_case+0x1a5/0x480 [ 15.053206] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.053229] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.053255] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.053278] ? __kthread_parkme+0x82/0x180 [ 15.053300] ? preempt_count_sub+0x50/0x80 [ 15.053326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.053350] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.053374] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.053398] kthread+0x337/0x6f0 [ 15.053419] ? trace_preempt_on+0x20/0xc0 [ 15.053442] ? __pfx_kthread+0x10/0x10 [ 15.053464] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.053486] ? calculate_sigpending+0x7b/0xa0 [ 15.053577] ? __pfx_kthread+0x10/0x10 [ 15.053604] ret_from_fork+0x116/0x1d0 [ 15.053647] ? __pfx_kthread+0x10/0x10 [ 15.053669] ret_from_fork_asm+0x1a/0x30 [ 15.053703] </TASK> [ 15.053716] [ 15.062237] Allocated by task 298: [ 15.062455] kasan_save_stack+0x45/0x70 [ 15.062767] kasan_save_track+0x18/0x40 [ 15.062983] kasan_save_alloc_info+0x3b/0x50 [ 15.063178] __kasan_kmalloc+0xb7/0xc0 [ 15.063396] __kmalloc_cache_noprof+0x189/0x420 [ 15.063623] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.063861] kunit_try_run_case+0x1a5/0x480 [ 15.064041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.064654] kthread+0x337/0x6f0 [ 15.064841] ret_from_fork+0x116/0x1d0 [ 15.065061] ret_from_fork_asm+0x1a/0x30 [ 15.065216] [ 15.065290] The buggy address belongs to the object at ffff8881029ceb00 [ 15.065290] which belongs to the cache kmalloc-128 of size 128 [ 15.066633] The buggy address is located 0 bytes to the right of [ 15.066633] allocated 120-byte region [ffff8881029ceb00, ffff8881029ceb78) [ 15.067635] [ 15.067724] The buggy address belongs to the physical page: [ 15.067905] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 15.068151] flags: 0x200000000000000(node=0|zone=2) [ 15.068319] page_type: f5(slab) [ 15.068444] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.068820] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.069392] page dumped because: kasan: bad access detected [ 15.069626] [ 15.069892] Memory state around the buggy address: [ 15.070326] ffff8881029cea00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.070686] ffff8881029cea80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.071345] >ffff8881029ceb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.072301] ^ [ 15.073733] ffff8881029ceb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.074595] ffff8881029cec00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.075389] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 14.245634] ================================================================== [ 14.245920] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.246243] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.246584] [ 14.246708] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.246757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.246770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.246792] Call Trace: [ 14.246805] <TASK> [ 14.246821] dump_stack_lvl+0x73/0xb0 [ 14.246848] print_report+0xd1/0x650 [ 14.246871] ? __virt_addr_valid+0x1db/0x2d0 [ 14.246897] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.246920] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.246944] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.246968] kasan_report+0x141/0x180 [ 14.246992] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.247020] __asan_report_load4_noabort+0x18/0x20 [ 14.247041] kasan_atomics_helper+0x4a1c/0x5450 [ 14.247066] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.247089] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.247112] ? kasan_atomics+0x152/0x310 [ 14.247136] kasan_atomics+0x1dc/0x310 [ 14.247157] ? __pfx_kasan_atomics+0x10/0x10 [ 14.247180] ? __pfx_read_tsc+0x10/0x10 [ 14.247217] ? ktime_get_ts64+0x86/0x230 [ 14.247244] kunit_try_run_case+0x1a5/0x480 [ 14.247269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.247291] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.247315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.247338] ? __kthread_parkme+0x82/0x180 [ 14.247360] ? preempt_count_sub+0x50/0x80 [ 14.247385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.247410] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.247433] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.247458] kthread+0x337/0x6f0 [ 14.247479] ? trace_preempt_on+0x20/0xc0 [ 14.247502] ? __pfx_kthread+0x10/0x10 [ 14.247525] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.247553] ? calculate_sigpending+0x7b/0xa0 [ 14.247577] ? __pfx_kthread+0x10/0x10 [ 14.247603] ret_from_fork+0x116/0x1d0 [ 14.247632] ? __pfx_kthread+0x10/0x10 [ 14.247655] ret_from_fork_asm+0x1a/0x30 [ 14.247688] </TASK> [ 14.247699] [ 14.255472] Allocated by task 282: [ 14.255603] kasan_save_stack+0x45/0x70 [ 14.255942] kasan_save_track+0x18/0x40 [ 14.256136] kasan_save_alloc_info+0x3b/0x50 [ 14.256576] __kasan_kmalloc+0xb7/0xc0 [ 14.256847] __kmalloc_cache_noprof+0x189/0x420 [ 14.257039] kasan_atomics+0x95/0x310 [ 14.257255] kunit_try_run_case+0x1a5/0x480 [ 14.257424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.257792] kthread+0x337/0x6f0 [ 14.257926] ret_from_fork+0x116/0x1d0 [ 14.258109] ret_from_fork_asm+0x1a/0x30 [ 14.258291] [ 14.258364] The buggy address belongs to the object at ffff8881029e5b80 [ 14.258364] which belongs to the cache kmalloc-64 of size 64 [ 14.258845] The buggy address is located 0 bytes to the right of [ 14.258845] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.259558] [ 14.259664] The buggy address belongs to the physical page: [ 14.259969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.260325] flags: 0x200000000000000(node=0|zone=2) [ 14.260488] page_type: f5(slab) [ 14.261374] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.262442] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.263432] page dumped because: kasan: bad access detected [ 14.263685] [ 14.263792] Memory state around the buggy address: [ 14.264024] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.264788] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.265204] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.265640] ^ [ 14.265835] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.266400] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.266823] ================================================================== [ 14.728889] ================================================================== [ 14.729304] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 14.729678] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.730012] [ 14.730130] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.730199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.730213] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.730234] Call Trace: [ 14.730249] <TASK> [ 14.730264] dump_stack_lvl+0x73/0xb0 [ 14.730302] print_report+0xd1/0x650 [ 14.730325] ? __virt_addr_valid+0x1db/0x2d0 [ 14.730349] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.730383] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.730407] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.730431] kasan_report+0x141/0x180 [ 14.730465] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.730494] kasan_check_range+0x10c/0x1c0 [ 14.730530] __kasan_check_write+0x18/0x20 [ 14.730553] kasan_atomics_helper+0x1c18/0x5450 [ 14.730578] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.730602] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.730640] ? kasan_atomics+0x152/0x310 [ 14.730665] kasan_atomics+0x1dc/0x310 [ 14.730695] ? __pfx_kasan_atomics+0x10/0x10 [ 14.730717] ? __pfx_read_tsc+0x10/0x10 [ 14.730739] ? ktime_get_ts64+0x86/0x230 [ 14.730766] kunit_try_run_case+0x1a5/0x480 [ 14.730790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.730822] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.730845] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.730868] ? __kthread_parkme+0x82/0x180 [ 14.730900] ? preempt_count_sub+0x50/0x80 [ 14.730925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.730950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.730973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.731007] kthread+0x337/0x6f0 [ 14.731028] ? trace_preempt_on+0x20/0xc0 [ 14.731052] ? __pfx_kthread+0x10/0x10 [ 14.731085] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.731107] ? calculate_sigpending+0x7b/0xa0 [ 14.731132] ? __pfx_kthread+0x10/0x10 [ 14.731179] ret_from_fork+0x116/0x1d0 [ 14.731199] ? __pfx_kthread+0x10/0x10 [ 14.731231] ret_from_fork_asm+0x1a/0x30 [ 14.731264] </TASK> [ 14.731276] [ 14.738865] Allocated by task 282: [ 14.738994] kasan_save_stack+0x45/0x70 [ 14.739137] kasan_save_track+0x18/0x40 [ 14.739326] kasan_save_alloc_info+0x3b/0x50 [ 14.739568] __kasan_kmalloc+0xb7/0xc0 [ 14.739769] __kmalloc_cache_noprof+0x189/0x420 [ 14.739990] kasan_atomics+0x95/0x310 [ 14.740191] kunit_try_run_case+0x1a5/0x480 [ 14.740400] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.740659] kthread+0x337/0x6f0 [ 14.740828] ret_from_fork+0x116/0x1d0 [ 14.741019] ret_from_fork_asm+0x1a/0x30 [ 14.741223] [ 14.741333] The buggy address belongs to the object at ffff8881029e5b80 [ 14.741333] which belongs to the cache kmalloc-64 of size 64 [ 14.741768] The buggy address is located 0 bytes to the right of [ 14.741768] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.742327] [ 14.742437] The buggy address belongs to the physical page: [ 14.742688] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.743036] flags: 0x200000000000000(node=0|zone=2) [ 14.743294] page_type: f5(slab) [ 14.743460] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.743804] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.744118] page dumped because: kasan: bad access detected [ 14.744415] [ 14.744526] Memory state around the buggy address: [ 14.744756] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.744994] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.745267] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.745595] ^ [ 14.745826] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.746131] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.746386] ================================================================== [ 14.017013] ================================================================== [ 14.017424] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.017840] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.018143] [ 14.018294] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.018342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.018354] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.018377] Call Trace: [ 14.018392] <TASK> [ 14.018408] dump_stack_lvl+0x73/0xb0 [ 14.018436] print_report+0xd1/0x650 [ 14.018460] ? __virt_addr_valid+0x1db/0x2d0 [ 14.018487] ? kasan_atomics_helper+0xc70/0x5450 [ 14.018510] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.018534] ? kasan_atomics_helper+0xc70/0x5450 [ 14.018557] kasan_report+0x141/0x180 [ 14.018580] ? kasan_atomics_helper+0xc70/0x5450 [ 14.018608] kasan_check_range+0x10c/0x1c0 [ 14.018646] __kasan_check_write+0x18/0x20 [ 14.018666] kasan_atomics_helper+0xc70/0x5450 [ 14.018690] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.018714] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.018736] ? kasan_atomics+0x152/0x310 [ 14.018761] kasan_atomics+0x1dc/0x310 [ 14.018831] ? __pfx_kasan_atomics+0x10/0x10 [ 14.018856] ? __pfx_read_tsc+0x10/0x10 [ 14.018878] ? ktime_get_ts64+0x86/0x230 [ 14.018904] kunit_try_run_case+0x1a5/0x480 [ 14.018929] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.018953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.018975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.018999] ? __kthread_parkme+0x82/0x180 [ 14.019021] ? preempt_count_sub+0x50/0x80 [ 14.019045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.019069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.019093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.019117] kthread+0x337/0x6f0 [ 14.019138] ? trace_preempt_on+0x20/0xc0 [ 14.019162] ? __pfx_kthread+0x10/0x10 [ 14.019185] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.019207] ? calculate_sigpending+0x7b/0xa0 [ 14.019241] ? __pfx_kthread+0x10/0x10 [ 14.019264] ret_from_fork+0x116/0x1d0 [ 14.019283] ? __pfx_kthread+0x10/0x10 [ 14.019305] ret_from_fork_asm+0x1a/0x30 [ 14.019339] </TASK> [ 14.019352] [ 14.027661] Allocated by task 282: [ 14.027795] kasan_save_stack+0x45/0x70 [ 14.027939] kasan_save_track+0x18/0x40 [ 14.028092] kasan_save_alloc_info+0x3b/0x50 [ 14.028726] __kasan_kmalloc+0xb7/0xc0 [ 14.028949] __kmalloc_cache_noprof+0x189/0x420 [ 14.029176] kasan_atomics+0x95/0x310 [ 14.029367] kunit_try_run_case+0x1a5/0x480 [ 14.029683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.029952] kthread+0x337/0x6f0 [ 14.030086] ret_from_fork+0x116/0x1d0 [ 14.030236] ret_from_fork_asm+0x1a/0x30 [ 14.030434] [ 14.030545] The buggy address belongs to the object at ffff8881029e5b80 [ 14.030545] which belongs to the cache kmalloc-64 of size 64 [ 14.031054] The buggy address is located 0 bytes to the right of [ 14.031054] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.031445] [ 14.031542] The buggy address belongs to the physical page: [ 14.031817] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.032231] flags: 0x200000000000000(node=0|zone=2) [ 14.032406] page_type: f5(slab) [ 14.032709] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.033073] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.033511] page dumped because: kasan: bad access detected [ 14.033788] [ 14.033892] Memory state around the buggy address: [ 14.034071] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.034342] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.034683] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.035090] ^ [ 14.035355] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.035750] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.035972] ================================================================== [ 14.710754] ================================================================== [ 14.711215] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 14.711601] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.711968] [ 14.712076] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.712131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.712145] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.712190] Call Trace: [ 14.712203] <TASK> [ 14.712218] dump_stack_lvl+0x73/0xb0 [ 14.712247] print_report+0xd1/0x650 [ 14.712272] ? __virt_addr_valid+0x1db/0x2d0 [ 14.712295] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.712318] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.712352] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.712376] kasan_report+0x141/0x180 [ 14.712399] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.712438] kasan_check_range+0x10c/0x1c0 [ 14.712463] __kasan_check_write+0x18/0x20 [ 14.712484] kasan_atomics_helper+0x1b22/0x5450 [ 14.712508] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.712531] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.712563] ? kasan_atomics+0x152/0x310 [ 14.712587] kasan_atomics+0x1dc/0x310 [ 14.712607] ? __pfx_kasan_atomics+0x10/0x10 [ 14.712646] ? __pfx_read_tsc+0x10/0x10 [ 14.712668] ? ktime_get_ts64+0x86/0x230 [ 14.712693] kunit_try_run_case+0x1a5/0x480 [ 14.712719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.712741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.712763] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.712787] ? __kthread_parkme+0x82/0x180 [ 14.712807] ? preempt_count_sub+0x50/0x80 [ 14.712832] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.712866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.712890] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.712914] kthread+0x337/0x6f0 [ 14.712945] ? trace_preempt_on+0x20/0xc0 [ 14.712970] ? __pfx_kthread+0x10/0x10 [ 14.712992] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.713013] ? calculate_sigpending+0x7b/0xa0 [ 14.713038] ? __pfx_kthread+0x10/0x10 [ 14.713061] ret_from_fork+0x116/0x1d0 [ 14.713081] ? __pfx_kthread+0x10/0x10 [ 14.713103] ret_from_fork_asm+0x1a/0x30 [ 14.713142] </TASK> [ 14.713153] [ 14.720813] Allocated by task 282: [ 14.720995] kasan_save_stack+0x45/0x70 [ 14.721219] kasan_save_track+0x18/0x40 [ 14.721400] kasan_save_alloc_info+0x3b/0x50 [ 14.721549] __kasan_kmalloc+0xb7/0xc0 [ 14.721734] __kmalloc_cache_noprof+0x189/0x420 [ 14.721960] kasan_atomics+0x95/0x310 [ 14.722186] kunit_try_run_case+0x1a5/0x480 [ 14.722404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.722653] kthread+0x337/0x6f0 [ 14.722842] ret_from_fork+0x116/0x1d0 [ 14.723025] ret_from_fork_asm+0x1a/0x30 [ 14.723239] [ 14.723337] The buggy address belongs to the object at ffff8881029e5b80 [ 14.723337] which belongs to the cache kmalloc-64 of size 64 [ 14.723845] The buggy address is located 0 bytes to the right of [ 14.723845] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.724397] [ 14.724497] The buggy address belongs to the physical page: [ 14.724745] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.725051] flags: 0x200000000000000(node=0|zone=2) [ 14.725239] page_type: f5(slab) [ 14.725362] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.725701] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.726099] page dumped because: kasan: bad access detected [ 14.726347] [ 14.726432] Memory state around the buggy address: [ 14.726632] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.726963] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.727290] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.727604] ^ [ 14.727788] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.728111] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.728453] ================================================================== [ 13.679377] ================================================================== [ 13.679943] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 13.680476] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.680927] [ 13.681047] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.681097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.681112] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.681135] Call Trace: [ 13.681151] <TASK> [ 13.681167] dump_stack_lvl+0x73/0xb0 [ 13.681394] print_report+0xd1/0x650 [ 13.681420] ? __virt_addr_valid+0x1db/0x2d0 [ 13.681444] ? kasan_atomics_helper+0x3df/0x5450 [ 13.681466] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.681491] ? kasan_atomics_helper+0x3df/0x5450 [ 13.681514] kasan_report+0x141/0x180 [ 13.681595] ? kasan_atomics_helper+0x3df/0x5450 [ 13.681637] kasan_check_range+0x10c/0x1c0 [ 13.681663] __kasan_check_read+0x15/0x20 [ 13.681683] kasan_atomics_helper+0x3df/0x5450 [ 13.681707] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.681731] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.681756] ? kasan_atomics+0x152/0x310 [ 13.681780] kasan_atomics+0x1dc/0x310 [ 13.681801] ? __pfx_kasan_atomics+0x10/0x10 [ 13.681824] ? __pfx_read_tsc+0x10/0x10 [ 13.681846] ? ktime_get_ts64+0x86/0x230 [ 13.681872] kunit_try_run_case+0x1a5/0x480 [ 13.681897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.681920] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.681942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.681966] ? __kthread_parkme+0x82/0x180 [ 13.681987] ? preempt_count_sub+0x50/0x80 [ 13.682012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.682037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.682061] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.682085] kthread+0x337/0x6f0 [ 13.682106] ? trace_preempt_on+0x20/0xc0 [ 13.682131] ? __pfx_kthread+0x10/0x10 [ 13.682153] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.682175] ? calculate_sigpending+0x7b/0xa0 [ 13.682200] ? __pfx_kthread+0x10/0x10 [ 13.682223] ret_from_fork+0x116/0x1d0 [ 13.682242] ? __pfx_kthread+0x10/0x10 [ 13.682264] ret_from_fork_asm+0x1a/0x30 [ 13.682297] </TASK> [ 13.682308] [ 13.692553] Allocated by task 282: [ 13.692748] kasan_save_stack+0x45/0x70 [ 13.693074] kasan_save_track+0x18/0x40 [ 13.693266] kasan_save_alloc_info+0x3b/0x50 [ 13.693415] __kasan_kmalloc+0xb7/0xc0 [ 13.693728] __kmalloc_cache_noprof+0x189/0x420 [ 13.693958] kasan_atomics+0x95/0x310 [ 13.694145] kunit_try_run_case+0x1a5/0x480 [ 13.694446] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.694689] kthread+0x337/0x6f0 [ 13.695002] ret_from_fork+0x116/0x1d0 [ 13.695208] ret_from_fork_asm+0x1a/0x30 [ 13.695411] [ 13.695486] The buggy address belongs to the object at ffff8881029e5b80 [ 13.695486] which belongs to the cache kmalloc-64 of size 64 [ 13.696041] The buggy address is located 0 bytes to the right of [ 13.696041] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.696555] [ 13.696659] The buggy address belongs to the physical page: [ 13.696886] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.697247] flags: 0x200000000000000(node=0|zone=2) [ 13.697445] page_type: f5(slab) [ 13.697686] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.697950] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.698177] page dumped because: kasan: bad access detected [ 13.698402] [ 13.698566] Memory state around the buggy address: [ 13.698809] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.699078] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.699293] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.699954] ^ [ 13.700194] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.700517] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.700874] ================================================================== [ 14.119665] ================================================================== [ 14.120460] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.121196] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.121488] [ 14.121640] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.121689] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.121702] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.121725] Call Trace: [ 14.121739] <TASK> [ 14.121754] dump_stack_lvl+0x73/0xb0 [ 14.121782] print_report+0xd1/0x650 [ 14.121806] ? __virt_addr_valid+0x1db/0x2d0 [ 14.121830] ? kasan_atomics_helper+0xf10/0x5450 [ 14.121852] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.121877] ? kasan_atomics_helper+0xf10/0x5450 [ 14.121900] kasan_report+0x141/0x180 [ 14.121924] ? kasan_atomics_helper+0xf10/0x5450 [ 14.121952] kasan_check_range+0x10c/0x1c0 [ 14.121977] __kasan_check_write+0x18/0x20 [ 14.121998] kasan_atomics_helper+0xf10/0x5450 [ 14.122023] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.122047] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.122069] ? kasan_atomics+0x152/0x310 [ 14.122094] kasan_atomics+0x1dc/0x310 [ 14.122114] ? __pfx_kasan_atomics+0x10/0x10 [ 14.122136] ? __pfx_read_tsc+0x10/0x10 [ 14.122158] ? ktime_get_ts64+0x86/0x230 [ 14.122201] kunit_try_run_case+0x1a5/0x480 [ 14.122226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.122250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.122273] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.122297] ? __kthread_parkme+0x82/0x180 [ 14.122318] ? preempt_count_sub+0x50/0x80 [ 14.122343] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.122368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.122394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.122418] kthread+0x337/0x6f0 [ 14.122439] ? trace_preempt_on+0x20/0xc0 [ 14.122469] ? __pfx_kthread+0x10/0x10 [ 14.122491] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.122513] ? calculate_sigpending+0x7b/0xa0 [ 14.122580] ? __pfx_kthread+0x10/0x10 [ 14.122604] ret_from_fork+0x116/0x1d0 [ 14.122635] ? __pfx_kthread+0x10/0x10 [ 14.122657] ret_from_fork_asm+0x1a/0x30 [ 14.122690] </TASK> [ 14.122701] [ 14.137477] Allocated by task 282: [ 14.137902] kasan_save_stack+0x45/0x70 [ 14.138305] kasan_save_track+0x18/0x40 [ 14.138745] kasan_save_alloc_info+0x3b/0x50 [ 14.138942] __kasan_kmalloc+0xb7/0xc0 [ 14.139077] __kmalloc_cache_noprof+0x189/0x420 [ 14.139323] kasan_atomics+0x95/0x310 [ 14.139836] kunit_try_run_case+0x1a5/0x480 [ 14.140264] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.140832] kthread+0x337/0x6f0 [ 14.141154] ret_from_fork+0x116/0x1d0 [ 14.141575] ret_from_fork_asm+0x1a/0x30 [ 14.141949] [ 14.142037] The buggy address belongs to the object at ffff8881029e5b80 [ 14.142037] which belongs to the cache kmalloc-64 of size 64 [ 14.142723] The buggy address is located 0 bytes to the right of [ 14.142723] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.143984] [ 14.144153] The buggy address belongs to the physical page: [ 14.144467] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.145319] flags: 0x200000000000000(node=0|zone=2) [ 14.145826] page_type: f5(slab) [ 14.146188] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.146794] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.147028] page dumped because: kasan: bad access detected [ 14.147242] [ 14.147405] Memory state around the buggy address: [ 14.147887] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.148672] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.149302] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.150113] ^ [ 14.150822] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.151101] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.151648] ================================================================== [ 14.634972] ================================================================== [ 14.635342] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 14.635684] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.636166] [ 14.636297] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.636343] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.636355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.636376] Call Trace: [ 14.636391] <TASK> [ 14.636406] dump_stack_lvl+0x73/0xb0 [ 14.636433] print_report+0xd1/0x650 [ 14.636456] ? __virt_addr_valid+0x1db/0x2d0 [ 14.636480] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.636502] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.636526] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.636550] kasan_report+0x141/0x180 [ 14.636574] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.636602] kasan_check_range+0x10c/0x1c0 [ 14.636638] __kasan_check_write+0x18/0x20 [ 14.636659] kasan_atomics_helper+0x18b1/0x5450 [ 14.636683] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.636707] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.636730] ? kasan_atomics+0x152/0x310 [ 14.636756] kasan_atomics+0x1dc/0x310 [ 14.636777] ? __pfx_kasan_atomics+0x10/0x10 [ 14.636799] ? __pfx_read_tsc+0x10/0x10 [ 14.636820] ? ktime_get_ts64+0x86/0x230 [ 14.636846] kunit_try_run_case+0x1a5/0x480 [ 14.636871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.636895] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.636918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.636941] ? __kthread_parkme+0x82/0x180 [ 14.636963] ? preempt_count_sub+0x50/0x80 [ 14.636989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.637014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.637038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.637062] kthread+0x337/0x6f0 [ 14.637083] ? trace_preempt_on+0x20/0xc0 [ 14.637108] ? __pfx_kthread+0x10/0x10 [ 14.637129] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.637151] ? calculate_sigpending+0x7b/0xa0 [ 14.637176] ? __pfx_kthread+0x10/0x10 [ 14.637210] ret_from_fork+0x116/0x1d0 [ 14.637229] ? __pfx_kthread+0x10/0x10 [ 14.637252] ret_from_fork_asm+0x1a/0x30 [ 14.637285] </TASK> [ 14.637296] [ 14.644738] Allocated by task 282: [ 14.644893] kasan_save_stack+0x45/0x70 [ 14.645075] kasan_save_track+0x18/0x40 [ 14.645279] kasan_save_alloc_info+0x3b/0x50 [ 14.645469] __kasan_kmalloc+0xb7/0xc0 [ 14.645646] __kmalloc_cache_noprof+0x189/0x420 [ 14.645799] kasan_atomics+0x95/0x310 [ 14.645931] kunit_try_run_case+0x1a5/0x480 [ 14.646079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.646499] kthread+0x337/0x6f0 [ 14.646690] ret_from_fork+0x116/0x1d0 [ 14.646887] ret_from_fork_asm+0x1a/0x30 [ 14.647086] [ 14.647192] The buggy address belongs to the object at ffff8881029e5b80 [ 14.647192] which belongs to the cache kmalloc-64 of size 64 [ 14.647651] The buggy address is located 0 bytes to the right of [ 14.647651] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.648063] [ 14.648161] The buggy address belongs to the physical page: [ 14.648434] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.648800] flags: 0x200000000000000(node=0|zone=2) [ 14.649011] page_type: f5(slab) [ 14.649159] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.649422] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.649658] page dumped because: kasan: bad access detected [ 14.649893] [ 14.649966] Memory state around the buggy address: [ 14.650147] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.650469] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.650811] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.651097] ^ [ 14.651292] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.651560] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.651889] ================================================================== [ 14.671908] ================================================================== [ 14.672456] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 14.672788] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.673074] [ 14.673175] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.673241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.673255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.673276] Call Trace: [ 14.673291] <TASK> [ 14.673323] dump_stack_lvl+0x73/0xb0 [ 14.673351] print_report+0xd1/0x650 [ 14.673392] ? __virt_addr_valid+0x1db/0x2d0 [ 14.673417] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.673439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.673463] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.673487] kasan_report+0x141/0x180 [ 14.673511] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.673539] kasan_check_range+0x10c/0x1c0 [ 14.673565] __kasan_check_write+0x18/0x20 [ 14.673585] kasan_atomics_helper+0x19e3/0x5450 [ 14.673638] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.673664] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.673685] ? kasan_atomics+0x152/0x310 [ 14.673727] kasan_atomics+0x1dc/0x310 [ 14.673748] ? __pfx_kasan_atomics+0x10/0x10 [ 14.673770] ? __pfx_read_tsc+0x10/0x10 [ 14.673792] ? ktime_get_ts64+0x86/0x230 [ 14.673818] kunit_try_run_case+0x1a5/0x480 [ 14.673843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.673883] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.673907] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.673931] ? __kthread_parkme+0x82/0x180 [ 14.673951] ? preempt_count_sub+0x50/0x80 [ 14.673977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.674002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.674043] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.674068] kthread+0x337/0x6f0 [ 14.674089] ? trace_preempt_on+0x20/0xc0 [ 14.674113] ? __pfx_kthread+0x10/0x10 [ 14.674136] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.674158] ? calculate_sigpending+0x7b/0xa0 [ 14.674225] ? __pfx_kthread+0x10/0x10 [ 14.674248] ret_from_fork+0x116/0x1d0 [ 14.674283] ? __pfx_kthread+0x10/0x10 [ 14.674306] ret_from_fork_asm+0x1a/0x30 [ 14.674339] </TASK> [ 14.674350] [ 14.682133] Allocated by task 282: [ 14.682260] kasan_save_stack+0x45/0x70 [ 14.682404] kasan_save_track+0x18/0x40 [ 14.682579] kasan_save_alloc_info+0x3b/0x50 [ 14.682778] __kasan_kmalloc+0xb7/0xc0 [ 14.682956] __kmalloc_cache_noprof+0x189/0x420 [ 14.683144] kasan_atomics+0x95/0x310 [ 14.683307] kunit_try_run_case+0x1a5/0x480 [ 14.683493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.685583] kthread+0x337/0x6f0 [ 14.685740] ret_from_fork+0x116/0x1d0 [ 14.685880] ret_from_fork_asm+0x1a/0x30 [ 14.686021] [ 14.686099] The buggy address belongs to the object at ffff8881029e5b80 [ 14.686099] which belongs to the cache kmalloc-64 of size 64 [ 14.686606] The buggy address is located 0 bytes to the right of [ 14.686606] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.687112] [ 14.687228] The buggy address belongs to the physical page: [ 14.687490] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.687842] flags: 0x200000000000000(node=0|zone=2) [ 14.688036] page_type: f5(slab) [ 14.688251] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.688587] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.688927] page dumped because: kasan: bad access detected [ 14.689160] [ 14.689281] Memory state around the buggy address: [ 14.689528] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.689849] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.690182] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.690525] ^ [ 14.690782] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.691113] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.691478] ================================================================== [ 14.989868] ================================================================== [ 14.990270] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 14.990659] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.991017] [ 14.991134] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.991222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.991235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.991258] Call Trace: [ 14.991284] <TASK> [ 14.991298] dump_stack_lvl+0x73/0xb0 [ 14.991356] print_report+0xd1/0x650 [ 14.991381] ? __virt_addr_valid+0x1db/0x2d0 [ 14.991405] ? kasan_atomics_helper+0x224c/0x5450 [ 14.991439] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.991463] ? kasan_atomics_helper+0x224c/0x5450 [ 14.991486] kasan_report+0x141/0x180 [ 14.991510] ? kasan_atomics_helper+0x224c/0x5450 [ 14.991538] kasan_check_range+0x10c/0x1c0 [ 14.991563] __kasan_check_write+0x18/0x20 [ 14.991584] kasan_atomics_helper+0x224c/0x5450 [ 14.991609] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.991641] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.991664] ? kasan_atomics+0x152/0x310 [ 14.991688] kasan_atomics+0x1dc/0x310 [ 14.991708] ? __pfx_kasan_atomics+0x10/0x10 [ 14.991760] ? __pfx_read_tsc+0x10/0x10 [ 14.991795] ? ktime_get_ts64+0x86/0x230 [ 14.991832] kunit_try_run_case+0x1a5/0x480 [ 14.991856] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.991879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.991903] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.991927] ? __kthread_parkme+0x82/0x180 [ 14.991948] ? preempt_count_sub+0x50/0x80 [ 14.991973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.991998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.992022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.992047] kthread+0x337/0x6f0 [ 14.992068] ? trace_preempt_on+0x20/0xc0 [ 14.992092] ? __pfx_kthread+0x10/0x10 [ 14.992114] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.992135] ? calculate_sigpending+0x7b/0xa0 [ 14.992179] ? __pfx_kthread+0x10/0x10 [ 14.992203] ret_from_fork+0x116/0x1d0 [ 14.992223] ? __pfx_kthread+0x10/0x10 [ 14.992246] ret_from_fork_asm+0x1a/0x30 [ 14.992279] </TASK> [ 14.992290] [ 15.000180] Allocated by task 282: [ 15.000317] kasan_save_stack+0x45/0x70 [ 15.000516] kasan_save_track+0x18/0x40 [ 15.000762] kasan_save_alloc_info+0x3b/0x50 [ 15.000978] __kasan_kmalloc+0xb7/0xc0 [ 15.001231] __kmalloc_cache_noprof+0x189/0x420 [ 15.001572] kasan_atomics+0x95/0x310 [ 15.001762] kunit_try_run_case+0x1a5/0x480 [ 15.001911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.002086] kthread+0x337/0x6f0 [ 15.002269] ret_from_fork+0x116/0x1d0 [ 15.002510] ret_from_fork_asm+0x1a/0x30 [ 15.002717] [ 15.002814] The buggy address belongs to the object at ffff8881029e5b80 [ 15.002814] which belongs to the cache kmalloc-64 of size 64 [ 15.003469] The buggy address is located 0 bytes to the right of [ 15.003469] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 15.004024] [ 15.004129] The buggy address belongs to the physical page: [ 15.004501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 15.004787] flags: 0x200000000000000(node=0|zone=2) [ 15.005028] page_type: f5(slab) [ 15.005185] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.005516] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.005860] page dumped because: kasan: bad access detected [ 15.006098] [ 15.006187] Memory state around the buggy address: [ 15.006401] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.006791] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.007099] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.007438] ^ [ 15.007598] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.007824] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.008143] ================================================================== [ 15.008798] ================================================================== [ 15.009095] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.009556] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 15.009795] [ 15.009883] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 15.009930] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.009943] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.009965] Call Trace: [ 15.009981] <TASK> [ 15.009997] dump_stack_lvl+0x73/0xb0 [ 15.010024] print_report+0xd1/0x650 [ 15.010047] ? __virt_addr_valid+0x1db/0x2d0 [ 15.010108] ? kasan_atomics_helper+0x5115/0x5450 [ 15.010133] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.010187] ? kasan_atomics_helper+0x5115/0x5450 [ 15.010240] kasan_report+0x141/0x180 [ 15.010267] ? kasan_atomics_helper+0x5115/0x5450 [ 15.010296] __asan_report_load8_noabort+0x18/0x20 [ 15.010328] kasan_atomics_helper+0x5115/0x5450 [ 15.010352] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.010376] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.010398] ? kasan_atomics+0x152/0x310 [ 15.010422] kasan_atomics+0x1dc/0x310 [ 15.010443] ? __pfx_kasan_atomics+0x10/0x10 [ 15.010471] ? __pfx_read_tsc+0x10/0x10 [ 15.010493] ? ktime_get_ts64+0x86/0x230 [ 15.010519] kunit_try_run_case+0x1a5/0x480 [ 15.010571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.010594] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.010634] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.010658] ? __kthread_parkme+0x82/0x180 [ 15.010680] ? preempt_count_sub+0x50/0x80 [ 15.010705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.010730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.010754] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.010778] kthread+0x337/0x6f0 [ 15.010799] ? trace_preempt_on+0x20/0xc0 [ 15.010824] ? __pfx_kthread+0x10/0x10 [ 15.010846] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.010867] ? calculate_sigpending+0x7b/0xa0 [ 15.010892] ? __pfx_kthread+0x10/0x10 [ 15.010915] ret_from_fork+0x116/0x1d0 [ 15.010935] ? __pfx_kthread+0x10/0x10 [ 15.010957] ret_from_fork_asm+0x1a/0x30 [ 15.010989] </TASK> [ 15.011000] [ 15.019118] Allocated by task 282: [ 15.019273] kasan_save_stack+0x45/0x70 [ 15.019420] kasan_save_track+0x18/0x40 [ 15.019602] kasan_save_alloc_info+0x3b/0x50 [ 15.019800] __kasan_kmalloc+0xb7/0xc0 [ 15.020009] __kmalloc_cache_noprof+0x189/0x420 [ 15.020206] kasan_atomics+0x95/0x310 [ 15.020423] kunit_try_run_case+0x1a5/0x480 [ 15.020602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.020786] kthread+0x337/0x6f0 [ 15.020915] ret_from_fork+0x116/0x1d0 [ 15.021108] ret_from_fork_asm+0x1a/0x30 [ 15.021428] [ 15.021551] The buggy address belongs to the object at ffff8881029e5b80 [ 15.021551] which belongs to the cache kmalloc-64 of size 64 [ 15.022065] The buggy address is located 0 bytes to the right of [ 15.022065] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 15.022601] [ 15.022713] The buggy address belongs to the physical page: [ 15.023080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 15.023513] flags: 0x200000000000000(node=0|zone=2) [ 15.023691] page_type: f5(slab) [ 15.023861] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.024274] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.024607] page dumped because: kasan: bad access detected [ 15.025233] [ 15.025507] Memory state around the buggy address: [ 15.025977] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.026840] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.027314] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.027937] ^ [ 15.028558] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.029157] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.029703] ================================================================== [ 13.626388] ================================================================== [ 13.626858] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 13.627746] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.628424] [ 13.628523] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.628597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.628610] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.628643] Call Trace: [ 13.628656] <TASK> [ 13.628670] dump_stack_lvl+0x73/0xb0 [ 13.628831] print_report+0xd1/0x650 [ 13.628863] ? __virt_addr_valid+0x1db/0x2d0 [ 13.628886] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.628907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.628931] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.628953] kasan_report+0x141/0x180 [ 13.628975] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.629002] __asan_report_load4_noabort+0x18/0x20 [ 13.629023] kasan_atomics_helper+0x4b88/0x5450 [ 13.629046] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.629069] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.629091] ? kasan_atomics+0x152/0x310 [ 13.629114] kasan_atomics+0x1dc/0x310 [ 13.629134] ? __pfx_kasan_atomics+0x10/0x10 [ 13.629155] ? __pfx_read_tsc+0x10/0x10 [ 13.629183] ? ktime_get_ts64+0x86/0x230 [ 13.629208] kunit_try_run_case+0x1a5/0x480 [ 13.629231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.629252] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.629274] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.629297] ? __kthread_parkme+0x82/0x180 [ 13.629317] ? preempt_count_sub+0x50/0x80 [ 13.629341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.629365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.629389] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.629412] kthread+0x337/0x6f0 [ 13.629433] ? trace_preempt_on+0x20/0xc0 [ 13.629455] ? __pfx_kthread+0x10/0x10 [ 13.629476] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.629497] ? calculate_sigpending+0x7b/0xa0 [ 13.629529] ? __pfx_kthread+0x10/0x10 [ 13.629551] ret_from_fork+0x116/0x1d0 [ 13.629569] ? __pfx_kthread+0x10/0x10 [ 13.629590] ret_from_fork_asm+0x1a/0x30 [ 13.629633] </TASK> [ 13.629644] [ 13.641514] Allocated by task 282: [ 13.641926] kasan_save_stack+0x45/0x70 [ 13.642105] kasan_save_track+0x18/0x40 [ 13.642439] kasan_save_alloc_info+0x3b/0x50 [ 13.642855] __kasan_kmalloc+0xb7/0xc0 [ 13.643118] __kmalloc_cache_noprof+0x189/0x420 [ 13.643344] kasan_atomics+0x95/0x310 [ 13.643530] kunit_try_run_case+0x1a5/0x480 [ 13.643935] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.644307] kthread+0x337/0x6f0 [ 13.644576] ret_from_fork+0x116/0x1d0 [ 13.644953] ret_from_fork_asm+0x1a/0x30 [ 13.645150] [ 13.645270] The buggy address belongs to the object at ffff8881029e5b80 [ 13.645270] which belongs to the cache kmalloc-64 of size 64 [ 13.646109] The buggy address is located 0 bytes to the right of [ 13.646109] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.647225] [ 13.647378] The buggy address belongs to the physical page: [ 13.647820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.648073] flags: 0x200000000000000(node=0|zone=2) [ 13.648349] page_type: f5(slab) [ 13.648849] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.649164] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.649519] page dumped because: kasan: bad access detected [ 13.650039] [ 13.650141] Memory state around the buggy address: [ 13.650410] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.651080] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.651523] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.652293] ^ [ 13.652795] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.653105] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.653700] ================================================================== [ 13.858234] ================================================================== [ 13.859177] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 13.859417] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.860034] [ 13.860279] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.860329] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.860344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.860367] Call Trace: [ 13.860382] <TASK> [ 13.860399] dump_stack_lvl+0x73/0xb0 [ 13.860457] print_report+0xd1/0x650 [ 13.860483] ? __virt_addr_valid+0x1db/0x2d0 [ 13.860507] ? kasan_atomics_helper+0x7c7/0x5450 [ 13.860581] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.860606] ? kasan_atomics_helper+0x7c7/0x5450 [ 13.860639] kasan_report+0x141/0x180 [ 13.860664] ? kasan_atomics_helper+0x7c7/0x5450 [ 13.860692] kasan_check_range+0x10c/0x1c0 [ 13.860718] __kasan_check_write+0x18/0x20 [ 13.860738] kasan_atomics_helper+0x7c7/0x5450 [ 13.860762] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.860786] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.860808] ? kasan_atomics+0x152/0x310 [ 13.860834] kasan_atomics+0x1dc/0x310 [ 13.860854] ? __pfx_kasan_atomics+0x10/0x10 [ 13.860876] ? __pfx_read_tsc+0x10/0x10 [ 13.860897] ? ktime_get_ts64+0x86/0x230 [ 13.860924] kunit_try_run_case+0x1a5/0x480 [ 13.860948] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.860971] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.860995] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.861017] ? __kthread_parkme+0x82/0x180 [ 13.861039] ? preempt_count_sub+0x50/0x80 [ 13.861065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.861089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.861113] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.861137] kthread+0x337/0x6f0 [ 13.861157] ? trace_preempt_on+0x20/0xc0 [ 13.861195] ? __pfx_kthread+0x10/0x10 [ 13.861217] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.861239] ? calculate_sigpending+0x7b/0xa0 [ 13.861263] ? __pfx_kthread+0x10/0x10 [ 13.861287] ret_from_fork+0x116/0x1d0 [ 13.861306] ? __pfx_kthread+0x10/0x10 [ 13.861328] ret_from_fork_asm+0x1a/0x30 [ 13.861361] </TASK> [ 13.861372] [ 13.871405] Allocated by task 282: [ 13.871568] kasan_save_stack+0x45/0x70 [ 13.871838] kasan_save_track+0x18/0x40 [ 13.872043] kasan_save_alloc_info+0x3b/0x50 [ 13.872343] __kasan_kmalloc+0xb7/0xc0 [ 13.872566] __kmalloc_cache_noprof+0x189/0x420 [ 13.872773] kasan_atomics+0x95/0x310 [ 13.872946] kunit_try_run_case+0x1a5/0x480 [ 13.873096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.873314] kthread+0x337/0x6f0 [ 13.873808] ret_from_fork+0x116/0x1d0 [ 13.874023] ret_from_fork_asm+0x1a/0x30 [ 13.874223] [ 13.874319] The buggy address belongs to the object at ffff8881029e5b80 [ 13.874319] which belongs to the cache kmalloc-64 of size 64 [ 13.874860] The buggy address is located 0 bytes to the right of [ 13.874860] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.875457] [ 13.875586] The buggy address belongs to the physical page: [ 13.875791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.876138] flags: 0x200000000000000(node=0|zone=2) [ 13.876361] page_type: f5(slab) [ 13.876580] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.876843] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.877072] page dumped because: kasan: bad access detected [ 13.877297] [ 13.877392] Memory state around the buggy address: [ 13.877797] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.878127] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.878361] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.878580] ^ [ 13.879000] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.879579] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.879927] ================================================================== [ 14.296030] ================================================================== [ 14.296591] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.297276] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.297891] [ 14.298178] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.298228] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.298242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.298263] Call Trace: [ 14.298281] <TASK> [ 14.298296] dump_stack_lvl+0x73/0xb0 [ 14.298326] print_report+0xd1/0x650 [ 14.298349] ? __virt_addr_valid+0x1db/0x2d0 [ 14.298375] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.298398] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.298423] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.298446] kasan_report+0x141/0x180 [ 14.298477] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.298505] __asan_report_load4_noabort+0x18/0x20 [ 14.298655] kasan_atomics_helper+0x4a02/0x5450 [ 14.298686] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.298711] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.298734] ? kasan_atomics+0x152/0x310 [ 14.298758] kasan_atomics+0x1dc/0x310 [ 14.298779] ? __pfx_kasan_atomics+0x10/0x10 [ 14.298802] ? __pfx_read_tsc+0x10/0x10 [ 14.298824] ? ktime_get_ts64+0x86/0x230 [ 14.298850] kunit_try_run_case+0x1a5/0x480 [ 14.298874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.298898] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.298921] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.298944] ? __kthread_parkme+0x82/0x180 [ 14.298965] ? preempt_count_sub+0x50/0x80 [ 14.298990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.299015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.299038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.299062] kthread+0x337/0x6f0 [ 14.299083] ? trace_preempt_on+0x20/0xc0 [ 14.299108] ? __pfx_kthread+0x10/0x10 [ 14.299129] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.299151] ? calculate_sigpending+0x7b/0xa0 [ 14.299175] ? __pfx_kthread+0x10/0x10 [ 14.299198] ret_from_fork+0x116/0x1d0 [ 14.299217] ? __pfx_kthread+0x10/0x10 [ 14.299239] ret_from_fork_asm+0x1a/0x30 [ 14.299271] </TASK> [ 14.299282] [ 14.311148] Allocated by task 282: [ 14.311483] kasan_save_stack+0x45/0x70 [ 14.311703] kasan_save_track+0x18/0x40 [ 14.312211] kasan_save_alloc_info+0x3b/0x50 [ 14.312514] __kasan_kmalloc+0xb7/0xc0 [ 14.312893] __kmalloc_cache_noprof+0x189/0x420 [ 14.313058] kasan_atomics+0x95/0x310 [ 14.313280] kunit_try_run_case+0x1a5/0x480 [ 14.313888] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.314147] kthread+0x337/0x6f0 [ 14.314385] ret_from_fork+0x116/0x1d0 [ 14.314730] ret_from_fork_asm+0x1a/0x30 [ 14.314895] [ 14.314995] The buggy address belongs to the object at ffff8881029e5b80 [ 14.314995] which belongs to the cache kmalloc-64 of size 64 [ 14.315770] The buggy address is located 0 bytes to the right of [ 14.315770] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.316440] [ 14.316765] The buggy address belongs to the physical page: [ 14.317099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.317538] flags: 0x200000000000000(node=0|zone=2) [ 14.317877] page_type: f5(slab) [ 14.318056] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.318630] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.319193] page dumped because: kasan: bad access detected [ 14.319516] [ 14.319637] Memory state around the buggy address: [ 14.320130] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.320535] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.321033] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.321375] ^ [ 14.321547] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.322078] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.322472] ================================================================== [ 13.739918] ================================================================== [ 13.740314] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 13.740732] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.741089] [ 13.741200] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.741284] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.741301] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.741335] Call Trace: [ 13.741349] <TASK> [ 13.741364] dump_stack_lvl+0x73/0xb0 [ 13.741394] print_report+0xd1/0x650 [ 13.741418] ? __virt_addr_valid+0x1db/0x2d0 [ 13.741445] ? kasan_atomics_helper+0x4b3a/0x5450 [ 13.741493] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.741579] ? kasan_atomics_helper+0x4b3a/0x5450 [ 13.741609] kasan_report+0x141/0x180 [ 13.741646] ? kasan_atomics_helper+0x4b3a/0x5450 [ 13.741678] __asan_report_store4_noabort+0x1b/0x30 [ 13.741704] kasan_atomics_helper+0x4b3a/0x5450 [ 13.741731] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.741758] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.741784] ? kasan_atomics+0x152/0x310 [ 13.741832] kasan_atomics+0x1dc/0x310 [ 13.741856] ? __pfx_kasan_atomics+0x10/0x10 [ 13.741880] ? __pfx_read_tsc+0x10/0x10 [ 13.741919] ? ktime_get_ts64+0x86/0x230 [ 13.741946] kunit_try_run_case+0x1a5/0x480 [ 13.741974] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.741999] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.742025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.742052] ? __kthread_parkme+0x82/0x180 [ 13.742075] ? preempt_count_sub+0x50/0x80 [ 13.742103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.742131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.742195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.742226] kthread+0x337/0x6f0 [ 13.742247] ? trace_preempt_on+0x20/0xc0 [ 13.742274] ? __pfx_kthread+0x10/0x10 [ 13.742298] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.742340] ? calculate_sigpending+0x7b/0xa0 [ 13.742367] ? __pfx_kthread+0x10/0x10 [ 13.742392] ret_from_fork+0x116/0x1d0 [ 13.742413] ? __pfx_kthread+0x10/0x10 [ 13.742436] ret_from_fork_asm+0x1a/0x30 [ 13.742482] </TASK> [ 13.742494] [ 13.751246] Allocated by task 282: [ 13.751441] kasan_save_stack+0x45/0x70 [ 13.751739] kasan_save_track+0x18/0x40 [ 13.751966] kasan_save_alloc_info+0x3b/0x50 [ 13.752150] __kasan_kmalloc+0xb7/0xc0 [ 13.752371] __kmalloc_cache_noprof+0x189/0x420 [ 13.752695] kasan_atomics+0x95/0x310 [ 13.752876] kunit_try_run_case+0x1a5/0x480 [ 13.753114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.753304] kthread+0x337/0x6f0 [ 13.753477] ret_from_fork+0x116/0x1d0 [ 13.753746] ret_from_fork_asm+0x1a/0x30 [ 13.753955] [ 13.754053] The buggy address belongs to the object at ffff8881029e5b80 [ 13.754053] which belongs to the cache kmalloc-64 of size 64 [ 13.754649] The buggy address is located 0 bytes to the right of [ 13.754649] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.755216] [ 13.755340] The buggy address belongs to the physical page: [ 13.755942] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.756343] flags: 0x200000000000000(node=0|zone=2) [ 13.756643] page_type: f5(slab) [ 13.756821] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.757195] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.757503] page dumped because: kasan: bad access detected [ 13.757792] [ 13.757919] Memory state around the buggy address: [ 13.758191] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.758495] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.758913] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.759286] ^ [ 13.759587] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.759940] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.760225] ================================================================== [ 13.781931] ================================================================== [ 13.782306] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 13.782954] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.783370] [ 13.783484] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.783588] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.783603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.783634] Call Trace: [ 13.783646] <TASK> [ 13.783660] dump_stack_lvl+0x73/0xb0 [ 13.783689] print_report+0xd1/0x650 [ 13.783736] ? __virt_addr_valid+0x1db/0x2d0 [ 13.783760] ? kasan_atomics_helper+0x5fe/0x5450 [ 13.783782] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.783822] ? kasan_atomics_helper+0x5fe/0x5450 [ 13.783845] kasan_report+0x141/0x180 [ 13.783881] ? kasan_atomics_helper+0x5fe/0x5450 [ 13.783910] kasan_check_range+0x10c/0x1c0 [ 13.783934] __kasan_check_write+0x18/0x20 [ 13.783955] kasan_atomics_helper+0x5fe/0x5450 [ 13.783980] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.784004] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.784026] ? kasan_atomics+0x152/0x310 [ 13.784051] kasan_atomics+0x1dc/0x310 [ 13.784070] ? __pfx_kasan_atomics+0x10/0x10 [ 13.784092] ? __pfx_read_tsc+0x10/0x10 [ 13.784113] ? ktime_get_ts64+0x86/0x230 [ 13.784140] kunit_try_run_case+0x1a5/0x480 [ 13.784182] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.784206] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.784229] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.784251] ? __kthread_parkme+0x82/0x180 [ 13.784272] ? preempt_count_sub+0x50/0x80 [ 13.784297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.784322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.784346] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.784370] kthread+0x337/0x6f0 [ 13.784390] ? trace_preempt_on+0x20/0xc0 [ 13.784415] ? __pfx_kthread+0x10/0x10 [ 13.784437] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.784458] ? calculate_sigpending+0x7b/0xa0 [ 13.784483] ? __pfx_kthread+0x10/0x10 [ 13.784552] ret_from_fork+0x116/0x1d0 [ 13.784576] ? __pfx_kthread+0x10/0x10 [ 13.784598] ret_from_fork_asm+0x1a/0x30 [ 13.784641] </TASK> [ 13.784652] [ 13.792979] Allocated by task 282: [ 13.793145] kasan_save_stack+0x45/0x70 [ 13.793313] kasan_save_track+0x18/0x40 [ 13.793450] kasan_save_alloc_info+0x3b/0x50 [ 13.793892] __kasan_kmalloc+0xb7/0xc0 [ 13.794130] __kmalloc_cache_noprof+0x189/0x420 [ 13.794418] kasan_atomics+0x95/0x310 [ 13.794712] kunit_try_run_case+0x1a5/0x480 [ 13.794945] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.795228] kthread+0x337/0x6f0 [ 13.795425] ret_from_fork+0x116/0x1d0 [ 13.795697] ret_from_fork_asm+0x1a/0x30 [ 13.795894] [ 13.795994] The buggy address belongs to the object at ffff8881029e5b80 [ 13.795994] which belongs to the cache kmalloc-64 of size 64 [ 13.796384] The buggy address is located 0 bytes to the right of [ 13.796384] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.797051] [ 13.797173] The buggy address belongs to the physical page: [ 13.797470] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.797897] flags: 0x200000000000000(node=0|zone=2) [ 13.798100] page_type: f5(slab) [ 13.798257] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.798840] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.799153] page dumped because: kasan: bad access detected [ 13.799426] [ 13.799516] Memory state around the buggy address: [ 13.799817] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.800186] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.800498] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.800806] ^ [ 13.801034] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.801395] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.801759] ================================================================== [ 13.899692] ================================================================== [ 13.899999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 13.900266] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.900787] [ 13.900895] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.900942] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.900955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.900977] Call Trace: [ 13.900991] <TASK> [ 13.901007] dump_stack_lvl+0x73/0xb0 [ 13.901034] print_report+0xd1/0x650 [ 13.901057] ? __virt_addr_valid+0x1db/0x2d0 [ 13.901082] ? kasan_atomics_helper+0x8f9/0x5450 [ 13.901105] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.901128] ? kasan_atomics_helper+0x8f9/0x5450 [ 13.901152] kasan_report+0x141/0x180 [ 13.901177] ? kasan_atomics_helper+0x8f9/0x5450 [ 13.901206] kasan_check_range+0x10c/0x1c0 [ 13.901232] __kasan_check_write+0x18/0x20 [ 13.901253] kasan_atomics_helper+0x8f9/0x5450 [ 13.901278] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.901301] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.901323] ? kasan_atomics+0x152/0x310 [ 13.901348] kasan_atomics+0x1dc/0x310 [ 13.901367] ? __pfx_kasan_atomics+0x10/0x10 [ 13.901390] ? __pfx_read_tsc+0x10/0x10 [ 13.901411] ? ktime_get_ts64+0x86/0x230 [ 13.901438] kunit_try_run_case+0x1a5/0x480 [ 13.901461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.901485] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.901508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.901532] ? __kthread_parkme+0x82/0x180 [ 13.901553] ? preempt_count_sub+0x50/0x80 [ 13.901578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.901603] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.901682] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.901709] kthread+0x337/0x6f0 [ 13.901730] ? trace_preempt_on+0x20/0xc0 [ 13.901756] ? __pfx_kthread+0x10/0x10 [ 13.901777] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.901799] ? calculate_sigpending+0x7b/0xa0 [ 13.901824] ? __pfx_kthread+0x10/0x10 [ 13.901847] ret_from_fork+0x116/0x1d0 [ 13.901866] ? __pfx_kthread+0x10/0x10 [ 13.901888] ret_from_fork_asm+0x1a/0x30 [ 13.901921] </TASK> [ 13.901933] [ 13.910416] Allocated by task 282: [ 13.910607] kasan_save_stack+0x45/0x70 [ 13.910875] kasan_save_track+0x18/0x40 [ 13.911313] kasan_save_alloc_info+0x3b/0x50 [ 13.911499] __kasan_kmalloc+0xb7/0xc0 [ 13.911720] __kmalloc_cache_noprof+0x189/0x420 [ 13.911916] kasan_atomics+0x95/0x310 [ 13.912079] kunit_try_run_case+0x1a5/0x480 [ 13.912316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.912497] kthread+0x337/0x6f0 [ 13.912629] ret_from_fork+0x116/0x1d0 [ 13.912821] ret_from_fork_asm+0x1a/0x30 [ 13.913017] [ 13.913114] The buggy address belongs to the object at ffff8881029e5b80 [ 13.913114] which belongs to the cache kmalloc-64 of size 64 [ 13.913528] The buggy address is located 0 bytes to the right of [ 13.913528] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.914278] [ 13.914379] The buggy address belongs to the physical page: [ 13.914590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.914840] flags: 0x200000000000000(node=0|zone=2) [ 13.915004] page_type: f5(slab) [ 13.915128] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.915420] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.915844] page dumped because: kasan: bad access detected [ 13.916093] [ 13.916185] Memory state around the buggy address: [ 13.916408] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.916917] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.917333] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.917715] ^ [ 13.917913] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.918171] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.918480] ================================================================== [ 14.616952] ================================================================== [ 14.617242] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 14.617577] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.617859] [ 14.617945] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.617989] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.618002] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.618024] Call Trace: [ 14.618037] <TASK> [ 14.618051] dump_stack_lvl+0x73/0xb0 [ 14.618077] print_report+0xd1/0x650 [ 14.618100] ? __virt_addr_valid+0x1db/0x2d0 [ 14.618124] ? kasan_atomics_helper+0x1818/0x5450 [ 14.618148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.618170] ? kasan_atomics_helper+0x1818/0x5450 [ 14.618203] kasan_report+0x141/0x180 [ 14.618227] ? kasan_atomics_helper+0x1818/0x5450 [ 14.618255] kasan_check_range+0x10c/0x1c0 [ 14.618280] __kasan_check_write+0x18/0x20 [ 14.618301] kasan_atomics_helper+0x1818/0x5450 [ 14.618326] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.618350] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.618372] ? kasan_atomics+0x152/0x310 [ 14.618397] kasan_atomics+0x1dc/0x310 [ 14.618418] ? __pfx_kasan_atomics+0x10/0x10 [ 14.618440] ? __pfx_read_tsc+0x10/0x10 [ 14.618468] ? ktime_get_ts64+0x86/0x230 [ 14.618495] kunit_try_run_case+0x1a5/0x480 [ 14.618519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.618542] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.618566] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.618590] ? __kthread_parkme+0x82/0x180 [ 14.618622] ? preempt_count_sub+0x50/0x80 [ 14.618648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.618673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.618697] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.618722] kthread+0x337/0x6f0 [ 14.618743] ? trace_preempt_on+0x20/0xc0 [ 14.618769] ? __pfx_kthread+0x10/0x10 [ 14.618792] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.618813] ? calculate_sigpending+0x7b/0xa0 [ 14.618838] ? __pfx_kthread+0x10/0x10 [ 14.618862] ret_from_fork+0x116/0x1d0 [ 14.618882] ? __pfx_kthread+0x10/0x10 [ 14.618904] ret_from_fork_asm+0x1a/0x30 [ 14.618937] </TASK> [ 14.618948] [ 14.626694] Allocated by task 282: [ 14.626876] kasan_save_stack+0x45/0x70 [ 14.627046] kasan_save_track+0x18/0x40 [ 14.627192] kasan_save_alloc_info+0x3b/0x50 [ 14.627403] __kasan_kmalloc+0xb7/0xc0 [ 14.627590] __kmalloc_cache_noprof+0x189/0x420 [ 14.627787] kasan_atomics+0x95/0x310 [ 14.627959] kunit_try_run_case+0x1a5/0x480 [ 14.628109] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.628566] kthread+0x337/0x6f0 [ 14.628736] ret_from_fork+0x116/0x1d0 [ 14.628873] ret_from_fork_asm+0x1a/0x30 [ 14.629016] [ 14.629088] The buggy address belongs to the object at ffff8881029e5b80 [ 14.629088] which belongs to the cache kmalloc-64 of size 64 [ 14.629722] The buggy address is located 0 bytes to the right of [ 14.629722] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.630182] [ 14.630259] The buggy address belongs to the physical page: [ 14.630432] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.630686] flags: 0x200000000000000(node=0|zone=2) [ 14.630850] page_type: f5(slab) [ 14.630972] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.631478] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.631835] page dumped because: kasan: bad access detected [ 14.632086] [ 14.632179] Memory state around the buggy address: [ 14.632406] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.632735] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.633157] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.633447] ^ [ 14.633633] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.633848] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.634481] ================================================================== [ 14.934315] ================================================================== [ 14.934850] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 14.935182] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.935586] [ 14.935716] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.935764] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.935777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.935799] Call Trace: [ 14.935814] <TASK> [ 14.935830] dump_stack_lvl+0x73/0xb0 [ 14.935856] print_report+0xd1/0x650 [ 14.935880] ? __virt_addr_valid+0x1db/0x2d0 [ 14.935904] ? kasan_atomics_helper+0x4fb2/0x5450 [ 14.935927] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.935950] ? kasan_atomics_helper+0x4fb2/0x5450 [ 14.935973] kasan_report+0x141/0x180 [ 14.935997] ? kasan_atomics_helper+0x4fb2/0x5450 [ 14.936025] __asan_report_load8_noabort+0x18/0x20 [ 14.936047] kasan_atomics_helper+0x4fb2/0x5450 [ 14.936071] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.936095] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.936117] ? kasan_atomics+0x152/0x310 [ 14.936142] kasan_atomics+0x1dc/0x310 [ 14.936185] ? __pfx_kasan_atomics+0x10/0x10 [ 14.936207] ? __pfx_read_tsc+0x10/0x10 [ 14.936229] ? ktime_get_ts64+0x86/0x230 [ 14.936255] kunit_try_run_case+0x1a5/0x480 [ 14.936279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.936302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.936335] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.936360] ? __kthread_parkme+0x82/0x180 [ 14.936381] ? preempt_count_sub+0x50/0x80 [ 14.936416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.936440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.936466] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.936490] kthread+0x337/0x6f0 [ 14.936511] ? trace_preempt_on+0x20/0xc0 [ 14.936535] ? __pfx_kthread+0x10/0x10 [ 14.936558] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.936579] ? calculate_sigpending+0x7b/0xa0 [ 14.936604] ? __pfx_kthread+0x10/0x10 [ 14.936636] ret_from_fork+0x116/0x1d0 [ 14.936654] ? __pfx_kthread+0x10/0x10 [ 14.936676] ret_from_fork_asm+0x1a/0x30 [ 14.936708] </TASK> [ 14.936719] [ 14.944179] Allocated by task 282: [ 14.944381] kasan_save_stack+0x45/0x70 [ 14.944585] kasan_save_track+0x18/0x40 [ 14.944814] kasan_save_alloc_info+0x3b/0x50 [ 14.945008] __kasan_kmalloc+0xb7/0xc0 [ 14.945224] __kmalloc_cache_noprof+0x189/0x420 [ 14.945409] kasan_atomics+0x95/0x310 [ 14.945543] kunit_try_run_case+0x1a5/0x480 [ 14.945701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.945876] kthread+0x337/0x6f0 [ 14.945999] ret_from_fork+0x116/0x1d0 [ 14.946144] ret_from_fork_asm+0x1a/0x30 [ 14.946395] [ 14.946514] The buggy address belongs to the object at ffff8881029e5b80 [ 14.946514] which belongs to the cache kmalloc-64 of size 64 [ 14.947060] The buggy address is located 0 bytes to the right of [ 14.947060] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.947660] [ 14.947760] The buggy address belongs to the physical page: [ 14.948040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.948434] flags: 0x200000000000000(node=0|zone=2) [ 14.948645] page_type: f5(slab) [ 14.948835] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.949156] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.949449] page dumped because: kasan: bad access detected [ 14.949630] [ 14.949748] Memory state around the buggy address: [ 14.949977] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.950286] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.950527] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.950852] ^ [ 14.951069] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.951346] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.951559] ================================================================== [ 14.442187] ================================================================== [ 14.443020] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.443471] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.443778] [ 14.443931] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.443980] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.443992] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.444014] Call Trace: [ 14.444030] <TASK> [ 14.444045] dump_stack_lvl+0x73/0xb0 [ 14.444073] print_report+0xd1/0x650 [ 14.444098] ? __virt_addr_valid+0x1db/0x2d0 [ 14.444123] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.444146] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.444169] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.444465] kasan_report+0x141/0x180 [ 14.444492] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.444521] __asan_report_load8_noabort+0x18/0x20 [ 14.444543] kasan_atomics_helper+0x4eae/0x5450 [ 14.444569] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.444592] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.444638] ? kasan_atomics+0x152/0x310 [ 14.444664] kasan_atomics+0x1dc/0x310 [ 14.444685] ? __pfx_kasan_atomics+0x10/0x10 [ 14.444707] ? __pfx_read_tsc+0x10/0x10 [ 14.444729] ? ktime_get_ts64+0x86/0x230 [ 14.444755] kunit_try_run_case+0x1a5/0x480 [ 14.444780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.444803] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.444827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.444850] ? __kthread_parkme+0x82/0x180 [ 14.444872] ? preempt_count_sub+0x50/0x80 [ 14.444897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.444921] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.444945] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.444968] kthread+0x337/0x6f0 [ 14.444989] ? trace_preempt_on+0x20/0xc0 [ 14.445014] ? __pfx_kthread+0x10/0x10 [ 14.445036] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.445058] ? calculate_sigpending+0x7b/0xa0 [ 14.445082] ? __pfx_kthread+0x10/0x10 [ 14.445105] ret_from_fork+0x116/0x1d0 [ 14.445124] ? __pfx_kthread+0x10/0x10 [ 14.445146] ret_from_fork_asm+0x1a/0x30 [ 14.445180] </TASK> [ 14.445192] [ 14.456017] Allocated by task 282: [ 14.456468] kasan_save_stack+0x45/0x70 [ 14.456770] kasan_save_track+0x18/0x40 [ 14.456960] kasan_save_alloc_info+0x3b/0x50 [ 14.457173] __kasan_kmalloc+0xb7/0xc0 [ 14.457342] __kmalloc_cache_noprof+0x189/0x420 [ 14.457564] kasan_atomics+0x95/0x310 [ 14.457795] kunit_try_run_case+0x1a5/0x480 [ 14.457967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.458216] kthread+0x337/0x6f0 [ 14.458828] ret_from_fork+0x116/0x1d0 [ 14.458988] ret_from_fork_asm+0x1a/0x30 [ 14.459439] [ 14.459523] The buggy address belongs to the object at ffff8881029e5b80 [ 14.459523] which belongs to the cache kmalloc-64 of size 64 [ 14.460378] The buggy address is located 0 bytes to the right of [ 14.460378] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.461094] [ 14.461207] The buggy address belongs to the physical page: [ 14.461653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.462127] flags: 0x200000000000000(node=0|zone=2) [ 14.462384] page_type: f5(slab) [ 14.462774] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.463084] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.463699] page dumped because: kasan: bad access detected [ 14.463905] [ 14.464100] Memory state around the buggy address: [ 14.464275] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.464857] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.465296] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.465764] ^ [ 14.466022] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.466422] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.466895] ================================================================== [ 14.094411] ================================================================== [ 14.094985] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.095332] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.095556] [ 14.095653] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.095701] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.095715] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.095737] Call Trace: [ 14.095752] <TASK> [ 14.095768] dump_stack_lvl+0x73/0xb0 [ 14.095795] print_report+0xd1/0x650 [ 14.095818] ? __virt_addr_valid+0x1db/0x2d0 [ 14.095842] ? kasan_atomics_helper+0xe78/0x5450 [ 14.095865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.095889] ? kasan_atomics_helper+0xe78/0x5450 [ 14.095912] kasan_report+0x141/0x180 [ 14.095935] ? kasan_atomics_helper+0xe78/0x5450 [ 14.095964] kasan_check_range+0x10c/0x1c0 [ 14.095989] __kasan_check_write+0x18/0x20 [ 14.096009] kasan_atomics_helper+0xe78/0x5450 [ 14.096033] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.096057] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.096080] ? kasan_atomics+0x152/0x310 [ 14.096104] kasan_atomics+0x1dc/0x310 [ 14.096191] ? __pfx_kasan_atomics+0x10/0x10 [ 14.096214] ? __pfx_read_tsc+0x10/0x10 [ 14.096236] ? ktime_get_ts64+0x86/0x230 [ 14.096262] kunit_try_run_case+0x1a5/0x480 [ 14.096287] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.096311] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.096334] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.096358] ? __kthread_parkme+0x82/0x180 [ 14.096380] ? preempt_count_sub+0x50/0x80 [ 14.096405] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.096429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.096453] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.096478] kthread+0x337/0x6f0 [ 14.096498] ? trace_preempt_on+0x20/0xc0 [ 14.096523] ? __pfx_kthread+0x10/0x10 [ 14.096557] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.096578] ? calculate_sigpending+0x7b/0xa0 [ 14.096603] ? __pfx_kthread+0x10/0x10 [ 14.096637] ret_from_fork+0x116/0x1d0 [ 14.096657] ? __pfx_kthread+0x10/0x10 [ 14.096679] ret_from_fork_asm+0x1a/0x30 [ 14.096711] </TASK> [ 14.096722] [ 14.105395] Allocated by task 282: [ 14.105656] kasan_save_stack+0x45/0x70 [ 14.105859] kasan_save_track+0x18/0x40 [ 14.106043] kasan_save_alloc_info+0x3b/0x50 [ 14.106248] __kasan_kmalloc+0xb7/0xc0 [ 14.106443] __kmalloc_cache_noprof+0x189/0x420 [ 14.106780] kasan_atomics+0x95/0x310 [ 14.106946] kunit_try_run_case+0x1a5/0x480 [ 14.107137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.107371] kthread+0x337/0x6f0 [ 14.107512] ret_from_fork+0x116/0x1d0 [ 14.108432] ret_from_fork_asm+0x1a/0x30 [ 14.108976] [ 14.109163] The buggy address belongs to the object at ffff8881029e5b80 [ 14.109163] which belongs to the cache kmalloc-64 of size 64 [ 14.109797] The buggy address is located 0 bytes to the right of [ 14.109797] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.110978] [ 14.111192] The buggy address belongs to the physical page: [ 14.111727] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.112572] flags: 0x200000000000000(node=0|zone=2) [ 14.112937] page_type: f5(slab) [ 14.113066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.113565] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.114317] page dumped because: kasan: bad access detected [ 14.114861] [ 14.115087] Memory state around the buggy address: [ 14.115502] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.116087] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.116595] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.117370] ^ [ 14.117832] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.118434] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.118825] ================================================================== [ 14.515117] ================================================================== [ 14.515346] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.516282] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.516690] [ 14.516893] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.516945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.516959] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.516981] Call Trace: [ 14.516997] <TASK> [ 14.517014] dump_stack_lvl+0x73/0xb0 [ 14.517134] print_report+0xd1/0x650 [ 14.517159] ? __virt_addr_valid+0x1db/0x2d0 [ 14.517197] ? kasan_atomics_helper+0x151d/0x5450 [ 14.517220] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.517245] ? kasan_atomics_helper+0x151d/0x5450 [ 14.517268] kasan_report+0x141/0x180 [ 14.517292] ? kasan_atomics_helper+0x151d/0x5450 [ 14.517321] kasan_check_range+0x10c/0x1c0 [ 14.517348] __kasan_check_write+0x18/0x20 [ 14.517369] kasan_atomics_helper+0x151d/0x5450 [ 14.517394] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.517418] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.517440] ? kasan_atomics+0x152/0x310 [ 14.517464] kasan_atomics+0x1dc/0x310 [ 14.517485] ? __pfx_kasan_atomics+0x10/0x10 [ 14.517506] ? __pfx_read_tsc+0x10/0x10 [ 14.517528] ? ktime_get_ts64+0x86/0x230 [ 14.517554] kunit_try_run_case+0x1a5/0x480 [ 14.517578] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.517601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.517635] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.517659] ? __kthread_parkme+0x82/0x180 [ 14.517682] ? preempt_count_sub+0x50/0x80 [ 14.517706] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.517731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.517755] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.517779] kthread+0x337/0x6f0 [ 14.517800] ? trace_preempt_on+0x20/0xc0 [ 14.517824] ? __pfx_kthread+0x10/0x10 [ 14.517846] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.517867] ? calculate_sigpending+0x7b/0xa0 [ 14.517891] ? __pfx_kthread+0x10/0x10 [ 14.517914] ret_from_fork+0x116/0x1d0 [ 14.517933] ? __pfx_kthread+0x10/0x10 [ 14.517955] ret_from_fork_asm+0x1a/0x30 [ 14.517988] </TASK> [ 14.518000] [ 14.528492] Allocated by task 282: [ 14.528674] kasan_save_stack+0x45/0x70 [ 14.528966] kasan_save_track+0x18/0x40 [ 14.529155] kasan_save_alloc_info+0x3b/0x50 [ 14.529453] __kasan_kmalloc+0xb7/0xc0 [ 14.529597] __kmalloc_cache_noprof+0x189/0x420 [ 14.529958] kasan_atomics+0x95/0x310 [ 14.530238] kunit_try_run_case+0x1a5/0x480 [ 14.530459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.530672] kthread+0x337/0x6f0 [ 14.530849] ret_from_fork+0x116/0x1d0 [ 14.531026] ret_from_fork_asm+0x1a/0x30 [ 14.531211] [ 14.531637] The buggy address belongs to the object at ffff8881029e5b80 [ 14.531637] which belongs to the cache kmalloc-64 of size 64 [ 14.532287] The buggy address is located 0 bytes to the right of [ 14.532287] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.532919] [ 14.533008] The buggy address belongs to the physical page: [ 14.533398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.533836] flags: 0x200000000000000(node=0|zone=2) [ 14.534065] page_type: f5(slab) [ 14.534410] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.534765] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.535163] page dumped because: kasan: bad access detected [ 14.535505] [ 14.535585] Memory state around the buggy address: [ 14.535950] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.536376] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.536743] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.537049] ^ [ 14.537388] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.537764] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.538111] ================================================================== [ 14.652313] ================================================================== [ 14.653076] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 14.653469] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.653827] [ 14.653937] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.653983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.653995] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.654016] Call Trace: [ 14.654030] <TASK> [ 14.654045] dump_stack_lvl+0x73/0xb0 [ 14.654093] print_report+0xd1/0x650 [ 14.654116] ? __virt_addr_valid+0x1db/0x2d0 [ 14.654140] ? kasan_atomics_helper+0x194a/0x5450 [ 14.654191] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.654214] ? kasan_atomics_helper+0x194a/0x5450 [ 14.654237] kasan_report+0x141/0x180 [ 14.654262] ? kasan_atomics_helper+0x194a/0x5450 [ 14.654290] kasan_check_range+0x10c/0x1c0 [ 14.654332] __kasan_check_write+0x18/0x20 [ 14.654354] kasan_atomics_helper+0x194a/0x5450 [ 14.654378] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.654401] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.654425] ? kasan_atomics+0x152/0x310 [ 14.654449] kasan_atomics+0x1dc/0x310 [ 14.654500] ? __pfx_kasan_atomics+0x10/0x10 [ 14.654523] ? __pfx_read_tsc+0x10/0x10 [ 14.654546] ? ktime_get_ts64+0x86/0x230 [ 14.654572] kunit_try_run_case+0x1a5/0x480 [ 14.654597] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.654632] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.654656] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.654696] ? __kthread_parkme+0x82/0x180 [ 14.654731] ? preempt_count_sub+0x50/0x80 [ 14.654779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.654818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.654842] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.654866] kthread+0x337/0x6f0 [ 14.654887] ? trace_preempt_on+0x20/0xc0 [ 14.654912] ? __pfx_kthread+0x10/0x10 [ 14.654934] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.654956] ? calculate_sigpending+0x7b/0xa0 [ 14.654981] ? __pfx_kthread+0x10/0x10 [ 14.655004] ret_from_fork+0x116/0x1d0 [ 14.655024] ? __pfx_kthread+0x10/0x10 [ 14.655046] ret_from_fork_asm+0x1a/0x30 [ 14.655078] </TASK> [ 14.655089] [ 14.663391] Allocated by task 282: [ 14.663594] kasan_save_stack+0x45/0x70 [ 14.663842] kasan_save_track+0x18/0x40 [ 14.664048] kasan_save_alloc_info+0x3b/0x50 [ 14.664265] __kasan_kmalloc+0xb7/0xc0 [ 14.664460] __kmalloc_cache_noprof+0x189/0x420 [ 14.664645] kasan_atomics+0x95/0x310 [ 14.664854] kunit_try_run_case+0x1a5/0x480 [ 14.665082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.665348] kthread+0x337/0x6f0 [ 14.665524] ret_from_fork+0x116/0x1d0 [ 14.665746] ret_from_fork_asm+0x1a/0x30 [ 14.665945] [ 14.666041] The buggy address belongs to the object at ffff8881029e5b80 [ 14.666041] which belongs to the cache kmalloc-64 of size 64 [ 14.666563] The buggy address is located 0 bytes to the right of [ 14.666563] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.667113] [ 14.667231] The buggy address belongs to the physical page: [ 14.667478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.667821] flags: 0x200000000000000(node=0|zone=2) [ 14.668050] page_type: f5(slab) [ 14.668308] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.668665] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.668914] page dumped because: kasan: bad access detected [ 14.669107] [ 14.669276] Memory state around the buggy address: [ 14.669515] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.669887] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.670253] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.670483] ^ [ 14.670706] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.671048] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.671441] ================================================================== [ 14.350831] ================================================================== [ 14.351087] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.351766] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.352052] [ 14.352157] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.352207] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.352221] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.352245] Call Trace: [ 14.352260] <TASK> [ 14.352276] dump_stack_lvl+0x73/0xb0 [ 14.352306] print_report+0xd1/0x650 [ 14.352329] ? __virt_addr_valid+0x1db/0x2d0 [ 14.352354] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.352412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.352437] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.352461] kasan_report+0x141/0x180 [ 14.352486] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.352514] __asan_report_load4_noabort+0x18/0x20 [ 14.352536] kasan_atomics_helper+0x49e8/0x5450 [ 14.352560] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.352584] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.352606] ? kasan_atomics+0x152/0x310 [ 14.352641] kasan_atomics+0x1dc/0x310 [ 14.352674] ? __pfx_kasan_atomics+0x10/0x10 [ 14.352695] ? __pfx_read_tsc+0x10/0x10 [ 14.352717] ? ktime_get_ts64+0x86/0x230 [ 14.352744] kunit_try_run_case+0x1a5/0x480 [ 14.352768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.352790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.352814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.352837] ? __kthread_parkme+0x82/0x180 [ 14.352859] ? preempt_count_sub+0x50/0x80 [ 14.352884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.352908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.352932] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.352957] kthread+0x337/0x6f0 [ 14.352977] ? trace_preempt_on+0x20/0xc0 [ 14.353001] ? __pfx_kthread+0x10/0x10 [ 14.353023] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.353045] ? calculate_sigpending+0x7b/0xa0 [ 14.353069] ? __pfx_kthread+0x10/0x10 [ 14.353092] ret_from_fork+0x116/0x1d0 [ 14.353111] ? __pfx_kthread+0x10/0x10 [ 14.353136] ret_from_fork_asm+0x1a/0x30 [ 14.353171] </TASK> [ 14.353194] [ 14.360993] Allocated by task 282: [ 14.361175] kasan_save_stack+0x45/0x70 [ 14.361352] kasan_save_track+0x18/0x40 [ 14.361547] kasan_save_alloc_info+0x3b/0x50 [ 14.361770] __kasan_kmalloc+0xb7/0xc0 [ 14.361907] __kmalloc_cache_noprof+0x189/0x420 [ 14.362060] kasan_atomics+0x95/0x310 [ 14.362242] kunit_try_run_case+0x1a5/0x480 [ 14.362664] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.362918] kthread+0x337/0x6f0 [ 14.363099] ret_from_fork+0x116/0x1d0 [ 14.363288] ret_from_fork_asm+0x1a/0x30 [ 14.363583] [ 14.363685] The buggy address belongs to the object at ffff8881029e5b80 [ 14.363685] which belongs to the cache kmalloc-64 of size 64 [ 14.364149] The buggy address is located 0 bytes to the right of [ 14.364149] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.364610] [ 14.364727] The buggy address belongs to the physical page: [ 14.365105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.365494] flags: 0x200000000000000(node=0|zone=2) [ 14.365816] page_type: f5(slab) [ 14.365970] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.366206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.366434] page dumped because: kasan: bad access detected [ 14.366620] [ 14.366692] Memory state around the buggy address: [ 14.366854] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.367190] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.367653] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.367911] ^ [ 14.368067] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.368571] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.368897] ================================================================== [ 14.915957] ================================================================== [ 14.916588] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 14.916936] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.917293] [ 14.917419] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.917476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.917489] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.917511] Call Trace: [ 14.917524] <TASK> [ 14.917540] dump_stack_lvl+0x73/0xb0 [ 14.917567] print_report+0xd1/0x650 [ 14.917590] ? __virt_addr_valid+0x1db/0x2d0 [ 14.917623] ? kasan_atomics_helper+0x20c8/0x5450 [ 14.917646] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.917670] ? kasan_atomics_helper+0x20c8/0x5450 [ 14.917693] kasan_report+0x141/0x180 [ 14.917717] ? kasan_atomics_helper+0x20c8/0x5450 [ 14.917755] kasan_check_range+0x10c/0x1c0 [ 14.917780] __kasan_check_write+0x18/0x20 [ 14.917801] kasan_atomics_helper+0x20c8/0x5450 [ 14.917836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.917860] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.917882] ? kasan_atomics+0x152/0x310 [ 14.917915] kasan_atomics+0x1dc/0x310 [ 14.917936] ? __pfx_kasan_atomics+0x10/0x10 [ 14.917959] ? __pfx_read_tsc+0x10/0x10 [ 14.917990] ? ktime_get_ts64+0x86/0x230 [ 14.918017] kunit_try_run_case+0x1a5/0x480 [ 14.918042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.918073] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.918097] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.918120] ? __kthread_parkme+0x82/0x180 [ 14.918152] ? preempt_count_sub+0x50/0x80 [ 14.918195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.918228] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.918252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.918278] kthread+0x337/0x6f0 [ 14.918309] ? trace_preempt_on+0x20/0xc0 [ 14.918334] ? __pfx_kthread+0x10/0x10 [ 14.918356] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.918386] ? calculate_sigpending+0x7b/0xa0 [ 14.918411] ? __pfx_kthread+0x10/0x10 [ 14.918433] ret_from_fork+0x116/0x1d0 [ 14.918469] ? __pfx_kthread+0x10/0x10 [ 14.918491] ret_from_fork_asm+0x1a/0x30 [ 14.918524] </TASK> [ 14.918535] [ 14.926190] Allocated by task 282: [ 14.926400] kasan_save_stack+0x45/0x70 [ 14.926610] kasan_save_track+0x18/0x40 [ 14.926819] kasan_save_alloc_info+0x3b/0x50 [ 14.927014] __kasan_kmalloc+0xb7/0xc0 [ 14.927149] __kmalloc_cache_noprof+0x189/0x420 [ 14.927323] kasan_atomics+0x95/0x310 [ 14.927454] kunit_try_run_case+0x1a5/0x480 [ 14.927602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.927890] kthread+0x337/0x6f0 [ 14.928060] ret_from_fork+0x116/0x1d0 [ 14.928273] ret_from_fork_asm+0x1a/0x30 [ 14.928471] [ 14.928568] The buggy address belongs to the object at ffff8881029e5b80 [ 14.928568] which belongs to the cache kmalloc-64 of size 64 [ 14.929138] The buggy address is located 0 bytes to the right of [ 14.929138] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.929677] [ 14.929751] The buggy address belongs to the physical page: [ 14.929927] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.930183] flags: 0x200000000000000(node=0|zone=2) [ 14.930412] page_type: f5(slab) [ 14.930591] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.930970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.931388] page dumped because: kasan: bad access detected [ 14.931672] [ 14.931765] Memory state around the buggy address: [ 14.931975] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.932246] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.932604] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.932907] ^ [ 14.933126] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.933448] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.933764] ================================================================== [ 13.944053] ================================================================== [ 13.944415] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 13.944815] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.945401] [ 13.945510] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.945557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.945570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.945592] Call Trace: [ 13.945606] <TASK> [ 13.945643] dump_stack_lvl+0x73/0xb0 [ 13.945672] print_report+0xd1/0x650 [ 13.945716] ? __virt_addr_valid+0x1db/0x2d0 [ 13.945741] ? kasan_atomics_helper+0xa2b/0x5450 [ 13.945764] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.945914] ? kasan_atomics_helper+0xa2b/0x5450 [ 13.945943] kasan_report+0x141/0x180 [ 13.945968] ? kasan_atomics_helper+0xa2b/0x5450 [ 13.945997] kasan_check_range+0x10c/0x1c0 [ 13.946022] __kasan_check_write+0x18/0x20 [ 13.946043] kasan_atomics_helper+0xa2b/0x5450 [ 13.946067] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.946091] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.946114] ? kasan_atomics+0x152/0x310 [ 13.946139] kasan_atomics+0x1dc/0x310 [ 13.946206] ? __pfx_kasan_atomics+0x10/0x10 [ 13.946228] ? __pfx_read_tsc+0x10/0x10 [ 13.946250] ? ktime_get_ts64+0x86/0x230 [ 13.946278] kunit_try_run_case+0x1a5/0x480 [ 13.946302] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.946325] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.946381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.946405] ? __kthread_parkme+0x82/0x180 [ 13.946426] ? preempt_count_sub+0x50/0x80 [ 13.946452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.946482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.946507] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.946531] kthread+0x337/0x6f0 [ 13.946593] ? trace_preempt_on+0x20/0xc0 [ 13.946631] ? __pfx_kthread+0x10/0x10 [ 13.946654] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.946676] ? calculate_sigpending+0x7b/0xa0 [ 13.946701] ? __pfx_kthread+0x10/0x10 [ 13.946725] ret_from_fork+0x116/0x1d0 [ 13.946744] ? __pfx_kthread+0x10/0x10 [ 13.946766] ret_from_fork_asm+0x1a/0x30 [ 13.946799] </TASK> [ 13.946811] [ 13.955809] Allocated by task 282: [ 13.955941] kasan_save_stack+0x45/0x70 [ 13.956403] kasan_save_track+0x18/0x40 [ 13.956785] kasan_save_alloc_info+0x3b/0x50 [ 13.957038] __kasan_kmalloc+0xb7/0xc0 [ 13.957290] __kmalloc_cache_noprof+0x189/0x420 [ 13.957579] kasan_atomics+0x95/0x310 [ 13.957782] kunit_try_run_case+0x1a5/0x480 [ 13.957961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.958220] kthread+0x337/0x6f0 [ 13.958381] ret_from_fork+0x116/0x1d0 [ 13.958518] ret_from_fork_asm+0x1a/0x30 [ 13.958820] [ 13.958977] The buggy address belongs to the object at ffff8881029e5b80 [ 13.958977] which belongs to the cache kmalloc-64 of size 64 [ 13.959570] The buggy address is located 0 bytes to the right of [ 13.959570] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.960065] [ 13.960143] The buggy address belongs to the physical page: [ 13.960549] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.961279] flags: 0x200000000000000(node=0|zone=2) [ 13.961473] page_type: f5(slab) [ 13.961594] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.961838] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.962247] page dumped because: kasan: bad access detected [ 13.962827] [ 13.962934] Memory state around the buggy address: [ 13.963205] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.963525] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.963926] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.964274] ^ [ 13.964483] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.964927] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.965312] ================================================================== [ 13.701220] ================================================================== [ 13.701673] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 13.701996] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.702333] [ 13.702440] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.702494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.702507] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.702528] Call Trace: [ 13.702541] <TASK> [ 13.702555] dump_stack_lvl+0x73/0xb0 [ 13.702581] print_report+0xd1/0x650 [ 13.702605] ? __virt_addr_valid+0x1db/0x2d0 [ 13.702641] ? kasan_atomics_helper+0x4b54/0x5450 [ 13.702663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.702686] ? kasan_atomics_helper+0x4b54/0x5450 [ 13.702710] kasan_report+0x141/0x180 [ 13.702734] ? kasan_atomics_helper+0x4b54/0x5450 [ 13.702762] __asan_report_load4_noabort+0x18/0x20 [ 13.702784] kasan_atomics_helper+0x4b54/0x5450 [ 13.702808] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.702831] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.702854] ? kasan_atomics+0x152/0x310 [ 13.702878] kasan_atomics+0x1dc/0x310 [ 13.702899] ? __pfx_kasan_atomics+0x10/0x10 [ 13.702920] ? __pfx_read_tsc+0x10/0x10 [ 13.702942] ? ktime_get_ts64+0x86/0x230 [ 13.702968] kunit_try_run_case+0x1a5/0x480 [ 13.702993] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.703016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.703039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.703062] ? __kthread_parkme+0x82/0x180 [ 13.703084] ? preempt_count_sub+0x50/0x80 [ 13.703108] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.703133] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.703156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.703180] kthread+0x337/0x6f0 [ 13.703201] ? trace_preempt_on+0x20/0xc0 [ 13.703226] ? __pfx_kthread+0x10/0x10 [ 13.703247] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.703269] ? calculate_sigpending+0x7b/0xa0 [ 13.703294] ? __pfx_kthread+0x10/0x10 [ 13.703318] ret_from_fork+0x116/0x1d0 [ 13.703337] ? __pfx_kthread+0x10/0x10 [ 13.703359] ret_from_fork_asm+0x1a/0x30 [ 13.703392] </TASK> [ 13.703403] [ 13.711410] Allocated by task 282: [ 13.711576] kasan_save_stack+0x45/0x70 [ 13.711803] kasan_save_track+0x18/0x40 [ 13.711977] kasan_save_alloc_info+0x3b/0x50 [ 13.712156] __kasan_kmalloc+0xb7/0xc0 [ 13.712297] __kmalloc_cache_noprof+0x189/0x420 [ 13.712586] kasan_atomics+0x95/0x310 [ 13.712785] kunit_try_run_case+0x1a5/0x480 [ 13.712992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.713166] kthread+0x337/0x6f0 [ 13.713288] ret_from_fork+0x116/0x1d0 [ 13.713524] ret_from_fork_asm+0x1a/0x30 [ 13.713782] [ 13.713882] The buggy address belongs to the object at ffff8881029e5b80 [ 13.713882] which belongs to the cache kmalloc-64 of size 64 [ 13.714466] The buggy address is located 0 bytes to the right of [ 13.714466] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.715095] [ 13.715214] The buggy address belongs to the physical page: [ 13.715437] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.715894] flags: 0x200000000000000(node=0|zone=2) [ 13.716068] page_type: f5(slab) [ 13.716204] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.716563] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.716921] page dumped because: kasan: bad access detected [ 13.717177] [ 13.717326] Memory state around the buggy address: [ 13.717572] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.717872] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.718112] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.718325] ^ [ 13.718512] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.718860] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.719179] ================================================================== [ 14.765457] ================================================================== [ 14.765847] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 14.766251] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.766561] [ 14.766664] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.766710] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.766723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.766743] Call Trace: [ 14.766759] <TASK> [ 14.766775] dump_stack_lvl+0x73/0xb0 [ 14.766801] print_report+0xd1/0x650 [ 14.766824] ? __virt_addr_valid+0x1db/0x2d0 [ 14.766848] ? kasan_atomics_helper+0x1ce1/0x5450 [ 14.766872] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.766896] ? kasan_atomics_helper+0x1ce1/0x5450 [ 14.766956] kasan_report+0x141/0x180 [ 14.766981] ? kasan_atomics_helper+0x1ce1/0x5450 [ 14.767032] kasan_check_range+0x10c/0x1c0 [ 14.767057] __kasan_check_write+0x18/0x20 [ 14.767092] kasan_atomics_helper+0x1ce1/0x5450 [ 14.767116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.767139] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.767198] ? kasan_atomics+0x152/0x310 [ 14.767236] kasan_atomics+0x1dc/0x310 [ 14.767267] ? __pfx_kasan_atomics+0x10/0x10 [ 14.767289] ? __pfx_read_tsc+0x10/0x10 [ 14.767310] ? ktime_get_ts64+0x86/0x230 [ 14.767337] kunit_try_run_case+0x1a5/0x480 [ 14.767361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.767384] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.767407] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.767430] ? __kthread_parkme+0x82/0x180 [ 14.767451] ? preempt_count_sub+0x50/0x80 [ 14.767476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.767530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.767555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.767579] kthread+0x337/0x6f0 [ 14.767648] ? trace_preempt_on+0x20/0xc0 [ 14.767684] ? __pfx_kthread+0x10/0x10 [ 14.767743] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.767766] ? calculate_sigpending+0x7b/0xa0 [ 14.767791] ? __pfx_kthread+0x10/0x10 [ 14.767823] ret_from_fork+0x116/0x1d0 [ 14.767843] ? __pfx_kthread+0x10/0x10 [ 14.767865] ret_from_fork_asm+0x1a/0x30 [ 14.767898] </TASK> [ 14.767909] [ 14.776025] Allocated by task 282: [ 14.776279] kasan_save_stack+0x45/0x70 [ 14.776561] kasan_save_track+0x18/0x40 [ 14.776821] kasan_save_alloc_info+0x3b/0x50 [ 14.777029] __kasan_kmalloc+0xb7/0xc0 [ 14.777240] __kmalloc_cache_noprof+0x189/0x420 [ 14.777409] kasan_atomics+0x95/0x310 [ 14.777596] kunit_try_run_case+0x1a5/0x480 [ 14.777814] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.778035] kthread+0x337/0x6f0 [ 14.778240] ret_from_fork+0x116/0x1d0 [ 14.778459] ret_from_fork_asm+0x1a/0x30 [ 14.778695] [ 14.778769] The buggy address belongs to the object at ffff8881029e5b80 [ 14.778769] which belongs to the cache kmalloc-64 of size 64 [ 14.779232] The buggy address is located 0 bytes to the right of [ 14.779232] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.779719] [ 14.779817] The buggy address belongs to the physical page: [ 14.780073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.780462] flags: 0x200000000000000(node=0|zone=2) [ 14.780739] page_type: f5(slab) [ 14.780889] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.781122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.781478] page dumped because: kasan: bad access detected [ 14.781782] [ 14.781879] Memory state around the buggy address: [ 14.782153] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.782490] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.782746] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.783042] ^ [ 14.783393] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.783715] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.783967] ================================================================== [ 14.581319] ================================================================== [ 14.581819] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.582157] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.582480] [ 14.582594] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.582649] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.582662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.582684] Call Trace: [ 14.582698] <TASK> [ 14.582713] dump_stack_lvl+0x73/0xb0 [ 14.582739] print_report+0xd1/0x650 [ 14.582763] ? __virt_addr_valid+0x1db/0x2d0 [ 14.582789] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.582811] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.582835] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.582858] kasan_report+0x141/0x180 [ 14.582882] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.582910] kasan_check_range+0x10c/0x1c0 [ 14.582936] __kasan_check_write+0x18/0x20 [ 14.582956] kasan_atomics_helper+0x16e7/0x5450 [ 14.582980] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.583004] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.583026] ? kasan_atomics+0x152/0x310 [ 14.583050] kasan_atomics+0x1dc/0x310 [ 14.583070] ? __pfx_kasan_atomics+0x10/0x10 [ 14.583092] ? __pfx_read_tsc+0x10/0x10 [ 14.583115] ? ktime_get_ts64+0x86/0x230 [ 14.583143] kunit_try_run_case+0x1a5/0x480 [ 14.583168] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.583202] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.583225] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.583249] ? __kthread_parkme+0x82/0x180 [ 14.583270] ? preempt_count_sub+0x50/0x80 [ 14.583296] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.583320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.583344] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.583368] kthread+0x337/0x6f0 [ 14.583389] ? trace_preempt_on+0x20/0xc0 [ 14.583414] ? __pfx_kthread+0x10/0x10 [ 14.583436] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.583457] ? calculate_sigpending+0x7b/0xa0 [ 14.583482] ? __pfx_kthread+0x10/0x10 [ 14.583505] ret_from_fork+0x116/0x1d0 [ 14.583524] ? __pfx_kthread+0x10/0x10 [ 14.583546] ret_from_fork_asm+0x1a/0x30 [ 14.583579] </TASK> [ 14.583590] [ 14.591109] Allocated by task 282: [ 14.591293] kasan_save_stack+0x45/0x70 [ 14.591462] kasan_save_track+0x18/0x40 [ 14.591651] kasan_save_alloc_info+0x3b/0x50 [ 14.591825] __kasan_kmalloc+0xb7/0xc0 [ 14.591960] __kmalloc_cache_noprof+0x189/0x420 [ 14.592112] kasan_atomics+0x95/0x310 [ 14.592242] kunit_try_run_case+0x1a5/0x480 [ 14.592455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.592718] kthread+0x337/0x6f0 [ 14.592889] ret_from_fork+0x116/0x1d0 [ 14.593269] ret_from_fork_asm+0x1a/0x30 [ 14.593468] [ 14.593550] The buggy address belongs to the object at ffff8881029e5b80 [ 14.593550] which belongs to the cache kmalloc-64 of size 64 [ 14.593907] The buggy address is located 0 bytes to the right of [ 14.593907] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.594809] [ 14.594888] The buggy address belongs to the physical page: [ 14.595123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.595363] flags: 0x200000000000000(node=0|zone=2) [ 14.595524] page_type: f5(slab) [ 14.595656] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.595903] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.596319] page dumped because: kasan: bad access detected [ 14.596570] [ 14.596677] Memory state around the buggy address: [ 14.596905] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.597250] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.597470] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.597692] ^ [ 14.597848] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.598099] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.598729] ================================================================== [ 13.802335] ================================================================== [ 13.802714] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 13.803048] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.803395] [ 13.803577] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.803662] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.803677] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.803716] Call Trace: [ 13.803746] <TASK> [ 13.803762] dump_stack_lvl+0x73/0xb0 [ 13.803792] print_report+0xd1/0x650 [ 13.803816] ? __virt_addr_valid+0x1db/0x2d0 [ 13.803840] ? kasan_atomics_helper+0x697/0x5450 [ 13.803863] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.803886] ? kasan_atomics_helper+0x697/0x5450 [ 13.803909] kasan_report+0x141/0x180 [ 13.803933] ? kasan_atomics_helper+0x697/0x5450 [ 13.803960] kasan_check_range+0x10c/0x1c0 [ 13.803985] __kasan_check_write+0x18/0x20 [ 13.804007] kasan_atomics_helper+0x697/0x5450 [ 13.804030] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.804054] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.804076] ? kasan_atomics+0x152/0x310 [ 13.804100] kasan_atomics+0x1dc/0x310 [ 13.804120] ? __pfx_kasan_atomics+0x10/0x10 [ 13.804141] ? __pfx_read_tsc+0x10/0x10 [ 13.804182] ? ktime_get_ts64+0x86/0x230 [ 13.804226] kunit_try_run_case+0x1a5/0x480 [ 13.804251] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.804274] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.804312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.804336] ? __kthread_parkme+0x82/0x180 [ 13.804357] ? preempt_count_sub+0x50/0x80 [ 13.804381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.804406] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.804430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.804453] kthread+0x337/0x6f0 [ 13.804476] ? trace_preempt_on+0x20/0xc0 [ 13.804500] ? __pfx_kthread+0x10/0x10 [ 13.804577] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.804600] ? calculate_sigpending+0x7b/0xa0 [ 13.804634] ? __pfx_kthread+0x10/0x10 [ 13.804657] ret_from_fork+0x116/0x1d0 [ 13.804676] ? __pfx_kthread+0x10/0x10 [ 13.804698] ret_from_fork_asm+0x1a/0x30 [ 13.804731] </TASK> [ 13.804742] [ 13.813128] Allocated by task 282: [ 13.813339] kasan_save_stack+0x45/0x70 [ 13.813839] kasan_save_track+0x18/0x40 [ 13.814041] kasan_save_alloc_info+0x3b/0x50 [ 13.814235] __kasan_kmalloc+0xb7/0xc0 [ 13.814367] __kmalloc_cache_noprof+0x189/0x420 [ 13.814591] kasan_atomics+0x95/0x310 [ 13.814792] kunit_try_run_case+0x1a5/0x480 [ 13.815025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.815352] kthread+0x337/0x6f0 [ 13.815646] ret_from_fork+0x116/0x1d0 [ 13.815859] ret_from_fork_asm+0x1a/0x30 [ 13.816033] [ 13.816134] The buggy address belongs to the object at ffff8881029e5b80 [ 13.816134] which belongs to the cache kmalloc-64 of size 64 [ 13.816694] The buggy address is located 0 bytes to the right of [ 13.816694] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.817307] [ 13.817409] The buggy address belongs to the physical page: [ 13.817728] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.818080] flags: 0x200000000000000(node=0|zone=2) [ 13.818264] page_type: f5(slab) [ 13.818386] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.819370] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.820429] page dumped because: kasan: bad access detected [ 13.821181] [ 13.821605] Memory state around the buggy address: [ 13.822267] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.822894] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.823118] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.824206] ^ [ 13.824975] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.825991] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.826603] ================================================================== [ 14.599324] ================================================================== [ 14.599764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 14.600123] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.600376] [ 14.600461] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.600507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.600520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.600541] Call Trace: [ 14.600556] <TASK> [ 14.600572] dump_stack_lvl+0x73/0xb0 [ 14.600601] print_report+0xd1/0x650 [ 14.600637] ? __virt_addr_valid+0x1db/0x2d0 [ 14.600662] ? kasan_atomics_helper+0x177f/0x5450 [ 14.600685] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.600709] ? kasan_atomics_helper+0x177f/0x5450 [ 14.600733] kasan_report+0x141/0x180 [ 14.600757] ? kasan_atomics_helper+0x177f/0x5450 [ 14.600785] kasan_check_range+0x10c/0x1c0 [ 14.600811] __kasan_check_write+0x18/0x20 [ 14.600832] kasan_atomics_helper+0x177f/0x5450 [ 14.600856] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.600880] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.600902] ? kasan_atomics+0x152/0x310 [ 14.600927] kasan_atomics+0x1dc/0x310 [ 14.600948] ? __pfx_kasan_atomics+0x10/0x10 [ 14.600970] ? __pfx_read_tsc+0x10/0x10 [ 14.600992] ? ktime_get_ts64+0x86/0x230 [ 14.601019] kunit_try_run_case+0x1a5/0x480 [ 14.601044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.601067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.601091] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.601114] ? __kthread_parkme+0x82/0x180 [ 14.601136] ? preempt_count_sub+0x50/0x80 [ 14.601161] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.601197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.601221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.601246] kthread+0x337/0x6f0 [ 14.601267] ? trace_preempt_on+0x20/0xc0 [ 14.601292] ? __pfx_kthread+0x10/0x10 [ 14.601314] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.601336] ? calculate_sigpending+0x7b/0xa0 [ 14.601361] ? __pfx_kthread+0x10/0x10 [ 14.601384] ret_from_fork+0x116/0x1d0 [ 14.601404] ? __pfx_kthread+0x10/0x10 [ 14.601426] ret_from_fork_asm+0x1a/0x30 [ 14.601459] </TASK> [ 14.601471] [ 14.609085] Allocated by task 282: [ 14.609217] kasan_save_stack+0x45/0x70 [ 14.609361] kasan_save_track+0x18/0x40 [ 14.609500] kasan_save_alloc_info+0x3b/0x50 [ 14.609705] __kasan_kmalloc+0xb7/0xc0 [ 14.609893] __kmalloc_cache_noprof+0x189/0x420 [ 14.610113] kasan_atomics+0x95/0x310 [ 14.610466] kunit_try_run_case+0x1a5/0x480 [ 14.610689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.610944] kthread+0x337/0x6f0 [ 14.611084] ret_from_fork+0x116/0x1d0 [ 14.611297] ret_from_fork_asm+0x1a/0x30 [ 14.611439] [ 14.611512] The buggy address belongs to the object at ffff8881029e5b80 [ 14.611512] which belongs to the cache kmalloc-64 of size 64 [ 14.611875] The buggy address is located 0 bytes to the right of [ 14.611875] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.612399] [ 14.612498] The buggy address belongs to the physical page: [ 14.612767] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.613367] flags: 0x200000000000000(node=0|zone=2) [ 14.613547] page_type: f5(slab) [ 14.613687] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.614025] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.614341] page dumped because: kasan: bad access detected [ 14.614547] [ 14.614629] Memory state around the buggy address: [ 14.614786] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.615007] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.615250] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.615574] ^ [ 14.615807] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.616242] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.616515] ================================================================== [ 14.216039] ================================================================== [ 14.216877] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.217268] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.217837] [ 14.217949] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.217998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.218012] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.218034] Call Trace: [ 14.218049] <TASK> [ 14.218065] dump_stack_lvl+0x73/0xb0 [ 14.218095] print_report+0xd1/0x650 [ 14.218121] ? __virt_addr_valid+0x1db/0x2d0 [ 14.218145] ? kasan_atomics_helper+0x1079/0x5450 [ 14.218167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.218352] ? kasan_atomics_helper+0x1079/0x5450 [ 14.218381] kasan_report+0x141/0x180 [ 14.218406] ? kasan_atomics_helper+0x1079/0x5450 [ 14.218436] kasan_check_range+0x10c/0x1c0 [ 14.218461] __kasan_check_write+0x18/0x20 [ 14.218523] kasan_atomics_helper+0x1079/0x5450 [ 14.218628] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.218653] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.218675] ? kasan_atomics+0x152/0x310 [ 14.218700] kasan_atomics+0x1dc/0x310 [ 14.218721] ? __pfx_kasan_atomics+0x10/0x10 [ 14.218743] ? __pfx_read_tsc+0x10/0x10 [ 14.218764] ? ktime_get_ts64+0x86/0x230 [ 14.218793] kunit_try_run_case+0x1a5/0x480 [ 14.218818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.218842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.218865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.218888] ? __kthread_parkme+0x82/0x180 [ 14.218910] ? preempt_count_sub+0x50/0x80 [ 14.218935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.218959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.218983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.219007] kthread+0x337/0x6f0 [ 14.219029] ? trace_preempt_on+0x20/0xc0 [ 14.219053] ? __pfx_kthread+0x10/0x10 [ 14.219076] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.219097] ? calculate_sigpending+0x7b/0xa0 [ 14.219122] ? __pfx_kthread+0x10/0x10 [ 14.219145] ret_from_fork+0x116/0x1d0 [ 14.219164] ? __pfx_kthread+0x10/0x10 [ 14.219194] ret_from_fork_asm+0x1a/0x30 [ 14.219226] </TASK> [ 14.219239] [ 14.232289] Allocated by task 282: [ 14.232493] kasan_save_stack+0x45/0x70 [ 14.232864] kasan_save_track+0x18/0x40 [ 14.233053] kasan_save_alloc_info+0x3b/0x50 [ 14.233402] __kasan_kmalloc+0xb7/0xc0 [ 14.233841] __kmalloc_cache_noprof+0x189/0x420 [ 14.234089] kasan_atomics+0x95/0x310 [ 14.234530] kunit_try_run_case+0x1a5/0x480 [ 14.235096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.235501] kthread+0x337/0x6f0 [ 14.235684] ret_from_fork+0x116/0x1d0 [ 14.236174] ret_from_fork_asm+0x1a/0x30 [ 14.236466] [ 14.236692] The buggy address belongs to the object at ffff8881029e5b80 [ 14.236692] which belongs to the cache kmalloc-64 of size 64 [ 14.237624] The buggy address is located 0 bytes to the right of [ 14.237624] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.238529] [ 14.238646] The buggy address belongs to the physical page: [ 14.239187] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.239813] flags: 0x200000000000000(node=0|zone=2) [ 14.240158] page_type: f5(slab) [ 14.240534] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.240867] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.241150] page dumped because: kasan: bad access detected [ 14.241684] [ 14.241934] Memory state around the buggy address: [ 14.242351] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.242988] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.243455] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.243902] ^ [ 14.244116] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.244692] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.245206] ================================================================== [ 14.952003] ================================================================== [ 14.952371] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 14.952738] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.953064] [ 14.953148] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.953214] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.953227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.953250] Call Trace: [ 14.953263] <TASK> [ 14.953277] dump_stack_lvl+0x73/0xb0 [ 14.953304] print_report+0xd1/0x650 [ 14.953327] ? __virt_addr_valid+0x1db/0x2d0 [ 14.953352] ? kasan_atomics_helper+0x218a/0x5450 [ 14.953375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.953398] ? kasan_atomics_helper+0x218a/0x5450 [ 14.953422] kasan_report+0x141/0x180 [ 14.953446] ? kasan_atomics_helper+0x218a/0x5450 [ 14.953474] kasan_check_range+0x10c/0x1c0 [ 14.953499] __kasan_check_write+0x18/0x20 [ 14.953531] kasan_atomics_helper+0x218a/0x5450 [ 14.953555] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.953579] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.953627] ? kasan_atomics+0x152/0x310 [ 14.953652] kasan_atomics+0x1dc/0x310 [ 14.953671] ? __pfx_kasan_atomics+0x10/0x10 [ 14.953704] ? __pfx_read_tsc+0x10/0x10 [ 14.953725] ? ktime_get_ts64+0x86/0x230 [ 14.953751] kunit_try_run_case+0x1a5/0x480 [ 14.953776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.953799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.953823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.953846] ? __kthread_parkme+0x82/0x180 [ 14.953867] ? preempt_count_sub+0x50/0x80 [ 14.953893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.953918] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.953942] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.953966] kthread+0x337/0x6f0 [ 14.953987] ? trace_preempt_on+0x20/0xc0 [ 14.954012] ? __pfx_kthread+0x10/0x10 [ 14.954034] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.954056] ? calculate_sigpending+0x7b/0xa0 [ 14.954080] ? __pfx_kthread+0x10/0x10 [ 14.954103] ret_from_fork+0x116/0x1d0 [ 14.954122] ? __pfx_kthread+0x10/0x10 [ 14.954145] ret_from_fork_asm+0x1a/0x30 [ 14.954205] </TASK> [ 14.954216] [ 14.962123] Allocated by task 282: [ 14.962392] kasan_save_stack+0x45/0x70 [ 14.962661] kasan_save_track+0x18/0x40 [ 14.962850] kasan_save_alloc_info+0x3b/0x50 [ 14.963053] __kasan_kmalloc+0xb7/0xc0 [ 14.963215] __kmalloc_cache_noprof+0x189/0x420 [ 14.963370] kasan_atomics+0x95/0x310 [ 14.963502] kunit_try_run_case+0x1a5/0x480 [ 14.963752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.964026] kthread+0x337/0x6f0 [ 14.964227] ret_from_fork+0x116/0x1d0 [ 14.964478] ret_from_fork_asm+0x1a/0x30 [ 14.964744] [ 14.964830] The buggy address belongs to the object at ffff8881029e5b80 [ 14.964830] which belongs to the cache kmalloc-64 of size 64 [ 14.965250] The buggy address is located 0 bytes to the right of [ 14.965250] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.965732] [ 14.965877] The buggy address belongs to the physical page: [ 14.966139] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.966554] flags: 0x200000000000000(node=0|zone=2) [ 14.966856] page_type: f5(slab) [ 14.967122] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.967433] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.967670] page dumped because: kasan: bad access detected [ 14.967843] [ 14.967941] Memory state around the buggy address: [ 14.968206] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.968556] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.968891] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.969276] ^ [ 14.969511] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.969857] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.970155] ================================================================== [ 14.822800] ================================================================== [ 14.823308] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 14.823703] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.824055] [ 14.824284] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.824332] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.824345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.824368] Call Trace: [ 14.824382] <TASK> [ 14.824398] dump_stack_lvl+0x73/0xb0 [ 14.824426] print_report+0xd1/0x650 [ 14.824450] ? __virt_addr_valid+0x1db/0x2d0 [ 14.824476] ? kasan_atomics_helper+0x1eaa/0x5450 [ 14.824499] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.824523] ? kasan_atomics_helper+0x1eaa/0x5450 [ 14.824546] kasan_report+0x141/0x180 [ 14.824570] ? kasan_atomics_helper+0x1eaa/0x5450 [ 14.824598] kasan_check_range+0x10c/0x1c0 [ 14.824634] __kasan_check_write+0x18/0x20 [ 14.824654] kasan_atomics_helper+0x1eaa/0x5450 [ 14.824678] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.824702] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.824724] ? kasan_atomics+0x152/0x310 [ 14.824748] kasan_atomics+0x1dc/0x310 [ 14.824768] ? __pfx_kasan_atomics+0x10/0x10 [ 14.824790] ? __pfx_read_tsc+0x10/0x10 [ 14.824812] ? ktime_get_ts64+0x86/0x230 [ 14.824838] kunit_try_run_case+0x1a5/0x480 [ 14.824862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.824885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.824908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.824931] ? __kthread_parkme+0x82/0x180 [ 14.824953] ? preempt_count_sub+0x50/0x80 [ 14.824978] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.825002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.825026] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.825049] kthread+0x337/0x6f0 [ 14.825070] ? trace_preempt_on+0x20/0xc0 [ 14.825094] ? __pfx_kthread+0x10/0x10 [ 14.825116] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.825138] ? calculate_sigpending+0x7b/0xa0 [ 14.825162] ? __pfx_kthread+0x10/0x10 [ 14.825185] ret_from_fork+0x116/0x1d0 [ 14.825204] ? __pfx_kthread+0x10/0x10 [ 14.825226] ret_from_fork_asm+0x1a/0x30 [ 14.825259] </TASK> [ 14.825270] [ 14.833428] Allocated by task 282: [ 14.833660] kasan_save_stack+0x45/0x70 [ 14.833880] kasan_save_track+0x18/0x40 [ 14.834133] kasan_save_alloc_info+0x3b/0x50 [ 14.834353] __kasan_kmalloc+0xb7/0xc0 [ 14.834589] __kmalloc_cache_noprof+0x189/0x420 [ 14.834757] kasan_atomics+0x95/0x310 [ 14.834936] kunit_try_run_case+0x1a5/0x480 [ 14.835287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.835572] kthread+0x337/0x6f0 [ 14.835710] ret_from_fork+0x116/0x1d0 [ 14.835875] ret_from_fork_asm+0x1a/0x30 [ 14.836121] [ 14.836280] The buggy address belongs to the object at ffff8881029e5b80 [ 14.836280] which belongs to the cache kmalloc-64 of size 64 [ 14.836891] The buggy address is located 0 bytes to the right of [ 14.836891] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.837403] [ 14.837506] The buggy address belongs to the physical page: [ 14.837820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.838230] flags: 0x200000000000000(node=0|zone=2) [ 14.838400] page_type: f5(slab) [ 14.838606] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.838973] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.839329] page dumped because: kasan: bad access detected [ 14.839590] [ 14.839698] Memory state around the buggy address: [ 14.839883] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.840341] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.840733] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.840983] ^ [ 14.841325] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.841582] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.841943] ================================================================== [ 13.719659] ================================================================== [ 13.720132] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 13.720491] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.720731] [ 13.720830] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.720878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.720890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.720911] Call Trace: [ 13.720971] <TASK> [ 13.720989] dump_stack_lvl+0x73/0xb0 [ 13.721019] print_report+0xd1/0x650 [ 13.721042] ? __virt_addr_valid+0x1db/0x2d0 [ 13.721066] ? kasan_atomics_helper+0x4a0/0x5450 [ 13.721088] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.721112] ? kasan_atomics_helper+0x4a0/0x5450 [ 13.721134] kasan_report+0x141/0x180 [ 13.721158] ? kasan_atomics_helper+0x4a0/0x5450 [ 13.721186] kasan_check_range+0x10c/0x1c0 [ 13.721212] __kasan_check_write+0x18/0x20 [ 13.721233] kasan_atomics_helper+0x4a0/0x5450 [ 13.721258] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.721282] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.721304] ? kasan_atomics+0x152/0x310 [ 13.721328] kasan_atomics+0x1dc/0x310 [ 13.721349] ? __pfx_kasan_atomics+0x10/0x10 [ 13.721372] ? __pfx_read_tsc+0x10/0x10 [ 13.721393] ? ktime_get_ts64+0x86/0x230 [ 13.721418] kunit_try_run_case+0x1a5/0x480 [ 13.721443] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.721466] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.721490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.721513] ? __kthread_parkme+0x82/0x180 [ 13.721534] ? preempt_count_sub+0x50/0x80 [ 13.721602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.721639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.721664] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.721688] kthread+0x337/0x6f0 [ 13.721709] ? trace_preempt_on+0x20/0xc0 [ 13.721732] ? __pfx_kthread+0x10/0x10 [ 13.721754] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.721777] ? calculate_sigpending+0x7b/0xa0 [ 13.721801] ? __pfx_kthread+0x10/0x10 [ 13.721824] ret_from_fork+0x116/0x1d0 [ 13.721843] ? __pfx_kthread+0x10/0x10 [ 13.721865] ret_from_fork_asm+0x1a/0x30 [ 13.721898] </TASK> [ 13.721908] [ 13.730185] Allocated by task 282: [ 13.730390] kasan_save_stack+0x45/0x70 [ 13.730648] kasan_save_track+0x18/0x40 [ 13.730863] kasan_save_alloc_info+0x3b/0x50 [ 13.731060] __kasan_kmalloc+0xb7/0xc0 [ 13.731355] __kmalloc_cache_noprof+0x189/0x420 [ 13.731715] kasan_atomics+0x95/0x310 [ 13.731928] kunit_try_run_case+0x1a5/0x480 [ 13.732166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.732481] kthread+0x337/0x6f0 [ 13.732785] ret_from_fork+0x116/0x1d0 [ 13.732989] ret_from_fork_asm+0x1a/0x30 [ 13.733198] [ 13.733293] The buggy address belongs to the object at ffff8881029e5b80 [ 13.733293] which belongs to the cache kmalloc-64 of size 64 [ 13.733916] The buggy address is located 0 bytes to the right of [ 13.733916] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.734466] [ 13.734609] The buggy address belongs to the physical page: [ 13.734901] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.735323] flags: 0x200000000000000(node=0|zone=2) [ 13.735673] page_type: f5(slab) [ 13.735901] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.736285] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.736855] page dumped because: kasan: bad access detected [ 13.737116] [ 13.737243] Memory state around the buggy address: [ 13.737470] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.737816] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.738158] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.738475] ^ [ 13.738773] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.739089] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.739329] ================================================================== [ 14.267681] ================================================================== [ 14.267979] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.268452] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.269321] [ 14.269457] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.269632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.269649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.269671] Call Trace: [ 14.269684] <TASK> [ 14.269700] dump_stack_lvl+0x73/0xb0 [ 14.269833] print_report+0xd1/0x650 [ 14.269857] ? __virt_addr_valid+0x1db/0x2d0 [ 14.269881] ? kasan_atomics_helper+0x1148/0x5450 [ 14.269904] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.269927] ? kasan_atomics_helper+0x1148/0x5450 [ 14.269950] kasan_report+0x141/0x180 [ 14.269974] ? kasan_atomics_helper+0x1148/0x5450 [ 14.270002] kasan_check_range+0x10c/0x1c0 [ 14.270027] __kasan_check_write+0x18/0x20 [ 14.270048] kasan_atomics_helper+0x1148/0x5450 [ 14.270072] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.270097] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.270118] ? kasan_atomics+0x152/0x310 [ 14.270142] kasan_atomics+0x1dc/0x310 [ 14.270162] ? __pfx_kasan_atomics+0x10/0x10 [ 14.270194] ? __pfx_read_tsc+0x10/0x10 [ 14.270215] ? ktime_get_ts64+0x86/0x230 [ 14.270240] kunit_try_run_case+0x1a5/0x480 [ 14.270266] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.270289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.270312] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.270335] ? __kthread_parkme+0x82/0x180 [ 14.270356] ? preempt_count_sub+0x50/0x80 [ 14.270381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.270405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.270430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.270453] kthread+0x337/0x6f0 [ 14.270481] ? trace_preempt_on+0x20/0xc0 [ 14.270505] ? __pfx_kthread+0x10/0x10 [ 14.270539] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.270561] ? calculate_sigpending+0x7b/0xa0 [ 14.270585] ? __pfx_kthread+0x10/0x10 [ 14.270608] ret_from_fork+0x116/0x1d0 [ 14.270640] ? __pfx_kthread+0x10/0x10 [ 14.270662] ret_from_fork_asm+0x1a/0x30 [ 14.270694] </TASK> [ 14.270706] [ 14.282934] Allocated by task 282: [ 14.283121] kasan_save_stack+0x45/0x70 [ 14.283290] kasan_save_track+0x18/0x40 [ 14.283523] kasan_save_alloc_info+0x3b/0x50 [ 14.284150] __kasan_kmalloc+0xb7/0xc0 [ 14.284476] __kmalloc_cache_noprof+0x189/0x420 [ 14.285016] kasan_atomics+0x95/0x310 [ 14.285189] kunit_try_run_case+0x1a5/0x480 [ 14.285422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.285866] kthread+0x337/0x6f0 [ 14.286148] ret_from_fork+0x116/0x1d0 [ 14.286472] ret_from_fork_asm+0x1a/0x30 [ 14.286872] [ 14.287024] The buggy address belongs to the object at ffff8881029e5b80 [ 14.287024] which belongs to the cache kmalloc-64 of size 64 [ 14.287999] The buggy address is located 0 bytes to the right of [ 14.287999] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.288708] [ 14.288816] The buggy address belongs to the physical page: [ 14.289322] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.289832] flags: 0x200000000000000(node=0|zone=2) [ 14.290283] page_type: f5(slab) [ 14.290460] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.291018] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.291565] page dumped because: kasan: bad access detected [ 14.292048] [ 14.292128] Memory state around the buggy address: [ 14.292664] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.292956] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.293438] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.293927] ^ [ 14.294240] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.294779] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.295382] ================================================================== [ 14.369319] ================================================================== [ 14.369582] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.369827] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.370058] [ 14.370162] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.370206] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.370220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.370241] Call Trace: [ 14.370255] <TASK> [ 14.370269] dump_stack_lvl+0x73/0xb0 [ 14.370295] print_report+0xd1/0x650 [ 14.370317] ? __virt_addr_valid+0x1db/0x2d0 [ 14.370341] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.370364] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.370387] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.370412] kasan_report+0x141/0x180 [ 14.370451] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.370488] kasan_check_range+0x10c/0x1c0 [ 14.370514] __kasan_check_write+0x18/0x20 [ 14.370535] kasan_atomics_helper+0x12e6/0x5450 [ 14.370559] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.370583] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.370606] ? kasan_atomics+0x152/0x310 [ 14.370640] kasan_atomics+0x1dc/0x310 [ 14.370661] ? __pfx_kasan_atomics+0x10/0x10 [ 14.370695] ? __pfx_read_tsc+0x10/0x10 [ 14.370716] ? ktime_get_ts64+0x86/0x230 [ 14.370742] kunit_try_run_case+0x1a5/0x480 [ 14.370767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.370790] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.370812] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.370836] ? __kthread_parkme+0x82/0x180 [ 14.370857] ? preempt_count_sub+0x50/0x80 [ 14.370882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.370906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.370930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.370954] kthread+0x337/0x6f0 [ 14.370975] ? trace_preempt_on+0x20/0xc0 [ 14.370999] ? __pfx_kthread+0x10/0x10 [ 14.371022] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.371043] ? calculate_sigpending+0x7b/0xa0 [ 14.371068] ? __pfx_kthread+0x10/0x10 [ 14.371091] ret_from_fork+0x116/0x1d0 [ 14.371110] ? __pfx_kthread+0x10/0x10 [ 14.371134] ret_from_fork_asm+0x1a/0x30 [ 14.371166] </TASK> [ 14.371177] [ 14.379815] Allocated by task 282: [ 14.379980] kasan_save_stack+0x45/0x70 [ 14.380363] kasan_save_track+0x18/0x40 [ 14.380563] kasan_save_alloc_info+0x3b/0x50 [ 14.380782] __kasan_kmalloc+0xb7/0xc0 [ 14.380969] __kmalloc_cache_noprof+0x189/0x420 [ 14.381190] kasan_atomics+0x95/0x310 [ 14.381375] kunit_try_run_case+0x1a5/0x480 [ 14.381692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.381883] kthread+0x337/0x6f0 [ 14.382006] ret_from_fork+0x116/0x1d0 [ 14.382139] ret_from_fork_asm+0x1a/0x30 [ 14.382560] [ 14.382668] The buggy address belongs to the object at ffff8881029e5b80 [ 14.382668] which belongs to the cache kmalloc-64 of size 64 [ 14.383144] The buggy address is located 0 bytes to the right of [ 14.383144] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.383520] [ 14.383598] The buggy address belongs to the physical page: [ 14.383861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.384222] flags: 0x200000000000000(node=0|zone=2) [ 14.384503] page_type: f5(slab) [ 14.384704] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.384989] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.386020] page dumped because: kasan: bad access detected [ 14.386302] [ 14.386382] Memory state around the buggy address: [ 14.386552] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.386781] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.387356] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.387980] ^ [ 14.388442] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.388963] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.389637] ================================================================== [ 14.861600] ================================================================== [ 14.862059] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 14.862454] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.862839] [ 14.862945] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.862992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.863005] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.863027] Call Trace: [ 14.863040] <TASK> [ 14.863055] dump_stack_lvl+0x73/0xb0 [ 14.863083] print_report+0xd1/0x650 [ 14.863106] ? __virt_addr_valid+0x1db/0x2d0 [ 14.863131] ? kasan_atomics_helper+0x4f71/0x5450 [ 14.863155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.863201] ? kasan_atomics_helper+0x4f71/0x5450 [ 14.863225] kasan_report+0x141/0x180 [ 14.863248] ? kasan_atomics_helper+0x4f71/0x5450 [ 14.863276] __asan_report_load8_noabort+0x18/0x20 [ 14.863299] kasan_atomics_helper+0x4f71/0x5450 [ 14.863324] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.863347] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.863370] ? kasan_atomics+0x152/0x310 [ 14.863431] kasan_atomics+0x1dc/0x310 [ 14.863452] ? __pfx_kasan_atomics+0x10/0x10 [ 14.863486] ? __pfx_read_tsc+0x10/0x10 [ 14.863507] ? ktime_get_ts64+0x86/0x230 [ 14.863533] kunit_try_run_case+0x1a5/0x480 [ 14.863558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.863580] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.863603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.863635] ? __kthread_parkme+0x82/0x180 [ 14.863656] ? preempt_count_sub+0x50/0x80 [ 14.863681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.863705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.863729] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.863753] kthread+0x337/0x6f0 [ 14.863774] ? trace_preempt_on+0x20/0xc0 [ 14.863831] ? __pfx_kthread+0x10/0x10 [ 14.863852] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.863886] ? calculate_sigpending+0x7b/0xa0 [ 14.863911] ? __pfx_kthread+0x10/0x10 [ 14.863933] ret_from_fork+0x116/0x1d0 [ 14.863953] ? __pfx_kthread+0x10/0x10 [ 14.863975] ret_from_fork_asm+0x1a/0x30 [ 14.864008] </TASK> [ 14.864019] [ 14.872081] Allocated by task 282: [ 14.872234] kasan_save_stack+0x45/0x70 [ 14.872435] kasan_save_track+0x18/0x40 [ 14.872687] kasan_save_alloc_info+0x3b/0x50 [ 14.872941] __kasan_kmalloc+0xb7/0xc0 [ 14.873132] __kmalloc_cache_noprof+0x189/0x420 [ 14.873392] kasan_atomics+0x95/0x310 [ 14.873556] kunit_try_run_case+0x1a5/0x480 [ 14.873886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.874095] kthread+0x337/0x6f0 [ 14.874324] ret_from_fork+0x116/0x1d0 [ 14.874633] ret_from_fork_asm+0x1a/0x30 [ 14.874797] [ 14.874870] The buggy address belongs to the object at ffff8881029e5b80 [ 14.874870] which belongs to the cache kmalloc-64 of size 64 [ 14.875400] The buggy address is located 0 bytes to the right of [ 14.875400] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.875929] [ 14.876003] The buggy address belongs to the physical page: [ 14.876229] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.876639] flags: 0x200000000000000(node=0|zone=2) [ 14.876931] page_type: f5(slab) [ 14.877187] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.877469] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.877724] page dumped because: kasan: bad access detected [ 14.878010] [ 14.878121] Memory state around the buggy address: [ 14.878379] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.878753] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.879017] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.879349] ^ [ 14.879669] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.879920] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.880298] ================================================================== [ 13.654288] ================================================================== [ 13.654959] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 13.655436] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.656041] [ 13.656161] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.656213] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.656227] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.656251] Call Trace: [ 13.656266] <TASK> [ 13.656282] dump_stack_lvl+0x73/0xb0 [ 13.656312] print_report+0xd1/0x650 [ 13.656335] ? __virt_addr_valid+0x1db/0x2d0 [ 13.656361] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.656385] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.656408] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.656432] kasan_report+0x141/0x180 [ 13.656457] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.656486] __asan_report_store4_noabort+0x1b/0x30 [ 13.656509] kasan_atomics_helper+0x4b6e/0x5450 [ 13.656727] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.656755] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.656778] ? kasan_atomics+0x152/0x310 [ 13.656802] kasan_atomics+0x1dc/0x310 [ 13.656823] ? __pfx_kasan_atomics+0x10/0x10 [ 13.656845] ? __pfx_read_tsc+0x10/0x10 [ 13.656867] ? ktime_get_ts64+0x86/0x230 [ 13.656894] kunit_try_run_case+0x1a5/0x480 [ 13.656919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.656942] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.656966] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.656990] ? __kthread_parkme+0x82/0x180 [ 13.657011] ? preempt_count_sub+0x50/0x80 [ 13.657038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.657062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.657086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.657110] kthread+0x337/0x6f0 [ 13.657131] ? trace_preempt_on+0x20/0xc0 [ 13.657155] ? __pfx_kthread+0x10/0x10 [ 13.657177] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.657199] ? calculate_sigpending+0x7b/0xa0 [ 13.657224] ? __pfx_kthread+0x10/0x10 [ 13.657247] ret_from_fork+0x116/0x1d0 [ 13.657268] ? __pfx_kthread+0x10/0x10 [ 13.657290] ret_from_fork_asm+0x1a/0x30 [ 13.657324] </TASK> [ 13.657335] [ 13.668065] Allocated by task 282: [ 13.668368] kasan_save_stack+0x45/0x70 [ 13.668802] kasan_save_track+0x18/0x40 [ 13.668983] kasan_save_alloc_info+0x3b/0x50 [ 13.669322] __kasan_kmalloc+0xb7/0xc0 [ 13.669512] __kmalloc_cache_noprof+0x189/0x420 [ 13.669811] kasan_atomics+0x95/0x310 [ 13.669989] kunit_try_run_case+0x1a5/0x480 [ 13.670401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.670918] kthread+0x337/0x6f0 [ 13.671104] ret_from_fork+0x116/0x1d0 [ 13.671475] ret_from_fork_asm+0x1a/0x30 [ 13.671760] [ 13.671848] The buggy address belongs to the object at ffff8881029e5b80 [ 13.671848] which belongs to the cache kmalloc-64 of size 64 [ 13.672512] The buggy address is located 0 bytes to the right of [ 13.672512] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.673124] [ 13.673436] The buggy address belongs to the physical page: [ 13.673763] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.674160] flags: 0x200000000000000(node=0|zone=2) [ 13.674371] page_type: f5(slab) [ 13.674748] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.675149] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.675782] page dumped because: kasan: bad access detected [ 13.676036] [ 13.676133] Memory state around the buggy address: [ 13.676591] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.676933] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.677355] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.677711] ^ [ 13.677932] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.678219] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.678826] ================================================================== [ 14.880896] ================================================================== [ 14.881196] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 14.881601] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.881962] [ 14.882074] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.882147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.882198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.882221] Call Trace: [ 14.882234] <TASK> [ 14.882259] dump_stack_lvl+0x73/0xb0 [ 14.882287] print_report+0xd1/0x650 [ 14.882310] ? __virt_addr_valid+0x1db/0x2d0 [ 14.882335] ? kasan_atomics_helper+0x2006/0x5450 [ 14.882357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.882381] ? kasan_atomics_helper+0x2006/0x5450 [ 14.882405] kasan_report+0x141/0x180 [ 14.882429] ? kasan_atomics_helper+0x2006/0x5450 [ 14.882458] kasan_check_range+0x10c/0x1c0 [ 14.882487] __kasan_check_write+0x18/0x20 [ 14.882508] kasan_atomics_helper+0x2006/0x5450 [ 14.882533] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.882572] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.882595] ? kasan_atomics+0x152/0x310 [ 14.882629] kasan_atomics+0x1dc/0x310 [ 14.882650] ? __pfx_kasan_atomics+0x10/0x10 [ 14.882673] ? __pfx_read_tsc+0x10/0x10 [ 14.882694] ? ktime_get_ts64+0x86/0x230 [ 14.882721] kunit_try_run_case+0x1a5/0x480 [ 14.882746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.882769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.882792] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.882815] ? __kthread_parkme+0x82/0x180 [ 14.882836] ? preempt_count_sub+0x50/0x80 [ 14.882860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.882885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.882910] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.882934] kthread+0x337/0x6f0 [ 14.882955] ? trace_preempt_on+0x20/0xc0 [ 14.882981] ? __pfx_kthread+0x10/0x10 [ 14.883004] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.883024] ? calculate_sigpending+0x7b/0xa0 [ 14.883049] ? __pfx_kthread+0x10/0x10 [ 14.883072] ret_from_fork+0x116/0x1d0 [ 14.883091] ? __pfx_kthread+0x10/0x10 [ 14.883113] ret_from_fork_asm+0x1a/0x30 [ 14.883146] </TASK> [ 14.883157] [ 14.890666] Allocated by task 282: [ 14.890847] kasan_save_stack+0x45/0x70 [ 14.891045] kasan_save_track+0x18/0x40 [ 14.891218] kasan_save_alloc_info+0x3b/0x50 [ 14.891455] __kasan_kmalloc+0xb7/0xc0 [ 14.891654] __kmalloc_cache_noprof+0x189/0x420 [ 14.891856] kasan_atomics+0x95/0x310 [ 14.892007] kunit_try_run_case+0x1a5/0x480 [ 14.892233] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.892480] kthread+0x337/0x6f0 [ 14.892605] ret_from_fork+0x116/0x1d0 [ 14.892747] ret_from_fork_asm+0x1a/0x30 [ 14.892887] [ 14.892958] The buggy address belongs to the object at ffff8881029e5b80 [ 14.892958] which belongs to the cache kmalloc-64 of size 64 [ 14.893494] The buggy address is located 0 bytes to the right of [ 14.893494] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.894051] [ 14.894150] The buggy address belongs to the physical page: [ 14.894416] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.894680] flags: 0x200000000000000(node=0|zone=2) [ 14.894844] page_type: f5(slab) [ 14.895004] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.895401] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.895767] page dumped because: kasan: bad access detected [ 14.895970] [ 14.896042] Memory state around the buggy address: [ 14.896220] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.896543] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.896869] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.897228] ^ [ 14.897453] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.897686] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.897968] ================================================================== [ 13.760989] ================================================================== [ 13.761266] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 13.761553] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.762148] [ 13.762290] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.762358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.762371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.762406] Call Trace: [ 13.762421] <TASK> [ 13.762436] dump_stack_lvl+0x73/0xb0 [ 13.762486] print_report+0xd1/0x650 [ 13.762583] ? __virt_addr_valid+0x1db/0x2d0 [ 13.762610] ? kasan_atomics_helper+0x565/0x5450 [ 13.762643] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.762667] ? kasan_atomics_helper+0x565/0x5450 [ 13.762693] kasan_report+0x141/0x180 [ 13.762716] ? kasan_atomics_helper+0x565/0x5450 [ 13.762744] kasan_check_range+0x10c/0x1c0 [ 13.762768] __kasan_check_write+0x18/0x20 [ 13.762789] kasan_atomics_helper+0x565/0x5450 [ 13.762813] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.762837] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.762861] ? kasan_atomics+0x152/0x310 [ 13.762885] kasan_atomics+0x1dc/0x310 [ 13.762905] ? __pfx_kasan_atomics+0x10/0x10 [ 13.762928] ? __pfx_read_tsc+0x10/0x10 [ 13.762949] ? ktime_get_ts64+0x86/0x230 [ 13.762974] kunit_try_run_case+0x1a5/0x480 [ 13.762999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.763021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.763044] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.763067] ? __kthread_parkme+0x82/0x180 [ 13.763088] ? preempt_count_sub+0x50/0x80 [ 13.763113] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.763138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.763180] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.763204] kthread+0x337/0x6f0 [ 13.763226] ? trace_preempt_on+0x20/0xc0 [ 13.763250] ? __pfx_kthread+0x10/0x10 [ 13.763272] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.763293] ? calculate_sigpending+0x7b/0xa0 [ 13.763317] ? __pfx_kthread+0x10/0x10 [ 13.763340] ret_from_fork+0x116/0x1d0 [ 13.763360] ? __pfx_kthread+0x10/0x10 [ 13.763381] ret_from_fork_asm+0x1a/0x30 [ 13.763413] </TASK> [ 13.763425] [ 13.772314] Allocated by task 282: [ 13.772503] kasan_save_stack+0x45/0x70 [ 13.772780] kasan_save_track+0x18/0x40 [ 13.772952] kasan_save_alloc_info+0x3b/0x50 [ 13.773164] __kasan_kmalloc+0xb7/0xc0 [ 13.773385] __kmalloc_cache_noprof+0x189/0x420 [ 13.773734] kasan_atomics+0x95/0x310 [ 13.773931] kunit_try_run_case+0x1a5/0x480 [ 13.774140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.774398] kthread+0x337/0x6f0 [ 13.774573] ret_from_fork+0x116/0x1d0 [ 13.774772] ret_from_fork_asm+0x1a/0x30 [ 13.774949] [ 13.775022] The buggy address belongs to the object at ffff8881029e5b80 [ 13.775022] which belongs to the cache kmalloc-64 of size 64 [ 13.775834] The buggy address is located 0 bytes to the right of [ 13.775834] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.776326] [ 13.776445] The buggy address belongs to the physical page: [ 13.776806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.777138] flags: 0x200000000000000(node=0|zone=2) [ 13.777386] page_type: f5(slab) [ 13.777634] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.777986] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.778359] page dumped because: kasan: bad access detected [ 13.778696] [ 13.778791] Memory state around the buggy address: [ 13.779002] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.779351] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.779774] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.780097] ^ [ 13.780349] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.780827] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.781141] ================================================================== [ 13.880373] ================================================================== [ 13.880902] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 13.881148] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.881562] [ 13.881696] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.881746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.881759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.881781] Call Trace: [ 13.881796] <TASK> [ 13.881812] dump_stack_lvl+0x73/0xb0 [ 13.881840] print_report+0xd1/0x650 [ 13.881864] ? __virt_addr_valid+0x1db/0x2d0 [ 13.881889] ? kasan_atomics_helper+0x860/0x5450 [ 13.881912] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.881936] ? kasan_atomics_helper+0x860/0x5450 [ 13.881960] kasan_report+0x141/0x180 [ 13.881984] ? kasan_atomics_helper+0x860/0x5450 [ 13.882012] kasan_check_range+0x10c/0x1c0 [ 13.882038] __kasan_check_write+0x18/0x20 [ 13.882059] kasan_atomics_helper+0x860/0x5450 [ 13.882082] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.882107] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.882129] ? kasan_atomics+0x152/0x310 [ 13.882153] kasan_atomics+0x1dc/0x310 [ 13.882173] ? __pfx_kasan_atomics+0x10/0x10 [ 13.882260] ? __pfx_read_tsc+0x10/0x10 [ 13.882284] ? ktime_get_ts64+0x86/0x230 [ 13.882310] kunit_try_run_case+0x1a5/0x480 [ 13.882336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.882358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.882381] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.882404] ? __kthread_parkme+0x82/0x180 [ 13.882426] ? preempt_count_sub+0x50/0x80 [ 13.882452] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.882482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.882505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.882560] kthread+0x337/0x6f0 [ 13.882584] ? trace_preempt_on+0x20/0xc0 [ 13.882609] ? __pfx_kthread+0x10/0x10 [ 13.882641] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.882663] ? calculate_sigpending+0x7b/0xa0 [ 13.882688] ? __pfx_kthread+0x10/0x10 [ 13.882711] ret_from_fork+0x116/0x1d0 [ 13.882731] ? __pfx_kthread+0x10/0x10 [ 13.882754] ret_from_fork_asm+0x1a/0x30 [ 13.882786] </TASK> [ 13.882797] [ 13.890981] Allocated by task 282: [ 13.891151] kasan_save_stack+0x45/0x70 [ 13.891295] kasan_save_track+0x18/0x40 [ 13.891433] kasan_save_alloc_info+0x3b/0x50 [ 13.891939] __kasan_kmalloc+0xb7/0xc0 [ 13.892109] __kmalloc_cache_noprof+0x189/0x420 [ 13.892331] kasan_atomics+0x95/0x310 [ 13.892513] kunit_try_run_case+0x1a5/0x480 [ 13.892750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.892988] kthread+0x337/0x6f0 [ 13.893135] ret_from_fork+0x116/0x1d0 [ 13.893420] ret_from_fork_asm+0x1a/0x30 [ 13.893609] [ 13.893701] The buggy address belongs to the object at ffff8881029e5b80 [ 13.893701] which belongs to the cache kmalloc-64 of size 64 [ 13.894051] The buggy address is located 0 bytes to the right of [ 13.894051] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.894423] [ 13.894523] The buggy address belongs to the physical page: [ 13.894975] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.895333] flags: 0x200000000000000(node=0|zone=2) [ 13.895570] page_type: f5(slab) [ 13.895886] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.896290] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.896519] page dumped because: kasan: bad access detected [ 13.896823] [ 13.896920] Memory state around the buggy address: [ 13.897146] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.897488] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.897882] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.898100] ^ [ 13.898336] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.898940] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.899266] ================================================================== [ 14.491650] ================================================================== [ 14.491930] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.492218] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.492591] [ 14.493008] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.493061] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.493075] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.493097] Call Trace: [ 14.493114] <TASK> [ 14.493129] dump_stack_lvl+0x73/0xb0 [ 14.493159] print_report+0xd1/0x650 [ 14.493465] ? __virt_addr_valid+0x1db/0x2d0 [ 14.493496] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.493520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.493545] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.493568] kasan_report+0x141/0x180 [ 14.493592] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.493633] __asan_report_store8_noabort+0x1b/0x30 [ 14.493657] kasan_atomics_helper+0x50d4/0x5450 [ 14.493682] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.493705] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.493728] ? kasan_atomics+0x152/0x310 [ 14.493752] kasan_atomics+0x1dc/0x310 [ 14.493773] ? __pfx_kasan_atomics+0x10/0x10 [ 14.493795] ? __pfx_read_tsc+0x10/0x10 [ 14.493817] ? ktime_get_ts64+0x86/0x230 [ 14.493842] kunit_try_run_case+0x1a5/0x480 [ 14.493867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.493890] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.493913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.493936] ? __kthread_parkme+0x82/0x180 [ 14.493957] ? preempt_count_sub+0x50/0x80 [ 14.493982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.494007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.494031] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.494055] kthread+0x337/0x6f0 [ 14.494075] ? trace_preempt_on+0x20/0xc0 [ 14.494100] ? __pfx_kthread+0x10/0x10 [ 14.494121] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.494143] ? calculate_sigpending+0x7b/0xa0 [ 14.494168] ? __pfx_kthread+0x10/0x10 [ 14.494200] ret_from_fork+0x116/0x1d0 [ 14.494219] ? __pfx_kthread+0x10/0x10 [ 14.494240] ret_from_fork_asm+0x1a/0x30 [ 14.494272] </TASK> [ 14.494284] [ 14.504149] Allocated by task 282: [ 14.504323] kasan_save_stack+0x45/0x70 [ 14.504903] kasan_save_track+0x18/0x40 [ 14.505062] kasan_save_alloc_info+0x3b/0x50 [ 14.505421] __kasan_kmalloc+0xb7/0xc0 [ 14.505702] __kmalloc_cache_noprof+0x189/0x420 [ 14.505978] kasan_atomics+0x95/0x310 [ 14.506251] kunit_try_run_case+0x1a5/0x480 [ 14.506552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.506874] kthread+0x337/0x6f0 [ 14.507010] ret_from_fork+0x116/0x1d0 [ 14.507347] ret_from_fork_asm+0x1a/0x30 [ 14.507641] [ 14.507720] The buggy address belongs to the object at ffff8881029e5b80 [ 14.507720] which belongs to the cache kmalloc-64 of size 64 [ 14.508470] The buggy address is located 0 bytes to the right of [ 14.508470] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.509027] [ 14.509133] The buggy address belongs to the physical page: [ 14.509600] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.510026] flags: 0x200000000000000(node=0|zone=2) [ 14.510390] page_type: f5(slab) [ 14.510656] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.511048] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.511569] page dumped because: kasan: bad access detected [ 14.511906] [ 14.511985] Memory state around the buggy address: [ 14.512332] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.512686] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.512936] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.513490] ^ [ 14.513788] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.514155] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.514591] ================================================================== [ 14.746857] ================================================================== [ 14.747242] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 14.747649] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.747979] [ 14.748070] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.748115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.748127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.748149] Call Trace: [ 14.748183] <TASK> [ 14.748199] dump_stack_lvl+0x73/0xb0 [ 14.748227] print_report+0xd1/0x650 [ 14.748250] ? __virt_addr_valid+0x1db/0x2d0 [ 14.748274] ? kasan_atomics_helper+0x4f30/0x5450 [ 14.748296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.748320] ? kasan_atomics_helper+0x4f30/0x5450 [ 14.748344] kasan_report+0x141/0x180 [ 14.748368] ? kasan_atomics_helper+0x4f30/0x5450 [ 14.748396] __asan_report_load8_noabort+0x18/0x20 [ 14.748418] kasan_atomics_helper+0x4f30/0x5450 [ 14.748442] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.748465] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.748488] ? kasan_atomics+0x152/0x310 [ 14.748522] kasan_atomics+0x1dc/0x310 [ 14.748542] ? __pfx_kasan_atomics+0x10/0x10 [ 14.748564] ? __pfx_read_tsc+0x10/0x10 [ 14.748596] ? ktime_get_ts64+0x86/0x230 [ 14.748629] kunit_try_run_case+0x1a5/0x480 [ 14.748654] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.748677] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.748700] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.748723] ? __kthread_parkme+0x82/0x180 [ 14.748745] ? preempt_count_sub+0x50/0x80 [ 14.748769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.748794] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.748817] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.748841] kthread+0x337/0x6f0 [ 14.748862] ? trace_preempt_on+0x20/0xc0 [ 14.748887] ? __pfx_kthread+0x10/0x10 [ 14.748908] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.748930] ? calculate_sigpending+0x7b/0xa0 [ 14.748955] ? __pfx_kthread+0x10/0x10 [ 14.748978] ret_from_fork+0x116/0x1d0 [ 14.748998] ? __pfx_kthread+0x10/0x10 [ 14.749020] ret_from_fork_asm+0x1a/0x30 [ 14.749052] </TASK> [ 14.749064] [ 14.756740] Allocated by task 282: [ 14.756874] kasan_save_stack+0x45/0x70 [ 14.757066] kasan_save_track+0x18/0x40 [ 14.757313] kasan_save_alloc_info+0x3b/0x50 [ 14.757528] __kasan_kmalloc+0xb7/0xc0 [ 14.757727] __kmalloc_cache_noprof+0x189/0x420 [ 14.757953] kasan_atomics+0x95/0x310 [ 14.758134] kunit_try_run_case+0x1a5/0x480 [ 14.758314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.758496] kthread+0x337/0x6f0 [ 14.758670] ret_from_fork+0x116/0x1d0 [ 14.758893] ret_from_fork_asm+0x1a/0x30 [ 14.759187] [ 14.759290] The buggy address belongs to the object at ffff8881029e5b80 [ 14.759290] which belongs to the cache kmalloc-64 of size 64 [ 14.759879] The buggy address is located 0 bytes to the right of [ 14.759879] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.760275] [ 14.760353] The buggy address belongs to the physical page: [ 14.760605] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.761018] flags: 0x200000000000000(node=0|zone=2) [ 14.761317] page_type: f5(slab) [ 14.761540] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.762022] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.762470] page dumped because: kasan: bad access detected [ 14.762709] [ 14.762781] Memory state around the buggy address: [ 14.762938] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.763156] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.763498] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.763866] ^ [ 14.764096] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.764483] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.764897] ================================================================== [ 13.826981] ================================================================== [ 13.827476] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 13.828694] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.829701] [ 13.830002] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.830054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.830068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.830090] Call Trace: [ 13.830105] <TASK> [ 13.830122] dump_stack_lvl+0x73/0xb0 [ 13.830151] print_report+0xd1/0x650 [ 13.830174] ? __virt_addr_valid+0x1db/0x2d0 [ 13.830199] ? kasan_atomics_helper+0x72f/0x5450 [ 13.830222] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.830245] ? kasan_atomics_helper+0x72f/0x5450 [ 13.830268] kasan_report+0x141/0x180 [ 13.830292] ? kasan_atomics_helper+0x72f/0x5450 [ 13.830319] kasan_check_range+0x10c/0x1c0 [ 13.830344] __kasan_check_write+0x18/0x20 [ 13.830366] kasan_atomics_helper+0x72f/0x5450 [ 13.830390] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.830413] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.830436] ? kasan_atomics+0x152/0x310 [ 13.830460] kasan_atomics+0x1dc/0x310 [ 13.830487] ? __pfx_kasan_atomics+0x10/0x10 [ 13.830509] ? __pfx_read_tsc+0x10/0x10 [ 13.830666] ? ktime_get_ts64+0x86/0x230 [ 13.830696] kunit_try_run_case+0x1a5/0x480 [ 13.830722] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.830745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.830804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.830827] ? __kthread_parkme+0x82/0x180 [ 13.830849] ? preempt_count_sub+0x50/0x80 [ 13.830876] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.830900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.830924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.830948] kthread+0x337/0x6f0 [ 13.830969] ? trace_preempt_on+0x20/0xc0 [ 13.830993] ? __pfx_kthread+0x10/0x10 [ 13.831015] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.831036] ? calculate_sigpending+0x7b/0xa0 [ 13.831061] ? __pfx_kthread+0x10/0x10 [ 13.831084] ret_from_fork+0x116/0x1d0 [ 13.831102] ? __pfx_kthread+0x10/0x10 [ 13.831125] ret_from_fork_asm+0x1a/0x30 [ 13.831159] </TASK> [ 13.831171] [ 13.846115] Allocated by task 282: [ 13.846281] kasan_save_stack+0x45/0x70 [ 13.846427] kasan_save_track+0x18/0x40 [ 13.846782] kasan_save_alloc_info+0x3b/0x50 [ 13.847000] __kasan_kmalloc+0xb7/0xc0 [ 13.847196] __kmalloc_cache_noprof+0x189/0x420 [ 13.847394] kasan_atomics+0x95/0x310 [ 13.847635] kunit_try_run_case+0x1a5/0x480 [ 13.847822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.848050] kthread+0x337/0x6f0 [ 13.848245] ret_from_fork+0x116/0x1d0 [ 13.848391] ret_from_fork_asm+0x1a/0x30 [ 13.848830] [ 13.848931] The buggy address belongs to the object at ffff8881029e5b80 [ 13.848931] which belongs to the cache kmalloc-64 of size 64 [ 13.849442] The buggy address is located 0 bytes to the right of [ 13.849442] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.850021] [ 13.850101] The buggy address belongs to the physical page: [ 13.850963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.851986] flags: 0x200000000000000(node=0|zone=2) [ 13.852245] page_type: f5(slab) [ 13.852371] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.852607] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.853084] page dumped because: kasan: bad access detected [ 13.853928] [ 13.854133] Memory state around the buggy address: [ 13.854690] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.855447] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.856194] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.856740] ^ [ 13.856904] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.857120] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.857357] ================================================================== [ 13.574263] ================================================================== [ 13.575120] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 13.575552] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.576023] [ 13.576121] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.576170] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.576183] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.576204] Call Trace: [ 13.576217] <TASK> [ 13.576439] dump_stack_lvl+0x73/0xb0 [ 13.576472] print_report+0xd1/0x650 [ 13.576495] ? __virt_addr_valid+0x1db/0x2d0 [ 13.576561] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.576586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.576609] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.576645] kasan_report+0x141/0x180 [ 13.576668] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.576696] __asan_report_load4_noabort+0x18/0x20 [ 13.576717] kasan_atomics_helper+0x4bbc/0x5450 [ 13.576740] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.576763] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.576785] ? kasan_atomics+0x152/0x310 [ 13.576808] kasan_atomics+0x1dc/0x310 [ 13.576828] ? __pfx_kasan_atomics+0x10/0x10 [ 13.576849] ? __pfx_read_tsc+0x10/0x10 [ 13.576869] ? ktime_get_ts64+0x86/0x230 [ 13.576894] kunit_try_run_case+0x1a5/0x480 [ 13.576919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.576941] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.576964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.576987] ? __kthread_parkme+0x82/0x180 [ 13.577008] ? preempt_count_sub+0x50/0x80 [ 13.577034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.577057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.577081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.577104] kthread+0x337/0x6f0 [ 13.577124] ? trace_preempt_on+0x20/0xc0 [ 13.577149] ? __pfx_kthread+0x10/0x10 [ 13.577170] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.577191] ? calculate_sigpending+0x7b/0xa0 [ 13.577215] ? __pfx_kthread+0x10/0x10 [ 13.577237] ret_from_fork+0x116/0x1d0 [ 13.577256] ? __pfx_kthread+0x10/0x10 [ 13.577277] ret_from_fork_asm+0x1a/0x30 [ 13.577309] </TASK> [ 13.577320] [ 13.587915] Allocated by task 282: [ 13.588084] kasan_save_stack+0x45/0x70 [ 13.588285] kasan_save_track+0x18/0x40 [ 13.588798] kasan_save_alloc_info+0x3b/0x50 [ 13.588998] __kasan_kmalloc+0xb7/0xc0 [ 13.589170] __kmalloc_cache_noprof+0x189/0x420 [ 13.589588] kasan_atomics+0x95/0x310 [ 13.589966] kunit_try_run_case+0x1a5/0x480 [ 13.590208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.590630] kthread+0x337/0x6f0 [ 13.591033] ret_from_fork+0x116/0x1d0 [ 13.591207] ret_from_fork_asm+0x1a/0x30 [ 13.591553] [ 13.591810] The buggy address belongs to the object at ffff8881029e5b80 [ 13.591810] which belongs to the cache kmalloc-64 of size 64 [ 13.592327] The buggy address is located 0 bytes to the right of [ 13.592327] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.593199] [ 13.593375] The buggy address belongs to the physical page: [ 13.593813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.594291] flags: 0x200000000000000(node=0|zone=2) [ 13.594517] page_type: f5(slab) [ 13.594794] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.595270] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.595737] page dumped because: kasan: bad access detected [ 13.596198] [ 13.596362] Memory state around the buggy address: [ 13.596592] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.597176] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.597682] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.598109] ^ [ 13.598514] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.598965] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.599492] ================================================================== [ 14.691974] ================================================================== [ 14.692363] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 14.692804] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.693119] [ 14.693274] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.693331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.693344] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.693366] Call Trace: [ 14.693388] <TASK> [ 14.693404] dump_stack_lvl+0x73/0xb0 [ 14.693431] print_report+0xd1/0x650 [ 14.693465] ? __virt_addr_valid+0x1db/0x2d0 [ 14.693489] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.693512] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.693544] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.693567] kasan_report+0x141/0x180 [ 14.693591] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.693635] kasan_check_range+0x10c/0x1c0 [ 14.693660] __kasan_check_write+0x18/0x20 [ 14.693681] kasan_atomics_helper+0x1a7f/0x5450 [ 14.693704] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.693728] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.693750] ? kasan_atomics+0x152/0x310 [ 14.693775] kasan_atomics+0x1dc/0x310 [ 14.693795] ? __pfx_kasan_atomics+0x10/0x10 [ 14.693817] ? __pfx_read_tsc+0x10/0x10 [ 14.693847] ? ktime_get_ts64+0x86/0x230 [ 14.693873] kunit_try_run_case+0x1a5/0x480 [ 14.693898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.693931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.693953] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.693977] ? __kthread_parkme+0x82/0x180 [ 14.693999] ? preempt_count_sub+0x50/0x80 [ 14.694024] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.694049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.694073] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.694096] kthread+0x337/0x6f0 [ 14.694117] ? trace_preempt_on+0x20/0xc0 [ 14.694143] ? __pfx_kthread+0x10/0x10 [ 14.694183] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.694214] ? calculate_sigpending+0x7b/0xa0 [ 14.694239] ? __pfx_kthread+0x10/0x10 [ 14.694262] ret_from_fork+0x116/0x1d0 [ 14.694292] ? __pfx_kthread+0x10/0x10 [ 14.694314] ret_from_fork_asm+0x1a/0x30 [ 14.694347] </TASK> [ 14.694358] [ 14.701844] Allocated by task 282: [ 14.702023] kasan_save_stack+0x45/0x70 [ 14.702275] kasan_save_track+0x18/0x40 [ 14.702514] kasan_save_alloc_info+0x3b/0x50 [ 14.702721] __kasan_kmalloc+0xb7/0xc0 [ 14.702861] __kmalloc_cache_noprof+0x189/0x420 [ 14.703091] kasan_atomics+0x95/0x310 [ 14.703339] kunit_try_run_case+0x1a5/0x480 [ 14.703522] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.703801] kthread+0x337/0x6f0 [ 14.703959] ret_from_fork+0x116/0x1d0 [ 14.704097] ret_from_fork_asm+0x1a/0x30 [ 14.704262] [ 14.704334] The buggy address belongs to the object at ffff8881029e5b80 [ 14.704334] which belongs to the cache kmalloc-64 of size 64 [ 14.704749] The buggy address is located 0 bytes to the right of [ 14.704749] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.705327] [ 14.705424] The buggy address belongs to the physical page: [ 14.705687] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.706043] flags: 0x200000000000000(node=0|zone=2) [ 14.706291] page_type: f5(slab) [ 14.706413] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.706672] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.707017] page dumped because: kasan: bad access detected [ 14.707323] [ 14.707439] Memory state around the buggy address: [ 14.707694] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.708030] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.708292] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.708558] ^ [ 14.708788] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.709136] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.709398] ================================================================== [ 13.918977] ================================================================== [ 13.919322] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 13.919564] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.919801] [ 13.919885] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.919931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.919944] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.919967] Call Trace: [ 13.919981] <TASK> [ 13.919998] dump_stack_lvl+0x73/0xb0 [ 13.920024] print_report+0xd1/0x650 [ 13.920048] ? __virt_addr_valid+0x1db/0x2d0 [ 13.920072] ? kasan_atomics_helper+0x992/0x5450 [ 13.920094] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.920118] ? kasan_atomics_helper+0x992/0x5450 [ 13.920383] kasan_report+0x141/0x180 [ 13.920409] ? kasan_atomics_helper+0x992/0x5450 [ 13.920477] kasan_check_range+0x10c/0x1c0 [ 13.920504] __kasan_check_write+0x18/0x20 [ 13.920565] kasan_atomics_helper+0x992/0x5450 [ 13.920592] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.920634] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.920658] ? kasan_atomics+0x152/0x310 [ 13.920683] kasan_atomics+0x1dc/0x310 [ 13.920704] ? __pfx_kasan_atomics+0x10/0x10 [ 13.920726] ? __pfx_read_tsc+0x10/0x10 [ 13.920748] ? ktime_get_ts64+0x86/0x230 [ 13.920775] kunit_try_run_case+0x1a5/0x480 [ 13.920799] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.920823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.920847] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.920871] ? __kthread_parkme+0x82/0x180 [ 13.920895] ? preempt_count_sub+0x50/0x80 [ 13.920922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.920947] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.920972] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.920996] kthread+0x337/0x6f0 [ 13.921018] ? trace_preempt_on+0x20/0xc0 [ 13.921043] ? __pfx_kthread+0x10/0x10 [ 13.921066] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.921088] ? calculate_sigpending+0x7b/0xa0 [ 13.921113] ? __pfx_kthread+0x10/0x10 [ 13.921137] ret_from_fork+0x116/0x1d0 [ 13.921156] ? __pfx_kthread+0x10/0x10 [ 13.921179] ret_from_fork_asm+0x1a/0x30 [ 13.921220] </TASK> [ 13.921231] [ 13.931763] Allocated by task 282: [ 13.931962] kasan_save_stack+0x45/0x70 [ 13.932168] kasan_save_track+0x18/0x40 [ 13.932728] kasan_save_alloc_info+0x3b/0x50 [ 13.933072] __kasan_kmalloc+0xb7/0xc0 [ 13.933417] __kmalloc_cache_noprof+0x189/0x420 [ 13.933946] kasan_atomics+0x95/0x310 [ 13.934205] kunit_try_run_case+0x1a5/0x480 [ 13.934580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.934992] kthread+0x337/0x6f0 [ 13.935117] ret_from_fork+0x116/0x1d0 [ 13.935249] ret_from_fork_asm+0x1a/0x30 [ 13.935386] [ 13.935533] The buggy address belongs to the object at ffff8881029e5b80 [ 13.935533] which belongs to the cache kmalloc-64 of size 64 [ 13.936300] The buggy address is located 0 bytes to the right of [ 13.936300] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.936889] [ 13.936966] The buggy address belongs to the physical page: [ 13.937541] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.937898] flags: 0x200000000000000(node=0|zone=2) [ 13.938112] page_type: f5(slab) [ 13.938941] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.939452] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.939992] page dumped because: kasan: bad access detected [ 13.940400] [ 13.940866] Memory state around the buggy address: [ 13.941106] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.941427] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.941998] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.942389] ^ [ 13.942734] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.943057] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.943456] ================================================================== [ 13.600215] ================================================================== [ 13.600749] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 13.601328] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.601787] [ 13.601973] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.602023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.602035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.602079] Call Trace: [ 13.602091] <TASK> [ 13.602105] dump_stack_lvl+0x73/0xb0 [ 13.602133] print_report+0xd1/0x650 [ 13.602281] ? __virt_addr_valid+0x1db/0x2d0 [ 13.602309] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.602332] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.602355] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.602398] kasan_report+0x141/0x180 [ 13.602422] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.602449] __asan_report_store4_noabort+0x1b/0x30 [ 13.602476] kasan_atomics_helper+0x4ba2/0x5450 [ 13.602499] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.602521] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.602680] ? kasan_atomics+0x152/0x310 [ 13.602708] kasan_atomics+0x1dc/0x310 [ 13.602728] ? __pfx_kasan_atomics+0x10/0x10 [ 13.602749] ? __pfx_read_tsc+0x10/0x10 [ 13.602770] ? ktime_get_ts64+0x86/0x230 [ 13.602796] kunit_try_run_case+0x1a5/0x480 [ 13.602820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.602842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.602864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.602886] ? __kthread_parkme+0x82/0x180 [ 13.602907] ? preempt_count_sub+0x50/0x80 [ 13.602932] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.602955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.602978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.603002] kthread+0x337/0x6f0 [ 13.603022] ? trace_preempt_on+0x20/0xc0 [ 13.603045] ? __pfx_kthread+0x10/0x10 [ 13.603066] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.603087] ? calculate_sigpending+0x7b/0xa0 [ 13.603110] ? __pfx_kthread+0x10/0x10 [ 13.603132] ret_from_fork+0x116/0x1d0 [ 13.603150] ? __pfx_kthread+0x10/0x10 [ 13.603171] ret_from_fork_asm+0x1a/0x30 [ 13.603202] </TASK> [ 13.603213] [ 13.614736] Allocated by task 282: [ 13.614928] kasan_save_stack+0x45/0x70 [ 13.615103] kasan_save_track+0x18/0x40 [ 13.615635] kasan_save_alloc_info+0x3b/0x50 [ 13.615794] __kasan_kmalloc+0xb7/0xc0 [ 13.616131] __kmalloc_cache_noprof+0x189/0x420 [ 13.616462] kasan_atomics+0x95/0x310 [ 13.616692] kunit_try_run_case+0x1a5/0x480 [ 13.616906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.617374] kthread+0x337/0x6f0 [ 13.617570] ret_from_fork+0x116/0x1d0 [ 13.617887] ret_from_fork_asm+0x1a/0x30 [ 13.618046] [ 13.618321] The buggy address belongs to the object at ffff8881029e5b80 [ 13.618321] which belongs to the cache kmalloc-64 of size 64 [ 13.618900] The buggy address is located 0 bytes to the right of [ 13.618900] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.619867] [ 13.619955] The buggy address belongs to the physical page: [ 13.620221] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.620670] flags: 0x200000000000000(node=0|zone=2) [ 13.621175] page_type: f5(slab) [ 13.621439] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.622014] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.622468] page dumped because: kasan: bad access detected [ 13.622910] [ 13.623019] Memory state around the buggy address: [ 13.623345] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.623766] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.624113] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.624507] ^ [ 13.624946] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.625312] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.625818] ================================================================== [ 14.562848] ================================================================== [ 14.563479] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.564073] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.564661] [ 14.564777] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.564828] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.564842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.564866] Call Trace: [ 14.564881] <TASK> [ 14.564898] dump_stack_lvl+0x73/0xb0 [ 14.564928] print_report+0xd1/0x650 [ 14.564952] ? __virt_addr_valid+0x1db/0x2d0 [ 14.564976] ? kasan_atomics_helper+0x164f/0x5450 [ 14.564999] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.565023] ? kasan_atomics_helper+0x164f/0x5450 [ 14.565046] kasan_report+0x141/0x180 [ 14.565070] ? kasan_atomics_helper+0x164f/0x5450 [ 14.565099] kasan_check_range+0x10c/0x1c0 [ 14.565125] __kasan_check_write+0x18/0x20 [ 14.565145] kasan_atomics_helper+0x164f/0x5450 [ 14.565171] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.565197] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.565219] ? kasan_atomics+0x152/0x310 [ 14.565243] kasan_atomics+0x1dc/0x310 [ 14.565264] ? __pfx_kasan_atomics+0x10/0x10 [ 14.565285] ? __pfx_read_tsc+0x10/0x10 [ 14.565307] ? ktime_get_ts64+0x86/0x230 [ 14.565333] kunit_try_run_case+0x1a5/0x480 [ 14.565358] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.565381] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.565406] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.565429] ? __kthread_parkme+0x82/0x180 [ 14.565451] ? preempt_count_sub+0x50/0x80 [ 14.565476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.565501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.565525] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.565548] kthread+0x337/0x6f0 [ 14.565569] ? trace_preempt_on+0x20/0xc0 [ 14.565594] ? __pfx_kthread+0x10/0x10 [ 14.565627] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.565649] ? calculate_sigpending+0x7b/0xa0 [ 14.565675] ? __pfx_kthread+0x10/0x10 [ 14.565697] ret_from_fork+0x116/0x1d0 [ 14.565717] ? __pfx_kthread+0x10/0x10 [ 14.565739] ret_from_fork_asm+0x1a/0x30 [ 14.565773] </TASK> [ 14.565784] [ 14.573317] Allocated by task 282: [ 14.573499] kasan_save_stack+0x45/0x70 [ 14.573710] kasan_save_track+0x18/0x40 [ 14.573847] kasan_save_alloc_info+0x3b/0x50 [ 14.573994] __kasan_kmalloc+0xb7/0xc0 [ 14.574130] __kmalloc_cache_noprof+0x189/0x420 [ 14.574347] kasan_atomics+0x95/0x310 [ 14.574538] kunit_try_run_case+0x1a5/0x480 [ 14.574795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.575052] kthread+0x337/0x6f0 [ 14.575238] ret_from_fork+0x116/0x1d0 [ 14.575416] ret_from_fork_asm+0x1a/0x30 [ 14.575579] [ 14.575662] The buggy address belongs to the object at ffff8881029e5b80 [ 14.575662] which belongs to the cache kmalloc-64 of size 64 [ 14.576138] The buggy address is located 0 bytes to the right of [ 14.576138] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.576564] [ 14.576645] The buggy address belongs to the physical page: [ 14.576820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.577419] flags: 0x200000000000000(node=0|zone=2) [ 14.577664] page_type: f5(slab) [ 14.577833] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.578139] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.578582] page dumped because: kasan: bad access detected [ 14.578766] [ 14.578837] Memory state around the buggy address: [ 14.578994] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.579471] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.579808] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.580024] ^ [ 14.580182] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.580499] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.580927] ================================================================== [ 14.898487] ================================================================== [ 14.898860] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 14.899290] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.899627] [ 14.899736] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.899783] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.899808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.899831] Call Trace: [ 14.899846] <TASK> [ 14.899861] dump_stack_lvl+0x73/0xb0 [ 14.899897] print_report+0xd1/0x650 [ 14.899921] ? __virt_addr_valid+0x1db/0x2d0 [ 14.899944] ? kasan_atomics_helper+0x4f98/0x5450 [ 14.899980] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.900004] ? kasan_atomics_helper+0x4f98/0x5450 [ 14.900028] kasan_report+0x141/0x180 [ 14.900052] ? kasan_atomics_helper+0x4f98/0x5450 [ 14.900089] __asan_report_load8_noabort+0x18/0x20 [ 14.900111] kasan_atomics_helper+0x4f98/0x5450 [ 14.900146] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.900188] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.900212] ? kasan_atomics+0x152/0x310 [ 14.900237] kasan_atomics+0x1dc/0x310 [ 14.900266] ? __pfx_kasan_atomics+0x10/0x10 [ 14.900289] ? __pfx_read_tsc+0x10/0x10 [ 14.900310] ? ktime_get_ts64+0x86/0x230 [ 14.900346] kunit_try_run_case+0x1a5/0x480 [ 14.900371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.900394] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.900427] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.900450] ? __kthread_parkme+0x82/0x180 [ 14.900471] ? preempt_count_sub+0x50/0x80 [ 14.900507] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.900532] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.900555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.900579] kthread+0x337/0x6f0 [ 14.900599] ? trace_preempt_on+0x20/0xc0 [ 14.900631] ? __pfx_kthread+0x10/0x10 [ 14.900654] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.900675] ? calculate_sigpending+0x7b/0xa0 [ 14.900700] ? __pfx_kthread+0x10/0x10 [ 14.900732] ret_from_fork+0x116/0x1d0 [ 14.900751] ? __pfx_kthread+0x10/0x10 [ 14.900773] ret_from_fork_asm+0x1a/0x30 [ 14.900815] </TASK> [ 14.900826] [ 14.908142] Allocated by task 282: [ 14.908353] kasan_save_stack+0x45/0x70 [ 14.908538] kasan_save_track+0x18/0x40 [ 14.908743] kasan_save_alloc_info+0x3b/0x50 [ 14.908943] __kasan_kmalloc+0xb7/0xc0 [ 14.909135] __kmalloc_cache_noprof+0x189/0x420 [ 14.909363] kasan_atomics+0x95/0x310 [ 14.909555] kunit_try_run_case+0x1a5/0x480 [ 14.909746] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.909998] kthread+0x337/0x6f0 [ 14.910186] ret_from_fork+0x116/0x1d0 [ 14.910367] ret_from_fork_asm+0x1a/0x30 [ 14.910571] [ 14.910677] The buggy address belongs to the object at ffff8881029e5b80 [ 14.910677] which belongs to the cache kmalloc-64 of size 64 [ 14.911187] The buggy address is located 0 bytes to the right of [ 14.911187] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.911553] [ 14.911635] The buggy address belongs to the physical page: [ 14.911807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.912212] flags: 0x200000000000000(node=0|zone=2) [ 14.912443] page_type: f5(slab) [ 14.912619] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.912964] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.913303] page dumped because: kasan: bad access detected [ 14.913477] [ 14.913548] Memory state around the buggy address: [ 14.913756] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.914078] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.914458] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.914799] ^ [ 14.915022] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915301] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.915517] ================================================================== [ 14.970604] ================================================================== [ 14.971019] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 14.971419] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.971781] [ 14.971892] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.971970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.971983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.972005] Call Trace: [ 14.972031] <TASK> [ 14.972046] dump_stack_lvl+0x73/0xb0 [ 14.972074] print_report+0xd1/0x650 [ 14.972097] ? __virt_addr_valid+0x1db/0x2d0 [ 14.972121] ? kasan_atomics_helper+0x4fa5/0x5450 [ 14.972145] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.972219] ? kasan_atomics_helper+0x4fa5/0x5450 [ 14.972256] kasan_report+0x141/0x180 [ 14.972318] ? kasan_atomics_helper+0x4fa5/0x5450 [ 14.972347] __asan_report_load8_noabort+0x18/0x20 [ 14.972404] kasan_atomics_helper+0x4fa5/0x5450 [ 14.972429] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.972453] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.972485] ? kasan_atomics+0x152/0x310 [ 14.972510] kasan_atomics+0x1dc/0x310 [ 14.972531] ? __pfx_kasan_atomics+0x10/0x10 [ 14.972553] ? __pfx_read_tsc+0x10/0x10 [ 14.972575] ? ktime_get_ts64+0x86/0x230 [ 14.972601] kunit_try_run_case+0x1a5/0x480 [ 14.972634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.972687] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.972710] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.972772] ? __kthread_parkme+0x82/0x180 [ 14.972805] ? preempt_count_sub+0x50/0x80 [ 14.972867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.972893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.972917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.972951] kthread+0x337/0x6f0 [ 14.972973] ? trace_preempt_on+0x20/0xc0 [ 14.972997] ? __pfx_kthread+0x10/0x10 [ 14.973020] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.973041] ? calculate_sigpending+0x7b/0xa0 [ 14.973066] ? __pfx_kthread+0x10/0x10 [ 14.973089] ret_from_fork+0x116/0x1d0 [ 14.973108] ? __pfx_kthread+0x10/0x10 [ 14.973130] ret_from_fork_asm+0x1a/0x30 [ 14.973181] </TASK> [ 14.973192] [ 14.981243] Allocated by task 282: [ 14.981374] kasan_save_stack+0x45/0x70 [ 14.981518] kasan_save_track+0x18/0x40 [ 14.981723] kasan_save_alloc_info+0x3b/0x50 [ 14.981935] __kasan_kmalloc+0xb7/0xc0 [ 14.982202] __kmalloc_cache_noprof+0x189/0x420 [ 14.982437] kasan_atomics+0x95/0x310 [ 14.982716] kunit_try_run_case+0x1a5/0x480 [ 14.982942] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.983119] kthread+0x337/0x6f0 [ 14.983268] ret_from_fork+0x116/0x1d0 [ 14.983458] ret_from_fork_asm+0x1a/0x30 [ 14.983709] [ 14.983810] The buggy address belongs to the object at ffff8881029e5b80 [ 14.983810] which belongs to the cache kmalloc-64 of size 64 [ 14.984461] The buggy address is located 0 bytes to the right of [ 14.984461] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.984885] [ 14.984960] The buggy address belongs to the physical page: [ 14.985215] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.985629] flags: 0x200000000000000(node=0|zone=2) [ 14.985871] page_type: f5(slab) [ 14.986042] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.986378] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.986721] page dumped because: kasan: bad access detected [ 14.986900] [ 14.987039] Memory state around the buggy address: [ 14.987393] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.987691] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.987978] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.988393] ^ [ 14.988647] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.988906] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.989300] ================================================================== [ 14.036398] ================================================================== [ 14.036761] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.037083] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.037437] [ 14.037520] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.037564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.037578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.037598] Call Trace: [ 14.037610] <TASK> [ 14.037636] dump_stack_lvl+0x73/0xb0 [ 14.037711] print_report+0xd1/0x650 [ 14.037737] ? __virt_addr_valid+0x1db/0x2d0 [ 14.037763] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.037786] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.037809] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.037832] kasan_report+0x141/0x180 [ 14.037856] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.037885] __asan_report_load4_noabort+0x18/0x20 [ 14.037906] kasan_atomics_helper+0x4a84/0x5450 [ 14.037930] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.037954] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.037976] ? kasan_atomics+0x152/0x310 [ 14.038000] kasan_atomics+0x1dc/0x310 [ 14.038021] ? __pfx_kasan_atomics+0x10/0x10 [ 14.038042] ? __pfx_read_tsc+0x10/0x10 [ 14.038063] ? ktime_get_ts64+0x86/0x230 [ 14.038089] kunit_try_run_case+0x1a5/0x480 [ 14.038114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.038136] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.038159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.038182] ? __kthread_parkme+0x82/0x180 [ 14.038203] ? preempt_count_sub+0x50/0x80 [ 14.038228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.038252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.038277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.038300] kthread+0x337/0x6f0 [ 14.038321] ? trace_preempt_on+0x20/0xc0 [ 14.038346] ? __pfx_kthread+0x10/0x10 [ 14.038367] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.038388] ? calculate_sigpending+0x7b/0xa0 [ 14.038413] ? __pfx_kthread+0x10/0x10 [ 14.038437] ret_from_fork+0x116/0x1d0 [ 14.038456] ? __pfx_kthread+0x10/0x10 [ 14.038485] ret_from_fork_asm+0x1a/0x30 [ 14.038517] </TASK> [ 14.038538] [ 14.046876] Allocated by task 282: [ 14.047034] kasan_save_stack+0x45/0x70 [ 14.047179] kasan_save_track+0x18/0x40 [ 14.047317] kasan_save_alloc_info+0x3b/0x50 [ 14.047485] __kasan_kmalloc+0xb7/0xc0 [ 14.047743] __kmalloc_cache_noprof+0x189/0x420 [ 14.047973] kasan_atomics+0x95/0x310 [ 14.048163] kunit_try_run_case+0x1a5/0x480 [ 14.048414] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.048590] kthread+0x337/0x6f0 [ 14.048771] ret_from_fork+0x116/0x1d0 [ 14.048963] ret_from_fork_asm+0x1a/0x30 [ 14.049209] [ 14.049282] The buggy address belongs to the object at ffff8881029e5b80 [ 14.049282] which belongs to the cache kmalloc-64 of size 64 [ 14.049898] The buggy address is located 0 bytes to the right of [ 14.049898] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.050265] [ 14.050339] The buggy address belongs to the physical page: [ 14.050755] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.051109] flags: 0x200000000000000(node=0|zone=2) [ 14.051339] page_type: f5(slab) [ 14.051585] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.051824] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.052429] page dumped because: kasan: bad access detected [ 14.052933] [ 14.053020] Memory state around the buggy address: [ 14.053268] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.053629] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.053851] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.054062] ^ [ 14.054395] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.055044] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.055500] ================================================================== [ 14.467693] ================================================================== [ 14.468006] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.468700] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.468992] [ 14.469187] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.469494] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.469511] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.469532] Call Trace: [ 14.469547] <TASK> [ 14.469562] dump_stack_lvl+0x73/0xb0 [ 14.469592] print_report+0xd1/0x650 [ 14.469629] ? __virt_addr_valid+0x1db/0x2d0 [ 14.469654] ? kasan_atomics_helper+0x1467/0x5450 [ 14.469677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.469701] ? kasan_atomics_helper+0x1467/0x5450 [ 14.469724] kasan_report+0x141/0x180 [ 14.469748] ? kasan_atomics_helper+0x1467/0x5450 [ 14.469776] kasan_check_range+0x10c/0x1c0 [ 14.469801] __kasan_check_write+0x18/0x20 [ 14.469821] kasan_atomics_helper+0x1467/0x5450 [ 14.469846] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.469869] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.469892] ? kasan_atomics+0x152/0x310 [ 14.469916] kasan_atomics+0x1dc/0x310 [ 14.469937] ? __pfx_kasan_atomics+0x10/0x10 [ 14.469960] ? __pfx_read_tsc+0x10/0x10 [ 14.469983] ? ktime_get_ts64+0x86/0x230 [ 14.470009] kunit_try_run_case+0x1a5/0x480 [ 14.470033] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.470056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.470080] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.470104] ? __kthread_parkme+0x82/0x180 [ 14.470125] ? preempt_count_sub+0x50/0x80 [ 14.470150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.470184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.470209] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.470234] kthread+0x337/0x6f0 [ 14.470255] ? trace_preempt_on+0x20/0xc0 [ 14.470280] ? __pfx_kthread+0x10/0x10 [ 14.470302] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.470323] ? calculate_sigpending+0x7b/0xa0 [ 14.470348] ? __pfx_kthread+0x10/0x10 [ 14.470371] ret_from_fork+0x116/0x1d0 [ 14.470389] ? __pfx_kthread+0x10/0x10 [ 14.470411] ret_from_fork_asm+0x1a/0x30 [ 14.470443] </TASK> [ 14.470454] [ 14.480834] Allocated by task 282: [ 14.481005] kasan_save_stack+0x45/0x70 [ 14.481200] kasan_save_track+0x18/0x40 [ 14.481517] kasan_save_alloc_info+0x3b/0x50 [ 14.481819] __kasan_kmalloc+0xb7/0xc0 [ 14.482083] __kmalloc_cache_noprof+0x189/0x420 [ 14.482482] kasan_atomics+0x95/0x310 [ 14.482768] kunit_try_run_case+0x1a5/0x480 [ 14.482946] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.483363] kthread+0x337/0x6f0 [ 14.483546] ret_from_fork+0x116/0x1d0 [ 14.483822] ret_from_fork_asm+0x1a/0x30 [ 14.484025] [ 14.484123] The buggy address belongs to the object at ffff8881029e5b80 [ 14.484123] which belongs to the cache kmalloc-64 of size 64 [ 14.484901] The buggy address is located 0 bytes to the right of [ 14.484901] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.485683] [ 14.485771] The buggy address belongs to the physical page: [ 14.486048] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.486609] flags: 0x200000000000000(node=0|zone=2) [ 14.486933] page_type: f5(slab) [ 14.487178] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.487530] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.487871] page dumped because: kasan: bad access detected [ 14.488112] [ 14.488204] Memory state around the buggy address: [ 14.488719] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.489074] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.489497] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.489866] ^ [ 14.490152] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.490539] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.490911] ================================================================== [ 14.538845] ================================================================== [ 14.539100] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.539536] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.540318] [ 14.540583] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.540648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.540662] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.540685] Call Trace: [ 14.540698] <TASK> [ 14.540713] dump_stack_lvl+0x73/0xb0 [ 14.540742] print_report+0xd1/0x650 [ 14.540765] ? __virt_addr_valid+0x1db/0x2d0 [ 14.540790] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.540812] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.540836] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.540860] kasan_report+0x141/0x180 [ 14.540885] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.540913] kasan_check_range+0x10c/0x1c0 [ 14.540938] __kasan_check_write+0x18/0x20 [ 14.540959] kasan_atomics_helper+0x15b6/0x5450 [ 14.540984] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.541008] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.541030] ? kasan_atomics+0x152/0x310 [ 14.541055] kasan_atomics+0x1dc/0x310 [ 14.541075] ? __pfx_kasan_atomics+0x10/0x10 [ 14.541097] ? __pfx_read_tsc+0x10/0x10 [ 14.541120] ? ktime_get_ts64+0x86/0x230 [ 14.541148] kunit_try_run_case+0x1a5/0x480 [ 14.541172] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.541204] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.541228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.541252] ? __kthread_parkme+0x82/0x180 [ 14.541274] ? preempt_count_sub+0x50/0x80 [ 14.541299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.541323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.541347] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.541372] kthread+0x337/0x6f0 [ 14.541393] ? trace_preempt_on+0x20/0xc0 [ 14.541417] ? __pfx_kthread+0x10/0x10 [ 14.541439] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.541461] ? calculate_sigpending+0x7b/0xa0 [ 14.541486] ? __pfx_kthread+0x10/0x10 [ 14.541509] ret_from_fork+0x116/0x1d0 [ 14.541527] ? __pfx_kthread+0x10/0x10 [ 14.541549] ret_from_fork_asm+0x1a/0x30 [ 14.541581] </TASK> [ 14.541592] [ 14.552035] Allocated by task 282: [ 14.552365] kasan_save_stack+0x45/0x70 [ 14.552570] kasan_save_track+0x18/0x40 [ 14.552907] kasan_save_alloc_info+0x3b/0x50 [ 14.553186] __kasan_kmalloc+0xb7/0xc0 [ 14.553475] __kmalloc_cache_noprof+0x189/0x420 [ 14.553772] kasan_atomics+0x95/0x310 [ 14.553934] kunit_try_run_case+0x1a5/0x480 [ 14.554149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.554580] kthread+0x337/0x6f0 [ 14.554894] ret_from_fork+0x116/0x1d0 [ 14.555238] ret_from_fork_asm+0x1a/0x30 [ 14.555443] [ 14.555531] The buggy address belongs to the object at ffff8881029e5b80 [ 14.555531] which belongs to the cache kmalloc-64 of size 64 [ 14.556028] The buggy address is located 0 bytes to the right of [ 14.556028] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.556897] [ 14.557127] The buggy address belongs to the physical page: [ 14.557398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.557830] flags: 0x200000000000000(node=0|zone=2) [ 14.558136] page_type: f5(slab) [ 14.558425] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.558882] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.559195] page dumped because: kasan: bad access detected [ 14.559521] [ 14.559606] Memory state around the buggy address: [ 14.559832] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.560130] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.560682] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.561077] ^ [ 14.561420] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.561740] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.562109] ================================================================== [ 14.784665] ================================================================== [ 14.784999] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 14.785400] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.785746] [ 14.785859] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.785939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.785953] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.785987] Call Trace: [ 14.786001] <TASK> [ 14.786015] dump_stack_lvl+0x73/0xb0 [ 14.786058] print_report+0xd1/0x650 [ 14.786082] ? __virt_addr_valid+0x1db/0x2d0 [ 14.786106] ? kasan_atomics_helper+0x1d7a/0x5450 [ 14.786130] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.786154] ? kasan_atomics_helper+0x1d7a/0x5450 [ 14.786215] kasan_report+0x141/0x180 [ 14.786239] ? kasan_atomics_helper+0x1d7a/0x5450 [ 14.786304] kasan_check_range+0x10c/0x1c0 [ 14.786330] __kasan_check_write+0x18/0x20 [ 14.786351] kasan_atomics_helper+0x1d7a/0x5450 [ 14.786385] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.786409] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.786431] ? kasan_atomics+0x152/0x310 [ 14.786456] kasan_atomics+0x1dc/0x310 [ 14.786480] ? __pfx_kasan_atomics+0x10/0x10 [ 14.786502] ? __pfx_read_tsc+0x10/0x10 [ 14.786524] ? ktime_get_ts64+0x86/0x230 [ 14.786576] kunit_try_run_case+0x1a5/0x480 [ 14.786602] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.786640] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.786663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.786687] ? __kthread_parkme+0x82/0x180 [ 14.786708] ? preempt_count_sub+0x50/0x80 [ 14.786734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.786759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.786783] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.786806] kthread+0x337/0x6f0 [ 14.786827] ? trace_preempt_on+0x20/0xc0 [ 14.786852] ? __pfx_kthread+0x10/0x10 [ 14.786874] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.786895] ? calculate_sigpending+0x7b/0xa0 [ 14.786921] ? __pfx_kthread+0x10/0x10 [ 14.786943] ret_from_fork+0x116/0x1d0 [ 14.786962] ? __pfx_kthread+0x10/0x10 [ 14.786984] ret_from_fork_asm+0x1a/0x30 [ 14.787016] </TASK> [ 14.787028] [ 14.794912] Allocated by task 282: [ 14.795041] kasan_save_stack+0x45/0x70 [ 14.795213] kasan_save_track+0x18/0x40 [ 14.795390] kasan_save_alloc_info+0x3b/0x50 [ 14.795645] __kasan_kmalloc+0xb7/0xc0 [ 14.795852] __kmalloc_cache_noprof+0x189/0x420 [ 14.796075] kasan_atomics+0x95/0x310 [ 14.796328] kunit_try_run_case+0x1a5/0x480 [ 14.796636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.796922] kthread+0x337/0x6f0 [ 14.797057] ret_from_fork+0x116/0x1d0 [ 14.797292] ret_from_fork_asm+0x1a/0x30 [ 14.797524] [ 14.797598] The buggy address belongs to the object at ffff8881029e5b80 [ 14.797598] which belongs to the cache kmalloc-64 of size 64 [ 14.797962] The buggy address is located 0 bytes to the right of [ 14.797962] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.798627] [ 14.798731] The buggy address belongs to the physical page: [ 14.799004] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.799465] flags: 0x200000000000000(node=0|zone=2) [ 14.799643] page_type: f5(slab) [ 14.799775] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.800187] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.800510] page dumped because: kasan: bad access detected [ 14.800731] [ 14.800828] Memory state around the buggy address: [ 14.801031] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.801339] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.801723] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.802024] ^ [ 14.802294] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.802520] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.802835] ================================================================== [ 13.965992] ================================================================== [ 13.966431] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 13.967027] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.968015] [ 13.968274] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.968326] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.968339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.968361] Call Trace: [ 13.968377] <TASK> [ 13.968394] dump_stack_lvl+0x73/0xb0 [ 13.968424] print_report+0xd1/0x650 [ 13.968447] ? __virt_addr_valid+0x1db/0x2d0 [ 13.968472] ? kasan_atomics_helper+0xac7/0x5450 [ 13.968495] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.968527] ? kasan_atomics_helper+0xac7/0x5450 [ 13.968551] kasan_report+0x141/0x180 [ 13.968574] ? kasan_atomics_helper+0xac7/0x5450 [ 13.968602] kasan_check_range+0x10c/0x1c0 [ 13.968638] __kasan_check_write+0x18/0x20 [ 13.968658] kasan_atomics_helper+0xac7/0x5450 [ 13.968682] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.968706] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.968728] ? kasan_atomics+0x152/0x310 [ 13.968875] kasan_atomics+0x1dc/0x310 [ 13.968898] ? __pfx_kasan_atomics+0x10/0x10 [ 13.968919] ? __pfx_read_tsc+0x10/0x10 [ 13.968941] ? ktime_get_ts64+0x86/0x230 [ 13.968967] kunit_try_run_case+0x1a5/0x480 [ 13.968992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.969015] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.969039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.969062] ? __kthread_parkme+0x82/0x180 [ 13.969084] ? preempt_count_sub+0x50/0x80 [ 13.969110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.969135] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.969159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.969201] kthread+0x337/0x6f0 [ 13.969222] ? trace_preempt_on+0x20/0xc0 [ 13.969247] ? __pfx_kthread+0x10/0x10 [ 13.969269] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.969291] ? calculate_sigpending+0x7b/0xa0 [ 13.969316] ? __pfx_kthread+0x10/0x10 [ 13.969339] ret_from_fork+0x116/0x1d0 [ 13.969358] ? __pfx_kthread+0x10/0x10 [ 13.969380] ret_from_fork_asm+0x1a/0x30 [ 13.969413] </TASK> [ 13.969424] [ 13.978955] Allocated by task 282: [ 13.979337] kasan_save_stack+0x45/0x70 [ 13.980248] kasan_save_track+0x18/0x40 [ 13.980425] kasan_save_alloc_info+0x3b/0x50 [ 13.980788] __kasan_kmalloc+0xb7/0xc0 [ 13.980926] __kmalloc_cache_noprof+0x189/0x420 [ 13.981708] kasan_atomics+0x95/0x310 [ 13.981870] kunit_try_run_case+0x1a5/0x480 [ 13.982279] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.982666] kthread+0x337/0x6f0 [ 13.982855] ret_from_fork+0x116/0x1d0 [ 13.983036] ret_from_fork_asm+0x1a/0x30 [ 13.983400] [ 13.983698] The buggy address belongs to the object at ffff8881029e5b80 [ 13.983698] which belongs to the cache kmalloc-64 of size 64 [ 13.984361] The buggy address is located 0 bytes to the right of [ 13.984361] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 13.985123] [ 13.985242] The buggy address belongs to the physical page: [ 13.985677] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 13.986107] flags: 0x200000000000000(node=0|zone=2) [ 13.986475] page_type: f5(slab) [ 13.986713] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.987201] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.987652] page dumped because: kasan: bad access detected [ 13.987966] [ 13.988047] Memory state around the buggy address: [ 13.988424] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.988956] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.989354] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.989804] ^ [ 13.990118] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.990425] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.990995] ================================================================== [ 14.803484] ================================================================== [ 14.803863] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 14.804191] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.804528] [ 14.804690] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.804737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.804751] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.804773] Call Trace: [ 14.804787] <TASK> [ 14.804803] dump_stack_lvl+0x73/0xb0 [ 14.804832] print_report+0xd1/0x650 [ 14.804855] ? __virt_addr_valid+0x1db/0x2d0 [ 14.804880] ? kasan_atomics_helper+0x1e12/0x5450 [ 14.804936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.804960] ? kasan_atomics_helper+0x1e12/0x5450 [ 14.804983] kasan_report+0x141/0x180 [ 14.805018] ? kasan_atomics_helper+0x1e12/0x5450 [ 14.805046] kasan_check_range+0x10c/0x1c0 [ 14.805072] __kasan_check_write+0x18/0x20 [ 14.805092] kasan_atomics_helper+0x1e12/0x5450 [ 14.805116] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.805140] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.805181] ? kasan_atomics+0x152/0x310 [ 14.805206] kasan_atomics+0x1dc/0x310 [ 14.805226] ? __pfx_kasan_atomics+0x10/0x10 [ 14.805247] ? __pfx_read_tsc+0x10/0x10 [ 14.805269] ? ktime_get_ts64+0x86/0x230 [ 14.805295] kunit_try_run_case+0x1a5/0x480 [ 14.805320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.805375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.805399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.805432] ? __kthread_parkme+0x82/0x180 [ 14.805453] ? preempt_count_sub+0x50/0x80 [ 14.805508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.805535] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.805571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.805595] kthread+0x337/0x6f0 [ 14.805626] ? trace_preempt_on+0x20/0xc0 [ 14.805651] ? __pfx_kthread+0x10/0x10 [ 14.805674] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.805696] ? calculate_sigpending+0x7b/0xa0 [ 14.805721] ? __pfx_kthread+0x10/0x10 [ 14.805745] ret_from_fork+0x116/0x1d0 [ 14.805764] ? __pfx_kthread+0x10/0x10 [ 14.805787] ret_from_fork_asm+0x1a/0x30 [ 14.805819] </TASK> [ 14.805831] [ 14.814012] Allocated by task 282: [ 14.814142] kasan_save_stack+0x45/0x70 [ 14.814398] kasan_save_track+0x18/0x40 [ 14.814634] kasan_save_alloc_info+0x3b/0x50 [ 14.814909] __kasan_kmalloc+0xb7/0xc0 [ 14.815192] __kmalloc_cache_noprof+0x189/0x420 [ 14.815408] kasan_atomics+0x95/0x310 [ 14.815568] kunit_try_run_case+0x1a5/0x480 [ 14.815760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.815987] kthread+0x337/0x6f0 [ 14.816113] ret_from_fork+0x116/0x1d0 [ 14.816303] ret_from_fork_asm+0x1a/0x30 [ 14.816507] [ 14.816647] The buggy address belongs to the object at ffff8881029e5b80 [ 14.816647] which belongs to the cache kmalloc-64 of size 64 [ 14.817081] The buggy address is located 0 bytes to the right of [ 14.817081] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.817643] [ 14.817754] The buggy address belongs to the physical page: [ 14.818095] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.818471] flags: 0x200000000000000(node=0|zone=2) [ 14.818698] page_type: f5(slab) [ 14.818905] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.819302] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.819638] page dumped because: kasan: bad access detected [ 14.819865] [ 14.819974] Memory state around the buggy address: [ 14.820179] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.820496] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.820865] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.821148] ^ [ 14.821386] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.821762] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.822062] ================================================================== [ 14.415907] ================================================================== [ 14.416372] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.417020] Read of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.417564] [ 14.417707] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.417760] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.417773] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.417795] Call Trace: [ 14.417810] <TASK> [ 14.417828] dump_stack_lvl+0x73/0xb0 [ 14.417856] print_report+0xd1/0x650 [ 14.417880] ? __virt_addr_valid+0x1db/0x2d0 [ 14.417904] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.417927] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.417951] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.417974] kasan_report+0x141/0x180 [ 14.417999] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.418028] kasan_check_range+0x10c/0x1c0 [ 14.418053] __kasan_check_read+0x15/0x20 [ 14.418074] kasan_atomics_helper+0x13b5/0x5450 [ 14.418098] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.418122] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.418144] ? kasan_atomics+0x152/0x310 [ 14.418168] kasan_atomics+0x1dc/0x310 [ 14.418217] ? __pfx_kasan_atomics+0x10/0x10 [ 14.418241] ? __pfx_read_tsc+0x10/0x10 [ 14.418263] ? ktime_get_ts64+0x86/0x230 [ 14.418290] kunit_try_run_case+0x1a5/0x480 [ 14.418315] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.418338] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.418362] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.418386] ? __kthread_parkme+0x82/0x180 [ 14.418408] ? preempt_count_sub+0x50/0x80 [ 14.418434] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.418459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.418489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.418513] kthread+0x337/0x6f0 [ 14.418559] ? trace_preempt_on+0x20/0xc0 [ 14.418583] ? __pfx_kthread+0x10/0x10 [ 14.418606] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.418641] ? calculate_sigpending+0x7b/0xa0 [ 14.418668] ? __pfx_kthread+0x10/0x10 [ 14.418691] ret_from_fork+0x116/0x1d0 [ 14.418710] ? __pfx_kthread+0x10/0x10 [ 14.418732] ret_from_fork_asm+0x1a/0x30 [ 14.418765] </TASK> [ 14.418776] [ 14.429953] Allocated by task 282: [ 14.430118] kasan_save_stack+0x45/0x70 [ 14.430531] kasan_save_track+0x18/0x40 [ 14.430862] kasan_save_alloc_info+0x3b/0x50 [ 14.431379] __kasan_kmalloc+0xb7/0xc0 [ 14.431544] __kmalloc_cache_noprof+0x189/0x420 [ 14.432023] kasan_atomics+0x95/0x310 [ 14.432326] kunit_try_run_case+0x1a5/0x480 [ 14.432490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.433019] kthread+0x337/0x6f0 [ 14.433166] ret_from_fork+0x116/0x1d0 [ 14.433576] ret_from_fork_asm+0x1a/0x30 [ 14.433776] [ 14.433879] The buggy address belongs to the object at ffff8881029e5b80 [ 14.433879] which belongs to the cache kmalloc-64 of size 64 [ 14.434780] The buggy address is located 0 bytes to the right of [ 14.434780] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.435282] [ 14.435836] The buggy address belongs to the physical page: [ 14.436083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.436635] flags: 0x200000000000000(node=0|zone=2) [ 14.436827] page_type: f5(slab) [ 14.437133] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.437699] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.438110] page dumped because: kasan: bad access detected [ 14.438428] [ 14.438513] Memory state around the buggy address: [ 14.438982] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.439459] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.440080] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.440471] ^ [ 14.440892] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.441164] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.441693] ================================================================== [ 14.842659] ================================================================== [ 14.842947] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 14.843362] Write of size 8 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.843745] [ 14.843837] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.843915] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.843930] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.843964] Call Trace: [ 14.843980] <TASK> [ 14.843996] dump_stack_lvl+0x73/0xb0 [ 14.844024] print_report+0xd1/0x650 [ 14.844047] ? __virt_addr_valid+0x1db/0x2d0 [ 14.844072] ? kasan_atomics_helper+0x1f43/0x5450 [ 14.844095] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.844119] ? kasan_atomics_helper+0x1f43/0x5450 [ 14.844143] kasan_report+0x141/0x180 [ 14.844204] ? kasan_atomics_helper+0x1f43/0x5450 [ 14.844233] kasan_check_range+0x10c/0x1c0 [ 14.844280] __kasan_check_write+0x18/0x20 [ 14.844302] kasan_atomics_helper+0x1f43/0x5450 [ 14.844327] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.844351] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.844374] ? kasan_atomics+0x152/0x310 [ 14.844399] kasan_atomics+0x1dc/0x310 [ 14.844420] ? __pfx_kasan_atomics+0x10/0x10 [ 14.844442] ? __pfx_read_tsc+0x10/0x10 [ 14.844463] ? ktime_get_ts64+0x86/0x230 [ 14.844520] kunit_try_run_case+0x1a5/0x480 [ 14.844545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.844568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.844601] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.844633] ? __kthread_parkme+0x82/0x180 [ 14.844683] ? preempt_count_sub+0x50/0x80 [ 14.844709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.844733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.844768] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.844792] kthread+0x337/0x6f0 [ 14.844813] ? trace_preempt_on+0x20/0xc0 [ 14.844837] ? __pfx_kthread+0x10/0x10 [ 14.844859] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.844880] ? calculate_sigpending+0x7b/0xa0 [ 14.844905] ? __pfx_kthread+0x10/0x10 [ 14.844927] ret_from_fork+0x116/0x1d0 [ 14.844947] ? __pfx_kthread+0x10/0x10 [ 14.844968] ret_from_fork_asm+0x1a/0x30 [ 14.845001] </TASK> [ 14.845012] [ 14.852706] Allocated by task 282: [ 14.852933] kasan_save_stack+0x45/0x70 [ 14.853136] kasan_save_track+0x18/0x40 [ 14.853404] kasan_save_alloc_info+0x3b/0x50 [ 14.853671] __kasan_kmalloc+0xb7/0xc0 [ 14.853863] __kmalloc_cache_noprof+0x189/0x420 [ 14.854067] kasan_atomics+0x95/0x310 [ 14.854226] kunit_try_run_case+0x1a5/0x480 [ 14.854435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.854761] kthread+0x337/0x6f0 [ 14.854937] ret_from_fork+0x116/0x1d0 [ 14.855129] ret_from_fork_asm+0x1a/0x30 [ 14.855359] [ 14.855434] The buggy address belongs to the object at ffff8881029e5b80 [ 14.855434] which belongs to the cache kmalloc-64 of size 64 [ 14.856048] The buggy address is located 0 bytes to the right of [ 14.856048] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.856672] [ 14.856813] The buggy address belongs to the physical page: [ 14.857083] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.857442] flags: 0x200000000000000(node=0|zone=2) [ 14.857689] page_type: f5(slab) [ 14.857903] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.858292] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.858624] page dumped because: kasan: bad access detected [ 14.858926] [ 14.859002] Memory state around the buggy address: [ 14.859309] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.859556] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.859891] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.860202] ^ [ 14.860416] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.860782] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.861074] ================================================================== [ 14.055947] ================================================================== [ 14.056413] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 14.056914] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.057201] [ 14.057320] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.057368] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.057382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.057404] Call Trace: [ 14.057419] <TASK> [ 14.057435] dump_stack_lvl+0x73/0xb0 [ 14.057463] print_report+0xd1/0x650 [ 14.057487] ? __virt_addr_valid+0x1db/0x2d0 [ 14.057511] ? kasan_atomics_helper+0xd47/0x5450 [ 14.057576] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.057604] ? kasan_atomics_helper+0xd47/0x5450 [ 14.057640] kasan_report+0x141/0x180 [ 14.057664] ? kasan_atomics_helper+0xd47/0x5450 [ 14.057692] kasan_check_range+0x10c/0x1c0 [ 14.057718] __kasan_check_write+0x18/0x20 [ 14.057740] kasan_atomics_helper+0xd47/0x5450 [ 14.057763] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.057787] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.057809] ? kasan_atomics+0x152/0x310 [ 14.057833] kasan_atomics+0x1dc/0x310 [ 14.057854] ? __pfx_kasan_atomics+0x10/0x10 [ 14.057875] ? __pfx_read_tsc+0x10/0x10 [ 14.057897] ? ktime_get_ts64+0x86/0x230 [ 14.057922] kunit_try_run_case+0x1a5/0x480 [ 14.057947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.057970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.057994] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.058017] ? __kthread_parkme+0x82/0x180 [ 14.058038] ? preempt_count_sub+0x50/0x80 [ 14.058063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.058088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.058112] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.058136] kthread+0x337/0x6f0 [ 14.058158] ? trace_preempt_on+0x20/0xc0 [ 14.058189] ? __pfx_kthread+0x10/0x10 [ 14.058212] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.058234] ? calculate_sigpending+0x7b/0xa0 [ 14.058258] ? __pfx_kthread+0x10/0x10 [ 14.058281] ret_from_fork+0x116/0x1d0 [ 14.058300] ? __pfx_kthread+0x10/0x10 [ 14.058323] ret_from_fork_asm+0x1a/0x30 [ 14.058355] </TASK> [ 14.058366] [ 14.066536] Allocated by task 282: [ 14.066733] kasan_save_stack+0x45/0x70 [ 14.067190] kasan_save_track+0x18/0x40 [ 14.067582] kasan_save_alloc_info+0x3b/0x50 [ 14.067793] __kasan_kmalloc+0xb7/0xc0 [ 14.067976] __kmalloc_cache_noprof+0x189/0x420 [ 14.068156] kasan_atomics+0x95/0x310 [ 14.068350] kunit_try_run_case+0x1a5/0x480 [ 14.068569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.068778] kthread+0x337/0x6f0 [ 14.068953] ret_from_fork+0x116/0x1d0 [ 14.069130] ret_from_fork_asm+0x1a/0x30 [ 14.069395] [ 14.069473] The buggy address belongs to the object at ffff8881029e5b80 [ 14.069473] which belongs to the cache kmalloc-64 of size 64 [ 14.070052] The buggy address is located 0 bytes to the right of [ 14.070052] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.070592] [ 14.070696] The buggy address belongs to the physical page: [ 14.070910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.071269] flags: 0x200000000000000(node=0|zone=2) [ 14.071482] page_type: f5(slab) [ 14.071817] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.072111] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.072499] page dumped because: kasan: bad access detected [ 14.072809] [ 14.072898] Memory state around the buggy address: [ 14.073056] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.073274] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.073490] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.073862] ^ [ 14.074091] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.074710] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.074998] ================================================================== [ 14.075418] ================================================================== [ 14.075827] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.076136] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.076479] [ 14.076572] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.076635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.076648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.076671] Call Trace: [ 14.076686] <TASK> [ 14.076702] dump_stack_lvl+0x73/0xb0 [ 14.076729] print_report+0xd1/0x650 [ 14.076754] ? __virt_addr_valid+0x1db/0x2d0 [ 14.076779] ? kasan_atomics_helper+0xde0/0x5450 [ 14.076802] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.076827] ? kasan_atomics_helper+0xde0/0x5450 [ 14.076853] kasan_report+0x141/0x180 [ 14.076877] ? kasan_atomics_helper+0xde0/0x5450 [ 14.076905] kasan_check_range+0x10c/0x1c0 [ 14.076931] __kasan_check_write+0x18/0x20 [ 14.076953] kasan_atomics_helper+0xde0/0x5450 [ 14.076978] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.077002] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.077025] ? kasan_atomics+0x152/0x310 [ 14.077049] kasan_atomics+0x1dc/0x310 [ 14.077070] ? __pfx_kasan_atomics+0x10/0x10 [ 14.077093] ? __pfx_read_tsc+0x10/0x10 [ 14.077115] ? ktime_get_ts64+0x86/0x230 [ 14.077141] kunit_try_run_case+0x1a5/0x480 [ 14.077166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.077189] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.077213] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.077236] ? __kthread_parkme+0x82/0x180 [ 14.077258] ? preempt_count_sub+0x50/0x80 [ 14.077283] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.077308] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.077332] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.077355] kthread+0x337/0x6f0 [ 14.077376] ? trace_preempt_on+0x20/0xc0 [ 14.077401] ? __pfx_kthread+0x10/0x10 [ 14.077422] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.077444] ? calculate_sigpending+0x7b/0xa0 [ 14.077469] ? __pfx_kthread+0x10/0x10 [ 14.077492] ret_from_fork+0x116/0x1d0 [ 14.077511] ? __pfx_kthread+0x10/0x10 [ 14.077533] ret_from_fork_asm+0x1a/0x30 [ 14.077565] </TASK> [ 14.077577] [ 14.086131] Allocated by task 282: [ 14.086329] kasan_save_stack+0x45/0x70 [ 14.086512] kasan_save_track+0x18/0x40 [ 14.086713] kasan_save_alloc_info+0x3b/0x50 [ 14.086902] __kasan_kmalloc+0xb7/0xc0 [ 14.087038] __kmalloc_cache_noprof+0x189/0x420 [ 14.087321] kasan_atomics+0x95/0x310 [ 14.087511] kunit_try_run_case+0x1a5/0x480 [ 14.087917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.088121] kthread+0x337/0x6f0 [ 14.088353] ret_from_fork+0x116/0x1d0 [ 14.088630] ret_from_fork_asm+0x1a/0x30 [ 14.088777] [ 14.088851] The buggy address belongs to the object at ffff8881029e5b80 [ 14.088851] which belongs to the cache kmalloc-64 of size 64 [ 14.089212] The buggy address is located 0 bytes to the right of [ 14.089212] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.089775] [ 14.089875] The buggy address belongs to the physical page: [ 14.090162] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.090673] flags: 0x200000000000000(node=0|zone=2) [ 14.090884] page_type: f5(slab) [ 14.091008] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.091239] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.091610] page dumped because: kasan: bad access detected [ 14.091872] [ 14.091945] Memory state around the buggy address: [ 14.092102] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.092431] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.092928] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.093236] ^ [ 14.093393] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.093610] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.093941] ================================================================== [ 14.323277] ================================================================== [ 14.323979] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.324450] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.325094] [ 14.325213] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.325262] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.325276] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.325297] Call Trace: [ 14.325312] <TASK> [ 14.325328] dump_stack_lvl+0x73/0xb0 [ 14.325356] print_report+0xd1/0x650 [ 14.325493] ? __virt_addr_valid+0x1db/0x2d0 [ 14.325520] ? kasan_atomics_helper+0x1217/0x5450 [ 14.325543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.325569] ? kasan_atomics_helper+0x1217/0x5450 [ 14.325594] kasan_report+0x141/0x180 [ 14.325632] ? kasan_atomics_helper+0x1217/0x5450 [ 14.325661] kasan_check_range+0x10c/0x1c0 [ 14.325686] __kasan_check_write+0x18/0x20 [ 14.325707] kasan_atomics_helper+0x1217/0x5450 [ 14.325731] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.325756] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.325779] ? kasan_atomics+0x152/0x310 [ 14.325804] kasan_atomics+0x1dc/0x310 [ 14.325824] ? __pfx_kasan_atomics+0x10/0x10 [ 14.325846] ? __pfx_read_tsc+0x10/0x10 [ 14.325867] ? ktime_get_ts64+0x86/0x230 [ 14.325894] kunit_try_run_case+0x1a5/0x480 [ 14.325918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.325940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.325964] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.325988] ? __kthread_parkme+0x82/0x180 [ 14.326009] ? preempt_count_sub+0x50/0x80 [ 14.326034] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.326059] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.326083] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.326107] kthread+0x337/0x6f0 [ 14.326128] ? trace_preempt_on+0x20/0xc0 [ 14.326152] ? __pfx_kthread+0x10/0x10 [ 14.326174] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.326195] ? calculate_sigpending+0x7b/0xa0 [ 14.326220] ? __pfx_kthread+0x10/0x10 [ 14.326243] ret_from_fork+0x116/0x1d0 [ 14.326262] ? __pfx_kthread+0x10/0x10 [ 14.326284] ret_from_fork_asm+0x1a/0x30 [ 14.326316] </TASK> [ 14.326329] [ 14.338106] Allocated by task 282: [ 14.338437] kasan_save_stack+0x45/0x70 [ 14.338759] kasan_save_track+0x18/0x40 [ 14.338941] kasan_save_alloc_info+0x3b/0x50 [ 14.339152] __kasan_kmalloc+0xb7/0xc0 [ 14.339471] __kmalloc_cache_noprof+0x189/0x420 [ 14.339899] kasan_atomics+0x95/0x310 [ 14.340251] kunit_try_run_case+0x1a5/0x480 [ 14.340569] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.340937] kthread+0x337/0x6f0 [ 14.341103] ret_from_fork+0x116/0x1d0 [ 14.341518] ret_from_fork_asm+0x1a/0x30 [ 14.341799] [ 14.341886] The buggy address belongs to the object at ffff8881029e5b80 [ 14.341886] which belongs to the cache kmalloc-64 of size 64 [ 14.342629] The buggy address is located 0 bytes to the right of [ 14.342629] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.343387] [ 14.343480] The buggy address belongs to the physical page: [ 14.343738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.344435] flags: 0x200000000000000(node=0|zone=2) [ 14.344897] page_type: f5(slab) [ 14.345146] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.345552] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.346197] page dumped because: kasan: bad access detected [ 14.346635] [ 14.346715] Memory state around the buggy address: [ 14.347040] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.347501] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.348073] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.348473] ^ [ 14.348925] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.349412] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.350034] ================================================================== [ 14.152734] ================================================================== [ 14.153291] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.153533] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.154209] [ 14.154394] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.154456] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.154475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.154499] Call Trace: [ 14.154516] <TASK> [ 14.154576] dump_stack_lvl+0x73/0xb0 [ 14.154606] print_report+0xd1/0x650 [ 14.154641] ? __virt_addr_valid+0x1db/0x2d0 [ 14.154666] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.154689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.154713] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.154736] kasan_report+0x141/0x180 [ 14.154760] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.154788] kasan_check_range+0x10c/0x1c0 [ 14.154813] __kasan_check_write+0x18/0x20 [ 14.154834] kasan_atomics_helper+0xfa9/0x5450 [ 14.154859] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.154882] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.154905] ? kasan_atomics+0x152/0x310 [ 14.154929] kasan_atomics+0x1dc/0x310 [ 14.154949] ? __pfx_kasan_atomics+0x10/0x10 [ 14.154971] ? __pfx_read_tsc+0x10/0x10 [ 14.154994] ? ktime_get_ts64+0x86/0x230 [ 14.155020] kunit_try_run_case+0x1a5/0x480 [ 14.155044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.155067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.155092] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.155116] ? __kthread_parkme+0x82/0x180 [ 14.155138] ? preempt_count_sub+0x50/0x80 [ 14.155164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.155199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.155222] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.155247] kthread+0x337/0x6f0 [ 14.155267] ? trace_preempt_on+0x20/0xc0 [ 14.155293] ? __pfx_kthread+0x10/0x10 [ 14.155315] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.155336] ? calculate_sigpending+0x7b/0xa0 [ 14.155361] ? __pfx_kthread+0x10/0x10 [ 14.155385] ret_from_fork+0x116/0x1d0 [ 14.155404] ? __pfx_kthread+0x10/0x10 [ 14.155426] ret_from_fork_asm+0x1a/0x30 [ 14.155460] </TASK> [ 14.155473] [ 14.169856] Allocated by task 282: [ 14.170202] kasan_save_stack+0x45/0x70 [ 14.170675] kasan_save_track+0x18/0x40 [ 14.171030] kasan_save_alloc_info+0x3b/0x50 [ 14.171454] __kasan_kmalloc+0xb7/0xc0 [ 14.171795] __kmalloc_cache_noprof+0x189/0x420 [ 14.172268] kasan_atomics+0x95/0x310 [ 14.172666] kunit_try_run_case+0x1a5/0x480 [ 14.172854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.173030] kthread+0x337/0x6f0 [ 14.173154] ret_from_fork+0x116/0x1d0 [ 14.173496] ret_from_fork_asm+0x1a/0x30 [ 14.173895] [ 14.174100] The buggy address belongs to the object at ffff8881029e5b80 [ 14.174100] which belongs to the cache kmalloc-64 of size 64 [ 14.175405] The buggy address is located 0 bytes to the right of [ 14.175405] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.176543] [ 14.176767] The buggy address belongs to the physical page: [ 14.176946] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.177195] flags: 0x200000000000000(node=0|zone=2) [ 14.177621] page_type: f5(slab) [ 14.177987] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.178892] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.179634] page dumped because: kasan: bad access detected [ 14.180459] [ 14.180698] Memory state around the buggy address: [ 14.180919] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.181140] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.181470] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.182241] ^ [ 14.182779] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.183500] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.184197] ================================================================== [ 14.390335] ================================================================== [ 14.390586] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.391057] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.391444] [ 14.391741] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.391875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.391893] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.391915] Call Trace: [ 14.391932] <TASK> [ 14.391948] dump_stack_lvl+0x73/0xb0 [ 14.391978] print_report+0xd1/0x650 [ 14.392002] ? __virt_addr_valid+0x1db/0x2d0 [ 14.392026] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.392048] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.392072] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.392195] kasan_report+0x141/0x180 [ 14.392397] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.392497] __asan_report_load4_noabort+0x18/0x20 [ 14.392521] kasan_atomics_helper+0x49ce/0x5450 [ 14.392546] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.392570] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.392676] ? kasan_atomics+0x152/0x310 [ 14.392702] kasan_atomics+0x1dc/0x310 [ 14.392723] ? __pfx_kasan_atomics+0x10/0x10 [ 14.392745] ? __pfx_read_tsc+0x10/0x10 [ 14.392766] ? ktime_get_ts64+0x86/0x230 [ 14.392793] kunit_try_run_case+0x1a5/0x480 [ 14.392818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.392841] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.392865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.392888] ? __kthread_parkme+0x82/0x180 [ 14.392910] ? preempt_count_sub+0x50/0x80 [ 14.392935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.392959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.392983] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.393007] kthread+0x337/0x6f0 [ 14.393028] ? trace_preempt_on+0x20/0xc0 [ 14.393053] ? __pfx_kthread+0x10/0x10 [ 14.393075] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.393096] ? calculate_sigpending+0x7b/0xa0 [ 14.393120] ? __pfx_kthread+0x10/0x10 [ 14.393143] ret_from_fork+0x116/0x1d0 [ 14.393162] ? __pfx_kthread+0x10/0x10 [ 14.393197] ret_from_fork_asm+0x1a/0x30 [ 14.393229] </TASK> [ 14.393241] [ 14.404115] Allocated by task 282: [ 14.404492] kasan_save_stack+0x45/0x70 [ 14.404801] kasan_save_track+0x18/0x40 [ 14.404969] kasan_save_alloc_info+0x3b/0x50 [ 14.405174] __kasan_kmalloc+0xb7/0xc0 [ 14.405872] __kmalloc_cache_noprof+0x189/0x420 [ 14.406221] kasan_atomics+0x95/0x310 [ 14.406580] kunit_try_run_case+0x1a5/0x480 [ 14.406797] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.407117] kthread+0x337/0x6f0 [ 14.407405] ret_from_fork+0x116/0x1d0 [ 14.407664] ret_from_fork_asm+0x1a/0x30 [ 14.407819] [ 14.408021] The buggy address belongs to the object at ffff8881029e5b80 [ 14.408021] which belongs to the cache kmalloc-64 of size 64 [ 14.408773] The buggy address is located 0 bytes to the right of [ 14.408773] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.409345] [ 14.409746] The buggy address belongs to the physical page: [ 14.410078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.410586] flags: 0x200000000000000(node=0|zone=2) [ 14.410869] page_type: f5(slab) [ 14.411047] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.411497] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.412015] page dumped because: kasan: bad access detected [ 14.412237] [ 14.412479] Memory state around the buggy address: [ 14.412836] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.413433] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.413836] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.414264] ^ [ 14.414522] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.414829] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.415131] ================================================================== [ 14.185239] ================================================================== [ 14.185847] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.186090] Read of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 14.186602] [ 14.186846] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 14.186897] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.186911] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.186934] Call Trace: [ 14.186950] <TASK> [ 14.186968] dump_stack_lvl+0x73/0xb0 [ 14.186996] print_report+0xd1/0x650 [ 14.187019] ? __virt_addr_valid+0x1db/0x2d0 [ 14.187043] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.187066] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.187090] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.187115] kasan_report+0x141/0x180 [ 14.187139] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.187167] __asan_report_load4_noabort+0x18/0x20 [ 14.187199] kasan_atomics_helper+0x4a36/0x5450 [ 14.187224] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.187250] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.187274] ? kasan_atomics+0x152/0x310 [ 14.187298] kasan_atomics+0x1dc/0x310 [ 14.187318] ? __pfx_kasan_atomics+0x10/0x10 [ 14.187340] ? __pfx_read_tsc+0x10/0x10 [ 14.187362] ? ktime_get_ts64+0x86/0x230 [ 14.187389] kunit_try_run_case+0x1a5/0x480 [ 14.187413] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.187436] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.187461] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.187485] ? __kthread_parkme+0x82/0x180 [ 14.187507] ? preempt_count_sub+0x50/0x80 [ 14.187533] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.187557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.187595] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.187631] kthread+0x337/0x6f0 [ 14.187652] ? trace_preempt_on+0x20/0xc0 [ 14.187677] ? __pfx_kthread+0x10/0x10 [ 14.187699] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.187722] ? calculate_sigpending+0x7b/0xa0 [ 14.187746] ? __pfx_kthread+0x10/0x10 [ 14.187770] ret_from_fork+0x116/0x1d0 [ 14.187789] ? __pfx_kthread+0x10/0x10 [ 14.187811] ret_from_fork_asm+0x1a/0x30 [ 14.187844] </TASK> [ 14.187855] [ 14.202204] Allocated by task 282: [ 14.202577] kasan_save_stack+0x45/0x70 [ 14.202922] kasan_save_track+0x18/0x40 [ 14.203063] kasan_save_alloc_info+0x3b/0x50 [ 14.203227] __kasan_kmalloc+0xb7/0xc0 [ 14.203575] __kmalloc_cache_noprof+0x189/0x420 [ 14.204042] kasan_atomics+0x95/0x310 [ 14.204496] kunit_try_run_case+0x1a5/0x480 [ 14.205159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.205731] kthread+0x337/0x6f0 [ 14.205942] ret_from_fork+0x116/0x1d0 [ 14.206397] ret_from_fork_asm+0x1a/0x30 [ 14.206679] [ 14.206849] The buggy address belongs to the object at ffff8881029e5b80 [ 14.206849] which belongs to the cache kmalloc-64 of size 64 [ 14.207571] The buggy address is located 0 bytes to the right of [ 14.207571] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.207950] [ 14.208024] The buggy address belongs to the physical page: [ 14.208219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.208935] flags: 0x200000000000000(node=0|zone=2) [ 14.209453] page_type: f5(slab) [ 14.209812] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.210576] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.211365] page dumped because: kasan: bad access detected [ 14.211917] [ 14.212093] Memory state around the buggy address: [ 14.212594] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.213263] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.213747] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.213963] ^ [ 14.214119] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.214664] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.215174] ================================================================== [ 13.991745] ================================================================== [ 13.992456] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 13.992958] Write of size 4 at addr ffff8881029e5bb0 by task kunit_try_catch/282 [ 13.993378] [ 13.993492] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.993813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.993829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.993853] Call Trace: [ 13.993869] <TASK> [ 13.993885] dump_stack_lvl+0x73/0xb0 [ 13.993915] print_report+0xd1/0x650 [ 13.993938] ? __virt_addr_valid+0x1db/0x2d0 [ 13.993963] ? kasan_atomics_helper+0xb6a/0x5450 [ 13.993986] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.994010] ? kasan_atomics_helper+0xb6a/0x5450 [ 13.994033] kasan_report+0x141/0x180 [ 13.994057] ? kasan_atomics_helper+0xb6a/0x5450 [ 13.994085] kasan_check_range+0x10c/0x1c0 [ 13.994109] __kasan_check_write+0x18/0x20 [ 13.994130] kasan_atomics_helper+0xb6a/0x5450 [ 13.994154] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.994202] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.994225] ? kasan_atomics+0x152/0x310 [ 13.994249] kasan_atomics+0x1dc/0x310 [ 13.994269] ? __pfx_kasan_atomics+0x10/0x10 [ 13.994291] ? __pfx_read_tsc+0x10/0x10 [ 13.994314] ? ktime_get_ts64+0x86/0x230 [ 13.994340] kunit_try_run_case+0x1a5/0x480 [ 13.994365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.994388] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.994411] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.994434] ? __kthread_parkme+0x82/0x180 [ 13.994455] ? preempt_count_sub+0x50/0x80 [ 13.994487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.994530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.994555] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.994579] kthread+0x337/0x6f0 [ 13.994600] ? trace_preempt_on+0x20/0xc0 [ 13.994634] ? __pfx_kthread+0x10/0x10 [ 13.994656] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.994678] ? calculate_sigpending+0x7b/0xa0 [ 13.994702] ? __pfx_kthread+0x10/0x10 [ 13.994726] ret_from_fork+0x116/0x1d0 [ 13.994745] ? __pfx_kthread+0x10/0x10 [ 13.994768] ret_from_fork_asm+0x1a/0x30 [ 13.994801] </TASK> [ 13.994812] [ 14.005329] Allocated by task 282: [ 14.005510] kasan_save_stack+0x45/0x70 [ 14.006325] kasan_save_track+0x18/0x40 [ 14.006486] kasan_save_alloc_info+0x3b/0x50 [ 14.006899] __kasan_kmalloc+0xb7/0xc0 [ 14.007266] __kmalloc_cache_noprof+0x189/0x420 [ 14.007489] kasan_atomics+0x95/0x310 [ 14.007825] kunit_try_run_case+0x1a5/0x480 [ 14.008245] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.008486] kthread+0x337/0x6f0 [ 14.008792] ret_from_fork+0x116/0x1d0 [ 14.009126] ret_from_fork_asm+0x1a/0x30 [ 14.009317] [ 14.009572] The buggy address belongs to the object at ffff8881029e5b80 [ 14.009572] which belongs to the cache kmalloc-64 of size 64 [ 14.010047] The buggy address is located 0 bytes to the right of [ 14.010047] allocated 48-byte region [ffff8881029e5b80, ffff8881029e5bb0) [ 14.010915] [ 14.011209] The buggy address belongs to the physical page: [ 14.011569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e5 [ 14.011929] flags: 0x200000000000000(node=0|zone=2) [ 14.012239] page_type: f5(slab) [ 14.012501] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.012961] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.013427] page dumped because: kasan: bad access detected [ 14.013806] [ 14.013939] Memory state around the buggy address: [ 14.014311] ffff8881029e5a80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.014697] ffff8881029e5b00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.014998] >ffff8881029e5b80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.015481] ^ [ 14.015779] ffff8881029e5c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.016086] ffff8881029e5c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.016325] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.542717] ================================================================== [ 13.542949] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.543271] Read of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.543983] [ 13.544109] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.544155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.544167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.544188] Call Trace: [ 13.544202] <TASK> [ 13.544218] dump_stack_lvl+0x73/0xb0 [ 13.544244] print_report+0xd1/0x650 [ 13.544294] ? __virt_addr_valid+0x1db/0x2d0 [ 13.544327] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.544352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.544374] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.544399] kasan_report+0x141/0x180 [ 13.544421] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.544452] __asan_report_load8_noabort+0x18/0x20 [ 13.544473] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.544499] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.544528] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.544549] ? trace_hardirqs_on+0x37/0xe0 [ 13.544572] ? kasan_bitops_generic+0x92/0x1c0 [ 13.544597] kasan_bitops_generic+0x121/0x1c0 [ 13.544629] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.544651] ? __pfx_read_tsc+0x10/0x10 [ 13.544671] ? ktime_get_ts64+0x86/0x230 [ 13.544695] kunit_try_run_case+0x1a5/0x480 [ 13.544721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.544743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.544765] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.544788] ? __kthread_parkme+0x82/0x180 [ 13.544828] ? preempt_count_sub+0x50/0x80 [ 13.544853] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.544876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.544899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.544922] kthread+0x337/0x6f0 [ 13.544943] ? trace_preempt_on+0x20/0xc0 [ 13.544965] ? __pfx_kthread+0x10/0x10 [ 13.544986] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.545007] ? calculate_sigpending+0x7b/0xa0 [ 13.545031] ? __pfx_kthread+0x10/0x10 [ 13.545054] ret_from_fork+0x116/0x1d0 [ 13.545072] ? __pfx_kthread+0x10/0x10 [ 13.545093] ret_from_fork_asm+0x1a/0x30 [ 13.545126] </TASK> [ 13.545137] [ 13.560534] Allocated by task 278: [ 13.560895] kasan_save_stack+0x45/0x70 [ 13.561177] kasan_save_track+0x18/0x40 [ 13.561328] kasan_save_alloc_info+0x3b/0x50 [ 13.561472] __kasan_kmalloc+0xb7/0xc0 [ 13.561657] __kmalloc_cache_noprof+0x189/0x420 [ 13.561810] kasan_bitops_generic+0x92/0x1c0 [ 13.561956] kunit_try_run_case+0x1a5/0x480 [ 13.562100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.562321] kthread+0x337/0x6f0 [ 13.562501] ret_from_fork+0x116/0x1d0 [ 13.562664] ret_from_fork_asm+0x1a/0x30 [ 13.562827] [ 13.562922] The buggy address belongs to the object at ffff888101d83660 [ 13.562922] which belongs to the cache kmalloc-16 of size 16 [ 13.563354] The buggy address is located 8 bytes inside of [ 13.563354] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.563995] [ 13.564093] The buggy address belongs to the physical page: [ 13.564411] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.564790] flags: 0x200000000000000(node=0|zone=2) [ 13.564999] page_type: f5(slab) [ 13.565135] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.565621] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.565845] page dumped because: kasan: bad access detected [ 13.566287] [ 13.566433] Memory state around the buggy address: [ 13.566736] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.567026] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.567311] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.567596] ^ [ 13.567801] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.568069] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.568385] ================================================================== [ 13.479018] ================================================================== [ 13.479522] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.480189] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.480931] [ 13.481157] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.481205] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.481216] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.481239] Call Trace: [ 13.481254] <TASK> [ 13.481269] dump_stack_lvl+0x73/0xb0 [ 13.481296] print_report+0xd1/0x650 [ 13.481328] ? __virt_addr_valid+0x1db/0x2d0 [ 13.481352] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.481386] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.481408] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.481432] kasan_report+0x141/0x180 [ 13.481464] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.481493] kasan_check_range+0x10c/0x1c0 [ 13.481517] __kasan_check_write+0x18/0x20 [ 13.481555] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.481579] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.481606] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.481637] ? trace_hardirqs_on+0x37/0xe0 [ 13.481659] ? kasan_bitops_generic+0x92/0x1c0 [ 13.481683] kasan_bitops_generic+0x121/0x1c0 [ 13.481703] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.481724] ? __pfx_read_tsc+0x10/0x10 [ 13.481745] ? ktime_get_ts64+0x86/0x230 [ 13.481768] kunit_try_run_case+0x1a5/0x480 [ 13.481792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.481814] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.481836] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.481858] ? __kthread_parkme+0x82/0x180 [ 13.481878] ? preempt_count_sub+0x50/0x80 [ 13.481903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.481926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.481948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.481972] kthread+0x337/0x6f0 [ 13.481992] ? trace_preempt_on+0x20/0xc0 [ 13.482014] ? __pfx_kthread+0x10/0x10 [ 13.482035] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.482055] ? calculate_sigpending+0x7b/0xa0 [ 13.482079] ? __pfx_kthread+0x10/0x10 [ 13.482100] ret_from_fork+0x116/0x1d0 [ 13.482118] ? __pfx_kthread+0x10/0x10 [ 13.482139] ret_from_fork_asm+0x1a/0x30 [ 13.482170] </TASK> [ 13.482186] [ 13.496020] Allocated by task 278: [ 13.496349] kasan_save_stack+0x45/0x70 [ 13.496777] kasan_save_track+0x18/0x40 [ 13.497139] kasan_save_alloc_info+0x3b/0x50 [ 13.497638] __kasan_kmalloc+0xb7/0xc0 [ 13.497987] __kmalloc_cache_noprof+0x189/0x420 [ 13.498267] kasan_bitops_generic+0x92/0x1c0 [ 13.498413] kunit_try_run_case+0x1a5/0x480 [ 13.498690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.499158] kthread+0x337/0x6f0 [ 13.499472] ret_from_fork+0x116/0x1d0 [ 13.500052] ret_from_fork_asm+0x1a/0x30 [ 13.500229] [ 13.500318] The buggy address belongs to the object at ffff888101d83660 [ 13.500318] which belongs to the cache kmalloc-16 of size 16 [ 13.501371] The buggy address is located 8 bytes inside of [ 13.501371] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.502311] [ 13.502485] The buggy address belongs to the physical page: [ 13.503072] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.503474] flags: 0x200000000000000(node=0|zone=2) [ 13.503963] page_type: f5(slab) [ 13.504257] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.504491] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.505137] page dumped because: kasan: bad access detected [ 13.505724] [ 13.506090] Memory state around the buggy address: [ 13.506545] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.507086] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.507642] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.508197] ^ [ 13.508400] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.508690] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.509303] ================================================================== [ 13.379131] ================================================================== [ 13.379597] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.379997] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.380711] [ 13.381269] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.381327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.381339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.381361] Call Trace: [ 13.381375] <TASK> [ 13.381390] dump_stack_lvl+0x73/0xb0 [ 13.381427] print_report+0xd1/0x650 [ 13.381450] ? __virt_addr_valid+0x1db/0x2d0 [ 13.381473] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.381497] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.381519] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.381594] kasan_report+0x141/0x180 [ 13.381627] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.381656] kasan_check_range+0x10c/0x1c0 [ 13.381680] __kasan_check_write+0x18/0x20 [ 13.381699] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.381722] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.381750] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.381770] ? trace_hardirqs_on+0x37/0xe0 [ 13.381793] ? kasan_bitops_generic+0x92/0x1c0 [ 13.381817] kasan_bitops_generic+0x121/0x1c0 [ 13.381836] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.381857] ? __pfx_read_tsc+0x10/0x10 [ 13.381879] ? ktime_get_ts64+0x86/0x230 [ 13.381904] kunit_try_run_case+0x1a5/0x480 [ 13.381927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.381948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.381970] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.381992] ? __kthread_parkme+0x82/0x180 [ 13.382011] ? preempt_count_sub+0x50/0x80 [ 13.382036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.382060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.382082] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.382105] kthread+0x337/0x6f0 [ 13.382125] ? trace_preempt_on+0x20/0xc0 [ 13.382147] ? __pfx_kthread+0x10/0x10 [ 13.382169] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.382226] ? calculate_sigpending+0x7b/0xa0 [ 13.382249] ? __pfx_kthread+0x10/0x10 [ 13.382271] ret_from_fork+0x116/0x1d0 [ 13.382290] ? __pfx_kthread+0x10/0x10 [ 13.382310] ret_from_fork_asm+0x1a/0x30 [ 13.382342] </TASK> [ 13.382353] [ 13.396805] Allocated by task 278: [ 13.397078] kasan_save_stack+0x45/0x70 [ 13.397298] kasan_save_track+0x18/0x40 [ 13.397483] kasan_save_alloc_info+0x3b/0x50 [ 13.397979] __kasan_kmalloc+0xb7/0xc0 [ 13.398246] __kmalloc_cache_noprof+0x189/0x420 [ 13.398466] kasan_bitops_generic+0x92/0x1c0 [ 13.398827] kunit_try_run_case+0x1a5/0x480 [ 13.399170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.399648] kthread+0x337/0x6f0 [ 13.399825] ret_from_fork+0x116/0x1d0 [ 13.400097] ret_from_fork_asm+0x1a/0x30 [ 13.400438] [ 13.400658] The buggy address belongs to the object at ffff888101d83660 [ 13.400658] which belongs to the cache kmalloc-16 of size 16 [ 13.401726] The buggy address is located 8 bytes inside of [ 13.401726] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.402482] [ 13.402724] The buggy address belongs to the physical page: [ 13.403078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.403668] flags: 0x200000000000000(node=0|zone=2) [ 13.403975] page_type: f5(slab) [ 13.404153] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.404434] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.404793] page dumped because: kasan: bad access detected [ 13.405008] [ 13.405148] Memory state around the buggy address: [ 13.405435] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.405786] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.406164] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.406430] ^ [ 13.406776] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.407089] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.407370] ================================================================== [ 13.407772] ================================================================== [ 13.408172] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.408477] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.408933] [ 13.409043] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.409090] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.409101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.409122] Call Trace: [ 13.409135] <TASK> [ 13.409150] dump_stack_lvl+0x73/0xb0 [ 13.409176] print_report+0xd1/0x650 [ 13.409206] ? __virt_addr_valid+0x1db/0x2d0 [ 13.409229] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.409252] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.409275] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.409298] kasan_report+0x141/0x180 [ 13.409322] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.409351] kasan_check_range+0x10c/0x1c0 [ 13.409375] __kasan_check_write+0x18/0x20 [ 13.409395] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.409419] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.409447] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.409467] ? trace_hardirqs_on+0x37/0xe0 [ 13.409490] ? kasan_bitops_generic+0x92/0x1c0 [ 13.409513] kasan_bitops_generic+0x121/0x1c0 [ 13.409533] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.409555] ? __pfx_read_tsc+0x10/0x10 [ 13.409576] ? ktime_get_ts64+0x86/0x230 [ 13.409600] kunit_try_run_case+0x1a5/0x480 [ 13.409635] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.409656] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.409678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.409701] ? __kthread_parkme+0x82/0x180 [ 13.409721] ? preempt_count_sub+0x50/0x80 [ 13.409746] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.409769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.409792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.409829] kthread+0x337/0x6f0 [ 13.409849] ? trace_preempt_on+0x20/0xc0 [ 13.409871] ? __pfx_kthread+0x10/0x10 [ 13.409893] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.409913] ? calculate_sigpending+0x7b/0xa0 [ 13.409937] ? __pfx_kthread+0x10/0x10 [ 13.409959] ret_from_fork+0x116/0x1d0 [ 13.409977] ? __pfx_kthread+0x10/0x10 [ 13.409998] ret_from_fork_asm+0x1a/0x30 [ 13.410030] </TASK> [ 13.410040] [ 13.422991] Allocated by task 278: [ 13.423395] kasan_save_stack+0x45/0x70 [ 13.424079] kasan_save_track+0x18/0x40 [ 13.424694] kasan_save_alloc_info+0x3b/0x50 [ 13.424869] __kasan_kmalloc+0xb7/0xc0 [ 13.425005] __kmalloc_cache_noprof+0x189/0x420 [ 13.425160] kasan_bitops_generic+0x92/0x1c0 [ 13.425315] kunit_try_run_case+0x1a5/0x480 [ 13.425462] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.426215] kthread+0x337/0x6f0 [ 13.426756] ret_from_fork+0x116/0x1d0 [ 13.427397] ret_from_fork_asm+0x1a/0x30 [ 13.427924] [ 13.428294] The buggy address belongs to the object at ffff888101d83660 [ 13.428294] which belongs to the cache kmalloc-16 of size 16 [ 13.430091] The buggy address is located 8 bytes inside of [ 13.430091] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.432073] [ 13.432326] The buggy address belongs to the physical page: [ 13.433024] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.433876] flags: 0x200000000000000(node=0|zone=2) [ 13.434437] page_type: f5(slab) [ 13.434845] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.435485] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.436419] page dumped because: kasan: bad access detected [ 13.436986] [ 13.437064] Memory state around the buggy address: [ 13.437430] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.438429] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.439267] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.439826] ^ [ 13.440027] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.440627] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.441632] ================================================================== [ 13.334265] ================================================================== [ 13.334626] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.335018] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.335473] [ 13.335678] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.335727] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.335738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.335759] Call Trace: [ 13.335772] <TASK> [ 13.335786] dump_stack_lvl+0x73/0xb0 [ 13.335812] print_report+0xd1/0x650 [ 13.335835] ? __virt_addr_valid+0x1db/0x2d0 [ 13.335858] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.335882] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.335905] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.335929] kasan_report+0x141/0x180 [ 13.335952] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.335981] kasan_check_range+0x10c/0x1c0 [ 13.336005] __kasan_check_write+0x18/0x20 [ 13.336025] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.336049] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.336078] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.336098] ? trace_hardirqs_on+0x37/0xe0 [ 13.336120] ? kasan_bitops_generic+0x92/0x1c0 [ 13.336145] kasan_bitops_generic+0x121/0x1c0 [ 13.336165] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.336187] ? __pfx_read_tsc+0x10/0x10 [ 13.336207] ? ktime_get_ts64+0x86/0x230 [ 13.336232] kunit_try_run_case+0x1a5/0x480 [ 13.336255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.336277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.336299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.336322] ? __kthread_parkme+0x82/0x180 [ 13.336342] ? preempt_count_sub+0x50/0x80 [ 13.336367] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.336390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.336414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.336437] kthread+0x337/0x6f0 [ 13.336456] ? trace_preempt_on+0x20/0xc0 [ 13.336478] ? __pfx_kthread+0x10/0x10 [ 13.336499] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.336520] ? calculate_sigpending+0x7b/0xa0 [ 13.336586] ? __pfx_kthread+0x10/0x10 [ 13.336609] ret_from_fork+0x116/0x1d0 [ 13.336639] ? __pfx_kthread+0x10/0x10 [ 13.336661] ret_from_fork_asm+0x1a/0x30 [ 13.336693] </TASK> [ 13.336703] [ 13.345001] Allocated by task 278: [ 13.345157] kasan_save_stack+0x45/0x70 [ 13.345359] kasan_save_track+0x18/0x40 [ 13.345495] kasan_save_alloc_info+0x3b/0x50 [ 13.345779] __kasan_kmalloc+0xb7/0xc0 [ 13.345980] __kmalloc_cache_noprof+0x189/0x420 [ 13.346162] kasan_bitops_generic+0x92/0x1c0 [ 13.346372] kunit_try_run_case+0x1a5/0x480 [ 13.346525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.347653] kthread+0x337/0x6f0 [ 13.348347] ret_from_fork+0x116/0x1d0 [ 13.348886] ret_from_fork_asm+0x1a/0x30 [ 13.349279] [ 13.349445] The buggy address belongs to the object at ffff888101d83660 [ 13.349445] which belongs to the cache kmalloc-16 of size 16 [ 13.350636] The buggy address is located 8 bytes inside of [ 13.350636] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.350995] [ 13.351070] The buggy address belongs to the physical page: [ 13.351381] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.352236] flags: 0x200000000000000(node=0|zone=2) [ 13.352855] page_type: f5(slab) [ 13.353277] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.354048] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.354911] page dumped because: kasan: bad access detected [ 13.355463] [ 13.355702] Memory state around the buggy address: [ 13.356035] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.356409] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.357284] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.357806] ^ [ 13.358010] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.358250] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.358525] ================================================================== [ 13.510323] ================================================================== [ 13.511264] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.511864] Read of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.512091] [ 13.512178] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.512223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.512235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.512257] Call Trace: [ 13.512270] <TASK> [ 13.512295] dump_stack_lvl+0x73/0xb0 [ 13.512321] print_report+0xd1/0x650 [ 13.512343] ? __virt_addr_valid+0x1db/0x2d0 [ 13.512367] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.512390] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.512413] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.512437] kasan_report+0x141/0x180 [ 13.512459] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.512488] kasan_check_range+0x10c/0x1c0 [ 13.512512] __kasan_check_read+0x15/0x20 [ 13.512531] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.512555] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.512583] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.512603] ? trace_hardirqs_on+0x37/0xe0 [ 13.512682] ? kasan_bitops_generic+0x92/0x1c0 [ 13.512709] kasan_bitops_generic+0x121/0x1c0 [ 13.512729] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.512751] ? __pfx_read_tsc+0x10/0x10 [ 13.512771] ? ktime_get_ts64+0x86/0x230 [ 13.512796] kunit_try_run_case+0x1a5/0x480 [ 13.512819] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.512842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.512865] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.512888] ? __kthread_parkme+0x82/0x180 [ 13.512909] ? preempt_count_sub+0x50/0x80 [ 13.512933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.512957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.512980] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.513003] kthread+0x337/0x6f0 [ 13.513022] ? trace_preempt_on+0x20/0xc0 [ 13.513045] ? __pfx_kthread+0x10/0x10 [ 13.513066] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.513086] ? calculate_sigpending+0x7b/0xa0 [ 13.513110] ? __pfx_kthread+0x10/0x10 [ 13.513132] ret_from_fork+0x116/0x1d0 [ 13.513151] ? __pfx_kthread+0x10/0x10 [ 13.513172] ret_from_fork_asm+0x1a/0x30 [ 13.513215] </TASK> [ 13.513225] [ 13.528424] Allocated by task 278: [ 13.528809] kasan_save_stack+0x45/0x70 [ 13.529176] kasan_save_track+0x18/0x40 [ 13.529390] kasan_save_alloc_info+0x3b/0x50 [ 13.529721] __kasan_kmalloc+0xb7/0xc0 [ 13.530078] __kmalloc_cache_noprof+0x189/0x420 [ 13.530554] kasan_bitops_generic+0x92/0x1c0 [ 13.531005] kunit_try_run_case+0x1a5/0x480 [ 13.531198] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.531401] kthread+0x337/0x6f0 [ 13.531767] ret_from_fork+0x116/0x1d0 [ 13.532119] ret_from_fork_asm+0x1a/0x30 [ 13.532499] [ 13.532711] The buggy address belongs to the object at ffff888101d83660 [ 13.532711] which belongs to the cache kmalloc-16 of size 16 [ 13.533414] The buggy address is located 8 bytes inside of [ 13.533414] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.533931] [ 13.534094] The buggy address belongs to the physical page: [ 13.534807] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.535506] flags: 0x200000000000000(node=0|zone=2) [ 13.535988] page_type: f5(slab) [ 13.536351] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.537102] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.537827] page dumped because: kasan: bad access detected [ 13.538128] [ 13.538199] Memory state around the buggy address: [ 13.538582] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.539322] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.540041] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.540275] ^ [ 13.540852] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.541551] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.542312] ================================================================== [ 13.442779] ================================================================== [ 13.444111] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.444736] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.445672] [ 13.445984] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.446035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.446049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.446071] Call Trace: [ 13.446086] <TASK> [ 13.446101] dump_stack_lvl+0x73/0xb0 [ 13.446129] print_report+0xd1/0x650 [ 13.446152] ? __virt_addr_valid+0x1db/0x2d0 [ 13.446176] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.446200] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.446222] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.446245] kasan_report+0x141/0x180 [ 13.446267] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.446296] kasan_check_range+0x10c/0x1c0 [ 13.446319] __kasan_check_write+0x18/0x20 [ 13.446338] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.446362] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.446389] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.446410] ? trace_hardirqs_on+0x37/0xe0 [ 13.446432] ? kasan_bitops_generic+0x92/0x1c0 [ 13.446456] kasan_bitops_generic+0x121/0x1c0 [ 13.446480] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.446501] ? __pfx_read_tsc+0x10/0x10 [ 13.446641] ? ktime_get_ts64+0x86/0x230 [ 13.446675] kunit_try_run_case+0x1a5/0x480 [ 13.446700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.446735] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.446757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.446811] ? __kthread_parkme+0x82/0x180 [ 13.446832] ? preempt_count_sub+0x50/0x80 [ 13.446857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.446881] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.446903] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.446926] kthread+0x337/0x6f0 [ 13.446946] ? trace_preempt_on+0x20/0xc0 [ 13.446968] ? __pfx_kthread+0x10/0x10 [ 13.446989] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.447010] ? calculate_sigpending+0x7b/0xa0 [ 13.447034] ? __pfx_kthread+0x10/0x10 [ 13.447056] ret_from_fork+0x116/0x1d0 [ 13.447073] ? __pfx_kthread+0x10/0x10 [ 13.447094] ret_from_fork_asm+0x1a/0x30 [ 13.447126] </TASK> [ 13.447135] [ 13.464711] Allocated by task 278: [ 13.465050] kasan_save_stack+0x45/0x70 [ 13.465198] kasan_save_track+0x18/0x40 [ 13.465335] kasan_save_alloc_info+0x3b/0x50 [ 13.465479] __kasan_kmalloc+0xb7/0xc0 [ 13.465642] __kmalloc_cache_noprof+0x189/0x420 [ 13.466132] kasan_bitops_generic+0x92/0x1c0 [ 13.466632] kunit_try_run_case+0x1a5/0x480 [ 13.467043] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.467608] kthread+0x337/0x6f0 [ 13.467799] ret_from_fork+0x116/0x1d0 [ 13.467935] ret_from_fork_asm+0x1a/0x30 [ 13.468075] [ 13.468146] The buggy address belongs to the object at ffff888101d83660 [ 13.468146] which belongs to the cache kmalloc-16 of size 16 [ 13.469336] The buggy address is located 8 bytes inside of [ 13.469336] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.470557] [ 13.470768] The buggy address belongs to the physical page: [ 13.471145] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.471907] flags: 0x200000000000000(node=0|zone=2) [ 13.472205] page_type: f5(slab) [ 13.472621] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.472987] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.473274] page dumped because: kasan: bad access detected [ 13.473921] [ 13.474148] Memory state around the buggy address: [ 13.474657] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.475315] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.475869] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.476128] ^ [ 13.476718] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.477391] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.478136] ================================================================== [ 13.359001] ================================================================== [ 13.359351] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.359799] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.360139] [ 13.360235] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.360279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.360292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.360313] Call Trace: [ 13.360327] <TASK> [ 13.360340] dump_stack_lvl+0x73/0xb0 [ 13.360366] print_report+0xd1/0x650 [ 13.360389] ? __virt_addr_valid+0x1db/0x2d0 [ 13.360411] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.360435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.360476] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.360500] kasan_report+0x141/0x180 [ 13.360522] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.360551] kasan_check_range+0x10c/0x1c0 [ 13.360575] __kasan_check_write+0x18/0x20 [ 13.360595] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.360628] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.360656] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.360678] ? trace_hardirqs_on+0x37/0xe0 [ 13.360701] ? kasan_bitops_generic+0x92/0x1c0 [ 13.360725] kasan_bitops_generic+0x121/0x1c0 [ 13.360745] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.360767] ? __pfx_read_tsc+0x10/0x10 [ 13.360787] ? ktime_get_ts64+0x86/0x230 [ 13.360812] kunit_try_run_case+0x1a5/0x480 [ 13.360836] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.360858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.360880] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.360902] ? __kthread_parkme+0x82/0x180 [ 13.360922] ? preempt_count_sub+0x50/0x80 [ 13.360947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.360970] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.360993] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.361016] kthread+0x337/0x6f0 [ 13.361035] ? trace_preempt_on+0x20/0xc0 [ 13.361058] ? __pfx_kthread+0x10/0x10 [ 13.361080] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.361101] ? calculate_sigpending+0x7b/0xa0 [ 13.361124] ? __pfx_kthread+0x10/0x10 [ 13.361146] ret_from_fork+0x116/0x1d0 [ 13.361164] ? __pfx_kthread+0x10/0x10 [ 13.361185] ret_from_fork_asm+0x1a/0x30 [ 13.361217] </TASK> [ 13.361227] [ 13.369801] Allocated by task 278: [ 13.369931] kasan_save_stack+0x45/0x70 [ 13.370075] kasan_save_track+0x18/0x40 [ 13.370395] kasan_save_alloc_info+0x3b/0x50 [ 13.371006] __kasan_kmalloc+0xb7/0xc0 [ 13.371194] __kmalloc_cache_noprof+0x189/0x420 [ 13.371361] kasan_bitops_generic+0x92/0x1c0 [ 13.371507] kunit_try_run_case+0x1a5/0x480 [ 13.371670] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.371925] kthread+0x337/0x6f0 [ 13.372112] ret_from_fork+0x116/0x1d0 [ 13.372466] ret_from_fork_asm+0x1a/0x30 [ 13.372767] [ 13.372865] The buggy address belongs to the object at ffff888101d83660 [ 13.372865] which belongs to the cache kmalloc-16 of size 16 [ 13.373470] The buggy address is located 8 bytes inside of [ 13.373470] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.373977] [ 13.374053] The buggy address belongs to the physical page: [ 13.374375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.374720] flags: 0x200000000000000(node=0|zone=2) [ 13.374884] page_type: f5(slab) [ 13.375006] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.375445] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.375792] page dumped because: kasan: bad access detected [ 13.376000] [ 13.376070] Memory state around the buggy address: [ 13.376346] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.377084] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.377463] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.377814] ^ [ 13.378116] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.378418] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.378775] ================================================================== [ 13.312019] ================================================================== [ 13.312415] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.313395] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.313980] [ 13.314089] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.314166] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.314188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.314209] Call Trace: [ 13.314222] <TASK> [ 13.314236] dump_stack_lvl+0x73/0xb0 [ 13.314264] print_report+0xd1/0x650 [ 13.314286] ? __virt_addr_valid+0x1db/0x2d0 [ 13.314310] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.314333] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.314356] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.314380] kasan_report+0x141/0x180 [ 13.314404] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.314432] kasan_check_range+0x10c/0x1c0 [ 13.314456] __kasan_check_write+0x18/0x20 [ 13.314481] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.314505] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.314551] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.314572] ? trace_hardirqs_on+0x37/0xe0 [ 13.314594] ? kasan_bitops_generic+0x92/0x1c0 [ 13.314685] kasan_bitops_generic+0x121/0x1c0 [ 13.314723] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.314758] ? __pfx_read_tsc+0x10/0x10 [ 13.314779] ? ktime_get_ts64+0x86/0x230 [ 13.314804] kunit_try_run_case+0x1a5/0x480 [ 13.314828] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.314850] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.314873] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.314896] ? __kthread_parkme+0x82/0x180 [ 13.314916] ? preempt_count_sub+0x50/0x80 [ 13.314942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.314966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.314990] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.315013] kthread+0x337/0x6f0 [ 13.315033] ? trace_preempt_on+0x20/0xc0 [ 13.315056] ? __pfx_kthread+0x10/0x10 [ 13.315077] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.315098] ? calculate_sigpending+0x7b/0xa0 [ 13.315122] ? __pfx_kthread+0x10/0x10 [ 13.315144] ret_from_fork+0x116/0x1d0 [ 13.315162] ? __pfx_kthread+0x10/0x10 [ 13.315194] ret_from_fork_asm+0x1a/0x30 [ 13.315243] </TASK> [ 13.315254] [ 13.324800] Allocated by task 278: [ 13.324994] kasan_save_stack+0x45/0x70 [ 13.325194] kasan_save_track+0x18/0x40 [ 13.325393] kasan_save_alloc_info+0x3b/0x50 [ 13.325734] __kasan_kmalloc+0xb7/0xc0 [ 13.325927] __kmalloc_cache_noprof+0x189/0x420 [ 13.326167] kasan_bitops_generic+0x92/0x1c0 [ 13.326402] kunit_try_run_case+0x1a5/0x480 [ 13.326701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.327094] kthread+0x337/0x6f0 [ 13.327277] ret_from_fork+0x116/0x1d0 [ 13.327413] ret_from_fork_asm+0x1a/0x30 [ 13.327552] [ 13.327634] The buggy address belongs to the object at ffff888101d83660 [ 13.327634] which belongs to the cache kmalloc-16 of size 16 [ 13.328596] The buggy address is located 8 bytes inside of [ 13.328596] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.329167] [ 13.329278] The buggy address belongs to the physical page: [ 13.329742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.330144] flags: 0x200000000000000(node=0|zone=2) [ 13.330390] page_type: f5(slab) [ 13.330661] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.330995] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.331412] page dumped because: kasan: bad access detected [ 13.331717] [ 13.331837] Memory state around the buggy address: [ 13.332002] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.332219] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.332578] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.332919] ^ [ 13.333218] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.333502] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.333868] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.250036] ================================================================== [ 13.250323] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.250697] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.251050] [ 13.251136] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.251181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.251201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.251222] Call Trace: [ 13.251237] <TASK> [ 13.251251] dump_stack_lvl+0x73/0xb0 [ 13.251277] print_report+0xd1/0x650 [ 13.251300] ? __virt_addr_valid+0x1db/0x2d0 [ 13.251324] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.251350] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.251373] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.251400] kasan_report+0x141/0x180 [ 13.251422] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.251453] kasan_check_range+0x10c/0x1c0 [ 13.251478] __kasan_check_write+0x18/0x20 [ 13.251498] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.251524] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.251551] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.251572] ? trace_hardirqs_on+0x37/0xe0 [ 13.251593] ? kasan_bitops_generic+0x92/0x1c0 [ 13.251630] kasan_bitops_generic+0x116/0x1c0 [ 13.251649] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.251671] ? __pfx_read_tsc+0x10/0x10 [ 13.251692] ? ktime_get_ts64+0x86/0x230 [ 13.251716] kunit_try_run_case+0x1a5/0x480 [ 13.251749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.251771] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.251794] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.251816] ? __kthread_parkme+0x82/0x180 [ 13.251836] ? preempt_count_sub+0x50/0x80 [ 13.251861] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.251885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.251907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.251929] kthread+0x337/0x6f0 [ 13.251949] ? trace_preempt_on+0x20/0xc0 [ 13.251971] ? __pfx_kthread+0x10/0x10 [ 13.251992] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.252013] ? calculate_sigpending+0x7b/0xa0 [ 13.252036] ? __pfx_kthread+0x10/0x10 [ 13.252058] ret_from_fork+0x116/0x1d0 [ 13.252076] ? __pfx_kthread+0x10/0x10 [ 13.252097] ret_from_fork_asm+0x1a/0x30 [ 13.252128] </TASK> [ 13.252137] [ 13.260504] Allocated by task 278: [ 13.260695] kasan_save_stack+0x45/0x70 [ 13.260899] kasan_save_track+0x18/0x40 [ 13.261099] kasan_save_alloc_info+0x3b/0x50 [ 13.261346] __kasan_kmalloc+0xb7/0xc0 [ 13.261510] __kmalloc_cache_noprof+0x189/0x420 [ 13.261759] kasan_bitops_generic+0x92/0x1c0 [ 13.261909] kunit_try_run_case+0x1a5/0x480 [ 13.262080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.262566] kthread+0x337/0x6f0 [ 13.262751] ret_from_fork+0x116/0x1d0 [ 13.262947] ret_from_fork_asm+0x1a/0x30 [ 13.263101] [ 13.263205] The buggy address belongs to the object at ffff888101d83660 [ 13.263205] which belongs to the cache kmalloc-16 of size 16 [ 13.263717] The buggy address is located 8 bytes inside of [ 13.263717] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.264243] [ 13.264337] The buggy address belongs to the physical page: [ 13.264701] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.265043] flags: 0x200000000000000(node=0|zone=2) [ 13.265297] page_type: f5(slab) [ 13.265417] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.266037] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.266359] page dumped because: kasan: bad access detected [ 13.266560] [ 13.266673] Memory state around the buggy address: [ 13.266910] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.267206] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.267466] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.267720] ^ [ 13.268158] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.268423] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.268833] ================================================================== [ 13.230172] ================================================================== [ 13.230535] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.231200] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.231469] [ 13.231553] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.231599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.231622] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.231644] Call Trace: [ 13.231656] <TASK> [ 13.231671] dump_stack_lvl+0x73/0xb0 [ 13.231696] print_report+0xd1/0x650 [ 13.231718] ? __virt_addr_valid+0x1db/0x2d0 [ 13.231742] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.231767] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.231790] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.231816] kasan_report+0x141/0x180 [ 13.231839] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.231870] kasan_check_range+0x10c/0x1c0 [ 13.231894] __kasan_check_write+0x18/0x20 [ 13.231914] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.231940] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.231967] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.232035] ? trace_hardirqs_on+0x37/0xe0 [ 13.232060] ? kasan_bitops_generic+0x92/0x1c0 [ 13.232086] kasan_bitops_generic+0x116/0x1c0 [ 13.232106] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.232127] ? __pfx_read_tsc+0x10/0x10 [ 13.232148] ? ktime_get_ts64+0x86/0x230 [ 13.232172] kunit_try_run_case+0x1a5/0x480 [ 13.232208] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.232230] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.232252] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.232275] ? __kthread_parkme+0x82/0x180 [ 13.232294] ? preempt_count_sub+0x50/0x80 [ 13.232319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.232342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.232366] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.232389] kthread+0x337/0x6f0 [ 13.232408] ? trace_preempt_on+0x20/0xc0 [ 13.232431] ? __pfx_kthread+0x10/0x10 [ 13.232452] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.232472] ? calculate_sigpending+0x7b/0xa0 [ 13.232496] ? __pfx_kthread+0x10/0x10 [ 13.232519] ret_from_fork+0x116/0x1d0 [ 13.232549] ? __pfx_kthread+0x10/0x10 [ 13.232570] ret_from_fork_asm+0x1a/0x30 [ 13.232602] </TASK> [ 13.232621] [ 13.241071] Allocated by task 278: [ 13.241215] kasan_save_stack+0x45/0x70 [ 13.241422] kasan_save_track+0x18/0x40 [ 13.241881] kasan_save_alloc_info+0x3b/0x50 [ 13.242109] __kasan_kmalloc+0xb7/0xc0 [ 13.242406] __kmalloc_cache_noprof+0x189/0x420 [ 13.242692] kasan_bitops_generic+0x92/0x1c0 [ 13.242888] kunit_try_run_case+0x1a5/0x480 [ 13.243066] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.243361] kthread+0x337/0x6f0 [ 13.243514] ret_from_fork+0x116/0x1d0 [ 13.243720] ret_from_fork_asm+0x1a/0x30 [ 13.243904] [ 13.243985] The buggy address belongs to the object at ffff888101d83660 [ 13.243985] which belongs to the cache kmalloc-16 of size 16 [ 13.244658] The buggy address is located 8 bytes inside of [ 13.244658] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.245012] [ 13.245084] The buggy address belongs to the physical page: [ 13.245274] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.245642] flags: 0x200000000000000(node=0|zone=2) [ 13.245885] page_type: f5(slab) [ 13.246011] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.246438] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.246927] page dumped because: kasan: bad access detected [ 13.247331] [ 13.247431] Memory state around the buggy address: [ 13.247694] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.247916] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.248189] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.248510] ^ [ 13.248901] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.249283] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.249640] ================================================================== [ 13.190034] ================================================================== [ 13.190449] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.190879] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.191364] [ 13.191454] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.191502] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.191514] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.191535] Call Trace: [ 13.191547] <TASK> [ 13.191561] dump_stack_lvl+0x73/0xb0 [ 13.191589] print_report+0xd1/0x650 [ 13.191625] ? __virt_addr_valid+0x1db/0x2d0 [ 13.191650] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.191676] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.191698] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.191725] kasan_report+0x141/0x180 [ 13.191747] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.191778] kasan_check_range+0x10c/0x1c0 [ 13.191803] __kasan_check_write+0x18/0x20 [ 13.191823] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.191849] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.191877] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.191897] ? trace_hardirqs_on+0x37/0xe0 [ 13.191920] ? kasan_bitops_generic+0x92/0x1c0 [ 13.191944] kasan_bitops_generic+0x116/0x1c0 [ 13.191965] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.191987] ? __pfx_read_tsc+0x10/0x10 [ 13.192008] ? ktime_get_ts64+0x86/0x230 [ 13.192033] kunit_try_run_case+0x1a5/0x480 [ 13.192057] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.192079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.192102] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.192125] ? __kthread_parkme+0x82/0x180 [ 13.192145] ? preempt_count_sub+0x50/0x80 [ 13.192170] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.192193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.192218] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.192241] kthread+0x337/0x6f0 [ 13.192261] ? trace_preempt_on+0x20/0xc0 [ 13.192283] ? __pfx_kthread+0x10/0x10 [ 13.192304] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.192324] ? calculate_sigpending+0x7b/0xa0 [ 13.192348] ? __pfx_kthread+0x10/0x10 [ 13.192369] ret_from_fork+0x116/0x1d0 [ 13.192447] ? __pfx_kthread+0x10/0x10 [ 13.192469] ret_from_fork_asm+0x1a/0x30 [ 13.192501] </TASK> [ 13.192511] [ 13.200930] Allocated by task 278: [ 13.201061] kasan_save_stack+0x45/0x70 [ 13.201204] kasan_save_track+0x18/0x40 [ 13.201478] kasan_save_alloc_info+0x3b/0x50 [ 13.201842] __kasan_kmalloc+0xb7/0xc0 [ 13.202035] __kmalloc_cache_noprof+0x189/0x420 [ 13.202251] kasan_bitops_generic+0x92/0x1c0 [ 13.202460] kunit_try_run_case+0x1a5/0x480 [ 13.202687] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.203002] kthread+0x337/0x6f0 [ 13.203229] ret_from_fork+0x116/0x1d0 [ 13.203397] ret_from_fork_asm+0x1a/0x30 [ 13.203779] [ 13.203883] The buggy address belongs to the object at ffff888101d83660 [ 13.203883] which belongs to the cache kmalloc-16 of size 16 [ 13.204293] The buggy address is located 8 bytes inside of [ 13.204293] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.205171] [ 13.205282] The buggy address belongs to the physical page: [ 13.205503] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.205808] flags: 0x200000000000000(node=0|zone=2) [ 13.205973] page_type: f5(slab) [ 13.206095] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.206757] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.207023] page dumped because: kasan: bad access detected [ 13.207198] [ 13.207347] Memory state around the buggy address: [ 13.207624] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.207930] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.208163] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.208375] ^ [ 13.208715] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.209301] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.209783] ================================================================== [ 13.165413] ================================================================== [ 13.166411] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.166913] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.167439] [ 13.167552] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.167599] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.167620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.167642] Call Trace: [ 13.167655] <TASK> [ 13.167670] dump_stack_lvl+0x73/0xb0 [ 13.167856] print_report+0xd1/0x650 [ 13.167882] ? __virt_addr_valid+0x1db/0x2d0 [ 13.167905] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.167930] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.167953] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.167979] kasan_report+0x141/0x180 [ 13.168002] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.168033] kasan_check_range+0x10c/0x1c0 [ 13.168057] __kasan_check_write+0x18/0x20 [ 13.168078] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.168105] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.168132] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.168153] ? trace_hardirqs_on+0x37/0xe0 [ 13.168200] ? kasan_bitops_generic+0x92/0x1c0 [ 13.168225] kasan_bitops_generic+0x116/0x1c0 [ 13.168246] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.168268] ? __pfx_read_tsc+0x10/0x10 [ 13.168289] ? ktime_get_ts64+0x86/0x230 [ 13.168314] kunit_try_run_case+0x1a5/0x480 [ 13.168337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.168359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.168382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.168405] ? __kthread_parkme+0x82/0x180 [ 13.168425] ? preempt_count_sub+0x50/0x80 [ 13.168449] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.168473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.168495] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.168518] kthread+0x337/0x6f0 [ 13.168554] ? trace_preempt_on+0x20/0xc0 [ 13.168577] ? __pfx_kthread+0x10/0x10 [ 13.168597] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.168626] ? calculate_sigpending+0x7b/0xa0 [ 13.168651] ? __pfx_kthread+0x10/0x10 [ 13.168673] ret_from_fork+0x116/0x1d0 [ 13.168691] ? __pfx_kthread+0x10/0x10 [ 13.168713] ret_from_fork_asm+0x1a/0x30 [ 13.168744] </TASK> [ 13.168755] [ 13.181485] Allocated by task 278: [ 13.181805] kasan_save_stack+0x45/0x70 [ 13.182004] kasan_save_track+0x18/0x40 [ 13.182199] kasan_save_alloc_info+0x3b/0x50 [ 13.182588] __kasan_kmalloc+0xb7/0xc0 [ 13.182868] __kmalloc_cache_noprof+0x189/0x420 [ 13.183070] kasan_bitops_generic+0x92/0x1c0 [ 13.183337] kunit_try_run_case+0x1a5/0x480 [ 13.183505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.183823] kthread+0x337/0x6f0 [ 13.183950] ret_from_fork+0x116/0x1d0 [ 13.184139] ret_from_fork_asm+0x1a/0x30 [ 13.184389] [ 13.184463] The buggy address belongs to the object at ffff888101d83660 [ 13.184463] which belongs to the cache kmalloc-16 of size 16 [ 13.185030] The buggy address is located 8 bytes inside of [ 13.185030] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.185518] [ 13.185591] The buggy address belongs to the physical page: [ 13.185872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.186234] flags: 0x200000000000000(node=0|zone=2) [ 13.186405] page_type: f5(slab) [ 13.186533] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.186885] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.187217] page dumped because: kasan: bad access detected [ 13.187426] [ 13.187522] Memory state around the buggy address: [ 13.187721] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.188028] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.188392] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.188670] ^ [ 13.188945] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.189265] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.189497] ================================================================== [ 13.269255] ================================================================== [ 13.269482] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.269842] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.270168] [ 13.270272] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.270317] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.270329] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.270349] Call Trace: [ 13.270362] <TASK> [ 13.270375] dump_stack_lvl+0x73/0xb0 [ 13.270400] print_report+0xd1/0x650 [ 13.270422] ? __virt_addr_valid+0x1db/0x2d0 [ 13.270445] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.270474] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.270497] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.270522] kasan_report+0x141/0x180 [ 13.270544] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.270575] kasan_check_range+0x10c/0x1c0 [ 13.270599] __kasan_check_write+0x18/0x20 [ 13.270628] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.270654] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.270681] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.270702] ? trace_hardirqs_on+0x37/0xe0 [ 13.270724] ? kasan_bitops_generic+0x92/0x1c0 [ 13.270748] kasan_bitops_generic+0x116/0x1c0 [ 13.270768] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.270789] ? __pfx_read_tsc+0x10/0x10 [ 13.270809] ? ktime_get_ts64+0x86/0x230 [ 13.270833] kunit_try_run_case+0x1a5/0x480 [ 13.270857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.270892] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.270914] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.270936] ? __kthread_parkme+0x82/0x180 [ 13.270957] ? preempt_count_sub+0x50/0x80 [ 13.270981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.271004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.271027] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.271049] kthread+0x337/0x6f0 [ 13.271070] ? trace_preempt_on+0x20/0xc0 [ 13.271092] ? __pfx_kthread+0x10/0x10 [ 13.271112] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.271133] ? calculate_sigpending+0x7b/0xa0 [ 13.271157] ? __pfx_kthread+0x10/0x10 [ 13.271178] ret_from_fork+0x116/0x1d0 [ 13.271196] ? __pfx_kthread+0x10/0x10 [ 13.271218] ret_from_fork_asm+0x1a/0x30 [ 13.271250] </TASK> [ 13.271260] [ 13.281205] Allocated by task 278: [ 13.281387] kasan_save_stack+0x45/0x70 [ 13.281708] kasan_save_track+0x18/0x40 [ 13.281909] kasan_save_alloc_info+0x3b/0x50 [ 13.282122] __kasan_kmalloc+0xb7/0xc0 [ 13.282405] __kmalloc_cache_noprof+0x189/0x420 [ 13.282689] kasan_bitops_generic+0x92/0x1c0 [ 13.282844] kunit_try_run_case+0x1a5/0x480 [ 13.282989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.283263] kthread+0x337/0x6f0 [ 13.283629] ret_from_fork+0x116/0x1d0 [ 13.283893] ret_from_fork_asm+0x1a/0x30 [ 13.284096] [ 13.284240] The buggy address belongs to the object at ffff888101d83660 [ 13.284240] which belongs to the cache kmalloc-16 of size 16 [ 13.284875] The buggy address is located 8 bytes inside of [ 13.284875] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.285586] [ 13.285722] The buggy address belongs to the physical page: [ 13.285981] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.286388] flags: 0x200000000000000(node=0|zone=2) [ 13.286632] page_type: f5(slab) [ 13.286893] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.287188] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.287503] page dumped because: kasan: bad access detected [ 13.287784] [ 13.287860] Memory state around the buggy address: [ 13.288045] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.288450] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.288997] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.289339] ^ [ 13.289866] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.290093] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.290414] ================================================================== [ 13.142383] ================================================================== [ 13.143102] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.143541] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.143969] [ 13.144088] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.144146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.144157] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.144189] Call Trace: [ 13.144202] <TASK> [ 13.144226] dump_stack_lvl+0x73/0xb0 [ 13.144254] print_report+0xd1/0x650 [ 13.144277] ? __virt_addr_valid+0x1db/0x2d0 [ 13.144301] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.144337] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.144359] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.144386] kasan_report+0x141/0x180 [ 13.144420] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.144451] kasan_check_range+0x10c/0x1c0 [ 13.144475] __kasan_check_write+0x18/0x20 [ 13.144495] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.144522] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.144560] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.144581] ? trace_hardirqs_on+0x37/0xe0 [ 13.144604] ? kasan_bitops_generic+0x92/0x1c0 [ 13.144639] kasan_bitops_generic+0x116/0x1c0 [ 13.144659] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.144683] ? __pfx_read_tsc+0x10/0x10 [ 13.144706] ? ktime_get_ts64+0x86/0x230 [ 13.144731] kunit_try_run_case+0x1a5/0x480 [ 13.144754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.144777] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.144798] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.144820] ? __kthread_parkme+0x82/0x180 [ 13.144841] ? preempt_count_sub+0x50/0x80 [ 13.144867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.144890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.144912] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.144935] kthread+0x337/0x6f0 [ 13.144955] ? trace_preempt_on+0x20/0xc0 [ 13.144978] ? __pfx_kthread+0x10/0x10 [ 13.144999] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.145019] ? calculate_sigpending+0x7b/0xa0 [ 13.145043] ? __pfx_kthread+0x10/0x10 [ 13.145065] ret_from_fork+0x116/0x1d0 [ 13.145083] ? __pfx_kthread+0x10/0x10 [ 13.145105] ret_from_fork_asm+0x1a/0x30 [ 13.145136] </TASK> [ 13.145148] [ 13.154039] Allocated by task 278: [ 13.154216] kasan_save_stack+0x45/0x70 [ 13.154365] kasan_save_track+0x18/0x40 [ 13.154506] kasan_save_alloc_info+0x3b/0x50 [ 13.154713] __kasan_kmalloc+0xb7/0xc0 [ 13.154997] __kmalloc_cache_noprof+0x189/0x420 [ 13.155218] kasan_bitops_generic+0x92/0x1c0 [ 13.155428] kunit_try_run_case+0x1a5/0x480 [ 13.155645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.156813] kthread+0x337/0x6f0 [ 13.156993] ret_from_fork+0x116/0x1d0 [ 13.157381] ret_from_fork_asm+0x1a/0x30 [ 13.157727] [ 13.157822] The buggy address belongs to the object at ffff888101d83660 [ 13.157822] which belongs to the cache kmalloc-16 of size 16 [ 13.158623] The buggy address is located 8 bytes inside of [ 13.158623] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.159233] [ 13.159392] The buggy address belongs to the physical page: [ 13.159746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.160065] flags: 0x200000000000000(node=0|zone=2) [ 13.160487] page_type: f5(slab) [ 13.160722] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.161245] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.161779] page dumped because: kasan: bad access detected [ 13.162113] [ 13.162227] Memory state around the buggy address: [ 13.162414] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.162891] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.163185] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.163679] ^ [ 13.164046] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.164444] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.164880] ================================================================== [ 13.210158] ================================================================== [ 13.210472] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.210904] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.211196] [ 13.211282] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.211327] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.211340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.211360] Call Trace: [ 13.211373] <TASK> [ 13.211388] dump_stack_lvl+0x73/0xb0 [ 13.211413] print_report+0xd1/0x650 [ 13.211435] ? __virt_addr_valid+0x1db/0x2d0 [ 13.211458] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.211483] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.211507] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.211533] kasan_report+0x141/0x180 [ 13.211556] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.211587] kasan_check_range+0x10c/0x1c0 [ 13.211624] __kasan_check_write+0x18/0x20 [ 13.211646] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.211673] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.211701] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.211721] ? trace_hardirqs_on+0x37/0xe0 [ 13.211743] ? kasan_bitops_generic+0x92/0x1c0 [ 13.211768] kasan_bitops_generic+0x116/0x1c0 [ 13.211788] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.211810] ? __pfx_read_tsc+0x10/0x10 [ 13.211875] ? ktime_get_ts64+0x86/0x230 [ 13.211901] kunit_try_run_case+0x1a5/0x480 [ 13.211926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.211949] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.211971] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.211994] ? __kthread_parkme+0x82/0x180 [ 13.212014] ? preempt_count_sub+0x50/0x80 [ 13.212040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.212063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.212086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.212109] kthread+0x337/0x6f0 [ 13.212129] ? trace_preempt_on+0x20/0xc0 [ 13.212151] ? __pfx_kthread+0x10/0x10 [ 13.212173] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.212202] ? calculate_sigpending+0x7b/0xa0 [ 13.212225] ? __pfx_kthread+0x10/0x10 [ 13.212247] ret_from_fork+0x116/0x1d0 [ 13.212265] ? __pfx_kthread+0x10/0x10 [ 13.212287] ret_from_fork_asm+0x1a/0x30 [ 13.212317] </TASK> [ 13.212327] [ 13.221709] Allocated by task 278: [ 13.221893] kasan_save_stack+0x45/0x70 [ 13.222094] kasan_save_track+0x18/0x40 [ 13.222318] kasan_save_alloc_info+0x3b/0x50 [ 13.222508] __kasan_kmalloc+0xb7/0xc0 [ 13.222651] __kmalloc_cache_noprof+0x189/0x420 [ 13.222804] kasan_bitops_generic+0x92/0x1c0 [ 13.223007] kunit_try_run_case+0x1a5/0x480 [ 13.223211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.223427] kthread+0x337/0x6f0 [ 13.223549] ret_from_fork+0x116/0x1d0 [ 13.223723] ret_from_fork_asm+0x1a/0x30 [ 13.223923] [ 13.224022] The buggy address belongs to the object at ffff888101d83660 [ 13.224022] which belongs to the cache kmalloc-16 of size 16 [ 13.224829] The buggy address is located 8 bytes inside of [ 13.224829] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.225310] [ 13.225385] The buggy address belongs to the physical page: [ 13.225575] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.225948] flags: 0x200000000000000(node=0|zone=2) [ 13.226107] page_type: f5(slab) [ 13.226228] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.226454] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.226928] page dumped because: kasan: bad access detected [ 13.227187] [ 13.227281] Memory state around the buggy address: [ 13.227505] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.227999] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.228374] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.228787] ^ [ 13.229050] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.229366] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.229582] ================================================================== [ 13.291044] ================================================================== [ 13.291428] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.291874] Write of size 8 at addr ffff888101d83668 by task kunit_try_catch/278 [ 13.292095] [ 13.292177] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.292221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.292234] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.292255] Call Trace: [ 13.292267] <TASK> [ 13.292282] dump_stack_lvl+0x73/0xb0 [ 13.292320] print_report+0xd1/0x650 [ 13.292344] ? __virt_addr_valid+0x1db/0x2d0 [ 13.292367] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.292414] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.292437] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.292463] kasan_report+0x141/0x180 [ 13.292502] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.292532] kasan_check_range+0x10c/0x1c0 [ 13.292570] __kasan_check_write+0x18/0x20 [ 13.292603] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.292653] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.292725] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.292748] ? trace_hardirqs_on+0x37/0xe0 [ 13.292770] ? kasan_bitops_generic+0x92/0x1c0 [ 13.292795] kasan_bitops_generic+0x116/0x1c0 [ 13.292816] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.292838] ? __pfx_read_tsc+0x10/0x10 [ 13.292859] ? ktime_get_ts64+0x86/0x230 [ 13.292883] kunit_try_run_case+0x1a5/0x480 [ 13.292906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.292928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.292950] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.292972] ? __kthread_parkme+0x82/0x180 [ 13.292992] ? preempt_count_sub+0x50/0x80 [ 13.293017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.293041] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.293064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.293109] kthread+0x337/0x6f0 [ 13.293130] ? trace_preempt_on+0x20/0xc0 [ 13.293165] ? __pfx_kthread+0x10/0x10 [ 13.293193] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.293213] ? calculate_sigpending+0x7b/0xa0 [ 13.293237] ? __pfx_kthread+0x10/0x10 [ 13.293259] ret_from_fork+0x116/0x1d0 [ 13.293277] ? __pfx_kthread+0x10/0x10 [ 13.293297] ret_from_fork_asm+0x1a/0x30 [ 13.293345] </TASK> [ 13.293355] [ 13.302674] Allocated by task 278: [ 13.302957] kasan_save_stack+0x45/0x70 [ 13.303184] kasan_save_track+0x18/0x40 [ 13.303362] kasan_save_alloc_info+0x3b/0x50 [ 13.303504] __kasan_kmalloc+0xb7/0xc0 [ 13.303768] __kmalloc_cache_noprof+0x189/0x420 [ 13.304024] kasan_bitops_generic+0x92/0x1c0 [ 13.304268] kunit_try_run_case+0x1a5/0x480 [ 13.304416] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.304834] kthread+0x337/0x6f0 [ 13.305019] ret_from_fork+0x116/0x1d0 [ 13.305195] ret_from_fork_asm+0x1a/0x30 [ 13.305371] [ 13.305441] The buggy address belongs to the object at ffff888101d83660 [ 13.305441] which belongs to the cache kmalloc-16 of size 16 [ 13.306136] The buggy address is located 8 bytes inside of [ 13.306136] allocated 9-byte region [ffff888101d83660, ffff888101d83669) [ 13.306833] [ 13.306961] The buggy address belongs to the physical page: [ 13.307173] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d83 [ 13.307559] flags: 0x200000000000000(node=0|zone=2) [ 13.307900] page_type: f5(slab) [ 13.308233] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 13.308655] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.308955] page dumped because: kasan: bad access detected [ 13.309235] [ 13.309339] Memory state around the buggy address: [ 13.309535] ffff888101d83500: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 13.309951] ffff888101d83580: 00 02 fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 13.310289] >ffff888101d83600: fa fb fc fc fa fb fc fc fa fb fc fc 00 01 fc fc [ 13.310658] ^ [ 13.310945] ffff888101d83680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.311307] ffff888101d83700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.311590] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.117663] ================================================================== [ 13.118328] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.118714] Read of size 1 at addr ffff8881029e6650 by task kunit_try_catch/276 [ 13.118975] [ 13.119084] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.119129] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.119141] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.119161] Call Trace: [ 13.119174] <TASK> [ 13.119186] dump_stack_lvl+0x73/0xb0 [ 13.119212] print_report+0xd1/0x650 [ 13.119245] ? __virt_addr_valid+0x1db/0x2d0 [ 13.119268] ? strnlen+0x73/0x80 [ 13.119289] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.119323] ? strnlen+0x73/0x80 [ 13.119345] kasan_report+0x141/0x180 [ 13.119368] ? strnlen+0x73/0x80 [ 13.119394] __asan_report_load1_noabort+0x18/0x20 [ 13.119415] strnlen+0x73/0x80 [ 13.119438] kasan_strings+0x615/0xe80 [ 13.119458] ? trace_hardirqs_on+0x37/0xe0 [ 13.119481] ? __pfx_kasan_strings+0x10/0x10 [ 13.119502] ? finish_task_switch.isra.0+0x153/0x700 [ 13.119564] ? __switch_to+0x47/0xf50 [ 13.119593] ? __schedule+0x10cc/0x2b60 [ 13.119642] ? __pfx_read_tsc+0x10/0x10 [ 13.119664] ? ktime_get_ts64+0x86/0x230 [ 13.119688] kunit_try_run_case+0x1a5/0x480 [ 13.119712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.119734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.119757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.119780] ? __kthread_parkme+0x82/0x180 [ 13.119799] ? preempt_count_sub+0x50/0x80 [ 13.119822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.119846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.119869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.119894] kthread+0x337/0x6f0 [ 13.119916] ? trace_preempt_on+0x20/0xc0 [ 13.119939] ? __pfx_kthread+0x10/0x10 [ 13.119961] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.119981] ? calculate_sigpending+0x7b/0xa0 [ 13.120004] ? __pfx_kthread+0x10/0x10 [ 13.120027] ret_from_fork+0x116/0x1d0 [ 13.120057] ? __pfx_kthread+0x10/0x10 [ 13.120077] ret_from_fork_asm+0x1a/0x30 [ 13.120118] </TASK> [ 13.120129] [ 13.128690] Allocated by task 276: [ 13.128963] kasan_save_stack+0x45/0x70 [ 13.129110] kasan_save_track+0x18/0x40 [ 13.129245] kasan_save_alloc_info+0x3b/0x50 [ 13.129455] __kasan_kmalloc+0xb7/0xc0 [ 13.129678] __kmalloc_cache_noprof+0x189/0x420 [ 13.129991] kasan_strings+0xc0/0xe80 [ 13.130162] kunit_try_run_case+0x1a5/0x480 [ 13.130309] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.130488] kthread+0x337/0x6f0 [ 13.130782] ret_from_fork+0x116/0x1d0 [ 13.130976] ret_from_fork_asm+0x1a/0x30 [ 13.131172] [ 13.131384] Freed by task 276: [ 13.131582] kasan_save_stack+0x45/0x70 [ 13.131795] kasan_save_track+0x18/0x40 [ 13.131959] kasan_save_free_info+0x3f/0x60 [ 13.132101] __kasan_slab_free+0x56/0x70 [ 13.132239] kfree+0x222/0x3f0 [ 13.132424] kasan_strings+0x2aa/0xe80 [ 13.132673] kunit_try_run_case+0x1a5/0x480 [ 13.132887] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.133141] kthread+0x337/0x6f0 [ 13.133402] ret_from_fork+0x116/0x1d0 [ 13.133784] ret_from_fork_asm+0x1a/0x30 [ 13.134001] [ 13.134110] The buggy address belongs to the object at ffff8881029e6640 [ 13.134110] which belongs to the cache kmalloc-32 of size 32 [ 13.134687] The buggy address is located 16 bytes inside of [ 13.134687] freed 32-byte region [ffff8881029e6640, ffff8881029e6660) [ 13.135041] [ 13.135116] The buggy address belongs to the physical page: [ 13.135449] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e6 [ 13.135815] flags: 0x200000000000000(node=0|zone=2) [ 13.135981] page_type: f5(slab) [ 13.136105] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.136408] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.136856] page dumped because: kasan: bad access detected [ 13.137158] [ 13.137312] Memory state around the buggy address: [ 13.137578] ffff8881029e6500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.137896] ffff8881029e6580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.138150] >ffff8881029e6600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.138508] ^ [ 13.138766] ffff8881029e6680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.139058] ffff8881029e6700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.139380] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.094690] ================================================================== [ 13.095060] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.095324] Read of size 1 at addr ffff8881029e6650 by task kunit_try_catch/276 [ 13.095709] [ 13.095848] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.095928] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.095942] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.095963] Call Trace: [ 13.095976] <TASK> [ 13.095992] dump_stack_lvl+0x73/0xb0 [ 13.096019] print_report+0xd1/0x650 [ 13.096041] ? __virt_addr_valid+0x1db/0x2d0 [ 13.096064] ? strlen+0x8f/0xb0 [ 13.096084] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.096108] ? strlen+0x8f/0xb0 [ 13.096129] kasan_report+0x141/0x180 [ 13.096152] ? strlen+0x8f/0xb0 [ 13.096178] __asan_report_load1_noabort+0x18/0x20 [ 13.096201] strlen+0x8f/0xb0 [ 13.096223] kasan_strings+0x57b/0xe80 [ 13.096243] ? trace_hardirqs_on+0x37/0xe0 [ 13.096265] ? __pfx_kasan_strings+0x10/0x10 [ 13.096286] ? finish_task_switch.isra.0+0x153/0x700 [ 13.096308] ? __switch_to+0x47/0xf50 [ 13.096334] ? __schedule+0x10cc/0x2b60 [ 13.096356] ? __pfx_read_tsc+0x10/0x10 [ 13.096377] ? ktime_get_ts64+0x86/0x230 [ 13.096401] kunit_try_run_case+0x1a5/0x480 [ 13.096425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.096447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.096480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.096503] ? __kthread_parkme+0x82/0x180 [ 13.096522] ? preempt_count_sub+0x50/0x80 [ 13.096557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.096581] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.096604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.096636] kthread+0x337/0x6f0 [ 13.096656] ? trace_preempt_on+0x20/0xc0 [ 13.096678] ? __pfx_kthread+0x10/0x10 [ 13.096700] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.096770] ? calculate_sigpending+0x7b/0xa0 [ 13.096794] ? __pfx_kthread+0x10/0x10 [ 13.096818] ret_from_fork+0x116/0x1d0 [ 13.096836] ? __pfx_kthread+0x10/0x10 [ 13.096857] ret_from_fork_asm+0x1a/0x30 [ 13.096889] </TASK> [ 13.096899] [ 13.105016] Allocated by task 276: [ 13.105255] kasan_save_stack+0x45/0x70 [ 13.105881] kasan_save_track+0x18/0x40 [ 13.106061] kasan_save_alloc_info+0x3b/0x50 [ 13.106208] __kasan_kmalloc+0xb7/0xc0 [ 13.106341] __kmalloc_cache_noprof+0x189/0x420 [ 13.106562] kasan_strings+0xc0/0xe80 [ 13.106915] kunit_try_run_case+0x1a5/0x480 [ 13.107157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.107386] kthread+0x337/0x6f0 [ 13.107508] ret_from_fork+0x116/0x1d0 [ 13.107723] ret_from_fork_asm+0x1a/0x30 [ 13.107928] [ 13.108025] Freed by task 276: [ 13.108232] kasan_save_stack+0x45/0x70 [ 13.108449] kasan_save_track+0x18/0x40 [ 13.108588] kasan_save_free_info+0x3f/0x60 [ 13.108955] __kasan_slab_free+0x56/0x70 [ 13.109183] kfree+0x222/0x3f0 [ 13.109372] kasan_strings+0x2aa/0xe80 [ 13.109635] kunit_try_run_case+0x1a5/0x480 [ 13.110007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.110397] kthread+0x337/0x6f0 [ 13.110670] ret_from_fork+0x116/0x1d0 [ 13.110859] ret_from_fork_asm+0x1a/0x30 [ 13.111057] [ 13.111156] The buggy address belongs to the object at ffff8881029e6640 [ 13.111156] which belongs to the cache kmalloc-32 of size 32 [ 13.111892] The buggy address is located 16 bytes inside of [ 13.111892] freed 32-byte region [ffff8881029e6640, ffff8881029e6660) [ 13.112413] [ 13.112489] The buggy address belongs to the physical page: [ 13.112757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e6 [ 13.113144] flags: 0x200000000000000(node=0|zone=2) [ 13.113368] page_type: f5(slab) [ 13.113492] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.113787] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.114205] page dumped because: kasan: bad access detected [ 13.114443] [ 13.114520] Memory state around the buggy address: [ 13.114866] ffff8881029e6500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.115394] ffff8881029e6580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.115767] >ffff8881029e6600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.116198] ^ [ 13.116637] ffff8881029e6680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.116861] ffff8881029e6700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.117092] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.070487] ================================================================== [ 13.070966] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.071326] Read of size 1 at addr ffff8881029e6650 by task kunit_try_catch/276 [ 13.071551] [ 13.071686] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.071803] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.071827] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.071850] Call Trace: [ 13.071864] <TASK> [ 13.071880] dump_stack_lvl+0x73/0xb0 [ 13.071908] print_report+0xd1/0x650 [ 13.071930] ? __virt_addr_valid+0x1db/0x2d0 [ 13.071953] ? kasan_strings+0xcbc/0xe80 [ 13.071974] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.071997] ? kasan_strings+0xcbc/0xe80 [ 13.072019] kasan_report+0x141/0x180 [ 13.072042] ? kasan_strings+0xcbc/0xe80 [ 13.072101] __asan_report_load1_noabort+0x18/0x20 [ 13.072122] kasan_strings+0xcbc/0xe80 [ 13.072153] ? trace_hardirqs_on+0x37/0xe0 [ 13.072177] ? __pfx_kasan_strings+0x10/0x10 [ 13.072198] ? finish_task_switch.isra.0+0x153/0x700 [ 13.072220] ? __switch_to+0x47/0xf50 [ 13.072246] ? __schedule+0x10cc/0x2b60 [ 13.072268] ? __pfx_read_tsc+0x10/0x10 [ 13.072289] ? ktime_get_ts64+0x86/0x230 [ 13.072314] kunit_try_run_case+0x1a5/0x480 [ 13.072338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.072361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.072382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.072404] ? __kthread_parkme+0x82/0x180 [ 13.072424] ? preempt_count_sub+0x50/0x80 [ 13.072458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.072483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.072505] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.072592] kthread+0x337/0x6f0 [ 13.072635] ? trace_preempt_on+0x20/0xc0 [ 13.072657] ? __pfx_kthread+0x10/0x10 [ 13.072707] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.072728] ? calculate_sigpending+0x7b/0xa0 [ 13.072751] ? __pfx_kthread+0x10/0x10 [ 13.072784] ret_from_fork+0x116/0x1d0 [ 13.072803] ? __pfx_kthread+0x10/0x10 [ 13.072824] ret_from_fork_asm+0x1a/0x30 [ 13.072855] </TASK> [ 13.072866] [ 13.081830] Allocated by task 276: [ 13.082068] kasan_save_stack+0x45/0x70 [ 13.082323] kasan_save_track+0x18/0x40 [ 13.082522] kasan_save_alloc_info+0x3b/0x50 [ 13.082859] __kasan_kmalloc+0xb7/0xc0 [ 13.083007] __kmalloc_cache_noprof+0x189/0x420 [ 13.083159] kasan_strings+0xc0/0xe80 [ 13.083348] kunit_try_run_case+0x1a5/0x480 [ 13.083563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.083974] kthread+0x337/0x6f0 [ 13.084129] ret_from_fork+0x116/0x1d0 [ 13.084264] ret_from_fork_asm+0x1a/0x30 [ 13.084502] [ 13.084822] Freed by task 276: [ 13.084989] kasan_save_stack+0x45/0x70 [ 13.085185] kasan_save_track+0x18/0x40 [ 13.085380] kasan_save_free_info+0x3f/0x60 [ 13.085708] __kasan_slab_free+0x56/0x70 [ 13.085889] kfree+0x222/0x3f0 [ 13.086005] kasan_strings+0x2aa/0xe80 [ 13.086141] kunit_try_run_case+0x1a5/0x480 [ 13.086358] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.086691] kthread+0x337/0x6f0 [ 13.086913] ret_from_fork+0x116/0x1d0 [ 13.087261] ret_from_fork_asm+0x1a/0x30 [ 13.087465] [ 13.087678] The buggy address belongs to the object at ffff8881029e6640 [ 13.087678] which belongs to the cache kmalloc-32 of size 32 [ 13.088166] The buggy address is located 16 bytes inside of [ 13.088166] freed 32-byte region [ffff8881029e6640, ffff8881029e6660) [ 13.088870] [ 13.088988] The buggy address belongs to the physical page: [ 13.089199] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e6 [ 13.089677] flags: 0x200000000000000(node=0|zone=2) [ 13.089846] page_type: f5(slab) [ 13.089969] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.090682] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.091060] page dumped because: kasan: bad access detected [ 13.091327] [ 13.091457] Memory state around the buggy address: [ 13.091627] ffff8881029e6500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.092144] ffff8881029e6580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.092476] >ffff8881029e6600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.092896] ^ [ 13.093136] ffff8881029e6680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.093539] ffff8881029e6700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.093852] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.047518] ================================================================== [ 13.048448] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.048798] Read of size 1 at addr ffff8881029e6650 by task kunit_try_catch/276 [ 13.049114] [ 13.049281] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.049342] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.049355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.049387] Call Trace: [ 13.049401] <TASK> [ 13.049417] dump_stack_lvl+0x73/0xb0 [ 13.049446] print_report+0xd1/0x650 [ 13.049472] ? __virt_addr_valid+0x1db/0x2d0 [ 13.049510] ? strcmp+0xb0/0xc0 [ 13.049547] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.049572] ? strcmp+0xb0/0xc0 [ 13.049593] kasan_report+0x141/0x180 [ 13.049669] ? strcmp+0xb0/0xc0 [ 13.049718] __asan_report_load1_noabort+0x18/0x20 [ 13.049741] strcmp+0xb0/0xc0 [ 13.049764] kasan_strings+0x431/0xe80 [ 13.049794] ? trace_hardirqs_on+0x37/0xe0 [ 13.049820] ? __pfx_kasan_strings+0x10/0x10 [ 13.049841] ? finish_task_switch.isra.0+0x153/0x700 [ 13.049864] ? __switch_to+0x47/0xf50 [ 13.049892] ? __schedule+0x10cc/0x2b60 [ 13.049915] ? __pfx_read_tsc+0x10/0x10 [ 13.049937] ? ktime_get_ts64+0x86/0x230 [ 13.049962] kunit_try_run_case+0x1a5/0x480 [ 13.049987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.050018] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.050042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.050063] ? __kthread_parkme+0x82/0x180 [ 13.050094] ? preempt_count_sub+0x50/0x80 [ 13.050118] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.050143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.050165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.050198] kthread+0x337/0x6f0 [ 13.050218] ? trace_preempt_on+0x20/0xc0 [ 13.050249] ? __pfx_kthread+0x10/0x10 [ 13.050271] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.050291] ? calculate_sigpending+0x7b/0xa0 [ 13.050327] ? __pfx_kthread+0x10/0x10 [ 13.050348] ret_from_fork+0x116/0x1d0 [ 13.050367] ? __pfx_kthread+0x10/0x10 [ 13.050387] ret_from_fork_asm+0x1a/0x30 [ 13.050419] </TASK> [ 13.050431] [ 13.058970] Allocated by task 276: [ 13.059173] kasan_save_stack+0x45/0x70 [ 13.059373] kasan_save_track+0x18/0x40 [ 13.059560] kasan_save_alloc_info+0x3b/0x50 [ 13.059896] __kasan_kmalloc+0xb7/0xc0 [ 13.060029] __kmalloc_cache_noprof+0x189/0x420 [ 13.060342] kasan_strings+0xc0/0xe80 [ 13.060569] kunit_try_run_case+0x1a5/0x480 [ 13.060810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.061018] kthread+0x337/0x6f0 [ 13.061195] ret_from_fork+0x116/0x1d0 [ 13.061366] ret_from_fork_asm+0x1a/0x30 [ 13.061665] [ 13.061747] Freed by task 276: [ 13.061914] kasan_save_stack+0x45/0x70 [ 13.062097] kasan_save_track+0x18/0x40 [ 13.062306] kasan_save_free_info+0x3f/0x60 [ 13.062501] __kasan_slab_free+0x56/0x70 [ 13.062910] kfree+0x222/0x3f0 [ 13.063046] kasan_strings+0x2aa/0xe80 [ 13.063218] kunit_try_run_case+0x1a5/0x480 [ 13.063530] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.063868] kthread+0x337/0x6f0 [ 13.063987] ret_from_fork+0x116/0x1d0 [ 13.064112] ret_from_fork_asm+0x1a/0x30 [ 13.064244] [ 13.064335] The buggy address belongs to the object at ffff8881029e6640 [ 13.064335] which belongs to the cache kmalloc-32 of size 32 [ 13.065049] The buggy address is located 16 bytes inside of [ 13.065049] freed 32-byte region [ffff8881029e6640, ffff8881029e6660) [ 13.065572] [ 13.065735] The buggy address belongs to the physical page: [ 13.065965] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e6 [ 13.066208] flags: 0x200000000000000(node=0|zone=2) [ 13.066396] page_type: f5(slab) [ 13.066586] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.066943] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.067283] page dumped because: kasan: bad access detected [ 13.067580] [ 13.067719] Memory state around the buggy address: [ 13.067964] ffff8881029e6500: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.068289] ffff8881029e6580: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.068589] >ffff8881029e6600: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.068913] ^ [ 13.069159] ffff8881029e6680: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.069509] ffff8881029e6700: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.069936] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.007686] ================================================================== [ 13.008729] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.009791] Read of size 1 at addr ffff8881039e3718 by task kunit_try_catch/274 [ 13.010503] [ 13.010925] CPU: 1 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 13.010995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.011013] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.011036] Call Trace: [ 13.011050] <TASK> [ 13.011068] dump_stack_lvl+0x73/0xb0 [ 13.011101] print_report+0xd1/0x650 [ 13.011127] ? __virt_addr_valid+0x1db/0x2d0 [ 13.011152] ? memcmp+0x1b4/0x1d0 [ 13.011174] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.011311] ? memcmp+0x1b4/0x1d0 [ 13.011335] kasan_report+0x141/0x180 [ 13.011359] ? memcmp+0x1b4/0x1d0 [ 13.011386] __asan_report_load1_noabort+0x18/0x20 [ 13.011408] memcmp+0x1b4/0x1d0 [ 13.011441] kasan_memcmp+0x18f/0x390 [ 13.011462] ? trace_hardirqs_on+0x37/0xe0 [ 13.011488] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.011508] ? finish_task_switch.isra.0+0x153/0x700 [ 13.011566] ? __switch_to+0x47/0xf50 [ 13.011620] ? __pfx_read_tsc+0x10/0x10 [ 13.011642] ? ktime_get_ts64+0x86/0x230 [ 13.011668] kunit_try_run_case+0x1a5/0x480 [ 13.011694] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.011716] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.011739] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.011762] ? __kthread_parkme+0x82/0x180 [ 13.011786] ? preempt_count_sub+0x50/0x80 [ 13.011810] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.011835] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.011859] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.011883] kthread+0x337/0x6f0 [ 13.011903] ? trace_preempt_on+0x20/0xc0 [ 13.011926] ? __pfx_kthread+0x10/0x10 [ 13.011947] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.011968] ? calculate_sigpending+0x7b/0xa0 [ 13.011994] ? __pfx_kthread+0x10/0x10 [ 13.012017] ret_from_fork+0x116/0x1d0 [ 13.012035] ? __pfx_kthread+0x10/0x10 [ 13.012056] ret_from_fork_asm+0x1a/0x30 [ 13.012088] </TASK> [ 13.012101] [ 13.027079] Allocated by task 274: [ 13.027232] kasan_save_stack+0x45/0x70 [ 13.027628] kasan_save_track+0x18/0x40 [ 13.028056] kasan_save_alloc_info+0x3b/0x50 [ 13.028571] __kasan_kmalloc+0xb7/0xc0 [ 13.029110] __kmalloc_cache_noprof+0x189/0x420 [ 13.029655] kasan_memcmp+0xb7/0x390 [ 13.030015] kunit_try_run_case+0x1a5/0x480 [ 13.030289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.030518] kthread+0x337/0x6f0 [ 13.030962] ret_from_fork+0x116/0x1d0 [ 13.031376] ret_from_fork_asm+0x1a/0x30 [ 13.031718] [ 13.031797] The buggy address belongs to the object at ffff8881039e3700 [ 13.031797] which belongs to the cache kmalloc-32 of size 32 [ 13.032149] The buggy address is located 0 bytes to the right of [ 13.032149] allocated 24-byte region [ffff8881039e3700, ffff8881039e3718) [ 13.033438] [ 13.033836] The buggy address belongs to the physical page: [ 13.034387] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e3 [ 13.035263] flags: 0x200000000000000(node=0|zone=2) [ 13.035748] page_type: f5(slab) [ 13.035879] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.036117] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.036780] page dumped because: kasan: bad access detected [ 13.037487] [ 13.037675] Memory state around the buggy address: [ 13.038203] ffff8881039e3600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.039009] ffff8881039e3680: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.039513] >ffff8881039e3700: 00 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.040101] ^ [ 13.040245] ffff8881039e3780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.041041] ffff8881039e3800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.041744] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.204221] ================================================================== [ 11.205384] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.205741] Write of size 4 at addr ffff8881029ce475 by task kunit_try_catch/191 [ 11.205967] [ 11.206063] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.206115] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.206127] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.206148] Call Trace: [ 11.206160] <TASK> [ 11.206178] dump_stack_lvl+0x73/0xb0 [ 11.206207] print_report+0xd1/0x650 [ 11.206471] ? __virt_addr_valid+0x1db/0x2d0 [ 11.206496] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.206517] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.206551] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.206573] kasan_report+0x141/0x180 [ 11.206596] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.206632] kasan_check_range+0x10c/0x1c0 [ 11.206666] __asan_memset+0x27/0x50 [ 11.206686] kmalloc_oob_memset_4+0x166/0x330 [ 11.206708] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.206731] ? __schedule+0x10cc/0x2b60 [ 11.206754] ? __pfx_read_tsc+0x10/0x10 [ 11.206775] ? ktime_get_ts64+0x86/0x230 [ 11.206800] kunit_try_run_case+0x1a5/0x480 [ 11.206826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.206847] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.206870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.206892] ? __kthread_parkme+0x82/0x180 [ 11.206913] ? preempt_count_sub+0x50/0x80 [ 11.206938] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.206961] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.206984] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.207006] kthread+0x337/0x6f0 [ 11.207026] ? trace_preempt_on+0x20/0xc0 [ 11.207051] ? __pfx_kthread+0x10/0x10 [ 11.207071] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.207091] ? calculate_sigpending+0x7b/0xa0 [ 11.207116] ? __pfx_kthread+0x10/0x10 [ 11.207138] ret_from_fork+0x116/0x1d0 [ 11.207156] ? __pfx_kthread+0x10/0x10 [ 11.207177] ret_from_fork_asm+0x1a/0x30 [ 11.207219] </TASK> [ 11.207231] [ 11.219991] Allocated by task 191: [ 11.220346] kasan_save_stack+0x45/0x70 [ 11.220724] kasan_save_track+0x18/0x40 [ 11.221090] kasan_save_alloc_info+0x3b/0x50 [ 11.221272] __kasan_kmalloc+0xb7/0xc0 [ 11.221639] __kmalloc_cache_noprof+0x189/0x420 [ 11.222215] kmalloc_oob_memset_4+0xac/0x330 [ 11.222684] kunit_try_run_case+0x1a5/0x480 [ 11.222839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.223015] kthread+0x337/0x6f0 [ 11.223136] ret_from_fork+0x116/0x1d0 [ 11.223304] ret_from_fork_asm+0x1a/0x30 [ 11.223456] [ 11.223666] The buggy address belongs to the object at ffff8881029ce400 [ 11.223666] which belongs to the cache kmalloc-128 of size 128 [ 11.224156] The buggy address is located 117 bytes inside of [ 11.224156] allocated 120-byte region [ffff8881029ce400, ffff8881029ce478) [ 11.224867] [ 11.225031] The buggy address belongs to the physical page: [ 11.225300] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 11.225874] flags: 0x200000000000000(node=0|zone=2) [ 11.226212] page_type: f5(slab) [ 11.226378] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.226861] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.227235] page dumped because: kasan: bad access detected [ 11.227501] [ 11.227573] Memory state around the buggy address: [ 11.227908] ffff8881029ce300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.228269] ffff8881029ce380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.228650] >ffff8881029ce400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.229176] ^ [ 11.229874] ffff8881029ce480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.230748] ffff8881029ce500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.231734] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.163669] ================================================================== [ 11.165065] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.166152] Write of size 2 at addr ffff8881029ce377 by task kunit_try_catch/189 [ 11.167100] [ 11.167504] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.167605] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.167627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.167648] Call Trace: [ 11.167663] <TASK> [ 11.167683] dump_stack_lvl+0x73/0xb0 [ 11.167751] print_report+0xd1/0x650 [ 11.167774] ? __virt_addr_valid+0x1db/0x2d0 [ 11.167799] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.167820] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.167842] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.167865] kasan_report+0x141/0x180 [ 11.167887] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.167913] kasan_check_range+0x10c/0x1c0 [ 11.167937] __asan_memset+0x27/0x50 [ 11.167956] kmalloc_oob_memset_2+0x166/0x330 [ 11.167979] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.168001] ? __schedule+0x10cc/0x2b60 [ 11.168023] ? __pfx_read_tsc+0x10/0x10 [ 11.168044] ? ktime_get_ts64+0x86/0x230 [ 11.168070] kunit_try_run_case+0x1a5/0x480 [ 11.168097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.168119] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.168142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.168183] ? __kthread_parkme+0x82/0x180 [ 11.168205] ? preempt_count_sub+0x50/0x80 [ 11.168231] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.168254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.168276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.168299] kthread+0x337/0x6f0 [ 11.168318] ? trace_preempt_on+0x20/0xc0 [ 11.168343] ? __pfx_kthread+0x10/0x10 [ 11.168363] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.168383] ? calculate_sigpending+0x7b/0xa0 [ 11.168408] ? __pfx_kthread+0x10/0x10 [ 11.168429] ret_from_fork+0x116/0x1d0 [ 11.168448] ? __pfx_kthread+0x10/0x10 [ 11.168468] ret_from_fork_asm+0x1a/0x30 [ 11.168500] </TASK> [ 11.168527] [ 11.185128] Allocated by task 189: [ 11.185627] kasan_save_stack+0x45/0x70 [ 11.185971] kasan_save_track+0x18/0x40 [ 11.186550] kasan_save_alloc_info+0x3b/0x50 [ 11.186715] __kasan_kmalloc+0xb7/0xc0 [ 11.187192] __kmalloc_cache_noprof+0x189/0x420 [ 11.187753] kmalloc_oob_memset_2+0xac/0x330 [ 11.188211] kunit_try_run_case+0x1a5/0x480 [ 11.188542] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.189124] kthread+0x337/0x6f0 [ 11.189430] ret_from_fork+0x116/0x1d0 [ 11.189796] ret_from_fork_asm+0x1a/0x30 [ 11.189937] [ 11.190010] The buggy address belongs to the object at ffff8881029ce300 [ 11.190010] which belongs to the cache kmalloc-128 of size 128 [ 11.191156] The buggy address is located 119 bytes inside of [ 11.191156] allocated 120-byte region [ffff8881029ce300, ffff8881029ce378) [ 11.192741] [ 11.193084] The buggy address belongs to the physical page: [ 11.193569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 11.194159] flags: 0x200000000000000(node=0|zone=2) [ 11.194740] page_type: f5(slab) [ 11.195011] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.195372] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.196052] page dumped because: kasan: bad access detected [ 11.196352] [ 11.196536] Memory state around the buggy address: [ 11.197051] ffff8881029ce200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.197375] ffff8881029ce280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.198110] >ffff8881029ce300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.198623] ^ [ 11.199158] ffff8881029ce380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.199662] ffff8881029ce400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.199880] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.132700] ================================================================== [ 11.133765] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.135148] Write of size 128 at addr ffff8881026a8700 by task kunit_try_catch/187 [ 11.136592] [ 11.137066] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.137130] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.137142] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.137164] Call Trace: [ 11.137177] <TASK> [ 11.137195] dump_stack_lvl+0x73/0xb0 [ 11.137227] print_report+0xd1/0x650 [ 11.137251] ? __virt_addr_valid+0x1db/0x2d0 [ 11.137274] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.137296] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.137318] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.137341] kasan_report+0x141/0x180 [ 11.137363] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.137390] kasan_check_range+0x10c/0x1c0 [ 11.137413] __asan_memset+0x27/0x50 [ 11.137432] kmalloc_oob_in_memset+0x15f/0x320 [ 11.137455] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.137479] ? __schedule+0x10cc/0x2b60 [ 11.137501] ? __pfx_read_tsc+0x10/0x10 [ 11.137651] ? ktime_get_ts64+0x86/0x230 [ 11.137681] kunit_try_run_case+0x1a5/0x480 [ 11.137707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.137769] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.137792] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.137814] ? __kthread_parkme+0x82/0x180 [ 11.137835] ? preempt_count_sub+0x50/0x80 [ 11.137859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.137883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.137906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.137929] kthread+0x337/0x6f0 [ 11.137949] ? trace_preempt_on+0x20/0xc0 [ 11.137974] ? __pfx_kthread+0x10/0x10 [ 11.137994] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.138015] ? calculate_sigpending+0x7b/0xa0 [ 11.138039] ? __pfx_kthread+0x10/0x10 [ 11.138060] ret_from_fork+0x116/0x1d0 [ 11.138078] ? __pfx_kthread+0x10/0x10 [ 11.138099] ret_from_fork_asm+0x1a/0x30 [ 11.138131] </TASK> [ 11.138142] [ 11.151972] Allocated by task 187: [ 11.152335] kasan_save_stack+0x45/0x70 [ 11.152822] kasan_save_track+0x18/0x40 [ 11.153082] kasan_save_alloc_info+0x3b/0x50 [ 11.153244] __kasan_kmalloc+0xb7/0xc0 [ 11.153639] __kmalloc_cache_noprof+0x189/0x420 [ 11.154078] kmalloc_oob_in_memset+0xac/0x320 [ 11.154518] kunit_try_run_case+0x1a5/0x480 [ 11.154874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.155379] kthread+0x337/0x6f0 [ 11.155505] ret_from_fork+0x116/0x1d0 [ 11.155648] ret_from_fork_asm+0x1a/0x30 [ 11.155786] [ 11.155858] The buggy address belongs to the object at ffff8881026a8700 [ 11.155858] which belongs to the cache kmalloc-128 of size 128 [ 11.156234] The buggy address is located 0 bytes inside of [ 11.156234] allocated 120-byte region [ffff8881026a8700, ffff8881026a8778) [ 11.156594] [ 11.156700] The buggy address belongs to the physical page: [ 11.156962] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 11.157250] flags: 0x200000000000000(node=0|zone=2) [ 11.157416] page_type: f5(slab) [ 11.157699] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.158050] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.158352] page dumped because: kasan: bad access detected [ 11.158688] [ 11.158759] Memory state around the buggy address: [ 11.158991] ffff8881026a8600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.159223] ffff8881026a8680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.159532] >ffff8881026a8700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.159813] ^ [ 11.160023] ffff8881026a8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.160448] ffff8881026a8800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.160727] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.092864] ================================================================== [ 11.093416] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.094271] Read of size 16 at addr ffff888101c86980 by task kunit_try_catch/185 [ 11.095042] [ 11.095135] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.095210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.095222] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.095242] Call Trace: [ 11.095254] <TASK> [ 11.095270] dump_stack_lvl+0x73/0xb0 [ 11.095318] print_report+0xd1/0x650 [ 11.095341] ? __virt_addr_valid+0x1db/0x2d0 [ 11.095388] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.095409] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.095431] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.095452] kasan_report+0x141/0x180 [ 11.095519] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.095546] __asan_report_load16_noabort+0x18/0x20 [ 11.095566] kmalloc_uaf_16+0x47b/0x4c0 [ 11.095587] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.095609] ? __schedule+0x10cc/0x2b60 [ 11.095641] ? __pfx_read_tsc+0x10/0x10 [ 11.095662] ? ktime_get_ts64+0x86/0x230 [ 11.095688] kunit_try_run_case+0x1a5/0x480 [ 11.095713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.095734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.095757] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.095778] ? __kthread_parkme+0x82/0x180 [ 11.095799] ? preempt_count_sub+0x50/0x80 [ 11.095824] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.095846] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.095869] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.095891] kthread+0x337/0x6f0 [ 11.095910] ? trace_preempt_on+0x20/0xc0 [ 11.095934] ? __pfx_kthread+0x10/0x10 [ 11.095956] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.095976] ? calculate_sigpending+0x7b/0xa0 [ 11.096000] ? __pfx_kthread+0x10/0x10 [ 11.096021] ret_from_fork+0x116/0x1d0 [ 11.096039] ? __pfx_kthread+0x10/0x10 [ 11.096059] ret_from_fork_asm+0x1a/0x30 [ 11.096091] </TASK> [ 11.096101] [ 11.107367] Allocated by task 185: [ 11.107789] kasan_save_stack+0x45/0x70 [ 11.108189] kasan_save_track+0x18/0x40 [ 11.108746] kasan_save_alloc_info+0x3b/0x50 [ 11.109247] __kasan_kmalloc+0xb7/0xc0 [ 11.109600] __kmalloc_cache_noprof+0x189/0x420 [ 11.110080] kmalloc_uaf_16+0x15b/0x4c0 [ 11.110603] kunit_try_run_case+0x1a5/0x480 [ 11.111025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.111627] kthread+0x337/0x6f0 [ 11.112027] ret_from_fork+0x116/0x1d0 [ 11.112425] ret_from_fork_asm+0x1a/0x30 [ 11.112885] [ 11.113057] Freed by task 185: [ 11.113369] kasan_save_stack+0x45/0x70 [ 11.113774] kasan_save_track+0x18/0x40 [ 11.114126] kasan_save_free_info+0x3f/0x60 [ 11.114590] __kasan_slab_free+0x56/0x70 [ 11.115018] kfree+0x222/0x3f0 [ 11.115322] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.115710] kunit_try_run_case+0x1a5/0x480 [ 11.116206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.116791] kthread+0x337/0x6f0 [ 11.117115] ret_from_fork+0x116/0x1d0 [ 11.117519] ret_from_fork_asm+0x1a/0x30 [ 11.117948] [ 11.118123] The buggy address belongs to the object at ffff888101c86980 [ 11.118123] which belongs to the cache kmalloc-16 of size 16 [ 11.119300] The buggy address is located 0 bytes inside of [ 11.119300] freed 16-byte region [ffff888101c86980, ffff888101c86990) [ 11.120222] [ 11.120303] The buggy address belongs to the physical page: [ 11.120476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101c86 [ 11.121193] flags: 0x200000000000000(node=0|zone=2) [ 11.121707] page_type: f5(slab) [ 11.122014] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.122676] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.123013] page dumped because: kasan: bad access detected [ 11.123191] [ 11.123356] Memory state around the buggy address: [ 11.123836] ffff888101c86880: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.124578] ffff888101c86900: fa fb fc fc fa fb fc fc fa fb fc fc 00 00 fc fc [ 11.125328] >ffff888101c86980: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.125788] ^ [ 11.126089] ffff888101c86a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.126734] ffff888101c86a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.126961] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 12.973089] ================================================================== [ 12.973559] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 12.974541] Read of size 1 at addr ffff888102b5fc4a by task kunit_try_catch/270 [ 12.975243] [ 12.975376] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.975425] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.975437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.975459] Call Trace: [ 12.975472] <TASK> [ 12.975487] dump_stack_lvl+0x73/0xb0 [ 12.975524] print_report+0xd1/0x650 [ 12.975547] ? __virt_addr_valid+0x1db/0x2d0 [ 12.975570] ? kasan_alloca_oob_right+0x329/0x390 [ 12.975593] ? kasan_addr_to_slab+0x11/0xa0 [ 12.975623] ? kasan_alloca_oob_right+0x329/0x390 [ 12.975646] kasan_report+0x141/0x180 [ 12.975669] ? kasan_alloca_oob_right+0x329/0x390 [ 12.975697] __asan_report_load1_noabort+0x18/0x20 [ 12.975718] kasan_alloca_oob_right+0x329/0x390 [ 12.975742] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.975765] ? finish_task_switch.isra.0+0x153/0x700 [ 12.975798] ? schedule+0x1ce/0x2e0 [ 12.975818] ? trace_hardirqs_on+0x37/0xe0 [ 12.975843] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 12.975870] ? __schedule+0x10cc/0x2b60 [ 12.975890] ? __pfx_read_tsc+0x10/0x10 [ 12.975912] ? ktime_get_ts64+0x86/0x230 [ 12.975935] kunit_try_run_case+0x1a5/0x480 [ 12.975960] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.975982] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.976004] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.976025] ? __kthread_parkme+0x82/0x180 [ 12.976048] ? preempt_count_sub+0x50/0x80 [ 12.976071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.976094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.976117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.976140] kthread+0x337/0x6f0 [ 12.976160] ? trace_preempt_on+0x20/0xc0 [ 12.976197] ? __pfx_kthread+0x10/0x10 [ 12.976219] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.976239] ? calculate_sigpending+0x7b/0xa0 [ 12.976263] ? __pfx_kthread+0x10/0x10 [ 12.976284] ret_from_fork+0x116/0x1d0 [ 12.976302] ? __pfx_kthread+0x10/0x10 [ 12.976322] ret_from_fork_asm+0x1a/0x30 [ 12.976354] </TASK> [ 12.976364] [ 12.991145] The buggy address belongs to stack of task kunit_try_catch/270 [ 12.991803] [ 12.992026] The buggy address belongs to the physical page: [ 12.992569] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b5f [ 12.993016] flags: 0x200000000000000(node=0|zone=2) [ 12.993204] raw: 0200000000000000 0000000000000000 ffffea00040ad7c8 0000000000000000 [ 12.993957] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.994849] page dumped because: kasan: bad access detected [ 12.995436] [ 12.995543] Memory state around the buggy address: [ 12.996047] ffff888102b5fb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.996325] ffff888102b5fb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.996554] >ffff888102b5fc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 12.997218] ^ [ 12.997779] ffff888102b5fc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 12.998250] ffff888102b5fd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.998962] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 12.946672] ================================================================== [ 12.947141] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 12.947485] Read of size 1 at addr ffff888102b47c3f by task kunit_try_catch/268 [ 12.947808] [ 12.947891] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.947936] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.948272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.948299] Call Trace: [ 12.948311] <TASK> [ 12.948325] dump_stack_lvl+0x73/0xb0 [ 12.948356] print_report+0xd1/0x650 [ 12.948378] ? __virt_addr_valid+0x1db/0x2d0 [ 12.948402] ? kasan_alloca_oob_left+0x320/0x380 [ 12.948425] ? kasan_addr_to_slab+0x11/0xa0 [ 12.948447] ? kasan_alloca_oob_left+0x320/0x380 [ 12.948471] kasan_report+0x141/0x180 [ 12.948493] ? kasan_alloca_oob_left+0x320/0x380 [ 12.948522] __asan_report_load1_noabort+0x18/0x20 [ 12.948544] kasan_alloca_oob_left+0x320/0x380 [ 12.948569] ? finish_task_switch.isra.0+0x153/0x700 [ 12.948592] ? schedule+0x1ce/0x2e0 [ 12.948627] ? trace_hardirqs_on+0x37/0xe0 [ 12.948653] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 12.948679] ? __schedule+0x10cc/0x2b60 [ 12.948700] ? __pfx_read_tsc+0x10/0x10 [ 12.948722] ? ktime_get_ts64+0x86/0x230 [ 12.948747] kunit_try_run_case+0x1a5/0x480 [ 12.948772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.948794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.948816] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.948839] ? __kthread_parkme+0x82/0x180 [ 12.948860] ? preempt_count_sub+0x50/0x80 [ 12.948884] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.948908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.948931] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.948953] kthread+0x337/0x6f0 [ 12.948973] ? trace_preempt_on+0x20/0xc0 [ 12.948996] ? __pfx_kthread+0x10/0x10 [ 12.949017] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.949038] ? calculate_sigpending+0x7b/0xa0 [ 12.949062] ? __pfx_kthread+0x10/0x10 [ 12.949093] ret_from_fork+0x116/0x1d0 [ 12.949111] ? __pfx_kthread+0x10/0x10 [ 12.949132] ret_from_fork_asm+0x1a/0x30 [ 12.949164] </TASK> [ 12.949176] [ 12.962523] The buggy address belongs to stack of task kunit_try_catch/268 [ 12.963251] [ 12.963603] The buggy address belongs to the physical page: [ 12.963877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b47 [ 12.964121] flags: 0x200000000000000(node=0|zone=2) [ 12.964496] raw: 0200000000000000 0000000000000000 ffffea00040ad1c8 0000000000000000 [ 12.965255] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.966037] page dumped because: kasan: bad access detected [ 12.966771] [ 12.966945] Memory state around the buggy address: [ 12.967403] ffff888102b47b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.967984] ffff888102b47b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.968238] >ffff888102b47c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 12.969000] ^ [ 12.969578] ffff888102b47c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 12.969991] ffff888102b47d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.970242] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 12.925831] ================================================================== [ 12.926502] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 12.926877] Read of size 1 at addr ffff888102b7fd02 by task kunit_try_catch/266 [ 12.927177] [ 12.927311] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.927358] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.927371] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.927391] Call Trace: [ 12.927405] <TASK> [ 12.927420] dump_stack_lvl+0x73/0xb0 [ 12.927450] print_report+0xd1/0x650 [ 12.927473] ? __virt_addr_valid+0x1db/0x2d0 [ 12.927499] ? kasan_stack_oob+0x2b5/0x300 [ 12.927520] ? kasan_addr_to_slab+0x11/0xa0 [ 12.927593] ? kasan_stack_oob+0x2b5/0x300 [ 12.927626] kasan_report+0x141/0x180 [ 12.927650] ? kasan_stack_oob+0x2b5/0x300 [ 12.927676] __asan_report_load1_noabort+0x18/0x20 [ 12.927697] kasan_stack_oob+0x2b5/0x300 [ 12.927719] ? __pfx_kasan_stack_oob+0x10/0x10 [ 12.927739] ? finish_task_switch.isra.0+0x153/0x700 [ 12.927763] ? __switch_to+0x47/0xf50 [ 12.927791] ? __schedule+0x10cc/0x2b60 [ 12.927815] ? __pfx_read_tsc+0x10/0x10 [ 12.927837] ? ktime_get_ts64+0x86/0x230 [ 12.927863] kunit_try_run_case+0x1a5/0x480 [ 12.927889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.927911] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.927935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.927958] ? __kthread_parkme+0x82/0x180 [ 12.927980] ? preempt_count_sub+0x50/0x80 [ 12.928004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.928029] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.928053] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.928076] kthread+0x337/0x6f0 [ 12.928097] ? trace_preempt_on+0x20/0xc0 [ 12.928122] ? __pfx_kthread+0x10/0x10 [ 12.928144] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.928165] ? calculate_sigpending+0x7b/0xa0 [ 12.928200] ? __pfx_kthread+0x10/0x10 [ 12.928224] ret_from_fork+0x116/0x1d0 [ 12.928242] ? __pfx_kthread+0x10/0x10 [ 12.928264] ret_from_fork_asm+0x1a/0x30 [ 12.928298] </TASK> [ 12.928309] [ 12.935823] The buggy address belongs to stack of task kunit_try_catch/266 [ 12.936213] and is located at offset 138 in frame: [ 12.936455] kasan_stack_oob+0x0/0x300 [ 12.936870] [ 12.936986] This frame has 4 objects: [ 12.937208] [48, 49) '__assertion' [ 12.937233] [64, 72) 'array' [ 12.937417] [96, 112) '__assertion' [ 12.937691] [128, 138) 'stack_array' [ 12.937843] [ 12.938034] The buggy address belongs to the physical page: [ 12.938283] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b7f [ 12.938808] flags: 0x200000000000000(node=0|zone=2) [ 12.939167] raw: 0200000000000000 0000000000000000 ffffea00040adfc8 0000000000000000 [ 12.939476] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.939832] page dumped because: kasan: bad access detected [ 12.940025] [ 12.940122] Memory state around the buggy address: [ 12.940476] ffff888102b7fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.940702] ffff888102b7fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 12.941042] >ffff888102b7fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.941633] ^ [ 12.941806] ffff888102b7fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 12.942072] ffff888102b7fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.942509] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 12.903330] ================================================================== [ 12.904106] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 12.904517] Read of size 1 at addr ffffffff9445ef0d by task kunit_try_catch/262 [ 12.905009] [ 12.905155] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.905218] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.905231] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.905253] Call Trace: [ 12.905267] <TASK> [ 12.905283] dump_stack_lvl+0x73/0xb0 [ 12.905314] print_report+0xd1/0x650 [ 12.905338] ? __virt_addr_valid+0x1db/0x2d0 [ 12.905364] ? kasan_global_oob_right+0x286/0x2d0 [ 12.905387] ? kasan_addr_to_slab+0x11/0xa0 [ 12.905410] ? kasan_global_oob_right+0x286/0x2d0 [ 12.905432] kasan_report+0x141/0x180 [ 12.905455] ? kasan_global_oob_right+0x286/0x2d0 [ 12.905483] __asan_report_load1_noabort+0x18/0x20 [ 12.905504] kasan_global_oob_right+0x286/0x2d0 [ 12.905609] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 12.905650] ? __kasan_check_write+0x18/0x20 [ 12.905671] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.905697] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 12.905722] ? __pfx_read_tsc+0x10/0x10 [ 12.905745] ? ktime_get_ts64+0x86/0x230 [ 12.905772] kunit_try_run_case+0x1a5/0x480 [ 12.905798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.905820] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 12.905842] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.905865] ? __kthread_parkme+0x82/0x180 [ 12.905887] ? preempt_count_sub+0x50/0x80 [ 12.905912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.905937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.905960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.905984] kthread+0x337/0x6f0 [ 12.906004] ? trace_preempt_on+0x20/0xc0 [ 12.906029] ? __pfx_kthread+0x10/0x10 [ 12.906050] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.906071] ? calculate_sigpending+0x7b/0xa0 [ 12.906095] ? __pfx_kthread+0x10/0x10 [ 12.906117] ret_from_fork+0x116/0x1d0 [ 12.906135] ? __pfx_kthread+0x10/0x10 [ 12.906158] ret_from_fork_asm+0x1a/0x30 [ 12.906199] </TASK> [ 12.906211] [ 12.914506] The buggy address belongs to the variable: [ 12.914752] global_array+0xd/0x40 [ 12.914943] [ 12.915035] The buggy address belongs to the physical page: [ 12.915399] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16e65e [ 12.915656] flags: 0x200000000002000(reserved|node=0|zone=2) [ 12.915933] raw: 0200000000002000 ffffea0005b99788 ffffea0005b99788 0000000000000000 [ 12.916330] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 12.916558] page dumped because: kasan: bad access detected [ 12.916745] [ 12.916839] Memory state around the buggy address: [ 12.917063] ffffffff9445ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.917693] ffffffff9445ee80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.917920] >ffffffff9445ef00: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 12.918204] ^ [ 12.918386] ffffffff9445ef80: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 12.918994] ffffffff9445f000: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 12.919461] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 12.881718] ================================================================== [ 12.882206] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.882907] Free of addr ffff888102ab8001 by task kunit_try_catch/260 [ 12.883208] [ 12.883305] CPU: 1 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.883356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.883369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.883390] Call Trace: [ 12.883402] <TASK> [ 12.883418] dump_stack_lvl+0x73/0xb0 [ 12.883449] print_report+0xd1/0x650 [ 12.883472] ? __virt_addr_valid+0x1db/0x2d0 [ 12.883499] ? kasan_addr_to_slab+0x11/0xa0 [ 12.883520] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883547] kasan_report_invalid_free+0x10a/0x130 [ 12.883573] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883602] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883640] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.883664] mempool_free+0x2ec/0x380 [ 12.883689] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.883716] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.883746] ? finish_task_switch.isra.0+0x153/0x700 [ 12.883774] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.883799] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.883826] ? __kasan_check_write+0x18/0x20 [ 12.883847] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.883867] ? __pfx_mempool_kfree+0x10/0x10 [ 12.883890] ? __pfx_read_tsc+0x10/0x10 [ 12.883912] ? ktime_get_ts64+0x86/0x230 [ 12.883934] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.883960] kunit_try_run_case+0x1a5/0x480 [ 12.883987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.884010] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.884034] ? __kthread_parkme+0x82/0x180 [ 12.884057] ? preempt_count_sub+0x50/0x80 [ 12.884082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.884107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.884131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.884154] kthread+0x337/0x6f0 [ 12.884175] ? trace_preempt_on+0x20/0xc0 [ 12.884208] ? __pfx_kthread+0x10/0x10 [ 12.884229] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.884251] ? calculate_sigpending+0x7b/0xa0 [ 12.884277] ? __pfx_kthread+0x10/0x10 [ 12.884300] ret_from_fork+0x116/0x1d0 [ 12.884319] ? __pfx_kthread+0x10/0x10 [ 12.884340] ret_from_fork_asm+0x1a/0x30 [ 12.884374] </TASK> [ 12.884385] [ 12.892511] The buggy address belongs to the physical page: [ 12.892728] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8 [ 12.893076] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.893306] flags: 0x200000000000040(head|node=0|zone=2) [ 12.893482] page_type: f8(unknown) [ 12.893673] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.894026] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.894565] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.894826] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.895057] head: 0200000000000002 ffffea00040aae01 00000000ffffffff 00000000ffffffff [ 12.895609] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.895957] page dumped because: kasan: bad access detected [ 12.896241] [ 12.896337] Memory state around the buggy address: [ 12.896537] ffff888102ab7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.896816] ffff888102ab7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.897108] >ffff888102ab8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.897430] ^ [ 12.897577] ffff888102ab8080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.897867] ffff888102ab8100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.898150] ================================================================== [ 12.845001] ================================================================== [ 12.846242] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.846512] Free of addr ffff8881029ce701 by task kunit_try_catch/258 [ 12.847121] [ 12.847313] CPU: 0 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.847364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.847376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.847397] Call Trace: [ 12.847409] <TASK> [ 12.847424] dump_stack_lvl+0x73/0xb0 [ 12.847452] print_report+0xd1/0x650 [ 12.847475] ? __virt_addr_valid+0x1db/0x2d0 [ 12.847500] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.847572] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847602] kasan_report_invalid_free+0x10a/0x130 [ 12.847639] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847667] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847691] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847715] check_slab_allocation+0x11f/0x130 [ 12.847738] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.847762] mempool_free+0x2ec/0x380 [ 12.847787] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.847812] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.847841] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.847864] ? finish_task_switch.isra.0+0x153/0x700 [ 12.847889] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.847914] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.847938] ? __kasan_check_write+0x18/0x20 [ 12.847959] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.847978] ? __pfx_mempool_kfree+0x10/0x10 [ 12.848000] ? __pfx_read_tsc+0x10/0x10 [ 12.848021] ? ktime_get_ts64+0x86/0x230 [ 12.848042] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.848068] kunit_try_run_case+0x1a5/0x480 [ 12.848092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.848116] ? queued_spin_lock_slowpath+0x116/0xb40 [ 12.848139] ? __kthread_parkme+0x82/0x180 [ 12.848160] ? preempt_count_sub+0x50/0x80 [ 12.848185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.848208] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.848231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.848254] kthread+0x337/0x6f0 [ 12.848273] ? trace_preempt_on+0x20/0xc0 [ 12.848297] ? __pfx_kthread+0x10/0x10 [ 12.848318] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.848340] ? calculate_sigpending+0x7b/0xa0 [ 12.848363] ? __pfx_kthread+0x10/0x10 [ 12.848387] ret_from_fork+0x116/0x1d0 [ 12.848405] ? __pfx_kthread+0x10/0x10 [ 12.848426] ret_from_fork_asm+0x1a/0x30 [ 12.848458] </TASK> [ 12.848469] [ 12.864212] Allocated by task 258: [ 12.864683] kasan_save_stack+0x45/0x70 [ 12.865006] kasan_save_track+0x18/0x40 [ 12.865146] kasan_save_alloc_info+0x3b/0x50 [ 12.865530] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.866061] remove_element+0x11e/0x190 [ 12.866374] mempool_alloc_preallocated+0x4d/0x90 [ 12.866832] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.867338] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.867837] kunit_try_run_case+0x1a5/0x480 [ 12.868090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.868349] kthread+0x337/0x6f0 [ 12.868691] ret_from_fork+0x116/0x1d0 [ 12.869195] ret_from_fork_asm+0x1a/0x30 [ 12.869628] [ 12.869711] The buggy address belongs to the object at ffff8881029ce700 [ 12.869711] which belongs to the cache kmalloc-128 of size 128 [ 12.870070] The buggy address is located 1 bytes inside of [ 12.870070] 128-byte region [ffff8881029ce700, ffff8881029ce780) [ 12.870514] [ 12.870588] The buggy address belongs to the physical page: [ 12.870856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 12.871190] flags: 0x200000000000000(node=0|zone=2) [ 12.871432] page_type: f5(slab) [ 12.871707] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.872021] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.872275] page dumped because: kasan: bad access detected [ 12.872487] [ 12.872719] Memory state around the buggy address: [ 12.872959] ffff8881029ce600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.873265] ffff8881029ce680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.873557] >ffff8881029ce700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.873840] ^ [ 12.874006] ffff8881029ce780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.874332] ffff8881029ce800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.874639] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 12.784968] ================================================================== [ 12.785471] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 12.785804] Free of addr ffff888102ab8000 by task kunit_try_catch/254 [ 12.786092] [ 12.786199] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.786248] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.786260] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.786282] Call Trace: [ 12.786296] <TASK> [ 12.786312] dump_stack_lvl+0x73/0xb0 [ 12.786342] print_report+0xd1/0x650 [ 12.786364] ? __virt_addr_valid+0x1db/0x2d0 [ 12.786390] ? kasan_addr_to_slab+0x11/0xa0 [ 12.786410] ? mempool_double_free_helper+0x184/0x370 [ 12.786435] kasan_report_invalid_free+0x10a/0x130 [ 12.786461] ? mempool_double_free_helper+0x184/0x370 [ 12.786492] ? mempool_double_free_helper+0x184/0x370 [ 12.786923] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 12.786959] mempool_free+0x2ec/0x380 [ 12.786986] mempool_double_free_helper+0x184/0x370 [ 12.787012] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 12.787040] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.787065] ? finish_task_switch.isra.0+0x153/0x700 [ 12.787091] mempool_kmalloc_large_double_free+0xed/0x140 [ 12.787117] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 12.787145] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.787164] ? __pfx_mempool_kfree+0x10/0x10 [ 12.787201] ? __pfx_read_tsc+0x10/0x10 [ 12.787223] ? ktime_get_ts64+0x86/0x230 [ 12.787250] kunit_try_run_case+0x1a5/0x480 [ 12.787275] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.787297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.787321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.787344] ? __kthread_parkme+0x82/0x180 [ 12.787364] ? preempt_count_sub+0x50/0x80 [ 12.787389] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.787413] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.787436] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.787459] kthread+0x337/0x6f0 [ 12.787478] ? trace_preempt_on+0x20/0xc0 [ 12.787503] ? __pfx_kthread+0x10/0x10 [ 12.787584] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.787608] ? calculate_sigpending+0x7b/0xa0 [ 12.787647] ? __pfx_kthread+0x10/0x10 [ 12.787670] ret_from_fork+0x116/0x1d0 [ 12.787690] ? __pfx_kthread+0x10/0x10 [ 12.787711] ret_from_fork_asm+0x1a/0x30 [ 12.787743] </TASK> [ 12.787756] [ 12.802811] The buggy address belongs to the physical page: [ 12.803198] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8 [ 12.803781] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.804270] flags: 0x200000000000040(head|node=0|zone=2) [ 12.804665] page_type: f8(unknown) [ 12.804858] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.805266] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.805806] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.806134] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.806492] head: 0200000000000002 ffffea00040aae01 00000000ffffffff 00000000ffffffff [ 12.807024] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.807459] page dumped because: kasan: bad access detected [ 12.807809] [ 12.807912] Memory state around the buggy address: [ 12.808225] ffff888102ab7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.808674] ffff888102ab7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.809038] >ffff888102ab8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.809447] ^ [ 12.809642] ffff888102ab8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.810114] ffff888102ab8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.810501] ================================================================== [ 12.813718] ================================================================== [ 12.814186] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 12.814429] Free of addr ffff88810397c000 by task kunit_try_catch/256 [ 12.815160] [ 12.815550] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.815606] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.815668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.815691] Call Trace: [ 12.815705] <TASK> [ 12.815722] dump_stack_lvl+0x73/0xb0 [ 12.815754] print_report+0xd1/0x650 [ 12.815776] ? __virt_addr_valid+0x1db/0x2d0 [ 12.815802] ? kasan_addr_to_slab+0x11/0xa0 [ 12.815823] ? mempool_double_free_helper+0x184/0x370 [ 12.815847] kasan_report_invalid_free+0x10a/0x130 [ 12.815872] ? mempool_double_free_helper+0x184/0x370 [ 12.815899] ? mempool_double_free_helper+0x184/0x370 [ 12.815923] __kasan_mempool_poison_pages+0x115/0x130 [ 12.815948] mempool_free+0x290/0x380 [ 12.815971] mempool_double_free_helper+0x184/0x370 [ 12.815995] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 12.816028] mempool_page_alloc_double_free+0xe8/0x140 [ 12.816054] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 12.816082] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 12.816102] ? __pfx_mempool_free_pages+0x10/0x10 [ 12.816125] ? __pfx_read_tsc+0x10/0x10 [ 12.816145] ? ktime_get_ts64+0x86/0x230 [ 12.816170] kunit_try_run_case+0x1a5/0x480 [ 12.816196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.816284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.816309] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.816331] ? __kthread_parkme+0x82/0x180 [ 12.816353] ? preempt_count_sub+0x50/0x80 [ 12.816378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.816401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.816424] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.816447] kthread+0x337/0x6f0 [ 12.816467] ? trace_preempt_on+0x20/0xc0 [ 12.816490] ? __pfx_kthread+0x10/0x10 [ 12.816511] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.816574] ? calculate_sigpending+0x7b/0xa0 [ 12.816598] ? __pfx_kthread+0x10/0x10 [ 12.816631] ret_from_fork+0x116/0x1d0 [ 12.816650] ? __pfx_kthread+0x10/0x10 [ 12.816671] ret_from_fork_asm+0x1a/0x30 [ 12.816703] </TASK> [ 12.816714] [ 12.831956] The buggy address belongs to the physical page: [ 12.832483] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10397c [ 12.833268] flags: 0x200000000000000(node=0|zone=2) [ 12.833810] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 12.834177] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 12.834943] page dumped because: kasan: bad access detected [ 12.835306] [ 12.835378] Memory state around the buggy address: [ 12.835535] ffff88810397bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.836237] ffff88810397bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.837069] >ffff88810397c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.837526] ^ [ 12.837949] ffff88810397c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.838271] ffff88810397c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.838488] ================================================================== [ 12.742805] ================================================================== [ 12.743912] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 12.745291] Free of addr ffff8881039e2600 by task kunit_try_catch/252 [ 12.745924] [ 12.746028] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.746078] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.746091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.746112] Call Trace: [ 12.746126] <TASK> [ 12.746144] dump_stack_lvl+0x73/0xb0 [ 12.746174] print_report+0xd1/0x650 [ 12.746199] ? __virt_addr_valid+0x1db/0x2d0 [ 12.746225] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.746248] ? mempool_double_free_helper+0x184/0x370 [ 12.746273] kasan_report_invalid_free+0x10a/0x130 [ 12.746299] ? mempool_double_free_helper+0x184/0x370 [ 12.746324] ? mempool_double_free_helper+0x184/0x370 [ 12.746348] ? mempool_double_free_helper+0x184/0x370 [ 12.746370] check_slab_allocation+0x101/0x130 [ 12.746392] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.746417] mempool_free+0x2ec/0x380 [ 12.746441] mempool_double_free_helper+0x184/0x370 [ 12.746471] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 12.746496] ? update_load_avg+0x1be/0x21b0 [ 12.746525] ? finish_task_switch.isra.0+0x153/0x700 [ 12.746551] mempool_kmalloc_double_free+0xed/0x140 [ 12.746575] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 12.746602] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.746633] ? __pfx_mempool_kfree+0x10/0x10 [ 12.746655] ? __pfx_read_tsc+0x10/0x10 [ 12.746711] ? ktime_get_ts64+0x86/0x230 [ 12.746897] kunit_try_run_case+0x1a5/0x480 [ 12.746928] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.746950] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.746974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.747012] ? __kthread_parkme+0x82/0x180 [ 12.747034] ? preempt_count_sub+0x50/0x80 [ 12.747058] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.747094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.747117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.747152] kthread+0x337/0x6f0 [ 12.747173] ? trace_preempt_on+0x20/0xc0 [ 12.747197] ? __pfx_kthread+0x10/0x10 [ 12.747230] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.747250] ? calculate_sigpending+0x7b/0xa0 [ 12.747275] ? __pfx_kthread+0x10/0x10 [ 12.747308] ret_from_fork+0x116/0x1d0 [ 12.747327] ? __pfx_kthread+0x10/0x10 [ 12.747348] ret_from_fork_asm+0x1a/0x30 [ 12.747392] </TASK> [ 12.747403] [ 12.765150] Allocated by task 252: [ 12.765311] kasan_save_stack+0x45/0x70 [ 12.765803] kasan_save_track+0x18/0x40 [ 12.765998] kasan_save_alloc_info+0x3b/0x50 [ 12.766433] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.766797] remove_element+0x11e/0x190 [ 12.766964] mempool_alloc_preallocated+0x4d/0x90 [ 12.767369] mempool_double_free_helper+0x8a/0x370 [ 12.767817] mempool_kmalloc_double_free+0xed/0x140 [ 12.768151] kunit_try_run_case+0x1a5/0x480 [ 12.768321] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.768770] kthread+0x337/0x6f0 [ 12.769052] ret_from_fork+0x116/0x1d0 [ 12.769342] ret_from_fork_asm+0x1a/0x30 [ 12.769605] [ 12.769866] Freed by task 252: [ 12.770122] kasan_save_stack+0x45/0x70 [ 12.770271] kasan_save_track+0x18/0x40 [ 12.770677] kasan_save_free_info+0x3f/0x60 [ 12.770841] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.771260] mempool_free+0x2ec/0x380 [ 12.771508] mempool_double_free_helper+0x109/0x370 [ 12.771955] mempool_kmalloc_double_free+0xed/0x140 [ 12.772262] kunit_try_run_case+0x1a5/0x480 [ 12.772526] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.773012] kthread+0x337/0x6f0 [ 12.773208] ret_from_fork+0x116/0x1d0 [ 12.773596] ret_from_fork_asm+0x1a/0x30 [ 12.773757] [ 12.773878] The buggy address belongs to the object at ffff8881039e2600 [ 12.773878] which belongs to the cache kmalloc-128 of size 128 [ 12.774370] The buggy address is located 0 bytes inside of [ 12.774370] 128-byte region [ffff8881039e2600, ffff8881039e2680) [ 12.775307] [ 12.775640] The buggy address belongs to the physical page: [ 12.775895] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e2 [ 12.776456] flags: 0x200000000000000(node=0|zone=2) [ 12.776875] page_type: f5(slab) [ 12.777213] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.777779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.778221] page dumped because: kasan: bad access detected [ 12.778574] [ 12.778798] Memory state around the buggy address: [ 12.779178] ffff8881039e2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.779717] ffff8881039e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.780181] >ffff8881039e2600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.780589] ^ [ 12.780979] ffff8881039e2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.781404] ffff8881039e2700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.781904] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 12.712843] ================================================================== [ 12.713939] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.714789] Read of size 1 at addr ffff88810397c000 by task kunit_try_catch/250 [ 12.715019] [ 12.715111] CPU: 0 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.715160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.715173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.715194] Call Trace: [ 12.715206] <TASK> [ 12.715223] dump_stack_lvl+0x73/0xb0 [ 12.715254] print_report+0xd1/0x650 [ 12.715276] ? __virt_addr_valid+0x1db/0x2d0 [ 12.715299] ? mempool_uaf_helper+0x392/0x400 [ 12.715322] ? kasan_addr_to_slab+0x11/0xa0 [ 12.715343] ? mempool_uaf_helper+0x392/0x400 [ 12.715366] kasan_report+0x141/0x180 [ 12.715389] ? mempool_uaf_helper+0x392/0x400 [ 12.715418] __asan_report_load1_noabort+0x18/0x20 [ 12.715438] mempool_uaf_helper+0x392/0x400 [ 12.715462] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.715487] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.715510] ? finish_task_switch.isra.0+0x153/0x700 [ 12.715716] mempool_page_alloc_uaf+0xed/0x140 [ 12.715743] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 12.715772] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 12.715794] ? __pfx_mempool_free_pages+0x10/0x10 [ 12.715817] ? __pfx_read_tsc+0x10/0x10 [ 12.715839] ? ktime_get_ts64+0x86/0x230 [ 12.715864] kunit_try_run_case+0x1a5/0x480 [ 12.715889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.715911] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.715935] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.715958] ? __kthread_parkme+0x82/0x180 [ 12.715979] ? preempt_count_sub+0x50/0x80 [ 12.716002] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.716025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.716049] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.716071] kthread+0x337/0x6f0 [ 12.716091] ? trace_preempt_on+0x20/0xc0 [ 12.716116] ? __pfx_kthread+0x10/0x10 [ 12.716137] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.716157] ? calculate_sigpending+0x7b/0xa0 [ 12.716205] ? __pfx_kthread+0x10/0x10 [ 12.716228] ret_from_fork+0x116/0x1d0 [ 12.716247] ? __pfx_kthread+0x10/0x10 [ 12.716268] ret_from_fork_asm+0x1a/0x30 [ 12.716300] </TASK> [ 12.716312] [ 12.731798] The buggy address belongs to the physical page: [ 12.732328] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10397c [ 12.733006] flags: 0x200000000000000(node=0|zone=2) [ 12.733199] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 12.733984] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 12.734758] page dumped because: kasan: bad access detected [ 12.734934] [ 12.735006] Memory state around the buggy address: [ 12.735161] ffff88810397bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.736060] ffff88810397bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.736803] >ffff88810397c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.737599] ^ [ 12.737999] ffff88810397c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.738369] ffff88810397c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.739106] ================================================================== [ 12.647224] ================================================================== [ 12.647714] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.648021] Read of size 1 at addr ffff888102ab8000 by task kunit_try_catch/246 [ 12.648514] [ 12.648647] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.648698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.648710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.648733] Call Trace: [ 12.648746] <TASK> [ 12.648762] dump_stack_lvl+0x73/0xb0 [ 12.648792] print_report+0xd1/0x650 [ 12.648815] ? __virt_addr_valid+0x1db/0x2d0 [ 12.648840] ? mempool_uaf_helper+0x392/0x400 [ 12.648862] ? kasan_addr_to_slab+0x11/0xa0 [ 12.648884] ? mempool_uaf_helper+0x392/0x400 [ 12.648906] kasan_report+0x141/0x180 [ 12.648930] ? mempool_uaf_helper+0x392/0x400 [ 12.648958] __asan_report_load1_noabort+0x18/0x20 [ 12.648979] mempool_uaf_helper+0x392/0x400 [ 12.649004] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.649030] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.649052] ? finish_task_switch.isra.0+0x153/0x700 [ 12.649080] mempool_kmalloc_large_uaf+0xef/0x140 [ 12.649104] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 12.649132] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.649152] ? __pfx_mempool_kfree+0x10/0x10 [ 12.649177] ? __pfx_read_tsc+0x10/0x10 [ 12.649200] ? ktime_get_ts64+0x86/0x230 [ 12.649229] kunit_try_run_case+0x1a5/0x480 [ 12.649256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.649278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.649302] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.649327] ? __kthread_parkme+0x82/0x180 [ 12.649348] ? preempt_count_sub+0x50/0x80 [ 12.649373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.649397] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.649420] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.649445] kthread+0x337/0x6f0 [ 12.649465] ? trace_preempt_on+0x20/0xc0 [ 12.649490] ? __pfx_kthread+0x10/0x10 [ 12.649512] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.649532] ? calculate_sigpending+0x7b/0xa0 [ 12.649557] ? __pfx_kthread+0x10/0x10 [ 12.649580] ret_from_fork+0x116/0x1d0 [ 12.649599] ? __pfx_kthread+0x10/0x10 [ 12.649629] ret_from_fork_asm+0x1a/0x30 [ 12.649661] </TASK> [ 12.649673] [ 12.659587] The buggy address belongs to the physical page: [ 12.659873] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ab8 [ 12.660537] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.660865] flags: 0x200000000000040(head|node=0|zone=2) [ 12.661189] page_type: f8(unknown) [ 12.661523] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.661925] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.662339] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.662777] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.663234] head: 0200000000000002 ffffea00040aae01 00000000ffffffff 00000000ffffffff [ 12.663669] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.664056] page dumped because: kasan: bad access detected [ 12.664376] [ 12.664458] Memory state around the buggy address: [ 12.664847] ffff888102ab7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.665298] ffff888102ab7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.665601] >ffff888102ab8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.665924] ^ [ 12.666084] ffff888102ab8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.666658] ffff888102ab8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.667029] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 12.614902] ================================================================== [ 12.615431] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.615933] Read of size 1 at addr ffff8881039e2200 by task kunit_try_catch/244 [ 12.616244] [ 12.616355] CPU: 1 UID: 0 PID: 244 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.616407] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.616420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.616441] Call Trace: [ 12.616454] <TASK> [ 12.616472] dump_stack_lvl+0x73/0xb0 [ 12.616504] print_report+0xd1/0x650 [ 12.616528] ? __virt_addr_valid+0x1db/0x2d0 [ 12.616554] ? mempool_uaf_helper+0x392/0x400 [ 12.616577] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.616601] ? mempool_uaf_helper+0x392/0x400 [ 12.616640] kasan_report+0x141/0x180 [ 12.616663] ? mempool_uaf_helper+0x392/0x400 [ 12.616691] __asan_report_load1_noabort+0x18/0x20 [ 12.616715] mempool_uaf_helper+0x392/0x400 [ 12.616739] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.616764] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.616786] ? irqentry_exit+0x2a/0x60 [ 12.616808] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.616834] mempool_kmalloc_uaf+0xef/0x140 [ 12.616857] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.616884] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.616904] ? __pfx_mempool_kfree+0x10/0x10 [ 12.616925] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.616951] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.616976] kunit_try_run_case+0x1a5/0x480 [ 12.617001] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.617023] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.617046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.617068] ? __kthread_parkme+0x82/0x180 [ 12.617090] ? preempt_count_sub+0x50/0x80 [ 12.617116] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.617140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.617165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.617198] kthread+0x337/0x6f0 [ 12.617218] ? trace_preempt_on+0x20/0xc0 [ 12.617242] ? __pfx_kthread+0x10/0x10 [ 12.617264] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.617285] ? calculate_sigpending+0x7b/0xa0 [ 12.617310] ? __pfx_kthread+0x10/0x10 [ 12.617333] ret_from_fork+0x116/0x1d0 [ 12.617352] ? __pfx_kthread+0x10/0x10 [ 12.617373] ret_from_fork_asm+0x1a/0x30 [ 12.617406] </TASK> [ 12.617418] [ 12.626702] Allocated by task 244: [ 12.627027] kasan_save_stack+0x45/0x70 [ 12.627347] kasan_save_track+0x18/0x40 [ 12.627660] kasan_save_alloc_info+0x3b/0x50 [ 12.627872] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.628113] remove_element+0x11e/0x190 [ 12.628642] mempool_alloc_preallocated+0x4d/0x90 [ 12.628899] mempool_uaf_helper+0x96/0x400 [ 12.629215] mempool_kmalloc_uaf+0xef/0x140 [ 12.629598] kunit_try_run_case+0x1a5/0x480 [ 12.629926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.630489] kthread+0x337/0x6f0 [ 12.630720] ret_from_fork+0x116/0x1d0 [ 12.630910] ret_from_fork_asm+0x1a/0x30 [ 12.631098] [ 12.631421] Freed by task 244: [ 12.631638] kasan_save_stack+0x45/0x70 [ 12.631959] kasan_save_track+0x18/0x40 [ 12.632154] kasan_save_free_info+0x3f/0x60 [ 12.632495] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.632735] mempool_free+0x2ec/0x380 [ 12.632904] mempool_uaf_helper+0x11a/0x400 [ 12.633097] mempool_kmalloc_uaf+0xef/0x140 [ 12.633729] kunit_try_run_case+0x1a5/0x480 [ 12.634012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.634440] kthread+0x337/0x6f0 [ 12.634767] ret_from_fork+0x116/0x1d0 [ 12.635074] ret_from_fork_asm+0x1a/0x30 [ 12.635470] [ 12.635742] The buggy address belongs to the object at ffff8881039e2200 [ 12.635742] which belongs to the cache kmalloc-128 of size 128 [ 12.636438] The buggy address is located 0 bytes inside of [ 12.636438] freed 128-byte region [ffff8881039e2200, ffff8881039e2280) [ 12.637122] [ 12.637424] The buggy address belongs to the physical page: [ 12.637770] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e2 [ 12.638111] flags: 0x200000000000000(node=0|zone=2) [ 12.638725] page_type: f5(slab) [ 12.638976] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.639513] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.640027] page dumped because: kasan: bad access detected [ 12.640596] [ 12.640698] Memory state around the buggy address: [ 12.640920] ffff8881039e2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.641458] ffff8881039e2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.641922] >ffff8881039e2200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.642529] ^ [ 12.642709] ffff8881039e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.643008] ffff8881039e2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.643537] ================================================================== [ 12.670824] ================================================================== [ 12.671315] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.671552] Read of size 1 at addr ffff8881029e4240 by task kunit_try_catch/248 [ 12.672028] [ 12.672286] CPU: 0 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.672348] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.672361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.672383] Call Trace: [ 12.672396] <TASK> [ 12.672424] dump_stack_lvl+0x73/0xb0 [ 12.672476] print_report+0xd1/0x650 [ 12.672499] ? __virt_addr_valid+0x1db/0x2d0 [ 12.672524] ? mempool_uaf_helper+0x392/0x400 [ 12.672546] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.672569] ? mempool_uaf_helper+0x392/0x400 [ 12.672591] kasan_report+0x141/0x180 [ 12.672624] ? mempool_uaf_helper+0x392/0x400 [ 12.672692] __asan_report_load1_noabort+0x18/0x20 [ 12.672714] mempool_uaf_helper+0x392/0x400 [ 12.672764] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.672812] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.672854] ? finish_task_switch.isra.0+0x153/0x700 [ 12.672881] mempool_slab_uaf+0xea/0x140 [ 12.672900] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 12.672933] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.672953] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.672975] ? __pfx_read_tsc+0x10/0x10 [ 12.672996] ? ktime_get_ts64+0x86/0x230 [ 12.673022] kunit_try_run_case+0x1a5/0x480 [ 12.673046] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.673068] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.673092] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.673114] ? __kthread_parkme+0x82/0x180 [ 12.673136] ? preempt_count_sub+0x50/0x80 [ 12.673159] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.673199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.673223] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.673246] kthread+0x337/0x6f0 [ 12.673266] ? trace_preempt_on+0x20/0xc0 [ 12.673289] ? __pfx_kthread+0x10/0x10 [ 12.673310] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.673330] ? calculate_sigpending+0x7b/0xa0 [ 12.673354] ? __pfx_kthread+0x10/0x10 [ 12.673376] ret_from_fork+0x116/0x1d0 [ 12.673394] ? __pfx_kthread+0x10/0x10 [ 12.673415] ret_from_fork_asm+0x1a/0x30 [ 12.673446] </TASK> [ 12.673457] [ 12.686082] Allocated by task 248: [ 12.686373] kasan_save_stack+0x45/0x70 [ 12.686969] kasan_save_track+0x18/0x40 [ 12.687388] kasan_save_alloc_info+0x3b/0x50 [ 12.687890] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.688406] remove_element+0x11e/0x190 [ 12.688817] mempool_alloc_preallocated+0x4d/0x90 [ 12.688978] mempool_uaf_helper+0x96/0x400 [ 12.689116] mempool_slab_uaf+0xea/0x140 [ 12.689377] kunit_try_run_case+0x1a5/0x480 [ 12.689911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.690427] kthread+0x337/0x6f0 [ 12.690931] ret_from_fork+0x116/0x1d0 [ 12.691334] ret_from_fork_asm+0x1a/0x30 [ 12.691575] [ 12.691659] Freed by task 248: [ 12.691771] kasan_save_stack+0x45/0x70 [ 12.691907] kasan_save_track+0x18/0x40 [ 12.692040] kasan_save_free_info+0x3f/0x60 [ 12.692182] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.692348] mempool_free+0x2ec/0x380 [ 12.692478] mempool_uaf_helper+0x11a/0x400 [ 12.692713] mempool_slab_uaf+0xea/0x140 [ 12.693075] kunit_try_run_case+0x1a5/0x480 [ 12.693473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.694051] kthread+0x337/0x6f0 [ 12.694395] ret_from_fork+0x116/0x1d0 [ 12.694998] ret_from_fork_asm+0x1a/0x30 [ 12.695396] [ 12.695638] The buggy address belongs to the object at ffff8881029e4240 [ 12.695638] which belongs to the cache test_cache of size 123 [ 12.696790] The buggy address is located 0 bytes inside of [ 12.696790] freed 123-byte region [ffff8881029e4240, ffff8881029e42bb) [ 12.697948] [ 12.698121] The buggy address belongs to the physical page: [ 12.698420] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e4 [ 12.698678] flags: 0x200000000000000(node=0|zone=2) [ 12.698842] page_type: f5(slab) [ 12.698972] raw: 0200000000000000 ffff888101ce88c0 dead000000000122 0000000000000000 [ 12.699204] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.699427] page dumped because: kasan: bad access detected [ 12.699597] [ 12.699772] Memory state around the buggy address: [ 12.700470] ffff8881029e4100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.701174] ffff8881029e4180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.702135] >ffff8881029e4200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 12.702876] ^ [ 12.703386] ffff8881029e4280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.704157] ffff8881029e4300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.705011] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 12.560113] ================================================================== [ 12.560727] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.561057] Read of size 1 at addr ffff88810397a001 by task kunit_try_catch/240 [ 12.561468] [ 12.561592] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.561655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.561668] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.561708] Call Trace: [ 12.561722] <TASK> [ 12.561741] dump_stack_lvl+0x73/0xb0 [ 12.561783] print_report+0xd1/0x650 [ 12.561807] ? __virt_addr_valid+0x1db/0x2d0 [ 12.561831] ? mempool_oob_right_helper+0x318/0x380 [ 12.561854] ? kasan_addr_to_slab+0x11/0xa0 [ 12.561875] ? mempool_oob_right_helper+0x318/0x380 [ 12.561899] kasan_report+0x141/0x180 [ 12.561921] ? mempool_oob_right_helper+0x318/0x380 [ 12.561950] __asan_report_load1_noabort+0x18/0x20 [ 12.561970] mempool_oob_right_helper+0x318/0x380 [ 12.561995] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.562054] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.562078] ? finish_task_switch.isra.0+0x153/0x700 [ 12.562127] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 12.562151] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.562179] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.562199] ? __pfx_mempool_kfree+0x10/0x10 [ 12.562220] ? __pfx_read_tsc+0x10/0x10 [ 12.562241] ? ktime_get_ts64+0x86/0x230 [ 12.562276] kunit_try_run_case+0x1a5/0x480 [ 12.562300] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.562322] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.562345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.562367] ? __kthread_parkme+0x82/0x180 [ 12.562388] ? preempt_count_sub+0x50/0x80 [ 12.562411] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.562435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.562458] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.562488] kthread+0x337/0x6f0 [ 12.562507] ? trace_preempt_on+0x20/0xc0 [ 12.562722] ? __pfx_kthread+0x10/0x10 [ 12.562749] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.562771] ? calculate_sigpending+0x7b/0xa0 [ 12.562796] ? __pfx_kthread+0x10/0x10 [ 12.562818] ret_from_fork+0x116/0x1d0 [ 12.562836] ? __pfx_kthread+0x10/0x10 [ 12.562857] ret_from_fork_asm+0x1a/0x30 [ 12.562888] </TASK> [ 12.562900] [ 12.573997] The buggy address belongs to the physical page: [ 12.574267] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103978 [ 12.574683] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.574906] flags: 0x200000000000040(head|node=0|zone=2) [ 12.575165] page_type: f8(unknown) [ 12.575664] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.576009] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.576349] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.576767] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.577074] head: 0200000000000002 ffffea00040e5e01 00000000ffffffff 00000000ffffffff [ 12.577427] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.577823] page dumped because: kasan: bad access detected [ 12.578093] [ 12.578201] Memory state around the buggy address: [ 12.578362] ffff888103979f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.578741] ffff888103979f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.579005] >ffff88810397a000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.579485] ^ [ 12.579641] ffff88810397a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.579995] ffff88810397a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.580335] ================================================================== [ 12.584735] ================================================================== [ 12.585253] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.585568] Read of size 1 at addr ffff8881039e22bb by task kunit_try_catch/242 [ 12.586001] [ 12.586111] CPU: 1 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.586162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.586174] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.586196] Call Trace: [ 12.586208] <TASK> [ 12.586225] dump_stack_lvl+0x73/0xb0 [ 12.586256] print_report+0xd1/0x650 [ 12.586279] ? __virt_addr_valid+0x1db/0x2d0 [ 12.586304] ? mempool_oob_right_helper+0x318/0x380 [ 12.586328] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.586351] ? mempool_oob_right_helper+0x318/0x380 [ 12.586375] kasan_report+0x141/0x180 [ 12.586398] ? mempool_oob_right_helper+0x318/0x380 [ 12.586428] __asan_report_load1_noabort+0x18/0x20 [ 12.586449] mempool_oob_right_helper+0x318/0x380 [ 12.586481] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.586508] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.586528] ? irqentry_exit+0x2a/0x60 [ 12.586550] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.586641] mempool_slab_oob_right+0xed/0x140 [ 12.586663] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.586687] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.586710] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.586732] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.586754] ? mempool_slab_oob_right+0x9/0x140 [ 12.586777] kunit_try_run_case+0x1a5/0x480 [ 12.586801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.586823] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.586846] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.586869] ? __kthread_parkme+0x82/0x180 [ 12.586890] ? preempt_count_sub+0x50/0x80 [ 12.586914] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.586938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.586962] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.586985] kthread+0x337/0x6f0 [ 12.587005] ? trace_preempt_on+0x20/0xc0 [ 12.587029] ? __pfx_kthread+0x10/0x10 [ 12.587051] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.587071] ? calculate_sigpending+0x7b/0xa0 [ 12.587096] ? __pfx_kthread+0x10/0x10 [ 12.587119] ret_from_fork+0x116/0x1d0 [ 12.587138] ? __pfx_kthread+0x10/0x10 [ 12.587158] ret_from_fork_asm+0x1a/0x30 [ 12.587204] </TASK> [ 12.587215] [ 12.598535] Allocated by task 242: [ 12.598940] kasan_save_stack+0x45/0x70 [ 12.599139] kasan_save_track+0x18/0x40 [ 12.599475] kasan_save_alloc_info+0x3b/0x50 [ 12.599888] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.600140] remove_element+0x11e/0x190 [ 12.600584] mempool_alloc_preallocated+0x4d/0x90 [ 12.600895] mempool_oob_right_helper+0x8a/0x380 [ 12.601077] mempool_slab_oob_right+0xed/0x140 [ 12.601501] kunit_try_run_case+0x1a5/0x480 [ 12.601822] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.602039] kthread+0x337/0x6f0 [ 12.602192] ret_from_fork+0x116/0x1d0 [ 12.602383] ret_from_fork_asm+0x1a/0x30 [ 12.602584] [ 12.602686] The buggy address belongs to the object at ffff8881039e2240 [ 12.602686] which belongs to the cache test_cache of size 123 [ 12.603288] The buggy address is located 0 bytes to the right of [ 12.603288] allocated 123-byte region [ffff8881039e2240, ffff8881039e22bb) [ 12.603733] [ 12.603872] The buggy address belongs to the physical page: [ 12.604131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e2 [ 12.604408] flags: 0x200000000000000(node=0|zone=2) [ 12.604659] page_type: f5(slab) [ 12.604971] raw: 0200000000000000 ffff888100faf8c0 dead000000000122 0000000000000000 [ 12.605356] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.605708] page dumped because: kasan: bad access detected [ 12.605968] [ 12.606062] Memory state around the buggy address: [ 12.606305] ffff8881039e2180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.606669] ffff8881039e2200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 12.606967] >ffff8881039e2280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 12.607228] ^ [ 12.607469] ffff8881039e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.607715] ffff8881039e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.608180] ================================================================== [ 12.528653] ================================================================== [ 12.529098] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.529779] Read of size 1 at addr ffff8881026a8e73 by task kunit_try_catch/238 [ 12.530006] [ 12.530106] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 12.530163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.530177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.530201] Call Trace: [ 12.530215] <TASK> [ 12.530237] dump_stack_lvl+0x73/0xb0 [ 12.530272] print_report+0xd1/0x650 [ 12.530296] ? __virt_addr_valid+0x1db/0x2d0 [ 12.530324] ? mempool_oob_right_helper+0x318/0x380 [ 12.530347] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.530370] ? mempool_oob_right_helper+0x318/0x380 [ 12.530420] kasan_report+0x141/0x180 [ 12.530459] ? mempool_oob_right_helper+0x318/0x380 [ 12.530509] __asan_report_load1_noabort+0x18/0x20 [ 12.530531] mempool_oob_right_helper+0x318/0x380 [ 12.530571] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.530598] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.530634] ? finish_task_switch.isra.0+0x153/0x700 [ 12.530662] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.530685] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 12.530713] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.531032] ? __pfx_mempool_kfree+0x10/0x10 [ 12.531058] ? __pfx_read_tsc+0x10/0x10 [ 12.531081] ? ktime_get_ts64+0x86/0x230 [ 12.531108] kunit_try_run_case+0x1a5/0x480 [ 12.531137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.531159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.531194] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.531218] ? __kthread_parkme+0x82/0x180 [ 12.531240] ? preempt_count_sub+0x50/0x80 [ 12.531264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.531289] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.531313] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.531336] kthread+0x337/0x6f0 [ 12.531357] ? trace_preempt_on+0x20/0xc0 [ 12.531382] ? __pfx_kthread+0x10/0x10 [ 12.531403] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.531424] ? calculate_sigpending+0x7b/0xa0 [ 12.531451] ? __pfx_kthread+0x10/0x10 [ 12.531473] ret_from_fork+0x116/0x1d0 [ 12.531492] ? __pfx_kthread+0x10/0x10 [ 12.531513] ret_from_fork_asm+0x1a/0x30 [ 12.531610] </TASK> [ 12.531635] [ 12.543866] Allocated by task 238: [ 12.544141] kasan_save_stack+0x45/0x70 [ 12.544509] kasan_save_track+0x18/0x40 [ 12.544965] kasan_save_alloc_info+0x3b/0x50 [ 12.545333] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.545789] remove_element+0x11e/0x190 [ 12.546002] mempool_alloc_preallocated+0x4d/0x90 [ 12.546330] mempool_oob_right_helper+0x8a/0x380 [ 12.546538] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.546865] kunit_try_run_case+0x1a5/0x480 [ 12.547057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.547307] kthread+0x337/0x6f0 [ 12.547773] ret_from_fork+0x116/0x1d0 [ 12.547930] ret_from_fork_asm+0x1a/0x30 [ 12.548180] [ 12.548459] The buggy address belongs to the object at ffff8881026a8e00 [ 12.548459] which belongs to the cache kmalloc-128 of size 128 [ 12.549298] The buggy address is located 0 bytes to the right of [ 12.549298] allocated 115-byte region [ffff8881026a8e00, ffff8881026a8e73) [ 12.550244] [ 12.550514] The buggy address belongs to the physical page: [ 12.550859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026a8 [ 12.551177] flags: 0x200000000000000(node=0|zone=2) [ 12.551711] page_type: f5(slab) [ 12.551998] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.552482] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.552978] page dumped because: kasan: bad access detected [ 12.553375] [ 12.553484] Memory state around the buggy address: [ 12.553867] ffff8881026a8d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.554166] ffff8881026a8d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.554674] >ffff8881026a8e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.554955] ^ [ 12.555535] ffff8881026a8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.556023] ffff8881026a8f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.556444] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 11.959425] ================================================================== [ 11.960100] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 11.960687] Read of size 1 at addr ffff888100faf640 by task kunit_try_catch/232 [ 11.961508] [ 11.961754] CPU: 1 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.961809] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.961821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.961844] Call Trace: [ 11.961857] <TASK> [ 11.961876] dump_stack_lvl+0x73/0xb0 [ 11.961907] print_report+0xd1/0x650 [ 11.961931] ? __virt_addr_valid+0x1db/0x2d0 [ 11.961957] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.961977] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.962000] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.962021] kasan_report+0x141/0x180 [ 11.962044] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.962070] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.962090] __kasan_check_byte+0x3d/0x50 [ 11.962114] kmem_cache_destroy+0x25/0x1d0 [ 11.962138] kmem_cache_double_destroy+0x1bf/0x380 [ 11.962159] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 11.962215] ? finish_task_switch.isra.0+0x153/0x700 [ 11.962241] ? __switch_to+0x47/0xf50 [ 11.962273] ? __pfx_read_tsc+0x10/0x10 [ 11.962296] ? ktime_get_ts64+0x86/0x230 [ 11.962321] kunit_try_run_case+0x1a5/0x480 [ 11.962347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.962369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.962393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.962415] ? __kthread_parkme+0x82/0x180 [ 11.962437] ? preempt_count_sub+0x50/0x80 [ 11.962460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.962490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.962513] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.962559] kthread+0x337/0x6f0 [ 11.962579] ? trace_preempt_on+0x20/0xc0 [ 11.962603] ? __pfx_kthread+0x10/0x10 [ 11.962636] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.962657] ? calculate_sigpending+0x7b/0xa0 [ 11.962682] ? __pfx_kthread+0x10/0x10 [ 11.962704] ret_from_fork+0x116/0x1d0 [ 11.962721] ? __pfx_kthread+0x10/0x10 [ 11.962742] ret_from_fork_asm+0x1a/0x30 [ 11.962774] </TASK> [ 11.962786] [ 11.976990] Allocated by task 232: [ 11.977122] kasan_save_stack+0x45/0x70 [ 11.977455] kasan_save_track+0x18/0x40 [ 11.977929] kasan_save_alloc_info+0x3b/0x50 [ 11.978348] __kasan_slab_alloc+0x91/0xa0 [ 11.978518] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.979018] __kmem_cache_create_args+0x169/0x240 [ 11.979490] kmem_cache_double_destroy+0xd5/0x380 [ 11.979829] kunit_try_run_case+0x1a5/0x480 [ 11.979982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.980160] kthread+0x337/0x6f0 [ 11.980467] ret_from_fork+0x116/0x1d0 [ 11.980932] ret_from_fork_asm+0x1a/0x30 [ 11.981321] [ 11.981485] Freed by task 232: [ 11.981866] kasan_save_stack+0x45/0x70 [ 11.982236] kasan_save_track+0x18/0x40 [ 11.982719] kasan_save_free_info+0x3f/0x60 [ 11.982957] __kasan_slab_free+0x56/0x70 [ 11.983097] kmem_cache_free+0x249/0x420 [ 11.983342] slab_kmem_cache_release+0x2e/0x40 [ 11.983787] kmem_cache_release+0x16/0x20 [ 11.984335] kobject_put+0x181/0x450 [ 11.984757] sysfs_slab_release+0x16/0x20 [ 11.985129] kmem_cache_destroy+0xf0/0x1d0 [ 11.985301] kmem_cache_double_destroy+0x14e/0x380 [ 11.985459] kunit_try_run_case+0x1a5/0x480 [ 11.985654] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.986194] kthread+0x337/0x6f0 [ 11.986513] ret_from_fork+0x116/0x1d0 [ 11.987007] ret_from_fork_asm+0x1a/0x30 [ 11.987411] [ 11.987582] The buggy address belongs to the object at ffff888100faf640 [ 11.987582] which belongs to the cache kmem_cache of size 208 [ 11.988171] The buggy address is located 0 bytes inside of [ 11.988171] freed 208-byte region [ffff888100faf640, ffff888100faf710) [ 11.989322] [ 11.989507] The buggy address belongs to the physical page: [ 11.989789] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100faf [ 11.990037] flags: 0x200000000000000(node=0|zone=2) [ 11.990213] page_type: f5(slab) [ 11.990419] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 11.990769] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 11.991312] page dumped because: kasan: bad access detected [ 11.991558] [ 11.991663] Memory state around the buggy address: [ 11.991845] ffff888100faf500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.992159] ffff888100faf580: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 11.992504] >ffff888100faf600: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 11.992926] ^ [ 11.993143] ffff888100faf680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.993509] ffff888100faf700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.993938] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 11.904725] ================================================================== [ 11.905240] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.905486] Read of size 1 at addr ffff8881029dd000 by task kunit_try_catch/230 [ 11.906887] [ 11.907178] CPU: 0 UID: 0 PID: 230 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.907234] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.907355] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.907380] Call Trace: [ 11.907395] <TASK> [ 11.907416] dump_stack_lvl+0x73/0xb0 [ 11.907449] print_report+0xd1/0x650 [ 11.907472] ? __virt_addr_valid+0x1db/0x2d0 [ 11.907497] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.907539] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.907562] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.907586] kasan_report+0x141/0x180 [ 11.907608] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.907646] __asan_report_load1_noabort+0x18/0x20 [ 11.907666] kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.907689] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 11.907711] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.907741] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 11.907769] kunit_try_run_case+0x1a5/0x480 [ 11.907794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.907815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.907837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.907859] ? __kthread_parkme+0x82/0x180 [ 11.907880] ? preempt_count_sub+0x50/0x80 [ 11.907906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.907928] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.907950] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.907972] kthread+0x337/0x6f0 [ 11.908220] ? trace_preempt_on+0x20/0xc0 [ 11.908245] ? __pfx_kthread+0x10/0x10 [ 11.908266] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.908286] ? calculate_sigpending+0x7b/0xa0 [ 11.908312] ? __pfx_kthread+0x10/0x10 [ 11.908334] ret_from_fork+0x116/0x1d0 [ 11.908352] ? __pfx_kthread+0x10/0x10 [ 11.908372] ret_from_fork_asm+0x1a/0x30 [ 11.908404] </TASK> [ 11.908415] [ 11.918855] Allocated by task 230: [ 11.918986] kasan_save_stack+0x45/0x70 [ 11.919431] kasan_save_track+0x18/0x40 [ 11.919787] kasan_save_alloc_info+0x3b/0x50 [ 11.920015] __kasan_slab_alloc+0x91/0xa0 [ 11.920272] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.920479] kmem_cache_rcu_uaf+0x155/0x510 [ 11.920814] kunit_try_run_case+0x1a5/0x480 [ 11.921127] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.921458] kthread+0x337/0x6f0 [ 11.921725] ret_from_fork+0x116/0x1d0 [ 11.921864] ret_from_fork_asm+0x1a/0x30 [ 11.922071] [ 11.922171] Freed by task 0: [ 11.922341] kasan_save_stack+0x45/0x70 [ 11.922565] kasan_save_track+0x18/0x40 [ 11.922886] kasan_save_free_info+0x3f/0x60 [ 11.923093] __kasan_slab_free+0x56/0x70 [ 11.923386] slab_free_after_rcu_debug+0xe4/0x310 [ 11.923576] rcu_core+0x66f/0x1c40 [ 11.923971] rcu_core_si+0x12/0x20 [ 11.924146] handle_softirqs+0x209/0x730 [ 11.924636] __irq_exit_rcu+0xc9/0x110 [ 11.924831] irq_exit_rcu+0x12/0x20 [ 11.924995] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.925305] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.926244] [ 11.926343] Last potentially related work creation: [ 11.927013] kasan_save_stack+0x45/0x70 [ 11.927355] kasan_record_aux_stack+0xb2/0xc0 [ 11.927664] kmem_cache_free+0x131/0x420 [ 11.927854] kmem_cache_rcu_uaf+0x194/0x510 [ 11.928039] kunit_try_run_case+0x1a5/0x480 [ 11.928466] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.928851] kthread+0x337/0x6f0 [ 11.929019] ret_from_fork+0x116/0x1d0 [ 11.929186] ret_from_fork_asm+0x1a/0x30 [ 11.929365] [ 11.929453] The buggy address belongs to the object at ffff8881029dd000 [ 11.929453] which belongs to the cache test_cache of size 200 [ 11.930652] The buggy address is located 0 bytes inside of [ 11.930652] freed 200-byte region [ffff8881029dd000, ffff8881029dd0c8) [ 11.931847] [ 11.931969] The buggy address belongs to the physical page: [ 11.932364] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029dd [ 11.933015] flags: 0x200000000000000(node=0|zone=2) [ 11.933393] page_type: f5(slab) [ 11.933878] raw: 0200000000000000 ffff888101ce8640 dead000000000122 0000000000000000 [ 11.934403] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.934828] page dumped because: kasan: bad access detected [ 11.935066] [ 11.935158] Memory state around the buggy address: [ 11.935823] ffff8881029dcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.936491] ffff8881029dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.936950] >ffff8881029dd000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.937475] ^ [ 11.937985] ffff8881029dd080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 11.938476] ffff8881029dd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.939068] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 11.837095] ================================================================== [ 11.838147] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 11.839630] Free of addr ffff8881039dd001 by task kunit_try_catch/228 [ 11.839844] [ 11.839942] CPU: 1 UID: 0 PID: 228 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.839994] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.840006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.840028] Call Trace: [ 11.840042] <TASK> [ 11.840061] dump_stack_lvl+0x73/0xb0 [ 11.840091] print_report+0xd1/0x650 [ 11.840114] ? __virt_addr_valid+0x1db/0x2d0 [ 11.840140] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.840170] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.840191] kasan_report_invalid_free+0x10a/0x130 [ 11.840217] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.840240] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.840260] check_slab_allocation+0x11f/0x130 [ 11.840282] __kasan_slab_pre_free+0x28/0x40 [ 11.840304] kmem_cache_free+0xed/0x420 [ 11.840324] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.840345] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.840368] kmem_cache_invalid_free+0x1d8/0x460 [ 11.840388] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 11.840408] ? finish_task_switch.isra.0+0x153/0x700 [ 11.840431] ? __switch_to+0x47/0xf50 [ 11.840461] ? __pfx_read_tsc+0x10/0x10 [ 11.840481] ? ktime_get_ts64+0x86/0x230 [ 11.840507] kunit_try_run_case+0x1a5/0x480 [ 11.840531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.840552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.840575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.840597] ? __kthread_parkme+0x82/0x180 [ 11.840625] ? preempt_count_sub+0x50/0x80 [ 11.840648] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.840671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.840694] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.840716] kthread+0x337/0x6f0 [ 11.840735] ? trace_preempt_on+0x20/0xc0 [ 11.840760] ? __pfx_kthread+0x10/0x10 [ 11.840780] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.840800] ? calculate_sigpending+0x7b/0xa0 [ 11.840825] ? __pfx_kthread+0x10/0x10 [ 11.840846] ret_from_fork+0x116/0x1d0 [ 11.840863] ? __pfx_kthread+0x10/0x10 [ 11.841093] ret_from_fork_asm+0x1a/0x30 [ 11.841128] </TASK> [ 11.841140] [ 11.855689] Allocated by task 228: [ 11.856000] kasan_save_stack+0x45/0x70 [ 11.856234] kasan_save_track+0x18/0x40 [ 11.856631] kasan_save_alloc_info+0x3b/0x50 [ 11.856782] __kasan_slab_alloc+0x91/0xa0 [ 11.856921] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.857074] kmem_cache_invalid_free+0x157/0x460 [ 11.857296] kunit_try_run_case+0x1a5/0x480 [ 11.857777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.858295] kthread+0x337/0x6f0 [ 11.858816] ret_from_fork+0x116/0x1d0 [ 11.859197] ret_from_fork_asm+0x1a/0x30 [ 11.859665] [ 11.859836] The buggy address belongs to the object at ffff8881039dd000 [ 11.859836] which belongs to the cache test_cache of size 200 [ 11.860817] The buggy address is located 1 bytes inside of [ 11.860817] 200-byte region [ffff8881039dd000, ffff8881039dd0c8) [ 11.861315] [ 11.861495] The buggy address belongs to the physical page: [ 11.862061] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039dd [ 11.862559] flags: 0x200000000000000(node=0|zone=2) [ 11.863030] page_type: f5(slab) [ 11.863331] raw: 0200000000000000 ffff888100faf500 dead000000000122 0000000000000000 [ 11.863949] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.864185] page dumped because: kasan: bad access detected [ 11.864357] [ 11.864437] Memory state around the buggy address: [ 11.864593] ffff8881039dcf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.864815] ffff8881039dcf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.865029] >ffff8881039dd000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.865239] ^ [ 11.865353] ffff8881039dd080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 11.865563] ffff8881039dd100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.866134] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 11.798585] ================================================================== [ 11.799088] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 11.799380] Free of addr ffff8881029db000 by task kunit_try_catch/226 [ 11.799790] [ 11.799919] CPU: 0 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.800035] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.800047] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.800069] Call Trace: [ 11.800082] <TASK> [ 11.800100] dump_stack_lvl+0x73/0xb0 [ 11.800132] print_report+0xd1/0x650 [ 11.800155] ? __virt_addr_valid+0x1db/0x2d0 [ 11.800181] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.800203] ? kmem_cache_double_free+0x1e5/0x480 [ 11.800224] kasan_report_invalid_free+0x10a/0x130 [ 11.800248] ? kmem_cache_double_free+0x1e5/0x480 [ 11.800304] ? kmem_cache_double_free+0x1e5/0x480 [ 11.800342] check_slab_allocation+0x101/0x130 [ 11.800364] __kasan_slab_pre_free+0x28/0x40 [ 11.800384] kmem_cache_free+0xed/0x420 [ 11.800405] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.800425] ? kmem_cache_double_free+0x1e5/0x480 [ 11.800448] kmem_cache_double_free+0x1e5/0x480 [ 11.800468] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 11.800488] ? finish_task_switch.isra.0+0x153/0x700 [ 11.800512] ? __switch_to+0x47/0xf50 [ 11.800642] ? __pfx_read_tsc+0x10/0x10 [ 11.800668] ? ktime_get_ts64+0x86/0x230 [ 11.800693] kunit_try_run_case+0x1a5/0x480 [ 11.800718] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.800739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.800791] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.800813] ? __kthread_parkme+0x82/0x180 [ 11.800834] ? preempt_count_sub+0x50/0x80 [ 11.800857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.800880] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.800902] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.800925] kthread+0x337/0x6f0 [ 11.800944] ? trace_preempt_on+0x20/0xc0 [ 11.800968] ? __pfx_kthread+0x10/0x10 [ 11.800988] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.801008] ? calculate_sigpending+0x7b/0xa0 [ 11.801032] ? __pfx_kthread+0x10/0x10 [ 11.801053] ret_from_fork+0x116/0x1d0 [ 11.801071] ? __pfx_kthread+0x10/0x10 [ 11.801091] ret_from_fork_asm+0x1a/0x30 [ 11.801122] </TASK> [ 11.801134] [ 11.813018] Allocated by task 226: [ 11.813234] kasan_save_stack+0x45/0x70 [ 11.813542] kasan_save_track+0x18/0x40 [ 11.813939] kasan_save_alloc_info+0x3b/0x50 [ 11.814142] __kasan_slab_alloc+0x91/0xa0 [ 11.814608] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.814934] kmem_cache_double_free+0x14f/0x480 [ 11.815276] kunit_try_run_case+0x1a5/0x480 [ 11.815691] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.816053] kthread+0x337/0x6f0 [ 11.816309] ret_from_fork+0x116/0x1d0 [ 11.816508] ret_from_fork_asm+0x1a/0x30 [ 11.816947] [ 11.817040] Freed by task 226: [ 11.817406] kasan_save_stack+0x45/0x70 [ 11.817907] kasan_save_track+0x18/0x40 [ 11.818096] kasan_save_free_info+0x3f/0x60 [ 11.818406] __kasan_slab_free+0x56/0x70 [ 11.818651] kmem_cache_free+0x249/0x420 [ 11.819105] kmem_cache_double_free+0x16a/0x480 [ 11.819591] kunit_try_run_case+0x1a5/0x480 [ 11.819809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.820125] kthread+0x337/0x6f0 [ 11.820327] ret_from_fork+0x116/0x1d0 [ 11.820754] ret_from_fork_asm+0x1a/0x30 [ 11.820899] [ 11.821000] The buggy address belongs to the object at ffff8881029db000 [ 11.821000] which belongs to the cache test_cache of size 200 [ 11.821883] The buggy address is located 0 bytes inside of [ 11.821883] 200-byte region [ffff8881029db000, ffff8881029db0c8) [ 11.822508] [ 11.822828] The buggy address belongs to the physical page: [ 11.823160] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029db [ 11.823506] flags: 0x200000000000000(node=0|zone=2) [ 11.824093] page_type: f5(slab) [ 11.824411] raw: 0200000000000000 ffff888101ce8500 dead000000000122 0000000000000000 [ 11.825045] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.825506] page dumped because: kasan: bad access detected [ 11.825752] [ 11.825851] Memory state around the buggy address: [ 11.826082] ffff8881029daf00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 11.826860] ffff8881029daf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.827151] >ffff8881029db000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.827715] ^ [ 11.828029] ffff8881029db080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 11.828383] ffff8881029db100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828864] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 11.757013] ================================================================== [ 11.757398] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 11.757683] Read of size 1 at addr ffff8881039da0c8 by task kunit_try_catch/224 [ 11.758165] [ 11.758315] CPU: 1 UID: 0 PID: 224 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.758366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.758379] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.758400] Call Trace: [ 11.758413] <TASK> [ 11.758431] dump_stack_lvl+0x73/0xb0 [ 11.758461] print_report+0xd1/0x650 [ 11.758492] ? __virt_addr_valid+0x1db/0x2d0 [ 11.758516] ? kmem_cache_oob+0x402/0x530 [ 11.758586] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.758610] ? kmem_cache_oob+0x402/0x530 [ 11.758662] kasan_report+0x141/0x180 [ 11.758686] ? kmem_cache_oob+0x402/0x530 [ 11.758711] __asan_report_load1_noabort+0x18/0x20 [ 11.758732] kmem_cache_oob+0x402/0x530 [ 11.758749] ? trace_hardirqs_on+0x37/0xe0 [ 11.758774] ? __pfx_kmem_cache_oob+0x10/0x10 [ 11.758793] ? finish_task_switch.isra.0+0x153/0x700 [ 11.758815] ? __switch_to+0x47/0xf50 [ 11.758845] ? __pfx_read_tsc+0x10/0x10 [ 11.758865] ? ktime_get_ts64+0x86/0x230 [ 11.758891] kunit_try_run_case+0x1a5/0x480 [ 11.758933] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.758955] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.758993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.759015] ? __kthread_parkme+0x82/0x180 [ 11.759036] ? preempt_count_sub+0x50/0x80 [ 11.759059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.759082] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.759105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.759128] kthread+0x337/0x6f0 [ 11.759147] ? trace_preempt_on+0x20/0xc0 [ 11.759169] ? __pfx_kthread+0x10/0x10 [ 11.759202] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.759222] ? calculate_sigpending+0x7b/0xa0 [ 11.759246] ? __pfx_kthread+0x10/0x10 [ 11.759268] ret_from_fork+0x116/0x1d0 [ 11.759286] ? __pfx_kthread+0x10/0x10 [ 11.759307] ret_from_fork_asm+0x1a/0x30 [ 11.759339] </TASK> [ 11.759350] [ 11.770346] Allocated by task 224: [ 11.770725] kasan_save_stack+0x45/0x70 [ 11.770914] kasan_save_track+0x18/0x40 [ 11.771085] kasan_save_alloc_info+0x3b/0x50 [ 11.771641] __kasan_slab_alloc+0x91/0xa0 [ 11.772022] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.772366] kmem_cache_oob+0x157/0x530 [ 11.772924] kunit_try_run_case+0x1a5/0x480 [ 11.773122] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.773825] kthread+0x337/0x6f0 [ 11.774079] ret_from_fork+0x116/0x1d0 [ 11.774520] ret_from_fork_asm+0x1a/0x30 [ 11.774798] [ 11.775015] The buggy address belongs to the object at ffff8881039da000 [ 11.775015] which belongs to the cache test_cache of size 200 [ 11.775897] The buggy address is located 0 bytes to the right of [ 11.775897] allocated 200-byte region [ffff8881039da000, ffff8881039da0c8) [ 11.776910] [ 11.777014] The buggy address belongs to the physical page: [ 11.777818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039da [ 11.778159] flags: 0x200000000000000(node=0|zone=2) [ 11.778749] page_type: f5(slab) [ 11.778917] raw: 0200000000000000 ffff888100faf3c0 dead000000000122 0000000000000000 [ 11.779300] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.779955] page dumped because: kasan: bad access detected [ 11.780368] [ 11.780461] Memory state around the buggy address: [ 11.781024] ffff8881039d9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.781754] ffff8881039da000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.782202] >ffff8881039da080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 11.782834] ^ [ 11.783083] ffff8881039da100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.783951] ffff8881039da180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.784355] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 11.711636] ================================================================== [ 11.712123] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 11.712946] Read of size 8 at addr ffff8881026bb240 by task kunit_try_catch/217 [ 11.713686] [ 11.713826] CPU: 1 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.713877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.713888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.713908] Call Trace: [ 11.713920] <TASK> [ 11.713937] dump_stack_lvl+0x73/0xb0 [ 11.713966] print_report+0xd1/0x650 [ 11.713988] ? __virt_addr_valid+0x1db/0x2d0 [ 11.714011] ? workqueue_uaf+0x4d6/0x560 [ 11.714032] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.714054] ? workqueue_uaf+0x4d6/0x560 [ 11.714076] kasan_report+0x141/0x180 [ 11.714098] ? workqueue_uaf+0x4d6/0x560 [ 11.714124] __asan_report_load8_noabort+0x18/0x20 [ 11.714145] workqueue_uaf+0x4d6/0x560 [ 11.714192] ? __pfx_workqueue_uaf+0x10/0x10 [ 11.714216] ? __schedule+0x10cc/0x2b60 [ 11.714238] ? __pfx_read_tsc+0x10/0x10 [ 11.714258] ? ktime_get_ts64+0x86/0x230 [ 11.714282] kunit_try_run_case+0x1a5/0x480 [ 11.714306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.714328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.714351] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.714372] ? __kthread_parkme+0x82/0x180 [ 11.714393] ? preempt_count_sub+0x50/0x80 [ 11.714418] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.714441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.714470] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.714493] kthread+0x337/0x6f0 [ 11.714530] ? trace_preempt_on+0x20/0xc0 [ 11.714554] ? __pfx_kthread+0x10/0x10 [ 11.714575] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.714595] ? calculate_sigpending+0x7b/0xa0 [ 11.714627] ? __pfx_kthread+0x10/0x10 [ 11.714649] ret_from_fork+0x116/0x1d0 [ 11.714667] ? __pfx_kthread+0x10/0x10 [ 11.714687] ret_from_fork_asm+0x1a/0x30 [ 11.714718] </TASK> [ 11.714730] [ 11.728587] Allocated by task 217: [ 11.728929] kasan_save_stack+0x45/0x70 [ 11.729405] kasan_save_track+0x18/0x40 [ 11.729558] kasan_save_alloc_info+0x3b/0x50 [ 11.730203] __kasan_kmalloc+0xb7/0xc0 [ 11.730591] __kmalloc_cache_noprof+0x189/0x420 [ 11.731023] workqueue_uaf+0x152/0x560 [ 11.731161] kunit_try_run_case+0x1a5/0x480 [ 11.731711] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.732204] kthread+0x337/0x6f0 [ 11.732426] ret_from_fork+0x116/0x1d0 [ 11.732574] ret_from_fork_asm+0x1a/0x30 [ 11.732932] [ 11.733113] Freed by task 44: [ 11.733403] kasan_save_stack+0x45/0x70 [ 11.733669] kasan_save_track+0x18/0x40 [ 11.733815] kasan_save_free_info+0x3f/0x60 [ 11.733958] __kasan_slab_free+0x56/0x70 [ 11.734361] kfree+0x222/0x3f0 [ 11.734501] workqueue_uaf_work+0x12/0x20 [ 11.734666] process_one_work+0x5ee/0xf60 [ 11.735080] worker_thread+0x725/0x1320 [ 11.735477] kthread+0x337/0x6f0 [ 11.735872] ret_from_fork+0x116/0x1d0 [ 11.736286] ret_from_fork_asm+0x1a/0x30 [ 11.736670] [ 11.736760] Last potentially related work creation: [ 11.737183] kasan_save_stack+0x45/0x70 [ 11.737479] kasan_record_aux_stack+0xb2/0xc0 [ 11.737634] __queue_work+0x626/0xeb0 [ 11.737762] queue_work_on+0xb6/0xc0 [ 11.737911] workqueue_uaf+0x26d/0x560 [ 11.738047] kunit_try_run_case+0x1a5/0x480 [ 11.738396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.738971] kthread+0x337/0x6f0 [ 11.739334] ret_from_fork+0x116/0x1d0 [ 11.739515] ret_from_fork_asm+0x1a/0x30 [ 11.739796] [ 11.739867] The buggy address belongs to the object at ffff8881026bb240 [ 11.739867] which belongs to the cache kmalloc-32 of size 32 [ 11.741051] The buggy address is located 0 bytes inside of [ 11.741051] freed 32-byte region [ffff8881026bb240, ffff8881026bb260) [ 11.741962] [ 11.742038] The buggy address belongs to the physical page: [ 11.742251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026bb [ 11.743053] flags: 0x200000000000000(node=0|zone=2) [ 11.743518] page_type: f5(slab) [ 11.743882] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 11.744414] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 11.744651] page dumped because: kasan: bad access detected [ 11.744838] [ 11.744909] Memory state around the buggy address: [ 11.745367] ffff8881026bb100: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 11.746123] ffff8881026bb180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 11.746369] >ffff8881026bb200: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 11.747086] ^ [ 11.747635] ffff8881026bb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.748316] ffff8881026bb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.748978] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 11.667667] ================================================================== [ 11.668157] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 11.668586] Read of size 4 at addr ffff8881026bb1c0 by task swapper/1/0 [ 11.668899] [ 11.669022] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 11.669068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.669091] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.669111] Call Trace: [ 11.669138] <IRQ> [ 11.669156] dump_stack_lvl+0x73/0xb0 [ 11.669187] print_report+0xd1/0x650 [ 11.669211] ? __virt_addr_valid+0x1db/0x2d0 [ 11.669236] ? rcu_uaf_reclaim+0x50/0x60 [ 11.669258] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.669292] ? rcu_uaf_reclaim+0x50/0x60 [ 11.669314] kasan_report+0x141/0x180 [ 11.669348] ? rcu_uaf_reclaim+0x50/0x60 [ 11.669375] __asan_report_load4_noabort+0x18/0x20 [ 11.669397] rcu_uaf_reclaim+0x50/0x60 [ 11.669419] rcu_core+0x66f/0x1c40 [ 11.669449] ? __pfx_rcu_core+0x10/0x10 [ 11.669472] ? ktime_get+0x6b/0x150 [ 11.669495] ? handle_softirqs+0x18e/0x730 [ 11.669536] rcu_core_si+0x12/0x20 [ 11.669557] handle_softirqs+0x209/0x730 [ 11.669578] ? hrtimer_interrupt+0x2fe/0x780 [ 11.669620] ? __pfx_handle_softirqs+0x10/0x10 [ 11.669647] __irq_exit_rcu+0xc9/0x110 [ 11.669669] irq_exit_rcu+0x12/0x20 [ 11.669690] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.669765] </IRQ> [ 11.669806] <TASK> [ 11.669818] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.670014] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 11.670236] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d a3 76 23 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 11.670315] RSP: 0000:ffff888100877dc8 EFLAGS: 00010216 [ 11.670407] RAX: ffff8881c0577000 RBX: ffff88810085a000 RCX: ffffffff91e543e5 [ 11.670453] RDX: ffffed102a92618b RSI: 0000000000000004 RDI: 000000000001b21c [ 11.670502] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102a92618a [ 11.670561] R10: ffff888154930c53 R11: 0000000000000000 R12: 0000000000000001 [ 11.670604] R13: ffffed102010b400 R14: ffffffff93bb0a90 R15: 0000000000000000 [ 11.670674] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 11.670732] ? default_idle+0xd/0x20 [ 11.670755] arch_cpu_idle+0xd/0x20 [ 11.670777] default_idle_call+0x48/0x80 [ 11.670800] do_idle+0x379/0x4f0 [ 11.670819] ? complete+0x15b/0x1d0 [ 11.670839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.670865] ? __pfx_do_idle+0x10/0x10 [ 11.670884] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 11.670907] ? complete+0x15b/0x1d0 [ 11.670930] cpu_startup_entry+0x5c/0x70 [ 11.670951] start_secondary+0x211/0x290 [ 11.670974] ? __pfx_start_secondary+0x10/0x10 [ 11.671001] common_startup_64+0x13e/0x148 [ 11.671036] </TASK> [ 11.671048] [ 11.686657] Allocated by task 215: [ 11.687065] kasan_save_stack+0x45/0x70 [ 11.687248] kasan_save_track+0x18/0x40 [ 11.687700] kasan_save_alloc_info+0x3b/0x50 [ 11.687968] __kasan_kmalloc+0xb7/0xc0 [ 11.688102] __kmalloc_cache_noprof+0x189/0x420 [ 11.688326] rcu_uaf+0xb0/0x330 [ 11.688753] kunit_try_run_case+0x1a5/0x480 [ 11.689366] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.689927] kthread+0x337/0x6f0 [ 11.690272] ret_from_fork+0x116/0x1d0 [ 11.690709] ret_from_fork_asm+0x1a/0x30 [ 11.691078] [ 11.691153] Freed by task 0: [ 11.691444] kasan_save_stack+0x45/0x70 [ 11.691919] kasan_save_track+0x18/0x40 [ 11.692244] kasan_save_free_info+0x3f/0x60 [ 11.692504] __kasan_slab_free+0x56/0x70 [ 11.692923] kfree+0x222/0x3f0 [ 11.693171] rcu_uaf_reclaim+0x1f/0x60 [ 11.693414] rcu_core+0x66f/0x1c40 [ 11.693885] rcu_core_si+0x12/0x20 [ 11.694026] handle_softirqs+0x209/0x730 [ 11.694164] __irq_exit_rcu+0xc9/0x110 [ 11.694550] irq_exit_rcu+0x12/0x20 [ 11.695026] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.695523] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.696070] [ 11.696296] Last potentially related work creation: [ 11.696769] kasan_save_stack+0x45/0x70 [ 11.696910] kasan_record_aux_stack+0xb2/0xc0 [ 11.697053] __call_rcu_common.constprop.0+0x72/0x9d0 [ 11.697238] call_rcu+0x12/0x20 [ 11.697361] rcu_uaf+0x168/0x330 [ 11.697490] kunit_try_run_case+0x1a5/0x480 [ 11.697788] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.697959] kthread+0x337/0x6f0 [ 11.698131] ret_from_fork+0x116/0x1d0 [ 11.698396] ret_from_fork_asm+0x1a/0x30 [ 11.698989] [ 11.699112] The buggy address belongs to the object at ffff8881026bb1c0 [ 11.699112] which belongs to the cache kmalloc-32 of size 32 [ 11.700014] The buggy address is located 0 bytes inside of [ 11.700014] freed 32-byte region [ffff8881026bb1c0, ffff8881026bb1e0) [ 11.700956] [ 11.701052] The buggy address belongs to the physical page: [ 11.701412] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1026bb [ 11.701975] flags: 0x200000000000000(node=0|zone=2) [ 11.702223] page_type: f5(slab) [ 11.702428] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 11.703049] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 11.703406] page dumped because: kasan: bad access detected [ 11.703958] [ 11.704046] Memory state around the buggy address: [ 11.704510] ffff8881026bb080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 11.704929] ffff8881026bb100: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 11.705269] >ffff8881026bb180: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 11.705823] ^ [ 11.706065] ffff8881026bb200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.706694] ffff8881026bb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.707108] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 10.637230] ================================================================== [ 10.638102] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 10.638884] Read of size 1 at addr ffff888103930000 by task kunit_try_catch/171 [ 10.639532] [ 10.639634] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.639683] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.639694] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.639714] Call Trace: [ 10.639733] <TASK> [ 10.639748] dump_stack_lvl+0x73/0xb0 [ 10.639776] print_report+0xd1/0x650 [ 10.639798] ? __virt_addr_valid+0x1db/0x2d0 [ 10.639820] ? page_alloc_uaf+0x356/0x3d0 [ 10.639841] ? kasan_addr_to_slab+0x11/0xa0 [ 10.639862] ? page_alloc_uaf+0x356/0x3d0 [ 10.639884] kasan_report+0x141/0x180 [ 10.639906] ? page_alloc_uaf+0x356/0x3d0 [ 10.639933] __asan_report_load1_noabort+0x18/0x20 [ 10.639953] page_alloc_uaf+0x356/0x3d0 [ 10.639975] ? __pfx_page_alloc_uaf+0x10/0x10 [ 10.639997] ? __schedule+0x10cc/0x2b60 [ 10.640019] ? __pfx_read_tsc+0x10/0x10 [ 10.640040] ? ktime_get_ts64+0x86/0x230 [ 10.640064] kunit_try_run_case+0x1a5/0x480 [ 10.640088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.640109] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.640131] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.640153] ? __kthread_parkme+0x82/0x180 [ 10.640174] ? preempt_count_sub+0x50/0x80 [ 10.640197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.640220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.640242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.640264] kthread+0x337/0x6f0 [ 10.640283] ? trace_preempt_on+0x20/0xc0 [ 10.640305] ? __pfx_kthread+0x10/0x10 [ 10.640326] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.640345] ? calculate_sigpending+0x7b/0xa0 [ 10.640368] ? __pfx_kthread+0x10/0x10 [ 10.640390] ret_from_fork+0x116/0x1d0 [ 10.640407] ? __pfx_kthread+0x10/0x10 [ 10.640428] ret_from_fork_asm+0x1a/0x30 [ 10.640460] </TASK> [ 10.640471] [ 10.654905] The buggy address belongs to the physical page: [ 10.655444] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103930 [ 10.656335] flags: 0x200000000000000(node=0|zone=2) [ 10.656869] page_type: f0(buddy) [ 10.657277] raw: 0200000000000000 ffff88817fffd460 ffff88817fffd460 0000000000000000 [ 10.658159] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 10.658979] page dumped because: kasan: bad access detected [ 10.659418] [ 10.659493] Memory state around the buggy address: [ 10.659959] ffff88810392ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.660491] ffff88810392ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.660940] >ffff888103930000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.661157] ^ [ 10.661470] ffff888103930080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.662188] ffff888103930100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.663018] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 10.612330] ================================================================== [ 10.613026] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 10.613982] Free of addr ffff888102aa0001 by task kunit_try_catch/167 [ 10.614323] [ 10.614418] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.614466] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.614477] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.614498] Call Trace: [ 10.614510] <TASK> [ 10.614524] dump_stack_lvl+0x73/0xb0 [ 10.614579] print_report+0xd1/0x650 [ 10.614680] ? __virt_addr_valid+0x1db/0x2d0 [ 10.614709] ? kasan_addr_to_slab+0x11/0xa0 [ 10.614730] ? kfree+0x274/0x3f0 [ 10.614748] kasan_report_invalid_free+0x10a/0x130 [ 10.614773] ? kfree+0x274/0x3f0 [ 10.614793] ? kfree+0x274/0x3f0 [ 10.614810] __kasan_kfree_large+0x86/0xd0 [ 10.614831] free_large_kmalloc+0x4b/0x110 [ 10.614856] kfree+0x274/0x3f0 [ 10.614878] kmalloc_large_invalid_free+0x120/0x2b0 [ 10.614900] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 10.614925] ? __schedule+0x10cc/0x2b60 [ 10.614946] ? __pfx_read_tsc+0x10/0x10 [ 10.614967] ? ktime_get_ts64+0x86/0x230 [ 10.614990] kunit_try_run_case+0x1a5/0x480 [ 10.615013] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.615035] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.615056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.615078] ? __kthread_parkme+0x82/0x180 [ 10.615097] ? preempt_count_sub+0x50/0x80 [ 10.615121] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.615144] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.615166] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.615198] kthread+0x337/0x6f0 [ 10.615218] ? trace_preempt_on+0x20/0xc0 [ 10.615241] ? __pfx_kthread+0x10/0x10 [ 10.615262] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.615282] ? calculate_sigpending+0x7b/0xa0 [ 10.615304] ? __pfx_kthread+0x10/0x10 [ 10.615326] ret_from_fork+0x116/0x1d0 [ 10.615343] ? __pfx_kthread+0x10/0x10 [ 10.615364] ret_from_fork_asm+0x1a/0x30 [ 10.615394] </TASK> [ 10.615404] [ 10.624734] The buggy address belongs to the physical page: [ 10.625050] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0 [ 10.625449] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.625913] flags: 0x200000000000040(head|node=0|zone=2) [ 10.626354] page_type: f8(unknown) [ 10.626543] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.627113] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.627472] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.627934] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.628322] head: 0200000000000002 ffffea00040aa801 00000000ffffffff 00000000ffffffff [ 10.628786] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.629100] page dumped because: kasan: bad access detected [ 10.629379] [ 10.629497] Memory state around the buggy address: [ 10.629744] ffff888102a9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.630373] ffff888102a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.630842] >ffff888102aa0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.631148] ^ [ 10.631340] ffff888102aa0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.631641] ffff888102aa0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.632032] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 10.593699] ================================================================== [ 10.594151] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 10.594438] Read of size 1 at addr ffff888102aa0000 by task kunit_try_catch/165 [ 10.594816] [ 10.595005] CPU: 1 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.595074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.595086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.595106] Call Trace: [ 10.595116] <TASK> [ 10.595130] dump_stack_lvl+0x73/0xb0 [ 10.595159] print_report+0xd1/0x650 [ 10.595195] ? __virt_addr_valid+0x1db/0x2d0 [ 10.595218] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.595258] ? kasan_addr_to_slab+0x11/0xa0 [ 10.595280] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.595301] kasan_report+0x141/0x180 [ 10.595323] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.595349] __asan_report_load1_noabort+0x18/0x20 [ 10.595369] kmalloc_large_uaf+0x2f1/0x340 [ 10.595390] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 10.595411] ? __schedule+0x10cc/0x2b60 [ 10.595433] ? __pfx_read_tsc+0x10/0x10 [ 10.595453] ? ktime_get_ts64+0x86/0x230 [ 10.595477] kunit_try_run_case+0x1a5/0x480 [ 10.595520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.595557] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.595579] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.595602] ? __kthread_parkme+0x82/0x180 [ 10.595634] ? preempt_count_sub+0x50/0x80 [ 10.595658] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.595680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.595760] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.595787] kthread+0x337/0x6f0 [ 10.595807] ? trace_preempt_on+0x20/0xc0 [ 10.595830] ? __pfx_kthread+0x10/0x10 [ 10.595851] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.595871] ? calculate_sigpending+0x7b/0xa0 [ 10.595895] ? __pfx_kthread+0x10/0x10 [ 10.595916] ret_from_fork+0x116/0x1d0 [ 10.595934] ? __pfx_kthread+0x10/0x10 [ 10.595954] ret_from_fork_asm+0x1a/0x30 [ 10.595986] </TASK> [ 10.595996] [ 10.604016] The buggy address belongs to the physical page: [ 10.604271] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa0 [ 10.604554] flags: 0x200000000000000(node=0|zone=2) [ 10.604888] raw: 0200000000000000 ffffea00040aa908 ffff888154939f80 0000000000000000 [ 10.605371] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 10.605802] page dumped because: kasan: bad access detected [ 10.606115] [ 10.606269] Memory state around the buggy address: [ 10.606502] ffff888102a9ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.606971] ffff888102a9ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.607363] >ffff888102aa0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.607786] ^ [ 10.607976] ffff888102aa0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.608338] ffff888102aa0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.608813] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 10.570673] ================================================================== [ 10.571279] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 10.571992] Write of size 1 at addr ffff88810201600a by task kunit_try_catch/163 [ 10.572603] [ 10.572738] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.572816] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.572829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.572848] Call Trace: [ 10.572860] <TASK> [ 10.572886] dump_stack_lvl+0x73/0xb0 [ 10.572914] print_report+0xd1/0x650 [ 10.572937] ? __virt_addr_valid+0x1db/0x2d0 [ 10.572999] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.573021] ? kasan_addr_to_slab+0x11/0xa0 [ 10.573042] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.573074] kasan_report+0x141/0x180 [ 10.573096] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.573124] __asan_report_store1_noabort+0x1b/0x30 [ 10.573145] kmalloc_large_oob_right+0x2e9/0x330 [ 10.573167] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 10.573199] ? __schedule+0x10cc/0x2b60 [ 10.573221] ? __pfx_read_tsc+0x10/0x10 [ 10.573241] ? ktime_get_ts64+0x86/0x230 [ 10.573265] kunit_try_run_case+0x1a5/0x480 [ 10.573288] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.573309] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.573331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.573353] ? __kthread_parkme+0x82/0x180 [ 10.573373] ? preempt_count_sub+0x50/0x80 [ 10.573397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.573419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.573441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.573464] kthread+0x337/0x6f0 [ 10.573482] ? trace_preempt_on+0x20/0xc0 [ 10.573505] ? __pfx_kthread+0x10/0x10 [ 10.573540] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.573561] ? calculate_sigpending+0x7b/0xa0 [ 10.573584] ? __pfx_kthread+0x10/0x10 [ 10.573605] ret_from_fork+0x116/0x1d0 [ 10.573632] ? __pfx_kthread+0x10/0x10 [ 10.573652] ret_from_fork_asm+0x1a/0x30 [ 10.573683] </TASK> [ 10.573694] [ 10.583792] The buggy address belongs to the physical page: [ 10.584055] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102014 [ 10.584544] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.584866] flags: 0x200000000000040(head|node=0|zone=2) [ 10.585215] page_type: f8(unknown) [ 10.585340] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.585892] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.586450] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.586734] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.587322] head: 0200000000000002 ffffea0004080501 00000000ffffffff 00000000ffffffff [ 10.587764] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.588077] page dumped because: kasan: bad access detected [ 10.588297] [ 10.588488] Memory state around the buggy address: [ 10.588765] ffff888102015f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.589094] ffff888102015f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.589365] >ffff888102016000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.589791] ^ [ 10.590006] ffff888102016080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.590417] ffff888102016100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.590746] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 10.541138] ================================================================== [ 10.541655] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 10.541936] Write of size 1 at addr ffff8881038e9f00 by task kunit_try_catch/161 [ 10.542291] [ 10.542480] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.542596] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.542608] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.542639] Call Trace: [ 10.542652] <TASK> [ 10.542669] dump_stack_lvl+0x73/0xb0 [ 10.542699] print_report+0xd1/0x650 [ 10.542722] ? __virt_addr_valid+0x1db/0x2d0 [ 10.542746] ? kmalloc_big_oob_right+0x316/0x370 [ 10.542767] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.542789] ? kmalloc_big_oob_right+0x316/0x370 [ 10.542812] kasan_report+0x141/0x180 [ 10.542834] ? kmalloc_big_oob_right+0x316/0x370 [ 10.542861] __asan_report_store1_noabort+0x1b/0x30 [ 10.542882] kmalloc_big_oob_right+0x316/0x370 [ 10.542904] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 10.542927] ? __schedule+0x10cc/0x2b60 [ 10.542948] ? __pfx_read_tsc+0x10/0x10 [ 10.542969] ? ktime_get_ts64+0x86/0x230 [ 10.542994] kunit_try_run_case+0x1a5/0x480 [ 10.543018] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.543039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.543061] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.543083] ? __kthread_parkme+0x82/0x180 [ 10.543103] ? preempt_count_sub+0x50/0x80 [ 10.543127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.543150] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.543172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.543195] kthread+0x337/0x6f0 [ 10.543214] ? trace_preempt_on+0x20/0xc0 [ 10.543237] ? __pfx_kthread+0x10/0x10 [ 10.543257] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.543277] ? calculate_sigpending+0x7b/0xa0 [ 10.543301] ? __pfx_kthread+0x10/0x10 [ 10.543322] ret_from_fork+0x116/0x1d0 [ 10.543340] ? __pfx_kthread+0x10/0x10 [ 10.543361] ret_from_fork_asm+0x1a/0x30 [ 10.543392] </TASK> [ 10.543403] [ 10.553504] Allocated by task 161: [ 10.553778] kasan_save_stack+0x45/0x70 [ 10.554027] kasan_save_track+0x18/0x40 [ 10.554239] kasan_save_alloc_info+0x3b/0x50 [ 10.554408] __kasan_kmalloc+0xb7/0xc0 [ 10.554551] __kmalloc_cache_noprof+0x189/0x420 [ 10.555063] kmalloc_big_oob_right+0xa9/0x370 [ 10.555293] kunit_try_run_case+0x1a5/0x480 [ 10.555516] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.555901] kthread+0x337/0x6f0 [ 10.556031] ret_from_fork+0x116/0x1d0 [ 10.556215] ret_from_fork_asm+0x1a/0x30 [ 10.556446] [ 10.556634] The buggy address belongs to the object at ffff8881038e8000 [ 10.556634] which belongs to the cache kmalloc-8k of size 8192 [ 10.557454] The buggy address is located 0 bytes to the right of [ 10.557454] allocated 7936-byte region [ffff8881038e8000, ffff8881038e9f00) [ 10.558265] [ 10.558395] The buggy address belongs to the physical page: [ 10.558750] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e8 [ 10.559084] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.559520] flags: 0x200000000000040(head|node=0|zone=2) [ 10.559917] page_type: f5(slab) [ 10.560103] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.560504] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.561020] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.561383] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.561890] head: 0200000000000003 ffffea00040e3a01 00000000ffffffff 00000000ffffffff [ 10.562851] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.563152] page dumped because: kasan: bad access detected [ 10.563682] [ 10.563915] Memory state around the buggy address: [ 10.564103] ffff8881038e9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.564493] ffff8881038e9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.564921] >ffff8881038e9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.565204] ^ [ 10.565417] ffff8881038e9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.565821] ffff8881038ea000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.566199] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 10.499308] ================================================================== [ 10.500039] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.500477] Write of size 1 at addr ffff8881029ce178 by task kunit_try_catch/159 [ 10.500913] [ 10.501008] CPU: 0 UID: 0 PID: 159 Comm: kunit_try_catch Tainted: G B N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 10.501157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.501169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.501266] Call Trace: [ 10.501279] <TASK> [ 10.501293] dump_stack_lvl+0x73/0xb0 [ 10.501323] print_report+0xd1/0x650 [ 10.501345] ? __virt_addr_valid+0x1db/0x2d0 [ 10.501367] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.501392] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.501413] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.501438] kasan_report+0x141/0x180 [ 10.501460] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.501490] __asan_report_store1_noabort+0x1b/0x30 [ 10.501512] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.501694] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.501722] ? __schedule+0x10cc/0x2b60 [ 10.501746] ? __pfx_read_tsc+0x10/0x10 [ 10.501767] ? ktime_get_ts64+0x86/0x230 [ 10.501792] kunit_try_run_case+0x1a5/0x480 [ 10.501817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.501838] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.501860] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.501882] ? __kthread_parkme+0x82/0x180 [ 10.501902] ? preempt_count_sub+0x50/0x80 [ 10.501926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.501948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.501971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.501993] kthread+0x337/0x6f0 [ 10.502013] ? trace_preempt_on+0x20/0xc0 [ 10.502036] ? __pfx_kthread+0x10/0x10 [ 10.502057] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.502076] ? calculate_sigpending+0x7b/0xa0 [ 10.502100] ? __pfx_kthread+0x10/0x10 [ 10.502121] ret_from_fork+0x116/0x1d0 [ 10.502139] ? __pfx_kthread+0x10/0x10 [ 10.502159] ret_from_fork_asm+0x1a/0x30 [ 10.502190] </TASK> [ 10.502202] [ 10.513231] Allocated by task 159: [ 10.513469] kasan_save_stack+0x45/0x70 [ 10.513828] kasan_save_track+0x18/0x40 [ 10.514018] kasan_save_alloc_info+0x3b/0x50 [ 10.514380] __kasan_kmalloc+0xb7/0xc0 [ 10.514823] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.515040] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.515464] kunit_try_run_case+0x1a5/0x480 [ 10.515893] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.516237] kthread+0x337/0x6f0 [ 10.516398] ret_from_fork+0x116/0x1d0 [ 10.516865] ret_from_fork_asm+0x1a/0x30 [ 10.517092] [ 10.517174] The buggy address belongs to the object at ffff8881029ce100 [ 10.517174] which belongs to the cache kmalloc-128 of size 128 [ 10.518045] The buggy address is located 0 bytes to the right of [ 10.518045] allocated 120-byte region [ffff8881029ce100, ffff8881029ce178) [ 10.518737] [ 10.518836] The buggy address belongs to the physical page: [ 10.519080] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029ce [ 10.519587] flags: 0x200000000000000(node=0|zone=2) [ 10.519940] page_type: f5(slab) [ 10.520105] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.520553] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.521041] page dumped because: kasan: bad access detected [ 10.521411] [ 10.521488] Memory state around the buggy address: [ 10.521944] ffff8881029ce000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.522335] ffff8881029ce080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.522861] >ffff8881029ce100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.523240] ^ [ 10.523722] ffff8881029ce180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.524086] ffff8881029ce200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.524577] ==================================================================
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_gem_shmem_test_get_pages_sgtdrm-kunit-mock-device-drm-drm_warn_onrefcount_readshmem-pages_pin_count
------------[ cut here ]------------ [ 163.499969] drm-kunit-mock-device drm_gem_shmem_test_get_pages_sgt.drm-kunit-mock-device: [drm] drm_WARN_ON(refcount_read(&shmem->pages_pin_count)) [ 163.500208] WARNING: CPU: 0 PID: 2574 at drivers/gpu/drm/drm_gem_shmem_helper.c:180 drm_gem_shmem_free+0x3ed/0x6c0 [ 163.501618] Modules linked in: [ 163.501969] CPU: 0 UID: 0 PID: 2574 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 163.502721] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.502954] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.503477] RIP: 0010:drm_gem_shmem_free+0x3ed/0x6c0 [ 163.503965] Code: 85 f6 0f 84 ba 01 00 00 4c 89 e7 e8 dd 16 80 00 48 c7 c1 60 64 3e 92 4c 89 f2 48 c7 c7 20 61 3e 92 48 89 c6 e8 24 af 78 fe 90 <0f> 0b 90 90 e9 09 ff ff ff 90 48 b8 00 00 00 00 00 fc ff df 48 8d [ 163.505001] RSP: 0000:ffff88810cc77d18 EFLAGS: 00010286 [ 163.505257] RAX: 0000000000000000 RBX: ffff88810dd26400 RCX: 1ffffffff2624d20 [ 163.505741] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 163.506149] RBP: ffff88810cc77d48 R08: 0000000000000000 R09: fffffbfff2624d20 [ 163.506794] R10: 0000000000000003 R11: 0000000000039878 R12: ffff88810cc78800 [ 163.507083] R13: ffff88810dd264f8 R14: ffff888103507780 R15: ffff88810039fb40 [ 163.507532] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 163.508066] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.508306] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 163.509036] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 163.509376] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.509979] Call Trace: [ 163.510120] <TASK> [ 163.510243] ? trace_preempt_on+0x20/0xc0 [ 163.510457] ? __pfx_drm_gem_shmem_free_wrapper+0x10/0x10 [ 163.511088] drm_gem_shmem_free_wrapper+0x12/0x20 [ 163.511430] __kunit_action_free+0x57/0x70 [ 163.511904] kunit_remove_resource+0x133/0x200 [ 163.512171] ? preempt_count_sub+0x50/0x80 [ 163.512357] kunit_cleanup+0x7a/0x120 [ 163.512885] kunit_try_run_case_cleanup+0xbd/0xf0 [ 163.513241] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 163.513497] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.513963] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.514379] kthread+0x337/0x6f0 [ 163.514747] ? trace_preempt_on+0x20/0xc0 [ 163.515076] ? __pfx_kthread+0x10/0x10 [ 163.515324] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.515532] ? calculate_sigpending+0x7b/0xa0 [ 163.516107] ? __pfx_kthread+0x10/0x10 [ 163.516333] ret_from_fork+0x116/0x1d0 [ 163.516684] ? __pfx_kthread+0x10/0x10 [ 163.516866] ret_from_fork_asm+0x1a/0x30 [ 163.517233] </TASK> [ 163.517343] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-cpu-pid-at-driversgpudrmdrm_framebuffer-drm_framebuffer_init
------------[ cut here ]------------ [ 163.371385] WARNING: CPU: 0 PID: 2555 at drivers/gpu/drm/drm_framebuffer.c:867 drm_framebuffer_init+0x44/0x300 [ 163.371831] Modules linked in: [ 163.372122] CPU: 0 UID: 0 PID: 2555 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 163.372666] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.372982] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.373440] RIP: 0010:drm_framebuffer_init+0x44/0x300 [ 163.373672] Code: 56 49 89 d6 48 89 f2 41 55 48 c1 ea 03 41 54 49 89 fc 53 48 89 f3 48 83 ec 18 80 3c 02 00 0f 85 00 02 00 00 4c 39 23 74 20 90 <0f> 0b 90 41 bd ea ff ff ff 48 83 c4 18 44 89 e8 5b 41 5c 41 5d 41 [ 163.374537] RSP: 0000:ffff88810cd6fb30 EFLAGS: 00010246 [ 163.375022] RAX: dffffc0000000000 RBX: ffff88810cd6fc28 RCX: 0000000000000000 [ 163.375353] RDX: 1ffff110219adf8e RSI: ffff88810cd6fc28 RDI: ffff88810cd6fc70 [ 163.375921] RBP: ffff88810cd6fb70 R08: ffff88810c3a8000 R09: ffffffff923d6780 [ 163.376203] R10: 0000000000000003 R11: 00000000656fe547 R12: ffff88810c3a8000 [ 163.376820] R13: ffff88810039fae8 R14: ffff88810cd6fba8 R15: 0000000000000000 [ 163.377045] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 163.377367] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.377644] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 163.378036] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 163.378382] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.378760] Call Trace: [ 163.378869] <TASK> [ 163.379049] ? add_dr+0xc1/0x1d0 [ 163.379274] drm_test_framebuffer_init_bad_format+0xfc/0x240 [ 163.380089] ? add_dr+0x148/0x1d0 [ 163.380289] ? __pfx_drm_test_framebuffer_init_bad_format+0x10/0x10 [ 163.380761] ? __drmm_add_action+0x1a4/0x280 [ 163.380986] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 163.381437] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 163.381859] ? __drmm_add_action_or_reset+0x22/0x50 [ 163.382162] ? __schedule+0x10cc/0x2b60 [ 163.382634] ? __pfx_read_tsc+0x10/0x10 [ 163.382951] ? ktime_get_ts64+0x86/0x230 [ 163.383271] kunit_try_run_case+0x1a5/0x480 [ 163.383483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.383922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 163.384278] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 163.384690] ? __kthread_parkme+0x82/0x180 [ 163.384876] ? preempt_count_sub+0x50/0x80 [ 163.385103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.385340] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.385561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.386216] kthread+0x337/0x6f0 [ 163.386506] ? trace_preempt_on+0x20/0xc0 [ 163.386867] ? __pfx_kthread+0x10/0x10 [ 163.387214] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.387445] ? calculate_sigpending+0x7b/0xa0 [ 163.387916] ? __pfx_kthread+0x10/0x10 [ 163.388104] ret_from_fork+0x116/0x1d0 [ 163.388293] ? __pfx_kthread+0x10/0x10 [ 163.388468] ret_from_fork_asm+0x1a/0x30 [ 163.389000] </TASK> [ 163.389264] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-drm-kunit-mock-device-drm_test_framebuffer_freedrm-kunit-mock-device-drm-drm_warn_onlist_empty-filp_head
------------[ cut here ]------------ [ 163.339084] drm-kunit-mock-device drm_test_framebuffer_free.drm-kunit-mock-device: [drm] drm_WARN_ON(!list_empty(&fb->filp_head)) [ 163.339211] WARNING: CPU: 0 PID: 2551 at drivers/gpu/drm/drm_framebuffer.c:832 drm_framebuffer_free+0x13f/0x1c0 [ 163.340093] Modules linked in: [ 163.340331] CPU: 0 UID: 0 PID: 2551 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 163.340830] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 163.341611] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 163.341972] RIP: 0010:drm_framebuffer_free+0x13f/0x1c0 [ 163.342353] Code: 8b 7d 50 4d 85 ff 74 2b 4c 89 ef e8 eb 2f 87 00 48 c7 c1 40 17 3d 92 4c 89 fa 48 c7 c7 a0 17 3d 92 48 89 c6 e8 32 c8 7f fe 90 <0f> 0b 90 90 e9 1c ff ff ff 48 b8 00 00 00 00 00 fc ff df 4c 89 ea [ 163.343433] RSP: 0000:ffff88810cc67b68 EFLAGS: 00010282 [ 163.343845] RAX: 0000000000000000 RBX: ffff88810cc67c40 RCX: 1ffffffff2624d20 [ 163.344283] RDX: 0000000000000000 RSI: 0000000000000004 RDI: 0000000000000001 [ 163.344819] RBP: ffff88810cc67b90 R08: 0000000000000000 R09: fffffbfff2624d20 [ 163.345264] R10: 0000000000000003 R11: 0000000000037fb8 R12: ffff88810cc67c18 [ 163.345759] R13: ffff88810cb8b800 R14: ffff88810c1de000 R15: ffff88810a853780 [ 163.346193] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 163.346698] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 163.346911] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 163.347437] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 163.347898] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 163.348333] Call Trace: [ 163.348648] <TASK> [ 163.348798] drm_test_framebuffer_free+0x1ab/0x610 [ 163.349029] ? __pfx_drm_test_framebuffer_free+0x10/0x10 [ 163.349485] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 163.349975] ? __pfx_drm_mode_config_init_release+0x10/0x10 [ 163.350401] ? __drmm_add_action_or_reset+0x22/0x50 [ 163.350973] ? __schedule+0x10cc/0x2b60 [ 163.351323] ? __pfx_read_tsc+0x10/0x10 [ 163.351854] ? ktime_get_ts64+0x86/0x230 [ 163.352073] kunit_try_run_case+0x1a5/0x480 [ 163.352458] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.352767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 163.352993] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 163.353241] ? __kthread_parkme+0x82/0x180 [ 163.353436] ? preempt_count_sub+0x50/0x80 [ 163.353964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 163.354163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 163.354853] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 163.355118] kthread+0x337/0x6f0 [ 163.355310] ? trace_preempt_on+0x20/0xc0 [ 163.355514] ? __pfx_kthread+0x10/0x10 [ 163.355940] ? _raw_spin_unlock_irq+0x47/0x80 [ 163.356140] ? calculate_sigpending+0x7b/0xa0 [ 163.356431] ? __pfx_kthread+0x10/0x10 [ 163.356628] ret_from_fork+0x116/0x1d0 [ 163.356888] ? __pfx_kthread+0x10/0x10 [ 163.357083] ret_from_fork_asm+0x1a/0x30 [ 163.357300] </TASK> [ 163.357399] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-cpu-pid-at-driversgpudrmdrm_connector-drm_connector_dynamic_register
------------[ cut here ]------------ [ 162.143274] WARNING: CPU: 0 PID: 1989 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 162.144568] Modules linked in: [ 162.144752] CPU: 0 UID: 0 PID: 1989 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 162.145099] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 162.145574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 162.146001] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 162.146266] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 10 13 25 02 48 89 df e8 d8 [ 162.147182] RSP: 0000:ffff8881099ffc90 EFLAGS: 00010246 [ 162.147771] RAX: dffffc0000000000 RBX: ffff88810a89c000 RCX: 0000000000000000 [ 162.148564] RDX: 1ffff11021513832 RSI: ffffffff8f5f7418 RDI: ffff88810a89c190 [ 162.149378] RBP: ffff8881099ffca0 R08: 1ffff11020073f69 R09: ffffed102133ff65 [ 162.149929] R10: 0000000000000003 R11: ffffffff8eb82c18 R12: 0000000000000000 [ 162.150145] R13: ffff8881099ffd38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 162.150350] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 162.150615] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.150923] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 162.151352] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 162.151678] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 162.152085] Call Trace: [ 162.152273] <TASK> [ 162.152395] drm_test_drm_connector_dynamic_register_no_init+0x104/0x290 [ 162.152910] ? __pfx_drm_test_drm_connector_dynamic_register_no_init+0x10/0x10 [ 162.153256] ? __schedule+0x10cc/0x2b60 [ 162.153453] ? __pfx_read_tsc+0x10/0x10 [ 162.153872] ? ktime_get_ts64+0x86/0x230 [ 162.154057] kunit_try_run_case+0x1a5/0x480 [ 162.154310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.154569] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 162.154991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 162.155250] ? __kthread_parkme+0x82/0x180 [ 162.155464] ? preempt_count_sub+0x50/0x80 [ 162.155738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.156129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 162.156467] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 162.156827] kthread+0x337/0x6f0 [ 162.157031] ? trace_preempt_on+0x20/0xc0 [ 162.157269] ? __pfx_kthread+0x10/0x10 [ 162.157456] ? _raw_spin_unlock_irq+0x47/0x80 [ 162.158067] ? calculate_sigpending+0x7b/0xa0 [ 162.158323] ? __pfx_kthread+0x10/0x10 [ 162.158541] ret_from_fork+0x116/0x1d0 [ 162.158818] ? __pfx_kthread+0x10/0x10 [ 162.159114] ret_from_fork_asm+0x1a/0x30 [ 162.159336] </TASK> [ 162.159484] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 162.062502] WARNING: CPU: 0 PID: 1981 at drivers/gpu/drm/drm_connector.c:861 drm_connector_dynamic_register+0xbf/0x110 [ 162.063841] Modules linked in: [ 162.064017] CPU: 0 UID: 0 PID: 1981 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 162.065027] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 162.065687] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 162.066733] RIP: 0010:drm_connector_dynamic_register+0xbf/0x110 [ 162.067234] Code: 49 8d 7c 24 60 48 89 fa 48 c1 ea 03 0f b6 04 02 84 c0 74 02 7e 36 31 c0 41 80 7c 24 60 00 75 1b 5b 41 5c 5d c3 cc cc cc cc 90 <0f> 0b 90 b8 ea ff ff ff 5b 41 5c 5d e9 10 13 25 02 48 89 df e8 d8 [ 162.068388] RSP: 0000:ffff88810bd17c90 EFLAGS: 00010246 [ 162.068969] RAX: dffffc0000000000 RBX: ffff88810bc74000 RCX: 0000000000000000 [ 162.069269] RDX: 1ffff1102178e832 RSI: ffffffff8f5f7418 RDI: ffff88810bc74190 [ 162.069984] RBP: ffff88810bd17ca0 R08: 1ffff11020073f69 R09: ffffed10217a2f65 [ 162.070759] R10: 0000000000000003 R11: ffffffff8eb82c18 R12: 0000000000000000 [ 162.071175] R13: ffff88810bd17d38 R14: ffff88810039fc50 R15: ffff88810039fc58 [ 162.071664] FS: 0000000000000000(0000) GS:ffff8881c0477000(0000) knlGS:0000000000000000 [ 162.071999] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 162.072191] CR2: 00007ffff7ffe000 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 162.073069] DR0: ffffffff9444d4c0 DR1: ffffffff9444d4c1 DR2: ffffffff9444d4c3 [ 162.073852] DR3: ffffffff9444d4c5 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 162.074076] Call Trace: [ 162.074178] <TASK> [ 162.074284] drm_test_drm_connector_dynamic_register_early_no_init+0x104/0x290 [ 162.074568] ? __pfx_drm_test_drm_connector_dynamic_register_early_no_init+0x10/0x10 [ 162.075404] ? __schedule+0x10cc/0x2b60 [ 162.075877] ? __pfx_read_tsc+0x10/0x10 [ 162.076334] ? ktime_get_ts64+0x86/0x230 [ 162.076827] kunit_try_run_case+0x1a5/0x480 [ 162.077257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.077915] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 162.078095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 162.078349] ? __kthread_parkme+0x82/0x180 [ 162.078830] ? preempt_count_sub+0x50/0x80 [ 162.079312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 162.079861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 162.080270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 162.080472] kthread+0x337/0x6f0 [ 162.080843] ? trace_preempt_on+0x20/0xc0 [ 162.081274] ? __pfx_kthread+0x10/0x10 [ 162.081697] ? _raw_spin_unlock_irq+0x47/0x80 [ 162.082145] ? calculate_sigpending+0x7b/0xa0 [ 162.082315] ? __pfx_kthread+0x10/0x10 [ 162.082463] ret_from_fork+0x116/0x1d0 [ 162.082860] ? __pfx_kthread+0x10/0x10 [ 162.083271] ret_from_fork_asm+0x1a/0x30 [ 162.083772] </TASK> [ 162.084035] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-cpu-pid-at-libmathint_log-intlog10
------------[ cut here ]------------ [ 109.603644] WARNING: CPU: 1 PID: 673 at lib/math/int_log.c:120 intlog10+0x2a/0x40 [ 109.604395] Modules linked in: [ 109.604783] CPU: 1 UID: 0 PID: 673 Comm: kunit_try_catch Tainted: G B D W N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 109.605409] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 109.605806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.606377] RIP: 0010:intlog10+0x2a/0x40 [ 109.606572] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 109.608104] RSP: 0000:ffff88810de3fcb0 EFLAGS: 00010246 [ 109.608387] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021bc7fb4 [ 109.609167] RDX: 1ffffffff2452aa4 RSI: 1ffff11021bc7fb3 RDI: 0000000000000000 [ 109.609947] RBP: ffff88810de3fd60 R08: 0000000000000000 R09: ffffed10207a6fa0 [ 109.610320] R10: ffff888103d37d07 R11: 0000000000000000 R12: 1ffff11021bc7f97 [ 109.610576] R13: ffffffff92295520 R14: 0000000000000000 R15: ffff88810de3fd38 [ 109.611488] FS: 0000000000000000(0000) GS:ffff8881c0577000(0000) knlGS:0000000000000000 [ 109.612216] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.612402] CR2: ffff888154052fe0 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 109.612887] DR0: ffffffff9444d4c4 DR1: ffffffff9444d4c9 DR2: ffffffff9444d4ca [ 109.613618] DR3: ffffffff9444d4cb DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 109.614236] Call Trace: [ 109.614335] <TASK> [ 109.614423] ? intlog10_test+0xf2/0x220 [ 109.614756] ? __pfx_intlog10_test+0x10/0x10 [ 109.615154] ? __schedule+0x10cc/0x2b60 [ 109.615553] ? __pfx_read_tsc+0x10/0x10 [ 109.616238] ? ktime_get_ts64+0x86/0x230 [ 109.616435] kunit_try_run_case+0x1a5/0x480 [ 109.616821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.617277] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 109.617519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 109.617904] ? __kthread_parkme+0x82/0x180 [ 109.618311] ? preempt_count_sub+0x50/0x80 [ 109.618800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.618974] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 109.619152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 109.619345] kthread+0x337/0x6f0 [ 109.619472] ? trace_preempt_on+0x20/0xc0 [ 109.619997] ? __pfx_kthread+0x10/0x10 [ 109.620379] ? _raw_spin_unlock_irq+0x47/0x80 [ 109.620905] ? calculate_sigpending+0x7b/0xa0 [ 109.621409] ? __pfx_kthread+0x10/0x10 [ 109.621922] ret_from_fork+0x116/0x1d0 [ 109.622295] ? __pfx_kthread+0x10/0x10 [ 109.622730] ret_from_fork_asm+0x1a/0x30 [ 109.623173] </TASK> [ 109.623416] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-cpu-pid-at-libmathint_log-intlog2
------------[ cut here ]------------ [ 109.560415] WARNING: CPU: 1 PID: 655 at lib/math/int_log.c:63 intlog2+0xdf/0x110 [ 109.561169] Modules linked in: [ 109.561533] CPU: 1 UID: 0 PID: 655 Comm: kunit_try_catch Tainted: G B D N 6.15.0-rc6-next-20250513 #1 PREEMPT(voluntary) [ 109.562866] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 109.563351] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 109.563924] RIP: 0010:intlog2+0xdf/0x110 [ 109.564086] Code: 29 92 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 52 91 85 02 90 <0f> 0b 90 31 c0 e9 47 91 85 02 89 45 e4 e8 af 9e 56 ff 8b 45 e4 eb [ 109.565964] RSP: 0000:ffff88810e03fcb0 EFLAGS: 00010246 [ 109.566592] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021c07fb4 [ 109.567142] RDX: 1ffffffff2452af8 RSI: 1ffff11021c07fb3 RDI: 0000000000000000 [ 109.567999] RBP: ffff88810e03fd60 R08: 0000000000000000 R09: ffffed10207a6e80 [ 109.568303] R10: ffff888103d37407 R11: 0000000000000000 R12: 1ffff11021c07f97 [ 109.569000] R13: ffffffff922957c0 R14: 0000000000000000 R15: ffff88810e03fd38 [ 109.569382] FS: 0000000000000000(0000) GS:ffff8881c0577000(0000) knlGS:0000000000000000 [ 109.569789] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 109.570325] CR2: ffff888154052fe0 CR3: 000000016d2bc000 CR4: 00000000000006f0 [ 109.571056] DR0: ffffffff9444d4c4 DR1: ffffffff9444d4c9 DR2: ffffffff9444d4ca [ 109.571519] DR3: ffffffff9444d4cb DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 109.572132] Call Trace: [ 109.572352] <TASK> [ 109.572565] ? intlog2_test+0xf2/0x220 [ 109.572931] ? __pfx_intlog2_test+0x10/0x10 [ 109.573091] ? __schedule+0x10cc/0x2b60 [ 109.573355] ? __pfx_read_tsc+0x10/0x10 [ 109.573794] ? ktime_get_ts64+0x86/0x230 [ 109.574209] kunit_try_run_case+0x1a5/0x480 [ 109.574690] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.574927] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 109.575093] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 109.575428] ? __kthread_parkme+0x82/0x180 [ 109.576012] ? preempt_count_sub+0x50/0x80 [ 109.576459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 109.576984] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 109.577341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 109.577546] kthread+0x337/0x6f0 [ 109.577943] ? trace_preempt_on+0x20/0xc0 [ 109.578345] ? __pfx_kthread+0x10/0x10 [ 109.578782] ? _raw_spin_unlock_irq+0x47/0x80 [ 109.579189] ? calculate_sigpending+0x7b/0xa0 [ 109.579396] ? __pfx_kthread+0x10/0x10 [ 109.579708] ret_from_fork+0x116/0x1d0 [ 109.580092] ? __pfx_kthread+0x10/0x10 [ 109.580518] ret_from_fork_asm+0x1a/0x30 [ 109.580942] </TASK> [ 109.581073] ---[ end trace 0000000000000000 ]---
Failure - kunit - lib_ratelimit_lib_ratelimit
<8>[ 277.805820] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=lib_ratelimit_lib_ratelimit RESULT=fail>
Failure - kunit - lib_ratelimit_test_ratelimit_smoke
<8>[ 277.619427] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=lib_ratelimit_test_ratelimit_smoke RESULT=fail>