Date
June 16, 2025, 7:07 a.m.
Failure - kunit - drm_test_framebuffer_create_ABGR8888Largebufferoffset
<8>[ 238.712665] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Largebufferoffset RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value
<8>[ 249.342877] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check
<8>[ 249.236972] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Invalidpitch
<8>[ 243.190546] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Invalidpitch RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 250.419933] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate
<8>[ 250.310961] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject
<8>[ 250.209991] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Maxsizes
<8>[ 243.085334] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Maxsizes RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Normalsizes
<8>[ 242.973991] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Normalsizes RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid
<8>[ 250.110259] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset
<8>[ 249.998963] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value
<8>[ 249.880743] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value
<8>[ 249.767125] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value
<8>[ 249.658164] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 249.548858] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 149.303761] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 149.342464] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 149.373402] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 149.407341] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 149.304762] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 149.374792] Oops: Oops: 0002 [#51] SMP KASAN PTI [ 149.345476] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 149.408996] Oops: Oops: 0002 [#52] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 148.958567] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 148.549239] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 148.058146] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 149.079562] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 148.847682] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 148.599390] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 148.910123] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 148.935964] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 148.824218] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 148.464103] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 149.173575] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 148.523004] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 147.218073] Oops: general protection fault, probably for non-canonical address 0xe0b57c16e00000c9: 0000 [#2] SMP KASAN PTI [ 148.739828] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 148.182824] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 148.337708] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 148.880133] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 148.008632] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 148.151058] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 149.106110] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 149.200937] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 148.797119] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 149.562183] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 148.124458] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 149.277789] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 108.180890] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 148.434578] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 148.714257] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 149.252618] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 148.684349] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 149.227056] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 149.482847] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 148.361019] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 148.032053] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 149.536503] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 148.572860] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 149.012141] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 148.411762] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 149.449678] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 148.657373] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 149.590155] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 149.619110] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 148.282726] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 148.772544] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 148.629905] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 148.250620] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 148.090277] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 148.311355] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 149.507283] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 148.983398] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 148.495010] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 149.137326] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 148.385561] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 148.220205] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 149.041347] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 48.935282] ================================================================== [ 48.935655] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 48.935655] [ 48.935980] Use-after-free read at 0x(____ptrval____) (in kfence-#135): [ 48.936215] test_krealloc+0x6fc/0xbe0 [ 48.936352] kunit_try_run_case+0x1a5/0x480 [ 48.936501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.936669] kthread+0x337/0x6f0 [ 48.936787] ret_from_fork+0x116/0x1d0 [ 48.936932] ret_from_fork_asm+0x1a/0x30 [ 48.937126] [ 48.937219] kfence-#135: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 48.937219] [ 48.937576] allocated by task 363 on cpu 1 at 48.934546s (0.003028s ago): [ 48.937995] test_alloc+0x364/0x10f0 [ 48.938124] test_krealloc+0xad/0xbe0 [ 48.938248] kunit_try_run_case+0x1a5/0x480 [ 48.938385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.938550] kthread+0x337/0x6f0 [ 48.938662] ret_from_fork+0x116/0x1d0 [ 48.938786] ret_from_fork_asm+0x1a/0x30 [ 48.938940] [ 48.939220] freed by task 363 on cpu 1 at 48.934854s (0.004361s ago): [ 48.940656] krealloc_noprof+0x108/0x340 [ 48.942130] test_krealloc+0x226/0xbe0 [ 48.942766] kunit_try_run_case+0x1a5/0x480 [ 48.943555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.944103] kthread+0x337/0x6f0 [ 48.944295] ret_from_fork+0x116/0x1d0 [ 48.944517] ret_from_fork_asm+0x1a/0x30 [ 48.944716] [ 48.944843] CPU: 1 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 48.945428] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.945739] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.946265] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 17.940806] ================================================================== [ 17.941221] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 17.941221] [ 17.941575] Invalid free of 0x(____ptrval____) (in kfence-#82): [ 17.942279] test_double_free+0x112/0x260 [ 17.942518] kunit_try_run_case+0x1a5/0x480 [ 17.942712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.942969] kthread+0x337/0x6f0 [ 17.943152] ret_from_fork+0x116/0x1d0 [ 17.943344] ret_from_fork_asm+0x1a/0x30 [ 17.943999] [ 17.944082] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.944082] [ 17.944833] allocated by task 331 on cpu 1 at 17.940640s (0.004190s ago): [ 17.945219] test_alloc+0x2a6/0x10f0 [ 17.945623] test_double_free+0xdb/0x260 [ 17.945917] kunit_try_run_case+0x1a5/0x480 [ 17.946221] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.946550] kthread+0x337/0x6f0 [ 17.946689] ret_from_fork+0x116/0x1d0 [ 17.947040] ret_from_fork_asm+0x1a/0x30 [ 17.947226] [ 17.947317] freed by task 331 on cpu 1 at 17.940694s (0.006621s ago): [ 17.947880] test_double_free+0xfa/0x260 [ 17.948090] kunit_try_run_case+0x1a5/0x480 [ 17.948415] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.948826] kthread+0x337/0x6f0 [ 17.949015] ret_from_fork+0x116/0x1d0 [ 17.949313] ret_from_fork_asm+0x1a/0x30 [ 17.949646] [ 17.949765] CPU: 1 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 17.950536] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.950745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.951272] ================================================================== [ 17.837077] ================================================================== [ 17.837543] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 17.837543] [ 17.838037] Invalid free of 0x(____ptrval____) (in kfence-#81): [ 17.838353] test_double_free+0x1d3/0x260 [ 17.839236] kunit_try_run_case+0x1a5/0x480 [ 17.839455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.839725] kthread+0x337/0x6f0 [ 17.839897] ret_from_fork+0x116/0x1d0 [ 17.840103] ret_from_fork_asm+0x1a/0x30 [ 17.840255] [ 17.840334] kfence-#81: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.840334] [ 17.840760] allocated by task 329 on cpu 1 at 17.836766s (0.003992s ago): [ 17.840985] test_alloc+0x364/0x10f0 [ 17.841154] test_double_free+0xdb/0x260 [ 17.841385] kunit_try_run_case+0x1a5/0x480 [ 17.841650] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.841990] kthread+0x337/0x6f0 [ 17.842160] ret_from_fork+0x116/0x1d0 [ 17.842351] ret_from_fork_asm+0x1a/0x30 [ 17.842580] [ 17.842670] freed by task 329 on cpu 1 at 17.836850s (0.005818s ago): [ 17.842978] test_double_free+0x1e0/0x260 [ 17.843186] kunit_try_run_case+0x1a5/0x480 [ 17.843343] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.843515] kthread+0x337/0x6f0 [ 17.843798] ret_from_fork+0x116/0x1d0 [ 17.844186] ret_from_fork_asm+0x1a/0x30 [ 17.844364] [ 17.844877] CPU: 1 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 17.845367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.845783] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.846263] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 48.849871] ================================================================== [ 48.850290] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.850290] [ 48.850677] Use-after-free read at 0x(____ptrval____) (in kfence-#134): [ 48.851002] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 48.851208] kunit_try_run_case+0x1a5/0x480 [ 48.851419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.851752] kthread+0x337/0x6f0 [ 48.851889] ret_from_fork+0x116/0x1d0 [ 48.852027] ret_from_fork_asm+0x1a/0x30 [ 48.852223] [ 48.852314] kfence-#134: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 48.852314] [ 48.853076] allocated by task 361 on cpu 0 at 48.828671s (0.024402s ago): [ 48.853391] test_alloc+0x2a6/0x10f0 [ 48.853640] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 48.853864] kunit_try_run_case+0x1a5/0x480 [ 48.854057] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.854280] kthread+0x337/0x6f0 [ 48.855047] ret_from_fork+0x116/0x1d0 [ 48.855296] ret_from_fork_asm+0x1a/0x30 [ 48.855729] [ 48.855815] freed by task 361 on cpu 0 at 48.828793s (0.027020s ago): [ 48.856196] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 48.856430] kunit_try_run_case+0x1a5/0x480 [ 48.856633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 48.856886] kthread+0x337/0x6f0 [ 48.857016] ret_from_fork+0x116/0x1d0 [ 48.857201] ret_from_fork_asm+0x1a/0x30 [ 48.857383] [ 48.857488] CPU: 0 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 48.858350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 48.858529] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 48.858928] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 23.157730] ================================================================== [ 23.158307] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 23.158307] [ 23.159386] Invalid read at 0x(____ptrval____): [ 23.159830] test_invalid_access+0xf0/0x210 [ 23.160314] kunit_try_run_case+0x1a5/0x480 [ 23.160789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.161053] kthread+0x337/0x6f0 [ 23.161211] ret_from_fork+0x116/0x1d0 [ 23.161377] ret_from_fork_asm+0x1a/0x30 [ 23.161547] [ 23.161669] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 23.162128] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.162294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.163045] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 22.933024] ================================================================== [ 22.933410] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.933410] [ 22.933820] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#130): [ 22.934552] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.934833] kunit_try_run_case+0x1a5/0x480 [ 22.934991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.935243] kthread+0x337/0x6f0 [ 22.935467] ret_from_fork+0x116/0x1d0 [ 22.935660] ret_from_fork_asm+0x1a/0x30 [ 22.935858] [ 22.935985] kfence-#130: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 22.935985] [ 22.936320] allocated by task 351 on cpu 0 at 22.932735s (0.003583s ago): [ 22.936726] test_alloc+0x364/0x10f0 [ 22.936867] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 22.937103] kunit_try_run_case+0x1a5/0x480 [ 22.937338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.937527] kthread+0x337/0x6f0 [ 22.937745] ret_from_fork+0x116/0x1d0 [ 22.937938] ret_from_fork_asm+0x1a/0x30 [ 22.938108] [ 22.938174] freed by task 351 on cpu 0 at 22.932886s (0.005286s ago): [ 22.938540] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 22.938767] kunit_try_run_case+0x1a5/0x480 [ 22.938972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.939239] kthread+0x337/0x6f0 [ 22.939379] ret_from_fork+0x116/0x1d0 [ 22.939615] ret_from_fork_asm+0x1a/0x30 [ 22.939819] [ 22.939964] CPU: 0 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 22.940345] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.940752] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.941191] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 22.829009] ================================================================== [ 22.829412] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 22.829412] [ 22.829817] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#129): [ 22.830202] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 22.830436] kunit_try_run_case+0x1a5/0x480 [ 22.831064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.831488] kthread+0x337/0x6f0 [ 22.831659] ret_from_fork+0x116/0x1d0 [ 22.831847] ret_from_fork_asm+0x1a/0x30 [ 22.831997] [ 22.832069] kfence-#129: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 22.832069] [ 22.832590] allocated by task 349 on cpu 1 at 22.828776s (0.003811s ago): [ 22.832946] test_alloc+0x364/0x10f0 [ 22.833160] test_kmalloc_aligned_oob_read+0x105/0x560 [ 22.833398] kunit_try_run_case+0x1a5/0x480 [ 22.833584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.833848] kthread+0x337/0x6f0 [ 22.834012] ret_from_fork+0x116/0x1d0 [ 22.834182] ret_from_fork_asm+0x1a/0x30 [ 22.834342] [ 22.834499] CPU: 1 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 22.834945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.835073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.835488] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 18.876868] ================================================================== [ 18.877287] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 18.877287] [ 18.877701] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#91): [ 18.878109] test_corruption+0x216/0x3e0 [ 18.878256] kunit_try_run_case+0x1a5/0x480 [ 18.878402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.878658] kthread+0x337/0x6f0 [ 18.878904] ret_from_fork+0x116/0x1d0 [ 18.879100] ret_from_fork_asm+0x1a/0x30 [ 18.879327] [ 18.879419] kfence-#91: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.879419] [ 18.879988] allocated by task 339 on cpu 0 at 18.876723s (0.003262s ago): [ 18.880264] test_alloc+0x2a6/0x10f0 [ 18.880404] test_corruption+0x1cb/0x3e0 [ 18.880583] kunit_try_run_case+0x1a5/0x480 [ 18.880780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.880993] kthread+0x337/0x6f0 [ 18.881183] ret_from_fork+0x116/0x1d0 [ 18.881386] ret_from_fork_asm+0x1a/0x30 [ 18.881590] [ 18.881663] freed by task 339 on cpu 0 at 18.876790s (0.004871s ago): [ 18.881873] test_corruption+0x216/0x3e0 [ 18.882026] kunit_try_run_case+0x1a5/0x480 [ 18.882226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.882467] kthread+0x337/0x6f0 [ 18.882692] ret_from_fork+0x116/0x1d0 [ 18.882861] ret_from_fork_asm+0x1a/0x30 [ 18.883052] [ 18.883143] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 18.883797] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.884028] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.884403] ================================================================== [ 18.565004] ================================================================== [ 18.565408] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 18.565408] [ 18.565714] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#88): [ 18.566199] test_corruption+0x2df/0x3e0 [ 18.566405] kunit_try_run_case+0x1a5/0x480 [ 18.566580] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.566797] kthread+0x337/0x6f0 [ 18.566992] ret_from_fork+0x116/0x1d0 [ 18.567329] ret_from_fork_asm+0x1a/0x30 [ 18.567526] [ 18.567597] kfence-#88: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.567597] [ 18.567912] allocated by task 337 on cpu 0 at 18.564739s (0.003170s ago): [ 18.568238] test_alloc+0x364/0x10f0 [ 18.568436] test_corruption+0x1cb/0x3e0 [ 18.568699] kunit_try_run_case+0x1a5/0x480 [ 18.568898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.569070] kthread+0x337/0x6f0 [ 18.569217] ret_from_fork+0x116/0x1d0 [ 18.569392] ret_from_fork_asm+0x1a/0x30 [ 18.569579] [ 18.569700] freed by task 337 on cpu 0 at 18.564821s (0.004877s ago): [ 18.569960] test_corruption+0x2df/0x3e0 [ 18.570094] kunit_try_run_case+0x1a5/0x480 [ 18.570244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.570620] kthread+0x337/0x6f0 [ 18.570813] ret_from_fork+0x116/0x1d0 [ 18.571036] ret_from_fork_asm+0x1a/0x30 [ 18.571244] [ 18.571378] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 18.571747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.571974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.572393] ================================================================== [ 18.253068] ================================================================== [ 18.253578] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 18.253578] [ 18.253994] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#85): [ 18.254800] test_corruption+0x2d2/0x3e0 [ 18.254985] kunit_try_run_case+0x1a5/0x480 [ 18.255158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.255491] kthread+0x337/0x6f0 [ 18.255682] ret_from_fork+0x116/0x1d0 [ 18.255833] ret_from_fork_asm+0x1a/0x30 [ 18.256078] [ 18.256161] kfence-#85: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.256161] [ 18.256576] allocated by task 337 on cpu 0 at 18.252774s (0.003799s ago): [ 18.256903] test_alloc+0x364/0x10f0 [ 18.257101] test_corruption+0xe6/0x3e0 [ 18.257310] kunit_try_run_case+0x1a5/0x480 [ 18.257615] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.257850] kthread+0x337/0x6f0 [ 18.258061] ret_from_fork+0x116/0x1d0 [ 18.258215] ret_from_fork_asm+0x1a/0x30 [ 18.258349] [ 18.258413] freed by task 337 on cpu 0 at 18.252887s (0.005525s ago): [ 18.258833] test_corruption+0x2d2/0x3e0 [ 18.259044] kunit_try_run_case+0x1a5/0x480 [ 18.259250] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.259522] kthread+0x337/0x6f0 [ 18.259638] ret_from_fork+0x116/0x1d0 [ 18.259761] ret_from_fork_asm+0x1a/0x30 [ 18.259901] [ 18.260048] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 18.260738] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.260960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.261260] ================================================================== [ 18.668910] ================================================================== [ 18.669309] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 18.669309] [ 18.669616] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#89): [ 18.670315] test_corruption+0x131/0x3e0 [ 18.670459] kunit_try_run_case+0x1a5/0x480 [ 18.670750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.671153] kthread+0x337/0x6f0 [ 18.671274] ret_from_fork+0x116/0x1d0 [ 18.671525] ret_from_fork_asm+0x1a/0x30 [ 18.671723] [ 18.671816] kfence-#89: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.671816] [ 18.672222] allocated by task 339 on cpu 0 at 18.668770s (0.003450s ago): [ 18.672552] test_alloc+0x2a6/0x10f0 [ 18.672745] test_corruption+0xe6/0x3e0 [ 18.672941] kunit_try_run_case+0x1a5/0x480 [ 18.673143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.673332] kthread+0x337/0x6f0 [ 18.673628] ret_from_fork+0x116/0x1d0 [ 18.673805] ret_from_fork_asm+0x1a/0x30 [ 18.674036] [ 18.674125] freed by task 339 on cpu 0 at 18.668834s (0.005289s ago): [ 18.674421] test_corruption+0x131/0x3e0 [ 18.674606] kunit_try_run_case+0x1a5/0x480 [ 18.674793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.674969] kthread+0x337/0x6f0 [ 18.675082] ret_from_fork+0x116/0x1d0 [ 18.675256] ret_from_fork_asm+0x1a/0x30 [ 18.675529] [ 18.675666] CPU: 0 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 18.676174] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.676386] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.676809] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 18.044961] ================================================================== [ 18.045486] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 18.045486] [ 18.045806] Invalid free of 0x(____ptrval____) (in kfence-#83): [ 18.046095] test_invalid_addr_free+0x1e1/0x260 [ 18.046267] kunit_try_run_case+0x1a5/0x480 [ 18.046412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.046756] kthread+0x337/0x6f0 [ 18.046887] ret_from_fork+0x116/0x1d0 [ 18.047022] ret_from_fork_asm+0x1a/0x30 [ 18.047212] [ 18.047304] kfence-#83: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 18.047304] [ 18.047689] allocated by task 333 on cpu 0 at 18.044798s (0.002888s ago): [ 18.047972] test_alloc+0x364/0x10f0 [ 18.048106] test_invalid_addr_free+0xdb/0x260 [ 18.048308] kunit_try_run_case+0x1a5/0x480 [ 18.048551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.048776] kthread+0x337/0x6f0 [ 18.048889] ret_from_fork+0x116/0x1d0 [ 18.049020] ret_from_fork_asm+0x1a/0x30 [ 18.049152] [ 18.049243] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 18.049796] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.050009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.050302] ================================================================== [ 18.148957] ================================================================== [ 18.149411] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 18.149411] [ 18.149792] Invalid free of 0x(____ptrval____) (in kfence-#84): [ 18.150639] test_invalid_addr_free+0xfb/0x260 [ 18.151048] kunit_try_run_case+0x1a5/0x480 [ 18.151270] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.151680] kthread+0x337/0x6f0 [ 18.151864] ret_from_fork+0x116/0x1d0 [ 18.152184] ret_from_fork_asm+0x1a/0x30 [ 18.152492] [ 18.152604] kfence-#84: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 18.152604] [ 18.152976] allocated by task 335 on cpu 0 at 18.148823s (0.004150s ago): [ 18.153289] test_alloc+0x2a6/0x10f0 [ 18.153804] test_invalid_addr_free+0xdb/0x260 [ 18.154117] kunit_try_run_case+0x1a5/0x480 [ 18.154401] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.154767] kthread+0x337/0x6f0 [ 18.154963] ret_from_fork+0x116/0x1d0 [ 18.155257] ret_from_fork_asm+0x1a/0x30 [ 18.155493] [ 18.155746] CPU: 0 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 18.156328] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.156562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.157080] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.503052] ================================================================== [ 11.503686] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.504001] Write of size 2 at addr ffff8881028e2377 by task kunit_try_catch/197 [ 11.504296] [ 11.504381] CPU: 1 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.504427] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.504438] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.504459] Call Trace: [ 11.504472] <TASK> [ 11.504489] dump_stack_lvl+0x73/0xb0 [ 11.504517] print_report+0xd1/0x650 [ 11.504540] ? __virt_addr_valid+0x1db/0x2d0 [ 11.504562] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.504582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.504603] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.504624] kasan_report+0x141/0x180 [ 11.504644] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.504669] kasan_check_range+0x10c/0x1c0 [ 11.504691] __asan_memset+0x27/0x50 [ 11.504710] kmalloc_oob_memset_2+0x166/0x330 [ 11.504731] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.504753] ? __schedule+0x10cc/0x2b60 [ 11.504774] ? __pfx_read_tsc+0x10/0x10 [ 11.504794] ? ktime_get_ts64+0x86/0x230 [ 11.504819] kunit_try_run_case+0x1a5/0x480 [ 11.504843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.504864] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.504885] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.504906] ? __kthread_parkme+0x82/0x180 [ 11.504926] ? preempt_count_sub+0x50/0x80 [ 11.504959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.504982] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.505003] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.505025] kthread+0x337/0x6f0 [ 11.505043] ? trace_preempt_on+0x20/0xc0 [ 11.505067] ? __pfx_kthread+0x10/0x10 [ 11.505086] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.505106] ? calculate_sigpending+0x7b/0xa0 [ 11.505129] ? __pfx_kthread+0x10/0x10 [ 11.505149] ret_from_fork+0x116/0x1d0 [ 11.505167] ? __pfx_kthread+0x10/0x10 [ 11.505186] ret_from_fork_asm+0x1a/0x30 [ 11.505216] </TASK> [ 11.505227] [ 11.515145] Allocated by task 197: [ 11.515643] kasan_save_stack+0x45/0x70 [ 11.516218] kasan_save_track+0x18/0x40 [ 11.516744] kasan_save_alloc_info+0x3b/0x50 [ 11.517419] __kasan_kmalloc+0xb7/0xc0 [ 11.518049] __kmalloc_cache_noprof+0x189/0x420 [ 11.518230] kmalloc_oob_memset_2+0xac/0x330 [ 11.518373] kunit_try_run_case+0x1a5/0x480 [ 11.519001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.519697] kthread+0x337/0x6f0 [ 11.520135] ret_from_fork+0x116/0x1d0 [ 11.520512] ret_from_fork_asm+0x1a/0x30 [ 11.520669] [ 11.520742] The buggy address belongs to the object at ffff8881028e2300 [ 11.520742] which belongs to the cache kmalloc-128 of size 128 [ 11.521487] The buggy address is located 119 bytes inside of [ 11.521487] allocated 120-byte region [ffff8881028e2300, ffff8881028e2378) [ 11.522663] [ 11.522829] The buggy address belongs to the physical page: [ 11.523303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.523783] flags: 0x200000000000000(node=0|zone=2) [ 11.523991] page_type: f5(slab) [ 11.524288] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.525107] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.525661] page dumped because: kasan: bad access detected [ 11.525841] [ 11.525906] Memory state around the buggy address: [ 11.526066] ffff8881028e2200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.526275] ffff8881028e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.526768] >ffff8881028e2300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.527372] ^ [ 11.528044] ffff8881028e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.528872] ffff8881028e2400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.529619] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.475310] ================================================================== [ 11.476519] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.477231] Write of size 128 at addr ffff888102a15b00 by task kunit_try_catch/195 [ 11.477948] [ 11.478127] CPU: 0 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.478176] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.478188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.478209] Call Trace: [ 11.478222] <TASK> [ 11.478240] dump_stack_lvl+0x73/0xb0 [ 11.478271] print_report+0xd1/0x650 [ 11.478292] ? __virt_addr_valid+0x1db/0x2d0 [ 11.478316] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.478336] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.478357] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.478438] kasan_report+0x141/0x180 [ 11.478463] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.478488] kasan_check_range+0x10c/0x1c0 [ 11.478510] __asan_memset+0x27/0x50 [ 11.478528] kmalloc_oob_in_memset+0x15f/0x320 [ 11.478549] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.478570] ? __schedule+0x10cc/0x2b60 [ 11.478592] ? __pfx_read_tsc+0x10/0x10 [ 11.478613] ? ktime_get_ts64+0x86/0x230 [ 11.478637] kunit_try_run_case+0x1a5/0x480 [ 11.478661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.478682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.478703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.478724] ? __kthread_parkme+0x82/0x180 [ 11.478744] ? preempt_count_sub+0x50/0x80 [ 11.478767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.478789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.478811] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.478832] kthread+0x337/0x6f0 [ 11.478851] ? trace_preempt_on+0x20/0xc0 [ 11.478874] ? __pfx_kthread+0x10/0x10 [ 11.478894] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.478913] ? calculate_sigpending+0x7b/0xa0 [ 11.478951] ? __pfx_kthread+0x10/0x10 [ 11.478972] ret_from_fork+0x116/0x1d0 [ 11.478989] ? __pfx_kthread+0x10/0x10 [ 11.479009] ret_from_fork_asm+0x1a/0x30 [ 11.479038] </TASK> [ 11.479049] [ 11.490878] Allocated by task 195: [ 11.491026] kasan_save_stack+0x45/0x70 [ 11.491165] kasan_save_track+0x18/0x40 [ 11.491291] kasan_save_alloc_info+0x3b/0x50 [ 11.491441] __kasan_kmalloc+0xb7/0xc0 [ 11.491565] __kmalloc_cache_noprof+0x189/0x420 [ 11.491762] kmalloc_oob_in_memset+0xac/0x320 [ 11.491989] kunit_try_run_case+0x1a5/0x480 [ 11.492193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.492491] kthread+0x337/0x6f0 [ 11.492647] ret_from_fork+0x116/0x1d0 [ 11.492774] ret_from_fork_asm+0x1a/0x30 [ 11.492905] [ 11.493009] The buggy address belongs to the object at ffff888102a15b00 [ 11.493009] which belongs to the cache kmalloc-128 of size 128 [ 11.493656] The buggy address is located 0 bytes inside of [ 11.493656] allocated 120-byte region [ffff888102a15b00, ffff888102a15b78) [ 11.494163] [ 11.494231] The buggy address belongs to the physical page: [ 11.494522] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a15 [ 11.494847] flags: 0x200000000000000(node=0|zone=2) [ 11.495068] page_type: f5(slab) [ 11.495225] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.495444] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.495681] page dumped because: kasan: bad access detected [ 11.495920] [ 11.496015] Memory state around the buggy address: [ 11.496374] ffff888102a15a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.496627] ffff888102a15a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.496831] >ffff888102a15b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.497130] ^ [ 11.497508] ffff888102a15b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.497832] ffff888102a15c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.498118] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.440592] ================================================================== [ 11.441432] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.442073] Read of size 16 at addr ffff888102539460 by task kunit_try_catch/193 [ 11.442991] [ 11.443362] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.443413] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.443425] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.443651] Call Trace: [ 11.443670] <TASK> [ 11.443695] dump_stack_lvl+0x73/0xb0 [ 11.443729] print_report+0xd1/0x650 [ 11.443751] ? __virt_addr_valid+0x1db/0x2d0 [ 11.443773] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.443792] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.443813] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.443832] kasan_report+0x141/0x180 [ 11.443853] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.443877] __asan_report_load16_noabort+0x18/0x20 [ 11.443900] kmalloc_uaf_16+0x47b/0x4c0 [ 11.443920] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.443949] ? __schedule+0x10cc/0x2b60 [ 11.443969] ? __pfx_read_tsc+0x10/0x10 [ 11.443991] ? ktime_get_ts64+0x86/0x230 [ 11.444016] kunit_try_run_case+0x1a5/0x480 [ 11.444040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.444061] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.444081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.444102] ? __kthread_parkme+0x82/0x180 [ 11.444121] ? preempt_count_sub+0x50/0x80 [ 11.444144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.444166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.444187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.444208] kthread+0x337/0x6f0 [ 11.444227] ? trace_preempt_on+0x20/0xc0 [ 11.444252] ? __pfx_kthread+0x10/0x10 [ 11.444271] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.444290] ? calculate_sigpending+0x7b/0xa0 [ 11.444313] ? __pfx_kthread+0x10/0x10 [ 11.444333] ret_from_fork+0x116/0x1d0 [ 11.444350] ? __pfx_kthread+0x10/0x10 [ 11.444369] ret_from_fork_asm+0x1a/0x30 [ 11.444432] </TASK> [ 11.444444] [ 11.455016] Allocated by task 193: [ 11.455383] kasan_save_stack+0x45/0x70 [ 11.455860] kasan_save_track+0x18/0x40 [ 11.456262] kasan_save_alloc_info+0x3b/0x50 [ 11.456839] __kasan_kmalloc+0xb7/0xc0 [ 11.457214] __kmalloc_cache_noprof+0x189/0x420 [ 11.457374] kmalloc_uaf_16+0x15b/0x4c0 [ 11.457504] kunit_try_run_case+0x1a5/0x480 [ 11.457641] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.458222] kthread+0x337/0x6f0 [ 11.458660] ret_from_fork+0x116/0x1d0 [ 11.459029] ret_from_fork_asm+0x1a/0x30 [ 11.459400] [ 11.459625] Freed by task 193: [ 11.459901] kasan_save_stack+0x45/0x70 [ 11.460045] kasan_save_track+0x18/0x40 [ 11.460171] kasan_save_free_info+0x3f/0x60 [ 11.460308] __kasan_slab_free+0x56/0x70 [ 11.460738] kfree+0x222/0x3f0 [ 11.461041] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.461412] kunit_try_run_case+0x1a5/0x480 [ 11.461839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.462319] kthread+0x337/0x6f0 [ 11.462723] ret_from_fork+0x116/0x1d0 [ 11.462949] ret_from_fork_asm+0x1a/0x30 [ 11.463083] [ 11.463149] The buggy address belongs to the object at ffff888102539460 [ 11.463149] which belongs to the cache kmalloc-16 of size 16 [ 11.463833] The buggy address is located 0 bytes inside of [ 11.463833] freed 16-byte region [ffff888102539460, ffff888102539470) [ 11.465010] [ 11.465176] The buggy address belongs to the physical page: [ 11.465743] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 11.466324] flags: 0x200000000000000(node=0|zone=2) [ 11.466554] page_type: f5(slab) [ 11.466897] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.467461] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.468066] page dumped because: kasan: bad access detected [ 11.468240] [ 11.468306] Memory state around the buggy address: [ 11.468909] ffff888102539300: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 11.469651] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.470287] >ffff888102539400: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 11.470805] ^ [ 11.471015] ffff888102539480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.471224] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.471605] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.410132] ================================================================== [ 11.411494] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.412483] Write of size 16 at addr ffff888102225da0 by task kunit_try_catch/191 [ 11.413083] [ 11.413183] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.413231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.413243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.413263] Call Trace: [ 11.413276] <TASK> [ 11.413296] dump_stack_lvl+0x73/0xb0 [ 11.413327] print_report+0xd1/0x650 [ 11.413348] ? __virt_addr_valid+0x1db/0x2d0 [ 11.413373] ? kmalloc_oob_16+0x452/0x4a0 [ 11.413418] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.413441] ? kmalloc_oob_16+0x452/0x4a0 [ 11.413461] kasan_report+0x141/0x180 [ 11.413482] ? kmalloc_oob_16+0x452/0x4a0 [ 11.413506] __asan_report_store16_noabort+0x1b/0x30 [ 11.413604] kmalloc_oob_16+0x452/0x4a0 [ 11.413627] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.413662] ? __schedule+0x10cc/0x2b60 [ 11.413690] ? __pfx_read_tsc+0x10/0x10 [ 11.413712] ? ktime_get_ts64+0x86/0x230 [ 11.413737] kunit_try_run_case+0x1a5/0x480 [ 11.413761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.413782] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.413803] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.413824] ? __kthread_parkme+0x82/0x180 [ 11.413844] ? preempt_count_sub+0x50/0x80 [ 11.413867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.413889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.413911] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.413941] kthread+0x337/0x6f0 [ 11.413959] ? trace_preempt_on+0x20/0xc0 [ 11.413983] ? __pfx_kthread+0x10/0x10 [ 11.414003] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.414022] ? calculate_sigpending+0x7b/0xa0 [ 11.414045] ? __pfx_kthread+0x10/0x10 [ 11.414065] ret_from_fork+0x116/0x1d0 [ 11.414083] ? __pfx_kthread+0x10/0x10 [ 11.414102] ret_from_fork_asm+0x1a/0x30 [ 11.414132] </TASK> [ 11.414143] [ 11.424833] Allocated by task 191: [ 11.425030] kasan_save_stack+0x45/0x70 [ 11.425169] kasan_save_track+0x18/0x40 [ 11.425310] kasan_save_alloc_info+0x3b/0x50 [ 11.425508] __kasan_kmalloc+0xb7/0xc0 [ 11.425809] __kmalloc_cache_noprof+0x189/0x420 [ 11.426193] kmalloc_oob_16+0xa8/0x4a0 [ 11.426352] kunit_try_run_case+0x1a5/0x480 [ 11.426939] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.427174] kthread+0x337/0x6f0 [ 11.427333] ret_from_fork+0x116/0x1d0 [ 11.427944] ret_from_fork_asm+0x1a/0x30 [ 11.428247] [ 11.428581] The buggy address belongs to the object at ffff888102225da0 [ 11.428581] which belongs to the cache kmalloc-16 of size 16 [ 11.429086] The buggy address is located 0 bytes inside of [ 11.429086] allocated 13-byte region [ffff888102225da0, ffff888102225dad) [ 11.429959] [ 11.430205] The buggy address belongs to the physical page: [ 11.430650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102225 [ 11.430989] flags: 0x200000000000000(node=0|zone=2) [ 11.431198] page_type: f5(slab) [ 11.431347] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.431958] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.432264] page dumped because: kasan: bad access detected [ 11.432594] [ 11.432961] Memory state around the buggy address: [ 11.433379] ffff888102225c80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.434137] ffff888102225d00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.434580] >ffff888102225d80: fa fb fc fc 00 05 fc fc 00 00 fc fc fc fc fc fc [ 11.434868] ^ [ 11.435068] ffff888102225e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.435337] ffff888102225e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.435806] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.328522] ================================================================== [ 11.329498] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.329924] Read of size 1 at addr ffff888100a2a200 by task kunit_try_catch/189 [ 11.330505] [ 11.330622] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.330668] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.330679] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.330697] Call Trace: [ 11.330709] <TASK> [ 11.330725] dump_stack_lvl+0x73/0xb0 [ 11.330753] print_report+0xd1/0x650 [ 11.330775] ? __virt_addr_valid+0x1db/0x2d0 [ 11.330796] ? krealloc_uaf+0x1b8/0x5e0 [ 11.330815] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.330836] ? krealloc_uaf+0x1b8/0x5e0 [ 11.330856] kasan_report+0x141/0x180 [ 11.330877] ? krealloc_uaf+0x1b8/0x5e0 [ 11.330900] ? krealloc_uaf+0x1b8/0x5e0 [ 11.330920] __kasan_check_byte+0x3d/0x50 [ 11.330954] krealloc_noprof+0x3f/0x340 [ 11.330972] ? __kasan_slab_free+0x61/0x70 [ 11.330992] krealloc_uaf+0x1b8/0x5e0 [ 11.331012] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.331031] ? finish_task_switch.isra.0+0x153/0x700 [ 11.331052] ? __switch_to+0x47/0xf50 [ 11.331075] ? __schedule+0x10cc/0x2b60 [ 11.331095] ? __pfx_read_tsc+0x10/0x10 [ 11.331114] ? ktime_get_ts64+0x86/0x230 [ 11.331140] kunit_try_run_case+0x1a5/0x480 [ 11.331163] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.331184] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.331204] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.331225] ? __kthread_parkme+0x82/0x180 [ 11.331244] ? preempt_count_sub+0x50/0x80 [ 11.331265] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.331287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.331308] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.331329] kthread+0x337/0x6f0 [ 11.331347] ? trace_preempt_on+0x20/0xc0 [ 11.331370] ? __pfx_kthread+0x10/0x10 [ 11.331389] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.331581] ? calculate_sigpending+0x7b/0xa0 [ 11.331620] ? __pfx_kthread+0x10/0x10 [ 11.331641] ret_from_fork+0x116/0x1d0 [ 11.331659] ? __pfx_kthread+0x10/0x10 [ 11.331679] ret_from_fork_asm+0x1a/0x30 [ 11.331708] </TASK> [ 11.331719] [ 11.347187] Allocated by task 189: [ 11.347325] kasan_save_stack+0x45/0x70 [ 11.348339] kasan_save_track+0x18/0x40 [ 11.349005] kasan_save_alloc_info+0x3b/0x50 [ 11.349636] __kasan_kmalloc+0xb7/0xc0 [ 11.350205] __kmalloc_cache_noprof+0x189/0x420 [ 11.350869] krealloc_uaf+0xbb/0x5e0 [ 11.351365] kunit_try_run_case+0x1a5/0x480 [ 11.351546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.351717] kthread+0x337/0x6f0 [ 11.351830] ret_from_fork+0x116/0x1d0 [ 11.352468] ret_from_fork_asm+0x1a/0x30 [ 11.353224] [ 11.353426] Freed by task 189: [ 11.353983] kasan_save_stack+0x45/0x70 [ 11.354508] kasan_save_track+0x18/0x40 [ 11.355111] kasan_save_free_info+0x3f/0x60 [ 11.355718] __kasan_slab_free+0x56/0x70 [ 11.355871] kfree+0x222/0x3f0 [ 11.356104] krealloc_uaf+0x13d/0x5e0 [ 11.356508] kunit_try_run_case+0x1a5/0x480 [ 11.356894] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.357279] kthread+0x337/0x6f0 [ 11.357463] ret_from_fork+0x116/0x1d0 [ 11.357878] ret_from_fork_asm+0x1a/0x30 [ 11.358242] [ 11.358314] The buggy address belongs to the object at ffff888100a2a200 [ 11.358314] which belongs to the cache kmalloc-256 of size 256 [ 11.359288] The buggy address is located 0 bytes inside of [ 11.359288] freed 256-byte region [ffff888100a2a200, ffff888100a2a300) [ 11.360448] [ 11.360675] The buggy address belongs to the physical page: [ 11.360990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.361232] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.361708] flags: 0x200000000000040(head|node=0|zone=2) [ 11.362179] page_type: f5(slab) [ 11.362538] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.363176] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.364007] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.364555] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.365100] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.365323] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.366035] page dumped because: kasan: bad access detected [ 11.366583] [ 11.366742] Memory state around the buggy address: [ 11.367166] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.367688] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.367905] >ffff888100a2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.368124] ^ [ 11.368237] ffff888100a2a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.368663] ffff888100a2a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.369277] ================================================================== [ 11.370249] ================================================================== [ 11.370947] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.371694] Read of size 1 at addr ffff888100a2a200 by task kunit_try_catch/189 [ 11.372312] [ 11.372511] CPU: 1 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.372559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.372569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.372589] Call Trace: [ 11.372609] <TASK> [ 11.372628] dump_stack_lvl+0x73/0xb0 [ 11.372659] print_report+0xd1/0x650 [ 11.372682] ? __virt_addr_valid+0x1db/0x2d0 [ 11.372703] ? krealloc_uaf+0x53c/0x5e0 [ 11.372723] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.372744] ? krealloc_uaf+0x53c/0x5e0 [ 11.372764] kasan_report+0x141/0x180 [ 11.372784] ? krealloc_uaf+0x53c/0x5e0 [ 11.372822] __asan_report_load1_noabort+0x18/0x20 [ 11.372845] krealloc_uaf+0x53c/0x5e0 [ 11.372866] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.372885] ? finish_task_switch.isra.0+0x153/0x700 [ 11.372906] ? __switch_to+0x47/0xf50 [ 11.372941] ? __schedule+0x10cc/0x2b60 [ 11.372964] ? __pfx_read_tsc+0x10/0x10 [ 11.372984] ? ktime_get_ts64+0x86/0x230 [ 11.373009] kunit_try_run_case+0x1a5/0x480 [ 11.373032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.373053] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.373074] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.373097] ? __kthread_parkme+0x82/0x180 [ 11.373116] ? preempt_count_sub+0x50/0x80 [ 11.373137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.373159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.373182] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.373203] kthread+0x337/0x6f0 [ 11.373221] ? trace_preempt_on+0x20/0xc0 [ 11.373244] ? __pfx_kthread+0x10/0x10 [ 11.373263] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.373282] ? calculate_sigpending+0x7b/0xa0 [ 11.373305] ? __pfx_kthread+0x10/0x10 [ 11.373325] ret_from_fork+0x116/0x1d0 [ 11.373342] ? __pfx_kthread+0x10/0x10 [ 11.373362] ret_from_fork_asm+0x1a/0x30 [ 11.373414] </TASK> [ 11.373425] [ 11.385098] Allocated by task 189: [ 11.385230] kasan_save_stack+0x45/0x70 [ 11.385372] kasan_save_track+0x18/0x40 [ 11.385817] kasan_save_alloc_info+0x3b/0x50 [ 11.386192] __kasan_kmalloc+0xb7/0xc0 [ 11.386583] __kmalloc_cache_noprof+0x189/0x420 [ 11.387007] krealloc_uaf+0xbb/0x5e0 [ 11.387331] kunit_try_run_case+0x1a5/0x480 [ 11.387856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.388333] kthread+0x337/0x6f0 [ 11.388722] ret_from_fork+0x116/0x1d0 [ 11.389079] ret_from_fork_asm+0x1a/0x30 [ 11.389500] [ 11.389656] Freed by task 189: [ 11.389780] kasan_save_stack+0x45/0x70 [ 11.389910] kasan_save_track+0x18/0x40 [ 11.390052] kasan_save_free_info+0x3f/0x60 [ 11.390191] __kasan_slab_free+0x56/0x70 [ 11.390319] kfree+0x222/0x3f0 [ 11.390600] krealloc_uaf+0x13d/0x5e0 [ 11.390925] kunit_try_run_case+0x1a5/0x480 [ 11.391312] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.391925] kthread+0x337/0x6f0 [ 11.392234] ret_from_fork+0x116/0x1d0 [ 11.392647] ret_from_fork_asm+0x1a/0x30 [ 11.392999] [ 11.393152] The buggy address belongs to the object at ffff888100a2a200 [ 11.393152] which belongs to the cache kmalloc-256 of size 256 [ 11.394263] The buggy address is located 0 bytes inside of [ 11.394263] freed 256-byte region [ffff888100a2a200, ffff888100a2a300) [ 11.394833] [ 11.394905] The buggy address belongs to the physical page: [ 11.395084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.395323] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.396080] flags: 0x200000000000040(head|node=0|zone=2) [ 11.396607] page_type: f5(slab) [ 11.396905] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.397600] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.398316] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.399029] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.399810] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.400058] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.400277] page dumped because: kasan: bad access detected [ 11.400666] [ 11.400822] Memory state around the buggy address: [ 11.401229] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.401907] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.402586] >ffff888100a2a200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.403177] ^ [ 11.403629] ffff888100a2a280: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.403988] ffff888100a2a300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.404192] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 17.524949] ================================================================== [ 17.525350] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.525350] [ 17.525807] Use-after-free read at 0x(____ptrval____) (in kfence-#78): [ 17.526133] test_use_after_free_read+0x129/0x270 [ 17.526290] kunit_try_run_case+0x1a5/0x480 [ 17.526431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.526675] kthread+0x337/0x6f0 [ 17.526890] ret_from_fork+0x116/0x1d0 [ 17.527087] ret_from_fork_asm+0x1a/0x30 [ 17.527323] [ 17.527433] kfence-#78: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.527433] [ 17.527971] allocated by task 323 on cpu 0 at 17.524774s (0.003194s ago): [ 17.528206] test_alloc+0x2a6/0x10f0 [ 17.528327] test_use_after_free_read+0xdc/0x270 [ 17.528536] kunit_try_run_case+0x1a5/0x480 [ 17.528764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.529073] kthread+0x337/0x6f0 [ 17.529296] ret_from_fork+0x116/0x1d0 [ 17.529497] ret_from_fork_asm+0x1a/0x30 [ 17.529699] [ 17.529766] freed by task 323 on cpu 0 at 17.524831s (0.004933s ago): [ 17.529987] test_use_after_free_read+0xfb/0x270 [ 17.530173] kunit_try_run_case+0x1a5/0x480 [ 17.530379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.530646] kthread+0x337/0x6f0 [ 17.530828] ret_from_fork+0x116/0x1d0 [ 17.531035] ret_from_fork_asm+0x1a/0x30 [ 17.531244] [ 17.531338] CPU: 0 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 17.531965] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.532149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.532624] ================================================================== [ 17.420846] ================================================================== [ 17.421290] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 17.421290] [ 17.421991] Use-after-free read at 0x(____ptrval____) (in kfence-#77): [ 17.422313] test_use_after_free_read+0x129/0x270 [ 17.422574] kunit_try_run_case+0x1a5/0x480 [ 17.422781] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.422957] kthread+0x337/0x6f0 [ 17.423072] ret_from_fork+0x116/0x1d0 [ 17.423279] ret_from_fork_asm+0x1a/0x30 [ 17.423593] [ 17.423691] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.423691] [ 17.424138] allocated by task 321 on cpu 1 at 17.420634s (0.003501s ago): [ 17.424522] test_alloc+0x364/0x10f0 [ 17.424710] test_use_after_free_read+0xdc/0x270 [ 17.424938] kunit_try_run_case+0x1a5/0x480 [ 17.425164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.425363] kthread+0x337/0x6f0 [ 17.425545] ret_from_fork+0x116/0x1d0 [ 17.425775] ret_from_fork_asm+0x1a/0x30 [ 17.426020] [ 17.426241] freed by task 321 on cpu 1 at 17.420696s (0.005463s ago): [ 17.426682] test_use_after_free_read+0x1e7/0x270 [ 17.426969] kunit_try_run_case+0x1a5/0x480 [ 17.427199] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.427452] kthread+0x337/0x6f0 [ 17.427648] ret_from_fork+0x116/0x1d0 [ 17.427846] ret_from_fork_asm+0x1a/0x30 [ 17.428073] [ 17.428197] CPU: 1 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 17.428739] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.428872] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.429311] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 16.796926] ================================================================== [ 16.797363] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 16.797363] [ 16.797746] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#71): [ 16.798037] test_out_of_bounds_write+0x10d/0x260 [ 16.798263] kunit_try_run_case+0x1a5/0x480 [ 16.798478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.798695] kthread+0x337/0x6f0 [ 16.798861] ret_from_fork+0x116/0x1d0 [ 16.799001] ret_from_fork_asm+0x1a/0x30 [ 16.799140] [ 16.799217] kfence-#71: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.799217] [ 16.799701] allocated by task 317 on cpu 1 at 16.796802s (0.002897s ago): [ 16.800205] test_alloc+0x364/0x10f0 [ 16.800332] test_out_of_bounds_write+0xd4/0x260 [ 16.800632] kunit_try_run_case+0x1a5/0x480 [ 16.800829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.801005] kthread+0x337/0x6f0 [ 16.801122] ret_from_fork+0x116/0x1d0 [ 16.801309] ret_from_fork_asm+0x1a/0x30 [ 16.801499] [ 16.801651] CPU: 1 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 16.802120] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.802253] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.802568] ================================================================== [ 17.316818] ================================================================== [ 17.317256] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 17.317256] [ 17.317665] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#76): [ 17.318023] test_out_of_bounds_write+0x10d/0x260 [ 17.318238] kunit_try_run_case+0x1a5/0x480 [ 17.318508] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.318720] kthread+0x337/0x6f0 [ 17.318877] ret_from_fork+0x116/0x1d0 [ 17.319069] ret_from_fork_asm+0x1a/0x30 [ 17.319263] [ 17.319353] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.319353] [ 17.319706] allocated by task 319 on cpu 1 at 17.316751s (0.002952s ago): [ 17.319940] test_alloc+0x2a6/0x10f0 [ 17.320096] test_out_of_bounds_write+0xd4/0x260 [ 17.320316] kunit_try_run_case+0x1a5/0x480 [ 17.320548] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.321000] kthread+0x337/0x6f0 [ 17.321188] ret_from_fork+0x116/0x1d0 [ 17.321357] ret_from_fork_asm+0x1a/0x30 [ 17.321575] [ 17.321718] CPU: 1 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 17.322278] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.322475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.322801] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 15.758117] ================================================================== [ 15.758621] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.758621] [ 15.759114] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#61): [ 15.759522] test_out_of_bounds_read+0x126/0x4e0 [ 15.759691] kunit_try_run_case+0x1a5/0x480 [ 15.759903] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.760220] kthread+0x337/0x6f0 [ 15.760348] ret_from_fork+0x116/0x1d0 [ 15.760782] ret_from_fork_asm+0x1a/0x30 [ 15.761019] [ 15.761242] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.761242] [ 15.761998] allocated by task 313 on cpu 1 at 15.756821s (0.005009s ago): [ 15.762623] test_alloc+0x364/0x10f0 [ 15.762843] test_out_of_bounds_read+0xed/0x4e0 [ 15.763078] kunit_try_run_case+0x1a5/0x480 [ 15.763285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.763607] kthread+0x337/0x6f0 [ 15.763795] ret_from_fork+0x116/0x1d0 [ 15.763968] ret_from_fork_asm+0x1a/0x30 [ 15.764258] [ 15.764389] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.765005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.765200] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.765653] ================================================================== [ 16.068864] ================================================================== [ 16.069267] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 16.069267] [ 16.069785] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#64): [ 16.070132] test_out_of_bounds_read+0x126/0x4e0 [ 16.070343] kunit_try_run_case+0x1a5/0x480 [ 16.070552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.070747] kthread+0x337/0x6f0 [ 16.070971] ret_from_fork+0x116/0x1d0 [ 16.071165] ret_from_fork_asm+0x1a/0x30 [ 16.071563] [ 16.072196] kfence-#64: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.072196] [ 16.072876] allocated by task 315 on cpu 0 at 16.068736s (0.004137s ago): [ 16.073379] test_alloc+0x2a6/0x10f0 [ 16.073580] test_out_of_bounds_read+0xed/0x4e0 [ 16.073885] kunit_try_run_case+0x1a5/0x480 [ 16.074205] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.074603] kthread+0x337/0x6f0 [ 16.074874] ret_from_fork+0x116/0x1d0 [ 16.075158] ret_from_fork_asm+0x1a/0x30 [ 16.075342] [ 16.075436] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 16.075926] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.076383] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.076835] ================================================================== [ 15.964838] ================================================================== [ 15.965280] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 15.965280] [ 15.965764] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#63): [ 15.966150] test_out_of_bounds_read+0x216/0x4e0 [ 15.966341] kunit_try_run_case+0x1a5/0x480 [ 15.966482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.966713] kthread+0x337/0x6f0 [ 15.966905] ret_from_fork+0x116/0x1d0 [ 15.967132] ret_from_fork_asm+0x1a/0x30 [ 15.967333] [ 15.967443] kfence-#63: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.967443] [ 15.967834] allocated by task 313 on cpu 1 at 15.964727s (0.003104s ago): [ 15.968101] test_alloc+0x364/0x10f0 [ 15.968303] test_out_of_bounds_read+0x1e2/0x4e0 [ 15.968612] kunit_try_run_case+0x1a5/0x480 [ 15.968863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.969038] kthread+0x337/0x6f0 [ 15.969207] ret_from_fork+0x116/0x1d0 [ 15.969410] ret_from_fork_asm+0x1a/0x30 [ 15.969703] [ 15.969831] CPU: 1 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.970308] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.970457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.970876] ================================================================== [ 16.172887] ================================================================== [ 16.173292] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 16.173292] [ 16.174019] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#65): [ 16.174657] test_out_of_bounds_read+0x216/0x4e0 [ 16.174887] kunit_try_run_case+0x1a5/0x480 [ 16.175238] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.175662] kthread+0x337/0x6f0 [ 16.175844] ret_from_fork+0x116/0x1d0 [ 16.176019] ret_from_fork_asm+0x1a/0x30 [ 16.176198] [ 16.176292] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.176292] [ 16.176867] allocated by task 315 on cpu 0 at 16.172827s (0.004037s ago): [ 16.177169] test_alloc+0x2a6/0x10f0 [ 16.177335] test_out_of_bounds_read+0x1e2/0x4e0 [ 16.177980] kunit_try_run_case+0x1a5/0x480 [ 16.178158] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.178575] kthread+0x337/0x6f0 [ 16.178747] ret_from_fork+0x116/0x1d0 [ 16.179071] ret_from_fork_asm+0x1a/0x30 [ 16.179296] [ 16.179554] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 16.180082] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.180397] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.180890] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 147.182704] ================================================================== [ 147.183061] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 147.183338] Read of size 8 at addr ffff8881060ba870 by task kunit_try_catch/1605 [ 147.184213] [ 147.184583] CPU: 0 UID: 0 PID: 1605 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 147.184639] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 147.184652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 147.184670] Call Trace: [ 147.184683] <TASK> [ 147.184706] dump_stack_lvl+0x73/0xb0 [ 147.184741] print_report+0xd1/0x650 [ 147.184768] ? __virt_addr_valid+0x1db/0x2d0 [ 147.184793] ? drm_encoder_cleanup+0x265/0x270 [ 147.184815] ? kasan_complete_mode_report_info+0x64/0x200 [ 147.184850] ? drm_encoder_cleanup+0x265/0x270 [ 147.184873] kasan_report+0x141/0x180 [ 147.184894] ? drm_encoder_cleanup+0x265/0x270 [ 147.184920] __asan_report_load8_noabort+0x18/0x20 [ 147.184943] drm_encoder_cleanup+0x265/0x270 [ 147.184967] drmm_encoder_alloc_release+0x36/0x60 [ 147.184989] drm_managed_release+0x15c/0x470 [ 147.185011] ? simple_release_fs+0x86/0xb0 [ 147.185038] drm_dev_put.part.0+0xa1/0x100 [ 147.185060] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 147.185083] devm_drm_dev_init_release+0x17/0x30 [ 147.185107] devm_action_release+0x50/0x80 [ 147.185132] devres_release_all+0x186/0x240 [ 147.185154] ? __pfx_devres_release_all+0x10/0x10 [ 147.185175] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 147.185201] ? sysfs_remove_file_ns+0x56/0xa0 [ 147.185226] device_unbind_cleanup+0x1b/0x1b0 [ 147.185247] device_release_driver_internal+0x3e4/0x540 [ 147.185268] ? klist_devices_put+0x35/0x50 [ 147.185322] device_release_driver+0x16/0x20 [ 147.185343] bus_remove_device+0x1e9/0x3d0 [ 147.185364] device_del+0x397/0x980 [ 147.185387] ? __pfx_device_del+0x10/0x10 [ 147.185407] ? __kasan_check_write+0x18/0x20 [ 147.185425] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 147.185448] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 147.185473] device_unregister+0x1b/0xa0 [ 147.185493] device_unregister_wrapper+0x12/0x20 [ 147.185513] __kunit_action_free+0x57/0x70 [ 147.185535] kunit_remove_resource+0x133/0x200 [ 147.185555] ? preempt_count_sub+0x50/0x80 [ 147.185579] kunit_cleanup+0x7a/0x120 [ 147.185610] kunit_try_run_case_cleanup+0xbd/0xf0 [ 147.185634] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 147.185655] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.185675] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 147.185695] kthread+0x337/0x6f0 [ 147.185716] ? trace_preempt_on+0x20/0xc0 [ 147.185740] ? __pfx_kthread+0x10/0x10 [ 147.185761] ? _raw_spin_unlock_irq+0x47/0x80 [ 147.185780] ? calculate_sigpending+0x7b/0xa0 [ 147.185805] ? __pfx_kthread+0x10/0x10 [ 147.185826] ret_from_fork+0x116/0x1d0 [ 147.185857] ? __pfx_kthread+0x10/0x10 [ 147.185877] ret_from_fork_asm+0x1a/0x30 [ 147.185907] </TASK> [ 147.185920] [ 147.196284] Allocated by task 1604: [ 147.196486] kasan_save_stack+0x45/0x70 [ 147.196699] kasan_save_track+0x18/0x40 [ 147.196898] kasan_save_alloc_info+0x3b/0x50 [ 147.197131] __kasan_kmalloc+0xb7/0xc0 [ 147.197347] __kmalloc_noprof+0x1c9/0x500 [ 147.197561] __devm_drm_bridge_alloc+0x33/0x170 [ 147.197782] drm_test_bridge_init+0x188/0x5c0 [ 147.197993] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 147.198190] kunit_try_run_case+0x1a5/0x480 [ 147.198360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.198610] kthread+0x337/0x6f0 [ 147.198787] ret_from_fork+0x116/0x1d0 [ 147.199013] ret_from_fork_asm+0x1a/0x30 [ 147.199238] [ 147.199857] Freed by task 1605: [ 147.200037] kasan_save_stack+0x45/0x70 [ 147.200184] kasan_save_track+0x18/0x40 [ 147.200497] kasan_save_free_info+0x3f/0x60 [ 147.200719] __kasan_slab_free+0x56/0x70 [ 147.200918] kfree+0x222/0x3f0 [ 147.201983] drm_bridge_put.part.0+0xc7/0x100 [ 147.202171] drm_bridge_put_void+0x17/0x30 [ 147.202751] devm_action_release+0x50/0x80 [ 147.203276] devres_release_all+0x186/0x240 [ 147.203863] device_unbind_cleanup+0x1b/0x1b0 [ 147.204460] device_release_driver_internal+0x3e4/0x540 [ 147.205005] device_release_driver+0x16/0x20 [ 147.205165] bus_remove_device+0x1e9/0x3d0 [ 147.205308] device_del+0x397/0x980 [ 147.205548] device_unregister+0x1b/0xa0 [ 147.205933] device_unregister_wrapper+0x12/0x20 [ 147.206427] __kunit_action_free+0x57/0x70 [ 147.206819] kunit_remove_resource+0x133/0x200 [ 147.207233] kunit_cleanup+0x7a/0x120 [ 147.207652] kunit_try_run_case_cleanup+0xbd/0xf0 [ 147.207810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 147.207991] kthread+0x337/0x6f0 [ 147.208114] ret_from_fork+0x116/0x1d0 [ 147.208245] ret_from_fork_asm+0x1a/0x30 [ 147.208497] [ 147.208598] The buggy address belongs to the object at ffff8881060ba800 [ 147.208598] which belongs to the cache kmalloc-512 of size 512 [ 147.209560] The buggy address is located 112 bytes inside of [ 147.209560] freed 512-byte region [ffff8881060ba800, ffff8881060baa00) [ 147.209930] [ 147.210004] The buggy address belongs to the physical page: [ 147.210181] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1060b8 [ 147.210443] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 147.210866] flags: 0x200000000000040(head|node=0|zone=2) [ 147.211103] page_type: f5(slab) [ 147.211231] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 147.211793] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 147.212159] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 147.212566] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 147.212928] head: 0200000000000002 ffffea0004182e01 00000000ffffffff 00000000ffffffff [ 147.213265] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 147.213585] page dumped because: kasan: bad access detected [ 147.213846] [ 147.213931] Memory state around the buggy address: [ 147.214085] ffff8881060ba700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.214397] ffff8881060ba780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 147.214615] >ffff8881060ba800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.215185] ^ [ 147.215588] ffff8881060ba880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.215917] ffff8881060ba900: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 147.216197] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.604576] ================================================================== [ 15.604809] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.605295] Write of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.605960] [ 15.606136] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.606182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.606195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.606216] Call Trace: [ 15.606236] <TASK> [ 15.606254] dump_stack_lvl+0x73/0xb0 [ 15.606282] print_report+0xd1/0x650 [ 15.606306] ? __virt_addr_valid+0x1db/0x2d0 [ 15.606330] ? strncpy_from_user+0x2e/0x1d0 [ 15.606363] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.606406] ? strncpy_from_user+0x2e/0x1d0 [ 15.606441] kasan_report+0x141/0x180 [ 15.606464] ? strncpy_from_user+0x2e/0x1d0 [ 15.606492] kasan_check_range+0x10c/0x1c0 [ 15.606516] __kasan_check_write+0x18/0x20 [ 15.606536] strncpy_from_user+0x2e/0x1d0 [ 15.606559] ? __kasan_check_read+0x15/0x20 [ 15.606580] copy_user_test_oob+0x760/0x10f0 [ 15.606605] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.606628] ? finish_task_switch.isra.0+0x153/0x700 [ 15.606650] ? __switch_to+0x47/0xf50 [ 15.606676] ? __schedule+0x10cc/0x2b60 [ 15.606699] ? __pfx_read_tsc+0x10/0x10 [ 15.606720] ? ktime_get_ts64+0x86/0x230 [ 15.606746] kunit_try_run_case+0x1a5/0x480 [ 15.606770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.606792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.606814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.606837] ? __kthread_parkme+0x82/0x180 [ 15.606858] ? preempt_count_sub+0x50/0x80 [ 15.606880] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.606904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.606938] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.606962] kthread+0x337/0x6f0 [ 15.606981] ? trace_preempt_on+0x20/0xc0 [ 15.607006] ? __pfx_kthread+0x10/0x10 [ 15.607027] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.607048] ? calculate_sigpending+0x7b/0xa0 [ 15.607072] ? __pfx_kthread+0x10/0x10 [ 15.607094] ret_from_fork+0x116/0x1d0 [ 15.607113] ? __pfx_kthread+0x10/0x10 [ 15.607133] ret_from_fork_asm+0x1a/0x30 [ 15.607165] </TASK> [ 15.607175] [ 15.615023] Allocated by task 311: [ 15.615147] kasan_save_stack+0x45/0x70 [ 15.615282] kasan_save_track+0x18/0x40 [ 15.615429] kasan_save_alloc_info+0x3b/0x50 [ 15.615664] __kasan_kmalloc+0xb7/0xc0 [ 15.615845] __kmalloc_noprof+0x1c9/0x500 [ 15.616056] kunit_kmalloc_array+0x25/0x60 [ 15.616271] copy_user_test_oob+0xab/0x10f0 [ 15.616577] kunit_try_run_case+0x1a5/0x480 [ 15.616811] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.616996] kthread+0x337/0x6f0 [ 15.617111] ret_from_fork+0x116/0x1d0 [ 15.617236] ret_from_fork_asm+0x1a/0x30 [ 15.617368] [ 15.617553] The buggy address belongs to the object at ffff8881028df100 [ 15.617553] which belongs to the cache kmalloc-128 of size 128 [ 15.618149] The buggy address is located 0 bytes inside of [ 15.618149] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.618691] [ 15.618778] The buggy address belongs to the physical page: [ 15.618996] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.619339] flags: 0x200000000000000(node=0|zone=2) [ 15.619607] page_type: f5(slab) [ 15.619761] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.620114] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.620463] page dumped because: kasan: bad access detected [ 15.620699] [ 15.620790] Memory state around the buggy address: [ 15.621023] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.621306] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.621645] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.621857] ^ [ 15.622075] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.622283] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.622539] ================================================================== [ 15.623095] ================================================================== [ 15.623599] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.623941] Write of size 1 at addr ffff8881028df178 by task kunit_try_catch/311 [ 15.624307] [ 15.624441] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.624487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.624500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.624521] Call Trace: [ 15.624535] <TASK> [ 15.624550] dump_stack_lvl+0x73/0xb0 [ 15.624577] print_report+0xd1/0x650 [ 15.624599] ? __virt_addr_valid+0x1db/0x2d0 [ 15.624621] ? strncpy_from_user+0x1a5/0x1d0 [ 15.624644] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.624668] ? strncpy_from_user+0x1a5/0x1d0 [ 15.624692] kasan_report+0x141/0x180 [ 15.624715] ? strncpy_from_user+0x1a5/0x1d0 [ 15.624742] __asan_report_store1_noabort+0x1b/0x30 [ 15.624768] strncpy_from_user+0x1a5/0x1d0 [ 15.624793] copy_user_test_oob+0x760/0x10f0 [ 15.624818] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.624841] ? finish_task_switch.isra.0+0x153/0x700 [ 15.624862] ? __switch_to+0x47/0xf50 [ 15.624887] ? __schedule+0x10cc/0x2b60 [ 15.624909] ? __pfx_read_tsc+0x10/0x10 [ 15.624940] ? ktime_get_ts64+0x86/0x230 [ 15.624967] kunit_try_run_case+0x1a5/0x480 [ 15.624990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.625013] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.625035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.625067] ? __kthread_parkme+0x82/0x180 [ 15.625088] ? preempt_count_sub+0x50/0x80 [ 15.625110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.625145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.625178] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.625201] kthread+0x337/0x6f0 [ 15.625221] ? trace_preempt_on+0x20/0xc0 [ 15.625257] ? __pfx_kthread+0x10/0x10 [ 15.625278] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.625298] ? calculate_sigpending+0x7b/0xa0 [ 15.625323] ? __pfx_kthread+0x10/0x10 [ 15.625345] ret_from_fork+0x116/0x1d0 [ 15.625363] ? __pfx_kthread+0x10/0x10 [ 15.625384] ret_from_fork_asm+0x1a/0x30 [ 15.625414] </TASK> [ 15.625425] [ 15.632830] Allocated by task 311: [ 15.633032] kasan_save_stack+0x45/0x70 [ 15.633224] kasan_save_track+0x18/0x40 [ 15.633354] kasan_save_alloc_info+0x3b/0x50 [ 15.633572] __kasan_kmalloc+0xb7/0xc0 [ 15.633802] __kmalloc_noprof+0x1c9/0x500 [ 15.634010] kunit_kmalloc_array+0x25/0x60 [ 15.634185] copy_user_test_oob+0xab/0x10f0 [ 15.634388] kunit_try_run_case+0x1a5/0x480 [ 15.634587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.634823] kthread+0x337/0x6f0 [ 15.635000] ret_from_fork+0x116/0x1d0 [ 15.635177] ret_from_fork_asm+0x1a/0x30 [ 15.635364] [ 15.635461] The buggy address belongs to the object at ffff8881028df100 [ 15.635461] which belongs to the cache kmalloc-128 of size 128 [ 15.636003] The buggy address is located 0 bytes to the right of [ 15.636003] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.636594] [ 15.636662] The buggy address belongs to the physical page: [ 15.636920] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.637269] flags: 0x200000000000000(node=0|zone=2) [ 15.637497] page_type: f5(slab) [ 15.637670] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.637990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.638315] page dumped because: kasan: bad access detected [ 15.638606] [ 15.638691] Memory state around the buggy address: [ 15.638900] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.639122] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.639330] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.639534] ^ [ 15.639743] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.640016] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.640350] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.576169] ================================================================== [ 15.576888] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.577549] Read of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.578223] [ 15.578420] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.578487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.578500] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.578522] Call Trace: [ 15.578551] <TASK> [ 15.578570] dump_stack_lvl+0x73/0xb0 [ 15.578599] print_report+0xd1/0x650 [ 15.578623] ? __virt_addr_valid+0x1db/0x2d0 [ 15.578648] ? copy_user_test_oob+0x604/0x10f0 [ 15.578672] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.578695] ? copy_user_test_oob+0x604/0x10f0 [ 15.578719] kasan_report+0x141/0x180 [ 15.578741] ? copy_user_test_oob+0x604/0x10f0 [ 15.578769] kasan_check_range+0x10c/0x1c0 [ 15.578794] __kasan_check_read+0x15/0x20 [ 15.578815] copy_user_test_oob+0x604/0x10f0 [ 15.578840] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.578863] ? finish_task_switch.isra.0+0x153/0x700 [ 15.578884] ? __switch_to+0x47/0xf50 [ 15.578909] ? __schedule+0x10cc/0x2b60 [ 15.578942] ? __pfx_read_tsc+0x10/0x10 [ 15.578964] ? ktime_get_ts64+0x86/0x230 [ 15.578989] kunit_try_run_case+0x1a5/0x480 [ 15.579014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.579036] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.579058] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.579080] ? __kthread_parkme+0x82/0x180 [ 15.579101] ? preempt_count_sub+0x50/0x80 [ 15.579125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.579149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.579173] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.579196] kthread+0x337/0x6f0 [ 15.579216] ? trace_preempt_on+0x20/0xc0 [ 15.579242] ? __pfx_kthread+0x10/0x10 [ 15.579263] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.579283] ? calculate_sigpending+0x7b/0xa0 [ 15.579308] ? __pfx_kthread+0x10/0x10 [ 15.579329] ret_from_fork+0x116/0x1d0 [ 15.579348] ? __pfx_kthread+0x10/0x10 [ 15.579369] ret_from_fork_asm+0x1a/0x30 [ 15.579419] </TASK> [ 15.579431] [ 15.591791] Allocated by task 311: [ 15.592078] kasan_save_stack+0x45/0x70 [ 15.592277] kasan_save_track+0x18/0x40 [ 15.592651] kasan_save_alloc_info+0x3b/0x50 [ 15.593012] __kasan_kmalloc+0xb7/0xc0 [ 15.593140] __kmalloc_noprof+0x1c9/0x500 [ 15.593273] kunit_kmalloc_array+0x25/0x60 [ 15.593513] copy_user_test_oob+0xab/0x10f0 [ 15.593917] kunit_try_run_case+0x1a5/0x480 [ 15.594305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.594800] kthread+0x337/0x6f0 [ 15.595114] ret_from_fork+0x116/0x1d0 [ 15.595478] ret_from_fork_asm+0x1a/0x30 [ 15.595743] [ 15.595811] The buggy address belongs to the object at ffff8881028df100 [ 15.595811] which belongs to the cache kmalloc-128 of size 128 [ 15.596173] The buggy address is located 0 bytes inside of [ 15.596173] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.596885] [ 15.597063] The buggy address belongs to the physical page: [ 15.597572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.598262] flags: 0x200000000000000(node=0|zone=2) [ 15.598722] page_type: f5(slab) [ 15.599038] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.599711] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.600205] page dumped because: kasan: bad access detected [ 15.600403] [ 15.600571] Memory state around the buggy address: [ 15.601015] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.601643] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.602126] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.602333] ^ [ 15.602951] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.603587] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.604020] ================================================================== [ 15.512424] ================================================================== [ 15.512692] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.512925] Write of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.513161] [ 15.513244] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.513291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.513304] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.513327] Call Trace: [ 15.513343] <TASK> [ 15.513361] dump_stack_lvl+0x73/0xb0 [ 15.513390] print_report+0xd1/0x650 [ 15.513413] ? __virt_addr_valid+0x1db/0x2d0 [ 15.513436] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.513459] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.513482] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.513506] kasan_report+0x141/0x180 [ 15.513528] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.513556] kasan_check_range+0x10c/0x1c0 [ 15.513580] __kasan_check_write+0x18/0x20 [ 15.513599] copy_user_test_oob+0x3fd/0x10f0 [ 15.513624] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.513647] ? finish_task_switch.isra.0+0x153/0x700 [ 15.513671] ? __switch_to+0x47/0xf50 [ 15.513702] ? __schedule+0x10cc/0x2b60 [ 15.513724] ? __pfx_read_tsc+0x10/0x10 [ 15.513745] ? ktime_get_ts64+0x86/0x230 [ 15.513771] kunit_try_run_case+0x1a5/0x480 [ 15.513794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.513816] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.513839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.513861] ? __kthread_parkme+0x82/0x180 [ 15.513881] ? preempt_count_sub+0x50/0x80 [ 15.513904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.513937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.513959] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.513982] kthread+0x337/0x6f0 [ 15.514002] ? trace_preempt_on+0x20/0xc0 [ 15.514026] ? __pfx_kthread+0x10/0x10 [ 15.514047] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.514068] ? calculate_sigpending+0x7b/0xa0 [ 15.514092] ? __pfx_kthread+0x10/0x10 [ 15.514114] ret_from_fork+0x116/0x1d0 [ 15.514132] ? __pfx_kthread+0x10/0x10 [ 15.514152] ret_from_fork_asm+0x1a/0x30 [ 15.514183] </TASK> [ 15.514194] [ 15.522253] Allocated by task 311: [ 15.522623] kasan_save_stack+0x45/0x70 [ 15.522784] kasan_save_track+0x18/0x40 [ 15.522915] kasan_save_alloc_info+0x3b/0x50 [ 15.523072] __kasan_kmalloc+0xb7/0xc0 [ 15.523199] __kmalloc_noprof+0x1c9/0x500 [ 15.523335] kunit_kmalloc_array+0x25/0x60 [ 15.523475] copy_user_test_oob+0xab/0x10f0 [ 15.523614] kunit_try_run_case+0x1a5/0x480 [ 15.523752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.523918] kthread+0x337/0x6f0 [ 15.524053] ret_from_fork+0x116/0x1d0 [ 15.524204] ret_from_fork_asm+0x1a/0x30 [ 15.524337] [ 15.524417] The buggy address belongs to the object at ffff8881028df100 [ 15.524417] which belongs to the cache kmalloc-128 of size 128 [ 15.524769] The buggy address is located 0 bytes inside of [ 15.524769] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.525116] [ 15.525185] The buggy address belongs to the physical page: [ 15.525357] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.525698] flags: 0x200000000000000(node=0|zone=2) [ 15.525918] page_type: f5(slab) [ 15.526101] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.526422] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.527337] page dumped because: kasan: bad access detected [ 15.527513] [ 15.527584] Memory state around the buggy address: [ 15.528139] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.528473] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.528760] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.529028] ^ [ 15.529267] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.529723] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.530021] ================================================================== [ 15.530543] ================================================================== [ 15.530885] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.531231] Read of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.531727] [ 15.531809] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.531855] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.531867] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.531888] Call Trace: [ 15.531907] <TASK> [ 15.531925] dump_stack_lvl+0x73/0xb0 [ 15.531984] print_report+0xd1/0x650 [ 15.532009] ? __virt_addr_valid+0x1db/0x2d0 [ 15.532033] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.532056] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.532095] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.532120] kasan_report+0x141/0x180 [ 15.532142] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.532171] kasan_check_range+0x10c/0x1c0 [ 15.532195] __kasan_check_read+0x15/0x20 [ 15.532215] copy_user_test_oob+0x4aa/0x10f0 [ 15.532241] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.532265] ? finish_task_switch.isra.0+0x153/0x700 [ 15.532288] ? __switch_to+0x47/0xf50 [ 15.532313] ? __schedule+0x10cc/0x2b60 [ 15.532336] ? __pfx_read_tsc+0x10/0x10 [ 15.532358] ? ktime_get_ts64+0x86/0x230 [ 15.532383] kunit_try_run_case+0x1a5/0x480 [ 15.532407] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.532429] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.532453] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.532475] ? __kthread_parkme+0x82/0x180 [ 15.532496] ? preempt_count_sub+0x50/0x80 [ 15.532520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.532544] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.532567] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.532598] kthread+0x337/0x6f0 [ 15.532618] ? trace_preempt_on+0x20/0xc0 [ 15.532643] ? __pfx_kthread+0x10/0x10 [ 15.532664] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.532685] ? calculate_sigpending+0x7b/0xa0 [ 15.532709] ? __pfx_kthread+0x10/0x10 [ 15.532731] ret_from_fork+0x116/0x1d0 [ 15.532749] ? __pfx_kthread+0x10/0x10 [ 15.532770] ret_from_fork_asm+0x1a/0x30 [ 15.532801] </TASK> [ 15.532813] [ 15.539752] Allocated by task 311: [ 15.539941] kasan_save_stack+0x45/0x70 [ 15.540141] kasan_save_track+0x18/0x40 [ 15.540285] kasan_save_alloc_info+0x3b/0x50 [ 15.540523] __kasan_kmalloc+0xb7/0xc0 [ 15.540685] __kmalloc_noprof+0x1c9/0x500 [ 15.540848] kunit_kmalloc_array+0x25/0x60 [ 15.541006] copy_user_test_oob+0xab/0x10f0 [ 15.541211] kunit_try_run_case+0x1a5/0x480 [ 15.541420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.541644] kthread+0x337/0x6f0 [ 15.541796] ret_from_fork+0x116/0x1d0 [ 15.541972] ret_from_fork_asm+0x1a/0x30 [ 15.542141] [ 15.542208] The buggy address belongs to the object at ffff8881028df100 [ 15.542208] which belongs to the cache kmalloc-128 of size 128 [ 15.542944] The buggy address is located 0 bytes inside of [ 15.542944] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.543516] [ 15.543610] The buggy address belongs to the physical page: [ 15.543837] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.544159] flags: 0x200000000000000(node=0|zone=2) [ 15.544355] page_type: f5(slab) [ 15.544576] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.544854] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.545161] page dumped because: kasan: bad access detected [ 15.545371] [ 15.545491] Memory state around the buggy address: [ 15.545700] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.545980] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.546218] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.546447] ^ [ 15.546751] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.547144] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.547351] ================================================================== [ 15.548051] ================================================================== [ 15.548486] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.548780] Write of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.549113] [ 15.549313] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.549359] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.549372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.549394] Call Trace: [ 15.549414] <TASK> [ 15.549430] dump_stack_lvl+0x73/0xb0 [ 15.549458] print_report+0xd1/0x650 [ 15.549480] ? __virt_addr_valid+0x1db/0x2d0 [ 15.549504] ? copy_user_test_oob+0x557/0x10f0 [ 15.549527] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.549549] ? copy_user_test_oob+0x557/0x10f0 [ 15.549575] kasan_report+0x141/0x180 [ 15.549598] ? copy_user_test_oob+0x557/0x10f0 [ 15.549626] kasan_check_range+0x10c/0x1c0 [ 15.549650] __kasan_check_write+0x18/0x20 [ 15.549669] copy_user_test_oob+0x557/0x10f0 [ 15.549700] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.549723] ? finish_task_switch.isra.0+0x153/0x700 [ 15.549757] ? __switch_to+0x47/0xf50 [ 15.549782] ? __schedule+0x10cc/0x2b60 [ 15.549804] ? __pfx_read_tsc+0x10/0x10 [ 15.549825] ? ktime_get_ts64+0x86/0x230 [ 15.549849] kunit_try_run_case+0x1a5/0x480 [ 15.549873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.549896] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.549919] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.550836] ? __kthread_parkme+0x82/0x180 [ 15.550863] ? preempt_count_sub+0x50/0x80 [ 15.550888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.550913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.550951] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.550975] kthread+0x337/0x6f0 [ 15.550995] ? trace_preempt_on+0x20/0xc0 [ 15.551022] ? __pfx_kthread+0x10/0x10 [ 15.551043] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.551064] ? calculate_sigpending+0x7b/0xa0 [ 15.551088] ? __pfx_kthread+0x10/0x10 [ 15.551110] ret_from_fork+0x116/0x1d0 [ 15.551129] ? __pfx_kthread+0x10/0x10 [ 15.551150] ret_from_fork_asm+0x1a/0x30 [ 15.551181] </TASK> [ 15.551193] [ 15.563446] Allocated by task 311: [ 15.563803] kasan_save_stack+0x45/0x70 [ 15.564186] kasan_save_track+0x18/0x40 [ 15.564569] kasan_save_alloc_info+0x3b/0x50 [ 15.564972] __kasan_kmalloc+0xb7/0xc0 [ 15.565324] __kmalloc_noprof+0x1c9/0x500 [ 15.565716] kunit_kmalloc_array+0x25/0x60 [ 15.566043] copy_user_test_oob+0xab/0x10f0 [ 15.566180] kunit_try_run_case+0x1a5/0x480 [ 15.566315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.566753] kthread+0x337/0x6f0 [ 15.567072] ret_from_fork+0x116/0x1d0 [ 15.567441] ret_from_fork_asm+0x1a/0x30 [ 15.567806] [ 15.567971] The buggy address belongs to the object at ffff8881028df100 [ 15.567971] which belongs to the cache kmalloc-128 of size 128 [ 15.568616] The buggy address is located 0 bytes inside of [ 15.568616] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.569011] [ 15.569185] The buggy address belongs to the physical page: [ 15.569695] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.570366] flags: 0x200000000000000(node=0|zone=2) [ 15.570829] page_type: f5(slab) [ 15.571149] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.571821] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.572119] page dumped because: kasan: bad access detected [ 15.572280] [ 15.572343] Memory state around the buggy address: [ 15.572789] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.573436] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.574066] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.574622] ^ [ 15.574824] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.575038] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.575238] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.488514] ================================================================== [ 15.488832] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.489117] Read of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.489410] [ 15.489568] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.489616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.489630] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.489652] Call Trace: [ 15.489671] <TASK> [ 15.489697] dump_stack_lvl+0x73/0xb0 [ 15.489726] print_report+0xd1/0x650 [ 15.489750] ? __virt_addr_valid+0x1db/0x2d0 [ 15.489773] ? _copy_to_user+0x3c/0x70 [ 15.489793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.489815] ? _copy_to_user+0x3c/0x70 [ 15.489835] kasan_report+0x141/0x180 [ 15.489857] ? _copy_to_user+0x3c/0x70 [ 15.489881] kasan_check_range+0x10c/0x1c0 [ 15.489906] __kasan_check_read+0x15/0x20 [ 15.489926] _copy_to_user+0x3c/0x70 [ 15.489956] copy_user_test_oob+0x364/0x10f0 [ 15.489982] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.490005] ? finish_task_switch.isra.0+0x153/0x700 [ 15.490028] ? __switch_to+0x47/0xf50 [ 15.490055] ? __schedule+0x10cc/0x2b60 [ 15.490077] ? __pfx_read_tsc+0x10/0x10 [ 15.490098] ? ktime_get_ts64+0x86/0x230 [ 15.490124] kunit_try_run_case+0x1a5/0x480 [ 15.490148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.490169] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.490193] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.490215] ? __kthread_parkme+0x82/0x180 [ 15.490235] ? preempt_count_sub+0x50/0x80 [ 15.490259] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.490283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.490306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.490330] kthread+0x337/0x6f0 [ 15.490350] ? trace_preempt_on+0x20/0xc0 [ 15.490374] ? __pfx_kthread+0x10/0x10 [ 15.490408] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.490429] ? calculate_sigpending+0x7b/0xa0 [ 15.490454] ? __pfx_kthread+0x10/0x10 [ 15.490475] ret_from_fork+0x116/0x1d0 [ 15.490494] ? __pfx_kthread+0x10/0x10 [ 15.490514] ret_from_fork_asm+0x1a/0x30 [ 15.490546] </TASK> [ 15.490557] [ 15.500080] Allocated by task 311: [ 15.500215] kasan_save_stack+0x45/0x70 [ 15.500445] kasan_save_track+0x18/0x40 [ 15.500634] kasan_save_alloc_info+0x3b/0x50 [ 15.500840] __kasan_kmalloc+0xb7/0xc0 [ 15.501009] __kmalloc_noprof+0x1c9/0x500 [ 15.501175] kunit_kmalloc_array+0x25/0x60 [ 15.501312] copy_user_test_oob+0xab/0x10f0 [ 15.501657] kunit_try_run_case+0x1a5/0x480 [ 15.501858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.502092] kthread+0x337/0x6f0 [ 15.502210] ret_from_fork+0x116/0x1d0 [ 15.502336] ret_from_fork_asm+0x1a/0x30 [ 15.502519] [ 15.502607] The buggy address belongs to the object at ffff8881028df100 [ 15.502607] which belongs to the cache kmalloc-128 of size 128 [ 15.503109] The buggy address is located 0 bytes inside of [ 15.503109] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.503809] [ 15.503896] The buggy address belongs to the physical page: [ 15.504127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.504468] flags: 0x200000000000000(node=0|zone=2) [ 15.504637] page_type: f5(slab) [ 15.504804] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.505120] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.505385] page dumped because: kasan: bad access detected [ 15.505637] [ 15.505708] Memory state around the buggy address: [ 15.506011] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.506267] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.506523] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.506906] ^ [ 15.507230] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.507543] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.507818] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 15.464702] ================================================================== [ 15.465348] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 15.465754] Write of size 121 at addr ffff8881028df100 by task kunit_try_catch/311 [ 15.466412] [ 15.466639] CPU: 1 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.466697] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.466710] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.466734] Call Trace: [ 15.466749] <TASK> [ 15.466771] dump_stack_lvl+0x73/0xb0 [ 15.466806] print_report+0xd1/0x650 [ 15.466831] ? __virt_addr_valid+0x1db/0x2d0 [ 15.466855] ? _copy_from_user+0x32/0x90 [ 15.466875] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.466898] ? _copy_from_user+0x32/0x90 [ 15.466918] kasan_report+0x141/0x180 [ 15.466952] ? _copy_from_user+0x32/0x90 [ 15.466976] kasan_check_range+0x10c/0x1c0 [ 15.467000] __kasan_check_write+0x18/0x20 [ 15.467020] _copy_from_user+0x32/0x90 [ 15.467041] copy_user_test_oob+0x2be/0x10f0 [ 15.467069] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.467092] ? finish_task_switch.isra.0+0x153/0x700 [ 15.467116] ? __switch_to+0x47/0xf50 [ 15.467144] ? __schedule+0x10cc/0x2b60 [ 15.467169] ? __pfx_read_tsc+0x10/0x10 [ 15.467191] ? ktime_get_ts64+0x86/0x230 [ 15.467218] kunit_try_run_case+0x1a5/0x480 [ 15.467242] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.467264] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.467287] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.467311] ? __kthread_parkme+0x82/0x180 [ 15.467332] ? preempt_count_sub+0x50/0x80 [ 15.467354] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.467378] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.467404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.467427] kthread+0x337/0x6f0 [ 15.467447] ? trace_preempt_on+0x20/0xc0 [ 15.467472] ? __pfx_kthread+0x10/0x10 [ 15.467493] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.467514] ? calculate_sigpending+0x7b/0xa0 [ 15.467540] ? __pfx_kthread+0x10/0x10 [ 15.467562] ret_from_fork+0x116/0x1d0 [ 15.467580] ? __pfx_kthread+0x10/0x10 [ 15.467601] ret_from_fork_asm+0x1a/0x30 [ 15.467633] </TASK> [ 15.467647] [ 15.476563] Allocated by task 311: [ 15.476738] kasan_save_stack+0x45/0x70 [ 15.476937] kasan_save_track+0x18/0x40 [ 15.477069] kasan_save_alloc_info+0x3b/0x50 [ 15.477211] __kasan_kmalloc+0xb7/0xc0 [ 15.477393] __kmalloc_noprof+0x1c9/0x500 [ 15.477600] kunit_kmalloc_array+0x25/0x60 [ 15.477801] copy_user_test_oob+0xab/0x10f0 [ 15.478010] kunit_try_run_case+0x1a5/0x480 [ 15.478184] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.478352] kthread+0x337/0x6f0 [ 15.478507] ret_from_fork+0x116/0x1d0 [ 15.478718] ret_from_fork_asm+0x1a/0x30 [ 15.478881] [ 15.478961] The buggy address belongs to the object at ffff8881028df100 [ 15.478961] which belongs to the cache kmalloc-128 of size 128 [ 15.479409] The buggy address is located 0 bytes inside of [ 15.479409] allocated 120-byte region [ffff8881028df100, ffff8881028df178) [ 15.479994] [ 15.480066] The buggy address belongs to the physical page: [ 15.480297] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028df [ 15.480654] flags: 0x200000000000000(node=0|zone=2) [ 15.480895] page_type: f5(slab) [ 15.481107] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.481330] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.482193] page dumped because: kasan: bad access detected [ 15.482465] [ 15.482552] Memory state around the buggy address: [ 15.482753] ffff8881028df000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.483058] ffff8881028df080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.483354] >ffff8881028df100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.483966] ^ [ 15.484272] ffff8881028df180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.484743] ffff8881028df200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.485124] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 15.432898] ================================================================== [ 15.433226] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 15.433626] Write of size 8 at addr ffff888102a34678 by task kunit_try_catch/307 [ 15.433921] [ 15.434100] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.434148] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.434161] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.434216] Call Trace: [ 15.434231] <TASK> [ 15.434261] dump_stack_lvl+0x73/0xb0 [ 15.434304] print_report+0xd1/0x650 [ 15.434327] ? __virt_addr_valid+0x1db/0x2d0 [ 15.434351] ? copy_to_kernel_nofault+0x99/0x260 [ 15.434375] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.434406] ? copy_to_kernel_nofault+0x99/0x260 [ 15.434430] kasan_report+0x141/0x180 [ 15.434453] ? copy_to_kernel_nofault+0x99/0x260 [ 15.434510] kasan_check_range+0x10c/0x1c0 [ 15.434534] __kasan_check_write+0x18/0x20 [ 15.434554] copy_to_kernel_nofault+0x99/0x260 [ 15.434591] copy_to_kernel_nofault_oob+0x288/0x560 [ 15.434629] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.434653] ? finish_task_switch.isra.0+0x153/0x700 [ 15.434676] ? __schedule+0x10cc/0x2b60 [ 15.434699] ? trace_hardirqs_on+0x37/0xe0 [ 15.434732] ? __pfx_read_tsc+0x10/0x10 [ 15.434755] ? ktime_get_ts64+0x86/0x230 [ 15.434781] kunit_try_run_case+0x1a5/0x480 [ 15.434806] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.434828] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.434851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.434874] ? __kthread_parkme+0x82/0x180 [ 15.434894] ? preempt_count_sub+0x50/0x80 [ 15.434918] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.434953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.434977] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.435001] kthread+0x337/0x6f0 [ 15.435021] ? trace_preempt_on+0x20/0xc0 [ 15.435044] ? __pfx_kthread+0x10/0x10 [ 15.435064] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.435085] ? calculate_sigpending+0x7b/0xa0 [ 15.435110] ? __pfx_kthread+0x10/0x10 [ 15.435132] ret_from_fork+0x116/0x1d0 [ 15.435151] ? __pfx_kthread+0x10/0x10 [ 15.435172] ret_from_fork_asm+0x1a/0x30 [ 15.435204] </TASK> [ 15.435215] [ 15.443203] Allocated by task 307: [ 15.443537] kasan_save_stack+0x45/0x70 [ 15.443732] kasan_save_track+0x18/0x40 [ 15.443896] kasan_save_alloc_info+0x3b/0x50 [ 15.444137] __kasan_kmalloc+0xb7/0xc0 [ 15.444291] __kmalloc_cache_noprof+0x189/0x420 [ 15.444529] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.444846] kunit_try_run_case+0x1a5/0x480 [ 15.445124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.445502] kthread+0x337/0x6f0 [ 15.445649] ret_from_fork+0x116/0x1d0 [ 15.445782] ret_from_fork_asm+0x1a/0x30 [ 15.445914] [ 15.445991] The buggy address belongs to the object at ffff888102a34600 [ 15.445991] which belongs to the cache kmalloc-128 of size 128 [ 15.446338] The buggy address is located 0 bytes to the right of [ 15.446338] allocated 120-byte region [ffff888102a34600, ffff888102a34678) [ 15.446809] [ 15.446901] The buggy address belongs to the physical page: [ 15.447203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a34 [ 15.447558] flags: 0x200000000000000(node=0|zone=2) [ 15.447788] page_type: f5(slab) [ 15.447960] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.448388] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.448837] page dumped because: kasan: bad access detected [ 15.449162] [ 15.449300] Memory state around the buggy address: [ 15.449645] ffff888102a34500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.449891] ffff888102a34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.450116] >ffff888102a34600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.450323] ^ [ 15.450529] ffff888102a34680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.450984] ffff888102a34700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.451344] ================================================================== [ 15.411911] ================================================================== [ 15.413190] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 15.413788] Read of size 8 at addr ffff888102a34678 by task kunit_try_catch/307 [ 15.414368] [ 15.414470] CPU: 0 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.414523] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.414537] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.414561] Call Trace: [ 15.414576] <TASK> [ 15.414596] dump_stack_lvl+0x73/0xb0 [ 15.414628] print_report+0xd1/0x650 [ 15.414654] ? __virt_addr_valid+0x1db/0x2d0 [ 15.414678] ? copy_to_kernel_nofault+0x225/0x260 [ 15.414702] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.414725] ? copy_to_kernel_nofault+0x225/0x260 [ 15.414749] kasan_report+0x141/0x180 [ 15.414771] ? copy_to_kernel_nofault+0x225/0x260 [ 15.414800] __asan_report_load8_noabort+0x18/0x20 [ 15.414825] copy_to_kernel_nofault+0x225/0x260 [ 15.414849] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 15.414873] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 15.414896] ? finish_task_switch.isra.0+0x153/0x700 [ 15.414921] ? __schedule+0x10cc/0x2b60 [ 15.414954] ? trace_hardirqs_on+0x37/0xe0 [ 15.414986] ? __pfx_read_tsc+0x10/0x10 [ 15.415009] ? ktime_get_ts64+0x86/0x230 [ 15.415036] kunit_try_run_case+0x1a5/0x480 [ 15.415062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.415084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.415108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.415130] ? __kthread_parkme+0x82/0x180 [ 15.415152] ? preempt_count_sub+0x50/0x80 [ 15.415174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.415197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.415221] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.415244] kthread+0x337/0x6f0 [ 15.415264] ? trace_preempt_on+0x20/0xc0 [ 15.415286] ? __pfx_kthread+0x10/0x10 [ 15.415320] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.415353] ? calculate_sigpending+0x7b/0xa0 [ 15.415392] ? __pfx_kthread+0x10/0x10 [ 15.415413] ret_from_fork+0x116/0x1d0 [ 15.415432] ? __pfx_kthread+0x10/0x10 [ 15.415453] ret_from_fork_asm+0x1a/0x30 [ 15.415486] </TASK> [ 15.415500] [ 15.423223] Allocated by task 307: [ 15.423351] kasan_save_stack+0x45/0x70 [ 15.423490] kasan_save_track+0x18/0x40 [ 15.423619] kasan_save_alloc_info+0x3b/0x50 [ 15.424092] __kasan_kmalloc+0xb7/0xc0 [ 15.424314] __kmalloc_cache_noprof+0x189/0x420 [ 15.424530] copy_to_kernel_nofault_oob+0x12f/0x560 [ 15.424831] kunit_try_run_case+0x1a5/0x480 [ 15.424981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.425146] kthread+0x337/0x6f0 [ 15.425302] ret_from_fork+0x116/0x1d0 [ 15.425650] ret_from_fork_asm+0x1a/0x30 [ 15.426083] [ 15.426202] The buggy address belongs to the object at ffff888102a34600 [ 15.426202] which belongs to the cache kmalloc-128 of size 128 [ 15.426829] The buggy address is located 0 bytes to the right of [ 15.426829] allocated 120-byte region [ffff888102a34600, ffff888102a34678) [ 15.427357] [ 15.427507] The buggy address belongs to the physical page: [ 15.427678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a34 [ 15.427915] flags: 0x200000000000000(node=0|zone=2) [ 15.428080] page_type: f5(slab) [ 15.428275] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.428902] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.429246] page dumped because: kasan: bad access detected [ 15.429485] [ 15.429552] Memory state around the buggy address: [ 15.429708] ffff888102a34500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.429920] ffff888102a34580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.430514] >ffff888102a34600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.430891] ^ [ 15.431110] ffff888102a34680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.431648] ffff888102a34700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.432014] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 14.585893] ================================================================== [ 14.586525] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.586959] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.587429] [ 14.587536] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.587581] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.587593] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.587613] Call Trace: [ 14.587627] <TASK> [ 14.587642] dump_stack_lvl+0x73/0xb0 [ 14.587667] print_report+0xd1/0x650 [ 14.587689] ? __virt_addr_valid+0x1db/0x2d0 [ 14.587711] ? kasan_atomics_helper+0x1217/0x5450 [ 14.587732] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.587755] ? kasan_atomics_helper+0x1217/0x5450 [ 14.587776] kasan_report+0x141/0x180 [ 14.587798] ? kasan_atomics_helper+0x1217/0x5450 [ 14.587824] kasan_check_range+0x10c/0x1c0 [ 14.587848] __kasan_check_write+0x18/0x20 [ 14.587867] kasan_atomics_helper+0x1217/0x5450 [ 14.587890] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.587970] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.588056] ? kasan_atomics+0x152/0x310 [ 14.588083] kasan_atomics+0x1dc/0x310 [ 14.588106] ? __pfx_kasan_atomics+0x10/0x10 [ 14.588130] ? __pfx_read_tsc+0x10/0x10 [ 14.588151] ? ktime_get_ts64+0x86/0x230 [ 14.588177] kunit_try_run_case+0x1a5/0x480 [ 14.588201] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.588222] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.588244] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.588267] ? __kthread_parkme+0x82/0x180 [ 14.588287] ? preempt_count_sub+0x50/0x80 [ 14.588309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.588333] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.588356] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.588378] kthread+0x337/0x6f0 [ 14.588400] ? trace_preempt_on+0x20/0xc0 [ 14.588424] ? __pfx_kthread+0x10/0x10 [ 14.588445] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.588466] ? calculate_sigpending+0x7b/0xa0 [ 14.588490] ? __pfx_kthread+0x10/0x10 [ 14.588512] ret_from_fork+0x116/0x1d0 [ 14.588531] ? __pfx_kthread+0x10/0x10 [ 14.588551] ret_from_fork_asm+0x1a/0x30 [ 14.588582] </TASK> [ 14.588593] [ 14.596417] Allocated by task 290: [ 14.596544] kasan_save_stack+0x45/0x70 [ 14.596720] kasan_save_track+0x18/0x40 [ 14.596910] kasan_save_alloc_info+0x3b/0x50 [ 14.597175] __kasan_kmalloc+0xb7/0xc0 [ 14.597360] __kmalloc_cache_noprof+0x189/0x420 [ 14.597578] kasan_atomics+0x95/0x310 [ 14.597766] kunit_try_run_case+0x1a5/0x480 [ 14.597981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.598196] kthread+0x337/0x6f0 [ 14.598311] ret_from_fork+0x116/0x1d0 [ 14.598563] ret_from_fork_asm+0x1a/0x30 [ 14.598809] [ 14.598900] The buggy address belongs to the object at ffff8881028d8d80 [ 14.598900] which belongs to the cache kmalloc-64 of size 64 [ 14.599492] The buggy address is located 0 bytes to the right of [ 14.599492] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.599852] [ 14.599922] The buggy address belongs to the physical page: [ 14.600099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.600466] flags: 0x200000000000000(node=0|zone=2) [ 14.600750] page_type: f5(slab) [ 14.600916] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.601268] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.601673] page dumped because: kasan: bad access detected [ 14.602047] [ 14.602166] Memory state around the buggy address: [ 14.602457] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.602864] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.603199] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.603555] ^ [ 14.603826] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.604078] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.604341] ================================================================== [ 15.277148] ================================================================== [ 15.277842] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 15.278530] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.279172] [ 15.279351] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.279422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.279434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.279457] Call Trace: [ 15.279476] <TASK> [ 15.279505] dump_stack_lvl+0x73/0xb0 [ 15.279534] print_report+0xd1/0x650 [ 15.279557] ? __virt_addr_valid+0x1db/0x2d0 [ 15.279592] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.279614] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.279636] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.279658] kasan_report+0x141/0x180 [ 15.279680] ? kasan_atomics_helper+0x4fb2/0x5450 [ 15.279706] __asan_report_load8_noabort+0x18/0x20 [ 15.279730] kasan_atomics_helper+0x4fb2/0x5450 [ 15.279753] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.279775] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.279799] ? kasan_atomics+0x152/0x310 [ 15.279826] kasan_atomics+0x1dc/0x310 [ 15.279848] ? __pfx_kasan_atomics+0x10/0x10 [ 15.279873] ? __pfx_read_tsc+0x10/0x10 [ 15.279895] ? ktime_get_ts64+0x86/0x230 [ 15.279921] kunit_try_run_case+0x1a5/0x480 [ 15.279954] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.279977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.280000] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.280023] ? __kthread_parkme+0x82/0x180 [ 15.280044] ? preempt_count_sub+0x50/0x80 [ 15.280068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.280092] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.280115] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.280138] kthread+0x337/0x6f0 [ 15.280158] ? trace_preempt_on+0x20/0xc0 [ 15.280183] ? __pfx_kthread+0x10/0x10 [ 15.280204] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.280226] ? calculate_sigpending+0x7b/0xa0 [ 15.280250] ? __pfx_kthread+0x10/0x10 [ 15.280272] ret_from_fork+0x116/0x1d0 [ 15.280291] ? __pfx_kthread+0x10/0x10 [ 15.280311] ret_from_fork_asm+0x1a/0x30 [ 15.280343] </TASK> [ 15.280355] [ 15.292051] Allocated by task 290: [ 15.292412] kasan_save_stack+0x45/0x70 [ 15.292719] kasan_save_track+0x18/0x40 [ 15.292854] kasan_save_alloc_info+0x3b/0x50 [ 15.293008] __kasan_kmalloc+0xb7/0xc0 [ 15.293135] __kmalloc_cache_noprof+0x189/0x420 [ 15.293281] kasan_atomics+0x95/0x310 [ 15.293501] kunit_try_run_case+0x1a5/0x480 [ 15.293886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.294403] kthread+0x337/0x6f0 [ 15.294712] ret_from_fork+0x116/0x1d0 [ 15.295063] ret_from_fork_asm+0x1a/0x30 [ 15.295439] [ 15.295601] The buggy address belongs to the object at ffff8881028d8d80 [ 15.295601] which belongs to the cache kmalloc-64 of size 64 [ 15.296664] The buggy address is located 0 bytes to the right of [ 15.296664] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.297580] [ 15.297652] The buggy address belongs to the physical page: [ 15.297826] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.298072] flags: 0x200000000000000(node=0|zone=2) [ 15.298228] page_type: f5(slab) [ 15.298346] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.299036] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.299699] page dumped because: kasan: bad access detected [ 15.300181] [ 15.300350] Memory state around the buggy address: [ 15.300787] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.301417] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.302044] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.302659] ^ [ 15.302964] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.303174] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.303401] ================================================================== [ 14.407889] ================================================================== [ 14.408149] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.408380] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.408659] [ 14.408746] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.408794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.408807] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.408831] Call Trace: [ 14.408851] <TASK> [ 14.408872] dump_stack_lvl+0x73/0xb0 [ 14.408900] print_report+0xd1/0x650 [ 14.408922] ? __virt_addr_valid+0x1db/0x2d0 [ 14.408956] ? kasan_atomics_helper+0xde0/0x5450 [ 14.408977] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.409000] ? kasan_atomics_helper+0xde0/0x5450 [ 14.409024] kasan_report+0x141/0x180 [ 14.409047] ? kasan_atomics_helper+0xde0/0x5450 [ 14.409075] kasan_check_range+0x10c/0x1c0 [ 14.409098] __kasan_check_write+0x18/0x20 [ 14.409118] kasan_atomics_helper+0xde0/0x5450 [ 14.409140] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.409162] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.409188] ? kasan_atomics+0x152/0x310 [ 14.409215] kasan_atomics+0x1dc/0x310 [ 14.409238] ? __pfx_kasan_atomics+0x10/0x10 [ 14.409263] ? __pfx_read_tsc+0x10/0x10 [ 14.409285] ? ktime_get_ts64+0x86/0x230 [ 14.409312] kunit_try_run_case+0x1a5/0x480 [ 14.409338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.409360] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.409383] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.409419] ? __kthread_parkme+0x82/0x180 [ 14.409440] ? preempt_count_sub+0x50/0x80 [ 14.409465] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.409500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.409523] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.409549] kthread+0x337/0x6f0 [ 14.409568] ? trace_preempt_on+0x20/0xc0 [ 14.409603] ? __pfx_kthread+0x10/0x10 [ 14.409624] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.409646] ? calculate_sigpending+0x7b/0xa0 [ 14.409685] ? __pfx_kthread+0x10/0x10 [ 14.409707] ret_from_fork+0x116/0x1d0 [ 14.409726] ? __pfx_kthread+0x10/0x10 [ 14.409747] ret_from_fork_asm+0x1a/0x30 [ 14.409778] </TASK> [ 14.409790] [ 14.417371] Allocated by task 290: [ 14.417500] kasan_save_stack+0x45/0x70 [ 14.417639] kasan_save_track+0x18/0x40 [ 14.417780] kasan_save_alloc_info+0x3b/0x50 [ 14.418030] __kasan_kmalloc+0xb7/0xc0 [ 14.418209] __kmalloc_cache_noprof+0x189/0x420 [ 14.418425] kasan_atomics+0x95/0x310 [ 14.418686] kunit_try_run_case+0x1a5/0x480 [ 14.418898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.419077] kthread+0x337/0x6f0 [ 14.419192] ret_from_fork+0x116/0x1d0 [ 14.419352] ret_from_fork_asm+0x1a/0x30 [ 14.419557] [ 14.419649] The buggy address belongs to the object at ffff8881028d8d80 [ 14.419649] which belongs to the cache kmalloc-64 of size 64 [ 14.420206] The buggy address is located 0 bytes to the right of [ 14.420206] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.420805] [ 14.420874] The buggy address belongs to the physical page: [ 14.421052] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.421286] flags: 0x200000000000000(node=0|zone=2) [ 14.421493] page_type: f5(slab) [ 14.421654] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.422039] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.422354] page dumped because: kasan: bad access detected [ 14.422518] [ 14.422582] Memory state around the buggy address: [ 14.422727] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.422943] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.423199] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.423671] ^ [ 14.423899] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.424784] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.425274] ================================================================== [ 14.509297] ================================================================== [ 14.509820] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.510153] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.510546] [ 14.510712] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.510757] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.510769] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.510789] Call Trace: [ 14.510803] <TASK> [ 14.510818] dump_stack_lvl+0x73/0xb0 [ 14.510844] print_report+0xd1/0x650 [ 14.510866] ? __virt_addr_valid+0x1db/0x2d0 [ 14.510888] ? kasan_atomics_helper+0x1079/0x5450 [ 14.510909] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.510942] ? kasan_atomics_helper+0x1079/0x5450 [ 14.510965] kasan_report+0x141/0x180 [ 14.510986] ? kasan_atomics_helper+0x1079/0x5450 [ 14.511012] kasan_check_range+0x10c/0x1c0 [ 14.511036] __kasan_check_write+0x18/0x20 [ 14.511055] kasan_atomics_helper+0x1079/0x5450 [ 14.511078] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.511100] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.511125] ? kasan_atomics+0x152/0x310 [ 14.511152] kasan_atomics+0x1dc/0x310 [ 14.511174] ? __pfx_kasan_atomics+0x10/0x10 [ 14.511199] ? __pfx_read_tsc+0x10/0x10 [ 14.511219] ? ktime_get_ts64+0x86/0x230 [ 14.511243] kunit_try_run_case+0x1a5/0x480 [ 14.511267] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.511290] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.511311] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.511335] ? __kthread_parkme+0x82/0x180 [ 14.511355] ? preempt_count_sub+0x50/0x80 [ 14.511378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.511402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.511425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.511448] kthread+0x337/0x6f0 [ 14.511468] ? trace_preempt_on+0x20/0xc0 [ 14.511491] ? __pfx_kthread+0x10/0x10 [ 14.511525] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.511546] ? calculate_sigpending+0x7b/0xa0 [ 14.511570] ? __pfx_kthread+0x10/0x10 [ 14.511591] ret_from_fork+0x116/0x1d0 [ 14.511610] ? __pfx_kthread+0x10/0x10 [ 14.511631] ret_from_fork_asm+0x1a/0x30 [ 14.511663] </TASK> [ 14.511673] [ 14.518807] Allocated by task 290: [ 14.518990] kasan_save_stack+0x45/0x70 [ 14.519187] kasan_save_track+0x18/0x40 [ 14.519371] kasan_save_alloc_info+0x3b/0x50 [ 14.519586] __kasan_kmalloc+0xb7/0xc0 [ 14.519746] __kmalloc_cache_noprof+0x189/0x420 [ 14.519951] kasan_atomics+0x95/0x310 [ 14.520129] kunit_try_run_case+0x1a5/0x480 [ 14.520310] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.520557] kthread+0x337/0x6f0 [ 14.520709] ret_from_fork+0x116/0x1d0 [ 14.520848] ret_from_fork_asm+0x1a/0x30 [ 14.521037] [ 14.521126] The buggy address belongs to the object at ffff8881028d8d80 [ 14.521126] which belongs to the cache kmalloc-64 of size 64 [ 14.521608] The buggy address is located 0 bytes to the right of [ 14.521608] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.521975] [ 14.522042] The buggy address belongs to the physical page: [ 14.522206] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.522476] flags: 0x200000000000000(node=0|zone=2) [ 14.522696] page_type: f5(slab) [ 14.522876] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.523214] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.523656] page dumped because: kasan: bad access detected [ 14.523893] [ 14.524038] Memory state around the buggy address: [ 14.524202] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.524475] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.524789] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.525113] ^ [ 14.525321] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.525607] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.525852] ================================================================== [ 14.605175] ================================================================== [ 14.605523] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.605921] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.606153] [ 14.606234] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.606280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.606292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.606313] Call Trace: [ 14.606333] <TASK> [ 14.606351] dump_stack_lvl+0x73/0xb0 [ 14.606379] print_report+0xd1/0x650 [ 14.606402] ? __virt_addr_valid+0x1db/0x2d0 [ 14.606425] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.606456] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.606479] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.606501] kasan_report+0x141/0x180 [ 14.606523] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.606549] __asan_report_load4_noabort+0x18/0x20 [ 14.606573] kasan_atomics_helper+0x49e8/0x5450 [ 14.606596] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.606617] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.606643] ? kasan_atomics+0x152/0x310 [ 14.606669] kasan_atomics+0x1dc/0x310 [ 14.606691] ? __pfx_kasan_atomics+0x10/0x10 [ 14.606715] ? __pfx_read_tsc+0x10/0x10 [ 14.606736] ? ktime_get_ts64+0x86/0x230 [ 14.606762] kunit_try_run_case+0x1a5/0x480 [ 14.606787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.606809] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.606870] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.606893] ? __kthread_parkme+0x82/0x180 [ 14.606914] ? preempt_count_sub+0x50/0x80 [ 14.606959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.606983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.607006] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.607030] kthread+0x337/0x6f0 [ 14.607079] ? trace_preempt_on+0x20/0xc0 [ 14.607105] ? __pfx_kthread+0x10/0x10 [ 14.607126] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.607158] ? calculate_sigpending+0x7b/0xa0 [ 14.607184] ? __pfx_kthread+0x10/0x10 [ 14.607205] ret_from_fork+0x116/0x1d0 [ 14.607224] ? __pfx_kthread+0x10/0x10 [ 14.607245] ret_from_fork_asm+0x1a/0x30 [ 14.607276] </TASK> [ 14.607287] [ 14.615378] Allocated by task 290: [ 14.615642] kasan_save_stack+0x45/0x70 [ 14.615871] kasan_save_track+0x18/0x40 [ 14.616059] kasan_save_alloc_info+0x3b/0x50 [ 14.616206] __kasan_kmalloc+0xb7/0xc0 [ 14.616334] __kmalloc_cache_noprof+0x189/0x420 [ 14.616756] kasan_atomics+0x95/0x310 [ 14.616949] kunit_try_run_case+0x1a5/0x480 [ 14.617189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.617567] kthread+0x337/0x6f0 [ 14.617791] ret_from_fork+0x116/0x1d0 [ 14.618052] ret_from_fork_asm+0x1a/0x30 [ 14.618268] [ 14.618369] The buggy address belongs to the object at ffff8881028d8d80 [ 14.618369] which belongs to the cache kmalloc-64 of size 64 [ 14.618800] The buggy address is located 0 bytes to the right of [ 14.618800] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.619257] [ 14.619354] The buggy address belongs to the physical page: [ 14.619652] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.620082] flags: 0x200000000000000(node=0|zone=2) [ 14.620266] page_type: f5(slab) [ 14.620386] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.620720] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.621033] page dumped because: kasan: bad access detected [ 14.621214] [ 14.621277] Memory state around the buggy address: [ 14.621553] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.621896] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.622216] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.622519] ^ [ 14.622789] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.623153] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.623463] ================================================================== [ 14.965203] ================================================================== [ 14.965856] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 14.966510] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.966981] [ 14.967063] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.967108] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.967120] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.967142] Call Trace: [ 14.967158] <TASK> [ 14.967174] dump_stack_lvl+0x73/0xb0 [ 14.967202] print_report+0xd1/0x650 [ 14.967223] ? __virt_addr_valid+0x1db/0x2d0 [ 14.967245] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.967267] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.967289] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.967311] kasan_report+0x141/0x180 [ 14.967333] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.967358] kasan_check_range+0x10c/0x1c0 [ 14.967408] __kasan_check_write+0x18/0x20 [ 14.967429] kasan_atomics_helper+0x1a7f/0x5450 [ 14.967452] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.967473] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.967498] ? kasan_atomics+0x152/0x310 [ 14.967524] kasan_atomics+0x1dc/0x310 [ 14.967548] ? __pfx_kasan_atomics+0x10/0x10 [ 14.967572] ? __pfx_read_tsc+0x10/0x10 [ 14.967593] ? ktime_get_ts64+0x86/0x230 [ 14.967618] kunit_try_run_case+0x1a5/0x480 [ 14.967642] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.967664] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.967686] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.967709] ? __kthread_parkme+0x82/0x180 [ 14.967728] ? preempt_count_sub+0x50/0x80 [ 14.967751] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.967774] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.967797] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.967820] kthread+0x337/0x6f0 [ 14.967841] ? trace_preempt_on+0x20/0xc0 [ 14.967865] ? __pfx_kthread+0x10/0x10 [ 14.967886] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.967907] ? calculate_sigpending+0x7b/0xa0 [ 14.967939] ? __pfx_kthread+0x10/0x10 [ 14.967962] ret_from_fork+0x116/0x1d0 [ 14.967981] ? __pfx_kthread+0x10/0x10 [ 14.968001] ret_from_fork_asm+0x1a/0x30 [ 14.968032] </TASK> [ 14.968044] [ 14.979916] Allocated by task 290: [ 14.980048] kasan_save_stack+0x45/0x70 [ 14.980184] kasan_save_track+0x18/0x40 [ 14.980312] kasan_save_alloc_info+0x3b/0x50 [ 14.980642] __kasan_kmalloc+0xb7/0xc0 [ 14.980983] __kmalloc_cache_noprof+0x189/0x420 [ 14.981365] kasan_atomics+0x95/0x310 [ 14.981735] kunit_try_run_case+0x1a5/0x480 [ 14.982107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.982590] kthread+0x337/0x6f0 [ 14.982888] ret_from_fork+0x116/0x1d0 [ 14.983229] ret_from_fork_asm+0x1a/0x30 [ 14.983593] [ 14.983750] The buggy address belongs to the object at ffff8881028d8d80 [ 14.983750] which belongs to the cache kmalloc-64 of size 64 [ 14.984788] The buggy address is located 0 bytes to the right of [ 14.984788] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.985237] [ 14.985305] The buggy address belongs to the physical page: [ 14.985478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.985720] flags: 0x200000000000000(node=0|zone=2) [ 14.985875] page_type: f5(slab) [ 14.986107] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.986776] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.987505] page dumped because: kasan: bad access detected [ 14.988028] [ 14.988176] Memory state around the buggy address: [ 14.988572] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.989187] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.990412] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.990763] ^ [ 14.991006] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.991316] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.991637] ================================================================== [ 15.372715] ================================================================== [ 15.373067] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 15.373404] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.373812] [ 15.373918] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.373975] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.373988] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.374009] Call Trace: [ 15.374026] <TASK> [ 15.374044] dump_stack_lvl+0x73/0xb0 [ 15.374073] print_report+0xd1/0x650 [ 15.374096] ? __virt_addr_valid+0x1db/0x2d0 [ 15.374120] ? kasan_atomics_helper+0x5115/0x5450 [ 15.374141] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.374164] ? kasan_atomics_helper+0x5115/0x5450 [ 15.374185] kasan_report+0x141/0x180 [ 15.374208] ? kasan_atomics_helper+0x5115/0x5450 [ 15.374234] __asan_report_load8_noabort+0x18/0x20 [ 15.374259] kasan_atomics_helper+0x5115/0x5450 [ 15.374282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.374304] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.374328] ? kasan_atomics+0x152/0x310 [ 15.374354] kasan_atomics+0x1dc/0x310 [ 15.374377] ? __pfx_kasan_atomics+0x10/0x10 [ 15.374401] ? __pfx_read_tsc+0x10/0x10 [ 15.374423] ? ktime_get_ts64+0x86/0x230 [ 15.374449] kunit_try_run_case+0x1a5/0x480 [ 15.374473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.374495] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.374519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.374542] ? __kthread_parkme+0x82/0x180 [ 15.374563] ? preempt_count_sub+0x50/0x80 [ 15.374587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.374621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.374644] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.374668] kthread+0x337/0x6f0 [ 15.374688] ? trace_preempt_on+0x20/0xc0 [ 15.374712] ? __pfx_kthread+0x10/0x10 [ 15.374733] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.374754] ? calculate_sigpending+0x7b/0xa0 [ 15.374779] ? __pfx_kthread+0x10/0x10 [ 15.374801] ret_from_fork+0x116/0x1d0 [ 15.374819] ? __pfx_kthread+0x10/0x10 [ 15.374840] ret_from_fork_asm+0x1a/0x30 [ 15.374871] </TASK> [ 15.374883] [ 15.381744] Allocated by task 290: [ 15.381918] kasan_save_stack+0x45/0x70 [ 15.382118] kasan_save_track+0x18/0x40 [ 15.382304] kasan_save_alloc_info+0x3b/0x50 [ 15.382503] __kasan_kmalloc+0xb7/0xc0 [ 15.382681] __kmalloc_cache_noprof+0x189/0x420 [ 15.383029] kasan_atomics+0x95/0x310 [ 15.383157] kunit_try_run_case+0x1a5/0x480 [ 15.383298] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.383694] kthread+0x337/0x6f0 [ 15.383855] ret_from_fork+0x116/0x1d0 [ 15.384042] ret_from_fork_asm+0x1a/0x30 [ 15.384222] [ 15.384288] The buggy address belongs to the object at ffff8881028d8d80 [ 15.384288] which belongs to the cache kmalloc-64 of size 64 [ 15.384882] The buggy address is located 0 bytes to the right of [ 15.384882] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.385245] [ 15.385312] The buggy address belongs to the physical page: [ 15.385476] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.385711] flags: 0x200000000000000(node=0|zone=2) [ 15.385863] page_type: f5(slab) [ 15.386006] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.386361] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.386691] page dumped because: kasan: bad access detected [ 15.386942] [ 15.387032] Memory state around the buggy address: [ 15.387252] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.387800] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.388073] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.388278] ^ [ 15.388529] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.388845] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.389170] ================================================================== [ 14.852910] ================================================================== [ 14.853268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 14.853874] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.854112] [ 14.854196] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.854242] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.854255] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.854277] Call Trace: [ 14.854296] <TASK> [ 14.854316] dump_stack_lvl+0x73/0xb0 [ 14.854347] print_report+0xd1/0x650 [ 14.854369] ? __virt_addr_valid+0x1db/0x2d0 [ 14.854403] ? kasan_atomics_helper+0x177f/0x5450 [ 14.854425] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.854448] ? kasan_atomics_helper+0x177f/0x5450 [ 14.854470] kasan_report+0x141/0x180 [ 14.854492] ? kasan_atomics_helper+0x177f/0x5450 [ 14.854518] kasan_check_range+0x10c/0x1c0 [ 14.854543] __kasan_check_write+0x18/0x20 [ 14.854562] kasan_atomics_helper+0x177f/0x5450 [ 14.854585] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.854608] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.854632] ? kasan_atomics+0x152/0x310 [ 14.854659] kasan_atomics+0x1dc/0x310 [ 14.854682] ? __pfx_kasan_atomics+0x10/0x10 [ 14.854707] ? __pfx_read_tsc+0x10/0x10 [ 14.854728] ? ktime_get_ts64+0x86/0x230 [ 14.854755] kunit_try_run_case+0x1a5/0x480 [ 14.854779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.854802] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.854825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.854848] ? __kthread_parkme+0x82/0x180 [ 14.854869] ? preempt_count_sub+0x50/0x80 [ 14.854893] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.854917] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.854952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.854976] kthread+0x337/0x6f0 [ 14.854996] ? trace_preempt_on+0x20/0xc0 [ 14.855021] ? __pfx_kthread+0x10/0x10 [ 14.855044] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.855065] ? calculate_sigpending+0x7b/0xa0 [ 14.855090] ? __pfx_kthread+0x10/0x10 [ 14.855111] ret_from_fork+0x116/0x1d0 [ 14.855130] ? __pfx_kthread+0x10/0x10 [ 14.855150] ret_from_fork_asm+0x1a/0x30 [ 14.855181] </TASK> [ 14.855194] [ 14.862692] Allocated by task 290: [ 14.862837] kasan_save_stack+0x45/0x70 [ 14.862983] kasan_save_track+0x18/0x40 [ 14.863114] kasan_save_alloc_info+0x3b/0x50 [ 14.863255] __kasan_kmalloc+0xb7/0xc0 [ 14.863381] __kmalloc_cache_noprof+0x189/0x420 [ 14.863600] kasan_atomics+0x95/0x310 [ 14.863785] kunit_try_run_case+0x1a5/0x480 [ 14.863996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.864387] kthread+0x337/0x6f0 [ 14.864553] ret_from_fork+0x116/0x1d0 [ 14.864739] ret_from_fork_asm+0x1a/0x30 [ 14.864923] [ 14.865027] The buggy address belongs to the object at ffff8881028d8d80 [ 14.865027] which belongs to the cache kmalloc-64 of size 64 [ 14.865426] The buggy address is located 0 bytes to the right of [ 14.865426] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.865992] [ 14.866074] The buggy address belongs to the physical page: [ 14.866298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.866613] flags: 0x200000000000000(node=0|zone=2) [ 14.866835] page_type: f5(slab) [ 14.866993] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.867287] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.867614] page dumped because: kasan: bad access detected [ 14.867821] [ 14.867908] Memory state around the buggy address: [ 14.868109] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.868401] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.868664] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.868940] ^ [ 14.869129] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.869335] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.869628] ================================================================== [ 14.526300] ================================================================== [ 14.526702] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.527021] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.527236] [ 14.527310] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.527350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.527362] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.527382] Call Trace: [ 14.527403] <TASK> [ 14.527419] dump_stack_lvl+0x73/0xb0 [ 14.527444] print_report+0xd1/0x650 [ 14.527466] ? __virt_addr_valid+0x1db/0x2d0 [ 14.527488] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.527509] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.527531] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.527553] kasan_report+0x141/0x180 [ 14.527575] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.527601] __asan_report_load4_noabort+0x18/0x20 [ 14.527626] kasan_atomics_helper+0x4a1c/0x5450 [ 14.527649] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.527671] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.527695] ? kasan_atomics+0x152/0x310 [ 14.527722] kasan_atomics+0x1dc/0x310 [ 14.527744] ? __pfx_kasan_atomics+0x10/0x10 [ 14.527768] ? __pfx_read_tsc+0x10/0x10 [ 14.527789] ? ktime_get_ts64+0x86/0x230 [ 14.527815] kunit_try_run_case+0x1a5/0x480 [ 14.527838] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.527860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.527883] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.527906] ? __kthread_parkme+0x82/0x180 [ 14.527926] ? preempt_count_sub+0x50/0x80 [ 14.527959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.527983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.528008] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.528031] kthread+0x337/0x6f0 [ 14.528051] ? trace_preempt_on+0x20/0xc0 [ 14.528075] ? __pfx_kthread+0x10/0x10 [ 14.528095] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.528116] ? calculate_sigpending+0x7b/0xa0 [ 14.528140] ? __pfx_kthread+0x10/0x10 [ 14.528162] ret_from_fork+0x116/0x1d0 [ 14.528181] ? __pfx_kthread+0x10/0x10 [ 14.528201] ret_from_fork_asm+0x1a/0x30 [ 14.528232] </TASK> [ 14.528242] [ 14.535284] Allocated by task 290: [ 14.535449] kasan_save_stack+0x45/0x70 [ 14.535666] kasan_save_track+0x18/0x40 [ 14.535859] kasan_save_alloc_info+0x3b/0x50 [ 14.536071] __kasan_kmalloc+0xb7/0xc0 [ 14.536257] __kmalloc_cache_noprof+0x189/0x420 [ 14.536526] kasan_atomics+0x95/0x310 [ 14.536654] kunit_try_run_case+0x1a5/0x480 [ 14.536793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.537040] kthread+0x337/0x6f0 [ 14.537226] ret_from_fork+0x116/0x1d0 [ 14.537437] ret_from_fork_asm+0x1a/0x30 [ 14.537600] [ 14.537666] The buggy address belongs to the object at ffff8881028d8d80 [ 14.537666] which belongs to the cache kmalloc-64 of size 64 [ 14.538025] The buggy address is located 0 bytes to the right of [ 14.538025] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.538379] [ 14.538475] The buggy address belongs to the physical page: [ 14.538719] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.539070] flags: 0x200000000000000(node=0|zone=2) [ 14.539319] page_type: f5(slab) [ 14.539601] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.539941] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.540263] page dumped because: kasan: bad access detected [ 14.540582] [ 14.540648] Memory state around the buggy address: [ 14.540796] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.541018] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.541227] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.541557] ^ [ 14.541786] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.542155] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.542553] ================================================================== [ 14.253562] ================================================================== [ 14.253829] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 14.254429] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.255230] [ 14.255410] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.255481] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.255494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.255516] Call Trace: [ 14.255547] <TASK> [ 14.255564] dump_stack_lvl+0x73/0xb0 [ 14.255595] print_report+0xd1/0x650 [ 14.255617] ? __virt_addr_valid+0x1db/0x2d0 [ 14.255641] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.255663] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.255698] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.255721] kasan_report+0x141/0x180 [ 14.255743] ? kasan_atomics_helper+0xa2b/0x5450 [ 14.255769] kasan_check_range+0x10c/0x1c0 [ 14.255793] __kasan_check_write+0x18/0x20 [ 14.255813] kasan_atomics_helper+0xa2b/0x5450 [ 14.255836] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.255858] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.255883] ? kasan_atomics+0x152/0x310 [ 14.255910] kasan_atomics+0x1dc/0x310 [ 14.255944] ? __pfx_kasan_atomics+0x10/0x10 [ 14.255968] ? __pfx_read_tsc+0x10/0x10 [ 14.255990] ? ktime_get_ts64+0x86/0x230 [ 14.256017] kunit_try_run_case+0x1a5/0x480 [ 14.256041] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.256063] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.256086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.256109] ? __kthread_parkme+0x82/0x180 [ 14.256130] ? preempt_count_sub+0x50/0x80 [ 14.256153] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.256179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.256202] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.256226] kthread+0x337/0x6f0 [ 14.256246] ? trace_preempt_on+0x20/0xc0 [ 14.256270] ? __pfx_kthread+0x10/0x10 [ 14.256291] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.256312] ? calculate_sigpending+0x7b/0xa0 [ 14.256337] ? __pfx_kthread+0x10/0x10 [ 14.256359] ret_from_fork+0x116/0x1d0 [ 14.256378] ? __pfx_kthread+0x10/0x10 [ 14.256469] ret_from_fork_asm+0x1a/0x30 [ 14.256503] </TASK> [ 14.256514] [ 14.267301] Allocated by task 290: [ 14.267468] kasan_save_stack+0x45/0x70 [ 14.267692] kasan_save_track+0x18/0x40 [ 14.268039] kasan_save_alloc_info+0x3b/0x50 [ 14.268309] __kasan_kmalloc+0xb7/0xc0 [ 14.268483] __kmalloc_cache_noprof+0x189/0x420 [ 14.268730] kasan_atomics+0x95/0x310 [ 14.268899] kunit_try_run_case+0x1a5/0x480 [ 14.269142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.269521] kthread+0x337/0x6f0 [ 14.269841] ret_from_fork+0x116/0x1d0 [ 14.270095] ret_from_fork_asm+0x1a/0x30 [ 14.270291] [ 14.270382] The buggy address belongs to the object at ffff8881028d8d80 [ 14.270382] which belongs to the cache kmalloc-64 of size 64 [ 14.270910] The buggy address is located 0 bytes to the right of [ 14.270910] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.271379] [ 14.271451] The buggy address belongs to the physical page: [ 14.271618] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.272094] flags: 0x200000000000000(node=0|zone=2) [ 14.272377] page_type: f5(slab) [ 14.272617] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.272969] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.273225] page dumped because: kasan: bad access detected [ 14.273676] [ 14.273784] Memory state around the buggy address: [ 14.274065] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.274391] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.274714] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.275067] ^ [ 14.275277] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.275774] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.276280] ================================================================== [ 14.344882] ================================================================== [ 14.345668] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 14.346104] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.346330] [ 14.346641] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.346698] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.346711] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.346733] Call Trace: [ 14.346749] <TASK> [ 14.346765] dump_stack_lvl+0x73/0xb0 [ 14.346793] print_report+0xd1/0x650 [ 14.346815] ? __virt_addr_valid+0x1db/0x2d0 [ 14.346838] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.346859] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.346882] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.346903] kasan_report+0x141/0x180 [ 14.346925] ? kasan_atomics_helper+0x4a84/0x5450 [ 14.347227] __asan_report_load4_noabort+0x18/0x20 [ 14.347254] kasan_atomics_helper+0x4a84/0x5450 [ 14.347290] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.347313] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.347394] ? kasan_atomics+0x152/0x310 [ 14.347422] kasan_atomics+0x1dc/0x310 [ 14.347445] ? __pfx_kasan_atomics+0x10/0x10 [ 14.347468] ? __pfx_read_tsc+0x10/0x10 [ 14.347490] ? ktime_get_ts64+0x86/0x230 [ 14.347515] kunit_try_run_case+0x1a5/0x480 [ 14.347539] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.347561] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.347584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.347606] ? __kthread_parkme+0x82/0x180 [ 14.347626] ? preempt_count_sub+0x50/0x80 [ 14.347649] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.347673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.347695] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.347719] kthread+0x337/0x6f0 [ 14.347739] ? trace_preempt_on+0x20/0xc0 [ 14.347762] ? __pfx_kthread+0x10/0x10 [ 14.347783] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.347803] ? calculate_sigpending+0x7b/0xa0 [ 14.347826] ? __pfx_kthread+0x10/0x10 [ 14.347848] ret_from_fork+0x116/0x1d0 [ 14.347867] ? __pfx_kthread+0x10/0x10 [ 14.347888] ret_from_fork_asm+0x1a/0x30 [ 14.347919] </TASK> [ 14.347941] [ 14.363905] Allocated by task 290: [ 14.364406] kasan_save_stack+0x45/0x70 [ 14.364771] kasan_save_track+0x18/0x40 [ 14.364915] kasan_save_alloc_info+0x3b/0x50 [ 14.365071] __kasan_kmalloc+0xb7/0xc0 [ 14.365200] __kmalloc_cache_noprof+0x189/0x420 [ 14.365349] kasan_atomics+0x95/0x310 [ 14.366181] kunit_try_run_case+0x1a5/0x480 [ 14.366785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.367493] kthread+0x337/0x6f0 [ 14.367948] ret_from_fork+0x116/0x1d0 [ 14.368506] ret_from_fork_asm+0x1a/0x30 [ 14.369018] [ 14.369322] The buggy address belongs to the object at ffff8881028d8d80 [ 14.369322] which belongs to the cache kmalloc-64 of size 64 [ 14.370831] The buggy address is located 0 bytes to the right of [ 14.370831] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.372406] [ 14.372798] The buggy address belongs to the physical page: [ 14.373231] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.373993] flags: 0x200000000000000(node=0|zone=2) [ 14.374563] page_type: f5(slab) [ 14.374693] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.374920] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.375172] page dumped because: kasan: bad access detected [ 14.375531] [ 14.375696] Memory state around the buggy address: [ 14.376014] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.376355] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.376990] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.377432] ^ [ 14.377810] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.378214] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.378549] ================================================================== [ 14.870366] ================================================================== [ 14.870703] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 14.870993] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.871318] [ 14.871406] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.871453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.871465] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.871487] Call Trace: [ 14.871505] <TASK> [ 14.871524] dump_stack_lvl+0x73/0xb0 [ 14.871553] print_report+0xd1/0x650 [ 14.871575] ? __virt_addr_valid+0x1db/0x2d0 [ 14.871598] ? kasan_atomics_helper+0x1818/0x5450 [ 14.871619] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.871641] ? kasan_atomics_helper+0x1818/0x5450 [ 14.871663] kasan_report+0x141/0x180 [ 14.871685] ? kasan_atomics_helper+0x1818/0x5450 [ 14.871712] kasan_check_range+0x10c/0x1c0 [ 14.871735] __kasan_check_write+0x18/0x20 [ 14.871755] kasan_atomics_helper+0x1818/0x5450 [ 14.871777] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.871799] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.871823] ? kasan_atomics+0x152/0x310 [ 14.871849] kasan_atomics+0x1dc/0x310 [ 14.871872] ? __pfx_kasan_atomics+0x10/0x10 [ 14.871896] ? __pfx_read_tsc+0x10/0x10 [ 14.871917] ? ktime_get_ts64+0x86/0x230 [ 14.871955] kunit_try_run_case+0x1a5/0x480 [ 14.871980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.872002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.872025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.872048] ? __kthread_parkme+0x82/0x180 [ 14.872069] ? preempt_count_sub+0x50/0x80 [ 14.872093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.872116] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.872139] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.872163] kthread+0x337/0x6f0 [ 14.872182] ? trace_preempt_on+0x20/0xc0 [ 14.872207] ? __pfx_kthread+0x10/0x10 [ 14.872227] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.872248] ? calculate_sigpending+0x7b/0xa0 [ 14.872273] ? __pfx_kthread+0x10/0x10 [ 14.872295] ret_from_fork+0x116/0x1d0 [ 14.872314] ? __pfx_kthread+0x10/0x10 [ 14.872334] ret_from_fork_asm+0x1a/0x30 [ 14.872365] </TASK> [ 14.872377] [ 14.879617] Allocated by task 290: [ 14.879742] kasan_save_stack+0x45/0x70 [ 14.879880] kasan_save_track+0x18/0x40 [ 14.880021] kasan_save_alloc_info+0x3b/0x50 [ 14.880167] __kasan_kmalloc+0xb7/0xc0 [ 14.880292] __kmalloc_cache_noprof+0x189/0x420 [ 14.880479] kasan_atomics+0x95/0x310 [ 14.880665] kunit_try_run_case+0x1a5/0x480 [ 14.880863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.881114] kthread+0x337/0x6f0 [ 14.881277] ret_from_fork+0x116/0x1d0 [ 14.881455] ret_from_fork_asm+0x1a/0x30 [ 14.881643] [ 14.881738] The buggy address belongs to the object at ffff8881028d8d80 [ 14.881738] which belongs to the cache kmalloc-64 of size 64 [ 14.882184] The buggy address is located 0 bytes to the right of [ 14.882184] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.882539] [ 14.882606] The buggy address belongs to the physical page: [ 14.882769] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.883900] flags: 0x200000000000000(node=0|zone=2) [ 14.884156] page_type: f5(slab) [ 14.884318] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.884983] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.885320] page dumped because: kasan: bad access detected [ 14.885847] [ 14.886095] Memory state around the buggy address: [ 14.886332] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.886893] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.887210] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.887662] ^ [ 14.888106] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.888597] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.888880] ================================================================== [ 14.796874] ================================================================== [ 14.797195] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.797518] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.797823] [ 14.797905] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.797961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.797973] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.797995] Call Trace: [ 14.798013] <TASK> [ 14.798030] dump_stack_lvl+0x73/0xb0 [ 14.798058] print_report+0xd1/0x650 [ 14.798079] ? __virt_addr_valid+0x1db/0x2d0 [ 14.798102] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.798123] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.798146] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.798168] kasan_report+0x141/0x180 [ 14.798190] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.798217] kasan_check_range+0x10c/0x1c0 [ 14.798240] __kasan_check_write+0x18/0x20 [ 14.798260] kasan_atomics_helper+0x15b6/0x5450 [ 14.798282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.798304] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.798330] ? kasan_atomics+0x152/0x310 [ 14.798356] kasan_atomics+0x1dc/0x310 [ 14.798379] ? __pfx_kasan_atomics+0x10/0x10 [ 14.798404] ? __pfx_read_tsc+0x10/0x10 [ 14.798427] ? ktime_get_ts64+0x86/0x230 [ 14.798453] kunit_try_run_case+0x1a5/0x480 [ 14.798478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.798501] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.798524] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.798558] ? __kthread_parkme+0x82/0x180 [ 14.798579] ? preempt_count_sub+0x50/0x80 [ 14.798603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.798627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.798650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.798673] kthread+0x337/0x6f0 [ 14.798693] ? trace_preempt_on+0x20/0xc0 [ 14.798718] ? __pfx_kthread+0x10/0x10 [ 14.798739] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.798760] ? calculate_sigpending+0x7b/0xa0 [ 14.798785] ? __pfx_kthread+0x10/0x10 [ 14.798806] ret_from_fork+0x116/0x1d0 [ 14.798826] ? __pfx_kthread+0x10/0x10 [ 14.798847] ret_from_fork_asm+0x1a/0x30 [ 14.798878] </TASK> [ 14.798889] [ 14.805878] Allocated by task 290: [ 14.806016] kasan_save_stack+0x45/0x70 [ 14.806152] kasan_save_track+0x18/0x40 [ 14.806334] kasan_save_alloc_info+0x3b/0x50 [ 14.806528] __kasan_kmalloc+0xb7/0xc0 [ 14.806705] __kmalloc_cache_noprof+0x189/0x420 [ 14.806914] kasan_atomics+0x95/0x310 [ 14.807293] kunit_try_run_case+0x1a5/0x480 [ 14.807494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.807732] kthread+0x337/0x6f0 [ 14.807864] ret_from_fork+0x116/0x1d0 [ 14.807998] ret_from_fork_asm+0x1a/0x30 [ 14.808127] [ 14.808193] The buggy address belongs to the object at ffff8881028d8d80 [ 14.808193] which belongs to the cache kmalloc-64 of size 64 [ 14.808620] The buggy address is located 0 bytes to the right of [ 14.808620] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.809174] [ 14.809270] The buggy address belongs to the physical page: [ 14.809523] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.809836] flags: 0x200000000000000(node=0|zone=2) [ 14.810051] page_type: f5(slab) [ 14.810200] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.810509] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.810800] page dumped because: kasan: bad access detected [ 14.810969] [ 14.811033] Memory state around the buggy address: [ 14.811178] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.811380] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.811681] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.811989] ^ [ 14.812206] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.812682] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.812916] ================================================================== [ 15.134119] ================================================================== [ 15.134893] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 15.135316] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.135693] [ 15.135873] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.136052] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.136068] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.136091] Call Trace: [ 15.136161] <TASK> [ 15.136182] dump_stack_lvl+0x73/0xb0 [ 15.136214] print_report+0xd1/0x650 [ 15.136237] ? __virt_addr_valid+0x1db/0x2d0 [ 15.136261] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.136282] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.136305] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.136327] kasan_report+0x141/0x180 [ 15.136349] ? kasan_atomics_helper+0x1eaa/0x5450 [ 15.136375] kasan_check_range+0x10c/0x1c0 [ 15.136399] __kasan_check_write+0x18/0x20 [ 15.136419] kasan_atomics_helper+0x1eaa/0x5450 [ 15.136441] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.136463] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.136487] ? kasan_atomics+0x152/0x310 [ 15.136513] kasan_atomics+0x1dc/0x310 [ 15.136535] ? __pfx_kasan_atomics+0x10/0x10 [ 15.136559] ? __pfx_read_tsc+0x10/0x10 [ 15.136581] ? ktime_get_ts64+0x86/0x230 [ 15.136608] kunit_try_run_case+0x1a5/0x480 [ 15.136632] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.136654] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.136677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.136699] ? __kthread_parkme+0x82/0x180 [ 15.136719] ? preempt_count_sub+0x50/0x80 [ 15.136743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.136766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.136789] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.136812] kthread+0x337/0x6f0 [ 15.136833] ? trace_preempt_on+0x20/0xc0 [ 15.136858] ? __pfx_kthread+0x10/0x10 [ 15.136879] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.136900] ? calculate_sigpending+0x7b/0xa0 [ 15.136924] ? __pfx_kthread+0x10/0x10 [ 15.136957] ret_from_fork+0x116/0x1d0 [ 15.136976] ? __pfx_kthread+0x10/0x10 [ 15.136998] ret_from_fork_asm+0x1a/0x30 [ 15.137028] </TASK> [ 15.137040] [ 15.146452] Allocated by task 290: [ 15.146644] kasan_save_stack+0x45/0x70 [ 15.146830] kasan_save_track+0x18/0x40 [ 15.146993] kasan_save_alloc_info+0x3b/0x50 [ 15.147206] __kasan_kmalloc+0xb7/0xc0 [ 15.147378] __kmalloc_cache_noprof+0x189/0x420 [ 15.147565] kasan_atomics+0x95/0x310 [ 15.147748] kunit_try_run_case+0x1a5/0x480 [ 15.148631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.148867] kthread+0x337/0x6f0 [ 15.149011] ret_from_fork+0x116/0x1d0 [ 15.149330] ret_from_fork_asm+0x1a/0x30 [ 15.149560] [ 15.149740] The buggy address belongs to the object at ffff8881028d8d80 [ 15.149740] which belongs to the cache kmalloc-64 of size 64 [ 15.150345] The buggy address is located 0 bytes to the right of [ 15.150345] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.151054] [ 15.151220] The buggy address belongs to the physical page: [ 15.151533] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.152001] flags: 0x200000000000000(node=0|zone=2) [ 15.152286] page_type: f5(slab) [ 15.152419] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.152982] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.153355] page dumped because: kasan: bad access detected [ 15.153642] [ 15.153940] Memory state around the buggy address: [ 15.154137] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.154565] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.154868] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.155279] ^ [ 15.155583] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.155836] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.156247] ================================================================== [ 14.057940] ================================================================== [ 14.058298] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 14.058733] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.059214] [ 14.059325] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.059458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.059476] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.059498] Call Trace: [ 14.059520] <TASK> [ 14.059542] dump_stack_lvl+0x73/0xb0 [ 14.059598] print_report+0xd1/0x650 [ 14.059624] ? __virt_addr_valid+0x1db/0x2d0 [ 14.059647] ? kasan_atomics_helper+0x565/0x5450 [ 14.059668] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.059691] ? kasan_atomics_helper+0x565/0x5450 [ 14.059712] kasan_report+0x141/0x180 [ 14.059735] ? kasan_atomics_helper+0x565/0x5450 [ 14.059760] kasan_check_range+0x10c/0x1c0 [ 14.059785] __kasan_check_write+0x18/0x20 [ 14.059805] kasan_atomics_helper+0x565/0x5450 [ 14.059827] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.059851] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.059877] ? kasan_atomics+0x152/0x310 [ 14.059903] kasan_atomics+0x1dc/0x310 [ 14.059940] ? __pfx_kasan_atomics+0x10/0x10 [ 14.059965] ? __pfx_read_tsc+0x10/0x10 [ 14.059987] ? ktime_get_ts64+0x86/0x230 [ 14.060013] kunit_try_run_case+0x1a5/0x480 [ 14.060038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.060062] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.060084] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.060107] ? __kthread_parkme+0x82/0x180 [ 14.060129] ? preempt_count_sub+0x50/0x80 [ 14.060173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.060197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.060220] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.060244] kthread+0x337/0x6f0 [ 14.060264] ? trace_preempt_on+0x20/0xc0 [ 14.060289] ? __pfx_kthread+0x10/0x10 [ 14.060310] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.060331] ? calculate_sigpending+0x7b/0xa0 [ 14.060355] ? __pfx_kthread+0x10/0x10 [ 14.060593] ret_from_fork+0x116/0x1d0 [ 14.060626] ? __pfx_kthread+0x10/0x10 [ 14.060649] ret_from_fork_asm+0x1a/0x30 [ 14.060681] </TASK> [ 14.060693] [ 14.074259] Allocated by task 290: [ 14.074661] kasan_save_stack+0x45/0x70 [ 14.075036] kasan_save_track+0x18/0x40 [ 14.075367] kasan_save_alloc_info+0x3b/0x50 [ 14.075824] __kasan_kmalloc+0xb7/0xc0 [ 14.076172] __kmalloc_cache_noprof+0x189/0x420 [ 14.076413] kasan_atomics+0x95/0x310 [ 14.076542] kunit_try_run_case+0x1a5/0x480 [ 14.077252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.077803] kthread+0x337/0x6f0 [ 14.078127] ret_from_fork+0x116/0x1d0 [ 14.078432] ret_from_fork_asm+0x1a/0x30 [ 14.078738] [ 14.078810] The buggy address belongs to the object at ffff8881028d8d80 [ 14.078810] which belongs to the cache kmalloc-64 of size 64 [ 14.079170] The buggy address is located 0 bytes to the right of [ 14.079170] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.079865] [ 14.080036] The buggy address belongs to the physical page: [ 14.080709] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.081398] flags: 0x200000000000000(node=0|zone=2) [ 14.081877] page_type: f5(slab) [ 14.082297] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.083021] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.083747] page dumped because: kasan: bad access detected [ 14.084226] [ 14.084385] Memory state around the buggy address: [ 14.084882] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.085218] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.085660] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.086278] ^ [ 14.086717] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.087461] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.087835] ================================================================== [ 14.665897] ================================================================== [ 14.666559] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.667184] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.667793] [ 14.667970] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.668017] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.668029] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.668051] Call Trace: [ 14.668069] <TASK> [ 14.668087] dump_stack_lvl+0x73/0xb0 [ 14.668118] print_report+0xd1/0x650 [ 14.668140] ? __virt_addr_valid+0x1db/0x2d0 [ 14.668163] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.668184] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.668206] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.668228] kasan_report+0x141/0x180 [ 14.668250] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.668276] kasan_check_range+0x10c/0x1c0 [ 14.668301] __kasan_check_read+0x15/0x20 [ 14.668320] kasan_atomics_helper+0x13b5/0x5450 [ 14.668343] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.668364] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.668411] ? kasan_atomics+0x152/0x310 [ 14.668438] kasan_atomics+0x1dc/0x310 [ 14.668460] ? __pfx_kasan_atomics+0x10/0x10 [ 14.668484] ? __pfx_read_tsc+0x10/0x10 [ 14.668506] ? ktime_get_ts64+0x86/0x230 [ 14.668531] kunit_try_run_case+0x1a5/0x480 [ 14.668555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.668577] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.668600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.668622] ? __kthread_parkme+0x82/0x180 [ 14.668643] ? preempt_count_sub+0x50/0x80 [ 14.668666] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.668690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.668713] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.668737] kthread+0x337/0x6f0 [ 14.668756] ? trace_preempt_on+0x20/0xc0 [ 14.668781] ? __pfx_kthread+0x10/0x10 [ 14.668803] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.668824] ? calculate_sigpending+0x7b/0xa0 [ 14.668848] ? __pfx_kthread+0x10/0x10 [ 14.668870] ret_from_fork+0x116/0x1d0 [ 14.668890] ? __pfx_kthread+0x10/0x10 [ 14.668910] ret_from_fork_asm+0x1a/0x30 [ 14.668952] </TASK> [ 14.668963] [ 14.681190] Allocated by task 290: [ 14.681527] kasan_save_stack+0x45/0x70 [ 14.681894] kasan_save_track+0x18/0x40 [ 14.682247] kasan_save_alloc_info+0x3b/0x50 [ 14.682545] __kasan_kmalloc+0xb7/0xc0 [ 14.682676] __kmalloc_cache_noprof+0x189/0x420 [ 14.682825] kasan_atomics+0x95/0x310 [ 14.682963] kunit_try_run_case+0x1a5/0x480 [ 14.683107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.683275] kthread+0x337/0x6f0 [ 14.683450] ret_from_fork+0x116/0x1d0 [ 14.683778] ret_from_fork_asm+0x1a/0x30 [ 14.684127] [ 14.684279] The buggy address belongs to the object at ffff8881028d8d80 [ 14.684279] which belongs to the cache kmalloc-64 of size 64 [ 14.685323] The buggy address is located 0 bytes to the right of [ 14.685323] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.686427] [ 14.686583] The buggy address belongs to the physical page: [ 14.687064] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.687741] flags: 0x200000000000000(node=0|zone=2) [ 14.688179] page_type: f5(slab) [ 14.688488] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.689129] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.689356] page dumped because: kasan: bad access detected [ 14.689860] [ 14.690017] Memory state around the buggy address: [ 14.690448] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.690816] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.691256] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.691856] ^ [ 14.692267] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.692577] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.692789] ================================================================== [ 15.223344] ================================================================== [ 15.223623] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 15.223899] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.224386] [ 15.224516] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.224565] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.224578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.224600] Call Trace: [ 15.224621] <TASK> [ 15.224642] dump_stack_lvl+0x73/0xb0 [ 15.224671] print_report+0xd1/0x650 [ 15.224693] ? __virt_addr_valid+0x1db/0x2d0 [ 15.224716] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.224737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.224759] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.224781] kasan_report+0x141/0x180 [ 15.224803] ? kasan_atomics_helper+0x4f98/0x5450 [ 15.224830] __asan_report_load8_noabort+0x18/0x20 [ 15.224854] kasan_atomics_helper+0x4f98/0x5450 [ 15.224876] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.224899] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.224924] ? kasan_atomics+0x152/0x310 [ 15.224961] kasan_atomics+0x1dc/0x310 [ 15.224984] ? __pfx_kasan_atomics+0x10/0x10 [ 15.225008] ? __pfx_read_tsc+0x10/0x10 [ 15.225030] ? ktime_get_ts64+0x86/0x230 [ 15.225123] kunit_try_run_case+0x1a5/0x480 [ 15.225160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.225182] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.225205] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.225228] ? __kthread_parkme+0x82/0x180 [ 15.225249] ? preempt_count_sub+0x50/0x80 [ 15.225273] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.225297] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.225321] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.225344] kthread+0x337/0x6f0 [ 15.225424] ? trace_preempt_on+0x20/0xc0 [ 15.225462] ? __pfx_kthread+0x10/0x10 [ 15.225484] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.225505] ? calculate_sigpending+0x7b/0xa0 [ 15.225578] ? __pfx_kthread+0x10/0x10 [ 15.225600] ret_from_fork+0x116/0x1d0 [ 15.225629] ? __pfx_kthread+0x10/0x10 [ 15.225651] ret_from_fork_asm+0x1a/0x30 [ 15.225686] </TASK> [ 15.225698] [ 15.234606] Allocated by task 290: [ 15.235262] kasan_save_stack+0x45/0x70 [ 15.236043] kasan_save_track+0x18/0x40 [ 15.236200] kasan_save_alloc_info+0x3b/0x50 [ 15.236506] __kasan_kmalloc+0xb7/0xc0 [ 15.236971] __kmalloc_cache_noprof+0x189/0x420 [ 15.237182] kasan_atomics+0x95/0x310 [ 15.237489] kunit_try_run_case+0x1a5/0x480 [ 15.237722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.238185] kthread+0x337/0x6f0 [ 15.238457] ret_from_fork+0x116/0x1d0 [ 15.238735] ret_from_fork_asm+0x1a/0x30 [ 15.239029] [ 15.239241] The buggy address belongs to the object at ffff8881028d8d80 [ 15.239241] which belongs to the cache kmalloc-64 of size 64 [ 15.240082] The buggy address is located 0 bytes to the right of [ 15.240082] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.240822] [ 15.240943] The buggy address belongs to the physical page: [ 15.241359] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.241807] flags: 0x200000000000000(node=0|zone=2) [ 15.242119] page_type: f5(slab) [ 15.242319] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.242866] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.243312] page dumped because: kasan: bad access detected [ 15.243773] [ 15.243859] Memory state around the buggy address: [ 15.244242] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.244780] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.245188] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.245650] ^ [ 15.245888] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.246297] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.246682] ================================================================== [ 15.247317] ================================================================== [ 15.247610] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 15.248505] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.248879] [ 15.249110] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.249160] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.249173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.249294] Call Trace: [ 15.249313] <TASK> [ 15.249330] dump_stack_lvl+0x73/0xb0 [ 15.249360] print_report+0xd1/0x650 [ 15.249384] ? __virt_addr_valid+0x1db/0x2d0 [ 15.249407] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.249428] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.249450] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.249472] kasan_report+0x141/0x180 [ 15.249494] ? kasan_atomics_helper+0x20c8/0x5450 [ 15.249520] kasan_check_range+0x10c/0x1c0 [ 15.249544] __kasan_check_write+0x18/0x20 [ 15.249564] kasan_atomics_helper+0x20c8/0x5450 [ 15.249586] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.249608] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.249633] ? kasan_atomics+0x152/0x310 [ 15.249662] kasan_atomics+0x1dc/0x310 [ 15.249693] ? __pfx_kasan_atomics+0x10/0x10 [ 15.249718] ? __pfx_read_tsc+0x10/0x10 [ 15.249739] ? ktime_get_ts64+0x86/0x230 [ 15.249765] kunit_try_run_case+0x1a5/0x480 [ 15.249790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.249812] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.249835] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.249858] ? __kthread_parkme+0x82/0x180 [ 15.249879] ? preempt_count_sub+0x50/0x80 [ 15.249903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.249926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.249960] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.249984] kthread+0x337/0x6f0 [ 15.250004] ? trace_preempt_on+0x20/0xc0 [ 15.250028] ? __pfx_kthread+0x10/0x10 [ 15.250049] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.250070] ? calculate_sigpending+0x7b/0xa0 [ 15.250095] ? __pfx_kthread+0x10/0x10 [ 15.250117] ret_from_fork+0x116/0x1d0 [ 15.250135] ? __pfx_kthread+0x10/0x10 [ 15.250156] ret_from_fork_asm+0x1a/0x30 [ 15.250187] </TASK> [ 15.250197] [ 15.263827] Allocated by task 290: [ 15.264369] kasan_save_stack+0x45/0x70 [ 15.264904] kasan_save_track+0x18/0x40 [ 15.265440] kasan_save_alloc_info+0x3b/0x50 [ 15.265996] __kasan_kmalloc+0xb7/0xc0 [ 15.266483] __kmalloc_cache_noprof+0x189/0x420 [ 15.266648] kasan_atomics+0x95/0x310 [ 15.266776] kunit_try_run_case+0x1a5/0x480 [ 15.266913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.267087] kthread+0x337/0x6f0 [ 15.267201] ret_from_fork+0x116/0x1d0 [ 15.267322] ret_from_fork_asm+0x1a/0x30 [ 15.267792] [ 15.267961] The buggy address belongs to the object at ffff8881028d8d80 [ 15.267961] which belongs to the cache kmalloc-64 of size 64 [ 15.269107] The buggy address is located 0 bytes to the right of [ 15.269107] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.270209] [ 15.270411] The buggy address belongs to the physical page: [ 15.270891] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.271508] flags: 0x200000000000000(node=0|zone=2) [ 15.271798] page_type: f5(slab) [ 15.272108] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.272332] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.272985] page dumped because: kasan: bad access detected [ 15.273490] [ 15.273666] Memory state around the buggy address: [ 15.273997] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.274559] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.274898] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.275546] ^ [ 15.275877] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.276088] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.276287] ================================================================== [ 13.921563] ================================================================== [ 13.921792] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 13.922042] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 13.922602] [ 13.922789] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.922832] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.922843] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.922862] Call Trace: [ 13.922876] <TASK> [ 13.922890] dump_stack_lvl+0x73/0xb0 [ 13.922927] print_report+0xd1/0x650 [ 13.922959] ? __virt_addr_valid+0x1db/0x2d0 [ 13.922980] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.923000] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.923021] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.923043] kasan_report+0x141/0x180 [ 13.923075] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.923100] __asan_report_load4_noabort+0x18/0x20 [ 13.923135] kasan_atomics_helper+0x4b88/0x5450 [ 13.923157] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.923178] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.923201] ? kasan_atomics+0x152/0x310 [ 13.923226] kasan_atomics+0x1dc/0x310 [ 13.923248] ? __pfx_kasan_atomics+0x10/0x10 [ 13.923271] ? __pfx_read_tsc+0x10/0x10 [ 13.923290] ? ktime_get_ts64+0x86/0x230 [ 13.923315] kunit_try_run_case+0x1a5/0x480 [ 13.923337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.923359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.923380] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.923410] ? __kthread_parkme+0x82/0x180 [ 13.923440] ? preempt_count_sub+0x50/0x80 [ 13.923463] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.923486] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.923519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.923542] kthread+0x337/0x6f0 [ 13.923560] ? trace_preempt_on+0x20/0xc0 [ 13.923583] ? __pfx_kthread+0x10/0x10 [ 13.923603] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.923623] ? calculate_sigpending+0x7b/0xa0 [ 13.923645] ? __pfx_kthread+0x10/0x10 [ 13.923666] ret_from_fork+0x116/0x1d0 [ 13.923685] ? __pfx_kthread+0x10/0x10 [ 13.923810] ret_from_fork_asm+0x1a/0x30 [ 13.923842] </TASK> [ 13.923889] [ 13.931951] Allocated by task 290: [ 13.932126] kasan_save_stack+0x45/0x70 [ 13.932264] kasan_save_track+0x18/0x40 [ 13.932394] kasan_save_alloc_info+0x3b/0x50 [ 13.932803] __kasan_kmalloc+0xb7/0xc0 [ 13.932942] __kmalloc_cache_noprof+0x189/0x420 [ 13.933202] kasan_atomics+0x95/0x310 [ 13.933555] kunit_try_run_case+0x1a5/0x480 [ 13.933755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.934000] kthread+0x337/0x6f0 [ 13.934164] ret_from_fork+0x116/0x1d0 [ 13.934313] ret_from_fork_asm+0x1a/0x30 [ 13.934652] [ 13.934754] The buggy address belongs to the object at ffff8881028d8d80 [ 13.934754] which belongs to the cache kmalloc-64 of size 64 [ 13.935236] The buggy address is located 0 bytes to the right of [ 13.935236] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 13.935784] [ 13.935876] The buggy address belongs to the physical page: [ 13.936136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 13.936551] flags: 0x200000000000000(node=0|zone=2) [ 13.936754] page_type: f5(slab) [ 13.936911] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.937227] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.937594] page dumped because: kasan: bad access detected [ 13.937901] [ 13.937976] Memory state around the buggy address: [ 13.938192] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.938539] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.938750] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.938964] ^ [ 13.939112] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.939319] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.939523] ================================================================== [ 14.721479] ================================================================== [ 14.722299] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.722948] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.723621] [ 14.723794] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.723839] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.723851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.723872] Call Trace: [ 14.723889] <TASK> [ 14.723905] dump_stack_lvl+0x73/0xb0 [ 14.723979] print_report+0xd1/0x650 [ 14.724002] ? __virt_addr_valid+0x1db/0x2d0 [ 14.724024] ? kasan_atomics_helper+0x1467/0x5450 [ 14.724045] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.724067] ? kasan_atomics_helper+0x1467/0x5450 [ 14.724089] kasan_report+0x141/0x180 [ 14.724111] ? kasan_atomics_helper+0x1467/0x5450 [ 14.724138] kasan_check_range+0x10c/0x1c0 [ 14.724162] __kasan_check_write+0x18/0x20 [ 14.724181] kasan_atomics_helper+0x1467/0x5450 [ 14.724204] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.724227] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.724252] ? kasan_atomics+0x152/0x310 [ 14.724278] kasan_atomics+0x1dc/0x310 [ 14.724300] ? __pfx_kasan_atomics+0x10/0x10 [ 14.724325] ? __pfx_read_tsc+0x10/0x10 [ 14.724345] ? ktime_get_ts64+0x86/0x230 [ 14.724370] kunit_try_run_case+0x1a5/0x480 [ 14.724415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.724437] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.724459] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.724482] ? __kthread_parkme+0x82/0x180 [ 14.724502] ? preempt_count_sub+0x50/0x80 [ 14.724526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.724549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.724572] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.724596] kthread+0x337/0x6f0 [ 14.724616] ? trace_preempt_on+0x20/0xc0 [ 14.724640] ? __pfx_kthread+0x10/0x10 [ 14.724661] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.724682] ? calculate_sigpending+0x7b/0xa0 [ 14.724706] ? __pfx_kthread+0x10/0x10 [ 14.724729] ret_from_fork+0x116/0x1d0 [ 14.724748] ? __pfx_kthread+0x10/0x10 [ 14.724769] ret_from_fork_asm+0x1a/0x30 [ 14.724800] </TASK> [ 14.724811] [ 14.740086] Allocated by task 290: [ 14.740222] kasan_save_stack+0x45/0x70 [ 14.740370] kasan_save_track+0x18/0x40 [ 14.740510] kasan_save_alloc_info+0x3b/0x50 [ 14.740652] __kasan_kmalloc+0xb7/0xc0 [ 14.740779] __kmalloc_cache_noprof+0x189/0x420 [ 14.740927] kasan_atomics+0x95/0x310 [ 14.741510] kunit_try_run_case+0x1a5/0x480 [ 14.741879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.742461] kthread+0x337/0x6f0 [ 14.742822] ret_from_fork+0x116/0x1d0 [ 14.743218] ret_from_fork_asm+0x1a/0x30 [ 14.743644] [ 14.743803] The buggy address belongs to the object at ffff8881028d8d80 [ 14.743803] which belongs to the cache kmalloc-64 of size 64 [ 14.744995] The buggy address is located 0 bytes to the right of [ 14.744995] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.746096] [ 14.746173] The buggy address belongs to the physical page: [ 14.746344] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.746893] flags: 0x200000000000000(node=0|zone=2) [ 14.747377] page_type: f5(slab) [ 14.747764] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.748487] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.749166] page dumped because: kasan: bad access detected [ 14.749355] [ 14.749435] Memory state around the buggy address: [ 14.749728] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.750199] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.750428] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.750836] ^ [ 14.751193] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.751679] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.751889] ================================================================== [ 15.156924] ================================================================== [ 15.157296] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 15.157945] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.158308] [ 15.158397] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.158442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.158455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.158476] Call Trace: [ 15.158492] <TASK> [ 15.158509] dump_stack_lvl+0x73/0xb0 [ 15.158538] print_report+0xd1/0x650 [ 15.158561] ? __virt_addr_valid+0x1db/0x2d0 [ 15.158586] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.158607] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.158630] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.158652] kasan_report+0x141/0x180 [ 15.158675] ? kasan_atomics_helper+0x1f43/0x5450 [ 15.158702] kasan_check_range+0x10c/0x1c0 [ 15.158726] __kasan_check_write+0x18/0x20 [ 15.158746] kasan_atomics_helper+0x1f43/0x5450 [ 15.158769] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.158791] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.158816] ? kasan_atomics+0x152/0x310 [ 15.158843] kasan_atomics+0x1dc/0x310 [ 15.158865] ? __pfx_kasan_atomics+0x10/0x10 [ 15.158889] ? __pfx_read_tsc+0x10/0x10 [ 15.158910] ? ktime_get_ts64+0x86/0x230 [ 15.158947] kunit_try_run_case+0x1a5/0x480 [ 15.158971] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.158993] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.159016] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.159038] ? __kthread_parkme+0x82/0x180 [ 15.159059] ? preempt_count_sub+0x50/0x80 [ 15.159083] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.159106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.159129] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.159152] kthread+0x337/0x6f0 [ 15.159172] ? trace_preempt_on+0x20/0xc0 [ 15.159198] ? __pfx_kthread+0x10/0x10 [ 15.159220] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.159240] ? calculate_sigpending+0x7b/0xa0 [ 15.159264] ? __pfx_kthread+0x10/0x10 [ 15.159285] ret_from_fork+0x116/0x1d0 [ 15.159304] ? __pfx_kthread+0x10/0x10 [ 15.159324] ret_from_fork_asm+0x1a/0x30 [ 15.159356] </TASK> [ 15.159366] [ 15.166758] Allocated by task 290: [ 15.166917] kasan_save_stack+0x45/0x70 [ 15.167065] kasan_save_track+0x18/0x40 [ 15.167193] kasan_save_alloc_info+0x3b/0x50 [ 15.167387] __kasan_kmalloc+0xb7/0xc0 [ 15.167578] __kmalloc_cache_noprof+0x189/0x420 [ 15.167793] kasan_atomics+0x95/0x310 [ 15.167983] kunit_try_run_case+0x1a5/0x480 [ 15.168185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.168449] kthread+0x337/0x6f0 [ 15.168568] ret_from_fork+0x116/0x1d0 [ 15.168695] ret_from_fork_asm+0x1a/0x30 [ 15.168826] [ 15.168892] The buggy address belongs to the object at ffff8881028d8d80 [ 15.168892] which belongs to the cache kmalloc-64 of size 64 [ 15.170316] The buggy address is located 0 bytes to the right of [ 15.170316] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.171714] [ 15.171812] The buggy address belongs to the physical page: [ 15.171993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.172450] flags: 0x200000000000000(node=0|zone=2) [ 15.172721] page_type: f5(slab) [ 15.172842] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.173072] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.173285] page dumped because: kasan: bad access detected [ 15.173452] [ 15.173516] Memory state around the buggy address: [ 15.173660] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.173870] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.174621] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.175376] ^ [ 15.175812] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.176434] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.177100] ================================================================== [ 14.890264] ================================================================== [ 14.890651] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 14.891496] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.891730] [ 14.891811] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.891856] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.891870] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.891890] Call Trace: [ 14.891907] <TASK> [ 14.891923] dump_stack_lvl+0x73/0xb0 [ 14.891965] print_report+0xd1/0x650 [ 14.891988] ? __virt_addr_valid+0x1db/0x2d0 [ 14.892011] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.892033] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.892054] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.892076] kasan_report+0x141/0x180 [ 14.892098] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.892124] kasan_check_range+0x10c/0x1c0 [ 14.892147] __kasan_check_write+0x18/0x20 [ 14.892166] kasan_atomics_helper+0x18b1/0x5450 [ 14.892189] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.892211] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.892235] ? kasan_atomics+0x152/0x310 [ 14.892262] kasan_atomics+0x1dc/0x310 [ 14.892284] ? __pfx_kasan_atomics+0x10/0x10 [ 14.892307] ? __pfx_read_tsc+0x10/0x10 [ 14.892328] ? ktime_get_ts64+0x86/0x230 [ 14.892355] kunit_try_run_case+0x1a5/0x480 [ 14.892408] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.892431] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.892454] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.892537] ? __kthread_parkme+0x82/0x180 [ 14.892560] ? preempt_count_sub+0x50/0x80 [ 14.892585] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.892609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.892632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.892655] kthread+0x337/0x6f0 [ 14.892675] ? trace_preempt_on+0x20/0xc0 [ 14.892700] ? __pfx_kthread+0x10/0x10 [ 14.892721] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.892742] ? calculate_sigpending+0x7b/0xa0 [ 14.892767] ? __pfx_kthread+0x10/0x10 [ 14.892788] ret_from_fork+0x116/0x1d0 [ 14.892807] ? __pfx_kthread+0x10/0x10 [ 14.892829] ret_from_fork_asm+0x1a/0x30 [ 14.892861] </TASK> [ 14.892874] [ 14.905709] Allocated by task 290: [ 14.906079] kasan_save_stack+0x45/0x70 [ 14.906491] kasan_save_track+0x18/0x40 [ 14.906869] kasan_save_alloc_info+0x3b/0x50 [ 14.907280] __kasan_kmalloc+0xb7/0xc0 [ 14.907663] __kmalloc_cache_noprof+0x189/0x420 [ 14.908103] kasan_atomics+0x95/0x310 [ 14.908282] kunit_try_run_case+0x1a5/0x480 [ 14.908579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.909095] kthread+0x337/0x6f0 [ 14.909374] ret_from_fork+0x116/0x1d0 [ 14.909517] ret_from_fork_asm+0x1a/0x30 [ 14.909888] [ 14.910090] The buggy address belongs to the object at ffff8881028d8d80 [ 14.910090] which belongs to the cache kmalloc-64 of size 64 [ 14.910700] The buggy address is located 0 bytes to the right of [ 14.910700] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.911308] [ 14.911482] The buggy address belongs to the physical page: [ 14.911999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.912815] flags: 0x200000000000000(node=0|zone=2) [ 14.913228] page_type: f5(slab) [ 14.913347] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.913617] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.914300] page dumped because: kasan: bad access detected [ 14.914837] [ 14.915064] Memory state around the buggy address: [ 14.915522] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.916154] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.916619] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.916831] ^ [ 14.916991] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.917196] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.917413] ================================================================== [ 13.903784] ================================================================== [ 13.904144] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 13.904404] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 13.904740] [ 13.904820] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.904873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.904884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.904904] Call Trace: [ 13.904939] <TASK> [ 13.904954] dump_stack_lvl+0x73/0xb0 [ 13.904980] print_report+0xd1/0x650 [ 13.905001] ? __virt_addr_valid+0x1db/0x2d0 [ 13.905023] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.905043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.905064] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.905084] kasan_report+0x141/0x180 [ 13.905125] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.905152] __asan_report_store4_noabort+0x1b/0x30 [ 13.905175] kasan_atomics_helper+0x4ba2/0x5450 [ 13.905197] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.905218] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.905242] ? kasan_atomics+0x152/0x310 [ 13.905267] kasan_atomics+0x1dc/0x310 [ 13.905289] ? __pfx_kasan_atomics+0x10/0x10 [ 13.905312] ? __pfx_read_tsc+0x10/0x10 [ 13.905332] ? ktime_get_ts64+0x86/0x230 [ 13.905356] kunit_try_run_case+0x1a5/0x480 [ 13.905379] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.905400] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.905422] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.905444] ? __kthread_parkme+0x82/0x180 [ 13.905463] ? preempt_count_sub+0x50/0x80 [ 13.905486] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.905518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.905541] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.905564] kthread+0x337/0x6f0 [ 13.905594] ? trace_preempt_on+0x20/0xc0 [ 13.905618] ? __pfx_kthread+0x10/0x10 [ 13.905638] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.905667] ? calculate_sigpending+0x7b/0xa0 [ 13.905696] ? __pfx_kthread+0x10/0x10 [ 13.905718] ret_from_fork+0x116/0x1d0 [ 13.905746] ? __pfx_kthread+0x10/0x10 [ 13.905766] ret_from_fork_asm+0x1a/0x30 [ 13.905795] </TASK> [ 13.905806] [ 13.913617] Allocated by task 290: [ 13.913743] kasan_save_stack+0x45/0x70 [ 13.913877] kasan_save_track+0x18/0x40 [ 13.914016] kasan_save_alloc_info+0x3b/0x50 [ 13.914159] __kasan_kmalloc+0xb7/0xc0 [ 13.914346] __kmalloc_cache_noprof+0x189/0x420 [ 13.914578] kasan_atomics+0x95/0x310 [ 13.914756] kunit_try_run_case+0x1a5/0x480 [ 13.914958] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.915196] kthread+0x337/0x6f0 [ 13.915353] ret_from_fork+0x116/0x1d0 [ 13.915562] ret_from_fork_asm+0x1a/0x30 [ 13.915750] [ 13.915837] The buggy address belongs to the object at ffff8881028d8d80 [ 13.915837] which belongs to the cache kmalloc-64 of size 64 [ 13.916192] The buggy address is located 0 bytes to the right of [ 13.916192] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 13.917142] [ 13.917269] The buggy address belongs to the physical page: [ 13.917562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 13.917833] flags: 0x200000000000000(node=0|zone=2) [ 13.918114] page_type: f5(slab) [ 13.918286] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.918709] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.918976] page dumped because: kasan: bad access detected [ 13.919223] [ 13.919309] Memory state around the buggy address: [ 13.919653] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.919883] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.920101] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.920304] ^ [ 13.920483] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.920810] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.921120] ================================================================== [ 13.970155] ================================================================== [ 13.971150] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 13.972073] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 13.972898] [ 13.973119] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.973180] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.973193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.973215] Call Trace: [ 13.973236] <TASK> [ 13.973254] dump_stack_lvl+0x73/0xb0 [ 13.973285] print_report+0xd1/0x650 [ 13.973309] ? __virt_addr_valid+0x1db/0x2d0 [ 13.973333] ? kasan_atomics_helper+0x3df/0x5450 [ 13.973354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.973376] ? kasan_atomics_helper+0x3df/0x5450 [ 13.973399] kasan_report+0x141/0x180 [ 13.973422] ? kasan_atomics_helper+0x3df/0x5450 [ 13.973447] kasan_check_range+0x10c/0x1c0 [ 13.973471] __kasan_check_read+0x15/0x20 [ 13.973490] kasan_atomics_helper+0x3df/0x5450 [ 13.973512] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.973572] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.973598] ? kasan_atomics+0x152/0x310 [ 13.973635] kasan_atomics+0x1dc/0x310 [ 13.973658] ? __pfx_kasan_atomics+0x10/0x10 [ 13.973688] ? __pfx_read_tsc+0x10/0x10 [ 13.973710] ? ktime_get_ts64+0x86/0x230 [ 13.973737] kunit_try_run_case+0x1a5/0x480 [ 13.973761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.973783] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.973806] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.973829] ? __kthread_parkme+0x82/0x180 [ 13.973849] ? preempt_count_sub+0x50/0x80 [ 13.973873] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.973897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.973920] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.973953] kthread+0x337/0x6f0 [ 13.973973] ? trace_preempt_on+0x20/0xc0 [ 13.973998] ? __pfx_kthread+0x10/0x10 [ 13.974019] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.974040] ? calculate_sigpending+0x7b/0xa0 [ 13.974065] ? __pfx_kthread+0x10/0x10 [ 13.974086] ret_from_fork+0x116/0x1d0 [ 13.974105] ? __pfx_kthread+0x10/0x10 [ 13.974126] ret_from_fork_asm+0x1a/0x30 [ 13.974158] </TASK> [ 13.974169] [ 13.988419] Allocated by task 290: [ 13.988854] kasan_save_stack+0x45/0x70 [ 13.989099] kasan_save_track+0x18/0x40 [ 13.989230] kasan_save_alloc_info+0x3b/0x50 [ 13.989370] __kasan_kmalloc+0xb7/0xc0 [ 13.989998] __kmalloc_cache_noprof+0x189/0x420 [ 13.990432] kasan_atomics+0x95/0x310 [ 13.990859] kunit_try_run_case+0x1a5/0x480 [ 13.991303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.991891] kthread+0x337/0x6f0 [ 13.992094] ret_from_fork+0x116/0x1d0 [ 13.992224] ret_from_fork_asm+0x1a/0x30 [ 13.992358] [ 13.992512] The buggy address belongs to the object at ffff8881028d8d80 [ 13.992512] which belongs to the cache kmalloc-64 of size 64 [ 13.993851] The buggy address is located 0 bytes to the right of [ 13.993851] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 13.994952] [ 13.995024] The buggy address belongs to the physical page: [ 13.995186] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 13.995423] flags: 0x200000000000000(node=0|zone=2) [ 13.995625] page_type: f5(slab) [ 13.995811] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.996156] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.996403] page dumped because: kasan: bad access detected [ 13.996664] [ 13.996753] Memory state around the buggy address: [ 13.997071] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.997292] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.997828] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.998318] ^ [ 13.998512] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.998792] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.999237] ================================================================== [ 14.992796] ================================================================== [ 14.993583] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 14.994660] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.995361] [ 14.995564] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.995613] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.995627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.995647] Call Trace: [ 14.995665] <TASK> [ 14.995682] dump_stack_lvl+0x73/0xb0 [ 14.995713] print_report+0xd1/0x650 [ 14.995737] ? __virt_addr_valid+0x1db/0x2d0 [ 14.995760] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.995781] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.995804] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.995825] kasan_report+0x141/0x180 [ 14.995848] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.995874] kasan_check_range+0x10c/0x1c0 [ 14.995897] __kasan_check_write+0x18/0x20 [ 14.995917] kasan_atomics_helper+0x1b22/0x5450 [ 14.995958] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.995980] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.996005] ? kasan_atomics+0x152/0x310 [ 14.996032] kasan_atomics+0x1dc/0x310 [ 14.996054] ? __pfx_kasan_atomics+0x10/0x10 [ 14.996079] ? __pfx_read_tsc+0x10/0x10 [ 14.996100] ? ktime_get_ts64+0x86/0x230 [ 14.996126] kunit_try_run_case+0x1a5/0x480 [ 14.996151] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.996172] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.996195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.996217] ? __kthread_parkme+0x82/0x180 [ 14.996238] ? preempt_count_sub+0x50/0x80 [ 14.996263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.996287] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.996309] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.996333] kthread+0x337/0x6f0 [ 14.996352] ? trace_preempt_on+0x20/0xc0 [ 14.996376] ? __pfx_kthread+0x10/0x10 [ 14.996397] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.996419] ? calculate_sigpending+0x7b/0xa0 [ 14.996443] ? __pfx_kthread+0x10/0x10 [ 14.996465] ret_from_fork+0x116/0x1d0 [ 14.996483] ? __pfx_kthread+0x10/0x10 [ 14.996504] ret_from_fork_asm+0x1a/0x30 [ 14.996534] </TASK> [ 14.996545] [ 15.008913] Allocated by task 290: [ 15.009066] kasan_save_stack+0x45/0x70 [ 15.009214] kasan_save_track+0x18/0x40 [ 15.009396] kasan_save_alloc_info+0x3b/0x50 [ 15.009671] __kasan_kmalloc+0xb7/0xc0 [ 15.009859] __kmalloc_cache_noprof+0x189/0x420 [ 15.010065] kasan_atomics+0x95/0x310 [ 15.010193] kunit_try_run_case+0x1a5/0x480 [ 15.010369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.010744] kthread+0x337/0x6f0 [ 15.010872] ret_from_fork+0x116/0x1d0 [ 15.011010] ret_from_fork_asm+0x1a/0x30 [ 15.011180] [ 15.011272] The buggy address belongs to the object at ffff8881028d8d80 [ 15.011272] which belongs to the cache kmalloc-64 of size 64 [ 15.011777] The buggy address is located 0 bytes to the right of [ 15.011777] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.012420] [ 15.012517] The buggy address belongs to the physical page: [ 15.012729] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.012984] flags: 0x200000000000000(node=0|zone=2) [ 15.013214] page_type: f5(slab) [ 15.013387] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.013729] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.014820] page dumped because: kasan: bad access detected [ 15.015159] [ 15.015252] Memory state around the buggy address: [ 15.015488] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.015805] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.016111] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.016385] ^ [ 15.016829] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.017178] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.017609] ================================================================== [ 15.202399] ================================================================== [ 15.203091] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 15.203533] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.203790] [ 15.204100] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.204150] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.204249] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.204273] Call Trace: [ 15.204288] <TASK> [ 15.204304] dump_stack_lvl+0x73/0xb0 [ 15.204335] print_report+0xd1/0x650 [ 15.204357] ? __virt_addr_valid+0x1db/0x2d0 [ 15.204379] ? kasan_atomics_helper+0x2006/0x5450 [ 15.204420] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.204442] ? kasan_atomics_helper+0x2006/0x5450 [ 15.204464] kasan_report+0x141/0x180 [ 15.204487] ? kasan_atomics_helper+0x2006/0x5450 [ 15.204514] kasan_check_range+0x10c/0x1c0 [ 15.204538] __kasan_check_write+0x18/0x20 [ 15.204558] kasan_atomics_helper+0x2006/0x5450 [ 15.204581] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.204603] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.204628] ? kasan_atomics+0x152/0x310 [ 15.204654] kasan_atomics+0x1dc/0x310 [ 15.204677] ? __pfx_kasan_atomics+0x10/0x10 [ 15.204701] ? __pfx_read_tsc+0x10/0x10 [ 15.204722] ? ktime_get_ts64+0x86/0x230 [ 15.204748] kunit_try_run_case+0x1a5/0x480 [ 15.204771] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.204794] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.204817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.204840] ? __kthread_parkme+0x82/0x180 [ 15.204860] ? preempt_count_sub+0x50/0x80 [ 15.204882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.204906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.204940] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.204963] kthread+0x337/0x6f0 [ 15.204983] ? trace_preempt_on+0x20/0xc0 [ 15.205007] ? __pfx_kthread+0x10/0x10 [ 15.205029] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.205051] ? calculate_sigpending+0x7b/0xa0 [ 15.205075] ? __pfx_kthread+0x10/0x10 [ 15.205096] ret_from_fork+0x116/0x1d0 [ 15.205115] ? __pfx_kthread+0x10/0x10 [ 15.205135] ret_from_fork_asm+0x1a/0x30 [ 15.205165] </TASK> [ 15.205176] [ 15.214106] Allocated by task 290: [ 15.214250] kasan_save_stack+0x45/0x70 [ 15.214444] kasan_save_track+0x18/0x40 [ 15.214634] kasan_save_alloc_info+0x3b/0x50 [ 15.214800] __kasan_kmalloc+0xb7/0xc0 [ 15.214978] __kmalloc_cache_noprof+0x189/0x420 [ 15.215174] kasan_atomics+0x95/0x310 [ 15.215357] kunit_try_run_case+0x1a5/0x480 [ 15.216138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.216340] kthread+0x337/0x6f0 [ 15.216466] ret_from_fork+0x116/0x1d0 [ 15.216597] ret_from_fork_asm+0x1a/0x30 [ 15.216731] [ 15.216799] The buggy address belongs to the object at ffff8881028d8d80 [ 15.216799] which belongs to the cache kmalloc-64 of size 64 [ 15.217207] The buggy address is located 0 bytes to the right of [ 15.217207] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.218113] [ 15.218205] The buggy address belongs to the physical page: [ 15.218417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.218855] flags: 0x200000000000000(node=0|zone=2) [ 15.219086] page_type: f5(slab) [ 15.219298] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.219705] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.220025] page dumped because: kasan: bad access detected [ 15.220261] [ 15.220351] Memory state around the buggy address: [ 15.220726] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.221050] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.221326] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.221828] ^ [ 15.222027] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.222341] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.222743] ================================================================== [ 15.332278] ================================================================== [ 15.332799] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 15.333589] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.334287] [ 15.334455] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.334500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.334512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.334534] Call Trace: [ 15.334552] <TASK> [ 15.334569] dump_stack_lvl+0x73/0xb0 [ 15.334597] print_report+0xd1/0x650 [ 15.334620] ? __virt_addr_valid+0x1db/0x2d0 [ 15.334643] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.334665] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.334687] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.334709] kasan_report+0x141/0x180 [ 15.334732] ? kasan_atomics_helper+0x4fa5/0x5450 [ 15.334758] __asan_report_load8_noabort+0x18/0x20 [ 15.334782] kasan_atomics_helper+0x4fa5/0x5450 [ 15.334805] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.334828] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.334853] ? kasan_atomics+0x152/0x310 [ 15.334880] kasan_atomics+0x1dc/0x310 [ 15.334902] ? __pfx_kasan_atomics+0x10/0x10 [ 15.334926] ? __pfx_read_tsc+0x10/0x10 [ 15.334960] ? ktime_get_ts64+0x86/0x230 [ 15.334986] kunit_try_run_case+0x1a5/0x480 [ 15.335010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.335033] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.335056] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.335079] ? __kthread_parkme+0x82/0x180 [ 15.335100] ? preempt_count_sub+0x50/0x80 [ 15.335125] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.335149] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.335172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.335195] kthread+0x337/0x6f0 [ 15.335215] ? trace_preempt_on+0x20/0xc0 [ 15.335240] ? __pfx_kthread+0x10/0x10 [ 15.335261] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.335283] ? calculate_sigpending+0x7b/0xa0 [ 15.335307] ? __pfx_kthread+0x10/0x10 [ 15.335329] ret_from_fork+0x116/0x1d0 [ 15.335348] ? __pfx_kthread+0x10/0x10 [ 15.335369] ret_from_fork_asm+0x1a/0x30 [ 15.335410] </TASK> [ 15.335421] [ 15.344890] Allocated by task 290: [ 15.345024] kasan_save_stack+0x45/0x70 [ 15.345164] kasan_save_track+0x18/0x40 [ 15.345293] kasan_save_alloc_info+0x3b/0x50 [ 15.345434] __kasan_kmalloc+0xb7/0xc0 [ 15.345560] __kmalloc_cache_noprof+0x189/0x420 [ 15.345887] kasan_atomics+0x95/0x310 [ 15.346217] kunit_try_run_case+0x1a5/0x480 [ 15.346639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.347093] kthread+0x337/0x6f0 [ 15.347380] ret_from_fork+0x116/0x1d0 [ 15.347835] ret_from_fork_asm+0x1a/0x30 [ 15.348182] [ 15.348336] The buggy address belongs to the object at ffff8881028d8d80 [ 15.348336] which belongs to the cache kmalloc-64 of size 64 [ 15.349461] The buggy address is located 0 bytes to the right of [ 15.349461] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.350558] [ 15.350713] The buggy address belongs to the physical page: [ 15.351188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.351857] flags: 0x200000000000000(node=0|zone=2) [ 15.352290] page_type: f5(slab) [ 15.352600] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.353240] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.353605] page dumped because: kasan: bad access detected [ 15.353777] [ 15.353841] Memory state around the buggy address: [ 15.354001] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.354211] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.354427] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.354643] ^ [ 15.354833] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.355146] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.355350] ================================================================== [ 14.492089] ================================================================== [ 14.492360] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.492705] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.493745] [ 14.493874] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.493941] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.493956] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.493978] Call Trace: [ 14.493996] <TASK> [ 14.494013] dump_stack_lvl+0x73/0xb0 [ 14.494044] print_report+0xd1/0x650 [ 14.494067] ? __virt_addr_valid+0x1db/0x2d0 [ 14.494090] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.494111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.494134] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.494155] kasan_report+0x141/0x180 [ 14.494178] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.494204] __asan_report_load4_noabort+0x18/0x20 [ 14.494229] kasan_atomics_helper+0x4a36/0x5450 [ 14.494252] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.494274] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.494299] ? kasan_atomics+0x152/0x310 [ 14.494325] kasan_atomics+0x1dc/0x310 [ 14.494347] ? __pfx_kasan_atomics+0x10/0x10 [ 14.494372] ? __pfx_read_tsc+0x10/0x10 [ 14.494497] ? ktime_get_ts64+0x86/0x230 [ 14.494532] kunit_try_run_case+0x1a5/0x480 [ 14.494557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.494580] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.494603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.494626] ? __kthread_parkme+0x82/0x180 [ 14.494655] ? preempt_count_sub+0x50/0x80 [ 14.494680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.494703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.494726] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.494750] kthread+0x337/0x6f0 [ 14.494770] ? trace_preempt_on+0x20/0xc0 [ 14.494795] ? __pfx_kthread+0x10/0x10 [ 14.494817] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.494838] ? calculate_sigpending+0x7b/0xa0 [ 14.494863] ? __pfx_kthread+0x10/0x10 [ 14.494885] ret_from_fork+0x116/0x1d0 [ 14.494904] ? __pfx_kthread+0x10/0x10 [ 14.494926] ret_from_fork_asm+0x1a/0x30 [ 14.494969] </TASK> [ 14.494980] [ 14.501763] Allocated by task 290: [ 14.501906] kasan_save_stack+0x45/0x70 [ 14.502079] kasan_save_track+0x18/0x40 [ 14.502209] kasan_save_alloc_info+0x3b/0x50 [ 14.502350] __kasan_kmalloc+0xb7/0xc0 [ 14.502503] __kmalloc_cache_noprof+0x189/0x420 [ 14.502721] kasan_atomics+0x95/0x310 [ 14.502904] kunit_try_run_case+0x1a5/0x480 [ 14.503172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.503470] kthread+0x337/0x6f0 [ 14.503630] ret_from_fork+0x116/0x1d0 [ 14.503808] ret_from_fork_asm+0x1a/0x30 [ 14.503982] [ 14.504059] The buggy address belongs to the object at ffff8881028d8d80 [ 14.504059] which belongs to the cache kmalloc-64 of size 64 [ 14.504510] The buggy address is located 0 bytes to the right of [ 14.504510] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.505015] [ 14.505106] The buggy address belongs to the physical page: [ 14.505317] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.505641] flags: 0x200000000000000(node=0|zone=2) [ 14.505835] page_type: f5(slab) [ 14.505958] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.506180] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.506405] page dumped because: kasan: bad access detected [ 14.506703] [ 14.506791] Memory state around the buggy address: [ 14.507014] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.507310] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.507519] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.507724] ^ [ 14.507871] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.508442] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.508754] ================================================================== [ 14.116205] ================================================================== [ 14.116541] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 14.117151] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.117483] [ 14.117564] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.117612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.117625] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.117646] Call Trace: [ 14.117662] <TASK> [ 14.117679] dump_stack_lvl+0x73/0xb0 [ 14.117716] print_report+0xd1/0x650 [ 14.117738] ? __virt_addr_valid+0x1db/0x2d0 [ 14.117762] ? kasan_atomics_helper+0x697/0x5450 [ 14.117782] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.117807] ? kasan_atomics_helper+0x697/0x5450 [ 14.117829] kasan_report+0x141/0x180 [ 14.117850] ? kasan_atomics_helper+0x697/0x5450 [ 14.117876] kasan_check_range+0x10c/0x1c0 [ 14.117899] __kasan_check_write+0x18/0x20 [ 14.117919] kasan_atomics_helper+0x697/0x5450 [ 14.117951] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.117974] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.117999] ? kasan_atomics+0x152/0x310 [ 14.118025] kasan_atomics+0x1dc/0x310 [ 14.118048] ? __pfx_kasan_atomics+0x10/0x10 [ 14.118073] ? __pfx_read_tsc+0x10/0x10 [ 14.118094] ? ktime_get_ts64+0x86/0x230 [ 14.118120] kunit_try_run_case+0x1a5/0x480 [ 14.118143] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.118166] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.118188] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.118211] ? __kthread_parkme+0x82/0x180 [ 14.118232] ? preempt_count_sub+0x50/0x80 [ 14.118255] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.118278] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.118302] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.118325] kthread+0x337/0x6f0 [ 14.118344] ? trace_preempt_on+0x20/0xc0 [ 14.118369] ? __pfx_kthread+0x10/0x10 [ 14.118404] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.118425] ? calculate_sigpending+0x7b/0xa0 [ 14.118450] ? __pfx_kthread+0x10/0x10 [ 14.118472] ret_from_fork+0x116/0x1d0 [ 14.118491] ? __pfx_kthread+0x10/0x10 [ 14.118512] ret_from_fork_asm+0x1a/0x30 [ 14.118543] </TASK> [ 14.118554] [ 14.126141] Allocated by task 290: [ 14.126272] kasan_save_stack+0x45/0x70 [ 14.126484] kasan_save_track+0x18/0x40 [ 14.126714] kasan_save_alloc_info+0x3b/0x50 [ 14.126924] __kasan_kmalloc+0xb7/0xc0 [ 14.127117] __kmalloc_cache_noprof+0x189/0x420 [ 14.127336] kasan_atomics+0x95/0x310 [ 14.127520] kunit_try_run_case+0x1a5/0x480 [ 14.127818] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.128165] kthread+0x337/0x6f0 [ 14.128305] ret_from_fork+0x116/0x1d0 [ 14.128546] ret_from_fork_asm+0x1a/0x30 [ 14.128680] [ 14.128773] The buggy address belongs to the object at ffff8881028d8d80 [ 14.128773] which belongs to the cache kmalloc-64 of size 64 [ 14.129267] The buggy address is located 0 bytes to the right of [ 14.129267] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.129728] [ 14.129814] The buggy address belongs to the physical page: [ 14.129987] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.130265] flags: 0x200000000000000(node=0|zone=2) [ 14.130635] page_type: f5(slab) [ 14.130880] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.131214] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.131426] page dumped because: kasan: bad access detected [ 14.131586] [ 14.131647] Memory state around the buggy address: [ 14.131790] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.132063] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.132576] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.132936] ^ [ 14.133092] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.133387] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.133640] ================================================================== [ 14.448654] ================================================================== [ 14.449019] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.449359] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.449877] [ 14.450016] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.450065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.450078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.450099] Call Trace: [ 14.450115] <TASK> [ 14.450133] dump_stack_lvl+0x73/0xb0 [ 14.450163] print_report+0xd1/0x650 [ 14.450187] ? __virt_addr_valid+0x1db/0x2d0 [ 14.450210] ? kasan_atomics_helper+0xf10/0x5450 [ 14.450231] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.450253] ? kasan_atomics_helper+0xf10/0x5450 [ 14.450275] kasan_report+0x141/0x180 [ 14.450297] ? kasan_atomics_helper+0xf10/0x5450 [ 14.450323] kasan_check_range+0x10c/0x1c0 [ 14.450347] __kasan_check_write+0x18/0x20 [ 14.450379] kasan_atomics_helper+0xf10/0x5450 [ 14.450412] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.450446] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.450471] ? kasan_atomics+0x152/0x310 [ 14.450506] kasan_atomics+0x1dc/0x310 [ 14.450529] ? __pfx_kasan_atomics+0x10/0x10 [ 14.450554] ? __pfx_read_tsc+0x10/0x10 [ 14.450586] ? ktime_get_ts64+0x86/0x230 [ 14.450612] kunit_try_run_case+0x1a5/0x480 [ 14.450636] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.450659] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.450681] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.450704] ? __kthread_parkme+0x82/0x180 [ 14.450724] ? preempt_count_sub+0x50/0x80 [ 14.450748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.450772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.450796] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.450820] kthread+0x337/0x6f0 [ 14.450840] ? trace_preempt_on+0x20/0xc0 [ 14.450864] ? __pfx_kthread+0x10/0x10 [ 14.450886] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.450907] ? calculate_sigpending+0x7b/0xa0 [ 14.450942] ? __pfx_kthread+0x10/0x10 [ 14.450964] ret_from_fork+0x116/0x1d0 [ 14.450992] ? __pfx_kthread+0x10/0x10 [ 14.451012] ret_from_fork_asm+0x1a/0x30 [ 14.451054] </TASK> [ 14.451065] [ 14.458828] Allocated by task 290: [ 14.458965] kasan_save_stack+0x45/0x70 [ 14.459166] kasan_save_track+0x18/0x40 [ 14.459354] kasan_save_alloc_info+0x3b/0x50 [ 14.459599] __kasan_kmalloc+0xb7/0xc0 [ 14.459809] __kmalloc_cache_noprof+0x189/0x420 [ 14.460002] kasan_atomics+0x95/0x310 [ 14.460173] kunit_try_run_case+0x1a5/0x480 [ 14.460365] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.460612] kthread+0x337/0x6f0 [ 14.460783] ret_from_fork+0x116/0x1d0 [ 14.460971] ret_from_fork_asm+0x1a/0x30 [ 14.461153] [ 14.461245] The buggy address belongs to the object at ffff8881028d8d80 [ 14.461245] which belongs to the cache kmalloc-64 of size 64 [ 14.461790] The buggy address is located 0 bytes to the right of [ 14.461790] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.462307] [ 14.462436] The buggy address belongs to the physical page: [ 14.462617] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.462853] flags: 0x200000000000000(node=0|zone=2) [ 14.463065] page_type: f5(slab) [ 14.463250] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.463576] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.463899] page dumped because: kasan: bad access detected [ 14.464170] [ 14.464235] Memory state around the buggy address: [ 14.464407] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.464746] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.465056] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.465344] ^ [ 14.465579] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.465886] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.466192] ================================================================== [ 14.181027] ================================================================== [ 14.181673] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 14.182410] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.182741] [ 14.183121] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.183175] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.183188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.183209] Call Trace: [ 14.183227] <TASK> [ 14.183243] dump_stack_lvl+0x73/0xb0 [ 14.183273] print_report+0xd1/0x650 [ 14.183295] ? __virt_addr_valid+0x1db/0x2d0 [ 14.183319] ? kasan_atomics_helper+0x860/0x5450 [ 14.183340] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.183362] ? kasan_atomics_helper+0x860/0x5450 [ 14.183384] kasan_report+0x141/0x180 [ 14.183422] ? kasan_atomics_helper+0x860/0x5450 [ 14.183449] kasan_check_range+0x10c/0x1c0 [ 14.183473] __kasan_check_write+0x18/0x20 [ 14.183492] kasan_atomics_helper+0x860/0x5450 [ 14.183515] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.183537] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.183562] ? kasan_atomics+0x152/0x310 [ 14.183587] kasan_atomics+0x1dc/0x310 [ 14.183610] ? __pfx_kasan_atomics+0x10/0x10 [ 14.183633] ? __pfx_read_tsc+0x10/0x10 [ 14.183655] ? ktime_get_ts64+0x86/0x230 [ 14.183682] kunit_try_run_case+0x1a5/0x480 [ 14.183707] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.183729] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.183751] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.183774] ? __kthread_parkme+0x82/0x180 [ 14.183794] ? preempt_count_sub+0x50/0x80 [ 14.183818] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.183843] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.183866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.183890] kthread+0x337/0x6f0 [ 14.183909] ? trace_preempt_on+0x20/0xc0 [ 14.183945] ? __pfx_kthread+0x10/0x10 [ 14.183966] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.183987] ? calculate_sigpending+0x7b/0xa0 [ 14.184011] ? __pfx_kthread+0x10/0x10 [ 14.184033] ret_from_fork+0x116/0x1d0 [ 14.184052] ? __pfx_kthread+0x10/0x10 [ 14.184072] ret_from_fork_asm+0x1a/0x30 [ 14.184103] </TASK> [ 14.184114] [ 14.192395] Allocated by task 290: [ 14.192608] kasan_save_stack+0x45/0x70 [ 14.193046] kasan_save_track+0x18/0x40 [ 14.193248] kasan_save_alloc_info+0x3b/0x50 [ 14.193690] __kasan_kmalloc+0xb7/0xc0 [ 14.193906] __kmalloc_cache_noprof+0x189/0x420 [ 14.194149] kasan_atomics+0x95/0x310 [ 14.194334] kunit_try_run_case+0x1a5/0x480 [ 14.194609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.194914] kthread+0x337/0x6f0 [ 14.195087] ret_from_fork+0x116/0x1d0 [ 14.195214] ret_from_fork_asm+0x1a/0x30 [ 14.195347] [ 14.195524] The buggy address belongs to the object at ffff8881028d8d80 [ 14.195524] which belongs to the cache kmalloc-64 of size 64 [ 14.196068] The buggy address is located 0 bytes to the right of [ 14.196068] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.196724] [ 14.196799] The buggy address belongs to the physical page: [ 14.196983] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.197332] flags: 0x200000000000000(node=0|zone=2) [ 14.197730] page_type: f5(slab) [ 14.197846] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.198719] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.198996] page dumped because: kasan: bad access detected [ 14.199166] [ 14.199231] Memory state around the buggy address: [ 14.199380] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.199689] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.200010] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.200783] ^ [ 14.201030] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.201365] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.201782] ================================================================== [ 14.779664] ================================================================== [ 14.780201] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.780598] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.780881] [ 14.780999] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.781050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.781063] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.781085] Call Trace: [ 14.781108] <TASK> [ 14.781130] dump_stack_lvl+0x73/0xb0 [ 14.781160] print_report+0xd1/0x650 [ 14.781184] ? __virt_addr_valid+0x1db/0x2d0 [ 14.781207] ? kasan_atomics_helper+0x151d/0x5450 [ 14.781230] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.781252] ? kasan_atomics_helper+0x151d/0x5450 [ 14.781274] kasan_report+0x141/0x180 [ 14.781296] ? kasan_atomics_helper+0x151d/0x5450 [ 14.781322] kasan_check_range+0x10c/0x1c0 [ 14.781346] __kasan_check_write+0x18/0x20 [ 14.781365] kasan_atomics_helper+0x151d/0x5450 [ 14.781388] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.781411] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.781437] ? kasan_atomics+0x152/0x310 [ 14.781463] kasan_atomics+0x1dc/0x310 [ 14.781486] ? __pfx_kasan_atomics+0x10/0x10 [ 14.781511] ? __pfx_read_tsc+0x10/0x10 [ 14.781534] ? ktime_get_ts64+0x86/0x230 [ 14.781561] kunit_try_run_case+0x1a5/0x480 [ 14.781586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.781608] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.781632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.781654] ? __kthread_parkme+0x82/0x180 [ 14.781675] ? preempt_count_sub+0x50/0x80 [ 14.781705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.781728] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.781751] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.781774] kthread+0x337/0x6f0 [ 14.781793] ? trace_preempt_on+0x20/0xc0 [ 14.781819] ? __pfx_kthread+0x10/0x10 [ 14.781840] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.781861] ? calculate_sigpending+0x7b/0xa0 [ 14.781885] ? __pfx_kthread+0x10/0x10 [ 14.781907] ret_from_fork+0x116/0x1d0 [ 14.781925] ? __pfx_kthread+0x10/0x10 [ 14.781956] ret_from_fork_asm+0x1a/0x30 [ 14.781989] </TASK> [ 14.782003] [ 14.788990] Allocated by task 290: [ 14.789113] kasan_save_stack+0x45/0x70 [ 14.789246] kasan_save_track+0x18/0x40 [ 14.789620] kasan_save_alloc_info+0x3b/0x50 [ 14.789834] __kasan_kmalloc+0xb7/0xc0 [ 14.789997] __kmalloc_cache_noprof+0x189/0x420 [ 14.790213] kasan_atomics+0x95/0x310 [ 14.790393] kunit_try_run_case+0x1a5/0x480 [ 14.790602] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.790860] kthread+0x337/0x6f0 [ 14.791003] ret_from_fork+0x116/0x1d0 [ 14.791126] ret_from_fork_asm+0x1a/0x30 [ 14.791291] [ 14.791381] The buggy address belongs to the object at ffff8881028d8d80 [ 14.791381] which belongs to the cache kmalloc-64 of size 64 [ 14.791875] The buggy address is located 0 bytes to the right of [ 14.791875] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.792346] [ 14.792477] The buggy address belongs to the physical page: [ 14.792678] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.792950] flags: 0x200000000000000(node=0|zone=2) [ 14.793102] page_type: f5(slab) [ 14.793212] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.793425] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.793713] page dumped because: kasan: bad access detected [ 14.793960] [ 14.794047] Memory state around the buggy address: [ 14.794261] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.794712] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.794975] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.795174] ^ [ 14.795316] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.795838] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.796160] ================================================================== [ 15.063995] ================================================================== [ 15.064275] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 15.064522] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.065368] [ 15.065492] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.065538] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.065551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.065573] Call Trace: [ 15.065591] <TASK> [ 15.065606] dump_stack_lvl+0x73/0xb0 [ 15.065837] print_report+0xd1/0x650 [ 15.065862] ? __virt_addr_valid+0x1db/0x2d0 [ 15.065886] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.065907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.065943] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.065965] kasan_report+0x141/0x180 [ 15.065987] ? kasan_atomics_helper+0x1ce1/0x5450 [ 15.066013] kasan_check_range+0x10c/0x1c0 [ 15.066037] __kasan_check_write+0x18/0x20 [ 15.066058] kasan_atomics_helper+0x1ce1/0x5450 [ 15.066080] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.066103] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.066127] ? kasan_atomics+0x152/0x310 [ 15.066153] kasan_atomics+0x1dc/0x310 [ 15.066176] ? __pfx_kasan_atomics+0x10/0x10 [ 15.066200] ? __pfx_read_tsc+0x10/0x10 [ 15.066221] ? ktime_get_ts64+0x86/0x230 [ 15.066247] kunit_try_run_case+0x1a5/0x480 [ 15.066270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.066292] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.066315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.066338] ? __kthread_parkme+0x82/0x180 [ 15.066358] ? preempt_count_sub+0x50/0x80 [ 15.066381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.066420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.066443] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.066467] kthread+0x337/0x6f0 [ 15.066486] ? trace_preempt_on+0x20/0xc0 [ 15.066510] ? __pfx_kthread+0x10/0x10 [ 15.066531] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.066551] ? calculate_sigpending+0x7b/0xa0 [ 15.066576] ? __pfx_kthread+0x10/0x10 [ 15.066597] ret_from_fork+0x116/0x1d0 [ 15.066615] ? __pfx_kthread+0x10/0x10 [ 15.066636] ret_from_fork_asm+0x1a/0x30 [ 15.066666] </TASK> [ 15.066678] [ 15.077008] Allocated by task 290: [ 15.077374] kasan_save_stack+0x45/0x70 [ 15.077698] kasan_save_track+0x18/0x40 [ 15.077879] kasan_save_alloc_info+0x3b/0x50 [ 15.078091] __kasan_kmalloc+0xb7/0xc0 [ 15.078268] __kmalloc_cache_noprof+0x189/0x420 [ 15.078688] kasan_atomics+0x95/0x310 [ 15.078973] kunit_try_run_case+0x1a5/0x480 [ 15.079189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.079580] kthread+0x337/0x6f0 [ 15.079827] ret_from_fork+0x116/0x1d0 [ 15.079980] ret_from_fork_asm+0x1a/0x30 [ 15.080176] [ 15.080267] The buggy address belongs to the object at ffff8881028d8d80 [ 15.080267] which belongs to the cache kmalloc-64 of size 64 [ 15.081090] The buggy address is located 0 bytes to the right of [ 15.081090] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.081798] [ 15.081896] The buggy address belongs to the physical page: [ 15.082140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.082659] flags: 0x200000000000000(node=0|zone=2) [ 15.082871] page_type: f5(slab) [ 15.083027] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.083341] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.083939] page dumped because: kasan: bad access detected [ 15.084246] [ 15.084346] Memory state around the buggy address: [ 15.084738] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.085045] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.085445] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.085800] ^ [ 15.086166] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.086502] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.086852] ================================================================== [ 14.020480] ================================================================== [ 14.020887] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 14.021168] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.021581] [ 14.021678] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.021733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.021745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.021768] Call Trace: [ 14.021789] <TASK> [ 14.021810] dump_stack_lvl+0x73/0xb0 [ 14.021839] print_report+0xd1/0x650 [ 14.021863] ? __virt_addr_valid+0x1db/0x2d0 [ 14.021887] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.021907] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.021942] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.021967] kasan_report+0x141/0x180 [ 14.021990] ? kasan_atomics_helper+0x4a0/0x5450 [ 14.022017] kasan_check_range+0x10c/0x1c0 [ 14.022041] __kasan_check_write+0x18/0x20 [ 14.022061] kasan_atomics_helper+0x4a0/0x5450 [ 14.022083] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.022104] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.022130] ? kasan_atomics+0x152/0x310 [ 14.022156] kasan_atomics+0x1dc/0x310 [ 14.022178] ? __pfx_kasan_atomics+0x10/0x10 [ 14.022203] ? __pfx_read_tsc+0x10/0x10 [ 14.022227] ? ktime_get_ts64+0x86/0x230 [ 14.022253] kunit_try_run_case+0x1a5/0x480 [ 14.022280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.022303] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.022326] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.022349] ? __kthread_parkme+0x82/0x180 [ 14.022370] ? preempt_count_sub+0x50/0x80 [ 14.022394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.022418] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.022441] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.022464] kthread+0x337/0x6f0 [ 14.022484] ? trace_preempt_on+0x20/0xc0 [ 14.022509] ? __pfx_kthread+0x10/0x10 [ 14.022530] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.022551] ? calculate_sigpending+0x7b/0xa0 [ 14.022576] ? __pfx_kthread+0x10/0x10 [ 14.022598] ret_from_fork+0x116/0x1d0 [ 14.022617] ? __pfx_kthread+0x10/0x10 [ 14.022638] ret_from_fork_asm+0x1a/0x30 [ 14.022669] </TASK> [ 14.022681] [ 14.030278] Allocated by task 290: [ 14.030540] kasan_save_stack+0x45/0x70 [ 14.030750] kasan_save_track+0x18/0x40 [ 14.030940] kasan_save_alloc_info+0x3b/0x50 [ 14.031124] __kasan_kmalloc+0xb7/0xc0 [ 14.031251] __kmalloc_cache_noprof+0x189/0x420 [ 14.031639] kasan_atomics+0x95/0x310 [ 14.031838] kunit_try_run_case+0x1a5/0x480 [ 14.032052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.032293] kthread+0x337/0x6f0 [ 14.032410] ret_from_fork+0x116/0x1d0 [ 14.032616] ret_from_fork_asm+0x1a/0x30 [ 14.032779] [ 14.032873] The buggy address belongs to the object at ffff8881028d8d80 [ 14.032873] which belongs to the cache kmalloc-64 of size 64 [ 14.033398] The buggy address is located 0 bytes to the right of [ 14.033398] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.034034] [ 14.034117] The buggy address belongs to the physical page: [ 14.034329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.034725] flags: 0x200000000000000(node=0|zone=2) [ 14.034927] page_type: f5(slab) [ 14.035095] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.035320] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.035813] page dumped because: kasan: bad access detected [ 14.036099] [ 14.036192] Memory state around the buggy address: [ 14.036423] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.036818] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.037044] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.037285] ^ [ 14.037569] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.037901] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.038219] ================================================================== [ 15.040451] ================================================================== [ 15.040706] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 15.041006] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.041828] [ 15.042023] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.042074] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.042087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.042108] Call Trace: [ 15.042126] <TASK> [ 15.042143] dump_stack_lvl+0x73/0xb0 [ 15.042172] print_report+0xd1/0x650 [ 15.042343] ? __virt_addr_valid+0x1db/0x2d0 [ 15.042368] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.042401] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.042424] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.042447] kasan_report+0x141/0x180 [ 15.042469] ? kasan_atomics_helper+0x4f30/0x5450 [ 15.042495] __asan_report_load8_noabort+0x18/0x20 [ 15.042519] kasan_atomics_helper+0x4f30/0x5450 [ 15.042541] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.042564] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.042589] ? kasan_atomics+0x152/0x310 [ 15.042615] kasan_atomics+0x1dc/0x310 [ 15.042638] ? __pfx_kasan_atomics+0x10/0x10 [ 15.042661] ? __pfx_read_tsc+0x10/0x10 [ 15.042683] ? ktime_get_ts64+0x86/0x230 [ 15.042710] kunit_try_run_case+0x1a5/0x480 [ 15.042734] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.042756] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.042779] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.042801] ? __kthread_parkme+0x82/0x180 [ 15.042822] ? preempt_count_sub+0x50/0x80 [ 15.042846] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.042870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.042893] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.042916] kthread+0x337/0x6f0 [ 15.042948] ? trace_preempt_on+0x20/0xc0 [ 15.042973] ? __pfx_kthread+0x10/0x10 [ 15.042994] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.043015] ? calculate_sigpending+0x7b/0xa0 [ 15.043038] ? __pfx_kthread+0x10/0x10 [ 15.043060] ret_from_fork+0x116/0x1d0 [ 15.043079] ? __pfx_kthread+0x10/0x10 [ 15.043099] ret_from_fork_asm+0x1a/0x30 [ 15.043130] </TASK> [ 15.043142] [ 15.053119] Allocated by task 290: [ 15.053277] kasan_save_stack+0x45/0x70 [ 15.053719] kasan_save_track+0x18/0x40 [ 15.053909] kasan_save_alloc_info+0x3b/0x50 [ 15.054263] __kasan_kmalloc+0xb7/0xc0 [ 15.054578] __kmalloc_cache_noprof+0x189/0x420 [ 15.054841] kasan_atomics+0x95/0x310 [ 15.055021] kunit_try_run_case+0x1a5/0x480 [ 15.055210] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.055658] kthread+0x337/0x6f0 [ 15.055910] ret_from_fork+0x116/0x1d0 [ 15.056079] ret_from_fork_asm+0x1a/0x30 [ 15.056405] [ 15.056507] The buggy address belongs to the object at ffff8881028d8d80 [ 15.056507] which belongs to the cache kmalloc-64 of size 64 [ 15.057223] The buggy address is located 0 bytes to the right of [ 15.057223] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.057942] [ 15.058031] The buggy address belongs to the physical page: [ 15.058361] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.058688] flags: 0x200000000000000(node=0|zone=2) [ 15.058911] page_type: f5(slab) [ 15.059076] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.059711] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.060014] page dumped because: kasan: bad access detected [ 15.060346] [ 15.060433] Memory state around the buggy address: [ 15.060841] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.061277] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.061697] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.062083] ^ [ 15.062316] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.062801] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.063225] ================================================================== [ 14.752551] ================================================================== [ 14.753216] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.753888] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.754570] [ 14.754756] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.754802] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.754821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.754841] Call Trace: [ 14.754859] <TASK> [ 14.754876] dump_stack_lvl+0x73/0xb0 [ 14.754904] print_report+0xd1/0x650 [ 14.754926] ? __virt_addr_valid+0x1db/0x2d0 [ 14.754957] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.754980] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.755002] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.755024] kasan_report+0x141/0x180 [ 14.755047] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.755074] __asan_report_store8_noabort+0x1b/0x30 [ 14.755099] kasan_atomics_helper+0x50d4/0x5450 [ 14.755122] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.755143] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.755168] ? kasan_atomics+0x152/0x310 [ 14.755195] kasan_atomics+0x1dc/0x310 [ 14.755217] ? __pfx_kasan_atomics+0x10/0x10 [ 14.755241] ? __pfx_read_tsc+0x10/0x10 [ 14.755262] ? ktime_get_ts64+0x86/0x230 [ 14.755289] kunit_try_run_case+0x1a5/0x480 [ 14.755313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.755335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.755358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.755381] ? __kthread_parkme+0x82/0x180 [ 14.755421] ? preempt_count_sub+0x50/0x80 [ 14.755445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.755468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.755492] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.755515] kthread+0x337/0x6f0 [ 14.755535] ? trace_preempt_on+0x20/0xc0 [ 14.755559] ? __pfx_kthread+0x10/0x10 [ 14.755580] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.755601] ? calculate_sigpending+0x7b/0xa0 [ 14.755625] ? __pfx_kthread+0x10/0x10 [ 14.755646] ret_from_fork+0x116/0x1d0 [ 14.755665] ? __pfx_kthread+0x10/0x10 [ 14.755685] ret_from_fork_asm+0x1a/0x30 [ 14.755716] </TASK> [ 14.755728] [ 14.768149] Allocated by task 290: [ 14.768492] kasan_save_stack+0x45/0x70 [ 14.768849] kasan_save_track+0x18/0x40 [ 14.769206] kasan_save_alloc_info+0x3b/0x50 [ 14.769619] __kasan_kmalloc+0xb7/0xc0 [ 14.769976] __kmalloc_cache_noprof+0x189/0x420 [ 14.770384] kasan_atomics+0x95/0x310 [ 14.770575] kunit_try_run_case+0x1a5/0x480 [ 14.770710] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.770871] kthread+0x337/0x6f0 [ 14.770993] ret_from_fork+0x116/0x1d0 [ 14.771119] ret_from_fork_asm+0x1a/0x30 [ 14.771250] [ 14.771314] The buggy address belongs to the object at ffff8881028d8d80 [ 14.771314] which belongs to the cache kmalloc-64 of size 64 [ 14.772250] The buggy address is located 0 bytes to the right of [ 14.772250] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.773492] [ 14.773650] The buggy address belongs to the physical page: [ 14.774134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.774993] flags: 0x200000000000000(node=0|zone=2) [ 14.775414] page_type: f5(slab) [ 14.775734] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.776376] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.776944] page dumped because: kasan: bad access detected [ 14.777106] [ 14.777169] Memory state around the buggy address: [ 14.777314] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.777592] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.777943] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.778198] ^ [ 14.778360] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.778689] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.778968] ================================================================== [ 14.038653] ================================================================== [ 14.039017] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 14.039363] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.039679] [ 14.039785] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.039834] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.039845] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.039867] Call Trace: [ 14.040105] <TASK> [ 14.040135] dump_stack_lvl+0x73/0xb0 [ 14.040169] print_report+0xd1/0x650 [ 14.040192] ? __virt_addr_valid+0x1db/0x2d0 [ 14.040216] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.040236] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.040259] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.040280] kasan_report+0x141/0x180 [ 14.040302] ? kasan_atomics_helper+0x4b3a/0x5450 [ 14.040328] __asan_report_store4_noabort+0x1b/0x30 [ 14.040353] kasan_atomics_helper+0x4b3a/0x5450 [ 14.040447] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.040473] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.040500] ? kasan_atomics+0x152/0x310 [ 14.040526] kasan_atomics+0x1dc/0x310 [ 14.040549] ? __pfx_kasan_atomics+0x10/0x10 [ 14.040574] ? __pfx_read_tsc+0x10/0x10 [ 14.040595] ? ktime_get_ts64+0x86/0x230 [ 14.040622] kunit_try_run_case+0x1a5/0x480 [ 14.040646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.040669] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.040692] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.040715] ? __kthread_parkme+0x82/0x180 [ 14.040737] ? preempt_count_sub+0x50/0x80 [ 14.040760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.040784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.040808] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.040831] kthread+0x337/0x6f0 [ 14.040850] ? trace_preempt_on+0x20/0xc0 [ 14.040875] ? __pfx_kthread+0x10/0x10 [ 14.040897] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.040918] ? calculate_sigpending+0x7b/0xa0 [ 14.040955] ? __pfx_kthread+0x10/0x10 [ 14.040978] ret_from_fork+0x116/0x1d0 [ 14.040997] ? __pfx_kthread+0x10/0x10 [ 14.041018] ret_from_fork_asm+0x1a/0x30 [ 14.041050] </TASK> [ 14.041062] [ 14.048882] Allocated by task 290: [ 14.049041] kasan_save_stack+0x45/0x70 [ 14.049252] kasan_save_track+0x18/0x40 [ 14.049460] kasan_save_alloc_info+0x3b/0x50 [ 14.049726] __kasan_kmalloc+0xb7/0xc0 [ 14.049953] __kmalloc_cache_noprof+0x189/0x420 [ 14.050134] kasan_atomics+0x95/0x310 [ 14.050312] kunit_try_run_case+0x1a5/0x480 [ 14.050528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.050725] kthread+0x337/0x6f0 [ 14.050916] ret_from_fork+0x116/0x1d0 [ 14.051108] ret_from_fork_asm+0x1a/0x30 [ 14.051303] [ 14.051396] The buggy address belongs to the object at ffff8881028d8d80 [ 14.051396] which belongs to the cache kmalloc-64 of size 64 [ 14.052032] The buggy address is located 0 bytes to the right of [ 14.052032] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.052684] [ 14.052796] The buggy address belongs to the physical page: [ 14.053082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.053555] flags: 0x200000000000000(node=0|zone=2) [ 14.053830] page_type: f5(slab) [ 14.054006] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.054379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.054705] page dumped because: kasan: bad access detected [ 14.054962] [ 14.055071] Memory state around the buggy address: [ 14.055281] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.055564] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.055826] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.056170] ^ [ 14.056397] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.057055] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.057305] ================================================================== [ 14.276801] ================================================================== [ 14.277152] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 14.277479] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.277763] [ 14.277843] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.278219] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.278240] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.278262] Call Trace: [ 14.278281] <TASK> [ 14.278298] dump_stack_lvl+0x73/0xb0 [ 14.278329] print_report+0xd1/0x650 [ 14.278352] ? __virt_addr_valid+0x1db/0x2d0 [ 14.278375] ? kasan_atomics_helper+0xac7/0x5450 [ 14.278396] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.278419] ? kasan_atomics_helper+0xac7/0x5450 [ 14.278441] kasan_report+0x141/0x180 [ 14.278485] ? kasan_atomics_helper+0xac7/0x5450 [ 14.278526] kasan_check_range+0x10c/0x1c0 [ 14.278563] __kasan_check_write+0x18/0x20 [ 14.278596] kasan_atomics_helper+0xac7/0x5450 [ 14.278619] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.278641] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.278680] ? kasan_atomics+0x152/0x310 [ 14.278721] kasan_atomics+0x1dc/0x310 [ 14.278805] ? __pfx_kasan_atomics+0x10/0x10 [ 14.278831] ? __pfx_read_tsc+0x10/0x10 [ 14.278853] ? ktime_get_ts64+0x86/0x230 [ 14.278880] kunit_try_run_case+0x1a5/0x480 [ 14.278904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.278926] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.278965] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.278990] ? __kthread_parkme+0x82/0x180 [ 14.279011] ? preempt_count_sub+0x50/0x80 [ 14.279035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.279060] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.279084] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.279108] kthread+0x337/0x6f0 [ 14.279128] ? trace_preempt_on+0x20/0xc0 [ 14.279152] ? __pfx_kthread+0x10/0x10 [ 14.279173] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.279194] ? calculate_sigpending+0x7b/0xa0 [ 14.279218] ? __pfx_kthread+0x10/0x10 [ 14.279240] ret_from_fork+0x116/0x1d0 [ 14.279259] ? __pfx_kthread+0x10/0x10 [ 14.279280] ret_from_fork_asm+0x1a/0x30 [ 14.279312] </TASK> [ 14.279324] [ 14.287942] Allocated by task 290: [ 14.288069] kasan_save_stack+0x45/0x70 [ 14.288224] kasan_save_track+0x18/0x40 [ 14.288461] kasan_save_alloc_info+0x3b/0x50 [ 14.288717] __kasan_kmalloc+0xb7/0xc0 [ 14.288924] __kmalloc_cache_noprof+0x189/0x420 [ 14.289190] kasan_atomics+0x95/0x310 [ 14.289389] kunit_try_run_case+0x1a5/0x480 [ 14.289599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.289853] kthread+0x337/0x6f0 [ 14.289978] ret_from_fork+0x116/0x1d0 [ 14.290106] ret_from_fork_asm+0x1a/0x30 [ 14.290264] [ 14.290352] The buggy address belongs to the object at ffff8881028d8d80 [ 14.290352] which belongs to the cache kmalloc-64 of size 64 [ 14.291025] The buggy address is located 0 bytes to the right of [ 14.291025] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.291787] [ 14.291865] The buggy address belongs to the physical page: [ 14.292044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.292342] flags: 0x200000000000000(node=0|zone=2) [ 14.292594] page_type: f5(slab) [ 14.292777] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.293206] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.293640] page dumped because: kasan: bad access detected [ 14.293813] [ 14.293879] Memory state around the buggy address: [ 14.294129] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.294494] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.294998] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.295297] ^ [ 14.295624] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.296002] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.296435] ================================================================== [ 14.939586] ================================================================== [ 14.940179] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 14.940545] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.940867] [ 14.940980] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.941025] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.941037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.941057] Call Trace: [ 14.941072] <TASK> [ 14.941088] dump_stack_lvl+0x73/0xb0 [ 14.941133] print_report+0xd1/0x650 [ 14.941156] ? __virt_addr_valid+0x1db/0x2d0 [ 14.941178] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.941199] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.941222] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.941254] kasan_report+0x141/0x180 [ 14.941276] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.941302] kasan_check_range+0x10c/0x1c0 [ 14.941326] __kasan_check_write+0x18/0x20 [ 14.941345] kasan_atomics_helper+0x19e3/0x5450 [ 14.941367] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.941389] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.941414] ? kasan_atomics+0x152/0x310 [ 14.941441] kasan_atomics+0x1dc/0x310 [ 14.941463] ? __pfx_kasan_atomics+0x10/0x10 [ 14.941487] ? __pfx_read_tsc+0x10/0x10 [ 14.941509] ? ktime_get_ts64+0x86/0x230 [ 14.941535] kunit_try_run_case+0x1a5/0x480 [ 14.941558] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.941581] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.941603] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.941626] ? __kthread_parkme+0x82/0x180 [ 14.941646] ? preempt_count_sub+0x50/0x80 [ 14.941669] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.941697] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.941720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.941744] kthread+0x337/0x6f0 [ 14.941763] ? trace_preempt_on+0x20/0xc0 [ 14.941788] ? __pfx_kthread+0x10/0x10 [ 14.941809] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.941830] ? calculate_sigpending+0x7b/0xa0 [ 14.941854] ? __pfx_kthread+0x10/0x10 [ 14.941876] ret_from_fork+0x116/0x1d0 [ 14.941894] ? __pfx_kthread+0x10/0x10 [ 14.941915] ret_from_fork_asm+0x1a/0x30 [ 14.941968] </TASK> [ 14.941979] [ 14.949796] Allocated by task 290: [ 14.950651] kasan_save_stack+0x45/0x70 [ 14.951543] kasan_save_track+0x18/0x40 [ 14.951693] kasan_save_alloc_info+0x3b/0x50 [ 14.951839] __kasan_kmalloc+0xb7/0xc0 [ 14.952206] __kmalloc_cache_noprof+0x189/0x420 [ 14.952766] kasan_atomics+0x95/0x310 [ 14.953244] kunit_try_run_case+0x1a5/0x480 [ 14.953727] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.953922] kthread+0x337/0x6f0 [ 14.954425] ret_from_fork+0x116/0x1d0 [ 14.954907] ret_from_fork_asm+0x1a/0x30 [ 14.955365] [ 14.955679] The buggy address belongs to the object at ffff8881028d8d80 [ 14.955679] which belongs to the cache kmalloc-64 of size 64 [ 14.956047] The buggy address is located 0 bytes to the right of [ 14.956047] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.956719] [ 14.957137] The buggy address belongs to the physical page: [ 14.957818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.958708] flags: 0x200000000000000(node=0|zone=2) [ 14.959327] page_type: f5(slab) [ 14.959784] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.960306] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.961105] page dumped because: kasan: bad access detected [ 14.961581] [ 14.961657] Memory state around the buggy address: [ 14.961814] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.962039] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.962250] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.962653] ^ [ 14.963076] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.963691] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.964273] ================================================================== [ 13.939902] ================================================================== [ 13.940528] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 13.940893] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 13.941221] [ 13.941321] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.941364] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.941376] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.941397] Call Trace: [ 13.941412] <TASK> [ 13.941427] dump_stack_lvl+0x73/0xb0 [ 13.941454] print_report+0xd1/0x650 [ 13.941476] ? __virt_addr_valid+0x1db/0x2d0 [ 13.941498] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.941520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.941543] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.941565] kasan_report+0x141/0x180 [ 13.941587] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.941613] __asan_report_store4_noabort+0x1b/0x30 [ 13.941638] kasan_atomics_helper+0x4b6e/0x5450 [ 13.941661] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.941688] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.941713] ? kasan_atomics+0x152/0x310 [ 13.941739] kasan_atomics+0x1dc/0x310 [ 13.941762] ? __pfx_kasan_atomics+0x10/0x10 [ 13.941786] ? __pfx_read_tsc+0x10/0x10 [ 13.941807] ? ktime_get_ts64+0x86/0x230 [ 13.941833] kunit_try_run_case+0x1a5/0x480 [ 13.941857] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.941879] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.941902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.941925] ? __kthread_parkme+0x82/0x180 [ 13.941957] ? preempt_count_sub+0x50/0x80 [ 13.941980] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.942004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.942029] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.942052] kthread+0x337/0x6f0 [ 13.942072] ? trace_preempt_on+0x20/0xc0 [ 13.942096] ? __pfx_kthread+0x10/0x10 [ 13.942117] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.942138] ? calculate_sigpending+0x7b/0xa0 [ 13.942162] ? __pfx_kthread+0x10/0x10 [ 13.942185] ret_from_fork+0x116/0x1d0 [ 13.942204] ? __pfx_kthread+0x10/0x10 [ 13.942226] ret_from_fork_asm+0x1a/0x30 [ 13.942259] </TASK> [ 13.942270] [ 13.950772] Allocated by task 290: [ 13.950900] kasan_save_stack+0x45/0x70 [ 13.951049] kasan_save_track+0x18/0x40 [ 13.953201] kasan_save_alloc_info+0x3b/0x50 [ 13.954515] __kasan_kmalloc+0xb7/0xc0 [ 13.955672] __kmalloc_cache_noprof+0x189/0x420 [ 13.956515] kasan_atomics+0x95/0x310 [ 13.956744] kunit_try_run_case+0x1a5/0x480 [ 13.956884] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.957851] kthread+0x337/0x6f0 [ 13.959113] ret_from_fork+0x116/0x1d0 [ 13.959289] ret_from_fork_asm+0x1a/0x30 [ 13.959877] [ 13.960099] The buggy address belongs to the object at ffff8881028d8d80 [ 13.960099] which belongs to the cache kmalloc-64 of size 64 [ 13.961752] The buggy address is located 0 bytes to the right of [ 13.961752] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 13.962222] [ 13.962320] The buggy address belongs to the physical page: [ 13.962647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 13.963041] flags: 0x200000000000000(node=0|zone=2) [ 13.963548] page_type: f5(slab) [ 13.963760] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.964120] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.964691] page dumped because: kasan: bad access detected [ 13.964961] [ 13.965057] Memory state around the buggy address: [ 13.965354] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.965763] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.966134] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.967013] ^ [ 13.967623] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.968302] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.969169] ================================================================== [ 14.813726] ================================================================== [ 14.814093] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.814475] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.814783] [ 14.814879] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.814939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.814952] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.814975] Call Trace: [ 14.814996] <TASK> [ 14.815016] dump_stack_lvl+0x73/0xb0 [ 14.815045] print_report+0xd1/0x650 [ 14.815069] ? __virt_addr_valid+0x1db/0x2d0 [ 14.815093] ? kasan_atomics_helper+0x164f/0x5450 [ 14.815114] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.815136] ? kasan_atomics_helper+0x164f/0x5450 [ 14.815158] kasan_report+0x141/0x180 [ 14.815180] ? kasan_atomics_helper+0x164f/0x5450 [ 14.815207] kasan_check_range+0x10c/0x1c0 [ 14.815231] __kasan_check_write+0x18/0x20 [ 14.815252] kasan_atomics_helper+0x164f/0x5450 [ 14.815274] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.815296] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.815322] ? kasan_atomics+0x152/0x310 [ 14.815348] kasan_atomics+0x1dc/0x310 [ 14.815371] ? __pfx_kasan_atomics+0x10/0x10 [ 14.815395] ? __pfx_read_tsc+0x10/0x10 [ 14.815417] ? ktime_get_ts64+0x86/0x230 [ 14.815445] kunit_try_run_case+0x1a5/0x480 [ 14.815470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.815492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.815516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.815539] ? __kthread_parkme+0x82/0x180 [ 14.815561] ? preempt_count_sub+0x50/0x80 [ 14.815586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.815610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.815633] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.815657] kthread+0x337/0x6f0 [ 14.815677] ? trace_preempt_on+0x20/0xc0 [ 14.815702] ? __pfx_kthread+0x10/0x10 [ 14.815724] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.815746] ? calculate_sigpending+0x7b/0xa0 [ 14.815770] ? __pfx_kthread+0x10/0x10 [ 14.815792] ret_from_fork+0x116/0x1d0 [ 14.815811] ? __pfx_kthread+0x10/0x10 [ 14.815833] ret_from_fork_asm+0x1a/0x30 [ 14.815863] </TASK> [ 14.815875] [ 14.824007] Allocated by task 290: [ 14.824385] kasan_save_stack+0x45/0x70 [ 14.824690] kasan_save_track+0x18/0x40 [ 14.825031] kasan_save_alloc_info+0x3b/0x50 [ 14.825224] __kasan_kmalloc+0xb7/0xc0 [ 14.825538] __kmalloc_cache_noprof+0x189/0x420 [ 14.826309] kasan_atomics+0x95/0x310 [ 14.826504] kunit_try_run_case+0x1a5/0x480 [ 14.826721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.826961] kthread+0x337/0x6f0 [ 14.827099] ret_from_fork+0x116/0x1d0 [ 14.827281] ret_from_fork_asm+0x1a/0x30 [ 14.827948] [ 14.828041] The buggy address belongs to the object at ffff8881028d8d80 [ 14.828041] which belongs to the cache kmalloc-64 of size 64 [ 14.828756] The buggy address is located 0 bytes to the right of [ 14.828756] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.829359] [ 14.829544] The buggy address belongs to the physical page: [ 14.829889] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.830249] flags: 0x200000000000000(node=0|zone=2) [ 14.830614] page_type: f5(slab) [ 14.830746] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.831153] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.831622] page dumped because: kasan: bad access detected [ 14.831835] [ 14.832004] Memory state around the buggy address: [ 14.832340] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.832715] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.833067] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.833420] ^ [ 14.833581] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.833900] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.834193] ================================================================== [ 14.088282] ================================================================== [ 14.088921] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 14.089627] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.090252] [ 14.090424] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.090473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.090486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.090508] Call Trace: [ 14.090528] <TASK> [ 14.090548] dump_stack_lvl+0x73/0xb0 [ 14.090590] print_report+0xd1/0x650 [ 14.090613] ? __virt_addr_valid+0x1db/0x2d0 [ 14.090636] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.090657] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.090680] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.090701] kasan_report+0x141/0x180 [ 14.090724] ? kasan_atomics_helper+0x5fe/0x5450 [ 14.090749] kasan_check_range+0x10c/0x1c0 [ 14.090773] __kasan_check_write+0x18/0x20 [ 14.090792] kasan_atomics_helper+0x5fe/0x5450 [ 14.090814] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.090837] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.090863] ? kasan_atomics+0x152/0x310 [ 14.090888] kasan_atomics+0x1dc/0x310 [ 14.090911] ? __pfx_kasan_atomics+0x10/0x10 [ 14.090943] ? __pfx_read_tsc+0x10/0x10 [ 14.090966] ? ktime_get_ts64+0x86/0x230 [ 14.090992] kunit_try_run_case+0x1a5/0x480 [ 14.091017] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.091039] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.091062] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.091085] ? __kthread_parkme+0x82/0x180 [ 14.091105] ? preempt_count_sub+0x50/0x80 [ 14.091129] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.091153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.091175] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.091198] kthread+0x337/0x6f0 [ 14.091218] ? trace_preempt_on+0x20/0xc0 [ 14.091243] ? __pfx_kthread+0x10/0x10 [ 14.091264] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.091285] ? calculate_sigpending+0x7b/0xa0 [ 14.091309] ? __pfx_kthread+0x10/0x10 [ 14.091331] ret_from_fork+0x116/0x1d0 [ 14.091350] ? __pfx_kthread+0x10/0x10 [ 14.091370] ret_from_fork_asm+0x1a/0x30 [ 14.091456] </TASK> [ 14.091471] [ 14.104681] Allocated by task 290: [ 14.105021] kasan_save_stack+0x45/0x70 [ 14.105377] kasan_save_track+0x18/0x40 [ 14.105792] kasan_save_alloc_info+0x3b/0x50 [ 14.106176] __kasan_kmalloc+0xb7/0xc0 [ 14.106525] __kmalloc_cache_noprof+0x189/0x420 [ 14.106993] kasan_atomics+0x95/0x310 [ 14.107329] kunit_try_run_case+0x1a5/0x480 [ 14.107758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.108046] kthread+0x337/0x6f0 [ 14.108164] ret_from_fork+0x116/0x1d0 [ 14.108291] ret_from_fork_asm+0x1a/0x30 [ 14.108671] [ 14.108897] The buggy address belongs to the object at ffff8881028d8d80 [ 14.108897] which belongs to the cache kmalloc-64 of size 64 [ 14.110057] The buggy address is located 0 bytes to the right of [ 14.110057] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.111323] [ 14.111588] The buggy address belongs to the physical page: [ 14.111764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.112010] flags: 0x200000000000000(node=0|zone=2) [ 14.112169] page_type: f5(slab) [ 14.112283] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.112515] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.113186] page dumped because: kasan: bad access detected [ 14.113434] [ 14.113508] Memory state around the buggy address: [ 14.113654] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.114058] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.114362] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.114902] ^ [ 14.115070] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.115388] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.115757] ================================================================== [ 14.565333] ================================================================== [ 14.565861] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.566237] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.566589] [ 14.566793] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.566874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.566887] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.566907] Call Trace: [ 14.566922] <TASK> [ 14.566947] dump_stack_lvl+0x73/0xb0 [ 14.566976] print_report+0xd1/0x650 [ 14.567000] ? __virt_addr_valid+0x1db/0x2d0 [ 14.567023] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.567044] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.567067] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.567089] kasan_report+0x141/0x180 [ 14.567111] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.567180] __asan_report_load4_noabort+0x18/0x20 [ 14.567206] kasan_atomics_helper+0x4a02/0x5450 [ 14.567248] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.567312] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.567410] ? kasan_atomics+0x152/0x310 [ 14.567440] kasan_atomics+0x1dc/0x310 [ 14.567508] ? __pfx_kasan_atomics+0x10/0x10 [ 14.567535] ? __pfx_read_tsc+0x10/0x10 [ 14.567557] ? ktime_get_ts64+0x86/0x230 [ 14.567595] kunit_try_run_case+0x1a5/0x480 [ 14.567619] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.567641] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.567664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.567687] ? __kthread_parkme+0x82/0x180 [ 14.567707] ? preempt_count_sub+0x50/0x80 [ 14.567730] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.567755] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.567778] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.567801] kthread+0x337/0x6f0 [ 14.567821] ? trace_preempt_on+0x20/0xc0 [ 14.567845] ? __pfx_kthread+0x10/0x10 [ 14.567866] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.567887] ? calculate_sigpending+0x7b/0xa0 [ 14.567911] ? __pfx_kthread+0x10/0x10 [ 14.567940] ret_from_fork+0x116/0x1d0 [ 14.567959] ? __pfx_kthread+0x10/0x10 [ 14.567979] ret_from_fork_asm+0x1a/0x30 [ 14.568011] </TASK> [ 14.568022] [ 14.576339] Allocated by task 290: [ 14.576572] kasan_save_stack+0x45/0x70 [ 14.576851] kasan_save_track+0x18/0x40 [ 14.577050] kasan_save_alloc_info+0x3b/0x50 [ 14.577254] __kasan_kmalloc+0xb7/0xc0 [ 14.577384] __kmalloc_cache_noprof+0x189/0x420 [ 14.577671] kasan_atomics+0x95/0x310 [ 14.577803] kunit_try_run_case+0x1a5/0x480 [ 14.577996] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.578321] kthread+0x337/0x6f0 [ 14.578610] ret_from_fork+0x116/0x1d0 [ 14.578965] ret_from_fork_asm+0x1a/0x30 [ 14.579142] [ 14.579264] The buggy address belongs to the object at ffff8881028d8d80 [ 14.579264] which belongs to the cache kmalloc-64 of size 64 [ 14.579939] The buggy address is located 0 bytes to the right of [ 14.579939] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.580563] [ 14.580650] The buggy address belongs to the physical page: [ 14.580972] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.581368] flags: 0x200000000000000(node=0|zone=2) [ 14.581604] page_type: f5(slab) [ 14.581728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.581970] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.582312] page dumped because: kasan: bad access detected [ 14.582807] [ 14.582878] Memory state around the buggy address: [ 14.583110] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.583573] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.583921] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.584275] ^ [ 14.584525] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.584881] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.585198] ================================================================== [ 14.693356] ================================================================== [ 14.694105] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.694850] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.695498] [ 14.695673] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.695726] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.695740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.695761] Call Trace: [ 14.695779] <TASK> [ 14.695798] dump_stack_lvl+0x73/0xb0 [ 14.695828] print_report+0xd1/0x650 [ 14.695850] ? __virt_addr_valid+0x1db/0x2d0 [ 14.695872] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.695893] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.695916] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.695946] kasan_report+0x141/0x180 [ 14.695967] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.695994] __asan_report_load8_noabort+0x18/0x20 [ 14.696017] kasan_atomics_helper+0x4eae/0x5450 [ 14.696040] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.696063] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.696088] ? kasan_atomics+0x152/0x310 [ 14.696114] kasan_atomics+0x1dc/0x310 [ 14.696138] ? __pfx_kasan_atomics+0x10/0x10 [ 14.696162] ? __pfx_read_tsc+0x10/0x10 [ 14.696184] ? ktime_get_ts64+0x86/0x230 [ 14.696210] kunit_try_run_case+0x1a5/0x480 [ 14.696234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.696260] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.696283] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.696306] ? __kthread_parkme+0x82/0x180 [ 14.696327] ? preempt_count_sub+0x50/0x80 [ 14.696351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.696395] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.696419] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.696443] kthread+0x337/0x6f0 [ 14.696463] ? trace_preempt_on+0x20/0xc0 [ 14.696488] ? __pfx_kthread+0x10/0x10 [ 14.696510] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.696531] ? calculate_sigpending+0x7b/0xa0 [ 14.696556] ? __pfx_kthread+0x10/0x10 [ 14.696578] ret_from_fork+0x116/0x1d0 [ 14.696596] ? __pfx_kthread+0x10/0x10 [ 14.696617] ret_from_fork_asm+0x1a/0x30 [ 14.696649] </TASK> [ 14.696660] [ 14.709008] Allocated by task 290: [ 14.709315] kasan_save_stack+0x45/0x70 [ 14.709711] kasan_save_track+0x18/0x40 [ 14.710064] kasan_save_alloc_info+0x3b/0x50 [ 14.710215] __kasan_kmalloc+0xb7/0xc0 [ 14.710343] __kmalloc_cache_noprof+0x189/0x420 [ 14.710762] kasan_atomics+0x95/0x310 [ 14.711097] kunit_try_run_case+0x1a5/0x480 [ 14.711489] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.711972] kthread+0x337/0x6f0 [ 14.712135] ret_from_fork+0x116/0x1d0 [ 14.712262] ret_from_fork_asm+0x1a/0x30 [ 14.712458] [ 14.712610] The buggy address belongs to the object at ffff8881028d8d80 [ 14.712610] which belongs to the cache kmalloc-64 of size 64 [ 14.713652] The buggy address is located 0 bytes to the right of [ 14.713652] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.714498] [ 14.714652] The buggy address belongs to the physical page: [ 14.715050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.715280] flags: 0x200000000000000(node=0|zone=2) [ 14.715591] page_type: f5(slab) [ 14.715875] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.716522] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.717159] page dumped because: kasan: bad access detected [ 14.717646] [ 14.717734] Memory state around the buggy address: [ 14.717885] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.718104] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.718313] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.718848] ^ [ 14.719277] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.719890] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.720498] ================================================================== [ 14.835592] ================================================================== [ 14.835904] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.836242] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.837020] [ 14.837142] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.837193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.837206] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.837228] Call Trace: [ 14.837247] <TASK> [ 14.837265] dump_stack_lvl+0x73/0xb0 [ 14.837299] print_report+0xd1/0x650 [ 14.837322] ? __virt_addr_valid+0x1db/0x2d0 [ 14.837346] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.837368] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.837391] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.837413] kasan_report+0x141/0x180 [ 14.837435] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.837462] kasan_check_range+0x10c/0x1c0 [ 14.837494] __kasan_check_write+0x18/0x20 [ 14.837514] kasan_atomics_helper+0x16e7/0x5450 [ 14.837537] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.837559] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.837584] ? kasan_atomics+0x152/0x310 [ 14.837611] kasan_atomics+0x1dc/0x310 [ 14.837634] ? __pfx_kasan_atomics+0x10/0x10 [ 14.837658] ? __pfx_read_tsc+0x10/0x10 [ 14.837685] ? ktime_get_ts64+0x86/0x230 [ 14.837711] kunit_try_run_case+0x1a5/0x480 [ 14.837735] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.837758] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.837781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.837804] ? __kthread_parkme+0x82/0x180 [ 14.837825] ? preempt_count_sub+0x50/0x80 [ 14.837849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.837873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.837896] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.837919] kthread+0x337/0x6f0 [ 14.837950] ? trace_preempt_on+0x20/0xc0 [ 14.837977] ? __pfx_kthread+0x10/0x10 [ 14.837998] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.838019] ? calculate_sigpending+0x7b/0xa0 [ 14.838044] ? __pfx_kthread+0x10/0x10 [ 14.838066] ret_from_fork+0x116/0x1d0 [ 14.838086] ? __pfx_kthread+0x10/0x10 [ 14.838107] ret_from_fork_asm+0x1a/0x30 [ 14.838139] </TASK> [ 14.838150] [ 14.845069] Allocated by task 290: [ 14.845255] kasan_save_stack+0x45/0x70 [ 14.845401] kasan_save_track+0x18/0x40 [ 14.845589] kasan_save_alloc_info+0x3b/0x50 [ 14.845789] __kasan_kmalloc+0xb7/0xc0 [ 14.845916] __kmalloc_cache_noprof+0x189/0x420 [ 14.846075] kasan_atomics+0x95/0x310 [ 14.846248] kunit_try_run_case+0x1a5/0x480 [ 14.846447] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.846690] kthread+0x337/0x6f0 [ 14.847027] ret_from_fork+0x116/0x1d0 [ 14.847186] ret_from_fork_asm+0x1a/0x30 [ 14.847319] [ 14.847387] The buggy address belongs to the object at ffff8881028d8d80 [ 14.847387] which belongs to the cache kmalloc-64 of size 64 [ 14.847899] The buggy address is located 0 bytes to the right of [ 14.847899] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.848315] [ 14.848385] The buggy address belongs to the physical page: [ 14.848554] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.848790] flags: 0x200000000000000(node=0|zone=2) [ 14.849035] page_type: f5(slab) [ 14.849202] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.849567] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.849910] page dumped because: kasan: bad access detected [ 14.850154] [ 14.850228] Memory state around the buggy address: [ 14.850466] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.850750] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.851036] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.851306] ^ [ 14.851453] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.851662] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.852226] ================================================================== [ 13.999760] ================================================================== [ 14.000172] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 14.000536] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.000902] [ 14.001026] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.001104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.001116] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.001139] Call Trace: [ 14.001173] <TASK> [ 14.001194] dump_stack_lvl+0x73/0xb0 [ 14.001223] print_report+0xd1/0x650 [ 14.001245] ? __virt_addr_valid+0x1db/0x2d0 [ 14.001269] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.001290] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.001340] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.001363] kasan_report+0x141/0x180 [ 14.001385] ? kasan_atomics_helper+0x4b54/0x5450 [ 14.001435] __asan_report_load4_noabort+0x18/0x20 [ 14.001486] kasan_atomics_helper+0x4b54/0x5450 [ 14.001511] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.001533] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.001570] ? kasan_atomics+0x152/0x310 [ 14.001597] kasan_atomics+0x1dc/0x310 [ 14.001619] ? __pfx_kasan_atomics+0x10/0x10 [ 14.001643] ? __pfx_read_tsc+0x10/0x10 [ 14.001665] ? ktime_get_ts64+0x86/0x230 [ 14.001700] kunit_try_run_case+0x1a5/0x480 [ 14.001752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.001774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.001825] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.001848] ? __kthread_parkme+0x82/0x180 [ 14.001870] ? preempt_count_sub+0x50/0x80 [ 14.001895] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.001919] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.001952] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.001975] kthread+0x337/0x6f0 [ 14.001995] ? trace_preempt_on+0x20/0xc0 [ 14.002019] ? __pfx_kthread+0x10/0x10 [ 14.002040] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.002061] ? calculate_sigpending+0x7b/0xa0 [ 14.002086] ? __pfx_kthread+0x10/0x10 [ 14.002107] ret_from_fork+0x116/0x1d0 [ 14.002126] ? __pfx_kthread+0x10/0x10 [ 14.002147] ret_from_fork_asm+0x1a/0x30 [ 14.002178] </TASK> [ 14.002190] [ 14.010833] Allocated by task 290: [ 14.010985] kasan_save_stack+0x45/0x70 [ 14.011131] kasan_save_track+0x18/0x40 [ 14.011260] kasan_save_alloc_info+0x3b/0x50 [ 14.011413] __kasan_kmalloc+0xb7/0xc0 [ 14.011592] __kmalloc_cache_noprof+0x189/0x420 [ 14.012018] kasan_atomics+0x95/0x310 [ 14.012203] kunit_try_run_case+0x1a5/0x480 [ 14.012405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.012649] kthread+0x337/0x6f0 [ 14.012779] ret_from_fork+0x116/0x1d0 [ 14.013053] ret_from_fork_asm+0x1a/0x30 [ 14.013190] [ 14.013258] The buggy address belongs to the object at ffff8881028d8d80 [ 14.013258] which belongs to the cache kmalloc-64 of size 64 [ 14.013901] The buggy address is located 0 bytes to the right of [ 14.013901] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.014639] [ 14.014724] The buggy address belongs to the physical page: [ 14.015501] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.015885] flags: 0x200000000000000(node=0|zone=2) [ 14.016857] page_type: f5(slab) [ 14.017010] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.017239] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.017602] page dumped because: kasan: bad access detected [ 14.017780] [ 14.017846] Memory state around the buggy address: [ 14.018009] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.018251] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.018492] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.018806] ^ [ 14.019091] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.019590] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.019924] ================================================================== [ 15.018811] ================================================================== [ 15.019094] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 15.019326] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.019583] [ 15.019891] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.019954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.019967] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.019988] Call Trace: [ 15.020006] <TASK> [ 15.020024] dump_stack_lvl+0x73/0xb0 [ 15.020054] print_report+0xd1/0x650 [ 15.020077] ? __virt_addr_valid+0x1db/0x2d0 [ 15.020100] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.020122] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.020144] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.020166] kasan_report+0x141/0x180 [ 15.020188] ? kasan_atomics_helper+0x1c18/0x5450 [ 15.020214] kasan_check_range+0x10c/0x1c0 [ 15.020238] __kasan_check_write+0x18/0x20 [ 15.020259] kasan_atomics_helper+0x1c18/0x5450 [ 15.020282] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.020304] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.020329] ? kasan_atomics+0x152/0x310 [ 15.020355] kasan_atomics+0x1dc/0x310 [ 15.020377] ? __pfx_kasan_atomics+0x10/0x10 [ 15.020552] ? __pfx_read_tsc+0x10/0x10 [ 15.020575] ? ktime_get_ts64+0x86/0x230 [ 15.020602] kunit_try_run_case+0x1a5/0x480 [ 15.020626] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.020648] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.020671] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.020694] ? __kthread_parkme+0x82/0x180 [ 15.020714] ? preempt_count_sub+0x50/0x80 [ 15.020738] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.020762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.020785] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.020808] kthread+0x337/0x6f0 [ 15.020828] ? trace_preempt_on+0x20/0xc0 [ 15.020854] ? __pfx_kthread+0x10/0x10 [ 15.020875] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.020895] ? calculate_sigpending+0x7b/0xa0 [ 15.020919] ? __pfx_kthread+0x10/0x10 [ 15.020953] ret_from_fork+0x116/0x1d0 [ 15.020972] ? __pfx_kthread+0x10/0x10 [ 15.020993] ret_from_fork_asm+0x1a/0x30 [ 15.021024] </TASK> [ 15.021035] [ 15.030136] Allocated by task 290: [ 15.030320] kasan_save_stack+0x45/0x70 [ 15.030507] kasan_save_track+0x18/0x40 [ 15.031161] kasan_save_alloc_info+0x3b/0x50 [ 15.031371] __kasan_kmalloc+0xb7/0xc0 [ 15.031533] __kmalloc_cache_noprof+0x189/0x420 [ 15.031866] kasan_atomics+0x95/0x310 [ 15.032074] kunit_try_run_case+0x1a5/0x480 [ 15.032371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.032619] kthread+0x337/0x6f0 [ 15.032902] ret_from_fork+0x116/0x1d0 [ 15.033104] ret_from_fork_asm+0x1a/0x30 [ 15.033409] [ 15.033484] The buggy address belongs to the object at ffff8881028d8d80 [ 15.033484] which belongs to the cache kmalloc-64 of size 64 [ 15.033973] The buggy address is located 0 bytes to the right of [ 15.033973] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.034499] [ 15.034579] The buggy address belongs to the physical page: [ 15.034810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.035526] flags: 0x200000000000000(node=0|zone=2) [ 15.035766] page_type: f5(slab) [ 15.036060] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.036501] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.036875] page dumped because: kasan: bad access detected [ 15.037232] [ 15.037328] Memory state around the buggy address: [ 15.037627] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.037990] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.038351] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.038767] ^ [ 15.039104] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.039563] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.039858] ================================================================== [ 15.178254] ================================================================== [ 15.179472] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 15.180247] Read of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.180968] [ 15.181162] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.181210] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.181223] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.181244] Call Trace: [ 15.181263] <TASK> [ 15.181281] dump_stack_lvl+0x73/0xb0 [ 15.181330] print_report+0xd1/0x650 [ 15.181353] ? __virt_addr_valid+0x1db/0x2d0 [ 15.181376] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.181408] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.181431] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.181454] kasan_report+0x141/0x180 [ 15.181476] ? kasan_atomics_helper+0x4f71/0x5450 [ 15.181502] __asan_report_load8_noabort+0x18/0x20 [ 15.181526] kasan_atomics_helper+0x4f71/0x5450 [ 15.181549] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.181571] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.181596] ? kasan_atomics+0x152/0x310 [ 15.181623] kasan_atomics+0x1dc/0x310 [ 15.181645] ? __pfx_kasan_atomics+0x10/0x10 [ 15.181670] ? __pfx_read_tsc+0x10/0x10 [ 15.181697] ? ktime_get_ts64+0x86/0x230 [ 15.181724] kunit_try_run_case+0x1a5/0x480 [ 15.181749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.181770] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.181793] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.181816] ? __kthread_parkme+0x82/0x180 [ 15.181836] ? preempt_count_sub+0x50/0x80 [ 15.181860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.181883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.181906] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.181941] kthread+0x337/0x6f0 [ 15.181961] ? trace_preempt_on+0x20/0xc0 [ 15.181985] ? __pfx_kthread+0x10/0x10 [ 15.182006] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.182026] ? calculate_sigpending+0x7b/0xa0 [ 15.182051] ? __pfx_kthread+0x10/0x10 [ 15.182072] ret_from_fork+0x116/0x1d0 [ 15.182091] ? __pfx_kthread+0x10/0x10 [ 15.182112] ret_from_fork_asm+0x1a/0x30 [ 15.182142] </TASK> [ 15.182153] [ 15.192578] Allocated by task 290: [ 15.192761] kasan_save_stack+0x45/0x70 [ 15.193154] kasan_save_track+0x18/0x40 [ 15.193299] kasan_save_alloc_info+0x3b/0x50 [ 15.193644] __kasan_kmalloc+0xb7/0xc0 [ 15.193821] __kmalloc_cache_noprof+0x189/0x420 [ 15.194014] kasan_atomics+0x95/0x310 [ 15.194172] kunit_try_run_case+0x1a5/0x480 [ 15.194346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.194577] kthread+0x337/0x6f0 [ 15.195057] ret_from_fork+0x116/0x1d0 [ 15.195211] ret_from_fork_asm+0x1a/0x30 [ 15.195412] [ 15.195583] The buggy address belongs to the object at ffff8881028d8d80 [ 15.195583] which belongs to the cache kmalloc-64 of size 64 [ 15.196209] The buggy address is located 0 bytes to the right of [ 15.196209] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.196891] [ 15.197121] The buggy address belongs to the physical page: [ 15.197347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.197839] flags: 0x200000000000000(node=0|zone=2) [ 15.198124] page_type: f5(slab) [ 15.198284] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.198762] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.199138] page dumped because: kasan: bad access detected [ 15.199369] [ 15.199548] Memory state around the buggy address: [ 15.199860] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.200213] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.200611] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.200965] ^ [ 15.201181] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.201590] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.201837] ================================================================== [ 15.087634] ================================================================== [ 15.087985] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 15.088294] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.089055] [ 15.089159] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.089347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.089363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.089386] Call Trace: [ 15.089413] <TASK> [ 15.089430] dump_stack_lvl+0x73/0xb0 [ 15.089460] print_report+0xd1/0x650 [ 15.089482] ? __virt_addr_valid+0x1db/0x2d0 [ 15.089505] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.089527] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.089549] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.089573] kasan_report+0x141/0x180 [ 15.089594] ? kasan_atomics_helper+0x1d7a/0x5450 [ 15.089621] kasan_check_range+0x10c/0x1c0 [ 15.089647] __kasan_check_write+0x18/0x20 [ 15.089666] kasan_atomics_helper+0x1d7a/0x5450 [ 15.089695] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.089718] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.089742] ? kasan_atomics+0x152/0x310 [ 15.089768] kasan_atomics+0x1dc/0x310 [ 15.089791] ? __pfx_kasan_atomics+0x10/0x10 [ 15.089814] ? __pfx_read_tsc+0x10/0x10 [ 15.089836] ? ktime_get_ts64+0x86/0x230 [ 15.089861] kunit_try_run_case+0x1a5/0x480 [ 15.089885] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.089908] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.089942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.089965] ? __kthread_parkme+0x82/0x180 [ 15.089985] ? preempt_count_sub+0x50/0x80 [ 15.090008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.090032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.090055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.090078] kthread+0x337/0x6f0 [ 15.090097] ? trace_preempt_on+0x20/0xc0 [ 15.090121] ? __pfx_kthread+0x10/0x10 [ 15.090142] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.090163] ? calculate_sigpending+0x7b/0xa0 [ 15.090187] ? __pfx_kthread+0x10/0x10 [ 15.090208] ret_from_fork+0x116/0x1d0 [ 15.090226] ? __pfx_kthread+0x10/0x10 [ 15.090247] ret_from_fork_asm+0x1a/0x30 [ 15.090277] </TASK> [ 15.090289] [ 15.100103] Allocated by task 290: [ 15.100238] kasan_save_stack+0x45/0x70 [ 15.100685] kasan_save_track+0x18/0x40 [ 15.100964] kasan_save_alloc_info+0x3b/0x50 [ 15.101146] __kasan_kmalloc+0xb7/0xc0 [ 15.101454] __kmalloc_cache_noprof+0x189/0x420 [ 15.101747] kasan_atomics+0x95/0x310 [ 15.101940] kunit_try_run_case+0x1a5/0x480 [ 15.102268] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.102643] kthread+0x337/0x6f0 [ 15.102806] ret_from_fork+0x116/0x1d0 [ 15.103132] ret_from_fork_asm+0x1a/0x30 [ 15.103400] [ 15.103502] The buggy address belongs to the object at ffff8881028d8d80 [ 15.103502] which belongs to the cache kmalloc-64 of size 64 [ 15.104206] The buggy address is located 0 bytes to the right of [ 15.104206] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.104958] [ 15.105058] The buggy address belongs to the physical page: [ 15.105428] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.105918] flags: 0x200000000000000(node=0|zone=2) [ 15.106219] page_type: f5(slab) [ 15.106355] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.106873] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.107284] page dumped because: kasan: bad access detected [ 15.107624] [ 15.107720] Memory state around the buggy address: [ 15.107942] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.108254] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.108796] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.109055] ^ [ 15.109386] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.109833] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.110247] ================================================================== [ 15.356181] ================================================================== [ 15.356555] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 15.356794] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.357129] [ 15.357231] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.357277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.357288] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.357310] Call Trace: [ 15.357327] <TASK> [ 15.357343] dump_stack_lvl+0x73/0xb0 [ 15.357371] print_report+0xd1/0x650 [ 15.357393] ? __virt_addr_valid+0x1db/0x2d0 [ 15.357415] ? kasan_atomics_helper+0x224c/0x5450 [ 15.357436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.357459] ? kasan_atomics_helper+0x224c/0x5450 [ 15.357491] kasan_report+0x141/0x180 [ 15.357513] ? kasan_atomics_helper+0x224c/0x5450 [ 15.357540] kasan_check_range+0x10c/0x1c0 [ 15.357563] __kasan_check_write+0x18/0x20 [ 15.357584] kasan_atomics_helper+0x224c/0x5450 [ 15.357606] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.357628] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.357653] ? kasan_atomics+0x152/0x310 [ 15.357679] kasan_atomics+0x1dc/0x310 [ 15.357707] ? __pfx_kasan_atomics+0x10/0x10 [ 15.357731] ? __pfx_read_tsc+0x10/0x10 [ 15.357753] ? ktime_get_ts64+0x86/0x230 [ 15.357780] kunit_try_run_case+0x1a5/0x480 [ 15.357804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.357827] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.357851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.357874] ? __kthread_parkme+0x82/0x180 [ 15.357895] ? preempt_count_sub+0x50/0x80 [ 15.357919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.357954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.357978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.358001] kthread+0x337/0x6f0 [ 15.358021] ? trace_preempt_on+0x20/0xc0 [ 15.358046] ? __pfx_kthread+0x10/0x10 [ 15.358067] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.358088] ? calculate_sigpending+0x7b/0xa0 [ 15.358113] ? __pfx_kthread+0x10/0x10 [ 15.358134] ret_from_fork+0x116/0x1d0 [ 15.358153] ? __pfx_kthread+0x10/0x10 [ 15.358174] ret_from_fork_asm+0x1a/0x30 [ 15.358205] </TASK> [ 15.358216] [ 15.365126] Allocated by task 290: [ 15.365253] kasan_save_stack+0x45/0x70 [ 15.365390] kasan_save_track+0x18/0x40 [ 15.365585] kasan_save_alloc_info+0x3b/0x50 [ 15.365798] __kasan_kmalloc+0xb7/0xc0 [ 15.365990] __kmalloc_cache_noprof+0x189/0x420 [ 15.366205] kasan_atomics+0x95/0x310 [ 15.366331] kunit_try_run_case+0x1a5/0x480 [ 15.366469] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.366635] kthread+0x337/0x6f0 [ 15.366749] ret_from_fork+0x116/0x1d0 [ 15.367076] ret_from_fork_asm+0x1a/0x30 [ 15.367419] [ 15.367510] The buggy address belongs to the object at ffff8881028d8d80 [ 15.367510] which belongs to the cache kmalloc-64 of size 64 [ 15.368053] The buggy address is located 0 bytes to the right of [ 15.368053] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.368496] [ 15.368596] The buggy address belongs to the physical page: [ 15.368809] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.369063] flags: 0x200000000000000(node=0|zone=2) [ 15.369295] page_type: f5(slab) [ 15.369462] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.369880] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.370141] page dumped because: kasan: bad access detected [ 15.370385] [ 15.370489] Memory state around the buggy address: [ 15.370685] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.371031] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.371249] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.371490] ^ [ 15.371705] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.372024] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.372290] ================================================================== [ 13.874520] ================================================================== [ 13.875380] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 13.876619] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 13.877139] [ 13.877239] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.877291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.877303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.877324] Call Trace: [ 13.877338] <TASK> [ 13.877356] dump_stack_lvl+0x73/0xb0 [ 13.877388] print_report+0xd1/0x650 [ 13.877565] ? __virt_addr_valid+0x1db/0x2d0 [ 13.877846] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.877871] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.877893] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.877915] kasan_report+0x141/0x180 [ 13.877949] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.877974] __asan_report_load4_noabort+0x18/0x20 [ 13.877998] kasan_atomics_helper+0x4bbc/0x5450 [ 13.878019] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.878040] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.878064] ? kasan_atomics+0x152/0x310 [ 13.878090] kasan_atomics+0x1dc/0x310 [ 13.878111] ? __pfx_kasan_atomics+0x10/0x10 [ 13.878134] ? __pfx_read_tsc+0x10/0x10 [ 13.878155] ? ktime_get_ts64+0x86/0x230 [ 13.878181] kunit_try_run_case+0x1a5/0x480 [ 13.878204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.878225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.878248] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.878269] ? __kthread_parkme+0x82/0x180 [ 13.878289] ? preempt_count_sub+0x50/0x80 [ 13.878312] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.878335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.878357] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.878380] kthread+0x337/0x6f0 [ 13.878414] ? trace_preempt_on+0x20/0xc0 [ 13.878439] ? __pfx_kthread+0x10/0x10 [ 13.878460] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.878479] ? calculate_sigpending+0x7b/0xa0 [ 13.878503] ? __pfx_kthread+0x10/0x10 [ 13.878524] ret_from_fork+0x116/0x1d0 [ 13.878541] ? __pfx_kthread+0x10/0x10 [ 13.878561] ret_from_fork_asm+0x1a/0x30 [ 13.878593] </TASK> [ 13.878605] [ 13.892120] Allocated by task 290: [ 13.892529] kasan_save_stack+0x45/0x70 [ 13.892961] kasan_save_track+0x18/0x40 [ 13.893322] kasan_save_alloc_info+0x3b/0x50 [ 13.893792] __kasan_kmalloc+0xb7/0xc0 [ 13.894198] __kmalloc_cache_noprof+0x189/0x420 [ 13.894637] kasan_atomics+0x95/0x310 [ 13.895102] kunit_try_run_case+0x1a5/0x480 [ 13.895573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.895861] kthread+0x337/0x6f0 [ 13.896185] ret_from_fork+0x116/0x1d0 [ 13.896578] ret_from_fork_asm+0x1a/0x30 [ 13.896965] [ 13.897145] The buggy address belongs to the object at ffff8881028d8d80 [ 13.897145] which belongs to the cache kmalloc-64 of size 64 [ 13.897730] The buggy address is located 0 bytes to the right of [ 13.897730] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 13.898536] [ 13.898740] The buggy address belongs to the physical page: [ 13.899265] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 13.899938] flags: 0x200000000000000(node=0|zone=2) [ 13.900103] page_type: f5(slab) [ 13.900221] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.900498] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.901078] page dumped because: kasan: bad access detected [ 13.901245] [ 13.901307] Memory state around the buggy address: [ 13.901475] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.901700] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.901906] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.902164] ^ [ 13.902310] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.902788] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.903060] ================================================================== [ 14.202224] ================================================================== [ 14.202685] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 14.203218] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.203513] [ 14.203594] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.203640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.203652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.203673] Call Trace: [ 14.203691] <TASK> [ 14.203707] dump_stack_lvl+0x73/0xb0 [ 14.203736] print_report+0xd1/0x650 [ 14.203759] ? __virt_addr_valid+0x1db/0x2d0 [ 14.203781] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.203802] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.203825] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.203849] kasan_report+0x141/0x180 [ 14.203872] ? kasan_atomics_helper+0x8f9/0x5450 [ 14.203898] kasan_check_range+0x10c/0x1c0 [ 14.203922] __kasan_check_write+0x18/0x20 [ 14.204058] kasan_atomics_helper+0x8f9/0x5450 [ 14.204082] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.204105] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.204160] ? kasan_atomics+0x152/0x310 [ 14.204211] kasan_atomics+0x1dc/0x310 [ 14.204235] ? __pfx_kasan_atomics+0x10/0x10 [ 14.204259] ? __pfx_read_tsc+0x10/0x10 [ 14.204281] ? ktime_get_ts64+0x86/0x230 [ 14.204308] kunit_try_run_case+0x1a5/0x480 [ 14.204331] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.204353] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.204376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.204610] ? __kthread_parkme+0x82/0x180 [ 14.204637] ? preempt_count_sub+0x50/0x80 [ 14.204661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.204685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.204741] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.204766] kthread+0x337/0x6f0 [ 14.204786] ? trace_preempt_on+0x20/0xc0 [ 14.204812] ? __pfx_kthread+0x10/0x10 [ 14.204834] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.204855] ? calculate_sigpending+0x7b/0xa0 [ 14.204879] ? __pfx_kthread+0x10/0x10 [ 14.204901] ret_from_fork+0x116/0x1d0 [ 14.204919] ? __pfx_kthread+0x10/0x10 [ 14.204951] ret_from_fork_asm+0x1a/0x30 [ 14.204983] </TASK> [ 14.204995] [ 14.215570] Allocated by task 290: [ 14.215704] kasan_save_stack+0x45/0x70 [ 14.215845] kasan_save_track+0x18/0x40 [ 14.216634] kasan_save_alloc_info+0x3b/0x50 [ 14.216800] __kasan_kmalloc+0xb7/0xc0 [ 14.217844] __kmalloc_cache_noprof+0x189/0x420 [ 14.218681] kasan_atomics+0x95/0x310 [ 14.219543] kunit_try_run_case+0x1a5/0x480 [ 14.220156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.220351] kthread+0x337/0x6f0 [ 14.221269] ret_from_fork+0x116/0x1d0 [ 14.222086] ret_from_fork_asm+0x1a/0x30 [ 14.222258] [ 14.222563] The buggy address belongs to the object at ffff8881028d8d80 [ 14.222563] which belongs to the cache kmalloc-64 of size 64 [ 14.223106] The buggy address is located 0 bytes to the right of [ 14.223106] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.223768] [ 14.223870] The buggy address belongs to the physical page: [ 14.224084] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.224436] flags: 0x200000000000000(node=0|zone=2) [ 14.224793] page_type: f5(slab) [ 14.224986] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.225324] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.225874] page dumped because: kasan: bad access detected [ 14.226137] [ 14.226231] Memory state around the buggy address: [ 14.226561] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.226826] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.227165] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.227551] ^ [ 14.227783] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.228089] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.228438] ================================================================== [ 14.379591] ================================================================== [ 14.379994] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 14.380996] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.381542] [ 14.381728] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.381794] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.381807] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.381828] Call Trace: [ 14.381848] <TASK> [ 14.381866] dump_stack_lvl+0x73/0xb0 [ 14.381904] print_report+0xd1/0x650 [ 14.381942] ? __virt_addr_valid+0x1db/0x2d0 [ 14.381966] ? kasan_atomics_helper+0xd47/0x5450 [ 14.381987] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.382009] ? kasan_atomics_helper+0xd47/0x5450 [ 14.382030] kasan_report+0x141/0x180 [ 14.382052] ? kasan_atomics_helper+0xd47/0x5450 [ 14.382079] kasan_check_range+0x10c/0x1c0 [ 14.382103] __kasan_check_write+0x18/0x20 [ 14.382122] kasan_atomics_helper+0xd47/0x5450 [ 14.382146] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.382168] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.382193] ? kasan_atomics+0x152/0x310 [ 14.382220] kasan_atomics+0x1dc/0x310 [ 14.382243] ? __pfx_kasan_atomics+0x10/0x10 [ 14.382267] ? __pfx_read_tsc+0x10/0x10 [ 14.382288] ? ktime_get_ts64+0x86/0x230 [ 14.382314] kunit_try_run_case+0x1a5/0x480 [ 14.382337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.382359] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.382403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.382426] ? __kthread_parkme+0x82/0x180 [ 14.382446] ? preempt_count_sub+0x50/0x80 [ 14.382470] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.382494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.382517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.382540] kthread+0x337/0x6f0 [ 14.382559] ? trace_preempt_on+0x20/0xc0 [ 14.382584] ? __pfx_kthread+0x10/0x10 [ 14.382605] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.382625] ? calculate_sigpending+0x7b/0xa0 [ 14.382650] ? __pfx_kthread+0x10/0x10 [ 14.382671] ret_from_fork+0x116/0x1d0 [ 14.382690] ? __pfx_kthread+0x10/0x10 [ 14.382710] ret_from_fork_asm+0x1a/0x30 [ 14.382743] </TASK> [ 14.382754] [ 14.393904] Allocated by task 290: [ 14.394264] kasan_save_stack+0x45/0x70 [ 14.394661] kasan_save_track+0x18/0x40 [ 14.395017] kasan_save_alloc_info+0x3b/0x50 [ 14.395425] __kasan_kmalloc+0xb7/0xc0 [ 14.395777] __kmalloc_cache_noprof+0x189/0x420 [ 14.396193] kasan_atomics+0x95/0x310 [ 14.396541] kunit_try_run_case+0x1a5/0x480 [ 14.397014] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.397500] kthread+0x337/0x6f0 [ 14.397804] ret_from_fork+0x116/0x1d0 [ 14.398170] ret_from_fork_asm+0x1a/0x30 [ 14.398547] [ 14.398711] The buggy address belongs to the object at ffff8881028d8d80 [ 14.398711] which belongs to the cache kmalloc-64 of size 64 [ 14.399257] The buggy address is located 0 bytes to the right of [ 14.399257] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.399894] [ 14.400066] The buggy address belongs to the physical page: [ 14.400662] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.401468] flags: 0x200000000000000(node=0|zone=2) [ 14.401908] page_type: f5(slab) [ 14.402228] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.402727] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.402961] page dumped because: kasan: bad access detected [ 14.403126] [ 14.403190] Memory state around the buggy address: [ 14.403338] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.403903] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.404545] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.405188] ^ [ 14.405699] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.406335] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.407027] ================================================================== [ 14.642069] ================================================================== [ 14.642432] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.642757] Read of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.643087] [ 14.643180] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.643226] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.643238] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.643260] Call Trace: [ 14.643277] <TASK> [ 14.643294] dump_stack_lvl+0x73/0xb0 [ 14.643321] print_report+0xd1/0x650 [ 14.643345] ? __virt_addr_valid+0x1db/0x2d0 [ 14.643368] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.643389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.643426] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.643448] kasan_report+0x141/0x180 [ 14.643470] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.643496] __asan_report_load4_noabort+0x18/0x20 [ 14.643521] kasan_atomics_helper+0x49ce/0x5450 [ 14.643545] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.643567] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.643602] ? kasan_atomics+0x152/0x310 [ 14.643628] kasan_atomics+0x1dc/0x310 [ 14.643652] ? __pfx_kasan_atomics+0x10/0x10 [ 14.643687] ? __pfx_read_tsc+0x10/0x10 [ 14.643709] ? ktime_get_ts64+0x86/0x230 [ 14.643734] kunit_try_run_case+0x1a5/0x480 [ 14.643759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.643780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.643804] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.643827] ? __kthread_parkme+0x82/0x180 [ 14.643847] ? preempt_count_sub+0x50/0x80 [ 14.643871] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.643895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.643918] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.643950] kthread+0x337/0x6f0 [ 14.643970] ? trace_preempt_on+0x20/0xc0 [ 14.643995] ? __pfx_kthread+0x10/0x10 [ 14.644017] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.644038] ? calculate_sigpending+0x7b/0xa0 [ 14.644062] ? __pfx_kthread+0x10/0x10 [ 14.644084] ret_from_fork+0x116/0x1d0 [ 14.644103] ? __pfx_kthread+0x10/0x10 [ 14.644134] ret_from_fork_asm+0x1a/0x30 [ 14.644164] </TASK> [ 14.644176] [ 14.652196] Allocated by task 290: [ 14.652324] kasan_save_stack+0x45/0x70 [ 14.653311] kasan_save_track+0x18/0x40 [ 14.654068] kasan_save_alloc_info+0x3b/0x50 [ 14.654871] __kasan_kmalloc+0xb7/0xc0 [ 14.655677] __kmalloc_cache_noprof+0x189/0x420 [ 14.655862] kasan_atomics+0x95/0x310 [ 14.656011] kunit_try_run_case+0x1a5/0x480 [ 14.656156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.656326] kthread+0x337/0x6f0 [ 14.656455] ret_from_fork+0x116/0x1d0 [ 14.656583] ret_from_fork_asm+0x1a/0x30 [ 14.656717] [ 14.656787] The buggy address belongs to the object at ffff8881028d8d80 [ 14.656787] which belongs to the cache kmalloc-64 of size 64 [ 14.657144] The buggy address is located 0 bytes to the right of [ 14.657144] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.657500] [ 14.657569] The buggy address belongs to the physical page: [ 14.657740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.658152] flags: 0x200000000000000(node=0|zone=2) [ 14.658704] page_type: f5(slab) [ 14.659011] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.659694] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.660313] page dumped because: kasan: bad access detected [ 14.660886] [ 14.661065] Memory state around the buggy address: [ 14.661504] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.662133] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.662755] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.663364] ^ [ 14.663781] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.664366] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.664979] ================================================================== [ 14.543074] ================================================================== [ 14.543521] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.543842] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.544115] [ 14.544195] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.544238] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.544251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.544272] Call Trace: [ 14.544288] <TASK> [ 14.544303] dump_stack_lvl+0x73/0xb0 [ 14.544329] print_report+0xd1/0x650 [ 14.544350] ? __virt_addr_valid+0x1db/0x2d0 [ 14.544373] ? kasan_atomics_helper+0x1148/0x5450 [ 14.544393] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.544416] ? kasan_atomics_helper+0x1148/0x5450 [ 14.544437] kasan_report+0x141/0x180 [ 14.544460] ? kasan_atomics_helper+0x1148/0x5450 [ 14.544486] kasan_check_range+0x10c/0x1c0 [ 14.544510] __kasan_check_write+0x18/0x20 [ 14.544530] kasan_atomics_helper+0x1148/0x5450 [ 14.544553] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.544575] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.544599] ? kasan_atomics+0x152/0x310 [ 14.544625] kasan_atomics+0x1dc/0x310 [ 14.544648] ? __pfx_kasan_atomics+0x10/0x10 [ 14.544673] ? __pfx_read_tsc+0x10/0x10 [ 14.544693] ? ktime_get_ts64+0x86/0x230 [ 14.544718] kunit_try_run_case+0x1a5/0x480 [ 14.544742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.544764] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.544786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.544808] ? __kthread_parkme+0x82/0x180 [ 14.544829] ? preempt_count_sub+0x50/0x80 [ 14.544852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.544876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.544899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.544923] kthread+0x337/0x6f0 [ 14.544954] ? trace_preempt_on+0x20/0xc0 [ 14.544978] ? __pfx_kthread+0x10/0x10 [ 14.544999] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.545020] ? calculate_sigpending+0x7b/0xa0 [ 14.545044] ? __pfx_kthread+0x10/0x10 [ 14.545065] ret_from_fork+0x116/0x1d0 [ 14.545084] ? __pfx_kthread+0x10/0x10 [ 14.545116] ret_from_fork_asm+0x1a/0x30 [ 14.545168] </TASK> [ 14.545179] [ 14.552518] Allocated by task 290: [ 14.552650] kasan_save_stack+0x45/0x70 [ 14.552787] kasan_save_track+0x18/0x40 [ 14.552915] kasan_save_alloc_info+0x3b/0x50 [ 14.553078] __kasan_kmalloc+0xb7/0xc0 [ 14.553284] __kmalloc_cache_noprof+0x189/0x420 [ 14.553662] kasan_atomics+0x95/0x310 [ 14.553854] kunit_try_run_case+0x1a5/0x480 [ 14.554067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.554257] kthread+0x337/0x6f0 [ 14.554372] ret_from_fork+0x116/0x1d0 [ 14.554570] ret_from_fork_asm+0x1a/0x30 [ 14.554779] [ 14.554868] The buggy address belongs to the object at ffff8881028d8d80 [ 14.554868] which belongs to the cache kmalloc-64 of size 64 [ 14.555248] The buggy address is located 0 bytes to the right of [ 14.555248] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.556142] [ 14.556245] The buggy address belongs to the physical page: [ 14.556627] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.558220] flags: 0x200000000000000(node=0|zone=2) [ 14.558812] page_type: f5(slab) [ 14.559064] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.560066] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.560784] page dumped because: kasan: bad access detected [ 14.561403] [ 14.561591] Memory state around the buggy address: [ 14.561943] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.562235] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.562950] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.563438] ^ [ 14.563906] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.564586] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.564872] ================================================================== [ 14.296912] ================================================================== [ 14.297268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 14.297665] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.297947] [ 14.298048] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.298113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.298126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.298146] Call Trace: [ 14.298180] <TASK> [ 14.298195] dump_stack_lvl+0x73/0xb0 [ 14.298224] print_report+0xd1/0x650 [ 14.298246] ? __virt_addr_valid+0x1db/0x2d0 [ 14.298268] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.298289] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.298312] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.298349] kasan_report+0x141/0x180 [ 14.298386] ? kasan_atomics_helper+0xb6a/0x5450 [ 14.298561] kasan_check_range+0x10c/0x1c0 [ 14.298585] __kasan_check_write+0x18/0x20 [ 14.298605] kasan_atomics_helper+0xb6a/0x5450 [ 14.298628] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.298649] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.298674] ? kasan_atomics+0x152/0x310 [ 14.298701] kasan_atomics+0x1dc/0x310 [ 14.298723] ? __pfx_kasan_atomics+0x10/0x10 [ 14.298777] ? __pfx_read_tsc+0x10/0x10 [ 14.298799] ? ktime_get_ts64+0x86/0x230 [ 14.298825] kunit_try_run_case+0x1a5/0x480 [ 14.298867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.298891] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.298913] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.298947] ? __kthread_parkme+0x82/0x180 [ 14.298968] ? preempt_count_sub+0x50/0x80 [ 14.298992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.299015] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.299038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.299062] kthread+0x337/0x6f0 [ 14.299082] ? trace_preempt_on+0x20/0xc0 [ 14.299106] ? __pfx_kthread+0x10/0x10 [ 14.299128] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.299149] ? calculate_sigpending+0x7b/0xa0 [ 14.299191] ? __pfx_kthread+0x10/0x10 [ 14.299213] ret_from_fork+0x116/0x1d0 [ 14.299232] ? __pfx_kthread+0x10/0x10 [ 14.299253] ret_from_fork_asm+0x1a/0x30 [ 14.299284] </TASK> [ 14.299295] [ 14.307678] Allocated by task 290: [ 14.307837] kasan_save_stack+0x45/0x70 [ 14.308086] kasan_save_track+0x18/0x40 [ 14.308320] kasan_save_alloc_info+0x3b/0x50 [ 14.308533] __kasan_kmalloc+0xb7/0xc0 [ 14.308717] __kmalloc_cache_noprof+0x189/0x420 [ 14.308938] kasan_atomics+0x95/0x310 [ 14.309095] kunit_try_run_case+0x1a5/0x480 [ 14.309336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.309498] kthread+0x337/0x6f0 [ 14.309687] ret_from_fork+0x116/0x1d0 [ 14.309916] ret_from_fork_asm+0x1a/0x30 [ 14.310144] [ 14.310256] The buggy address belongs to the object at ffff8881028d8d80 [ 14.310256] which belongs to the cache kmalloc-64 of size 64 [ 14.310918] The buggy address is located 0 bytes to the right of [ 14.310918] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.311543] [ 14.311620] The buggy address belongs to the physical page: [ 14.311805] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.312060] flags: 0x200000000000000(node=0|zone=2) [ 14.312307] page_type: f5(slab) [ 14.312489] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.313085] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.313486] page dumped because: kasan: bad access detected [ 14.313749] [ 14.313836] Memory state around the buggy address: [ 14.314067] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.314401] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.314711] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.315028] ^ [ 14.315300] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.315500] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.315697] ================================================================== [ 14.157949] ================================================================== [ 14.158196] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 14.158421] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.158742] [ 14.158848] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.158895] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.158907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.158939] Call Trace: [ 14.158958] <TASK> [ 14.158975] dump_stack_lvl+0x73/0xb0 [ 14.159003] print_report+0xd1/0x650 [ 14.159025] ? __virt_addr_valid+0x1db/0x2d0 [ 14.159048] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.159069] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.159090] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.159111] kasan_report+0x141/0x180 [ 14.159133] ? kasan_atomics_helper+0x7c7/0x5450 [ 14.159158] kasan_check_range+0x10c/0x1c0 [ 14.159182] __kasan_check_write+0x18/0x20 [ 14.159201] kasan_atomics_helper+0x7c7/0x5450 [ 14.159223] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.159244] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.159292] ? kasan_atomics+0x152/0x310 [ 14.159318] kasan_atomics+0x1dc/0x310 [ 14.159340] ? __pfx_kasan_atomics+0x10/0x10 [ 14.159365] ? __pfx_read_tsc+0x10/0x10 [ 14.159386] ? ktime_get_ts64+0x86/0x230 [ 14.159413] kunit_try_run_case+0x1a5/0x480 [ 14.159437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.159470] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.159493] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.159515] ? __kthread_parkme+0x82/0x180 [ 14.159536] ? preempt_count_sub+0x50/0x80 [ 14.159560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.159584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.159607] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.159630] kthread+0x337/0x6f0 [ 14.159650] ? trace_preempt_on+0x20/0xc0 [ 14.159674] ? __pfx_kthread+0x10/0x10 [ 14.159695] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.159716] ? calculate_sigpending+0x7b/0xa0 [ 14.159741] ? __pfx_kthread+0x10/0x10 [ 14.159762] ret_from_fork+0x116/0x1d0 [ 14.159780] ? __pfx_kthread+0x10/0x10 [ 14.159800] ret_from_fork_asm+0x1a/0x30 [ 14.159833] </TASK> [ 14.159844] [ 14.170065] Allocated by task 290: [ 14.170248] kasan_save_stack+0x45/0x70 [ 14.170780] kasan_save_track+0x18/0x40 [ 14.170927] kasan_save_alloc_info+0x3b/0x50 [ 14.171082] __kasan_kmalloc+0xb7/0xc0 [ 14.171208] __kmalloc_cache_noprof+0x189/0x420 [ 14.171525] kasan_atomics+0x95/0x310 [ 14.171727] kunit_try_run_case+0x1a5/0x480 [ 14.171943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.172191] kthread+0x337/0x6f0 [ 14.172348] ret_from_fork+0x116/0x1d0 [ 14.172536] ret_from_fork_asm+0x1a/0x30 [ 14.172731] [ 14.172824] The buggy address belongs to the object at ffff8881028d8d80 [ 14.172824] which belongs to the cache kmalloc-64 of size 64 [ 14.173967] The buggy address is located 0 bytes to the right of [ 14.173967] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.174652] [ 14.174761] The buggy address belongs to the physical page: [ 14.175168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.175703] flags: 0x200000000000000(node=0|zone=2) [ 14.176113] page_type: f5(slab) [ 14.176516] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.177119] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.177347] page dumped because: kasan: bad access detected [ 14.177514] [ 14.177598] Memory state around the buggy address: [ 14.178238] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.178690] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.179001] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.179337] ^ [ 14.179690] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.180190] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.180558] ================================================================== [ 14.318115] ================================================================== [ 14.318503] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 14.318809] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.319118] [ 14.319222] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.319265] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.319277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.319319] Call Trace: [ 14.319333] <TASK> [ 14.319349] dump_stack_lvl+0x73/0xb0 [ 14.319376] print_report+0xd1/0x650 [ 14.319420] ? __virt_addr_valid+0x1db/0x2d0 [ 14.319443] ? kasan_atomics_helper+0xc70/0x5450 [ 14.319465] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.319487] ? kasan_atomics_helper+0xc70/0x5450 [ 14.319509] kasan_report+0x141/0x180 [ 14.319531] ? kasan_atomics_helper+0xc70/0x5450 [ 14.319558] kasan_check_range+0x10c/0x1c0 [ 14.319582] __kasan_check_write+0x18/0x20 [ 14.319601] kasan_atomics_helper+0xc70/0x5450 [ 14.319624] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.319646] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.319670] ? kasan_atomics+0x152/0x310 [ 14.319697] kasan_atomics+0x1dc/0x310 [ 14.319720] ? __pfx_kasan_atomics+0x10/0x10 [ 14.319744] ? __pfx_read_tsc+0x10/0x10 [ 14.319765] ? ktime_get_ts64+0x86/0x230 [ 14.319809] kunit_try_run_case+0x1a5/0x480 [ 14.319834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.319856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.319879] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.319901] ? __kthread_parkme+0x82/0x180 [ 14.319922] ? preempt_count_sub+0x50/0x80 [ 14.319957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.319980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.320022] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.320045] kthread+0x337/0x6f0 [ 14.320065] ? trace_preempt_on+0x20/0xc0 [ 14.320089] ? __pfx_kthread+0x10/0x10 [ 14.320110] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.320130] ? calculate_sigpending+0x7b/0xa0 [ 14.320154] ? __pfx_kthread+0x10/0x10 [ 14.320177] ret_from_fork+0x116/0x1d0 [ 14.320195] ? __pfx_kthread+0x10/0x10 [ 14.320216] ret_from_fork_asm+0x1a/0x30 [ 14.320247] </TASK> [ 14.320276] [ 14.327820] Allocated by task 290: [ 14.327950] kasan_save_stack+0x45/0x70 [ 14.328145] kasan_save_track+0x18/0x40 [ 14.328326] kasan_save_alloc_info+0x3b/0x50 [ 14.328555] __kasan_kmalloc+0xb7/0xc0 [ 14.328771] __kmalloc_cache_noprof+0x189/0x420 [ 14.329490] kasan_atomics+0x95/0x310 [ 14.329945] kunit_try_run_case+0x1a5/0x480 [ 14.330120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.330318] kthread+0x337/0x6f0 [ 14.331057] ret_from_fork+0x116/0x1d0 [ 14.331223] ret_from_fork_asm+0x1a/0x30 [ 14.331363] [ 14.331841] The buggy address belongs to the object at ffff8881028d8d80 [ 14.331841] which belongs to the cache kmalloc-64 of size 64 [ 14.333211] The buggy address is located 0 bytes to the right of [ 14.333211] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.334027] [ 14.334108] The buggy address belongs to the physical page: [ 14.334279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.334523] flags: 0x200000000000000(node=0|zone=2) [ 14.334681] page_type: f5(slab) [ 14.334796] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.335741] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.336868] page dumped because: kasan: bad access detected [ 14.337515] [ 14.337894] Memory state around the buggy address: [ 14.338740] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.339579] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.340492] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.341304] ^ [ 14.342050] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.342308] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.343161] ================================================================== [ 14.134016] ================================================================== [ 14.134247] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 14.134464] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.134859] [ 14.134986] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.135048] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.135060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.135081] Call Trace: [ 14.135100] <TASK> [ 14.135117] dump_stack_lvl+0x73/0xb0 [ 14.135146] print_report+0xd1/0x650 [ 14.135168] ? __virt_addr_valid+0x1db/0x2d0 [ 14.135192] ? kasan_atomics_helper+0x72f/0x5450 [ 14.135213] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.135236] ? kasan_atomics_helper+0x72f/0x5450 [ 14.135257] kasan_report+0x141/0x180 [ 14.135279] ? kasan_atomics_helper+0x72f/0x5450 [ 14.135306] kasan_check_range+0x10c/0x1c0 [ 14.135329] __kasan_check_write+0x18/0x20 [ 14.135348] kasan_atomics_helper+0x72f/0x5450 [ 14.135373] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.135395] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.135853] ? kasan_atomics+0x152/0x310 [ 14.135887] kasan_atomics+0x1dc/0x310 [ 14.135912] ? __pfx_kasan_atomics+0x10/0x10 [ 14.135951] ? __pfx_read_tsc+0x10/0x10 [ 14.135973] ? ktime_get_ts64+0x86/0x230 [ 14.136001] kunit_try_run_case+0x1a5/0x480 [ 14.136025] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.136047] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.136071] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.136094] ? __kthread_parkme+0x82/0x180 [ 14.136115] ? preempt_count_sub+0x50/0x80 [ 14.136140] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.136164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.136187] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.136210] kthread+0x337/0x6f0 [ 14.136230] ? trace_preempt_on+0x20/0xc0 [ 14.136255] ? __pfx_kthread+0x10/0x10 [ 14.136276] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.136296] ? calculate_sigpending+0x7b/0xa0 [ 14.136321] ? __pfx_kthread+0x10/0x10 [ 14.136343] ret_from_fork+0x116/0x1d0 [ 14.136362] ? __pfx_kthread+0x10/0x10 [ 14.136383] ret_from_fork_asm+0x1a/0x30 [ 14.136830] </TASK> [ 14.136845] [ 14.149460] Allocated by task 290: [ 14.149693] kasan_save_stack+0x45/0x70 [ 14.149994] kasan_save_track+0x18/0x40 [ 14.150217] kasan_save_alloc_info+0x3b/0x50 [ 14.150365] __kasan_kmalloc+0xb7/0xc0 [ 14.150571] __kmalloc_cache_noprof+0x189/0x420 [ 14.150882] kasan_atomics+0x95/0x310 [ 14.151062] kunit_try_run_case+0x1a5/0x480 [ 14.151206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.151374] kthread+0x337/0x6f0 [ 14.151535] ret_from_fork+0x116/0x1d0 [ 14.151775] ret_from_fork_asm+0x1a/0x30 [ 14.152007] [ 14.152111] The buggy address belongs to the object at ffff8881028d8d80 [ 14.152111] which belongs to the cache kmalloc-64 of size 64 [ 14.152491] The buggy address is located 0 bytes to the right of [ 14.152491] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.153329] [ 14.153428] The buggy address belongs to the physical page: [ 14.153625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.153949] flags: 0x200000000000000(node=0|zone=2) [ 14.154164] page_type: f5(slab) [ 14.154282] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.154507] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.155143] page dumped because: kasan: bad access detected [ 14.155380] [ 14.155484] Memory state around the buggy address: [ 14.155639] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.155848] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.156143] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.156458] ^ [ 14.156742] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.157064] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.157339] ================================================================== [ 15.304512] ================================================================== [ 15.305301] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 15.305999] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.306856] [ 15.306963] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.307023] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.307037] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.307059] Call Trace: [ 15.307089] <TASK> [ 15.307107] dump_stack_lvl+0x73/0xb0 [ 15.307137] print_report+0xd1/0x650 [ 15.307160] ? __virt_addr_valid+0x1db/0x2d0 [ 15.307206] ? kasan_atomics_helper+0x218a/0x5450 [ 15.307228] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.307250] ? kasan_atomics_helper+0x218a/0x5450 [ 15.307272] kasan_report+0x141/0x180 [ 15.307295] ? kasan_atomics_helper+0x218a/0x5450 [ 15.307321] kasan_check_range+0x10c/0x1c0 [ 15.307345] __kasan_check_write+0x18/0x20 [ 15.307365] kasan_atomics_helper+0x218a/0x5450 [ 15.307413] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.307436] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.307473] ? kasan_atomics+0x152/0x310 [ 15.307500] kasan_atomics+0x1dc/0x310 [ 15.307522] ? __pfx_kasan_atomics+0x10/0x10 [ 15.307558] ? __pfx_read_tsc+0x10/0x10 [ 15.307580] ? ktime_get_ts64+0x86/0x230 [ 15.307606] kunit_try_run_case+0x1a5/0x480 [ 15.307629] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.307652] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.307675] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.307698] ? __kthread_parkme+0x82/0x180 [ 15.307719] ? preempt_count_sub+0x50/0x80 [ 15.307743] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.307767] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.307790] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.307814] kthread+0x337/0x6f0 [ 15.307834] ? trace_preempt_on+0x20/0xc0 [ 15.307858] ? __pfx_kthread+0x10/0x10 [ 15.307879] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.307900] ? calculate_sigpending+0x7b/0xa0 [ 15.307925] ? __pfx_kthread+0x10/0x10 [ 15.307959] ret_from_fork+0x116/0x1d0 [ 15.307978] ? __pfx_kthread+0x10/0x10 [ 15.307999] ret_from_fork_asm+0x1a/0x30 [ 15.308030] </TASK> [ 15.308042] [ 15.320483] Allocated by task 290: [ 15.320657] kasan_save_stack+0x45/0x70 [ 15.321122] kasan_save_track+0x18/0x40 [ 15.321347] kasan_save_alloc_info+0x3b/0x50 [ 15.321816] __kasan_kmalloc+0xb7/0xc0 [ 15.321988] __kmalloc_cache_noprof+0x189/0x420 [ 15.322140] kasan_atomics+0x95/0x310 [ 15.322267] kunit_try_run_case+0x1a5/0x480 [ 15.322450] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.322908] kthread+0x337/0x6f0 [ 15.323222] ret_from_fork+0x116/0x1d0 [ 15.323632] ret_from_fork_asm+0x1a/0x30 [ 15.324042] [ 15.324195] The buggy address belongs to the object at ffff8881028d8d80 [ 15.324195] which belongs to the cache kmalloc-64 of size 64 [ 15.325228] The buggy address is located 0 bytes to the right of [ 15.325228] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.325762] [ 15.325831] The buggy address belongs to the physical page: [ 15.326008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.326243] flags: 0x200000000000000(node=0|zone=2) [ 15.326425] page_type: f5(slab) [ 15.326705] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.327328] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.327993] page dumped because: kasan: bad access detected [ 15.328464] [ 15.328624] Memory state around the buggy address: [ 15.329042] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.329662] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.330285] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.330958] ^ [ 15.331383] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.331634] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.331839] ================================================================== [ 15.110856] ================================================================== [ 15.111186] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 15.111864] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 15.112390] [ 15.112652] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 15.112704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.112717] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.112738] Call Trace: [ 15.112754] <TASK> [ 15.112770] dump_stack_lvl+0x73/0xb0 [ 15.112801] print_report+0xd1/0x650 [ 15.112824] ? __virt_addr_valid+0x1db/0x2d0 [ 15.112848] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.112869] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.112892] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.112914] kasan_report+0x141/0x180 [ 15.112951] ? kasan_atomics_helper+0x1e12/0x5450 [ 15.112976] kasan_check_range+0x10c/0x1c0 [ 15.113000] __kasan_check_write+0x18/0x20 [ 15.113019] kasan_atomics_helper+0x1e12/0x5450 [ 15.113041] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 15.113064] ? __kmalloc_cache_noprof+0x189/0x420 [ 15.113089] ? kasan_atomics+0x152/0x310 [ 15.113114] kasan_atomics+0x1dc/0x310 [ 15.113137] ? __pfx_kasan_atomics+0x10/0x10 [ 15.113162] ? __pfx_read_tsc+0x10/0x10 [ 15.113183] ? ktime_get_ts64+0x86/0x230 [ 15.113210] kunit_try_run_case+0x1a5/0x480 [ 15.113234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.113255] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.113279] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.113302] ? __kthread_parkme+0x82/0x180 [ 15.113322] ? preempt_count_sub+0x50/0x80 [ 15.113346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.113370] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.113394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.113416] kthread+0x337/0x6f0 [ 15.113436] ? trace_preempt_on+0x20/0xc0 [ 15.113460] ? __pfx_kthread+0x10/0x10 [ 15.113481] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.113502] ? calculate_sigpending+0x7b/0xa0 [ 15.113526] ? __pfx_kthread+0x10/0x10 [ 15.113548] ret_from_fork+0x116/0x1d0 [ 15.113566] ? __pfx_kthread+0x10/0x10 [ 15.113587] ret_from_fork_asm+0x1a/0x30 [ 15.113618] </TASK> [ 15.113629] [ 15.124006] Allocated by task 290: [ 15.124186] kasan_save_stack+0x45/0x70 [ 15.124333] kasan_save_track+0x18/0x40 [ 15.124662] kasan_save_alloc_info+0x3b/0x50 [ 15.124970] __kasan_kmalloc+0xb7/0xc0 [ 15.125156] __kmalloc_cache_noprof+0x189/0x420 [ 15.125515] kasan_atomics+0x95/0x310 [ 15.125794] kunit_try_run_case+0x1a5/0x480 [ 15.125993] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.126367] kthread+0x337/0x6f0 [ 15.126620] ret_from_fork+0x116/0x1d0 [ 15.126770] ret_from_fork_asm+0x1a/0x30 [ 15.126983] [ 15.127076] The buggy address belongs to the object at ffff8881028d8d80 [ 15.127076] which belongs to the cache kmalloc-64 of size 64 [ 15.127578] The buggy address is located 0 bytes to the right of [ 15.127578] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 15.128467] [ 15.128652] The buggy address belongs to the physical page: [ 15.128963] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 15.129360] flags: 0x200000000000000(node=0|zone=2) [ 15.129585] page_type: f5(slab) [ 15.129874] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 15.130281] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 15.130720] page dumped because: kasan: bad access detected [ 15.131069] [ 15.131170] Memory state around the buggy address: [ 15.131376] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.131828] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 15.132222] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 15.132532] ^ [ 15.132859] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.133177] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.133483] ================================================================== [ 14.228960] ================================================================== [ 14.229231] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 14.229687] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.230043] [ 14.230150] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.230196] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.230209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.230229] Call Trace: [ 14.230246] <TASK> [ 14.230264] dump_stack_lvl+0x73/0xb0 [ 14.230293] print_report+0xd1/0x650 [ 14.230316] ? __virt_addr_valid+0x1db/0x2d0 [ 14.230340] ? kasan_atomics_helper+0x992/0x5450 [ 14.230361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.230408] ? kasan_atomics_helper+0x992/0x5450 [ 14.230431] kasan_report+0x141/0x180 [ 14.230455] ? kasan_atomics_helper+0x992/0x5450 [ 14.230481] kasan_check_range+0x10c/0x1c0 [ 14.230505] __kasan_check_write+0x18/0x20 [ 14.230524] kasan_atomics_helper+0x992/0x5450 [ 14.230547] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.230568] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.230594] ? kasan_atomics+0x152/0x310 [ 14.230620] kasan_atomics+0x1dc/0x310 [ 14.230642] ? __pfx_kasan_atomics+0x10/0x10 [ 14.230667] ? __pfx_read_tsc+0x10/0x10 [ 14.230689] ? ktime_get_ts64+0x86/0x230 [ 14.230717] kunit_try_run_case+0x1a5/0x480 [ 14.230741] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.230763] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.230786] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.230809] ? __kthread_parkme+0x82/0x180 [ 14.230830] ? preempt_count_sub+0x50/0x80 [ 14.230854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.230878] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.230901] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.230926] kthread+0x337/0x6f0 [ 14.230957] ? trace_preempt_on+0x20/0xc0 [ 14.230982] ? __pfx_kthread+0x10/0x10 [ 14.231003] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.231024] ? calculate_sigpending+0x7b/0xa0 [ 14.231048] ? __pfx_kthread+0x10/0x10 [ 14.231070] ret_from_fork+0x116/0x1d0 [ 14.231089] ? __pfx_kthread+0x10/0x10 [ 14.231110] ret_from_fork_asm+0x1a/0x30 [ 14.231142] </TASK> [ 14.231153] [ 14.243096] Allocated by task 290: [ 14.243292] kasan_save_stack+0x45/0x70 [ 14.243552] kasan_save_track+0x18/0x40 [ 14.243732] kasan_save_alloc_info+0x3b/0x50 [ 14.243918] __kasan_kmalloc+0xb7/0xc0 [ 14.244058] __kmalloc_cache_noprof+0x189/0x420 [ 14.244207] kasan_atomics+0x95/0x310 [ 14.244397] kunit_try_run_case+0x1a5/0x480 [ 14.244690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.244857] kthread+0x337/0x6f0 [ 14.245183] ret_from_fork+0x116/0x1d0 [ 14.245387] ret_from_fork_asm+0x1a/0x30 [ 14.245562] [ 14.246039] The buggy address belongs to the object at ffff8881028d8d80 [ 14.246039] which belongs to the cache kmalloc-64 of size 64 [ 14.246926] The buggy address is located 0 bytes to the right of [ 14.246926] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.247542] [ 14.247638] The buggy address belongs to the physical page: [ 14.247851] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.248194] flags: 0x200000000000000(node=0|zone=2) [ 14.248410] page_type: f5(slab) [ 14.248996] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.249295] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.249995] page dumped because: kasan: bad access detected [ 14.250322] [ 14.250432] Memory state around the buggy address: [ 14.251030] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.251322] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.251881] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.252168] ^ [ 14.252460] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.252697] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.253016] ================================================================== [ 14.426300] ================================================================== [ 14.427100] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.427525] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.427897] [ 14.427997] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.428263] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.428278] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.428299] Call Trace: [ 14.428318] <TASK> [ 14.428335] dump_stack_lvl+0x73/0xb0 [ 14.428365] print_report+0xd1/0x650 [ 14.428399] ? __virt_addr_valid+0x1db/0x2d0 [ 14.428422] ? kasan_atomics_helper+0xe78/0x5450 [ 14.428443] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.428468] ? kasan_atomics_helper+0xe78/0x5450 [ 14.428489] kasan_report+0x141/0x180 [ 14.428511] ? kasan_atomics_helper+0xe78/0x5450 [ 14.428537] kasan_check_range+0x10c/0x1c0 [ 14.428561] __kasan_check_write+0x18/0x20 [ 14.428581] kasan_atomics_helper+0xe78/0x5450 [ 14.428603] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.428625] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.428650] ? kasan_atomics+0x152/0x310 [ 14.428676] kasan_atomics+0x1dc/0x310 [ 14.428699] ? __pfx_kasan_atomics+0x10/0x10 [ 14.428722] ? __pfx_read_tsc+0x10/0x10 [ 14.428744] ? ktime_get_ts64+0x86/0x230 [ 14.428770] kunit_try_run_case+0x1a5/0x480 [ 14.428795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.428817] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.428839] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.428877] ? __kthread_parkme+0x82/0x180 [ 14.428898] ? preempt_count_sub+0x50/0x80 [ 14.428922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.428965] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.428989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.429013] kthread+0x337/0x6f0 [ 14.429044] ? trace_preempt_on+0x20/0xc0 [ 14.429069] ? __pfx_kthread+0x10/0x10 [ 14.429090] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.429122] ? calculate_sigpending+0x7b/0xa0 [ 14.429146] ? __pfx_kthread+0x10/0x10 [ 14.429168] ret_from_fork+0x116/0x1d0 [ 14.429198] ? __pfx_kthread+0x10/0x10 [ 14.429218] ret_from_fork_asm+0x1a/0x30 [ 14.429273] </TASK> [ 14.429285] [ 14.440356] Allocated by task 290: [ 14.440559] kasan_save_stack+0x45/0x70 [ 14.440777] kasan_save_track+0x18/0x40 [ 14.441008] kasan_save_alloc_info+0x3b/0x50 [ 14.441170] __kasan_kmalloc+0xb7/0xc0 [ 14.441299] __kmalloc_cache_noprof+0x189/0x420 [ 14.441636] kasan_atomics+0x95/0x310 [ 14.441837] kunit_try_run_case+0x1a5/0x480 [ 14.442090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.442364] kthread+0x337/0x6f0 [ 14.442522] ret_from_fork+0x116/0x1d0 [ 14.442682] ret_from_fork_asm+0x1a/0x30 [ 14.442851] [ 14.442952] The buggy address belongs to the object at ffff8881028d8d80 [ 14.442952] which belongs to the cache kmalloc-64 of size 64 [ 14.443441] The buggy address is located 0 bytes to the right of [ 14.443441] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.443981] [ 14.444058] The buggy address belongs to the physical page: [ 14.444304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.444663] flags: 0x200000000000000(node=0|zone=2) [ 14.444891] page_type: f5(slab) [ 14.445069] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.445316] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.445535] page dumped because: kasan: bad access detected [ 14.445758] [ 14.445858] Memory state around the buggy address: [ 14.446080] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.446365] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.446573] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.446778] ^ [ 14.447125] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.447497] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.447817] ================================================================== [ 14.918024] ================================================================== [ 14.918621] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 14.918876] Write of size 8 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.919107] [ 14.919190] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.919236] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.919248] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.919270] Call Trace: [ 14.919289] <TASK> [ 14.919308] dump_stack_lvl+0x73/0xb0 [ 14.919335] print_report+0xd1/0x650 [ 14.919357] ? __virt_addr_valid+0x1db/0x2d0 [ 14.919380] ? kasan_atomics_helper+0x194a/0x5450 [ 14.919412] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.919434] ? kasan_atomics_helper+0x194a/0x5450 [ 14.919456] kasan_report+0x141/0x180 [ 14.919478] ? kasan_atomics_helper+0x194a/0x5450 [ 14.919504] kasan_check_range+0x10c/0x1c0 [ 14.919527] __kasan_check_write+0x18/0x20 [ 14.919547] kasan_atomics_helper+0x194a/0x5450 [ 14.919569] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.919591] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.919616] ? kasan_atomics+0x152/0x310 [ 14.919642] kasan_atomics+0x1dc/0x310 [ 14.919665] ? __pfx_kasan_atomics+0x10/0x10 [ 14.919690] ? __pfx_read_tsc+0x10/0x10 [ 14.919712] ? ktime_get_ts64+0x86/0x230 [ 14.919737] kunit_try_run_case+0x1a5/0x480 [ 14.919761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.919784] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.919807] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.919829] ? __kthread_parkme+0x82/0x180 [ 14.919850] ? preempt_count_sub+0x50/0x80 [ 14.919874] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.919897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.919922] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.919957] kthread+0x337/0x6f0 [ 14.919977] ? trace_preempt_on+0x20/0xc0 [ 14.920002] ? __pfx_kthread+0x10/0x10 [ 14.920023] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.920044] ? calculate_sigpending+0x7b/0xa0 [ 14.920068] ? __pfx_kthread+0x10/0x10 [ 14.920090] ret_from_fork+0x116/0x1d0 [ 14.920108] ? __pfx_kthread+0x10/0x10 [ 14.920129] ret_from_fork_asm+0x1a/0x30 [ 14.920161] </TASK> [ 14.920172] [ 14.932148] Allocated by task 290: [ 14.932303] kasan_save_stack+0x45/0x70 [ 14.932533] kasan_save_track+0x18/0x40 [ 14.932661] kasan_save_alloc_info+0x3b/0x50 [ 14.932802] __kasan_kmalloc+0xb7/0xc0 [ 14.933001] __kmalloc_cache_noprof+0x189/0x420 [ 14.933220] kasan_atomics+0x95/0x310 [ 14.933367] kunit_try_run_case+0x1a5/0x480 [ 14.933557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.933731] kthread+0x337/0x6f0 [ 14.933845] ret_from_fork+0x116/0x1d0 [ 14.934037] ret_from_fork_asm+0x1a/0x30 [ 14.934237] [ 14.934330] The buggy address belongs to the object at ffff8881028d8d80 [ 14.934330] which belongs to the cache kmalloc-64 of size 64 [ 14.934991] The buggy address is located 0 bytes to the right of [ 14.934991] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.935380] [ 14.935448] The buggy address belongs to the physical page: [ 14.935692] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.936045] flags: 0x200000000000000(node=0|zone=2) [ 14.936247] page_type: f5(slab) [ 14.936376] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.936647] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.936913] page dumped because: kasan: bad access detected [ 14.937172] [ 14.937261] Memory state around the buggy address: [ 14.937484] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.937752] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.938058] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.938315] ^ [ 14.938567] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.938836] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.939089] ================================================================== [ 14.624068] ================================================================== [ 14.624652] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.625017] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.625345] [ 14.625449] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.625497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.625509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.625531] Call Trace: [ 14.625551] <TASK> [ 14.625570] dump_stack_lvl+0x73/0xb0 [ 14.625599] print_report+0xd1/0x650 [ 14.625622] ? __virt_addr_valid+0x1db/0x2d0 [ 14.625645] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.625666] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.625694] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.625716] kasan_report+0x141/0x180 [ 14.625739] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.625765] kasan_check_range+0x10c/0x1c0 [ 14.625789] __kasan_check_write+0x18/0x20 [ 14.625808] kasan_atomics_helper+0x12e6/0x5450 [ 14.625830] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.625853] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.625877] ? kasan_atomics+0x152/0x310 [ 14.625903] kasan_atomics+0x1dc/0x310 [ 14.625926] ? __pfx_kasan_atomics+0x10/0x10 [ 14.625960] ? __pfx_read_tsc+0x10/0x10 [ 14.625981] ? ktime_get_ts64+0x86/0x230 [ 14.626007] kunit_try_run_case+0x1a5/0x480 [ 14.626032] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.626066] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.626089] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.626111] ? __kthread_parkme+0x82/0x180 [ 14.626143] ? preempt_count_sub+0x50/0x80 [ 14.626167] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.626191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.626214] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.626237] kthread+0x337/0x6f0 [ 14.626258] ? trace_preempt_on+0x20/0xc0 [ 14.626282] ? __pfx_kthread+0x10/0x10 [ 14.626303] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.626323] ? calculate_sigpending+0x7b/0xa0 [ 14.626348] ? __pfx_kthread+0x10/0x10 [ 14.626369] ret_from_fork+0x116/0x1d0 [ 14.626398] ? __pfx_kthread+0x10/0x10 [ 14.626420] ret_from_fork_asm+0x1a/0x30 [ 14.626451] </TASK> [ 14.626462] [ 14.634030] Allocated by task 290: [ 14.634178] kasan_save_stack+0x45/0x70 [ 14.634318] kasan_save_track+0x18/0x40 [ 14.634538] kasan_save_alloc_info+0x3b/0x50 [ 14.634798] __kasan_kmalloc+0xb7/0xc0 [ 14.634965] __kmalloc_cache_noprof+0x189/0x420 [ 14.635116] kasan_atomics+0x95/0x310 [ 14.635254] kunit_try_run_case+0x1a5/0x480 [ 14.635573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.635871] kthread+0x337/0x6f0 [ 14.636068] ret_from_fork+0x116/0x1d0 [ 14.636276] ret_from_fork_asm+0x1a/0x30 [ 14.636496] [ 14.636564] The buggy address belongs to the object at ffff8881028d8d80 [ 14.636564] which belongs to the cache kmalloc-64 of size 64 [ 14.637069] The buggy address is located 0 bytes to the right of [ 14.637069] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.637629] [ 14.637726] The buggy address belongs to the physical page: [ 14.637926] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.638258] flags: 0x200000000000000(node=0|zone=2) [ 14.638523] page_type: f5(slab) [ 14.638682] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.639023] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.639337] page dumped because: kasan: bad access detected [ 14.639580] [ 14.639645] Memory state around the buggy address: [ 14.639794] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.640016] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.640225] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.640487] ^ [ 14.640742] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.641113] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.641465] ================================================================== [ 14.466959] ================================================================== [ 14.467308] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.467651] Write of size 4 at addr ffff8881028d8db0 by task kunit_try_catch/290 [ 14.467942] [ 14.468067] CPU: 1 UID: 0 PID: 290 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 14.468113] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.468126] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.468148] Call Trace: [ 14.468165] <TASK> [ 14.468182] dump_stack_lvl+0x73/0xb0 [ 14.468210] print_report+0xd1/0x650 [ 14.468232] ? __virt_addr_valid+0x1db/0x2d0 [ 14.468256] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.468277] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.468299] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.468321] kasan_report+0x141/0x180 [ 14.468343] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.468369] kasan_check_range+0x10c/0x1c0 [ 14.468404] __kasan_check_write+0x18/0x20 [ 14.468424] kasan_atomics_helper+0xfa9/0x5450 [ 14.468447] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.468469] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.468494] ? kasan_atomics+0x152/0x310 [ 14.468521] kasan_atomics+0x1dc/0x310 [ 14.468544] ? __pfx_kasan_atomics+0x10/0x10 [ 14.468579] ? __pfx_read_tsc+0x10/0x10 [ 14.468601] ? ktime_get_ts64+0x86/0x230 [ 14.468627] kunit_try_run_case+0x1a5/0x480 [ 14.468663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.468685] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.468708] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.468731] ? __kthread_parkme+0x82/0x180 [ 14.468752] ? preempt_count_sub+0x50/0x80 [ 14.468776] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.468800] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.468823] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.468847] kthread+0x337/0x6f0 [ 14.468867] ? trace_preempt_on+0x20/0xc0 [ 14.468892] ? __pfx_kthread+0x10/0x10 [ 14.468921] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.468952] ? calculate_sigpending+0x7b/0xa0 [ 14.468976] ? __pfx_kthread+0x10/0x10 [ 14.469009] ret_from_fork+0x116/0x1d0 [ 14.469028] ? __pfx_kthread+0x10/0x10 [ 14.469049] ret_from_fork_asm+0x1a/0x30 [ 14.469080] </TASK> [ 14.469092] [ 14.477836] Allocated by task 290: [ 14.479724] kasan_save_stack+0x45/0x70 [ 14.480592] kasan_save_track+0x18/0x40 [ 14.481295] kasan_save_alloc_info+0x3b/0x50 [ 14.482003] __kasan_kmalloc+0xb7/0xc0 [ 14.482741] __kmalloc_cache_noprof+0x189/0x420 [ 14.483156] kasan_atomics+0x95/0x310 [ 14.483359] kunit_try_run_case+0x1a5/0x480 [ 14.483557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.484002] kthread+0x337/0x6f0 [ 14.484158] ret_from_fork+0x116/0x1d0 [ 14.484465] ret_from_fork_asm+0x1a/0x30 [ 14.484662] [ 14.484825] The buggy address belongs to the object at ffff8881028d8d80 [ 14.484825] which belongs to the cache kmalloc-64 of size 64 [ 14.485450] The buggy address is located 0 bytes to the right of [ 14.485450] allocated 48-byte region [ffff8881028d8d80, ffff8881028d8db0) [ 14.486219] [ 14.486299] The buggy address belongs to the physical page: [ 14.486654] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d8 [ 14.487325] flags: 0x200000000000000(node=0|zone=2) [ 14.487800] page_type: f5(slab) [ 14.488099] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.488370] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.489016] page dumped because: kasan: bad access detected [ 14.489497] [ 14.489615] Memory state around the buggy address: [ 14.489771] ffff8881028d8c80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.489990] ffff8881028d8d00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.490199] >ffff8881028d8d80: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.490410] ^ [ 14.490559] ffff8881028d8e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.491028] ffff8881028d8e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.491276] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.742993] ================================================================== [ 13.743301] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.744227] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.745066] [ 13.745180] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.745224] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.745236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.745256] Call Trace: [ 13.745272] <TASK> [ 13.745286] dump_stack_lvl+0x73/0xb0 [ 13.745315] print_report+0xd1/0x650 [ 13.745336] ? __virt_addr_valid+0x1db/0x2d0 [ 13.745357] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.745383] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.745666] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.745702] kasan_report+0x141/0x180 [ 13.745725] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.745755] kasan_check_range+0x10c/0x1c0 [ 13.745778] __kasan_check_write+0x18/0x20 [ 13.745796] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.745822] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.745849] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.745872] ? trace_hardirqs_on+0x37/0xe0 [ 13.745893] ? kasan_bitops_generic+0x92/0x1c0 [ 13.745918] kasan_bitops_generic+0x121/0x1c0 [ 13.745952] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.745976] ? __pfx_read_tsc+0x10/0x10 [ 13.745996] ? ktime_get_ts64+0x86/0x230 [ 13.746020] kunit_try_run_case+0x1a5/0x480 [ 13.746043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.746065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.746087] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.746108] ? __kthread_parkme+0x82/0x180 [ 13.746128] ? preempt_count_sub+0x50/0x80 [ 13.746150] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.746173] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.746195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.746217] kthread+0x337/0x6f0 [ 13.746236] ? trace_preempt_on+0x20/0xc0 [ 13.746257] ? __pfx_kthread+0x10/0x10 [ 13.746277] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.746298] ? calculate_sigpending+0x7b/0xa0 [ 13.746322] ? __pfx_kthread+0x10/0x10 [ 13.746343] ret_from_fork+0x116/0x1d0 [ 13.746361] ? __pfx_kthread+0x10/0x10 [ 13.746381] ret_from_fork_asm+0x1a/0x30 [ 13.746465] </TASK> [ 13.746476] [ 13.757250] Allocated by task 286: [ 13.757862] kasan_save_stack+0x45/0x70 [ 13.758046] kasan_save_track+0x18/0x40 [ 13.758208] kasan_save_alloc_info+0x3b/0x50 [ 13.758573] __kasan_kmalloc+0xb7/0xc0 [ 13.758766] __kmalloc_cache_noprof+0x189/0x420 [ 13.758981] kasan_bitops_generic+0x92/0x1c0 [ 13.759175] kunit_try_run_case+0x1a5/0x480 [ 13.759362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.759662] kthread+0x337/0x6f0 [ 13.759815] ret_from_fork+0x116/0x1d0 [ 13.759990] ret_from_fork_asm+0x1a/0x30 [ 13.760166] [ 13.760251] The buggy address belongs to the object at ffff8881025394a0 [ 13.760251] which belongs to the cache kmalloc-16 of size 16 [ 13.761238] The buggy address is located 8 bytes inside of [ 13.761238] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.761979] [ 13.762078] The buggy address belongs to the physical page: [ 13.762310] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.762832] flags: 0x200000000000000(node=0|zone=2) [ 13.763078] page_type: f5(slab) [ 13.763232] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.763651] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.763968] page dumped because: kasan: bad access detected [ 13.764202] [ 13.764285] Memory state around the buggy address: [ 13.764547] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.764833] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.765123] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.765459] ^ [ 13.765657] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.765940] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.766165] ================================================================== [ 13.789240] ================================================================== [ 13.789661] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.790084] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.790355] [ 13.790519] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.790564] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.790574] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.790594] Call Trace: [ 13.790611] <TASK> [ 13.790627] dump_stack_lvl+0x73/0xb0 [ 13.790655] print_report+0xd1/0x650 [ 13.790675] ? __virt_addr_valid+0x1db/0x2d0 [ 13.790697] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.790723] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.790744] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.790770] kasan_report+0x141/0x180 [ 13.790790] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.790821] kasan_check_range+0x10c/0x1c0 [ 13.790843] __kasan_check_write+0x18/0x20 [ 13.790861] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.790888] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.790915] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.790949] ? trace_hardirqs_on+0x37/0xe0 [ 13.790971] ? kasan_bitops_generic+0x92/0x1c0 [ 13.790997] kasan_bitops_generic+0x121/0x1c0 [ 13.791020] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.791044] ? __pfx_read_tsc+0x10/0x10 [ 13.791064] ? ktime_get_ts64+0x86/0x230 [ 13.791097] kunit_try_run_case+0x1a5/0x480 [ 13.791122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.791143] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.791166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.791187] ? __kthread_parkme+0x82/0x180 [ 13.791206] ? preempt_count_sub+0x50/0x80 [ 13.791229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.791252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.791274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.791296] kthread+0x337/0x6f0 [ 13.791315] ? trace_preempt_on+0x20/0xc0 [ 13.791336] ? __pfx_kthread+0x10/0x10 [ 13.791357] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.791376] ? calculate_sigpending+0x7b/0xa0 [ 13.791399] ? __pfx_kthread+0x10/0x10 [ 13.791419] ret_from_fork+0x116/0x1d0 [ 13.791437] ? __pfx_kthread+0x10/0x10 [ 13.791456] ret_from_fork_asm+0x1a/0x30 [ 13.791486] </TASK> [ 13.791496] [ 13.800053] Allocated by task 286: [ 13.800174] kasan_save_stack+0x45/0x70 [ 13.800307] kasan_save_track+0x18/0x40 [ 13.800642] kasan_save_alloc_info+0x3b/0x50 [ 13.800852] __kasan_kmalloc+0xb7/0xc0 [ 13.801051] __kmalloc_cache_noprof+0x189/0x420 [ 13.801267] kasan_bitops_generic+0x92/0x1c0 [ 13.801588] kunit_try_run_case+0x1a5/0x480 [ 13.801892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.802150] kthread+0x337/0x6f0 [ 13.802266] ret_from_fork+0x116/0x1d0 [ 13.802494] ret_from_fork_asm+0x1a/0x30 [ 13.802704] [ 13.802789] The buggy address belongs to the object at ffff8881025394a0 [ 13.802789] which belongs to the cache kmalloc-16 of size 16 [ 13.803237] The buggy address is located 8 bytes inside of [ 13.803237] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.803717] [ 13.803807] The buggy address belongs to the physical page: [ 13.804076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.804391] flags: 0x200000000000000(node=0|zone=2) [ 13.804612] page_type: f5(slab) [ 13.804739] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.805077] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.805294] page dumped because: kasan: bad access detected [ 13.805616] [ 13.805706] Memory state around the buggy address: [ 13.805959] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.806212] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.806419] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.806989] ^ [ 13.807145] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.807500] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.807764] ================================================================== [ 13.827591] ================================================================== [ 13.827951] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.828270] Read of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.829331] [ 13.829579] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.829638] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.829650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.829673] Call Trace: [ 13.829696] <TASK> [ 13.829714] dump_stack_lvl+0x73/0xb0 [ 13.829746] print_report+0xd1/0x650 [ 13.829767] ? __virt_addr_valid+0x1db/0x2d0 [ 13.829789] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.829815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.829835] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.829862] kasan_report+0x141/0x180 [ 13.829883] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.829914] kasan_check_range+0x10c/0x1c0 [ 13.829946] __kasan_check_read+0x15/0x20 [ 13.829964] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.829991] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.830018] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.830041] ? trace_hardirqs_on+0x37/0xe0 [ 13.830063] ? kasan_bitops_generic+0x92/0x1c0 [ 13.830089] kasan_bitops_generic+0x121/0x1c0 [ 13.830112] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.830135] ? __pfx_read_tsc+0x10/0x10 [ 13.830156] ? ktime_get_ts64+0x86/0x230 [ 13.830181] kunit_try_run_case+0x1a5/0x480 [ 13.830205] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.830226] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.830249] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.830271] ? __kthread_parkme+0x82/0x180 [ 13.830291] ? preempt_count_sub+0x50/0x80 [ 13.830314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.830336] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.830358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.830513] kthread+0x337/0x6f0 [ 13.830540] ? trace_preempt_on+0x20/0xc0 [ 13.830563] ? __pfx_kthread+0x10/0x10 [ 13.830583] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.830603] ? calculate_sigpending+0x7b/0xa0 [ 13.830628] ? __pfx_kthread+0x10/0x10 [ 13.830691] ret_from_fork+0x116/0x1d0 [ 13.830710] ? __pfx_kthread+0x10/0x10 [ 13.830730] ret_from_fork_asm+0x1a/0x30 [ 13.830760] </TASK> [ 13.830772] [ 13.841332] Allocated by task 286: [ 13.841497] kasan_save_stack+0x45/0x70 [ 13.841672] kasan_save_track+0x18/0x40 [ 13.841806] kasan_save_alloc_info+0x3b/0x50 [ 13.842057] __kasan_kmalloc+0xb7/0xc0 [ 13.842349] __kmalloc_cache_noprof+0x189/0x420 [ 13.842582] kasan_bitops_generic+0x92/0x1c0 [ 13.842815] kunit_try_run_case+0x1a5/0x480 [ 13.843056] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.843225] kthread+0x337/0x6f0 [ 13.843414] ret_from_fork+0x116/0x1d0 [ 13.843597] ret_from_fork_asm+0x1a/0x30 [ 13.843772] [ 13.843859] The buggy address belongs to the object at ffff8881025394a0 [ 13.843859] which belongs to the cache kmalloc-16 of size 16 [ 13.844307] The buggy address is located 8 bytes inside of [ 13.844307] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.844781] [ 13.844850] The buggy address belongs to the physical page: [ 13.845029] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.845332] flags: 0x200000000000000(node=0|zone=2) [ 13.845592] page_type: f5(slab) [ 13.845912] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.846236] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.846492] page dumped because: kasan: bad access detected [ 13.846657] [ 13.846720] Memory state around the buggy address: [ 13.846866] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.847159] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.847470] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.847782] ^ [ 13.848022] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.848451] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.848678] ================================================================== [ 13.690259] ================================================================== [ 13.691204] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.693186] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.693621] [ 13.694636] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.694696] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.694708] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.694731] Call Trace: [ 13.694751] <TASK> [ 13.694770] dump_stack_lvl+0x73/0xb0 [ 13.694803] print_report+0xd1/0x650 [ 13.694826] ? __virt_addr_valid+0x1db/0x2d0 [ 13.694850] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.694876] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.694898] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.694923] kasan_report+0x141/0x180 [ 13.694963] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.694994] kasan_check_range+0x10c/0x1c0 [ 13.695016] __kasan_check_write+0x18/0x20 [ 13.695035] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.695062] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.695088] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.695111] ? trace_hardirqs_on+0x37/0xe0 [ 13.695135] ? kasan_bitops_generic+0x92/0x1c0 [ 13.695161] kasan_bitops_generic+0x121/0x1c0 [ 13.695183] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.695208] ? __pfx_read_tsc+0x10/0x10 [ 13.695230] ? ktime_get_ts64+0x86/0x230 [ 13.695256] kunit_try_run_case+0x1a5/0x480 [ 13.695280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.695302] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.695324] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.695346] ? __kthread_parkme+0x82/0x180 [ 13.695366] ? preempt_count_sub+0x50/0x80 [ 13.695460] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.695483] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.695506] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.695529] kthread+0x337/0x6f0 [ 13.695548] ? trace_preempt_on+0x20/0xc0 [ 13.695570] ? __pfx_kthread+0x10/0x10 [ 13.695590] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.695610] ? calculate_sigpending+0x7b/0xa0 [ 13.695634] ? __pfx_kthread+0x10/0x10 [ 13.695654] ret_from_fork+0x116/0x1d0 [ 13.695672] ? __pfx_kthread+0x10/0x10 [ 13.695692] ret_from_fork_asm+0x1a/0x30 [ 13.695722] </TASK> [ 13.695734] [ 13.705331] Allocated by task 286: [ 13.705572] kasan_save_stack+0x45/0x70 [ 13.705764] kasan_save_track+0x18/0x40 [ 13.705920] kasan_save_alloc_info+0x3b/0x50 [ 13.706080] __kasan_kmalloc+0xb7/0xc0 [ 13.706205] __kmalloc_cache_noprof+0x189/0x420 [ 13.706357] kasan_bitops_generic+0x92/0x1c0 [ 13.706863] kunit_try_run_case+0x1a5/0x480 [ 13.707088] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.707257] kthread+0x337/0x6f0 [ 13.707371] ret_from_fork+0x116/0x1d0 [ 13.708015] ret_from_fork_asm+0x1a/0x30 [ 13.708221] [ 13.708313] The buggy address belongs to the object at ffff8881025394a0 [ 13.708313] which belongs to the cache kmalloc-16 of size 16 [ 13.709789] The buggy address is located 8 bytes inside of [ 13.709789] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.710274] [ 13.710371] The buggy address belongs to the physical page: [ 13.710607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.710976] flags: 0x200000000000000(node=0|zone=2) [ 13.711183] page_type: f5(slab) [ 13.711325] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.711657] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.712002] page dumped because: kasan: bad access detected [ 13.712235] [ 13.712309] Memory state around the buggy address: [ 13.712791] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.713041] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.713364] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.713698] ^ [ 13.713912] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.714213] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.714600] ================================================================== [ 13.766766] ================================================================== [ 13.767122] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.767577] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.767802] [ 13.767880] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.767925] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.767948] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.767970] Call Trace: [ 13.767988] <TASK> [ 13.768004] dump_stack_lvl+0x73/0xb0 [ 13.768032] print_report+0xd1/0x650 [ 13.768053] ? __virt_addr_valid+0x1db/0x2d0 [ 13.768075] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.768101] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.768122] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.768148] kasan_report+0x141/0x180 [ 13.768169] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.768200] kasan_check_range+0x10c/0x1c0 [ 13.768222] __kasan_check_write+0x18/0x20 [ 13.768241] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.768266] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.768293] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.768317] ? trace_hardirqs_on+0x37/0xe0 [ 13.768339] ? kasan_bitops_generic+0x92/0x1c0 [ 13.768365] kasan_bitops_generic+0x121/0x1c0 [ 13.768388] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.768413] ? __pfx_read_tsc+0x10/0x10 [ 13.768435] ? ktime_get_ts64+0x86/0x230 [ 13.768459] kunit_try_run_case+0x1a5/0x480 [ 13.768483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.768504] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.768526] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.768549] ? __kthread_parkme+0x82/0x180 [ 13.768568] ? preempt_count_sub+0x50/0x80 [ 13.768592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.768614] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.768636] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.768658] kthread+0x337/0x6f0 [ 13.768677] ? trace_preempt_on+0x20/0xc0 [ 13.768698] ? __pfx_kthread+0x10/0x10 [ 13.768719] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.768738] ? calculate_sigpending+0x7b/0xa0 [ 13.768761] ? __pfx_kthread+0x10/0x10 [ 13.768781] ret_from_fork+0x116/0x1d0 [ 13.768799] ? __pfx_kthread+0x10/0x10 [ 13.768818] ret_from_fork_asm+0x1a/0x30 [ 13.768849] </TASK> [ 13.768859] [ 13.780950] Allocated by task 286: [ 13.781168] kasan_save_stack+0x45/0x70 [ 13.781366] kasan_save_track+0x18/0x40 [ 13.781587] kasan_save_alloc_info+0x3b/0x50 [ 13.781737] __kasan_kmalloc+0xb7/0xc0 [ 13.781999] __kmalloc_cache_noprof+0x189/0x420 [ 13.782222] kasan_bitops_generic+0x92/0x1c0 [ 13.782436] kunit_try_run_case+0x1a5/0x480 [ 13.782708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.783007] kthread+0x337/0x6f0 [ 13.783153] ret_from_fork+0x116/0x1d0 [ 13.783404] ret_from_fork_asm+0x1a/0x30 [ 13.783581] [ 13.783662] The buggy address belongs to the object at ffff8881025394a0 [ 13.783662] which belongs to the cache kmalloc-16 of size 16 [ 13.784130] The buggy address is located 8 bytes inside of [ 13.784130] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.784470] [ 13.784598] The buggy address belongs to the physical page: [ 13.784849] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.785324] flags: 0x200000000000000(node=0|zone=2) [ 13.785541] page_type: f5(slab) [ 13.785672] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.785982] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.786202] page dumped because: kasan: bad access detected [ 13.786364] [ 13.786426] Memory state around the buggy address: [ 13.786571] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.787051] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.787693] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.787965] ^ [ 13.788173] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.788385] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.788693] ================================================================== [ 13.715055] ================================================================== [ 13.715387] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.716086] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.716886] [ 13.717019] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.717072] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.717083] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.717103] Call Trace: [ 13.717120] <TASK> [ 13.717135] dump_stack_lvl+0x73/0xb0 [ 13.717165] print_report+0xd1/0x650 [ 13.717186] ? __virt_addr_valid+0x1db/0x2d0 [ 13.717208] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.717233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.717254] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.717282] kasan_report+0x141/0x180 [ 13.717302] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.717333] kasan_check_range+0x10c/0x1c0 [ 13.717356] __kasan_check_write+0x18/0x20 [ 13.717374] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.717503] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.717538] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.717564] ? trace_hardirqs_on+0x37/0xe0 [ 13.717587] ? kasan_bitops_generic+0x92/0x1c0 [ 13.717613] kasan_bitops_generic+0x121/0x1c0 [ 13.717636] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.717706] ? __pfx_read_tsc+0x10/0x10 [ 13.717726] ? ktime_get_ts64+0x86/0x230 [ 13.717752] kunit_try_run_case+0x1a5/0x480 [ 13.717775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.717796] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.717818] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.717840] ? __kthread_parkme+0x82/0x180 [ 13.717859] ? preempt_count_sub+0x50/0x80 [ 13.717882] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.717904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.717927] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.717959] kthread+0x337/0x6f0 [ 13.717978] ? trace_preempt_on+0x20/0xc0 [ 13.718000] ? __pfx_kthread+0x10/0x10 [ 13.718020] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.718040] ? calculate_sigpending+0x7b/0xa0 [ 13.718064] ? __pfx_kthread+0x10/0x10 [ 13.718085] ret_from_fork+0x116/0x1d0 [ 13.718103] ? __pfx_kthread+0x10/0x10 [ 13.718123] ret_from_fork_asm+0x1a/0x30 [ 13.718153] </TASK> [ 13.718165] [ 13.730330] Allocated by task 286: [ 13.730598] kasan_save_stack+0x45/0x70 [ 13.730790] kasan_save_track+0x18/0x40 [ 13.730977] kasan_save_alloc_info+0x3b/0x50 [ 13.731170] __kasan_kmalloc+0xb7/0xc0 [ 13.731341] __kmalloc_cache_noprof+0x189/0x420 [ 13.731585] kasan_bitops_generic+0x92/0x1c0 [ 13.731775] kunit_try_run_case+0x1a5/0x480 [ 13.731971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.732201] kthread+0x337/0x6f0 [ 13.732351] ret_from_fork+0x116/0x1d0 [ 13.733262] ret_from_fork_asm+0x1a/0x30 [ 13.733762] [ 13.733876] The buggy address belongs to the object at ffff8881025394a0 [ 13.733876] which belongs to the cache kmalloc-16 of size 16 [ 13.734832] The buggy address is located 8 bytes inside of [ 13.734832] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.735328] [ 13.735762] The buggy address belongs to the physical page: [ 13.736099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.736785] flags: 0x200000000000000(node=0|zone=2) [ 13.737240] page_type: f5(slab) [ 13.737581] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.737906] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.738214] page dumped because: kasan: bad access detected [ 13.738754] [ 13.739012] Memory state around the buggy address: [ 13.739349] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.739716] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.740019] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.740297] ^ [ 13.740946] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.741376] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.742094] ================================================================== [ 13.671087] ================================================================== [ 13.671605] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.671978] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.672250] [ 13.672351] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.672393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.672456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.672476] Call Trace: [ 13.672489] <TASK> [ 13.672504] dump_stack_lvl+0x73/0xb0 [ 13.672529] print_report+0xd1/0x650 [ 13.672550] ? __virt_addr_valid+0x1db/0x2d0 [ 13.672571] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.672597] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.672617] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.672644] kasan_report+0x141/0x180 [ 13.672665] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.672696] kasan_check_range+0x10c/0x1c0 [ 13.672719] __kasan_check_write+0x18/0x20 [ 13.672737] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.672763] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.672791] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.672814] ? trace_hardirqs_on+0x37/0xe0 [ 13.672835] ? kasan_bitops_generic+0x92/0x1c0 [ 13.672861] kasan_bitops_generic+0x121/0x1c0 [ 13.672884] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.672908] ? __pfx_read_tsc+0x10/0x10 [ 13.672928] ? ktime_get_ts64+0x86/0x230 [ 13.672966] kunit_try_run_case+0x1a5/0x480 [ 13.672989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.673010] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.673032] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.673054] ? __kthread_parkme+0x82/0x180 [ 13.673074] ? preempt_count_sub+0x50/0x80 [ 13.673096] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.673119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.673141] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.673163] kthread+0x337/0x6f0 [ 13.673182] ? trace_preempt_on+0x20/0xc0 [ 13.673203] ? __pfx_kthread+0x10/0x10 [ 13.673224] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.673243] ? calculate_sigpending+0x7b/0xa0 [ 13.673267] ? __pfx_kthread+0x10/0x10 [ 13.673288] ret_from_fork+0x116/0x1d0 [ 13.673305] ? __pfx_kthread+0x10/0x10 [ 13.673325] ret_from_fork_asm+0x1a/0x30 [ 13.673355] </TASK> [ 13.673366] [ 13.681699] Allocated by task 286: [ 13.681856] kasan_save_stack+0x45/0x70 [ 13.682010] kasan_save_track+0x18/0x40 [ 13.682140] kasan_save_alloc_info+0x3b/0x50 [ 13.682280] __kasan_kmalloc+0xb7/0xc0 [ 13.682403] __kmalloc_cache_noprof+0x189/0x420 [ 13.682778] kasan_bitops_generic+0x92/0x1c0 [ 13.683004] kunit_try_run_case+0x1a5/0x480 [ 13.683211] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.683450] kthread+0x337/0x6f0 [ 13.683615] ret_from_fork+0x116/0x1d0 [ 13.683768] ret_from_fork_asm+0x1a/0x30 [ 13.683900] [ 13.683972] The buggy address belongs to the object at ffff8881025394a0 [ 13.683972] which belongs to the cache kmalloc-16 of size 16 [ 13.684336] The buggy address is located 8 bytes inside of [ 13.684336] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.685747] [ 13.685844] The buggy address belongs to the physical page: [ 13.686090] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.686489] flags: 0x200000000000000(node=0|zone=2) [ 13.686659] page_type: f5(slab) [ 13.686778] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.687104] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.687502] page dumped because: kasan: bad access detected [ 13.687726] [ 13.687791] Memory state around the buggy address: [ 13.687998] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.688207] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.688501] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.688825] ^ [ 13.689052] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.689372] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.689797] ================================================================== [ 13.849143] ================================================================== [ 13.849425] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.849701] Read of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.849992] [ 13.850095] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.850138] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.850148] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.850167] Call Trace: [ 13.850183] <TASK> [ 13.850197] dump_stack_lvl+0x73/0xb0 [ 13.850222] print_report+0xd1/0x650 [ 13.850244] ? __virt_addr_valid+0x1db/0x2d0 [ 13.850266] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850293] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.850315] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850341] kasan_report+0x141/0x180 [ 13.850362] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850418] __asan_report_load8_noabort+0x18/0x20 [ 13.850442] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.850468] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.850495] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.850518] ? trace_hardirqs_on+0x37/0xe0 [ 13.850541] ? kasan_bitops_generic+0x92/0x1c0 [ 13.850567] kasan_bitops_generic+0x121/0x1c0 [ 13.850589] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.850613] ? __pfx_read_tsc+0x10/0x10 [ 13.850633] ? ktime_get_ts64+0x86/0x230 [ 13.850657] kunit_try_run_case+0x1a5/0x480 [ 13.850680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.850701] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.850723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.850744] ? __kthread_parkme+0x82/0x180 [ 13.850763] ? preempt_count_sub+0x50/0x80 [ 13.850787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.850809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.850831] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.850853] kthread+0x337/0x6f0 [ 13.850872] ? trace_preempt_on+0x20/0xc0 [ 13.850894] ? __pfx_kthread+0x10/0x10 [ 13.850913] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.850941] ? calculate_sigpending+0x7b/0xa0 [ 13.850965] ? __pfx_kthread+0x10/0x10 [ 13.850986] ret_from_fork+0x116/0x1d0 [ 13.851004] ? __pfx_kthread+0x10/0x10 [ 13.851024] ret_from_fork_asm+0x1a/0x30 [ 13.851054] </TASK> [ 13.851064] [ 13.859273] Allocated by task 286: [ 13.859515] kasan_save_stack+0x45/0x70 [ 13.859703] kasan_save_track+0x18/0x40 [ 13.859877] kasan_save_alloc_info+0x3b/0x50 [ 13.860051] __kasan_kmalloc+0xb7/0xc0 [ 13.860176] __kmalloc_cache_noprof+0x189/0x420 [ 13.860323] kasan_bitops_generic+0x92/0x1c0 [ 13.860464] kunit_try_run_case+0x1a5/0x480 [ 13.860669] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.860911] kthread+0x337/0x6f0 [ 13.861083] ret_from_fork+0x116/0x1d0 [ 13.861274] ret_from_fork_asm+0x1a/0x30 [ 13.861471] [ 13.861560] The buggy address belongs to the object at ffff8881025394a0 [ 13.861560] which belongs to the cache kmalloc-16 of size 16 [ 13.862193] The buggy address is located 8 bytes inside of [ 13.862193] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.862650] [ 13.862741] The buggy address belongs to the physical page: [ 13.862977] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.863251] flags: 0x200000000000000(node=0|zone=2) [ 13.863587] page_type: f5(slab) [ 13.863729] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.864016] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.864401] page dumped because: kasan: bad access detected [ 13.864563] [ 13.864668] Memory state around the buggy address: [ 13.865011] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.865276] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.865609] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.865831] ^ [ 13.866162] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.866483] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.866716] ================================================================== [ 13.808171] ================================================================== [ 13.808396] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.808657] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.808868] [ 13.808957] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.808998] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.809020] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.809041] Call Trace: [ 13.809056] <TASK> [ 13.809072] dump_stack_lvl+0x73/0xb0 [ 13.809098] print_report+0xd1/0x650 [ 13.809119] ? __virt_addr_valid+0x1db/0x2d0 [ 13.809142] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.809167] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.809189] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.809215] kasan_report+0x141/0x180 [ 13.809236] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.809267] kasan_check_range+0x10c/0x1c0 [ 13.809289] __kasan_check_write+0x18/0x20 [ 13.809308] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.809334] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.809361] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.809384] ? trace_hardirqs_on+0x37/0xe0 [ 13.809406] ? kasan_bitops_generic+0x92/0x1c0 [ 13.809431] kasan_bitops_generic+0x121/0x1c0 [ 13.809453] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.809477] ? __pfx_read_tsc+0x10/0x10 [ 13.809497] ? ktime_get_ts64+0x86/0x230 [ 13.809521] kunit_try_run_case+0x1a5/0x480 [ 13.809544] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.809566] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.809587] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.809608] ? __kthread_parkme+0x82/0x180 [ 13.809628] ? preempt_count_sub+0x50/0x80 [ 13.809651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.809674] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.809702] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.809725] kthread+0x337/0x6f0 [ 13.809743] ? trace_preempt_on+0x20/0xc0 [ 13.809764] ? __pfx_kthread+0x10/0x10 [ 13.809784] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.809804] ? calculate_sigpending+0x7b/0xa0 [ 13.809827] ? __pfx_kthread+0x10/0x10 [ 13.809848] ret_from_fork+0x116/0x1d0 [ 13.809865] ? __pfx_kthread+0x10/0x10 [ 13.809885] ret_from_fork_asm+0x1a/0x30 [ 13.809914] </TASK> [ 13.809925] [ 13.818796] Allocated by task 286: [ 13.818982] kasan_save_stack+0x45/0x70 [ 13.819179] kasan_save_track+0x18/0x40 [ 13.819366] kasan_save_alloc_info+0x3b/0x50 [ 13.819573] __kasan_kmalloc+0xb7/0xc0 [ 13.819763] __kmalloc_cache_noprof+0x189/0x420 [ 13.819992] kasan_bitops_generic+0x92/0x1c0 [ 13.820219] kunit_try_run_case+0x1a5/0x480 [ 13.820423] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.820668] kthread+0x337/0x6f0 [ 13.820831] ret_from_fork+0x116/0x1d0 [ 13.821031] ret_from_fork_asm+0x1a/0x30 [ 13.821231] [ 13.821321] The buggy address belongs to the object at ffff8881025394a0 [ 13.821321] which belongs to the cache kmalloc-16 of size 16 [ 13.821882] The buggy address is located 8 bytes inside of [ 13.821882] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.822231] [ 13.822296] The buggy address belongs to the physical page: [ 13.822460] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.822688] flags: 0x200000000000000(node=0|zone=2) [ 13.822838] page_type: f5(slab) [ 13.822976] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.823389] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.823875] page dumped because: kasan: bad access detected [ 13.824126] [ 13.824210] Memory state around the buggy address: [ 13.824421] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.824724] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.824956] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.825162] ^ [ 13.825300] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.825604] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.825906] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.632064] ================================================================== [ 13.632535] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.632892] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.633154] [ 13.633234] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.633279] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.633290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.633310] Call Trace: [ 13.633327] <TASK> [ 13.633342] dump_stack_lvl+0x73/0xb0 [ 13.633369] print_report+0xd1/0x650 [ 13.633390] ? __virt_addr_valid+0x1db/0x2d0 [ 13.633411] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.633435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.633457] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.633481] kasan_report+0x141/0x180 [ 13.633503] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.633531] kasan_check_range+0x10c/0x1c0 [ 13.633553] __kasan_check_write+0x18/0x20 [ 13.633572] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.633596] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.633621] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.633644] ? trace_hardirqs_on+0x37/0xe0 [ 13.633667] ? kasan_bitops_generic+0x92/0x1c0 [ 13.633706] kasan_bitops_generic+0x116/0x1c0 [ 13.633729] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.633753] ? __pfx_read_tsc+0x10/0x10 [ 13.633773] ? ktime_get_ts64+0x86/0x230 [ 13.633798] kunit_try_run_case+0x1a5/0x480 [ 13.633820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.633842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.633864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.633885] ? __kthread_parkme+0x82/0x180 [ 13.633905] ? preempt_count_sub+0x50/0x80 [ 13.633937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.634137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.634165] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.634189] kthread+0x337/0x6f0 [ 13.634209] ? trace_preempt_on+0x20/0xc0 [ 13.634231] ? __pfx_kthread+0x10/0x10 [ 13.634250] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.634271] ? calculate_sigpending+0x7b/0xa0 [ 13.634297] ? __pfx_kthread+0x10/0x10 [ 13.634318] ret_from_fork+0x116/0x1d0 [ 13.634336] ? __pfx_kthread+0x10/0x10 [ 13.634356] ret_from_fork_asm+0x1a/0x30 [ 13.634386] </TASK> [ 13.634446] [ 13.643468] Allocated by task 286: [ 13.643655] kasan_save_stack+0x45/0x70 [ 13.643852] kasan_save_track+0x18/0x40 [ 13.644046] kasan_save_alloc_info+0x3b/0x50 [ 13.644226] __kasan_kmalloc+0xb7/0xc0 [ 13.644356] __kmalloc_cache_noprof+0x189/0x420 [ 13.645079] kasan_bitops_generic+0x92/0x1c0 [ 13.645302] kunit_try_run_case+0x1a5/0x480 [ 13.645736] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.645921] kthread+0x337/0x6f0 [ 13.646048] ret_from_fork+0x116/0x1d0 [ 13.646215] ret_from_fork_asm+0x1a/0x30 [ 13.646386] [ 13.646890] The buggy address belongs to the object at ffff8881025394a0 [ 13.646890] which belongs to the cache kmalloc-16 of size 16 [ 13.647884] The buggy address is located 8 bytes inside of [ 13.647884] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.648507] [ 13.648612] The buggy address belongs to the physical page: [ 13.648794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.649149] flags: 0x200000000000000(node=0|zone=2) [ 13.649326] page_type: f5(slab) [ 13.649527] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.650061] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.650399] page dumped because: kasan: bad access detected [ 13.650613] [ 13.650700] Memory state around the buggy address: [ 13.650893] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.651127] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.651416] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.651712] ^ [ 13.651857] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.652183] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.652526] ================================================================== [ 13.613500] ================================================================== [ 13.613789] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.614046] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.614263] [ 13.614342] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.614571] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.614589] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.614610] Call Trace: [ 13.614627] <TASK> [ 13.614642] dump_stack_lvl+0x73/0xb0 [ 13.614672] print_report+0xd1/0x650 [ 13.614694] ? __virt_addr_valid+0x1db/0x2d0 [ 13.614715] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.614739] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.614760] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.614783] kasan_report+0x141/0x180 [ 13.614805] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.614834] kasan_check_range+0x10c/0x1c0 [ 13.614856] __kasan_check_write+0x18/0x20 [ 13.614874] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.614898] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.614923] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.614961] ? trace_hardirqs_on+0x37/0xe0 [ 13.614983] ? kasan_bitops_generic+0x92/0x1c0 [ 13.615009] kasan_bitops_generic+0x116/0x1c0 [ 13.615031] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.615055] ? __pfx_read_tsc+0x10/0x10 [ 13.615074] ? ktime_get_ts64+0x86/0x230 [ 13.615099] kunit_try_run_case+0x1a5/0x480 [ 13.615123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.615144] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.615167] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.615188] ? __kthread_parkme+0x82/0x180 [ 13.615208] ? preempt_count_sub+0x50/0x80 [ 13.615230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.615252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.615274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.615296] kthread+0x337/0x6f0 [ 13.615314] ? trace_preempt_on+0x20/0xc0 [ 13.615336] ? __pfx_kthread+0x10/0x10 [ 13.615355] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.615375] ? calculate_sigpending+0x7b/0xa0 [ 13.615398] ? __pfx_kthread+0x10/0x10 [ 13.615477] ret_from_fork+0x116/0x1d0 [ 13.615496] ? __pfx_kthread+0x10/0x10 [ 13.615516] ret_from_fork_asm+0x1a/0x30 [ 13.615545] </TASK> [ 13.615555] [ 13.624139] Allocated by task 286: [ 13.624319] kasan_save_stack+0x45/0x70 [ 13.624548] kasan_save_track+0x18/0x40 [ 13.624788] kasan_save_alloc_info+0x3b/0x50 [ 13.625018] __kasan_kmalloc+0xb7/0xc0 [ 13.625161] __kmalloc_cache_noprof+0x189/0x420 [ 13.625357] kasan_bitops_generic+0x92/0x1c0 [ 13.625531] kunit_try_run_case+0x1a5/0x480 [ 13.625721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.626083] kthread+0x337/0x6f0 [ 13.626249] ret_from_fork+0x116/0x1d0 [ 13.626440] ret_from_fork_asm+0x1a/0x30 [ 13.626617] [ 13.626701] The buggy address belongs to the object at ffff8881025394a0 [ 13.626701] which belongs to the cache kmalloc-16 of size 16 [ 13.627169] The buggy address is located 8 bytes inside of [ 13.627169] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.627758] [ 13.627839] The buggy address belongs to the physical page: [ 13.628021] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.628257] flags: 0x200000000000000(node=0|zone=2) [ 13.628425] page_type: f5(slab) [ 13.628766] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.629116] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.629551] page dumped because: kasan: bad access detected [ 13.629817] [ 13.629906] Memory state around the buggy address: [ 13.630140] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.630516] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.630730] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.630945] ^ [ 13.631087] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.631294] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.631564] ================================================================== [ 13.536783] ================================================================== [ 13.537307] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.537698] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.538043] [ 13.538148] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.538192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.538203] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.538223] Call Trace: [ 13.538235] <TASK> [ 13.538249] dump_stack_lvl+0x73/0xb0 [ 13.538275] print_report+0xd1/0x650 [ 13.538296] ? __virt_addr_valid+0x1db/0x2d0 [ 13.538319] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.538344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.538365] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.538389] kasan_report+0x141/0x180 [ 13.538410] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.538438] kasan_check_range+0x10c/0x1c0 [ 13.538460] __kasan_check_write+0x18/0x20 [ 13.538479] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.538503] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.538528] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.538550] ? trace_hardirqs_on+0x37/0xe0 [ 13.538574] ? kasan_bitops_generic+0x92/0x1c0 [ 13.538599] kasan_bitops_generic+0x116/0x1c0 [ 13.538621] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.538644] ? __pfx_read_tsc+0x10/0x10 [ 13.538664] ? ktime_get_ts64+0x86/0x230 [ 13.538690] kunit_try_run_case+0x1a5/0x480 [ 13.538713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.538734] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.538755] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.538776] ? __kthread_parkme+0x82/0x180 [ 13.538795] ? preempt_count_sub+0x50/0x80 [ 13.538817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.538839] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.538861] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.538882] kthread+0x337/0x6f0 [ 13.538900] ? trace_preempt_on+0x20/0xc0 [ 13.538921] ? __pfx_kthread+0x10/0x10 [ 13.539046] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.539067] ? calculate_sigpending+0x7b/0xa0 [ 13.539090] ? __pfx_kthread+0x10/0x10 [ 13.539111] ret_from_fork+0x116/0x1d0 [ 13.539129] ? __pfx_kthread+0x10/0x10 [ 13.539148] ret_from_fork_asm+0x1a/0x30 [ 13.539178] </TASK> [ 13.539188] [ 13.546916] Allocated by task 286: [ 13.547102] kasan_save_stack+0x45/0x70 [ 13.547300] kasan_save_track+0x18/0x40 [ 13.547556] kasan_save_alloc_info+0x3b/0x50 [ 13.547768] __kasan_kmalloc+0xb7/0xc0 [ 13.547959] __kmalloc_cache_noprof+0x189/0x420 [ 13.548174] kasan_bitops_generic+0x92/0x1c0 [ 13.548370] kunit_try_run_case+0x1a5/0x480 [ 13.548842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.549047] kthread+0x337/0x6f0 [ 13.549164] ret_from_fork+0x116/0x1d0 [ 13.549346] ret_from_fork_asm+0x1a/0x30 [ 13.549534] [ 13.549627] The buggy address belongs to the object at ffff8881025394a0 [ 13.549627] which belongs to the cache kmalloc-16 of size 16 [ 13.550222] The buggy address is located 8 bytes inside of [ 13.550222] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.550752] [ 13.550847] The buggy address belongs to the physical page: [ 13.551075] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.551333] flags: 0x200000000000000(node=0|zone=2) [ 13.551556] page_type: f5(slab) [ 13.551717] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.552073] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.552409] page dumped because: kasan: bad access detected [ 13.552662] [ 13.552750] Memory state around the buggy address: [ 13.552951] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.553224] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.553474] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.553680] ^ [ 13.553854] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.554370] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.554755] ================================================================== [ 13.516688] ================================================================== [ 13.517888] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.518945] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.519871] [ 13.520002] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.520053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.520066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.520087] Call Trace: [ 13.520101] <TASK> [ 13.520119] dump_stack_lvl+0x73/0xb0 [ 13.520154] print_report+0xd1/0x650 [ 13.520176] ? __virt_addr_valid+0x1db/0x2d0 [ 13.520200] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.520225] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.520246] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.520271] kasan_report+0x141/0x180 [ 13.520292] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.520323] kasan_check_range+0x10c/0x1c0 [ 13.520345] __kasan_check_write+0x18/0x20 [ 13.520364] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.520414] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.520440] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.520464] ? trace_hardirqs_on+0x37/0xe0 [ 13.520486] ? kasan_bitops_generic+0x92/0x1c0 [ 13.520513] kasan_bitops_generic+0x116/0x1c0 [ 13.520536] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.520559] ? __pfx_read_tsc+0x10/0x10 [ 13.520580] ? ktime_get_ts64+0x86/0x230 [ 13.520605] kunit_try_run_case+0x1a5/0x480 [ 13.520630] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.520651] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.520674] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.520695] ? __kthread_parkme+0x82/0x180 [ 13.520716] ? preempt_count_sub+0x50/0x80 [ 13.520739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.520761] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.520783] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.520804] kthread+0x337/0x6f0 [ 13.520823] ? trace_preempt_on+0x20/0xc0 [ 13.520844] ? __pfx_kthread+0x10/0x10 [ 13.520863] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.520883] ? calculate_sigpending+0x7b/0xa0 [ 13.520906] ? __pfx_kthread+0x10/0x10 [ 13.520927] ret_from_fork+0x116/0x1d0 [ 13.520954] ? __pfx_kthread+0x10/0x10 [ 13.520974] ret_from_fork_asm+0x1a/0x30 [ 13.521004] </TASK> [ 13.521015] [ 13.528797] Allocated by task 286: [ 13.528968] kasan_save_stack+0x45/0x70 [ 13.529106] kasan_save_track+0x18/0x40 [ 13.529230] kasan_save_alloc_info+0x3b/0x50 [ 13.529431] __kasan_kmalloc+0xb7/0xc0 [ 13.529702] __kmalloc_cache_noprof+0x189/0x420 [ 13.529941] kasan_bitops_generic+0x92/0x1c0 [ 13.530144] kunit_try_run_case+0x1a5/0x480 [ 13.530346] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.530585] kthread+0x337/0x6f0 [ 13.530704] ret_from_fork+0x116/0x1d0 [ 13.530825] ret_from_fork_asm+0x1a/0x30 [ 13.530973] [ 13.531062] The buggy address belongs to the object at ffff8881025394a0 [ 13.531062] which belongs to the cache kmalloc-16 of size 16 [ 13.531663] The buggy address is located 8 bytes inside of [ 13.531663] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.532097] [ 13.532164] The buggy address belongs to the physical page: [ 13.532324] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.532821] flags: 0x200000000000000(node=0|zone=2) [ 13.533074] page_type: f5(slab) [ 13.533239] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.533649] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.533992] page dumped because: kasan: bad access detected [ 13.534214] [ 13.534283] Memory state around the buggy address: [ 13.534553] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.534805] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.535084] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.535374] ^ [ 13.535652] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.535888] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.536097] ================================================================== [ 13.555232] ================================================================== [ 13.555553] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.555898] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.556231] [ 13.556330] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.556372] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.556384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.556404] Call Trace: [ 13.556484] <TASK> [ 13.556505] dump_stack_lvl+0x73/0xb0 [ 13.556533] print_report+0xd1/0x650 [ 13.556554] ? __virt_addr_valid+0x1db/0x2d0 [ 13.556575] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.556599] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.556621] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.556645] kasan_report+0x141/0x180 [ 13.556666] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.556695] kasan_check_range+0x10c/0x1c0 [ 13.556718] __kasan_check_write+0x18/0x20 [ 13.556736] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.556760] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.556786] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.556808] ? trace_hardirqs_on+0x37/0xe0 [ 13.556831] ? kasan_bitops_generic+0x92/0x1c0 [ 13.556857] kasan_bitops_generic+0x116/0x1c0 [ 13.556879] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.556903] ? __pfx_read_tsc+0x10/0x10 [ 13.556924] ? ktime_get_ts64+0x86/0x230 [ 13.556960] kunit_try_run_case+0x1a5/0x480 [ 13.556982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.557003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.557025] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.557046] ? __kthread_parkme+0x82/0x180 [ 13.557064] ? preempt_count_sub+0x50/0x80 [ 13.557088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.557111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.557133] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.557154] kthread+0x337/0x6f0 [ 13.557173] ? trace_preempt_on+0x20/0xc0 [ 13.557194] ? __pfx_kthread+0x10/0x10 [ 13.557215] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.557234] ? calculate_sigpending+0x7b/0xa0 [ 13.557257] ? __pfx_kthread+0x10/0x10 [ 13.557277] ret_from_fork+0x116/0x1d0 [ 13.557295] ? __pfx_kthread+0x10/0x10 [ 13.557314] ret_from_fork_asm+0x1a/0x30 [ 13.557345] </TASK> [ 13.557355] [ 13.565313] Allocated by task 286: [ 13.565655] kasan_save_stack+0x45/0x70 [ 13.565874] kasan_save_track+0x18/0x40 [ 13.566073] kasan_save_alloc_info+0x3b/0x50 [ 13.566277] __kasan_kmalloc+0xb7/0xc0 [ 13.566520] __kmalloc_cache_noprof+0x189/0x420 [ 13.566677] kasan_bitops_generic+0x92/0x1c0 [ 13.566881] kunit_try_run_case+0x1a5/0x480 [ 13.567090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.567333] kthread+0x337/0x6f0 [ 13.567551] ret_from_fork+0x116/0x1d0 [ 13.567714] ret_from_fork_asm+0x1a/0x30 [ 13.567866] [ 13.567943] The buggy address belongs to the object at ffff8881025394a0 [ 13.567943] which belongs to the cache kmalloc-16 of size 16 [ 13.568530] The buggy address is located 8 bytes inside of [ 13.568530] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.569001] [ 13.569078] The buggy address belongs to the physical page: [ 13.569299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.569801] flags: 0x200000000000000(node=0|zone=2) [ 13.570014] page_type: f5(slab) [ 13.570133] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.570355] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.570670] page dumped because: kasan: bad access detected [ 13.570917] [ 13.571014] Memory state around the buggy address: [ 13.571223] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.571597] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.571907] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.572130] ^ [ 13.572269] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.572544] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.572852] ================================================================== [ 13.573307] ================================================================== [ 13.573838] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.574231] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.574644] [ 13.574748] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.574791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.574803] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.574822] Call Trace: [ 13.574835] <TASK> [ 13.574849] dump_stack_lvl+0x73/0xb0 [ 13.574875] print_report+0xd1/0x650 [ 13.574896] ? __virt_addr_valid+0x1db/0x2d0 [ 13.574917] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.574952] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.574975] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.574999] kasan_report+0x141/0x180 [ 13.575020] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.575049] kasan_check_range+0x10c/0x1c0 [ 13.575071] __kasan_check_write+0x18/0x20 [ 13.575090] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.575114] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.575139] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.575162] ? trace_hardirqs_on+0x37/0xe0 [ 13.575184] ? kasan_bitops_generic+0x92/0x1c0 [ 13.575211] kasan_bitops_generic+0x116/0x1c0 [ 13.575233] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.575257] ? __pfx_read_tsc+0x10/0x10 [ 13.575276] ? ktime_get_ts64+0x86/0x230 [ 13.575301] kunit_try_run_case+0x1a5/0x480 [ 13.575323] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.575345] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.575367] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.575387] ? __kthread_parkme+0x82/0x180 [ 13.575407] ? preempt_count_sub+0x50/0x80 [ 13.575500] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.575525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.575547] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.575569] kthread+0x337/0x6f0 [ 13.575588] ? trace_preempt_on+0x20/0xc0 [ 13.575609] ? __pfx_kthread+0x10/0x10 [ 13.575629] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.575648] ? calculate_sigpending+0x7b/0xa0 [ 13.575672] ? __pfx_kthread+0x10/0x10 [ 13.575693] ret_from_fork+0x116/0x1d0 [ 13.575710] ? __pfx_kthread+0x10/0x10 [ 13.575730] ret_from_fork_asm+0x1a/0x30 [ 13.575759] </TASK> [ 13.575769] [ 13.586308] Allocated by task 286: [ 13.586619] kasan_save_stack+0x45/0x70 [ 13.586812] kasan_save_track+0x18/0x40 [ 13.586992] kasan_save_alloc_info+0x3b/0x50 [ 13.587180] __kasan_kmalloc+0xb7/0xc0 [ 13.587342] __kmalloc_cache_noprof+0x189/0x420 [ 13.587983] kasan_bitops_generic+0x92/0x1c0 [ 13.588151] kunit_try_run_case+0x1a5/0x480 [ 13.588315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.588836] kthread+0x337/0x6f0 [ 13.589006] ret_from_fork+0x116/0x1d0 [ 13.589174] ret_from_fork_asm+0x1a/0x30 [ 13.589343] [ 13.589656] The buggy address belongs to the object at ffff8881025394a0 [ 13.589656] which belongs to the cache kmalloc-16 of size 16 [ 13.590138] The buggy address is located 8 bytes inside of [ 13.590138] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.590654] [ 13.590742] The buggy address belongs to the physical page: [ 13.590961] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.591198] flags: 0x200000000000000(node=0|zone=2) [ 13.591353] page_type: f5(slab) [ 13.591468] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.591967] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.592283] page dumped because: kasan: bad access detected [ 13.592645] [ 13.592730] Memory state around the buggy address: [ 13.592917] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.593183] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.593391] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.593709] ^ [ 13.593920] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.594479] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.594767] ================================================================== [ 13.653034] ================================================================== [ 13.653298] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.653701] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.654005] [ 13.654109] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.654153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.654165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.654185] Call Trace: [ 13.654202] <TASK> [ 13.654218] dump_stack_lvl+0x73/0xb0 [ 13.654245] print_report+0xd1/0x650 [ 13.654267] ? __virt_addr_valid+0x1db/0x2d0 [ 13.654288] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.654312] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.654333] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.654357] kasan_report+0x141/0x180 [ 13.654379] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.654407] kasan_check_range+0x10c/0x1c0 [ 13.654430] __kasan_check_write+0x18/0x20 [ 13.654448] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.654473] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.654498] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.654521] ? trace_hardirqs_on+0x37/0xe0 [ 13.654542] ? kasan_bitops_generic+0x92/0x1c0 [ 13.654568] kasan_bitops_generic+0x116/0x1c0 [ 13.654590] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.654614] ? __pfx_read_tsc+0x10/0x10 [ 13.654635] ? ktime_get_ts64+0x86/0x230 [ 13.654660] kunit_try_run_case+0x1a5/0x480 [ 13.654683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.654704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.654726] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.654748] ? __kthread_parkme+0x82/0x180 [ 13.654767] ? preempt_count_sub+0x50/0x80 [ 13.654790] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.654813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.654834] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.654857] kthread+0x337/0x6f0 [ 13.654875] ? trace_preempt_on+0x20/0xc0 [ 13.654897] ? __pfx_kthread+0x10/0x10 [ 13.654917] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.654947] ? calculate_sigpending+0x7b/0xa0 [ 13.654971] ? __pfx_kthread+0x10/0x10 [ 13.654992] ret_from_fork+0x116/0x1d0 [ 13.655010] ? __pfx_kthread+0x10/0x10 [ 13.655030] ret_from_fork_asm+0x1a/0x30 [ 13.655059] </TASK> [ 13.655070] [ 13.662592] Allocated by task 286: [ 13.662819] kasan_save_stack+0x45/0x70 [ 13.663030] kasan_save_track+0x18/0x40 [ 13.663217] kasan_save_alloc_info+0x3b/0x50 [ 13.663421] __kasan_kmalloc+0xb7/0xc0 [ 13.663619] __kmalloc_cache_noprof+0x189/0x420 [ 13.663924] kasan_bitops_generic+0x92/0x1c0 [ 13.664337] kunit_try_run_case+0x1a5/0x480 [ 13.664511] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.664681] kthread+0x337/0x6f0 [ 13.664793] ret_from_fork+0x116/0x1d0 [ 13.664916] ret_from_fork_asm+0x1a/0x30 [ 13.665174] [ 13.665266] The buggy address belongs to the object at ffff8881025394a0 [ 13.665266] which belongs to the cache kmalloc-16 of size 16 [ 13.666233] The buggy address is located 8 bytes inside of [ 13.666233] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.666702] [ 13.666771] The buggy address belongs to the physical page: [ 13.666947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.667179] flags: 0x200000000000000(node=0|zone=2) [ 13.667561] page_type: f5(slab) [ 13.667744] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.668103] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.668434] page dumped because: kasan: bad access detected [ 13.668736] [ 13.668815] Memory state around the buggy address: [ 13.669009] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.669274] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.669625] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.669914] ^ [ 13.670096] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.670301] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.670548] ================================================================== [ 13.595187] ================================================================== [ 13.595513] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.596005] Write of size 8 at addr ffff8881025394a8 by task kunit_try_catch/286 [ 13.596230] [ 13.596310] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.596356] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.596367] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.596387] Call Trace: [ 13.596404] <TASK> [ 13.596420] dump_stack_lvl+0x73/0xb0 [ 13.596447] print_report+0xd1/0x650 [ 13.596469] ? __virt_addr_valid+0x1db/0x2d0 [ 13.596491] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.596515] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.596537] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.596577] kasan_report+0x141/0x180 [ 13.596598] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.596626] kasan_check_range+0x10c/0x1c0 [ 13.596649] __kasan_check_write+0x18/0x20 [ 13.596667] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.596691] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.596717] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.596739] ? trace_hardirqs_on+0x37/0xe0 [ 13.596762] ? kasan_bitops_generic+0x92/0x1c0 [ 13.596787] kasan_bitops_generic+0x116/0x1c0 [ 13.596809] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.596833] ? __pfx_read_tsc+0x10/0x10 [ 13.596853] ? ktime_get_ts64+0x86/0x230 [ 13.596877] kunit_try_run_case+0x1a5/0x480 [ 13.596901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.596922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.596952] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.596974] ? __kthread_parkme+0x82/0x180 [ 13.596993] ? preempt_count_sub+0x50/0x80 [ 13.597016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.597039] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.597062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.597084] kthread+0x337/0x6f0 [ 13.597102] ? trace_preempt_on+0x20/0xc0 [ 13.597124] ? __pfx_kthread+0x10/0x10 [ 13.597143] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.597163] ? calculate_sigpending+0x7b/0xa0 [ 13.597186] ? __pfx_kthread+0x10/0x10 [ 13.597207] ret_from_fork+0x116/0x1d0 [ 13.597224] ? __pfx_kthread+0x10/0x10 [ 13.597244] ret_from_fork_asm+0x1a/0x30 [ 13.597274] </TASK> [ 13.597285] [ 13.605751] Allocated by task 286: [ 13.605948] kasan_save_stack+0x45/0x70 [ 13.606127] kasan_save_track+0x18/0x40 [ 13.606302] kasan_save_alloc_info+0x3b/0x50 [ 13.606563] __kasan_kmalloc+0xb7/0xc0 [ 13.606744] __kmalloc_cache_noprof+0x189/0x420 [ 13.606942] kasan_bitops_generic+0x92/0x1c0 [ 13.607086] kunit_try_run_case+0x1a5/0x480 [ 13.607254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.607611] kthread+0x337/0x6f0 [ 13.607771] ret_from_fork+0x116/0x1d0 [ 13.607898] ret_from_fork_asm+0x1a/0x30 [ 13.608100] [ 13.608192] The buggy address belongs to the object at ffff8881025394a0 [ 13.608192] which belongs to the cache kmalloc-16 of size 16 [ 13.608741] The buggy address is located 8 bytes inside of [ 13.608741] allocated 9-byte region [ffff8881025394a0, ffff8881025394a9) [ 13.609210] [ 13.609298] The buggy address belongs to the physical page: [ 13.609703] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 13.610077] flags: 0x200000000000000(node=0|zone=2) [ 13.610259] page_type: f5(slab) [ 13.610419] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.610712] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.611028] page dumped because: kasan: bad access detected [ 13.611248] [ 13.611327] Memory state around the buggy address: [ 13.611475] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.611682] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.611890] >ffff888102539480: fa fb fc fc 00 01 fc fc fc fc fc fc fc fc fc fc [ 13.612166] ^ [ 13.612382] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.612739] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.613055] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.492574] ================================================================== [ 13.493175] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.493514] Read of size 1 at addr ffff8881028dc250 by task kunit_try_catch/284 [ 13.493809] [ 13.493910] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.493968] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.493980] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.494000] Call Trace: [ 13.494017] <TASK> [ 13.494034] dump_stack_lvl+0x73/0xb0 [ 13.494064] print_report+0xd1/0x650 [ 13.494086] ? __virt_addr_valid+0x1db/0x2d0 [ 13.494108] ? strnlen+0x73/0x80 [ 13.494128] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.494150] ? strnlen+0x73/0x80 [ 13.494170] kasan_report+0x141/0x180 [ 13.494191] ? strnlen+0x73/0x80 [ 13.494216] __asan_report_load1_noabort+0x18/0x20 [ 13.494239] strnlen+0x73/0x80 [ 13.494260] kasan_strings+0x615/0xe80 [ 13.494279] ? trace_hardirqs_on+0x37/0xe0 [ 13.494303] ? __pfx_kasan_strings+0x10/0x10 [ 13.494322] ? finish_task_switch.isra.0+0x153/0x700 [ 13.494344] ? __switch_to+0x47/0xf50 [ 13.494369] ? __schedule+0x10cc/0x2b60 [ 13.494389] ? __pfx_read_tsc+0x10/0x10 [ 13.494409] ? ktime_get_ts64+0x86/0x230 [ 13.494434] kunit_try_run_case+0x1a5/0x480 [ 13.494457] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.494478] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.494499] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.494521] ? __kthread_parkme+0x82/0x180 [ 13.494540] ? preempt_count_sub+0x50/0x80 [ 13.494562] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.494584] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.494606] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.494629] kthread+0x337/0x6f0 [ 13.494719] ? trace_preempt_on+0x20/0xc0 [ 13.494746] ? __pfx_kthread+0x10/0x10 [ 13.494766] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.494786] ? calculate_sigpending+0x7b/0xa0 [ 13.494810] ? __pfx_kthread+0x10/0x10 [ 13.494830] ret_from_fork+0x116/0x1d0 [ 13.494848] ? __pfx_kthread+0x10/0x10 [ 13.494868] ret_from_fork_asm+0x1a/0x30 [ 13.494897] </TASK> [ 13.494907] [ 13.502089] Allocated by task 284: [ 13.502276] kasan_save_stack+0x45/0x70 [ 13.502661] kasan_save_track+0x18/0x40 [ 13.502871] kasan_save_alloc_info+0x3b/0x50 [ 13.503096] __kasan_kmalloc+0xb7/0xc0 [ 13.503277] __kmalloc_cache_noprof+0x189/0x420 [ 13.503552] kasan_strings+0xc0/0xe80 [ 13.503684] kunit_try_run_case+0x1a5/0x480 [ 13.503821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.504080] kthread+0x337/0x6f0 [ 13.504242] ret_from_fork+0x116/0x1d0 [ 13.504632] ret_from_fork_asm+0x1a/0x30 [ 13.504847] [ 13.504948] Freed by task 284: [ 13.505077] kasan_save_stack+0x45/0x70 [ 13.505206] kasan_save_track+0x18/0x40 [ 13.505389] kasan_save_free_info+0x3f/0x60 [ 13.505606] __kasan_slab_free+0x56/0x70 [ 13.505778] kfree+0x222/0x3f0 [ 13.505921] kasan_strings+0x2aa/0xe80 [ 13.506091] kunit_try_run_case+0x1a5/0x480 [ 13.506229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.506392] kthread+0x337/0x6f0 [ 13.506504] ret_from_fork+0x116/0x1d0 [ 13.506627] ret_from_fork_asm+0x1a/0x30 [ 13.506757] [ 13.506822] The buggy address belongs to the object at ffff8881028dc240 [ 13.506822] which belongs to the cache kmalloc-32 of size 32 [ 13.507565] The buggy address is located 16 bytes inside of [ 13.507565] freed 32-byte region [ffff8881028dc240, ffff8881028dc260) [ 13.508087] [ 13.508180] The buggy address belongs to the physical page: [ 13.508599] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028dc [ 13.508964] flags: 0x200000000000000(node=0|zone=2) [ 13.509203] page_type: f5(slab) [ 13.509497] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.509833] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.510161] page dumped because: kasan: bad access detected [ 13.510506] [ 13.510598] Memory state around the buggy address: [ 13.510809] ffff8881028dc100: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.511025] ffff8881028dc180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.511227] >ffff8881028dc200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.511515] ^ [ 13.511798] ffff8881028dc280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.512124] ffff8881028dc300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.512492] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.468741] ================================================================== [ 13.469385] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.469632] Read of size 1 at addr ffff8881028dc250 by task kunit_try_catch/284 [ 13.470037] [ 13.470153] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.470203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.470215] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.470236] Call Trace: [ 13.470257] <TASK> [ 13.470276] dump_stack_lvl+0x73/0xb0 [ 13.470304] print_report+0xd1/0x650 [ 13.470351] ? __virt_addr_valid+0x1db/0x2d0 [ 13.470374] ? strlen+0x8f/0xb0 [ 13.470395] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.470417] ? strlen+0x8f/0xb0 [ 13.470437] kasan_report+0x141/0x180 [ 13.470458] ? strlen+0x8f/0xb0 [ 13.470483] __asan_report_load1_noabort+0x18/0x20 [ 13.470506] strlen+0x8f/0xb0 [ 13.470526] kasan_strings+0x57b/0xe80 [ 13.470631] ? trace_hardirqs_on+0x37/0xe0 [ 13.470656] ? __pfx_kasan_strings+0x10/0x10 [ 13.470675] ? finish_task_switch.isra.0+0x153/0x700 [ 13.470698] ? __switch_to+0x47/0xf50 [ 13.470723] ? __schedule+0x10cc/0x2b60 [ 13.470745] ? __pfx_read_tsc+0x10/0x10 [ 13.470764] ? ktime_get_ts64+0x86/0x230 [ 13.470789] kunit_try_run_case+0x1a5/0x480 [ 13.470812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.470833] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.470854] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.470876] ? __kthread_parkme+0x82/0x180 [ 13.470896] ? preempt_count_sub+0x50/0x80 [ 13.470917] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.470954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.470976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.470998] kthread+0x337/0x6f0 [ 13.471039] ? trace_preempt_on+0x20/0xc0 [ 13.471060] ? __pfx_kthread+0x10/0x10 [ 13.471080] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.471100] ? calculate_sigpending+0x7b/0xa0 [ 13.471123] ? __pfx_kthread+0x10/0x10 [ 13.471144] ret_from_fork+0x116/0x1d0 [ 13.471161] ? __pfx_kthread+0x10/0x10 [ 13.471181] ret_from_fork_asm+0x1a/0x30 [ 13.471211] </TASK> [ 13.471222] [ 13.481021] Allocated by task 284: [ 13.481281] kasan_save_stack+0x45/0x70 [ 13.481652] kasan_save_track+0x18/0x40 [ 13.481837] kasan_save_alloc_info+0x3b/0x50 [ 13.482035] __kasan_kmalloc+0xb7/0xc0 [ 13.482203] __kmalloc_cache_noprof+0x189/0x420 [ 13.482718] kasan_strings+0xc0/0xe80 [ 13.482957] kunit_try_run_case+0x1a5/0x480 [ 13.483281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.483595] kthread+0x337/0x6f0 [ 13.483752] ret_from_fork+0x116/0x1d0 [ 13.483921] ret_from_fork_asm+0x1a/0x30 [ 13.484069] [ 13.484135] Freed by task 284: [ 13.484263] kasan_save_stack+0x45/0x70 [ 13.484631] kasan_save_track+0x18/0x40 [ 13.484830] kasan_save_free_info+0x3f/0x60 [ 13.484989] __kasan_slab_free+0x56/0x70 [ 13.485197] kfree+0x222/0x3f0 [ 13.485359] kasan_strings+0x2aa/0xe80 [ 13.485585] kunit_try_run_case+0x1a5/0x480 [ 13.485795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.486031] kthread+0x337/0x6f0 [ 13.486143] ret_from_fork+0x116/0x1d0 [ 13.486293] ret_from_fork_asm+0x1a/0x30 [ 13.486480] [ 13.486567] The buggy address belongs to the object at ffff8881028dc240 [ 13.486567] which belongs to the cache kmalloc-32 of size 32 [ 13.487110] The buggy address is located 16 bytes inside of [ 13.487110] freed 32-byte region [ffff8881028dc240, ffff8881028dc260) [ 13.487880] [ 13.487983] The buggy address belongs to the physical page: [ 13.488188] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028dc [ 13.488483] flags: 0x200000000000000(node=0|zone=2) [ 13.488881] page_type: f5(slab) [ 13.489028] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.489264] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.489581] page dumped because: kasan: bad access detected [ 13.489831] [ 13.490005] Memory state around the buggy address: [ 13.490211] ffff8881028dc100: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.490441] ffff8881028dc180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.490880] >ffff8881028dc200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.491202] ^ [ 13.491441] ffff8881028dc280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.491820] ffff8881028dc300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.492113] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.446395] ================================================================== [ 13.446841] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.447165] Read of size 1 at addr ffff8881028dc250 by task kunit_try_catch/284 [ 13.447437] [ 13.447755] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.447808] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.447821] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.447842] Call Trace: [ 13.447860] <TASK> [ 13.447878] dump_stack_lvl+0x73/0xb0 [ 13.447908] print_report+0xd1/0x650 [ 13.448070] ? __virt_addr_valid+0x1db/0x2d0 [ 13.448105] ? kasan_strings+0xcbc/0xe80 [ 13.448125] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.448147] ? kasan_strings+0xcbc/0xe80 [ 13.448167] kasan_report+0x141/0x180 [ 13.448189] ? kasan_strings+0xcbc/0xe80 [ 13.448214] __asan_report_load1_noabort+0x18/0x20 [ 13.448237] kasan_strings+0xcbc/0xe80 [ 13.448255] ? trace_hardirqs_on+0x37/0xe0 [ 13.448279] ? __pfx_kasan_strings+0x10/0x10 [ 13.448299] ? finish_task_switch.isra.0+0x153/0x700 [ 13.448321] ? __switch_to+0x47/0xf50 [ 13.448346] ? __schedule+0x10cc/0x2b60 [ 13.448367] ? __pfx_read_tsc+0x10/0x10 [ 13.448387] ? ktime_get_ts64+0x86/0x230 [ 13.448469] kunit_try_run_case+0x1a5/0x480 [ 13.448493] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.448514] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.448535] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.448558] ? __kthread_parkme+0x82/0x180 [ 13.448634] ? preempt_count_sub+0x50/0x80 [ 13.448656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.448679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.448701] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.448742] kthread+0x337/0x6f0 [ 13.448760] ? trace_preempt_on+0x20/0xc0 [ 13.448782] ? __pfx_kthread+0x10/0x10 [ 13.448802] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.448822] ? calculate_sigpending+0x7b/0xa0 [ 13.448845] ? __pfx_kthread+0x10/0x10 [ 13.448866] ret_from_fork+0x116/0x1d0 [ 13.448883] ? __pfx_kthread+0x10/0x10 [ 13.448903] ret_from_fork_asm+0x1a/0x30 [ 13.448966] </TASK> [ 13.448977] [ 13.456759] Allocated by task 284: [ 13.457279] kasan_save_stack+0x45/0x70 [ 13.457677] kasan_save_track+0x18/0x40 [ 13.457851] kasan_save_alloc_info+0x3b/0x50 [ 13.458067] __kasan_kmalloc+0xb7/0xc0 [ 13.458250] __kmalloc_cache_noprof+0x189/0x420 [ 13.458545] kasan_strings+0xc0/0xe80 [ 13.458720] kunit_try_run_case+0x1a5/0x480 [ 13.458916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.459156] kthread+0x337/0x6f0 [ 13.459320] ret_from_fork+0x116/0x1d0 [ 13.459444] ret_from_fork_asm+0x1a/0x30 [ 13.459575] [ 13.459638] Freed by task 284: [ 13.459833] kasan_save_stack+0x45/0x70 [ 13.460029] kasan_save_track+0x18/0x40 [ 13.460208] kasan_save_free_info+0x3f/0x60 [ 13.460562] __kasan_slab_free+0x56/0x70 [ 13.460772] kfree+0x222/0x3f0 [ 13.460942] kasan_strings+0x2aa/0xe80 [ 13.461132] kunit_try_run_case+0x1a5/0x480 [ 13.461316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.461760] kthread+0x337/0x6f0 [ 13.461879] ret_from_fork+0x116/0x1d0 [ 13.462013] ret_from_fork_asm+0x1a/0x30 [ 13.462199] [ 13.462286] The buggy address belongs to the object at ffff8881028dc240 [ 13.462286] which belongs to the cache kmalloc-32 of size 32 [ 13.462927] The buggy address is located 16 bytes inside of [ 13.462927] freed 32-byte region [ffff8881028dc240, ffff8881028dc260) [ 13.463276] [ 13.463353] The buggy address belongs to the physical page: [ 13.463900] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028dc [ 13.464302] flags: 0x200000000000000(node=0|zone=2) [ 13.464659] page_type: f5(slab) [ 13.464993] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.465281] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.465817] page dumped because: kasan: bad access detected [ 13.466028] [ 13.466093] Memory state around the buggy address: [ 13.466289] ffff8881028dc100: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.466738] ffff8881028dc180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.467093] >ffff8881028dc200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.467382] ^ [ 13.467712] ffff8881028dc280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.467923] ffff8881028dc300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.468240] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.418378] ================================================================== [ 13.419898] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.420110] Read of size 1 at addr ffff8881028dc250 by task kunit_try_catch/284 [ 13.420322] [ 13.420399] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.420445] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.420456] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.420477] Call Trace: [ 13.420489] <TASK> [ 13.420505] dump_stack_lvl+0x73/0xb0 [ 13.420530] print_report+0xd1/0x650 [ 13.420553] ? __virt_addr_valid+0x1db/0x2d0 [ 13.420576] ? strcmp+0xb0/0xc0 [ 13.420595] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.420617] ? strcmp+0xb0/0xc0 [ 13.420637] kasan_report+0x141/0x180 [ 13.420658] ? strcmp+0xb0/0xc0 [ 13.420683] __asan_report_load1_noabort+0x18/0x20 [ 13.420707] strcmp+0xb0/0xc0 [ 13.420729] kasan_strings+0x431/0xe80 [ 13.420748] ? trace_hardirqs_on+0x37/0xe0 [ 13.420772] ? __pfx_kasan_strings+0x10/0x10 [ 13.420792] ? finish_task_switch.isra.0+0x153/0x700 [ 13.420814] ? __switch_to+0x47/0xf50 [ 13.420839] ? __schedule+0x10cc/0x2b60 [ 13.420860] ? __pfx_read_tsc+0x10/0x10 [ 13.420880] ? ktime_get_ts64+0x86/0x230 [ 13.420904] kunit_try_run_case+0x1a5/0x480 [ 13.420927] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.420960] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.420982] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.421004] ? __kthread_parkme+0x82/0x180 [ 13.421023] ? preempt_count_sub+0x50/0x80 [ 13.421045] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.421067] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.421090] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.421112] kthread+0x337/0x6f0 [ 13.421131] ? trace_preempt_on+0x20/0xc0 [ 13.421152] ? __pfx_kthread+0x10/0x10 [ 13.421171] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.421191] ? calculate_sigpending+0x7b/0xa0 [ 13.421214] ? __pfx_kthread+0x10/0x10 [ 13.421235] ret_from_fork+0x116/0x1d0 [ 13.421252] ? __pfx_kthread+0x10/0x10 [ 13.421271] ret_from_fork_asm+0x1a/0x30 [ 13.421301] </TASK> [ 13.421311] [ 13.431815] Allocated by task 284: [ 13.432480] kasan_save_stack+0x45/0x70 [ 13.432655] kasan_save_track+0x18/0x40 [ 13.432788] kasan_save_alloc_info+0x3b/0x50 [ 13.432967] __kasan_kmalloc+0xb7/0xc0 [ 13.433640] __kmalloc_cache_noprof+0x189/0x420 [ 13.433877] kasan_strings+0xc0/0xe80 [ 13.434073] kunit_try_run_case+0x1a5/0x480 [ 13.434280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.434610] kthread+0x337/0x6f0 [ 13.434845] ret_from_fork+0x116/0x1d0 [ 13.435475] ret_from_fork_asm+0x1a/0x30 [ 13.436549] [ 13.436626] Freed by task 284: [ 13.436736] kasan_save_stack+0x45/0x70 [ 13.436870] kasan_save_track+0x18/0x40 [ 13.437012] kasan_save_free_info+0x3f/0x60 [ 13.437149] __kasan_slab_free+0x56/0x70 [ 13.437278] kfree+0x222/0x3f0 [ 13.437388] kasan_strings+0x2aa/0xe80 [ 13.437512] kunit_try_run_case+0x1a5/0x480 [ 13.437647] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.437819] kthread+0x337/0x6f0 [ 13.437945] ret_from_fork+0x116/0x1d0 [ 13.438070] ret_from_fork_asm+0x1a/0x30 [ 13.438204] [ 13.438269] The buggy address belongs to the object at ffff8881028dc240 [ 13.438269] which belongs to the cache kmalloc-32 of size 32 [ 13.438610] The buggy address is located 16 bytes inside of [ 13.438610] freed 32-byte region [ffff8881028dc240, ffff8881028dc260) [ 13.440485] [ 13.440604] The buggy address belongs to the physical page: [ 13.440970] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028dc [ 13.441336] flags: 0x200000000000000(node=0|zone=2) [ 13.441578] page_type: f5(slab) [ 13.441749] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.442108] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.442452] page dumped because: kasan: bad access detected [ 13.442705] [ 13.442794] Memory state around the buggy address: [ 13.443177] ffff8881028dc100: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.443678] ffff8881028dc180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.444352] >ffff8881028dc200: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.444648] ^ [ 13.444831] ffff8881028dc280: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.445124] ffff8881028dc300: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.445587] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.383756] ================================================================== [ 13.384919] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.385609] Read of size 1 at addr ffff888102a33e58 by task kunit_try_catch/282 [ 13.386362] [ 13.386602] CPU: 0 UID: 0 PID: 282 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.386654] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.386666] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.386687] Call Trace: [ 13.386700] <TASK> [ 13.386719] dump_stack_lvl+0x73/0xb0 [ 13.386748] print_report+0xd1/0x650 [ 13.386773] ? __virt_addr_valid+0x1db/0x2d0 [ 13.386796] ? memcmp+0x1b4/0x1d0 [ 13.386816] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.386839] ? memcmp+0x1b4/0x1d0 [ 13.386859] kasan_report+0x141/0x180 [ 13.386880] ? memcmp+0x1b4/0x1d0 [ 13.386905] __asan_report_load1_noabort+0x18/0x20 [ 13.386939] memcmp+0x1b4/0x1d0 [ 13.386962] kasan_memcmp+0x18f/0x390 [ 13.386984] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.387004] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.387032] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.387056] kunit_try_run_case+0x1a5/0x480 [ 13.387080] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.387101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.387123] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.387144] ? __kthread_parkme+0x82/0x180 [ 13.387167] ? preempt_count_sub+0x50/0x80 [ 13.387190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.387212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.387234] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.387257] kthread+0x337/0x6f0 [ 13.387276] ? trace_preempt_on+0x20/0xc0 [ 13.387301] ? __pfx_kthread+0x10/0x10 [ 13.387321] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.387341] ? calculate_sigpending+0x7b/0xa0 [ 13.387365] ? __pfx_kthread+0x10/0x10 [ 13.387429] ret_from_fork+0x116/0x1d0 [ 13.387450] ? __pfx_kthread+0x10/0x10 [ 13.387470] ret_from_fork_asm+0x1a/0x30 [ 13.387501] </TASK> [ 13.387513] [ 13.398973] Allocated by task 282: [ 13.399177] kasan_save_stack+0x45/0x70 [ 13.399320] kasan_save_track+0x18/0x40 [ 13.399686] kasan_save_alloc_info+0x3b/0x50 [ 13.400094] __kasan_kmalloc+0xb7/0xc0 [ 13.400682] __kmalloc_cache_noprof+0x189/0x420 [ 13.400987] kasan_memcmp+0xb7/0x390 [ 13.401114] kunit_try_run_case+0x1a5/0x480 [ 13.401252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.401623] kthread+0x337/0x6f0 [ 13.401948] ret_from_fork+0x116/0x1d0 [ 13.402293] ret_from_fork_asm+0x1a/0x30 [ 13.402748] [ 13.402904] The buggy address belongs to the object at ffff888102a33e40 [ 13.402904] which belongs to the cache kmalloc-32 of size 32 [ 13.403750] The buggy address is located 0 bytes to the right of [ 13.403750] allocated 24-byte region [ffff888102a33e40, ffff888102a33e58) [ 13.404674] [ 13.404748] The buggy address belongs to the physical page: [ 13.404914] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a33 [ 13.405158] flags: 0x200000000000000(node=0|zone=2) [ 13.405314] page_type: f5(slab) [ 13.405623] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.406536] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.407200] page dumped because: kasan: bad access detected [ 13.407733] [ 13.407886] Memory state around the buggy address: [ 13.408322] ffff888102a33d00: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.409005] ffff888102a33d80: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 13.409512] >ffff888102a33e00: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.409855] ^ [ 13.410290] ffff888102a33e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.410866] ffff888102a33f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.411365] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.350355] ================================================================== [ 13.350992] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.351321] Read of size 1 at addr ffff8881039e7c4a by task kunit_try_catch/278 [ 13.351949] [ 13.352174] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.352229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.352241] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.352263] Call Trace: [ 13.352373] <TASK> [ 13.352395] dump_stack_lvl+0x73/0xb0 [ 13.352430] print_report+0xd1/0x650 [ 13.352474] ? __virt_addr_valid+0x1db/0x2d0 [ 13.352500] ? kasan_alloca_oob_right+0x329/0x390 [ 13.352562] ? kasan_addr_to_slab+0x11/0xa0 [ 13.352584] ? kasan_alloca_oob_right+0x329/0x390 [ 13.352606] kasan_report+0x141/0x180 [ 13.352628] ? kasan_alloca_oob_right+0x329/0x390 [ 13.352655] __asan_report_load1_noabort+0x18/0x20 [ 13.352678] kasan_alloca_oob_right+0x329/0x390 [ 13.352698] ? __kasan_check_write+0x18/0x20 [ 13.352718] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.352741] ? finish_task_switch.isra.0+0x153/0x700 [ 13.352764] ? rwsem_down_read_slowpath+0x58e/0xb90 [ 13.352789] ? trace_hardirqs_on+0x37/0xe0 [ 13.352815] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.352839] ? __schedule+0x10cc/0x2b60 [ 13.352860] ? __pfx_read_tsc+0x10/0x10 [ 13.352882] ? ktime_get_ts64+0x86/0x230 [ 13.352907] kunit_try_run_case+0x1a5/0x480 [ 13.352944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.352966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.352987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.353009] ? __kthread_parkme+0x82/0x180 [ 13.353031] ? preempt_count_sub+0x50/0x80 [ 13.353053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.353076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.353098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.353121] kthread+0x337/0x6f0 [ 13.353139] ? trace_preempt_on+0x20/0xc0 [ 13.353161] ? __pfx_kthread+0x10/0x10 [ 13.353181] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.353201] ? calculate_sigpending+0x7b/0xa0 [ 13.353225] ? __pfx_kthread+0x10/0x10 [ 13.353245] ret_from_fork+0x116/0x1d0 [ 13.353264] ? __pfx_kthread+0x10/0x10 [ 13.353283] ret_from_fork_asm+0x1a/0x30 [ 13.353316] </TASK> [ 13.353327] [ 13.364858] The buggy address belongs to stack of task kunit_try_catch/278 [ 13.365767] [ 13.365996] The buggy address belongs to the physical page: [ 13.366452] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039e7 [ 13.366969] flags: 0x200000000000000(node=0|zone=2) [ 13.367209] raw: 0200000000000000 ffffea00040e79c8 ffffea00040e79c8 0000000000000000 [ 13.367974] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.368448] page dumped because: kasan: bad access detected [ 13.368819] [ 13.368910] Memory state around the buggy address: [ 13.369120] ffff8881039e7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.369899] ffff8881039e7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.370297] >ffff8881039e7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.371053] ^ [ 13.371361] ffff8881039e7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.371704] ffff8881039e7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.371994] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 11.037711] ================================================================== [ 11.038279] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.038646] Write of size 1 at addr ffff888100a2a0c9 by task kunit_try_catch/183 [ 11.038913] [ 11.039111] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.039159] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.039171] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.039192] Call Trace: [ 11.039377] <TASK> [ 11.039397] dump_stack_lvl+0x73/0xb0 [ 11.039427] print_report+0xd1/0x650 [ 11.039528] ? __virt_addr_valid+0x1db/0x2d0 [ 11.039551] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.039583] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.039604] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.039690] kasan_report+0x141/0x180 [ 11.039711] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.039739] __asan_report_store1_noabort+0x1b/0x30 [ 11.039762] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.039787] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.039809] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.039838] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.039864] krealloc_less_oob+0x1c/0x30 [ 11.039968] kunit_try_run_case+0x1a5/0x480 [ 11.039994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.040015] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.040037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.040059] ? __kthread_parkme+0x82/0x180 [ 11.040079] ? preempt_count_sub+0x50/0x80 [ 11.040102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.040124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.040145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.040167] kthread+0x337/0x6f0 [ 11.040186] ? trace_preempt_on+0x20/0xc0 [ 11.040210] ? __pfx_kthread+0x10/0x10 [ 11.040229] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.040249] ? calculate_sigpending+0x7b/0xa0 [ 11.040272] ? __pfx_kthread+0x10/0x10 [ 11.040293] ret_from_fork+0x116/0x1d0 [ 11.040311] ? __pfx_kthread+0x10/0x10 [ 11.040330] ret_from_fork_asm+0x1a/0x30 [ 11.040361] </TASK> [ 11.040371] [ 11.048593] Allocated by task 183: [ 11.048771] kasan_save_stack+0x45/0x70 [ 11.048971] kasan_save_track+0x18/0x40 [ 11.049152] kasan_save_alloc_info+0x3b/0x50 [ 11.049300] __kasan_krealloc+0x190/0x1f0 [ 11.049505] krealloc_noprof+0xf3/0x340 [ 11.049759] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.050282] krealloc_less_oob+0x1c/0x30 [ 11.050748] kunit_try_run_case+0x1a5/0x480 [ 11.051145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.051696] kthread+0x337/0x6f0 [ 11.052018] ret_from_fork+0x116/0x1d0 [ 11.052428] ret_from_fork_asm+0x1a/0x30 [ 11.052772] [ 11.053021] The buggy address belongs to the object at ffff888100a2a000 [ 11.053021] which belongs to the cache kmalloc-256 of size 256 [ 11.054226] The buggy address is located 0 bytes to the right of [ 11.054226] allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9) [ 11.055385] [ 11.055476] The buggy address belongs to the physical page: [ 11.055940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.056268] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.056814] flags: 0x200000000000040(head|node=0|zone=2) [ 11.057262] page_type: f5(slab) [ 11.057567] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.058346] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.059016] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.059326] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.059896] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.060642] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.061101] page dumped because: kasan: bad access detected [ 11.061327] [ 11.061837] Memory state around the buggy address: [ 11.062095] ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.062375] ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.063165] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.063818] ^ [ 11.064176] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.064786] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.065192] ================================================================== [ 11.274434] ================================================================== [ 11.274979] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.275334] Write of size 1 at addr ffff888102ad20da by task kunit_try_catch/187 [ 11.275630] [ 11.275732] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.275788] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.275799] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.275818] Call Trace: [ 11.275834] <TASK> [ 11.275850] dump_stack_lvl+0x73/0xb0 [ 11.275876] print_report+0xd1/0x650 [ 11.275897] ? __virt_addr_valid+0x1db/0x2d0 [ 11.275918] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.275949] ? kasan_addr_to_slab+0x11/0xa0 [ 11.275968] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.275990] kasan_report+0x141/0x180 [ 11.276010] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.276037] __asan_report_store1_noabort+0x1b/0x30 [ 11.276159] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.276187] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.276209] ? finish_task_switch.isra.0+0x153/0x700 [ 11.276229] ? __switch_to+0x47/0xf50 [ 11.276253] ? __schedule+0x10cc/0x2b60 [ 11.276274] ? __pfx_read_tsc+0x10/0x10 [ 11.276297] krealloc_large_less_oob+0x1c/0x30 [ 11.276318] kunit_try_run_case+0x1a5/0x480 [ 11.276341] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.276361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.276382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.276451] ? __kthread_parkme+0x82/0x180 [ 11.276495] ? preempt_count_sub+0x50/0x80 [ 11.276517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.276539] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.276560] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.276582] kthread+0x337/0x6f0 [ 11.276600] ? trace_preempt_on+0x20/0xc0 [ 11.276623] ? __pfx_kthread+0x10/0x10 [ 11.276659] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.276679] ? calculate_sigpending+0x7b/0xa0 [ 11.276717] ? __pfx_kthread+0x10/0x10 [ 11.276751] ret_from_fork+0x116/0x1d0 [ 11.276769] ? __pfx_kthread+0x10/0x10 [ 11.276788] ret_from_fork_asm+0x1a/0x30 [ 11.276831] </TASK> [ 11.276855] [ 11.285251] The buggy address belongs to the physical page: [ 11.285480] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 11.285813] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.286375] flags: 0x200000000000040(head|node=0|zone=2) [ 11.286647] page_type: f8(unknown) [ 11.286887] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.287169] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.287675] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.288003] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.288332] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 11.288682] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.289019] page dumped because: kasan: bad access detected [ 11.289411] [ 11.289564] Memory state around the buggy address: [ 11.289774] ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.290030] ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.290321] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.290701] ^ [ 11.290990] ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.291319] ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.291620] ================================================================== [ 11.292169] ================================================================== [ 11.292639] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.293414] Write of size 1 at addr ffff888102ad20ea by task kunit_try_catch/187 [ 11.293651] [ 11.293744] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.293786] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.293797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.293815] Call Trace: [ 11.293830] <TASK> [ 11.293845] dump_stack_lvl+0x73/0xb0 [ 11.293872] print_report+0xd1/0x650 [ 11.293985] ? __virt_addr_valid+0x1db/0x2d0 [ 11.294013] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.294035] ? kasan_addr_to_slab+0x11/0xa0 [ 11.294055] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.294077] kasan_report+0x141/0x180 [ 11.294098] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.294124] __asan_report_store1_noabort+0x1b/0x30 [ 11.294147] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.294171] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.294194] ? finish_task_switch.isra.0+0x153/0x700 [ 11.294216] ? __switch_to+0x47/0xf50 [ 11.294241] ? __schedule+0x10cc/0x2b60 [ 11.294262] ? __pfx_read_tsc+0x10/0x10 [ 11.294286] krealloc_large_less_oob+0x1c/0x30 [ 11.294307] kunit_try_run_case+0x1a5/0x480 [ 11.294330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.294351] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.294372] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.294393] ? __kthread_parkme+0x82/0x180 [ 11.294452] ? preempt_count_sub+0x50/0x80 [ 11.294474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.294496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.294517] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.294539] kthread+0x337/0x6f0 [ 11.294558] ? trace_preempt_on+0x20/0xc0 [ 11.294581] ? __pfx_kthread+0x10/0x10 [ 11.294601] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.294620] ? calculate_sigpending+0x7b/0xa0 [ 11.294643] ? __pfx_kthread+0x10/0x10 [ 11.294663] ret_from_fork+0x116/0x1d0 [ 11.294680] ? __pfx_kthread+0x10/0x10 [ 11.294700] ret_from_fork_asm+0x1a/0x30 [ 11.294730] </TASK> [ 11.294741] [ 11.302260] The buggy address belongs to the physical page: [ 11.302714] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 11.303021] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.303312] flags: 0x200000000000040(head|node=0|zone=2) [ 11.303550] page_type: f8(unknown) [ 11.303724] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.303996] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.304285] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.304853] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.305192] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 11.305605] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.305953] page dumped because: kasan: bad access detected [ 11.306176] [ 11.306250] Memory state around the buggy address: [ 11.306440] ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.306773] ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.306995] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.307213] ^ [ 11.307496] ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.307808] ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.308114] ================================================================== [ 11.149067] ================================================================== [ 11.149374] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.150166] Write of size 1 at addr ffff888100a2a0eb by task kunit_try_catch/183 [ 11.150844] [ 11.151151] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.151203] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.151214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.151234] Call Trace: [ 11.151262] <TASK> [ 11.151281] dump_stack_lvl+0x73/0xb0 [ 11.151311] print_report+0xd1/0x650 [ 11.151333] ? __virt_addr_valid+0x1db/0x2d0 [ 11.151355] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.151377] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.151595] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.151623] kasan_report+0x141/0x180 [ 11.151645] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.151674] __asan_report_store1_noabort+0x1b/0x30 [ 11.151698] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.151731] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.151753] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.151781] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.151806] krealloc_less_oob+0x1c/0x30 [ 11.151826] kunit_try_run_case+0x1a5/0x480 [ 11.151849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.151870] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.151891] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.151912] ? __kthread_parkme+0x82/0x180 [ 11.151944] ? preempt_count_sub+0x50/0x80 [ 11.151967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.151990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.152012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.152033] kthread+0x337/0x6f0 [ 11.152051] ? trace_preempt_on+0x20/0xc0 [ 11.152074] ? __pfx_kthread+0x10/0x10 [ 11.152094] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.152113] ? calculate_sigpending+0x7b/0xa0 [ 11.152136] ? __pfx_kthread+0x10/0x10 [ 11.152156] ret_from_fork+0x116/0x1d0 [ 11.152174] ? __pfx_kthread+0x10/0x10 [ 11.152194] ret_from_fork_asm+0x1a/0x30 [ 11.152223] </TASK> [ 11.152234] [ 11.162102] Allocated by task 183: [ 11.162265] kasan_save_stack+0x45/0x70 [ 11.162495] kasan_save_track+0x18/0x40 [ 11.162628] kasan_save_alloc_info+0x3b/0x50 [ 11.163083] __kasan_krealloc+0x190/0x1f0 [ 11.163244] krealloc_noprof+0xf3/0x340 [ 11.163493] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.163975] krealloc_less_oob+0x1c/0x30 [ 11.164169] kunit_try_run_case+0x1a5/0x480 [ 11.164359] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.164759] kthread+0x337/0x6f0 [ 11.164892] ret_from_fork+0x116/0x1d0 [ 11.165085] ret_from_fork_asm+0x1a/0x30 [ 11.165277] [ 11.165372] The buggy address belongs to the object at ffff888100a2a000 [ 11.165372] which belongs to the cache kmalloc-256 of size 256 [ 11.166008] The buggy address is located 34 bytes to the right of [ 11.166008] allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9) [ 11.166945] [ 11.167038] The buggy address belongs to the physical page: [ 11.167203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.167794] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.168222] flags: 0x200000000000040(head|node=0|zone=2) [ 11.168794] page_type: f5(slab) [ 11.168991] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.169668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.170011] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.170378] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.170951] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.171352] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.171781] page dumped because: kasan: bad access detected [ 11.172048] [ 11.172123] Memory state around the buggy address: [ 11.172325] ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.172783] ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.173069] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.173363] ^ [ 11.173590] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.173832] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.174321] ================================================================== [ 11.231502] ================================================================== [ 11.232099] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 11.232347] Write of size 1 at addr ffff888102ad20c9 by task kunit_try_catch/187 [ 11.232602] [ 11.232687] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.233073] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.233087] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.233109] Call Trace: [ 11.233122] <TASK> [ 11.233140] dump_stack_lvl+0x73/0xb0 [ 11.233170] print_report+0xd1/0x650 [ 11.233192] ? __virt_addr_valid+0x1db/0x2d0 [ 11.233214] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.233236] ? kasan_addr_to_slab+0x11/0xa0 [ 11.233255] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.233277] kasan_report+0x141/0x180 [ 11.233298] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 11.233324] __asan_report_store1_noabort+0x1b/0x30 [ 11.233347] krealloc_less_oob_helper+0xd70/0x11d0 [ 11.233371] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.233615] ? finish_task_switch.isra.0+0x153/0x700 [ 11.233642] ? __switch_to+0x47/0xf50 [ 11.233669] ? __schedule+0x10cc/0x2b60 [ 11.233696] ? __pfx_read_tsc+0x10/0x10 [ 11.233720] krealloc_large_less_oob+0x1c/0x30 [ 11.233742] kunit_try_run_case+0x1a5/0x480 [ 11.233765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.233786] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.233807] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.233828] ? __kthread_parkme+0x82/0x180 [ 11.233847] ? preempt_count_sub+0x50/0x80 [ 11.233868] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.233890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.233913] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.233947] kthread+0x337/0x6f0 [ 11.233965] ? trace_preempt_on+0x20/0xc0 [ 11.233989] ? __pfx_kthread+0x10/0x10 [ 11.234008] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.234027] ? calculate_sigpending+0x7b/0xa0 [ 11.234050] ? __pfx_kthread+0x10/0x10 [ 11.234070] ret_from_fork+0x116/0x1d0 [ 11.234087] ? __pfx_kthread+0x10/0x10 [ 11.234106] ret_from_fork_asm+0x1a/0x30 [ 11.234135] </TASK> [ 11.234147] [ 11.247603] The buggy address belongs to the physical page: [ 11.248091] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 11.248483] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.248886] flags: 0x200000000000040(head|node=0|zone=2) [ 11.249408] page_type: f8(unknown) [ 11.249768] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.250104] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.250329] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.250982] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.251748] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 11.252580] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.252894] page dumped because: kasan: bad access detected [ 11.253077] [ 11.253144] Memory state around the buggy address: [ 11.253292] ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.253566] ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.253997] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.254385] ^ [ 11.254619] ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.254961] ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.255264] ================================================================== [ 11.066896] ================================================================== [ 11.067229] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.067563] Write of size 1 at addr ffff888100a2a0d0 by task kunit_try_catch/183 [ 11.068154] [ 11.068257] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.068306] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.068317] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.068337] Call Trace: [ 11.068349] <TASK> [ 11.068366] dump_stack_lvl+0x73/0xb0 [ 11.068460] print_report+0xd1/0x650 [ 11.068509] ? __virt_addr_valid+0x1db/0x2d0 [ 11.068531] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.068553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.068584] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.068607] kasan_report+0x141/0x180 [ 11.068627] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.068655] __asan_report_store1_noabort+0x1b/0x30 [ 11.068687] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.068711] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.068733] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.068771] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.068796] krealloc_less_oob+0x1c/0x30 [ 11.068816] kunit_try_run_case+0x1a5/0x480 [ 11.068839] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.068860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.068881] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.068902] ? __kthread_parkme+0x82/0x180 [ 11.068921] ? preempt_count_sub+0x50/0x80 [ 11.068953] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.068975] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.068996] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.069017] kthread+0x337/0x6f0 [ 11.069036] ? trace_preempt_on+0x20/0xc0 [ 11.069059] ? __pfx_kthread+0x10/0x10 [ 11.069079] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.069098] ? calculate_sigpending+0x7b/0xa0 [ 11.069122] ? __pfx_kthread+0x10/0x10 [ 11.069142] ret_from_fork+0x116/0x1d0 [ 11.069160] ? __pfx_kthread+0x10/0x10 [ 11.069179] ret_from_fork_asm+0x1a/0x30 [ 11.069209] </TASK> [ 11.069220] [ 11.078187] Allocated by task 183: [ 11.078316] kasan_save_stack+0x45/0x70 [ 11.078454] kasan_save_track+0x18/0x40 [ 11.078583] kasan_save_alloc_info+0x3b/0x50 [ 11.078947] __kasan_krealloc+0x190/0x1f0 [ 11.079360] krealloc_noprof+0xf3/0x340 [ 11.081242] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.081421] krealloc_less_oob+0x1c/0x30 [ 11.081553] kunit_try_run_case+0x1a5/0x480 [ 11.081699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.081866] kthread+0x337/0x6f0 [ 11.081996] ret_from_fork+0x116/0x1d0 [ 11.082199] ret_from_fork_asm+0x1a/0x30 [ 11.082428] [ 11.082510] The buggy address belongs to the object at ffff888100a2a000 [ 11.082510] which belongs to the cache kmalloc-256 of size 256 [ 11.084119] The buggy address is located 7 bytes to the right of [ 11.084119] allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9) [ 11.084511] [ 11.084582] The buggy address belongs to the physical page: [ 11.085040] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.085563] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.085858] flags: 0x200000000000040(head|node=0|zone=2) [ 11.086053] page_type: f5(slab) [ 11.086170] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.086391] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.086920] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.088782] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.089048] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.089389] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.089640] page dumped because: kasan: bad access detected [ 11.089809] [ 11.089873] Memory state around the buggy address: [ 11.090774] ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.091102] ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.091399] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.091864] ^ [ 11.092138] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.092559] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.092846] ================================================================== [ 11.308389] ================================================================== [ 11.308607] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.309148] Write of size 1 at addr ffff888102ad20eb by task kunit_try_catch/187 [ 11.309486] [ 11.309593] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.309639] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.309649] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.309669] Call Trace: [ 11.309694] <TASK> [ 11.309898] dump_stack_lvl+0x73/0xb0 [ 11.309949] print_report+0xd1/0x650 [ 11.309972] ? __virt_addr_valid+0x1db/0x2d0 [ 11.309994] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.310016] ? kasan_addr_to_slab+0x11/0xa0 [ 11.310035] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.310057] kasan_report+0x141/0x180 [ 11.310078] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.310104] __asan_report_store1_noabort+0x1b/0x30 [ 11.310128] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.310152] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.310174] ? finish_task_switch.isra.0+0x153/0x700 [ 11.310195] ? __switch_to+0x47/0xf50 [ 11.310219] ? __schedule+0x10cc/0x2b60 [ 11.310240] ? __pfx_read_tsc+0x10/0x10 [ 11.310263] krealloc_large_less_oob+0x1c/0x30 [ 11.310284] kunit_try_run_case+0x1a5/0x480 [ 11.310307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.310328] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.310349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.310370] ? __kthread_parkme+0x82/0x180 [ 11.310389] ? preempt_count_sub+0x50/0x80 [ 11.310469] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.310494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.310516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.310537] kthread+0x337/0x6f0 [ 11.310556] ? trace_preempt_on+0x20/0xc0 [ 11.310578] ? __pfx_kthread+0x10/0x10 [ 11.310598] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.310617] ? calculate_sigpending+0x7b/0xa0 [ 11.310640] ? __pfx_kthread+0x10/0x10 [ 11.310660] ret_from_fork+0x116/0x1d0 [ 11.310678] ? __pfx_kthread+0x10/0x10 [ 11.310698] ret_from_fork_asm+0x1a/0x30 [ 11.310728] </TASK> [ 11.310740] [ 11.318332] The buggy address belongs to the physical page: [ 11.318535] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 11.318776] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.319295] flags: 0x200000000000040(head|node=0|zone=2) [ 11.319637] page_type: f8(unknown) [ 11.319764] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.320025] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.320353] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.320790] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.321106] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 11.321369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.321952] page dumped because: kasan: bad access detected [ 11.322156] [ 11.322246] Memory state around the buggy address: [ 11.322516] ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.322807] ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.323100] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.323367] ^ [ 11.323665] ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.323955] ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.324243] ================================================================== [ 11.255744] ================================================================== [ 11.256076] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 11.256394] Write of size 1 at addr ffff888102ad20d0 by task kunit_try_catch/187 [ 11.256742] [ 11.256823] CPU: 1 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.256865] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.256875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.256894] Call Trace: [ 11.256910] <TASK> [ 11.256925] dump_stack_lvl+0x73/0xb0 [ 11.257104] print_report+0xd1/0x650 [ 11.257127] ? __virt_addr_valid+0x1db/0x2d0 [ 11.257167] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.257283] ? kasan_addr_to_slab+0x11/0xa0 [ 11.257303] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.257326] kasan_report+0x141/0x180 [ 11.257347] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 11.257373] __asan_report_store1_noabort+0x1b/0x30 [ 11.257408] krealloc_less_oob_helper+0xe23/0x11d0 [ 11.257433] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.257455] ? finish_task_switch.isra.0+0x153/0x700 [ 11.257476] ? __switch_to+0x47/0xf50 [ 11.257501] ? __schedule+0x10cc/0x2b60 [ 11.257522] ? __pfx_read_tsc+0x10/0x10 [ 11.257609] krealloc_large_less_oob+0x1c/0x30 [ 11.257635] kunit_try_run_case+0x1a5/0x480 [ 11.257659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.257679] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.257706] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.257748] ? __kthread_parkme+0x82/0x180 [ 11.257768] ? preempt_count_sub+0x50/0x80 [ 11.257791] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.257828] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.257851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.257873] kthread+0x337/0x6f0 [ 11.257891] ? trace_preempt_on+0x20/0xc0 [ 11.257914] ? __pfx_kthread+0x10/0x10 [ 11.257945] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.257964] ? calculate_sigpending+0x7b/0xa0 [ 11.257987] ? __pfx_kthread+0x10/0x10 [ 11.258008] ret_from_fork+0x116/0x1d0 [ 11.258025] ? __pfx_kthread+0x10/0x10 [ 11.258044] ret_from_fork_asm+0x1a/0x30 [ 11.258074] </TASK> [ 11.258085] [ 11.267881] The buggy address belongs to the physical page: [ 11.268168] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 11.268539] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.268939] flags: 0x200000000000040(head|node=0|zone=2) [ 11.269177] page_type: f8(unknown) [ 11.269320] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.269767] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.270063] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.270322] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.270991] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 11.271291] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.271648] page dumped because: kasan: bad access detected [ 11.271942] [ 11.272032] Memory state around the buggy address: [ 11.272258] ffff888102ad1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.272571] ffff888102ad2000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.272847] >ffff888102ad2080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.273184] ^ [ 11.273526] ffff888102ad2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.273860] ffff888102ad2180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.274139] ================================================================== [ 11.093454] ================================================================== [ 11.093818] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.094160] Write of size 1 at addr ffff888100a2a0da by task kunit_try_catch/183 [ 11.094433] [ 11.094512] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.094559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.094570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.094589] Call Trace: [ 11.094607] <TASK> [ 11.094625] dump_stack_lvl+0x73/0xb0 [ 11.094653] print_report+0xd1/0x650 [ 11.094688] ? __virt_addr_valid+0x1db/0x2d0 [ 11.094795] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.094818] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.094839] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.094861] kasan_report+0x141/0x180 [ 11.094882] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.094909] __asan_report_store1_noabort+0x1b/0x30 [ 11.094962] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.094987] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.095008] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.095037] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.095217] krealloc_less_oob+0x1c/0x30 [ 11.095253] kunit_try_run_case+0x1a5/0x480 [ 11.095277] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.095297] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.095331] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.095352] ? __kthread_parkme+0x82/0x180 [ 11.095372] ? preempt_count_sub+0x50/0x80 [ 11.095394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.095468] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.095490] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.095512] kthread+0x337/0x6f0 [ 11.095530] ? trace_preempt_on+0x20/0xc0 [ 11.095554] ? __pfx_kthread+0x10/0x10 [ 11.095573] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.095604] ? calculate_sigpending+0x7b/0xa0 [ 11.095626] ? __pfx_kthread+0x10/0x10 [ 11.095646] ret_from_fork+0x116/0x1d0 [ 11.095677] ? __pfx_kthread+0x10/0x10 [ 11.095697] ret_from_fork_asm+0x1a/0x30 [ 11.095727] </TASK> [ 11.095739] [ 11.106405] Allocated by task 183: [ 11.107085] kasan_save_stack+0x45/0x70 [ 11.107295] kasan_save_track+0x18/0x40 [ 11.107652] kasan_save_alloc_info+0x3b/0x50 [ 11.107864] __kasan_krealloc+0x190/0x1f0 [ 11.108184] krealloc_noprof+0xf3/0x340 [ 11.108343] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.108965] krealloc_less_oob+0x1c/0x30 [ 11.109183] kunit_try_run_case+0x1a5/0x480 [ 11.109533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.109768] kthread+0x337/0x6f0 [ 11.110084] ret_from_fork+0x116/0x1d0 [ 11.110274] ret_from_fork_asm+0x1a/0x30 [ 11.110602] [ 11.110700] The buggy address belongs to the object at ffff888100a2a000 [ 11.110700] which belongs to the cache kmalloc-256 of size 256 [ 11.111584] The buggy address is located 17 bytes to the right of [ 11.111584] allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9) [ 11.112329] [ 11.112502] The buggy address belongs to the physical page: [ 11.112875] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.113264] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.113784] flags: 0x200000000000040(head|node=0|zone=2) [ 11.114042] page_type: f5(slab) [ 11.114193] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.114668] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.114951] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.115284] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.115643] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.115923] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.116247] page dumped because: kasan: bad access detected [ 11.116457] [ 11.116543] Memory state around the buggy address: [ 11.117166] ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.117587] ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.117887] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.118164] ^ [ 11.118398] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.118643] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.118956] ================================================================== [ 11.119470] ================================================================== [ 11.119820] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.120164] Write of size 1 at addr ffff888100a2a0ea by task kunit_try_catch/183 [ 11.120430] [ 11.120519] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.120566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.120577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.120598] Call Trace: [ 11.120618] <TASK> [ 11.120638] dump_stack_lvl+0x73/0xb0 [ 11.120667] print_report+0xd1/0x650 [ 11.120689] ? __virt_addr_valid+0x1db/0x2d0 [ 11.120711] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.120734] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.120754] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.120777] kasan_report+0x141/0x180 [ 11.120798] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.120824] __asan_report_store1_noabort+0x1b/0x30 [ 11.120847] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.120871] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.120893] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.120920] ? __pfx_krealloc_less_oob+0x10/0x10 [ 11.120957] krealloc_less_oob+0x1c/0x30 [ 11.120977] kunit_try_run_case+0x1a5/0x480 [ 11.121000] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.121021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.121043] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.121064] ? __kthread_parkme+0x82/0x180 [ 11.121084] ? preempt_count_sub+0x50/0x80 [ 11.121106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.121128] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.121150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.121646] kthread+0x337/0x6f0 [ 11.121665] ? trace_preempt_on+0x20/0xc0 [ 11.121695] ? __pfx_kthread+0x10/0x10 [ 11.121714] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.121733] ? calculate_sigpending+0x7b/0xa0 [ 11.121756] ? __pfx_kthread+0x10/0x10 [ 11.121777] ret_from_fork+0x116/0x1d0 [ 11.121795] ? __pfx_kthread+0x10/0x10 [ 11.121814] ret_from_fork_asm+0x1a/0x30 [ 11.121846] </TASK> [ 11.121858] [ 11.133005] Allocated by task 183: [ 11.133172] kasan_save_stack+0x45/0x70 [ 11.133370] kasan_save_track+0x18/0x40 [ 11.133754] kasan_save_alloc_info+0x3b/0x50 [ 11.133964] __kasan_krealloc+0x190/0x1f0 [ 11.134141] krealloc_noprof+0xf3/0x340 [ 11.134307] krealloc_less_oob_helper+0x1aa/0x11d0 [ 11.134579] krealloc_less_oob+0x1c/0x30 [ 11.134763] kunit_try_run_case+0x1a5/0x480 [ 11.134956] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.135175] kthread+0x337/0x6f0 [ 11.135326] ret_from_fork+0x116/0x1d0 [ 11.136250] ret_from_fork_asm+0x1a/0x30 [ 11.136467] [ 11.136541] The buggy address belongs to the object at ffff888100a2a000 [ 11.136541] which belongs to the cache kmalloc-256 of size 256 [ 11.137617] The buggy address is located 33 bytes to the right of [ 11.137617] allocated 201-byte region [ffff888100a2a000, ffff888100a2a0c9) [ 11.138178] [ 11.138267] The buggy address belongs to the physical page: [ 11.139003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a2a [ 11.139691] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.140349] flags: 0x200000000000040(head|node=0|zone=2) [ 11.140603] page_type: f5(slab) [ 11.140760] raw: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.141510] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.142002] head: 0200000000000040 ffff888100041b40 ffffea0004028c00 dead000000000002 [ 11.142872] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.143221] head: 0200000000000001 ffffea0004028a81 00000000ffffffff 00000000ffffffff [ 11.143824] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.144289] page dumped because: kasan: bad access detected [ 11.144979] [ 11.145079] Memory state around the buggy address: [ 11.145465] ffff888100a29f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.145764] ffff888100a2a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.146060] >ffff888100a2a080: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 11.146329] ^ [ 11.147126] ffff888100a2a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.147479] ffff888100a2a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.148111] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 11.178120] ================================================================== [ 11.178850] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 11.179115] Write of size 1 at addr ffff888102a8a0eb by task kunit_try_catch/185 [ 11.179326] [ 11.179467] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.179557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.179582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.179617] Call Trace: [ 11.179872] <TASK> [ 11.179910] dump_stack_lvl+0x73/0xb0 [ 11.180053] print_report+0xd1/0x650 [ 11.180076] ? __virt_addr_valid+0x1db/0x2d0 [ 11.180102] ? krealloc_more_oob_helper+0x821/0x930 [ 11.180125] ? kasan_addr_to_slab+0x11/0xa0 [ 11.180145] ? krealloc_more_oob_helper+0x821/0x930 [ 11.180167] kasan_report+0x141/0x180 [ 11.180188] ? krealloc_more_oob_helper+0x821/0x930 [ 11.180216] __asan_report_store1_noabort+0x1b/0x30 [ 11.180239] krealloc_more_oob_helper+0x821/0x930 [ 11.180260] ? __schedule+0x10cc/0x2b60 [ 11.180282] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.180305] ? finish_task_switch.isra.0+0x153/0x700 [ 11.180327] ? __switch_to+0x47/0xf50 [ 11.180353] ? __schedule+0x10cc/0x2b60 [ 11.180372] ? __pfx_read_tsc+0x10/0x10 [ 11.180462] krealloc_large_more_oob+0x1c/0x30 [ 11.180486] kunit_try_run_case+0x1a5/0x480 [ 11.180511] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.180532] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.180554] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.180575] ? __kthread_parkme+0x82/0x180 [ 11.180595] ? preempt_count_sub+0x50/0x80 [ 11.180617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.180639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.180661] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.180682] kthread+0x337/0x6f0 [ 11.180701] ? trace_preempt_on+0x20/0xc0 [ 11.180725] ? __pfx_kthread+0x10/0x10 [ 11.180745] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.180764] ? calculate_sigpending+0x7b/0xa0 [ 11.180788] ? __pfx_kthread+0x10/0x10 [ 11.180808] ret_from_fork+0x116/0x1d0 [ 11.180825] ? __pfx_kthread+0x10/0x10 [ 11.180845] ret_from_fork_asm+0x1a/0x30 [ 11.180875] </TASK> [ 11.180886] [ 11.196021] The buggy address belongs to the physical page: [ 11.196198] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88 [ 11.196432] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.196644] flags: 0x200000000000040(head|node=0|zone=2) [ 11.196974] page_type: f8(unknown) [ 11.197174] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.197457] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.197730] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.198105] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.198405] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff [ 11.198716] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.199156] page dumped because: kasan: bad access detected [ 11.199381] [ 11.199789] Memory state around the buggy address: [ 11.200005] ffff888102a89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.200283] ffff888102a8a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.201274] >ffff888102a8a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.201947] ^ [ 11.202464] ffff888102a8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.202981] ffff888102a8a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.203266] ================================================================== [ 10.976287] ================================================================== [ 10.976860] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.977118] Write of size 1 at addr ffff8881003352eb by task kunit_try_catch/181 [ 10.977332] [ 10.977482] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.977529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.977540] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.977559] Call Trace: [ 10.977571] <TASK> [ 10.977587] dump_stack_lvl+0x73/0xb0 [ 10.977616] print_report+0xd1/0x650 [ 10.977637] ? __virt_addr_valid+0x1db/0x2d0 [ 10.977660] ? krealloc_more_oob_helper+0x821/0x930 [ 10.977688] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.977709] ? krealloc_more_oob_helper+0x821/0x930 [ 10.977735] kasan_report+0x141/0x180 [ 10.977768] ? krealloc_more_oob_helper+0x821/0x930 [ 10.977795] __asan_report_store1_noabort+0x1b/0x30 [ 10.977817] krealloc_more_oob_helper+0x821/0x930 [ 10.977851] ? __schedule+0x10cc/0x2b60 [ 10.977871] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.977894] ? finish_task_switch.isra.0+0x153/0x700 [ 10.977915] ? __switch_to+0x47/0xf50 [ 10.977949] ? __schedule+0x10cc/0x2b60 [ 10.977969] ? __pfx_read_tsc+0x10/0x10 [ 10.977993] krealloc_more_oob+0x1c/0x30 [ 10.978013] kunit_try_run_case+0x1a5/0x480 [ 10.978038] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.978058] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.978079] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.978100] ? __kthread_parkme+0x82/0x180 [ 10.978120] ? preempt_count_sub+0x50/0x80 [ 10.978141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.978163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.978194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.978216] kthread+0x337/0x6f0 [ 10.978234] ? trace_preempt_on+0x20/0xc0 [ 10.978268] ? __pfx_kthread+0x10/0x10 [ 10.978288] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.978307] ? calculate_sigpending+0x7b/0xa0 [ 10.978330] ? __pfx_kthread+0x10/0x10 [ 10.978351] ret_from_fork+0x116/0x1d0 [ 10.978369] ? __pfx_kthread+0x10/0x10 [ 10.978416] ret_from_fork_asm+0x1a/0x30 [ 10.978446] </TASK> [ 10.978456] [ 10.992586] Allocated by task 181: [ 10.992714] kasan_save_stack+0x45/0x70 [ 10.992850] kasan_save_track+0x18/0x40 [ 10.992987] kasan_save_alloc_info+0x3b/0x50 [ 10.993129] __kasan_krealloc+0x190/0x1f0 [ 10.993259] krealloc_noprof+0xf3/0x340 [ 10.993387] krealloc_more_oob_helper+0x1a9/0x930 [ 10.993538] krealloc_more_oob+0x1c/0x30 [ 10.993667] kunit_try_run_case+0x1a5/0x480 [ 10.993810] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.994794] kthread+0x337/0x6f0 [ 10.994978] ret_from_fork+0x116/0x1d0 [ 10.995112] ret_from_fork_asm+0x1a/0x30 [ 10.995246] [ 10.995314] The buggy address belongs to the object at ffff888100335200 [ 10.995314] which belongs to the cache kmalloc-256 of size 256 [ 10.995941] The buggy address is located 0 bytes to the right of [ 10.995941] allocated 235-byte region [ffff888100335200, ffff8881003352eb) [ 10.996550] [ 10.996656] The buggy address belongs to the physical page: [ 10.996921] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100334 [ 10.997292] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.997602] flags: 0x200000000000040(head|node=0|zone=2) [ 10.997781] page_type: f5(slab) [ 10.997901] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.998244] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.998654] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.998879] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.999131] head: 0200000000000001 ffffea000400cd01 00000000ffffffff 00000000ffffffff [ 10.999538] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.999864] page dumped because: kasan: bad access detected [ 11.000102] [ 11.000177] Memory state around the buggy address: [ 11.000329] ffff888100335180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.000660] ffff888100335200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.000975] >ffff888100335280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.001438] ^ [ 11.001715] ffff888100335300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.001998] ffff888100335380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.002327] ================================================================== [ 11.204678] ================================================================== [ 11.204983] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.205301] Write of size 1 at addr ffff888102a8a0f0 by task kunit_try_catch/185 [ 11.205915] [ 11.206478] CPU: 0 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.206530] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.206555] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.206573] Call Trace: [ 11.206590] <TASK> [ 11.206637] dump_stack_lvl+0x73/0xb0 [ 11.206669] print_report+0xd1/0x650 [ 11.206691] ? __virt_addr_valid+0x1db/0x2d0 [ 11.206716] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.206738] ? kasan_addr_to_slab+0x11/0xa0 [ 11.206758] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.206781] kasan_report+0x141/0x180 [ 11.206801] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.206828] __asan_report_store1_noabort+0x1b/0x30 [ 11.206851] krealloc_more_oob_helper+0x7eb/0x930 [ 11.206872] ? __schedule+0x10cc/0x2b60 [ 11.206893] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.206916] ? finish_task_switch.isra.0+0x153/0x700 [ 11.206948] ? __switch_to+0x47/0xf50 [ 11.206973] ? __schedule+0x10cc/0x2b60 [ 11.206994] ? __pfx_read_tsc+0x10/0x10 [ 11.207018] krealloc_large_more_oob+0x1c/0x30 [ 11.207039] kunit_try_run_case+0x1a5/0x480 [ 11.207062] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.207083] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.207104] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.207125] ? __kthread_parkme+0x82/0x180 [ 11.207145] ? preempt_count_sub+0x50/0x80 [ 11.207166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.207188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.207210] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.207231] kthread+0x337/0x6f0 [ 11.207250] ? trace_preempt_on+0x20/0xc0 [ 11.207273] ? __pfx_kthread+0x10/0x10 [ 11.207293] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.207312] ? calculate_sigpending+0x7b/0xa0 [ 11.207336] ? __pfx_kthread+0x10/0x10 [ 11.207356] ret_from_fork+0x116/0x1d0 [ 11.207374] ? __pfx_kthread+0x10/0x10 [ 11.207406] ret_from_fork_asm+0x1a/0x30 [ 11.207436] </TASK> [ 11.207447] [ 11.219695] The buggy address belongs to the physical page: [ 11.220053] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88 [ 11.220355] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.221036] flags: 0x200000000000040(head|node=0|zone=2) [ 11.221509] page_type: f8(unknown) [ 11.221724] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.222045] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.222348] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.222945] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 11.223544] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff [ 11.223989] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.224292] page dumped because: kasan: bad access detected [ 11.224914] [ 11.225180] Memory state around the buggy address: [ 11.225520] ffff888102a89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.226160] ffff888102a8a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.226645] >ffff888102a8a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 11.227071] ^ [ 11.227345] ffff888102a8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.227857] ffff888102a8a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.228156] ================================================================== [ 11.004734] ================================================================== [ 11.005059] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 11.005963] Write of size 1 at addr ffff8881003352f0 by task kunit_try_catch/181 [ 11.006405] [ 11.006749] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.006800] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.006811] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.006829] Call Trace: [ 11.006840] <TASK> [ 11.006855] dump_stack_lvl+0x73/0xb0 [ 11.006885] print_report+0xd1/0x650 [ 11.006906] ? __virt_addr_valid+0x1db/0x2d0 [ 11.006928] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.006962] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.006982] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.007004] kasan_report+0x141/0x180 [ 11.007026] ? krealloc_more_oob_helper+0x7eb/0x930 [ 11.007052] __asan_report_store1_noabort+0x1b/0x30 [ 11.007075] krealloc_more_oob_helper+0x7eb/0x930 [ 11.007096] ? __schedule+0x10cc/0x2b60 [ 11.007116] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 11.007139] ? finish_task_switch.isra.0+0x153/0x700 [ 11.007160] ? __switch_to+0x47/0xf50 [ 11.007185] ? __schedule+0x10cc/0x2b60 [ 11.007204] ? __pfx_read_tsc+0x10/0x10 [ 11.007228] krealloc_more_oob+0x1c/0x30 [ 11.007247] kunit_try_run_case+0x1a5/0x480 [ 11.007269] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.007289] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.007310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.007332] ? __kthread_parkme+0x82/0x180 [ 11.007351] ? preempt_count_sub+0x50/0x80 [ 11.007372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.007405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.007427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.007448] kthread+0x337/0x6f0 [ 11.007466] ? trace_preempt_on+0x20/0xc0 [ 11.007488] ? __pfx_kthread+0x10/0x10 [ 11.007508] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.007528] ? calculate_sigpending+0x7b/0xa0 [ 11.007550] ? __pfx_kthread+0x10/0x10 [ 11.007570] ret_from_fork+0x116/0x1d0 [ 11.007587] ? __pfx_kthread+0x10/0x10 [ 11.007607] ret_from_fork_asm+0x1a/0x30 [ 11.007636] </TASK> [ 11.007647] [ 11.018253] Allocated by task 181: [ 11.018809] kasan_save_stack+0x45/0x70 [ 11.019026] kasan_save_track+0x18/0x40 [ 11.019335] kasan_save_alloc_info+0x3b/0x50 [ 11.019913] __kasan_krealloc+0x190/0x1f0 [ 11.020208] krealloc_noprof+0xf3/0x340 [ 11.020374] krealloc_more_oob_helper+0x1a9/0x930 [ 11.020869] krealloc_more_oob+0x1c/0x30 [ 11.021192] kunit_try_run_case+0x1a5/0x480 [ 11.021573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.021831] kthread+0x337/0x6f0 [ 11.021997] ret_from_fork+0x116/0x1d0 [ 11.022166] ret_from_fork_asm+0x1a/0x30 [ 11.022342] [ 11.022809] The buggy address belongs to the object at ffff888100335200 [ 11.022809] which belongs to the cache kmalloc-256 of size 256 [ 11.023386] The buggy address is located 5 bytes to the right of [ 11.023386] allocated 235-byte region [ffff888100335200, ffff8881003352eb) [ 11.024151] [ 11.024235] The buggy address belongs to the physical page: [ 11.024866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100334 [ 11.025350] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.025886] flags: 0x200000000000040(head|node=0|zone=2) [ 11.026137] page_type: f5(slab) [ 11.026288] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.027285] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.028024] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 11.028585] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.028894] head: 0200000000000001 ffffea000400cd01 00000000ffffffff 00000000ffffffff [ 11.029205] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.029855] page dumped because: kasan: bad access detected [ 11.030335] [ 11.030672] Memory state around the buggy address: [ 11.031137] ffff888100335180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.031747] ffff888100335200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.032048] >ffff888100335280: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 11.032332] ^ [ 11.032899] ffff888100335300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.033530] ffff888100335380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.033833] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 249.445792] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 13.327728] ================================================================== [ 13.328239] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 13.328536] Read of size 1 at addr ffff8881039ffc3f by task kunit_try_catch/276 [ 13.329143] [ 13.329253] CPU: 1 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.329299] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.329310] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.329330] Call Trace: [ 13.329342] <TASK> [ 13.329357] dump_stack_lvl+0x73/0xb0 [ 13.329385] print_report+0xd1/0x650 [ 13.329490] ? __virt_addr_valid+0x1db/0x2d0 [ 13.329514] ? kasan_alloca_oob_left+0x320/0x380 [ 13.329552] ? kasan_addr_to_slab+0x11/0xa0 [ 13.329572] ? kasan_alloca_oob_left+0x320/0x380 [ 13.329608] kasan_report+0x141/0x180 [ 13.329629] ? kasan_alloca_oob_left+0x320/0x380 [ 13.329655] __asan_report_load1_noabort+0x18/0x20 [ 13.329678] kasan_alloca_oob_left+0x320/0x380 [ 13.329706] ? finish_task_switch.isra.0+0x153/0x700 [ 13.329727] ? rwsem_down_read_slowpath+0x58e/0xb90 [ 13.329752] ? trace_hardirqs_on+0x37/0xe0 [ 13.329777] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 13.329801] ? __schedule+0x10cc/0x2b60 [ 13.329822] ? __pfx_read_tsc+0x10/0x10 [ 13.329842] ? ktime_get_ts64+0x86/0x230 [ 13.329865] kunit_try_run_case+0x1a5/0x480 [ 13.329889] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.329910] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.329942] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.329964] ? __kthread_parkme+0x82/0x180 [ 13.329983] ? preempt_count_sub+0x50/0x80 [ 13.330005] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.330028] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.330050] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.330073] kthread+0x337/0x6f0 [ 13.330092] ? trace_preempt_on+0x20/0xc0 [ 13.330113] ? __pfx_kthread+0x10/0x10 [ 13.330133] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.330152] ? calculate_sigpending+0x7b/0xa0 [ 13.330176] ? __pfx_kthread+0x10/0x10 [ 13.330197] ret_from_fork+0x116/0x1d0 [ 13.330215] ? __pfx_kthread+0x10/0x10 [ 13.330234] ret_from_fork_asm+0x1a/0x30 [ 13.330264] </TASK> [ 13.330274] [ 13.340653] The buggy address belongs to stack of task kunit_try_catch/276 [ 13.340938] [ 13.341024] The buggy address belongs to the physical page: [ 13.341242] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039ff [ 13.342103] flags: 0x200000000000000(node=0|zone=2) [ 13.342397] raw: 0200000000000000 ffffea00040e7fc8 ffffea00040e7fc8 0000000000000000 [ 13.342915] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.343491] page dumped because: kasan: bad access detected [ 13.343860] [ 13.344150] Memory state around the buggy address: [ 13.344362] ffff8881039ffb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.344907] ffff8881039ffb80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.345214] >ffff8881039ffc00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.345924] ^ [ 13.346222] ffff8881039ffc80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.346728] ffff8881039ffd00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.347027] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 13.298805] ================================================================== [ 13.299456] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 13.300034] Read of size 1 at addr ffff88810394fd02 by task kunit_try_catch/274 [ 13.300449] [ 13.300841] CPU: 0 UID: 0 PID: 274 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.300893] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.300904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.301299] Call Trace: [ 13.301312] <TASK> [ 13.301328] dump_stack_lvl+0x73/0xb0 [ 13.301359] print_report+0xd1/0x650 [ 13.301382] ? __virt_addr_valid+0x1db/0x2d0 [ 13.301405] ? kasan_stack_oob+0x2b5/0x300 [ 13.301424] ? kasan_addr_to_slab+0x11/0xa0 [ 13.301443] ? kasan_stack_oob+0x2b5/0x300 [ 13.301463] kasan_report+0x141/0x180 [ 13.301483] ? kasan_stack_oob+0x2b5/0x300 [ 13.301507] __asan_report_load1_noabort+0x18/0x20 [ 13.301530] kasan_stack_oob+0x2b5/0x300 [ 13.301549] ? __pfx_kasan_stack_oob+0x10/0x10 [ 13.301568] ? finish_task_switch.isra.0+0x153/0x700 [ 13.301590] ? __switch_to+0x47/0xf50 [ 13.301616] ? __schedule+0x10cc/0x2b60 [ 13.301639] ? __pfx_read_tsc+0x10/0x10 [ 13.301661] ? ktime_get_ts64+0x86/0x230 [ 13.301693] kunit_try_run_case+0x1a5/0x480 [ 13.301717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.301738] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.301760] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.301782] ? __kthread_parkme+0x82/0x180 [ 13.301803] ? preempt_count_sub+0x50/0x80 [ 13.301825] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.301848] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.301871] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.301893] kthread+0x337/0x6f0 [ 13.301913] ? trace_preempt_on+0x20/0xc0 [ 13.301949] ? __pfx_kthread+0x10/0x10 [ 13.301970] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.301990] ? calculate_sigpending+0x7b/0xa0 [ 13.302013] ? __pfx_kthread+0x10/0x10 [ 13.302034] ret_from_fork+0x116/0x1d0 [ 13.302053] ? __pfx_kthread+0x10/0x10 [ 13.302073] ret_from_fork_asm+0x1a/0x30 [ 13.302104] </TASK> [ 13.302114] [ 13.312444] The buggy address belongs to stack of task kunit_try_catch/274 [ 13.313107] and is located at offset 138 in frame: [ 13.313339] kasan_stack_oob+0x0/0x300 [ 13.314112] [ 13.314228] This frame has 4 objects: [ 13.314696] [48, 49) '__assertion' [ 13.314731] [64, 72) 'array' [ 13.314895] [96, 112) '__assertion' [ 13.315035] [128, 138) 'stack_array' [ 13.315517] [ 13.315752] The buggy address belongs to the physical page: [ 13.316003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10394f [ 13.316340] flags: 0x200000000000000(node=0|zone=2) [ 13.316904] raw: 0200000000000000 ffffea00040e53c8 ffffea00040e53c8 0000000000000000 [ 13.317317] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.318191] page dumped because: kasan: bad access detected [ 13.318431] [ 13.318661] Memory state around the buggy address: [ 13.319089] ffff88810394fc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.319524] ffff88810394fc80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 13.320069] >ffff88810394fd00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.320553] ^ [ 13.320689] ffff88810394fd80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 13.321186] ffff88810394fe00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.321727] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 13.279381] ================================================================== [ 13.280177] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 13.280491] Read of size 1 at addr ffffffffb7e6ee8d by task kunit_try_catch/270 [ 13.280771] [ 13.280908] CPU: 1 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.280974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.280985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.281006] Call Trace: [ 13.281019] <TASK> [ 13.281038] dump_stack_lvl+0x73/0xb0 [ 13.281067] print_report+0xd1/0x650 [ 13.281089] ? __virt_addr_valid+0x1db/0x2d0 [ 13.281112] ? kasan_global_oob_right+0x286/0x2d0 [ 13.281132] ? kasan_addr_to_slab+0x11/0xa0 [ 13.281152] ? kasan_global_oob_right+0x286/0x2d0 [ 13.281173] kasan_report+0x141/0x180 [ 13.281194] ? kasan_global_oob_right+0x286/0x2d0 [ 13.281219] __asan_report_load1_noabort+0x18/0x20 [ 13.281244] kasan_global_oob_right+0x286/0x2d0 [ 13.281265] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 13.281289] ? __schedule+0x10cc/0x2b60 [ 13.281310] ? __pfx_read_tsc+0x10/0x10 [ 13.281333] ? ktime_get_ts64+0x86/0x230 [ 13.281359] kunit_try_run_case+0x1a5/0x480 [ 13.281383] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.281405] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.281426] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.281448] ? __kthread_parkme+0x82/0x180 [ 13.281542] ? preempt_count_sub+0x50/0x80 [ 13.281567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.281591] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.281612] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.281634] kthread+0x337/0x6f0 [ 13.281653] ? trace_preempt_on+0x20/0xc0 [ 13.281676] ? __pfx_kthread+0x10/0x10 [ 13.281703] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.281724] ? calculate_sigpending+0x7b/0xa0 [ 13.281747] ? __pfx_kthread+0x10/0x10 [ 13.281768] ret_from_fork+0x116/0x1d0 [ 13.281786] ? __pfx_kthread+0x10/0x10 [ 13.281805] ret_from_fork_asm+0x1a/0x30 [ 13.281835] </TASK> [ 13.281847] [ 13.289126] The buggy address belongs to the variable: [ 13.289379] global_array+0xd/0x40 [ 13.289689] [ 13.289804] The buggy address belongs to the physical page: [ 13.290095] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x17326e [ 13.290486] flags: 0x200000000002000(reserved|node=0|zone=2) [ 13.290891] raw: 0200000000002000 ffffea0005cc9b88 ffffea0005cc9b88 0000000000000000 [ 13.291208] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.291571] page dumped because: kasan: bad access detected [ 13.291741] [ 13.291804] Memory state around the buggy address: [ 13.291987] ffffffffb7e6ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.292304] ffffffffb7e6ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.292998] >ffffffffb7e6ee80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 13.293220] ^ [ 13.293369] ffffffffb7e6ef00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 13.293743] ffffffffb7e6ef80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 13.294328] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 13.251784] ================================================================== [ 13.252207] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.252482] Free of addr ffff888103a0c001 by task kunit_try_catch/268 [ 13.252892] [ 13.253453] CPU: 0 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.253508] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.253520] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.253542] Call Trace: [ 13.253555] <TASK> [ 13.253574] dump_stack_lvl+0x73/0xb0 [ 13.253719] print_report+0xd1/0x650 [ 13.253743] ? __virt_addr_valid+0x1db/0x2d0 [ 13.253768] ? kasan_addr_to_slab+0x11/0xa0 [ 13.253789] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.253815] kasan_report_invalid_free+0x10a/0x130 [ 13.253838] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.253865] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.253888] __kasan_mempool_poison_object+0x102/0x1d0 [ 13.253912] mempool_free+0x2ec/0x380 [ 13.253952] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.253977] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.254004] ? __kasan_check_write+0x18/0x20 [ 13.254023] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.254045] ? finish_task_switch.isra.0+0x153/0x700 [ 13.254072] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 13.254096] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 13.254122] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.254144] ? __pfx_mempool_kfree+0x10/0x10 [ 13.254168] ? __pfx_read_tsc+0x10/0x10 [ 13.254189] ? ktime_get_ts64+0x86/0x230 [ 13.254213] kunit_try_run_case+0x1a5/0x480 [ 13.254237] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.254258] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.254280] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.254302] ? __kthread_parkme+0x82/0x180 [ 13.254323] ? preempt_count_sub+0x50/0x80 [ 13.254345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.254368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.254389] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.254515] kthread+0x337/0x6f0 [ 13.254536] ? trace_preempt_on+0x20/0xc0 [ 13.254561] ? __pfx_kthread+0x10/0x10 [ 13.254582] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.254602] ? calculate_sigpending+0x7b/0xa0 [ 13.254627] ? __pfx_kthread+0x10/0x10 [ 13.254648] ret_from_fork+0x116/0x1d0 [ 13.254666] ? __pfx_kthread+0x10/0x10 [ 13.254686] ret_from_fork_asm+0x1a/0x30 [ 13.254717] </TASK> [ 13.254729] [ 13.266274] The buggy address belongs to the physical page: [ 13.266843] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 13.267350] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.267919] flags: 0x200000000000040(head|node=0|zone=2) [ 13.268354] page_type: f8(unknown) [ 13.268663] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.268991] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.269290] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.269916] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.270587] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 13.271113] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.271771] page dumped because: kasan: bad access detected [ 13.272126] [ 13.272220] Memory state around the buggy address: [ 13.272658] ffff888103a0bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.273028] ffff888103a0bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.273310] >ffff888103a0c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.274068] ^ [ 13.274300] ffff888103a0c080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.274874] ffff888103a0c100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.275378] ================================================================== [ 13.211750] ================================================================== [ 13.212165] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.212586] Free of addr ffff8881028e2d01 by task kunit_try_catch/266 [ 13.213669] [ 13.213990] CPU: 1 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.214116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.214131] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.214153] Call Trace: [ 13.214166] <TASK> [ 13.214183] dump_stack_lvl+0x73/0xb0 [ 13.214216] print_report+0xd1/0x650 [ 13.214238] ? __virt_addr_valid+0x1db/0x2d0 [ 13.214262] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.214283] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.214308] kasan_report_invalid_free+0x10a/0x130 [ 13.214332] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.214357] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.214421] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.214445] check_slab_allocation+0x11f/0x130 [ 13.214466] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.214489] mempool_free+0x2ec/0x380 [ 13.214516] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 13.214540] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 13.214565] ? __kasan_check_write+0x18/0x20 [ 13.214584] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.214605] ? irqentry_exit+0x2a/0x60 [ 13.214626] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.214651] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.214673] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.214699] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.214723] ? __pfx_mempool_kfree+0x10/0x10 [ 13.214746] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.214771] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 13.214796] kunit_try_run_case+0x1a5/0x480 [ 13.214821] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.214842] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.214864] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.214885] ? __kthread_parkme+0x82/0x180 [ 13.214906] ? preempt_count_sub+0x50/0x80 [ 13.214942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.214966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.214988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.215009] kthread+0x337/0x6f0 [ 13.215028] ? trace_preempt_on+0x20/0xc0 [ 13.215052] ? __pfx_kthread+0x10/0x10 [ 13.215072] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.215091] ? calculate_sigpending+0x7b/0xa0 [ 13.215115] ? __pfx_kthread+0x10/0x10 [ 13.215136] ret_from_fork+0x116/0x1d0 [ 13.215155] ? __pfx_kthread+0x10/0x10 [ 13.215174] ret_from_fork_asm+0x1a/0x30 [ 13.215205] </TASK> [ 13.215217] [ 13.234443] Allocated by task 266: [ 13.234870] kasan_save_stack+0x45/0x70 [ 13.235168] kasan_save_track+0x18/0x40 [ 13.235370] kasan_save_alloc_info+0x3b/0x50 [ 13.235783] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.236165] remove_element+0x11e/0x190 [ 13.236462] mempool_alloc_preallocated+0x4d/0x90 [ 13.236770] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 13.237415] mempool_kmalloc_invalid_free+0xed/0x140 [ 13.237579] kunit_try_run_case+0x1a5/0x480 [ 13.237879] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.238533] kthread+0x337/0x6f0 [ 13.238827] ret_from_fork+0x116/0x1d0 [ 13.239176] ret_from_fork_asm+0x1a/0x30 [ 13.239545] [ 13.239703] The buggy address belongs to the object at ffff8881028e2d00 [ 13.239703] which belongs to the cache kmalloc-128 of size 128 [ 13.240634] The buggy address is located 1 bytes inside of [ 13.240634] 128-byte region [ffff8881028e2d00, ffff8881028e2d80) [ 13.241530] [ 13.241603] The buggy address belongs to the physical page: [ 13.241776] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 13.242022] flags: 0x200000000000000(node=0|zone=2) [ 13.242189] page_type: f5(slab) [ 13.242307] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.242527] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.242743] page dumped because: kasan: bad access detected [ 13.242904] [ 13.243113] Memory state around the buggy address: [ 13.243560] ffff8881028e2c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.244335] ffff8881028e2c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.245014] >ffff8881028e2d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.245723] ^ [ 13.246057] ffff8881028e2d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.246708] ffff8881028e2e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.247520] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 13.186948] ================================================================== [ 13.187358] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.188491] Free of addr ffff888102bec000 by task kunit_try_catch/264 [ 13.189493] [ 13.189847] CPU: 1 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.189916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.189940] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.189963] Call Trace: [ 13.189977] <TASK> [ 13.189996] dump_stack_lvl+0x73/0xb0 [ 13.190028] print_report+0xd1/0x650 [ 13.190050] ? __virt_addr_valid+0x1db/0x2d0 [ 13.190074] ? kasan_addr_to_slab+0x11/0xa0 [ 13.190094] ? mempool_double_free_helper+0x184/0x370 [ 13.190117] kasan_report_invalid_free+0x10a/0x130 [ 13.190141] ? mempool_double_free_helper+0x184/0x370 [ 13.190166] ? mempool_double_free_helper+0x184/0x370 [ 13.190188] __kasan_mempool_poison_pages+0x115/0x130 [ 13.190212] mempool_free+0x290/0x380 [ 13.190238] mempool_double_free_helper+0x184/0x370 [ 13.190261] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.190284] ? __kasan_check_write+0x18/0x20 [ 13.190303] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.190327] ? finish_task_switch.isra.0+0x153/0x700 [ 13.190353] mempool_page_alloc_double_free+0xe8/0x140 [ 13.190377] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 13.190403] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.190425] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.190449] ? __pfx_read_tsc+0x10/0x10 [ 13.190469] ? ktime_get_ts64+0x86/0x230 [ 13.190494] kunit_try_run_case+0x1a5/0x480 [ 13.190519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.190540] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.190562] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.190583] ? __kthread_parkme+0x82/0x180 [ 13.190603] ? preempt_count_sub+0x50/0x80 [ 13.190625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.190648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.190670] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.190692] kthread+0x337/0x6f0 [ 13.190710] ? trace_preempt_on+0x20/0xc0 [ 13.190734] ? __pfx_kthread+0x10/0x10 [ 13.190753] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.190773] ? calculate_sigpending+0x7b/0xa0 [ 13.190797] ? __pfx_kthread+0x10/0x10 [ 13.190818] ret_from_fork+0x116/0x1d0 [ 13.190835] ? __pfx_kthread+0x10/0x10 [ 13.190854] ret_from_fork_asm+0x1a/0x30 [ 13.190885] </TASK> [ 13.190896] [ 13.201362] The buggy address belongs to the physical page: [ 13.201912] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bec [ 13.202317] flags: 0x200000000000000(node=0|zone=2) [ 13.202558] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.202870] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.203184] page dumped because: kasan: bad access detected [ 13.203420] [ 13.203822] Memory state around the buggy address: [ 13.204029] ffff888102bebf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.204440] ffff888102bebf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.204970] >ffff888102bec000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.205340] ^ [ 13.205459] ffff888102bec080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.205981] ffff888102bec100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.206686] ================================================================== [ 13.157393] ================================================================== [ 13.157808] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.158379] Free of addr ffff888103a0c000 by task kunit_try_catch/262 [ 13.159034] [ 13.159295] CPU: 0 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.159349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.159361] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.159384] Call Trace: [ 13.159398] <TASK> [ 13.159416] dump_stack_lvl+0x73/0xb0 [ 13.159449] print_report+0xd1/0x650 [ 13.159471] ? __virt_addr_valid+0x1db/0x2d0 [ 13.159496] ? kasan_addr_to_slab+0x11/0xa0 [ 13.159517] ? mempool_double_free_helper+0x184/0x370 [ 13.159541] kasan_report_invalid_free+0x10a/0x130 [ 13.159565] ? mempool_double_free_helper+0x184/0x370 [ 13.159647] ? mempool_double_free_helper+0x184/0x370 [ 13.159675] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 13.159711] mempool_free+0x2ec/0x380 [ 13.159738] mempool_double_free_helper+0x184/0x370 [ 13.159761] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.159786] ? __kasan_check_write+0x18/0x20 [ 13.159806] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.159829] ? finish_task_switch.isra.0+0x153/0x700 [ 13.159856] mempool_kmalloc_large_double_free+0xed/0x140 [ 13.159879] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 13.159906] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.159927] ? __pfx_mempool_kfree+0x10/0x10 [ 13.159960] ? __pfx_read_tsc+0x10/0x10 [ 13.159982] ? ktime_get_ts64+0x86/0x230 [ 13.160006] kunit_try_run_case+0x1a5/0x480 [ 13.160030] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.160051] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.160074] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.160096] ? __kthread_parkme+0x82/0x180 [ 13.160116] ? preempt_count_sub+0x50/0x80 [ 13.160138] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.160160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.160182] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.160204] kthread+0x337/0x6f0 [ 13.160224] ? trace_preempt_on+0x20/0xc0 [ 13.160247] ? __pfx_kthread+0x10/0x10 [ 13.160267] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.160287] ? calculate_sigpending+0x7b/0xa0 [ 13.160312] ? __pfx_kthread+0x10/0x10 [ 13.160335] ret_from_fork+0x116/0x1d0 [ 13.160353] ? __pfx_kthread+0x10/0x10 [ 13.160372] ret_from_fork_asm+0x1a/0x30 [ 13.160470] </TASK> [ 13.160484] [ 13.173007] The buggy address belongs to the physical page: [ 13.173201] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a0c [ 13.173447] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.173666] flags: 0x200000000000040(head|node=0|zone=2) [ 13.173848] page_type: f8(unknown) [ 13.174778] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.176555] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.177685] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.178910] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.180144] head: 0200000000000002 ffffea00040e8301 00000000ffffffff 00000000ffffffff [ 13.180530] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.180993] page dumped because: kasan: bad access detected [ 13.181198] [ 13.181279] Memory state around the buggy address: [ 13.181838] ffff888103a0bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.182329] ffff888103a0bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.182721] >ffff888103a0c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183023] ^ [ 13.183191] ffff888103a0c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183546] ffff888103a0c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.183803] ================================================================== [ 13.121001] ================================================================== [ 13.121599] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 13.122078] Free of addr ffff888102a34400 by task kunit_try_catch/260 [ 13.122327] [ 13.122454] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.122532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.122545] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.122568] Call Trace: [ 13.122583] <TASK> [ 13.122602] dump_stack_lvl+0x73/0xb0 [ 13.122636] print_report+0xd1/0x650 [ 13.122734] ? __virt_addr_valid+0x1db/0x2d0 [ 13.122769] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.122793] ? mempool_double_free_helper+0x184/0x370 [ 13.122816] kasan_report_invalid_free+0x10a/0x130 [ 13.122840] ? mempool_double_free_helper+0x184/0x370 [ 13.122865] ? mempool_double_free_helper+0x184/0x370 [ 13.122887] ? mempool_double_free_helper+0x184/0x370 [ 13.122909] check_slab_allocation+0x101/0x130 [ 13.122986] __kasan_mempool_poison_object+0x91/0x1d0 [ 13.123014] mempool_free+0x2ec/0x380 [ 13.123044] mempool_double_free_helper+0x184/0x370 [ 13.123067] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 13.123123] ? __kasan_check_write+0x18/0x20 [ 13.123147] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.123169] ? irqentry_exit+0x2a/0x60 [ 13.123192] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 13.123217] mempool_kmalloc_double_free+0xed/0x140 [ 13.123240] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.123265] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.123288] ? __pfx_mempool_kfree+0x10/0x10 [ 13.123311] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.123336] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 13.123361] kunit_try_run_case+0x1a5/0x480 [ 13.123386] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.123456] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.123479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.123501] ? __kthread_parkme+0x82/0x180 [ 13.123523] ? preempt_count_sub+0x50/0x80 [ 13.123547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.123570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.123593] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.123614] kthread+0x337/0x6f0 [ 13.123634] ? trace_preempt_on+0x20/0xc0 [ 13.123658] ? __pfx_kthread+0x10/0x10 [ 13.123678] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.123698] ? calculate_sigpending+0x7b/0xa0 [ 13.123723] ? __pfx_kthread+0x10/0x10 [ 13.123744] ret_from_fork+0x116/0x1d0 [ 13.123763] ? __pfx_kthread+0x10/0x10 [ 13.123783] ret_from_fork_asm+0x1a/0x30 [ 13.123814] </TASK> [ 13.123828] [ 13.138719] Allocated by task 260: [ 13.138989] kasan_save_stack+0x45/0x70 [ 13.139182] kasan_save_track+0x18/0x40 [ 13.139352] kasan_save_alloc_info+0x3b/0x50 [ 13.139896] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 13.140169] remove_element+0x11e/0x190 [ 13.140355] mempool_alloc_preallocated+0x4d/0x90 [ 13.140617] mempool_double_free_helper+0x8a/0x370 [ 13.140828] mempool_kmalloc_double_free+0xed/0x140 [ 13.141047] kunit_try_run_case+0x1a5/0x480 [ 13.141222] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.141948] kthread+0x337/0x6f0 [ 13.142250] ret_from_fork+0x116/0x1d0 [ 13.142538] ret_from_fork_asm+0x1a/0x30 [ 13.142717] [ 13.142800] Freed by task 260: [ 13.142944] kasan_save_stack+0x45/0x70 [ 13.143113] kasan_save_track+0x18/0x40 [ 13.143278] kasan_save_free_info+0x3f/0x60 [ 13.143504] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.143721] mempool_free+0x2ec/0x380 [ 13.143883] mempool_double_free_helper+0x109/0x370 [ 13.144092] mempool_kmalloc_double_free+0xed/0x140 [ 13.144296] kunit_try_run_case+0x1a5/0x480 [ 13.145163] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.145385] kthread+0x337/0x6f0 [ 13.145503] ret_from_fork+0x116/0x1d0 [ 13.145803] ret_from_fork_asm+0x1a/0x30 [ 13.145998] [ 13.146084] The buggy address belongs to the object at ffff888102a34400 [ 13.146084] which belongs to the cache kmalloc-128 of size 128 [ 13.146757] The buggy address is located 0 bytes inside of [ 13.146757] 128-byte region [ffff888102a34400, ffff888102a34480) [ 13.147221] [ 13.147302] The buggy address belongs to the physical page: [ 13.147747] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a34 [ 13.148077] flags: 0x200000000000000(node=0|zone=2) [ 13.148287] page_type: f5(slab) [ 13.148485] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.148786] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.149094] page dumped because: kasan: bad access detected [ 13.149317] [ 13.150169] Memory state around the buggy address: [ 13.150373] ffff888102a34300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.150586] ffff888102a34380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.150793] >ffff888102a34400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.151269] ^ [ 13.151443] ffff888102a34480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.151814] ffff888102a34500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.152248] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 13.087823] ================================================================== [ 13.088230] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.088461] Read of size 1 at addr ffff888102be8000 by task kunit_try_catch/258 [ 13.088674] [ 13.088758] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.088805] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.088817] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.088838] Call Trace: [ 13.088850] <TASK> [ 13.088868] dump_stack_lvl+0x73/0xb0 [ 13.088894] print_report+0xd1/0x650 [ 13.088916] ? __virt_addr_valid+0x1db/0x2d0 [ 13.089346] ? mempool_uaf_helper+0x392/0x400 [ 13.089613] ? kasan_addr_to_slab+0x11/0xa0 [ 13.089647] ? mempool_uaf_helper+0x392/0x400 [ 13.089671] kasan_report+0x141/0x180 [ 13.089701] ? mempool_uaf_helper+0x392/0x400 [ 13.089730] __asan_report_load1_noabort+0x18/0x20 [ 13.089757] mempool_uaf_helper+0x392/0x400 [ 13.089781] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.089811] mempool_page_alloc_uaf+0xed/0x140 [ 13.089835] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 13.089862] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 13.089887] ? __pfx_mempool_free_pages+0x10/0x10 [ 13.089912] ? __pfx_read_tsc+0x10/0x10 [ 13.089946] ? ktime_get_ts64+0x86/0x230 [ 13.089971] kunit_try_run_case+0x1a5/0x480 [ 13.089995] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.090016] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.090039] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.090061] ? __kthread_parkme+0x82/0x180 [ 13.090081] ? preempt_count_sub+0x50/0x80 [ 13.090104] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.090126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.090148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.090170] kthread+0x337/0x6f0 [ 13.090189] ? trace_preempt_on+0x20/0xc0 [ 13.090212] ? __pfx_kthread+0x10/0x10 [ 13.090232] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.090252] ? calculate_sigpending+0x7b/0xa0 [ 13.090276] ? __pfx_kthread+0x10/0x10 [ 13.090297] ret_from_fork+0x116/0x1d0 [ 13.090315] ? __pfx_kthread+0x10/0x10 [ 13.090335] ret_from_fork_asm+0x1a/0x30 [ 13.090365] </TASK> [ 13.090400] [ 13.108203] The buggy address belongs to the physical page: [ 13.108710] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 13.109042] flags: 0x200000000000000(node=0|zone=2) [ 13.109224] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 13.109642] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 13.109957] page dumped because: kasan: bad access detected [ 13.110310] [ 13.110443] Memory state around the buggy address: [ 13.110624] ffff888102be7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.111033] ffff888102be7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.111281] >ffff888102be8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.111700] ^ [ 13.111871] ffff888102be8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.112169] ffff888102be8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.112557] ================================================================== [ 13.011913] ================================================================== [ 13.012331] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.012568] Read of size 1 at addr ffff888102be8000 by task kunit_try_catch/254 [ 13.012782] [ 13.012867] CPU: 1 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.012916] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.012928] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.012961] Call Trace: [ 13.012973] <TASK> [ 13.012991] dump_stack_lvl+0x73/0xb0 [ 13.013022] print_report+0xd1/0x650 [ 13.013044] ? __virt_addr_valid+0x1db/0x2d0 [ 13.013067] ? mempool_uaf_helper+0x392/0x400 [ 13.013089] ? kasan_addr_to_slab+0x11/0xa0 [ 13.013109] ? mempool_uaf_helper+0x392/0x400 [ 13.013130] kasan_report+0x141/0x180 [ 13.013151] ? mempool_uaf_helper+0x392/0x400 [ 13.013177] __asan_report_load1_noabort+0x18/0x20 [ 13.013200] mempool_uaf_helper+0x392/0x400 [ 13.013222] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.013242] ? update_load_avg+0x1be/0x21b0 [ 13.013269] ? finish_task_switch.isra.0+0x153/0x700 [ 13.013295] mempool_kmalloc_large_uaf+0xef/0x140 [ 13.013317] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 13.013342] ? __pfx_mempool_kmalloc+0x10/0x10 [ 13.013366] ? __pfx_mempool_kfree+0x10/0x10 [ 13.013390] ? __pfx_read_tsc+0x10/0x10 [ 13.013411] ? ktime_get_ts64+0x86/0x230 [ 13.013435] kunit_try_run_case+0x1a5/0x480 [ 13.013461] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.013481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.013504] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.013525] ? __kthread_parkme+0x82/0x180 [ 13.013545] ? preempt_count_sub+0x50/0x80 [ 13.013567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.013590] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.013611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.013633] kthread+0x337/0x6f0 [ 13.013651] ? trace_preempt_on+0x20/0xc0 [ 13.013675] ? __pfx_kthread+0x10/0x10 [ 13.013701] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.013720] ? calculate_sigpending+0x7b/0xa0 [ 13.013744] ? __pfx_kthread+0x10/0x10 [ 13.013764] ret_from_fork+0x116/0x1d0 [ 13.013782] ? __pfx_kthread+0x10/0x10 [ 13.013801] ret_from_fork_asm+0x1a/0x30 [ 13.013832] </TASK> [ 13.013843] [ 13.034946] The buggy address belongs to the physical page: [ 13.035160] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 13.035412] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 13.035755] flags: 0x200000000000040(head|node=0|zone=2) [ 13.036019] page_type: f8(unknown) [ 13.036195] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.036416] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.036755] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 13.037331] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 13.037737] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 13.038077] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 13.038382] page dumped because: kasan: bad access detected [ 13.038603] [ 13.038676] Memory state around the buggy address: [ 13.038882] ffff888102be7f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.039181] ffff888102be7f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.039976] >ffff888102be8000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.040324] ^ [ 13.040486] ffff888102be8080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.041003] ffff888102be8100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 13.041373] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 13.046252] ================================================================== [ 13.047316] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 13.048079] Read of size 1 at addr ffff888102a37240 by task kunit_try_catch/256 [ 13.048309] [ 13.048398] CPU: 0 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 13.048450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.048462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.048484] Call Trace: [ 13.048497] <TASK> [ 13.048518] dump_stack_lvl+0x73/0xb0 [ 13.048551] print_report+0xd1/0x650 [ 13.048575] ? __virt_addr_valid+0x1db/0x2d0 [ 13.048600] ? mempool_uaf_helper+0x392/0x400 [ 13.048621] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.048642] ? mempool_uaf_helper+0x392/0x400 [ 13.048664] kasan_report+0x141/0x180 [ 13.048704] ? mempool_uaf_helper+0x392/0x400 [ 13.048730] __asan_report_load1_noabort+0x18/0x20 [ 13.048767] mempool_uaf_helper+0x392/0x400 [ 13.048789] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 13.048813] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.048848] ? finish_task_switch.isra.0+0x153/0x700 [ 13.048875] mempool_slab_uaf+0xea/0x140 [ 13.048897] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 13.048939] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 13.048965] ? __pfx_mempool_free_slab+0x10/0x10 [ 13.049001] ? __pfx_read_tsc+0x10/0x10 [ 13.049025] ? ktime_get_ts64+0x86/0x230 [ 13.049049] kunit_try_run_case+0x1a5/0x480 [ 13.049087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.049108] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.049131] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.049163] ? __kthread_parkme+0x82/0x180 [ 13.049185] ? preempt_count_sub+0x50/0x80 [ 13.049207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.049241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.049265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.049288] kthread+0x337/0x6f0 [ 13.049307] ? trace_preempt_on+0x20/0xc0 [ 13.049331] ? __pfx_kthread+0x10/0x10 [ 13.049353] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.049373] ? calculate_sigpending+0x7b/0xa0 [ 13.049463] ? __pfx_kthread+0x10/0x10 [ 13.049489] ret_from_fork+0x116/0x1d0 [ 13.049508] ? __pfx_kthread+0x10/0x10 [ 13.049529] ret_from_fork_asm+0x1a/0x30 [ 13.049561] </TASK> [ 13.049572] [ 13.062759] Allocated by task 256: [ 13.063129] kasan_save_stack+0x45/0x70 [ 13.063599] kasan_save_track+0x18/0x40 [ 13.063742] kasan_save_alloc_info+0x3b/0x50 [ 13.063993] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 13.064522] remove_element+0x11e/0x190 [ 13.064921] mempool_alloc_preallocated+0x4d/0x90 [ 13.065095] mempool_uaf_helper+0x96/0x400 [ 13.065230] mempool_slab_uaf+0xea/0x140 [ 13.065362] kunit_try_run_case+0x1a5/0x480 [ 13.065806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.066308] kthread+0x337/0x6f0 [ 13.066817] ret_from_fork+0x116/0x1d0 [ 13.067198] ret_from_fork_asm+0x1a/0x30 [ 13.067597] [ 13.067859] Freed by task 256: [ 13.068172] kasan_save_stack+0x45/0x70 [ 13.068304] kasan_save_track+0x18/0x40 [ 13.068485] kasan_save_free_info+0x3f/0x60 [ 13.068889] __kasan_mempool_poison_object+0x131/0x1d0 [ 13.069351] mempool_free+0x2ec/0x380 [ 13.069793] mempool_uaf_helper+0x11a/0x400 [ 13.070106] mempool_slab_uaf+0xea/0x140 [ 13.070332] kunit_try_run_case+0x1a5/0x480 [ 13.070807] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.071044] kthread+0x337/0x6f0 [ 13.071365] ret_from_fork+0x116/0x1d0 [ 13.071807] ret_from_fork_asm+0x1a/0x30 [ 13.071967] [ 13.072036] The buggy address belongs to the object at ffff888102a37240 [ 13.072036] which belongs to the cache test_cache of size 123 [ 13.072382] The buggy address is located 0 bytes inside of [ 13.072382] freed 123-byte region [ffff888102a37240, ffff888102a372bb) [ 13.072782] [ 13.072872] The buggy address belongs to the physical page: [ 13.073131] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a37 [ 13.073537] flags: 0x200000000000000(node=0|zone=2) [ 13.073747] page_type: f5(slab) [ 13.073920] raw: 0200000000000000 ffff888101d34a00 dead000000000122 0000000000000000 [ 13.074217] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 13.074635] page dumped because: kasan: bad access detected [ 13.075151] [ 13.075226] Memory state around the buggy address: [ 13.075891] ffff888102a37100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.076220] ffff888102a37180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.076730] >ffff888102a37200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 13.077156] ^ [ 13.077665] ffff888102a37280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.077985] ffff888102a37300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.078289] ================================================================== [ 12.978540] ================================================================== [ 12.979007] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.979415] Read of size 1 at addr ffff888102a34000 by task kunit_try_catch/252 [ 12.979729] [ 12.979823] CPU: 0 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.979875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.980330] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.980359] Call Trace: [ 12.980372] <TASK> [ 12.980393] dump_stack_lvl+0x73/0xb0 [ 12.980447] print_report+0xd1/0x650 [ 12.980487] ? __virt_addr_valid+0x1db/0x2d0 [ 12.980512] ? mempool_uaf_helper+0x392/0x400 [ 12.980533] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.980555] ? mempool_uaf_helper+0x392/0x400 [ 12.980576] kasan_report+0x141/0x180 [ 12.980597] ? mempool_uaf_helper+0x392/0x400 [ 12.980623] __asan_report_load1_noabort+0x18/0x20 [ 12.980648] mempool_uaf_helper+0x392/0x400 [ 12.980670] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.980693] ? __kasan_check_write+0x18/0x20 [ 12.980713] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.980736] ? finish_task_switch.isra.0+0x153/0x700 [ 12.980764] mempool_kmalloc_uaf+0xef/0x140 [ 12.980785] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.980809] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.980833] ? __pfx_mempool_kfree+0x10/0x10 [ 12.980858] ? __pfx_read_tsc+0x10/0x10 [ 12.980880] ? ktime_get_ts64+0x86/0x230 [ 12.980906] kunit_try_run_case+0x1a5/0x480 [ 12.980943] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.980965] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.980988] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.981010] ? __kthread_parkme+0x82/0x180 [ 12.981031] ? preempt_count_sub+0x50/0x80 [ 12.981053] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.981076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.981099] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.981121] kthread+0x337/0x6f0 [ 12.981140] ? trace_preempt_on+0x20/0xc0 [ 12.981164] ? __pfx_kthread+0x10/0x10 [ 12.981186] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.981205] ? calculate_sigpending+0x7b/0xa0 [ 12.981230] ? __pfx_kthread+0x10/0x10 [ 12.981251] ret_from_fork+0x116/0x1d0 [ 12.981270] ? __pfx_kthread+0x10/0x10 [ 12.981291] ret_from_fork_asm+0x1a/0x30 [ 12.981322] </TASK> [ 12.981334] [ 12.992083] Allocated by task 252: [ 12.992223] kasan_save_stack+0x45/0x70 [ 12.992382] kasan_save_track+0x18/0x40 [ 12.992513] kasan_save_alloc_info+0x3b/0x50 [ 12.992657] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.992822] remove_element+0x11e/0x190 [ 12.993076] mempool_alloc_preallocated+0x4d/0x90 [ 12.993271] mempool_uaf_helper+0x96/0x400 [ 12.993705] mempool_kmalloc_uaf+0xef/0x140 [ 12.993998] kunit_try_run_case+0x1a5/0x480 [ 12.994206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.994747] kthread+0x337/0x6f0 [ 12.995014] ret_from_fork+0x116/0x1d0 [ 12.995158] ret_from_fork_asm+0x1a/0x30 [ 12.995329] [ 12.995826] Freed by task 252: [ 12.996128] kasan_save_stack+0x45/0x70 [ 12.996573] kasan_save_track+0x18/0x40 [ 12.996738] kasan_save_free_info+0x3f/0x60 [ 12.996967] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.997479] mempool_free+0x2ec/0x380 [ 12.997792] mempool_uaf_helper+0x11a/0x400 [ 12.997940] mempool_kmalloc_uaf+0xef/0x140 [ 12.998076] kunit_try_run_case+0x1a5/0x480 [ 12.998212] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.998433] kthread+0x337/0x6f0 [ 12.998761] ret_from_fork+0x116/0x1d0 [ 12.999129] ret_from_fork_asm+0x1a/0x30 [ 12.999547] [ 12.999707] The buggy address belongs to the object at ffff888102a34000 [ 12.999707] which belongs to the cache kmalloc-128 of size 128 [ 13.001021] The buggy address is located 0 bytes inside of [ 13.001021] freed 128-byte region [ffff888102a34000, ffff888102a34080) [ 13.001999] [ 13.002190] The buggy address belongs to the physical page: [ 13.002562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a34 [ 13.002803] flags: 0x200000000000000(node=0|zone=2) [ 13.002978] page_type: f5(slab) [ 13.003097] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 13.003319] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 13.003563] page dumped because: kasan: bad access detected [ 13.003859] [ 13.004028] Memory state around the buggy address: [ 13.004876] ffff888102a33f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.005248] ffff888102a33f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.005922] >ffff888102a34000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 13.006336] ^ [ 13.006459] ffff888102a34080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.007133] ffff888102a34100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.007679] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 12.893286] ================================================================== [ 12.893894] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.894277] Read of size 1 at addr ffff8881028e2973 by task kunit_try_catch/246 [ 12.894572] [ 12.894663] CPU: 1 UID: 0 PID: 246 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.894715] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.894727] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.894762] Call Trace: [ 12.894786] <TASK> [ 12.894807] dump_stack_lvl+0x73/0xb0 [ 12.894840] print_report+0xd1/0x650 [ 12.894862] ? __virt_addr_valid+0x1db/0x2d0 [ 12.894889] ? mempool_oob_right_helper+0x318/0x380 [ 12.894913] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.894947] ? mempool_oob_right_helper+0x318/0x380 [ 12.894971] kasan_report+0x141/0x180 [ 12.894992] ? mempool_oob_right_helper+0x318/0x380 [ 12.895019] __asan_report_load1_noabort+0x18/0x20 [ 12.895043] mempool_oob_right_helper+0x318/0x380 [ 12.895066] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.895088] ? update_load_avg+0x1be/0x21b0 [ 12.895113] ? dequeue_entities+0x27e/0x1740 [ 12.895138] ? finish_task_switch.isra.0+0x153/0x700 [ 12.895164] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.895187] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 12.895212] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.895238] ? __pfx_mempool_kfree+0x10/0x10 [ 12.895263] ? __pfx_read_tsc+0x10/0x10 [ 12.895285] ? ktime_get_ts64+0x86/0x230 [ 12.895310] kunit_try_run_case+0x1a5/0x480 [ 12.895337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.895358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.895382] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.895404] ? __kthread_parkme+0x82/0x180 [ 12.895501] ? preempt_count_sub+0x50/0x80 [ 12.895528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.895552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.895575] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.895597] kthread+0x337/0x6f0 [ 12.895617] ? trace_preempt_on+0x20/0xc0 [ 12.895642] ? __pfx_kthread+0x10/0x10 [ 12.895663] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.895683] ? calculate_sigpending+0x7b/0xa0 [ 12.895708] ? __pfx_kthread+0x10/0x10 [ 12.895729] ret_from_fork+0x116/0x1d0 [ 12.895748] ? __pfx_kthread+0x10/0x10 [ 12.895768] ret_from_fork_asm+0x1a/0x30 [ 12.895800] </TASK> [ 12.895812] [ 12.905009] Allocated by task 246: [ 12.905150] kasan_save_stack+0x45/0x70 [ 12.905299] kasan_save_track+0x18/0x40 [ 12.905424] kasan_save_alloc_info+0x3b/0x50 [ 12.905563] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.905730] remove_element+0x11e/0x190 [ 12.905862] mempool_alloc_preallocated+0x4d/0x90 [ 12.906044] mempool_oob_right_helper+0x8a/0x380 [ 12.906191] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.906337] kunit_try_run_case+0x1a5/0x480 [ 12.906593] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.906767] kthread+0x337/0x6f0 [ 12.906885] ret_from_fork+0x116/0x1d0 [ 12.907047] ret_from_fork_asm+0x1a/0x30 [ 12.907235] [ 12.907327] The buggy address belongs to the object at ffff8881028e2900 [ 12.907327] which belongs to the cache kmalloc-128 of size 128 [ 12.907989] The buggy address is located 0 bytes to the right of [ 12.907989] allocated 115-byte region [ffff8881028e2900, ffff8881028e2973) [ 12.908343] [ 12.908410] The buggy address belongs to the physical page: [ 12.910082] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 12.910321] flags: 0x200000000000000(node=0|zone=2) [ 12.910483] page_type: f5(slab) [ 12.910647] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.911479] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.911833] page dumped because: kasan: bad access detected [ 12.912046] [ 12.912112] Memory state around the buggy address: [ 12.912263] ffff8881028e2800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.912496] ffff8881028e2880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.912776] >ffff8881028e2900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.912990] ^ [ 12.913263] ffff8881028e2980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.913470] ffff8881028e2a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.913672] ================================================================== [ 12.945020] ================================================================== [ 12.945671] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.946053] Read of size 1 at addr ffff8881028da2bb by task kunit_try_catch/250 [ 12.946784] [ 12.946886] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.946950] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.946961] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.946983] Call Trace: [ 12.946996] <TASK> [ 12.947013] dump_stack_lvl+0x73/0xb0 [ 12.947045] print_report+0xd1/0x650 [ 12.947068] ? __virt_addr_valid+0x1db/0x2d0 [ 12.947092] ? mempool_oob_right_helper+0x318/0x380 [ 12.947116] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.947138] ? mempool_oob_right_helper+0x318/0x380 [ 12.947160] kasan_report+0x141/0x180 [ 12.947182] ? mempool_oob_right_helper+0x318/0x380 [ 12.947209] __asan_report_load1_noabort+0x18/0x20 [ 12.947233] mempool_oob_right_helper+0x318/0x380 [ 12.947256] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.947281] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.947304] ? finish_task_switch.isra.0+0x153/0x700 [ 12.947330] mempool_slab_oob_right+0xed/0x140 [ 12.947353] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.947380] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.947404] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.947429] ? __pfx_read_tsc+0x10/0x10 [ 12.947450] ? ktime_get_ts64+0x86/0x230 [ 12.947474] kunit_try_run_case+0x1a5/0x480 [ 12.947499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.947521] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.947543] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.947565] ? __kthread_parkme+0x82/0x180 [ 12.947585] ? preempt_count_sub+0x50/0x80 [ 12.947608] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.947631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.947652] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.947675] kthread+0x337/0x6f0 [ 12.947696] ? trace_preempt_on+0x20/0xc0 [ 12.947720] ? __pfx_kthread+0x10/0x10 [ 12.947740] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.947760] ? calculate_sigpending+0x7b/0xa0 [ 12.947784] ? __pfx_kthread+0x10/0x10 [ 12.947806] ret_from_fork+0x116/0x1d0 [ 12.947825] ? __pfx_kthread+0x10/0x10 [ 12.947844] ret_from_fork_asm+0x1a/0x30 [ 12.947875] </TASK> [ 12.947886] [ 12.959529] Allocated by task 250: [ 12.959709] kasan_save_stack+0x45/0x70 [ 12.959901] kasan_save_track+0x18/0x40 [ 12.960086] kasan_save_alloc_info+0x3b/0x50 [ 12.960278] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.960711] remove_element+0x11e/0x190 [ 12.960897] mempool_alloc_preallocated+0x4d/0x90 [ 12.961109] mempool_oob_right_helper+0x8a/0x380 [ 12.961306] mempool_slab_oob_right+0xed/0x140 [ 12.962173] kunit_try_run_case+0x1a5/0x480 [ 12.962393] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.962563] kthread+0x337/0x6f0 [ 12.962980] ret_from_fork+0x116/0x1d0 [ 12.963160] ret_from_fork_asm+0x1a/0x30 [ 12.963333] [ 12.963487] The buggy address belongs to the object at ffff8881028da240 [ 12.963487] which belongs to the cache test_cache of size 123 [ 12.963979] The buggy address is located 0 bytes to the right of [ 12.963979] allocated 123-byte region [ffff8881028da240, ffff8881028da2bb) [ 12.964633] [ 12.964728] The buggy address belongs to the physical page: [ 12.964958] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028da [ 12.965265] flags: 0x200000000000000(node=0|zone=2) [ 12.965557] page_type: f5(slab) [ 12.966380] raw: 0200000000000000 ffff888101894780 dead000000000122 0000000000000000 [ 12.966751] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.966991] page dumped because: kasan: bad access detected [ 12.967171] [ 12.967258] Memory state around the buggy address: [ 12.967478] ffff8881028da180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.967719] ffff8881028da200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 12.967996] >ffff8881028da280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 12.968346] ^ [ 12.968730] ffff8881028da300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.969025] ffff8881028da380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.969334] ================================================================== [ 12.921693] ================================================================== [ 12.922225] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.922656] Read of size 1 at addr ffff888102bea001 by task kunit_try_catch/248 [ 12.922978] [ 12.923102] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.923153] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.923165] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.923186] Call Trace: [ 12.923200] <TASK> [ 12.923219] dump_stack_lvl+0x73/0xb0 [ 12.923252] print_report+0xd1/0x650 [ 12.923276] ? __virt_addr_valid+0x1db/0x2d0 [ 12.923299] ? mempool_oob_right_helper+0x318/0x380 [ 12.923344] ? kasan_addr_to_slab+0x11/0xa0 [ 12.923365] ? mempool_oob_right_helper+0x318/0x380 [ 12.923388] kasan_report+0x141/0x180 [ 12.923469] ? mempool_oob_right_helper+0x318/0x380 [ 12.923499] __asan_report_load1_noabort+0x18/0x20 [ 12.923524] mempool_oob_right_helper+0x318/0x380 [ 12.923573] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.923599] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.923624] ? finish_task_switch.isra.0+0x153/0x700 [ 12.923652] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 12.923675] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.923702] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.923726] ? __pfx_mempool_kfree+0x10/0x10 [ 12.923750] ? __pfx_read_tsc+0x10/0x10 [ 12.923772] ? ktime_get_ts64+0x86/0x230 [ 12.923797] kunit_try_run_case+0x1a5/0x480 [ 12.923822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.923844] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.923866] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.923889] ? __kthread_parkme+0x82/0x180 [ 12.923966] ? preempt_count_sub+0x50/0x80 [ 12.923989] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.924012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.924035] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.924057] kthread+0x337/0x6f0 [ 12.924076] ? trace_preempt_on+0x20/0xc0 [ 12.924101] ? __pfx_kthread+0x10/0x10 [ 12.924121] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.924162] ? calculate_sigpending+0x7b/0xa0 [ 12.924188] ? __pfx_kthread+0x10/0x10 [ 12.924209] ret_from_fork+0x116/0x1d0 [ 12.924228] ? __pfx_kthread+0x10/0x10 [ 12.924248] ret_from_fork_asm+0x1a/0x30 [ 12.924279] </TASK> [ 12.924292] [ 12.933122] The buggy address belongs to the physical page: [ 12.933464] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102be8 [ 12.934032] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.934306] flags: 0x200000000000040(head|node=0|zone=2) [ 12.934575] page_type: f8(unknown) [ 12.934863] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.935187] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.935684] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.936019] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 12.936245] head: 0200000000000002 ffffea00040afa01 00000000ffffffff 00000000ffffffff [ 12.936800] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.937193] page dumped because: kasan: bad access detected [ 12.937476] [ 12.937699] Memory state around the buggy address: [ 12.937873] ffff888102be9f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.938252] ffff888102be9f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.938499] >ffff888102bea000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.939068] ^ [ 12.939276] ffff888102bea080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.939601] ffff888102bea100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.940033] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 12.324698] ================================================================== [ 12.325234] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 12.325651] Read of size 1 at addr ffff888101d34780 by task kunit_try_catch/240 [ 12.326783] [ 12.327213] CPU: 0 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.327381] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.327461] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.327486] Call Trace: [ 12.327500] <TASK> [ 12.327522] dump_stack_lvl+0x73/0xb0 [ 12.327560] print_report+0xd1/0x650 [ 12.327585] ? __virt_addr_valid+0x1db/0x2d0 [ 12.327610] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.327633] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.327655] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.327679] kasan_report+0x141/0x180 [ 12.327699] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.327725] ? kmem_cache_double_destroy+0x1bf/0x380 [ 12.327749] __kasan_check_byte+0x3d/0x50 [ 12.327770] kmem_cache_destroy+0x25/0x1d0 [ 12.327793] kmem_cache_double_destroy+0x1bf/0x380 [ 12.327815] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 12.327838] ? finish_task_switch.isra.0+0x153/0x700 [ 12.327860] ? __switch_to+0x47/0xf50 [ 12.327889] ? __pfx_read_tsc+0x10/0x10 [ 12.327911] ? ktime_get_ts64+0x86/0x230 [ 12.327949] kunit_try_run_case+0x1a5/0x480 [ 12.327976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.327997] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.328019] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.328040] ? __kthread_parkme+0x82/0x180 [ 12.328060] ? preempt_count_sub+0x50/0x80 [ 12.328082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.328104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.328126] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.328148] kthread+0x337/0x6f0 [ 12.328166] ? trace_preempt_on+0x20/0xc0 [ 12.328191] ? __pfx_kthread+0x10/0x10 [ 12.328211] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.328231] ? calculate_sigpending+0x7b/0xa0 [ 12.328255] ? __pfx_kthread+0x10/0x10 [ 12.328275] ret_from_fork+0x116/0x1d0 [ 12.328293] ? __pfx_kthread+0x10/0x10 [ 12.328312] ret_from_fork_asm+0x1a/0x30 [ 12.328343] </TASK> [ 12.328354] [ 12.339183] Allocated by task 240: [ 12.339548] kasan_save_stack+0x45/0x70 [ 12.339758] kasan_save_track+0x18/0x40 [ 12.339941] kasan_save_alloc_info+0x3b/0x50 [ 12.340120] __kasan_slab_alloc+0x91/0xa0 [ 12.340308] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.340724] __kmem_cache_create_args+0x169/0x240 [ 12.340915] kmem_cache_double_destroy+0xd5/0x380 [ 12.341186] kunit_try_run_case+0x1a5/0x480 [ 12.341344] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.341509] kthread+0x337/0x6f0 [ 12.341659] ret_from_fork+0x116/0x1d0 [ 12.341980] ret_from_fork_asm+0x1a/0x30 [ 12.342282] [ 12.342372] Freed by task 240: [ 12.342537] kasan_save_stack+0x45/0x70 [ 12.342781] kasan_save_track+0x18/0x40 [ 12.342915] kasan_save_free_info+0x3f/0x60 [ 12.343171] __kasan_slab_free+0x56/0x70 [ 12.343360] kmem_cache_free+0x249/0x420 [ 12.343622] slab_kmem_cache_release+0x2e/0x40 [ 12.343920] kmem_cache_release+0x16/0x20 [ 12.344146] kobject_put+0x181/0x450 [ 12.344313] sysfs_slab_release+0x16/0x20 [ 12.344655] kmem_cache_destroy+0xf0/0x1d0 [ 12.344813] kmem_cache_double_destroy+0x14e/0x380 [ 12.344986] kunit_try_run_case+0x1a5/0x480 [ 12.345191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.345759] kthread+0x337/0x6f0 [ 12.345969] ret_from_fork+0x116/0x1d0 [ 12.346180] ret_from_fork_asm+0x1a/0x30 [ 12.346316] [ 12.346495] The buggy address belongs to the object at ffff888101d34780 [ 12.346495] which belongs to the cache kmem_cache of size 208 [ 12.347024] The buggy address is located 0 bytes inside of [ 12.347024] freed 208-byte region [ffff888101d34780, ffff888101d34850) [ 12.347708] [ 12.347809] The buggy address belongs to the physical page: [ 12.348097] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101d34 [ 12.348680] flags: 0x200000000000000(node=0|zone=2) [ 12.349062] page_type: f5(slab) [ 12.349241] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 12.349801] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.350112] page dumped because: kasan: bad access detected [ 12.350356] [ 12.350538] Memory state around the buggy address: [ 12.350741] ffff888101d34680: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.351096] ffff888101d34700: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.351552] >ffff888101d34780: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.351824] ^ [ 12.352002] ffff888101d34800: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.352300] ffff888101d34880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.352682] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 12.271584] ================================================================== [ 12.272125] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.272777] Read of size 1 at addr ffff8881028d3000 by task kunit_try_catch/238 [ 12.273090] [ 12.273199] CPU: 1 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.273504] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.273518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.273561] Call Trace: [ 12.273577] <TASK> [ 12.273612] dump_stack_lvl+0x73/0xb0 [ 12.273647] print_report+0xd1/0x650 [ 12.273672] ? __virt_addr_valid+0x1db/0x2d0 [ 12.273705] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.273728] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.273750] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.273773] kasan_report+0x141/0x180 [ 12.273794] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.273820] __asan_report_load1_noabort+0x18/0x20 [ 12.273843] kmem_cache_rcu_uaf+0x3e3/0x510 [ 12.273866] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 12.273889] ? finish_task_switch.isra.0+0x153/0x700 [ 12.273911] ? __switch_to+0x47/0xf50 [ 12.273952] ? __pfx_read_tsc+0x10/0x10 [ 12.273974] ? ktime_get_ts64+0x86/0x230 [ 12.274001] kunit_try_run_case+0x1a5/0x480 [ 12.274026] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.274047] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.274072] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.274094] ? __kthread_parkme+0x82/0x180 [ 12.274115] ? preempt_count_sub+0x50/0x80 [ 12.274137] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.274159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.274194] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.274217] kthread+0x337/0x6f0 [ 12.274236] ? trace_preempt_on+0x20/0xc0 [ 12.274260] ? __pfx_kthread+0x10/0x10 [ 12.274281] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.274301] ? calculate_sigpending+0x7b/0xa0 [ 12.274325] ? __pfx_kthread+0x10/0x10 [ 12.274345] ret_from_fork+0x116/0x1d0 [ 12.274363] ? __pfx_kthread+0x10/0x10 [ 12.274383] ret_from_fork_asm+0x1a/0x30 [ 12.274414] </TASK> [ 12.274425] [ 12.282298] Allocated by task 238: [ 12.282523] kasan_save_stack+0x45/0x70 [ 12.283008] kasan_save_track+0x18/0x40 [ 12.283235] kasan_save_alloc_info+0x3b/0x50 [ 12.283446] __kasan_slab_alloc+0x91/0xa0 [ 12.283755] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.283941] kmem_cache_rcu_uaf+0x155/0x510 [ 12.284135] kunit_try_run_case+0x1a5/0x480 [ 12.284283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.284651] kthread+0x337/0x6f0 [ 12.284879] ret_from_fork+0x116/0x1d0 [ 12.285122] ret_from_fork_asm+0x1a/0x30 [ 12.285253] [ 12.285316] Freed by task 0: [ 12.285415] kasan_save_stack+0x45/0x70 [ 12.285600] kasan_save_track+0x18/0x40 [ 12.285820] kasan_save_free_info+0x3f/0x60 [ 12.286103] __kasan_slab_free+0x56/0x70 [ 12.286838] slab_free_after_rcu_debug+0xe4/0x310 [ 12.287028] rcu_core+0x66f/0x1c40 [ 12.287210] rcu_core_si+0x12/0x20 [ 12.287383] handle_softirqs+0x209/0x730 [ 12.288139] __irq_exit_rcu+0xc9/0x110 [ 12.288277] irq_exit_rcu+0x12/0x20 [ 12.288411] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.288569] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.288731] [ 12.288800] Last potentially related work creation: [ 12.288955] kasan_save_stack+0x45/0x70 [ 12.289087] kasan_record_aux_stack+0xb2/0xc0 [ 12.289230] kmem_cache_free+0x131/0x420 [ 12.289585] kmem_cache_rcu_uaf+0x194/0x510 [ 12.289821] kunit_try_run_case+0x1a5/0x480 [ 12.290130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.290619] kthread+0x337/0x6f0 [ 12.291086] ret_from_fork+0x116/0x1d0 [ 12.291250] ret_from_fork_asm+0x1a/0x30 [ 12.291577] [ 12.291742] The buggy address belongs to the object at ffff8881028d3000 [ 12.291742] which belongs to the cache test_cache of size 200 [ 12.292223] The buggy address is located 0 bytes inside of [ 12.292223] freed 200-byte region [ffff8881028d3000, ffff8881028d30c8) [ 12.292981] [ 12.293117] The buggy address belongs to the physical page: [ 12.293352] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d3 [ 12.293850] flags: 0x200000000000000(node=0|zone=2) [ 12.294107] page_type: f5(slab) [ 12.294234] raw: 0200000000000000 ffff888101894500 dead000000000122 0000000000000000 [ 12.294866] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.295165] page dumped because: kasan: bad access detected [ 12.295441] [ 12.295509] Memory state around the buggy address: [ 12.295889] ffff8881028d2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.296228] ffff8881028d2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.296663] >ffff8881028d3000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.297000] ^ [ 12.297136] ffff8881028d3080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.297578] ffff8881028d3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.297842] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 12.212290] ================================================================== [ 12.213500] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 12.214045] Free of addr ffff888102a2f001 by task kunit_try_catch/236 [ 12.214753] [ 12.214953] CPU: 0 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.215005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.215018] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.215039] Call Trace: [ 12.215053] <TASK> [ 12.215096] dump_stack_lvl+0x73/0xb0 [ 12.215132] print_report+0xd1/0x650 [ 12.215156] ? __virt_addr_valid+0x1db/0x2d0 [ 12.215182] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.215204] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.215229] kasan_report_invalid_free+0x10a/0x130 [ 12.215253] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.215278] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.215300] check_slab_allocation+0x11f/0x130 [ 12.215321] __kasan_slab_pre_free+0x28/0x40 [ 12.215340] kmem_cache_free+0xed/0x420 [ 12.215359] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.215378] ? kmem_cache_invalid_free+0x1d8/0x460 [ 12.215415] kmem_cache_invalid_free+0x1d8/0x460 [ 12.215438] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 12.215460] ? finish_task_switch.isra.0+0x153/0x700 [ 12.215483] ? __switch_to+0x47/0xf50 [ 12.215512] ? __pfx_read_tsc+0x10/0x10 [ 12.215533] ? ktime_get_ts64+0x86/0x230 [ 12.215558] kunit_try_run_case+0x1a5/0x480 [ 12.215583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.215604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.215626] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.215647] ? __kthread_parkme+0x82/0x180 [ 12.215667] ? preempt_count_sub+0x50/0x80 [ 12.215689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.215712] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.215733] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.215754] kthread+0x337/0x6f0 [ 12.215773] ? trace_preempt_on+0x20/0xc0 [ 12.215797] ? __pfx_kthread+0x10/0x10 [ 12.215817] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.215836] ? calculate_sigpending+0x7b/0xa0 [ 12.215860] ? __pfx_kthread+0x10/0x10 [ 12.215880] ret_from_fork+0x116/0x1d0 [ 12.215898] ? __pfx_kthread+0x10/0x10 [ 12.215917] ret_from_fork_asm+0x1a/0x30 [ 12.215958] </TASK> [ 12.215970] [ 12.228217] Allocated by task 236: [ 12.228349] kasan_save_stack+0x45/0x70 [ 12.228675] kasan_save_track+0x18/0x40 [ 12.229025] kasan_save_alloc_info+0x3b/0x50 [ 12.229391] __kasan_slab_alloc+0x91/0xa0 [ 12.229804] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.230214] kmem_cache_invalid_free+0x157/0x460 [ 12.230759] kunit_try_run_case+0x1a5/0x480 [ 12.231079] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.231242] kthread+0x337/0x6f0 [ 12.231355] ret_from_fork+0x116/0x1d0 [ 12.231546] ret_from_fork_asm+0x1a/0x30 [ 12.231892] [ 12.232058] The buggy address belongs to the object at ffff888102a2f000 [ 12.232058] which belongs to the cache test_cache of size 200 [ 12.233137] The buggy address is located 1 bytes inside of [ 12.233137] 200-byte region [ffff888102a2f000, ffff888102a2f0c8) [ 12.234066] [ 12.234140] The buggy address belongs to the physical page: [ 12.234299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2f [ 12.235063] flags: 0x200000000000000(node=0|zone=2) [ 12.235487] page_type: f5(slab) [ 12.235879] raw: 0200000000000000 ffff888101d34640 dead000000000122 0000000000000000 [ 12.236631] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.236976] page dumped because: kasan: bad access detected [ 12.237137] [ 12.237199] Memory state around the buggy address: [ 12.237342] ffff888102a2ef00: 00 00 00 00 00 00 00 00 00 00 00 00 fc fc fc fc [ 12.237568] ffff888102a2ef80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.238043] >ffff888102a2f000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.238295] ^ [ 12.238491] ffff888102a2f080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.238832] ffff888102a2f100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.239086] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 12.176371] ================================================================== [ 12.177649] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 12.177908] Free of addr ffff8881028d2000 by task kunit_try_catch/234 [ 12.178141] [ 12.178235] CPU: 1 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.178286] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.178297] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.178318] Call Trace: [ 12.178368] <TASK> [ 12.178389] dump_stack_lvl+0x73/0xb0 [ 12.178422] print_report+0xd1/0x650 [ 12.178445] ? __virt_addr_valid+0x1db/0x2d0 [ 12.178470] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.178492] ? kmem_cache_double_free+0x1e5/0x480 [ 12.178532] kasan_report_invalid_free+0x10a/0x130 [ 12.178555] ? kmem_cache_double_free+0x1e5/0x480 [ 12.178600] ? kmem_cache_double_free+0x1e5/0x480 [ 12.178623] check_slab_allocation+0x101/0x130 [ 12.178644] __kasan_slab_pre_free+0x28/0x40 [ 12.178664] kmem_cache_free+0xed/0x420 [ 12.178684] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.178703] ? kmem_cache_double_free+0x1e5/0x480 [ 12.178728] kmem_cache_double_free+0x1e5/0x480 [ 12.178751] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 12.178773] ? finish_task_switch.isra.0+0x153/0x700 [ 12.178796] ? __switch_to+0x47/0xf50 [ 12.178825] ? __pfx_read_tsc+0x10/0x10 [ 12.178846] ? ktime_get_ts64+0x86/0x230 [ 12.178871] kunit_try_run_case+0x1a5/0x480 [ 12.178897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.178917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.178951] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.178972] ? __kthread_parkme+0x82/0x180 [ 12.178993] ? preempt_count_sub+0x50/0x80 [ 12.179015] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.179037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.179058] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.179080] kthread+0x337/0x6f0 [ 12.179099] ? trace_preempt_on+0x20/0xc0 [ 12.179144] ? __pfx_kthread+0x10/0x10 [ 12.179164] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.179183] ? calculate_sigpending+0x7b/0xa0 [ 12.179207] ? __pfx_kthread+0x10/0x10 [ 12.179227] ret_from_fork+0x116/0x1d0 [ 12.179245] ? __pfx_kthread+0x10/0x10 [ 12.179264] ret_from_fork_asm+0x1a/0x30 [ 12.179294] </TASK> [ 12.179305] [ 12.190670] Allocated by task 234: [ 12.190825] kasan_save_stack+0x45/0x70 [ 12.190979] kasan_save_track+0x18/0x40 [ 12.191195] kasan_save_alloc_info+0x3b/0x50 [ 12.191413] __kasan_slab_alloc+0x91/0xa0 [ 12.191613] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.191766] kmem_cache_double_free+0x14f/0x480 [ 12.191913] kunit_try_run_case+0x1a5/0x480 [ 12.192063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.192248] kthread+0x337/0x6f0 [ 12.192403] ret_from_fork+0x116/0x1d0 [ 12.192603] ret_from_fork_asm+0x1a/0x30 [ 12.193144] [ 12.193252] Freed by task 234: [ 12.193384] kasan_save_stack+0x45/0x70 [ 12.193575] kasan_save_track+0x18/0x40 [ 12.193745] kasan_save_free_info+0x3f/0x60 [ 12.193911] __kasan_slab_free+0x56/0x70 [ 12.194091] kmem_cache_free+0x249/0x420 [ 12.194282] kmem_cache_double_free+0x16a/0x480 [ 12.194950] kunit_try_run_case+0x1a5/0x480 [ 12.195107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.195350] kthread+0x337/0x6f0 [ 12.195532] ret_from_fork+0x116/0x1d0 [ 12.195736] ret_from_fork_asm+0x1a/0x30 [ 12.196231] [ 12.196334] The buggy address belongs to the object at ffff8881028d2000 [ 12.196334] which belongs to the cache test_cache of size 200 [ 12.197150] The buggy address is located 0 bytes inside of [ 12.197150] 200-byte region [ffff8881028d2000, ffff8881028d20c8) [ 12.197745] [ 12.198012] The buggy address belongs to the physical page: [ 12.198347] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028d2 [ 12.198849] flags: 0x200000000000000(node=0|zone=2) [ 12.199327] page_type: f5(slab) [ 12.199692] raw: 0200000000000000 ffff8881018943c0 dead000000000122 0000000000000000 [ 12.200053] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.200519] page dumped because: kasan: bad access detected [ 12.200948] [ 12.201072] Memory state around the buggy address: [ 12.201296] ffff8881028d1f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.201819] ffff8881028d1f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.202323] >ffff8881028d2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.202974] ^ [ 12.203181] ffff8881028d2080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 12.203474] ffff8881028d2100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.203779] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 12.131237] ================================================================== [ 12.131727] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 12.131975] Read of size 1 at addr ffff888102a2c0c8 by task kunit_try_catch/232 [ 12.132189] [ 12.132275] CPU: 0 UID: 0 PID: 232 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.132324] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.132335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.132355] Call Trace: [ 12.132368] <TASK> [ 12.132387] dump_stack_lvl+0x73/0xb0 [ 12.132416] print_report+0xd1/0x650 [ 12.132438] ? __virt_addr_valid+0x1db/0x2d0 [ 12.132461] ? kmem_cache_oob+0x402/0x530 [ 12.132482] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.132502] ? kmem_cache_oob+0x402/0x530 [ 12.132523] kasan_report+0x141/0x180 [ 12.132543] ? kmem_cache_oob+0x402/0x530 [ 12.132568] __asan_report_load1_noabort+0x18/0x20 [ 12.132591] kmem_cache_oob+0x402/0x530 [ 12.132611] ? trace_hardirqs_on+0x37/0xe0 [ 12.132635] ? __pfx_kmem_cache_oob+0x10/0x10 [ 12.132656] ? finish_task_switch.isra.0+0x153/0x700 [ 12.132678] ? __switch_to+0x47/0xf50 [ 12.132705] ? __pfx_read_tsc+0x10/0x10 [ 12.132726] ? ktime_get_ts64+0x86/0x230 [ 12.132750] kunit_try_run_case+0x1a5/0x480 [ 12.132775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.132795] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.132816] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.132837] ? __kthread_parkme+0x82/0x180 [ 12.132857] ? preempt_count_sub+0x50/0x80 [ 12.132878] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.132900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.132921] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.132964] kthread+0x337/0x6f0 [ 12.132982] ? trace_preempt_on+0x20/0xc0 [ 12.133003] ? __pfx_kthread+0x10/0x10 [ 12.133022] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.133041] ? calculate_sigpending+0x7b/0xa0 [ 12.133065] ? __pfx_kthread+0x10/0x10 [ 12.133085] ret_from_fork+0x116/0x1d0 [ 12.133102] ? __pfx_kthread+0x10/0x10 [ 12.133121] ret_from_fork_asm+0x1a/0x30 [ 12.133150] </TASK> [ 12.133162] [ 12.145820] Allocated by task 232: [ 12.146038] kasan_save_stack+0x45/0x70 [ 12.146331] kasan_save_track+0x18/0x40 [ 12.146737] kasan_save_alloc_info+0x3b/0x50 [ 12.147054] __kasan_slab_alloc+0x91/0xa0 [ 12.147357] kmem_cache_alloc_noprof+0x123/0x3f0 [ 12.147785] kmem_cache_oob+0x157/0x530 [ 12.148082] kunit_try_run_case+0x1a5/0x480 [ 12.148304] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.148589] kthread+0x337/0x6f0 [ 12.149185] ret_from_fork+0x116/0x1d0 [ 12.149645] ret_from_fork_asm+0x1a/0x30 [ 12.149851] [ 12.149957] The buggy address belongs to the object at ffff888102a2c000 [ 12.149957] which belongs to the cache test_cache of size 200 [ 12.150833] The buggy address is located 0 bytes to the right of [ 12.150833] allocated 200-byte region [ffff888102a2c000, ffff888102a2c0c8) [ 12.151599] [ 12.151731] The buggy address belongs to the physical page: [ 12.152070] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a2c [ 12.152622] flags: 0x200000000000000(node=0|zone=2) [ 12.152989] page_type: f5(slab) [ 12.153280] raw: 0200000000000000 ffff888101d34500 dead000000000122 0000000000000000 [ 12.153771] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 12.154264] page dumped because: kasan: bad access detected [ 12.154666] [ 12.154763] Memory state around the buggy address: [ 12.155001] ffff888102a2bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.155376] ffff888102a2c000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.155683] >ffff888102a2c080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 12.156072] ^ [ 12.156338] ffff888102a2c100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.156684] ffff888102a2c180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.157051] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 12.089095] ================================================================== [ 12.089499] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 12.090106] Read of size 8 at addr ffff888102a266c0 by task kunit_try_catch/225 [ 12.090469] [ 12.090588] CPU: 0 UID: 0 PID: 225 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.090636] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.090648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.090667] Call Trace: [ 12.090680] <TASK> [ 12.090696] dump_stack_lvl+0x73/0xb0 [ 12.090726] print_report+0xd1/0x650 [ 12.090748] ? __virt_addr_valid+0x1db/0x2d0 [ 12.090769] ? workqueue_uaf+0x4d6/0x560 [ 12.090790] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.090811] ? workqueue_uaf+0x4d6/0x560 [ 12.090831] kasan_report+0x141/0x180 [ 12.090851] ? workqueue_uaf+0x4d6/0x560 [ 12.090876] __asan_report_load8_noabort+0x18/0x20 [ 12.090899] workqueue_uaf+0x4d6/0x560 [ 12.090920] ? __pfx_workqueue_uaf+0x10/0x10 [ 12.090953] ? __schedule+0x10cc/0x2b60 [ 12.090974] ? __pfx_read_tsc+0x10/0x10 [ 12.090995] ? ktime_get_ts64+0x86/0x230 [ 12.091020] kunit_try_run_case+0x1a5/0x480 [ 12.091043] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.091064] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.091085] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.091106] ? __kthread_parkme+0x82/0x180 [ 12.091126] ? preempt_count_sub+0x50/0x80 [ 12.091149] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.091172] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.091193] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.091215] kthread+0x337/0x6f0 [ 12.091234] ? trace_preempt_on+0x20/0xc0 [ 12.091257] ? __pfx_kthread+0x10/0x10 [ 12.091277] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.091296] ? calculate_sigpending+0x7b/0xa0 [ 12.091320] ? __pfx_kthread+0x10/0x10 [ 12.091341] ret_from_fork+0x116/0x1d0 [ 12.091358] ? __pfx_kthread+0x10/0x10 [ 12.091377] ret_from_fork_asm+0x1a/0x30 [ 12.091596] </TASK> [ 12.091611] [ 12.099195] Allocated by task 225: [ 12.099349] kasan_save_stack+0x45/0x70 [ 12.099495] kasan_save_track+0x18/0x40 [ 12.099723] kasan_save_alloc_info+0x3b/0x50 [ 12.099957] __kasan_kmalloc+0xb7/0xc0 [ 12.100142] __kmalloc_cache_noprof+0x189/0x420 [ 12.100340] workqueue_uaf+0x152/0x560 [ 12.100879] kunit_try_run_case+0x1a5/0x480 [ 12.101047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.101225] kthread+0x337/0x6f0 [ 12.101961] ret_from_fork+0x116/0x1d0 [ 12.102444] ret_from_fork_asm+0x1a/0x30 [ 12.103058] [ 12.103224] Freed by task 9: [ 12.103332] kasan_save_stack+0x45/0x70 [ 12.103474] kasan_save_track+0x18/0x40 [ 12.103603] kasan_save_free_info+0x3f/0x60 [ 12.103742] __kasan_slab_free+0x56/0x70 [ 12.103869] kfree+0x222/0x3f0 [ 12.104564] workqueue_uaf_work+0x12/0x20 [ 12.105423] process_one_work+0x5ee/0xf60 [ 12.106002] worker_thread+0x758/0x1220 [ 12.106509] kthread+0x337/0x6f0 [ 12.106703] ret_from_fork+0x116/0x1d0 [ 12.107844] ret_from_fork_asm+0x1a/0x30 [ 12.108267] [ 12.108509] Last potentially related work creation: [ 12.108690] kasan_save_stack+0x45/0x70 [ 12.108927] kasan_record_aux_stack+0xb2/0xc0 [ 12.109140] __queue_work+0x61a/0xe70 [ 12.109370] queue_work_on+0xb6/0xc0 [ 12.109760] workqueue_uaf+0x26d/0x560 [ 12.109948] kunit_try_run_case+0x1a5/0x480 [ 12.110119] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.110368] kthread+0x337/0x6f0 [ 12.110593] ret_from_fork+0x116/0x1d0 [ 12.110726] ret_from_fork_asm+0x1a/0x30 [ 12.110915] [ 12.111077] The buggy address belongs to the object at ffff888102a266c0 [ 12.111077] which belongs to the cache kmalloc-32 of size 32 [ 12.112091] The buggy address is located 0 bytes inside of [ 12.112091] freed 32-byte region [ffff888102a266c0, ffff888102a266e0) [ 12.112685] [ 12.112869] The buggy address belongs to the physical page: [ 12.113254] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a26 [ 12.113768] flags: 0x200000000000000(node=0|zone=2) [ 12.114051] page_type: f5(slab) [ 12.114213] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.114609] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.114941] page dumped because: kasan: bad access detected [ 12.115125] [ 12.115213] Memory state around the buggy address: [ 12.115493] ffff888102a26580: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.115801] ffff888102a26600: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 12.116132] >ffff888102a26680: 00 00 00 07 fc fc fc fc fa fb fb fb fc fc fc fc [ 12.116414] ^ [ 12.116646] ffff888102a26700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.117051] ffff888102a26780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.117340] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 12.045548] ================================================================== [ 12.046721] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 12.047550] Read of size 4 at addr ffff888102a265c0 by task swapper/0/0 [ 12.048204] [ 12.048387] CPU: 0 UID: 0 PID: 0 Comm: swapper/0 Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.048436] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.048448] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.048467] Call Trace: [ 12.048498] <IRQ> [ 12.048516] dump_stack_lvl+0x73/0xb0 [ 12.048549] print_report+0xd1/0x650 [ 12.048573] ? __virt_addr_valid+0x1db/0x2d0 [ 12.048597] ? rcu_uaf_reclaim+0x50/0x60 [ 12.048617] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.048638] ? rcu_uaf_reclaim+0x50/0x60 [ 12.048658] kasan_report+0x141/0x180 [ 12.048679] ? rcu_uaf_reclaim+0x50/0x60 [ 12.048702] __asan_report_load4_noabort+0x18/0x20 [ 12.048725] rcu_uaf_reclaim+0x50/0x60 [ 12.048744] rcu_core+0x66f/0x1c40 [ 12.048772] ? __pfx_rcu_core+0x10/0x10 [ 12.048793] ? ktime_get+0x6b/0x150 [ 12.048815] ? handle_softirqs+0x18e/0x730 [ 12.048839] rcu_core_si+0x12/0x20 [ 12.048859] handle_softirqs+0x209/0x730 [ 12.048877] ? hrtimer_interrupt+0x2fe/0x780 [ 12.048899] ? __pfx_handle_softirqs+0x10/0x10 [ 12.048923] __irq_exit_rcu+0xc9/0x110 [ 12.048955] irq_exit_rcu+0x12/0x20 [ 12.048973] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.048997] </IRQ> [ 12.049022] <TASK> [ 12.049032] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.049120] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 12.049325] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 e8 1e 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 12.049472] RSP: 0000:ffffffffb6a07dd8 EFLAGS: 00010202 [ 12.049568] RAX: ffff88819ca67000 RBX: ffffffffb6a1cac0 RCX: ffffffffb589d225 [ 12.049613] RDX: ffffed102a90618b RSI: 0000000000000004 RDI: 0000000000041244 [ 12.049655] RBP: ffffffffb6a07de0 R08: 0000000000000001 R09: ffffed102a90618a [ 12.049713] R10: ffff888154830c53 R11: 000000000000f400 R12: 0000000000000000 [ 12.049755] R13: fffffbfff6d43958 R14: ffffffffb75b8c90 R15: 0000000000000000 [ 12.049811] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 12.049865] ? default_idle+0xd/0x20 [ 12.049887] arch_cpu_idle+0xd/0x20 [ 12.049907] default_idle_call+0x48/0x80 [ 12.049928] do_idle+0x379/0x4f0 [ 12.049967] ? __pfx_do_idle+0x10/0x10 [ 12.049988] ? trace_preempt_on+0x20/0xc0 [ 12.050011] ? schedule+0x86/0x2e0 [ 12.050028] ? preempt_count_sub+0x50/0x80 [ 12.050054] cpu_startup_entry+0x5c/0x70 [ 12.050076] rest_init+0x11a/0x140 [ 12.050095] ? acpi_subsystem_init+0x5d/0x150 [ 12.050119] start_kernel+0x330/0x410 [ 12.050142] x86_64_start_reservations+0x1c/0x30 [ 12.050164] x86_64_start_kernel+0x10d/0x120 [ 12.050186] common_startup_64+0x13e/0x148 [ 12.050218] </TASK> [ 12.050231] [ 12.066266] Allocated by task 223: [ 12.066537] kasan_save_stack+0x45/0x70 [ 12.066710] kasan_save_track+0x18/0x40 [ 12.066875] kasan_save_alloc_info+0x3b/0x50 [ 12.067067] __kasan_kmalloc+0xb7/0xc0 [ 12.067224] __kmalloc_cache_noprof+0x189/0x420 [ 12.067452] rcu_uaf+0xb0/0x330 [ 12.067624] kunit_try_run_case+0x1a5/0x480 [ 12.068379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.068617] kthread+0x337/0x6f0 [ 12.068750] ret_from_fork+0x116/0x1d0 [ 12.069086] ret_from_fork_asm+0x1a/0x30 [ 12.069379] [ 12.069539] Freed by task 0: [ 12.069691] kasan_save_stack+0x45/0x70 [ 12.070035] kasan_save_track+0x18/0x40 [ 12.070235] kasan_save_free_info+0x3f/0x60 [ 12.070639] __kasan_slab_free+0x56/0x70 [ 12.070837] kfree+0x222/0x3f0 [ 12.071123] rcu_uaf_reclaim+0x1f/0x60 [ 12.071318] rcu_core+0x66f/0x1c40 [ 12.071469] rcu_core_si+0x12/0x20 [ 12.071780] handle_softirqs+0x209/0x730 [ 12.071948] __irq_exit_rcu+0xc9/0x110 [ 12.072124] irq_exit_rcu+0x12/0x20 [ 12.072280] sysvec_apic_timer_interrupt+0x81/0x90 [ 12.072780] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 12.072989] [ 12.073093] Last potentially related work creation: [ 12.073700] kasan_save_stack+0x45/0x70 [ 12.073865] kasan_record_aux_stack+0xb2/0xc0 [ 12.074086] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 12.074302] call_rcu+0x12/0x20 [ 12.074463] rcu_uaf+0x168/0x330 [ 12.074886] kunit_try_run_case+0x1a5/0x480 [ 12.075069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.075433] kthread+0x337/0x6f0 [ 12.075664] ret_from_fork+0x116/0x1d0 [ 12.075799] ret_from_fork_asm+0x1a/0x30 [ 12.076025] [ 12.076119] The buggy address belongs to the object at ffff888102a265c0 [ 12.076119] which belongs to the cache kmalloc-32 of size 32 [ 12.076583] The buggy address is located 0 bytes inside of [ 12.076583] freed 32-byte region [ffff888102a265c0, ffff888102a265e0) [ 12.077054] [ 12.077153] The buggy address belongs to the physical page: [ 12.077374] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a26 [ 12.077701] flags: 0x200000000000000(node=0|zone=2) [ 12.077911] page_type: f5(slab) [ 12.078653] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 12.078913] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 12.079356] page dumped because: kasan: bad access detected [ 12.079773] [ 12.079877] Memory state around the buggy address: [ 12.080256] ffff888102a26480: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 12.080484] ffff888102a26500: 00 00 00 fc fc fc fc fc 00 00 05 fc fc fc fc fc [ 12.080973] >ffff888102a26580: 00 00 07 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 12.081345] ^ [ 12.081763] ffff888102a26600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.082170] ffff888102a26680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.082606] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 12.003798] ================================================================== [ 12.004093] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 12.004386] Read of size 1 at addr ffff8881028e2678 by task kunit_try_catch/221 [ 12.004860] [ 12.005022] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 12.005081] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.005092] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.005110] Call Trace: [ 12.005127] <TASK> [ 12.005152] dump_stack_lvl+0x73/0xb0 [ 12.005180] print_report+0xd1/0x650 [ 12.005201] ? __virt_addr_valid+0x1db/0x2d0 [ 12.005234] ? ksize_uaf+0x5e4/0x6c0 [ 12.005254] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.005275] ? ksize_uaf+0x5e4/0x6c0 [ 12.005294] kasan_report+0x141/0x180 [ 12.005323] ? ksize_uaf+0x5e4/0x6c0 [ 12.005348] __asan_report_load1_noabort+0x18/0x20 [ 12.005370] ksize_uaf+0x5e4/0x6c0 [ 12.005400] ? __pfx_ksize_uaf+0x10/0x10 [ 12.005420] ? __schedule+0x10cc/0x2b60 [ 12.005441] ? __pfx_read_tsc+0x10/0x10 [ 12.005462] ? ktime_get_ts64+0x86/0x230 [ 12.005487] kunit_try_run_case+0x1a5/0x480 [ 12.005509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.005529] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.005550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.005571] ? __kthread_parkme+0x82/0x180 [ 12.005591] ? preempt_count_sub+0x50/0x80 [ 12.005615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.005679] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.005706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.005795] kthread+0x337/0x6f0 [ 12.005818] ? trace_preempt_on+0x20/0xc0 [ 12.005842] ? __pfx_kthread+0x10/0x10 [ 12.005861] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.005881] ? calculate_sigpending+0x7b/0xa0 [ 12.005904] ? __pfx_kthread+0x10/0x10 [ 12.005924] ret_from_fork+0x116/0x1d0 [ 12.005953] ? __pfx_kthread+0x10/0x10 [ 12.005973] ret_from_fork_asm+0x1a/0x30 [ 12.006013] </TASK> [ 12.006024] [ 12.014398] Allocated by task 221: [ 12.014564] kasan_save_stack+0x45/0x70 [ 12.014738] kasan_save_track+0x18/0x40 [ 12.014908] kasan_save_alloc_info+0x3b/0x50 [ 12.015101] __kasan_kmalloc+0xb7/0xc0 [ 12.015260] __kmalloc_cache_noprof+0x189/0x420 [ 12.016012] ksize_uaf+0xaa/0x6c0 [ 12.016369] kunit_try_run_case+0x1a5/0x480 [ 12.017078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.017538] kthread+0x337/0x6f0 [ 12.017875] ret_from_fork+0x116/0x1d0 [ 12.018293] ret_from_fork_asm+0x1a/0x30 [ 12.018755] [ 12.019001] Freed by task 221: [ 12.019291] kasan_save_stack+0x45/0x70 [ 12.019694] kasan_save_track+0x18/0x40 [ 12.019876] kasan_save_free_info+0x3f/0x60 [ 12.020067] __kasan_slab_free+0x56/0x70 [ 12.020234] kfree+0x222/0x3f0 [ 12.020369] ksize_uaf+0x12c/0x6c0 [ 12.020817] kunit_try_run_case+0x1a5/0x480 [ 12.021007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.021243] kthread+0x337/0x6f0 [ 12.021390] ret_from_fork+0x116/0x1d0 [ 12.021512] ret_from_fork_asm+0x1a/0x30 [ 12.021642] [ 12.021731] The buggy address belongs to the object at ffff8881028e2600 [ 12.021731] which belongs to the cache kmalloc-128 of size 128 [ 12.022419] The buggy address is located 120 bytes inside of [ 12.022419] freed 128-byte region [ffff8881028e2600, ffff8881028e2680) [ 12.023114] [ 12.023205] The buggy address belongs to the physical page: [ 12.024044] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 12.024311] flags: 0x200000000000000(node=0|zone=2) [ 12.024482] page_type: f5(slab) [ 12.024598] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.024819] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.025477] page dumped because: kasan: bad access detected [ 12.025811] [ 12.025879] Memory state around the buggy address: [ 12.026301] ffff8881028e2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.026816] ffff8881028e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.027050] >ffff8881028e2600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.027258] ^ [ 12.027856] ffff8881028e2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.028580] ffff8881028e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.029216] ================================================================== [ 11.950501] ================================================================== [ 11.950894] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 11.951127] Read of size 1 at addr ffff8881028e2600 by task kunit_try_catch/221 [ 11.951346] [ 11.951849] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.951904] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.951917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.951949] Call Trace: [ 11.951964] <TASK> [ 11.951983] dump_stack_lvl+0x73/0xb0 [ 11.952015] print_report+0xd1/0x650 [ 11.952036] ? __virt_addr_valid+0x1db/0x2d0 [ 11.952061] ? ksize_uaf+0x19d/0x6c0 [ 11.952081] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.952102] ? ksize_uaf+0x19d/0x6c0 [ 11.952122] kasan_report+0x141/0x180 [ 11.952142] ? ksize_uaf+0x19d/0x6c0 [ 11.952165] ? ksize_uaf+0x19d/0x6c0 [ 11.952184] __kasan_check_byte+0x3d/0x50 [ 11.952205] ksize+0x20/0x60 [ 11.952225] ksize_uaf+0x19d/0x6c0 [ 11.952244] ? __pfx_ksize_uaf+0x10/0x10 [ 11.952264] ? __schedule+0x10cc/0x2b60 [ 11.952285] ? __pfx_read_tsc+0x10/0x10 [ 11.952307] ? ktime_get_ts64+0x86/0x230 [ 11.952331] kunit_try_run_case+0x1a5/0x480 [ 11.952355] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.952376] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.952441] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.952465] ? __kthread_parkme+0x82/0x180 [ 11.952487] ? preempt_count_sub+0x50/0x80 [ 11.952523] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.952546] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.952568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.952589] kthread+0x337/0x6f0 [ 11.952607] ? trace_preempt_on+0x20/0xc0 [ 11.952631] ? __pfx_kthread+0x10/0x10 [ 11.952651] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.952670] ? calculate_sigpending+0x7b/0xa0 [ 11.952694] ? __pfx_kthread+0x10/0x10 [ 11.952714] ret_from_fork+0x116/0x1d0 [ 11.952732] ? __pfx_kthread+0x10/0x10 [ 11.952751] ret_from_fork_asm+0x1a/0x30 [ 11.952782] </TASK> [ 11.952793] [ 11.963221] Allocated by task 221: [ 11.963394] kasan_save_stack+0x45/0x70 [ 11.963556] kasan_save_track+0x18/0x40 [ 11.964202] kasan_save_alloc_info+0x3b/0x50 [ 11.964498] __kasan_kmalloc+0xb7/0xc0 [ 11.964909] __kmalloc_cache_noprof+0x189/0x420 [ 11.965221] ksize_uaf+0xaa/0x6c0 [ 11.965338] kunit_try_run_case+0x1a5/0x480 [ 11.965762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.966250] kthread+0x337/0x6f0 [ 11.966383] ret_from_fork+0x116/0x1d0 [ 11.966923] ret_from_fork_asm+0x1a/0x30 [ 11.967398] [ 11.967677] Freed by task 221: [ 11.968135] kasan_save_stack+0x45/0x70 [ 11.968275] kasan_save_track+0x18/0x40 [ 11.968424] kasan_save_free_info+0x3f/0x60 [ 11.968708] __kasan_slab_free+0x56/0x70 [ 11.968926] kfree+0x222/0x3f0 [ 11.969274] ksize_uaf+0x12c/0x6c0 [ 11.969753] kunit_try_run_case+0x1a5/0x480 [ 11.969908] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.970088] kthread+0x337/0x6f0 [ 11.970205] ret_from_fork+0x116/0x1d0 [ 11.970329] ret_from_fork_asm+0x1a/0x30 [ 11.970473] [ 11.970540] The buggy address belongs to the object at ffff8881028e2600 [ 11.970540] which belongs to the cache kmalloc-128 of size 128 [ 11.971736] The buggy address is located 0 bytes inside of [ 11.971736] freed 128-byte region [ffff8881028e2600, ffff8881028e2680) [ 11.972213] [ 11.972303] The buggy address belongs to the physical page: [ 11.973086] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.973825] flags: 0x200000000000000(node=0|zone=2) [ 11.974312] page_type: f5(slab) [ 11.974630] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.974957] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.975237] page dumped because: kasan: bad access detected [ 11.975869] [ 11.975976] Memory state around the buggy address: [ 11.976172] ffff8881028e2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.976923] ffff8881028e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.977337] >ffff8881028e2600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.977889] ^ [ 11.978055] ffff8881028e2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.978339] ffff8881028e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.979203] ================================================================== [ 11.980149] ================================================================== [ 11.980443] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 11.980857] Read of size 1 at addr ffff8881028e2600 by task kunit_try_catch/221 [ 11.981163] [ 11.981269] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.981314] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.981325] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.981344] Call Trace: [ 11.981361] <TASK> [ 11.981378] dump_stack_lvl+0x73/0xb0 [ 11.981407] print_report+0xd1/0x650 [ 11.981428] ? __virt_addr_valid+0x1db/0x2d0 [ 11.981451] ? ksize_uaf+0x5fe/0x6c0 [ 11.981470] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.981491] ? ksize_uaf+0x5fe/0x6c0 [ 11.981510] kasan_report+0x141/0x180 [ 11.981531] ? ksize_uaf+0x5fe/0x6c0 [ 11.981555] __asan_report_load1_noabort+0x18/0x20 [ 11.981578] ksize_uaf+0x5fe/0x6c0 [ 11.981597] ? __pfx_ksize_uaf+0x10/0x10 [ 11.981617] ? __schedule+0x10cc/0x2b60 [ 11.981639] ? __pfx_read_tsc+0x10/0x10 [ 11.981659] ? ktime_get_ts64+0x86/0x230 [ 11.981689] kunit_try_run_case+0x1a5/0x480 [ 11.981712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.981816] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.981843] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.981865] ? __kthread_parkme+0x82/0x180 [ 11.981899] ? preempt_count_sub+0x50/0x80 [ 11.981923] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.981954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.981976] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.981998] kthread+0x337/0x6f0 [ 11.982016] ? trace_preempt_on+0x20/0xc0 [ 11.982040] ? __pfx_kthread+0x10/0x10 [ 11.982059] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.982079] ? calculate_sigpending+0x7b/0xa0 [ 11.982102] ? __pfx_kthread+0x10/0x10 [ 11.982132] ret_from_fork+0x116/0x1d0 [ 11.982150] ? __pfx_kthread+0x10/0x10 [ 11.982170] ret_from_fork_asm+0x1a/0x30 [ 11.982210] </TASK> [ 11.982221] [ 11.989463] Allocated by task 221: [ 11.989634] kasan_save_stack+0x45/0x70 [ 11.989822] kasan_save_track+0x18/0x40 [ 11.990005] kasan_save_alloc_info+0x3b/0x50 [ 11.990196] __kasan_kmalloc+0xb7/0xc0 [ 11.990362] __kmalloc_cache_noprof+0x189/0x420 [ 11.991055] ksize_uaf+0xaa/0x6c0 [ 11.991186] kunit_try_run_case+0x1a5/0x480 [ 11.991345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.992093] kthread+0x337/0x6f0 [ 11.992287] ret_from_fork+0x116/0x1d0 [ 11.992659] ret_from_fork_asm+0x1a/0x30 [ 11.993085] [ 11.993450] Freed by task 221: [ 11.993698] kasan_save_stack+0x45/0x70 [ 11.993877] kasan_save_track+0x18/0x40 [ 11.994052] kasan_save_free_info+0x3f/0x60 [ 11.994227] __kasan_slab_free+0x56/0x70 [ 11.994873] kfree+0x222/0x3f0 [ 11.995182] ksize_uaf+0x12c/0x6c0 [ 11.995376] kunit_try_run_case+0x1a5/0x480 [ 11.995735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.995976] kthread+0x337/0x6f0 [ 11.996128] ret_from_fork+0x116/0x1d0 [ 11.996291] ret_from_fork_asm+0x1a/0x30 [ 11.997011] [ 11.997112] The buggy address belongs to the object at ffff8881028e2600 [ 11.997112] which belongs to the cache kmalloc-128 of size 128 [ 11.998280] The buggy address is located 0 bytes inside of [ 11.998280] freed 128-byte region [ffff8881028e2600, ffff8881028e2680) [ 11.998812] [ 11.998900] The buggy address belongs to the physical page: [ 11.999085] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.999394] flags: 0x200000000000000(node=0|zone=2) [ 11.999799] page_type: f5(slab) [ 11.999954] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.000267] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.000650] page dumped because: kasan: bad access detected [ 12.000979] [ 12.001060] Memory state around the buggy address: [ 12.001231] ffff8881028e2500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.001749] ffff8881028e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.002061] >ffff8881028e2600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.002350] ^ [ 12.002611] ffff8881028e2680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.002954] ffff8881028e2700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.003186] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 11.890823] ================================================================== [ 11.891841] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.892555] Read of size 1 at addr ffff8881028e2578 by task kunit_try_catch/219 [ 11.893261] [ 11.893469] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.893532] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.893543] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.893564] Call Trace: [ 11.893577] <TASK> [ 11.893596] dump_stack_lvl+0x73/0xb0 [ 11.893627] print_report+0xd1/0x650 [ 11.893725] ? __virt_addr_valid+0x1db/0x2d0 [ 11.893749] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.893771] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.893793] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.893815] kasan_report+0x141/0x180 [ 11.893836] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.893863] __asan_report_load1_noabort+0x18/0x20 [ 11.893886] ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.893908] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.893938] ? finish_task_switch.isra.0+0x153/0x700 [ 11.893960] ? __switch_to+0x47/0xf50 [ 11.893985] ? __schedule+0x10cc/0x2b60 [ 11.894006] ? __pfx_read_tsc+0x10/0x10 [ 11.894027] ? ktime_get_ts64+0x86/0x230 [ 11.894052] kunit_try_run_case+0x1a5/0x480 [ 11.894076] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.894097] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.894118] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.894139] ? __kthread_parkme+0x82/0x180 [ 11.894159] ? preempt_count_sub+0x50/0x80 [ 11.894181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.894203] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.894225] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.894246] kthread+0x337/0x6f0 [ 11.894265] ? trace_preempt_on+0x20/0xc0 [ 11.894288] ? __pfx_kthread+0x10/0x10 [ 11.894307] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.894327] ? calculate_sigpending+0x7b/0xa0 [ 11.894350] ? __pfx_kthread+0x10/0x10 [ 11.894371] ret_from_fork+0x116/0x1d0 [ 11.894630] ? __pfx_kthread+0x10/0x10 [ 11.894654] ret_from_fork_asm+0x1a/0x30 [ 11.894684] </TASK> [ 11.894696] [ 11.907013] Allocated by task 219: [ 11.907142] kasan_save_stack+0x45/0x70 [ 11.907303] kasan_save_track+0x18/0x40 [ 11.907432] kasan_save_alloc_info+0x3b/0x50 [ 11.907614] __kasan_kmalloc+0xb7/0xc0 [ 11.907942] __kmalloc_cache_noprof+0x189/0x420 [ 11.908171] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.908361] kunit_try_run_case+0x1a5/0x480 [ 11.908570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.908775] kthread+0x337/0x6f0 [ 11.908978] ret_from_fork+0x116/0x1d0 [ 11.909165] ret_from_fork_asm+0x1a/0x30 [ 11.909355] [ 11.909421] The buggy address belongs to the object at ffff8881028e2500 [ 11.909421] which belongs to the cache kmalloc-128 of size 128 [ 11.910113] The buggy address is located 5 bytes to the right of [ 11.910113] allocated 115-byte region [ffff8881028e2500, ffff8881028e2573) [ 11.911055] [ 11.911169] The buggy address belongs to the physical page: [ 11.911966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.912237] flags: 0x200000000000000(node=0|zone=2) [ 11.912406] page_type: f5(slab) [ 11.912522] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.912743] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.913085] page dumped because: kasan: bad access detected [ 11.913303] [ 11.913369] Memory state around the buggy address: [ 11.913872] ffff8881028e2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.914242] ffff8881028e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.914801] >ffff8881028e2500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.915511] ^ [ 11.915857] ffff8881028e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.916080] ffff8881028e2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.916284] ================================================================== [ 11.860057] ================================================================== [ 11.860753] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.861067] Read of size 1 at addr ffff8881028e2573 by task kunit_try_catch/219 [ 11.861369] [ 11.861572] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.861623] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.861635] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.861656] Call Trace: [ 11.861669] <TASK> [ 11.861695] dump_stack_lvl+0x73/0xb0 [ 11.861728] print_report+0xd1/0x650 [ 11.861750] ? __virt_addr_valid+0x1db/0x2d0 [ 11.861774] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.861795] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.861815] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.861837] kasan_report+0x141/0x180 [ 11.861857] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.861883] __asan_report_load1_noabort+0x18/0x20 [ 11.861907] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.861942] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.861963] ? finish_task_switch.isra.0+0x153/0x700 [ 11.861986] ? __switch_to+0x47/0xf50 [ 11.862012] ? __schedule+0x10cc/0x2b60 [ 11.862034] ? __pfx_read_tsc+0x10/0x10 [ 11.862056] ? ktime_get_ts64+0x86/0x230 [ 11.862081] kunit_try_run_case+0x1a5/0x480 [ 11.862106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.862126] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.862148] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.862169] ? __kthread_parkme+0x82/0x180 [ 11.862189] ? preempt_count_sub+0x50/0x80 [ 11.862210] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.862232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.862254] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.862276] kthread+0x337/0x6f0 [ 11.862294] ? trace_preempt_on+0x20/0xc0 [ 11.862319] ? __pfx_kthread+0x10/0x10 [ 11.862339] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.862358] ? calculate_sigpending+0x7b/0xa0 [ 11.862381] ? __pfx_kthread+0x10/0x10 [ 11.862458] ret_from_fork+0x116/0x1d0 [ 11.862477] ? __pfx_kthread+0x10/0x10 [ 11.862497] ret_from_fork_asm+0x1a/0x30 [ 11.862527] </TASK> [ 11.862539] [ 11.871765] Allocated by task 219: [ 11.871919] kasan_save_stack+0x45/0x70 [ 11.873792] kasan_save_track+0x18/0x40 [ 11.874761] kasan_save_alloc_info+0x3b/0x50 [ 11.875533] __kasan_kmalloc+0xb7/0xc0 [ 11.876187] __kmalloc_cache_noprof+0x189/0x420 [ 11.877012] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.877619] kunit_try_run_case+0x1a5/0x480 [ 11.878214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.879130] kthread+0x337/0x6f0 [ 11.879682] ret_from_fork+0x116/0x1d0 [ 11.880232] ret_from_fork_asm+0x1a/0x30 [ 11.880701] [ 11.880875] The buggy address belongs to the object at ffff8881028e2500 [ 11.880875] which belongs to the cache kmalloc-128 of size 128 [ 11.882040] The buggy address is located 0 bytes to the right of [ 11.882040] allocated 115-byte region [ffff8881028e2500, ffff8881028e2573) [ 11.882949] [ 11.883036] The buggy address belongs to the physical page: [ 11.883208] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.883695] flags: 0x200000000000000(node=0|zone=2) [ 11.884185] page_type: f5(slab) [ 11.884786] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.885550] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.886221] page dumped because: kasan: bad access detected [ 11.886777] [ 11.886894] Memory state around the buggy address: [ 11.887180] ffff8881028e2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.887715] ffff8881028e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.887946] >ffff8881028e2500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.888624] ^ [ 11.889219] ffff8881028e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.889685] ffff8881028e2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.889895] ================================================================== [ 11.918008] ================================================================== [ 11.918302] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.918628] Read of size 1 at addr ffff8881028e257f by task kunit_try_catch/219 [ 11.919067] [ 11.919156] CPU: 1 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.919200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.919210] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.919229] Call Trace: [ 11.919241] <TASK> [ 11.919255] dump_stack_lvl+0x73/0xb0 [ 11.919285] print_report+0xd1/0x650 [ 11.919305] ? __virt_addr_valid+0x1db/0x2d0 [ 11.919329] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.919352] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.919375] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.919732] kasan_report+0x141/0x180 [ 11.919764] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.919806] __asan_report_load1_noabort+0x18/0x20 [ 11.919830] ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.919853] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.919874] ? finish_task_switch.isra.0+0x153/0x700 [ 11.919898] ? __switch_to+0x47/0xf50 [ 11.919924] ? __schedule+0x10cc/0x2b60 [ 11.919963] ? __pfx_read_tsc+0x10/0x10 [ 11.919983] ? ktime_get_ts64+0x86/0x230 [ 11.920009] kunit_try_run_case+0x1a5/0x480 [ 11.920044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.920065] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.920086] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.920118] ? __kthread_parkme+0x82/0x180 [ 11.920138] ? preempt_count_sub+0x50/0x80 [ 11.920160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.920193] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.920215] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.920236] kthread+0x337/0x6f0 [ 11.920266] ? trace_preempt_on+0x20/0xc0 [ 11.920289] ? __pfx_kthread+0x10/0x10 [ 11.920309] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.920339] ? calculate_sigpending+0x7b/0xa0 [ 11.920362] ? __pfx_kthread+0x10/0x10 [ 11.920383] ret_from_fork+0x116/0x1d0 [ 11.920425] ? __pfx_kthread+0x10/0x10 [ 11.920444] ret_from_fork_asm+0x1a/0x30 [ 11.920474] </TASK> [ 11.920518] [ 11.933817] Allocated by task 219: [ 11.933960] kasan_save_stack+0x45/0x70 [ 11.934102] kasan_save_track+0x18/0x40 [ 11.934227] kasan_save_alloc_info+0x3b/0x50 [ 11.934364] __kasan_kmalloc+0xb7/0xc0 [ 11.934981] __kmalloc_cache_noprof+0x189/0x420 [ 11.935485] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.936119] kunit_try_run_case+0x1a5/0x480 [ 11.936570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.937065] kthread+0x337/0x6f0 [ 11.937382] ret_from_fork+0x116/0x1d0 [ 11.937825] ret_from_fork_asm+0x1a/0x30 [ 11.938214] [ 11.938390] The buggy address belongs to the object at ffff8881028e2500 [ 11.938390] which belongs to the cache kmalloc-128 of size 128 [ 11.939247] The buggy address is located 12 bytes to the right of [ 11.939247] allocated 115-byte region [ffff8881028e2500, ffff8881028e2573) [ 11.940224] [ 11.940410] The buggy address belongs to the physical page: [ 11.940969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.941246] flags: 0x200000000000000(node=0|zone=2) [ 11.941475] page_type: f5(slab) [ 11.941794] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.942610] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.943202] page dumped because: kasan: bad access detected [ 11.943362] [ 11.943577] Memory state around the buggy address: [ 11.943998] ffff8881028e2400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.944673] ffff8881028e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.944927] >ffff8881028e2500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.945136] ^ [ 11.945332] ffff8881028e2580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.945536] ffff8881028e2600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.946240] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.830215] ================================================================== [ 11.830832] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.831129] Free of addr ffff888102225de0 by task kunit_try_catch/217 [ 11.831451] [ 11.831570] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.831616] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.831627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.831707] Call Trace: [ 11.831722] <TASK> [ 11.831807] dump_stack_lvl+0x73/0xb0 [ 11.831851] print_report+0xd1/0x650 [ 11.831872] ? __virt_addr_valid+0x1db/0x2d0 [ 11.831895] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.831916] ? kfree_sensitive+0x2e/0x90 [ 11.831947] kasan_report_invalid_free+0x10a/0x130 [ 11.831970] ? kfree_sensitive+0x2e/0x90 [ 11.831990] ? kfree_sensitive+0x2e/0x90 [ 11.832009] check_slab_allocation+0x101/0x130 [ 11.832029] __kasan_slab_pre_free+0x28/0x40 [ 11.832049] kfree+0xf0/0x3f0 [ 11.832070] ? kfree_sensitive+0x2e/0x90 [ 11.832090] kfree_sensitive+0x2e/0x90 [ 11.832108] kmalloc_double_kzfree+0x19c/0x350 [ 11.832130] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.832152] ? __schedule+0x10cc/0x2b60 [ 11.832173] ? __pfx_read_tsc+0x10/0x10 [ 11.832193] ? ktime_get_ts64+0x86/0x230 [ 11.832218] kunit_try_run_case+0x1a5/0x480 [ 11.832240] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.832261] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.832282] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.832303] ? __kthread_parkme+0x82/0x180 [ 11.832324] ? preempt_count_sub+0x50/0x80 [ 11.832346] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.832369] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.832439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.832463] kthread+0x337/0x6f0 [ 11.832482] ? trace_preempt_on+0x20/0xc0 [ 11.832505] ? __pfx_kthread+0x10/0x10 [ 11.832524] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.832544] ? calculate_sigpending+0x7b/0xa0 [ 11.832566] ? __pfx_kthread+0x10/0x10 [ 11.832587] ret_from_fork+0x116/0x1d0 [ 11.832604] ? __pfx_kthread+0x10/0x10 [ 11.832623] ret_from_fork_asm+0x1a/0x30 [ 11.832652] </TASK> [ 11.832662] [ 11.842016] Allocated by task 217: [ 11.842220] kasan_save_stack+0x45/0x70 [ 11.842422] kasan_save_track+0x18/0x40 [ 11.842546] kasan_save_alloc_info+0x3b/0x50 [ 11.843182] __kasan_kmalloc+0xb7/0xc0 [ 11.843402] __kmalloc_cache_noprof+0x189/0x420 [ 11.843797] kmalloc_double_kzfree+0xa9/0x350 [ 11.843996] kunit_try_run_case+0x1a5/0x480 [ 11.844157] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.844400] kthread+0x337/0x6f0 [ 11.844803] ret_from_fork+0x116/0x1d0 [ 11.845164] ret_from_fork_asm+0x1a/0x30 [ 11.845362] [ 11.845829] Freed by task 217: [ 11.845999] kasan_save_stack+0x45/0x70 [ 11.846163] kasan_save_track+0x18/0x40 [ 11.846336] kasan_save_free_info+0x3f/0x60 [ 11.847059] __kasan_slab_free+0x56/0x70 [ 11.847242] kfree+0x222/0x3f0 [ 11.847627] kfree_sensitive+0x67/0x90 [ 11.847832] kmalloc_double_kzfree+0x12b/0x350 [ 11.848042] kunit_try_run_case+0x1a5/0x480 [ 11.848252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.848524] kthread+0x337/0x6f0 [ 11.849047] ret_from_fork+0x116/0x1d0 [ 11.849198] ret_from_fork_asm+0x1a/0x30 [ 11.849679] [ 11.849915] The buggy address belongs to the object at ffff888102225de0 [ 11.849915] which belongs to the cache kmalloc-16 of size 16 [ 11.850679] The buggy address is located 0 bytes inside of [ 11.850679] 16-byte region [ffff888102225de0, ffff888102225df0) [ 11.851158] [ 11.851255] The buggy address belongs to the physical page: [ 11.851806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102225 [ 11.852176] flags: 0x200000000000000(node=0|zone=2) [ 11.852366] page_type: f5(slab) [ 11.852675] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.852970] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.853263] page dumped because: kasan: bad access detected [ 11.853539] [ 11.853608] Memory state around the buggy address: [ 11.853820] ffff888102225c80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.854073] ffff888102225d00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.854389] >ffff888102225d80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.854643] ^ [ 11.854851] ffff888102225e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.855176] ffff888102225e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.855532] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.793971] ================================================================== [ 11.794413] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.794640] Read of size 1 at addr ffff888102225de0 by task kunit_try_catch/217 [ 11.794844] [ 11.794926] CPU: 0 UID: 0 PID: 217 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.794987] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.794998] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.795018] Call Trace: [ 11.795029] <TASK> [ 11.795047] dump_stack_lvl+0x73/0xb0 [ 11.795075] print_report+0xd1/0x650 [ 11.795096] ? __virt_addr_valid+0x1db/0x2d0 [ 11.795118] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.795139] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.795160] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.795182] kasan_report+0x141/0x180 [ 11.795202] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.795226] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.795247] __kasan_check_byte+0x3d/0x50 [ 11.795267] kfree_sensitive+0x22/0x90 [ 11.795289] kmalloc_double_kzfree+0x19c/0x350 [ 11.795309] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.795332] ? __schedule+0x10cc/0x2b60 [ 11.795352] ? __pfx_read_tsc+0x10/0x10 [ 11.795372] ? ktime_get_ts64+0x86/0x230 [ 11.795396] kunit_try_run_case+0x1a5/0x480 [ 11.795419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.795439] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.795460] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.795481] ? __kthread_parkme+0x82/0x180 [ 11.795502] ? preempt_count_sub+0x50/0x80 [ 11.795524] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.795547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.795568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.795589] kthread+0x337/0x6f0 [ 11.795608] ? trace_preempt_on+0x20/0xc0 [ 11.795631] ? __pfx_kthread+0x10/0x10 [ 11.795651] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.795670] ? calculate_sigpending+0x7b/0xa0 [ 11.795693] ? __pfx_kthread+0x10/0x10 [ 11.795713] ret_from_fork+0x116/0x1d0 [ 11.795731] ? __pfx_kthread+0x10/0x10 [ 11.795751] ret_from_fork_asm+0x1a/0x30 [ 11.795780] </TASK> [ 11.795790] [ 11.816159] Allocated by task 217: [ 11.816303] kasan_save_stack+0x45/0x70 [ 11.816458] kasan_save_track+0x18/0x40 [ 11.816587] kasan_save_alloc_info+0x3b/0x50 [ 11.816727] __kasan_kmalloc+0xb7/0xc0 [ 11.816850] __kmalloc_cache_noprof+0x189/0x420 [ 11.817043] kmalloc_double_kzfree+0xa9/0x350 [ 11.817252] kunit_try_run_case+0x1a5/0x480 [ 11.817534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.817981] kthread+0x337/0x6f0 [ 11.818160] ret_from_fork+0x116/0x1d0 [ 11.818336] ret_from_fork_asm+0x1a/0x30 [ 11.818682] [ 11.818781] Freed by task 217: [ 11.818941] kasan_save_stack+0x45/0x70 [ 11.819176] kasan_save_track+0x18/0x40 [ 11.819531] kasan_save_free_info+0x3f/0x60 [ 11.819709] __kasan_slab_free+0x56/0x70 [ 11.819862] kfree+0x222/0x3f0 [ 11.820209] kfree_sensitive+0x67/0x90 [ 11.820515] kmalloc_double_kzfree+0x12b/0x350 [ 11.820867] kunit_try_run_case+0x1a5/0x480 [ 11.821021] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.821228] kthread+0x337/0x6f0 [ 11.821815] ret_from_fork+0x116/0x1d0 [ 11.822028] ret_from_fork_asm+0x1a/0x30 [ 11.822302] [ 11.822395] The buggy address belongs to the object at ffff888102225de0 [ 11.822395] which belongs to the cache kmalloc-16 of size 16 [ 11.822999] The buggy address is located 0 bytes inside of [ 11.822999] freed 16-byte region [ffff888102225de0, ffff888102225df0) [ 11.823671] [ 11.823783] The buggy address belongs to the physical page: [ 11.824089] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102225 [ 11.824534] flags: 0x200000000000000(node=0|zone=2) [ 11.824836] page_type: f5(slab) [ 11.824976] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.825311] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.825756] page dumped because: kasan: bad access detected [ 11.826020] [ 11.826158] Memory state around the buggy address: [ 11.826696] ffff888102225c80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.826997] ffff888102225d00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.827331] >ffff888102225d80: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.827692] ^ [ 11.827990] ffff888102225e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828366] ffff888102225e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.828788] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.753564] ================================================================== [ 11.753965] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.754184] Read of size 1 at addr ffff8881028c9728 by task kunit_try_catch/213 [ 11.754400] [ 11.754592] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.754637] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.754648] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.754668] Call Trace: [ 11.754679] <TASK> [ 11.754696] dump_stack_lvl+0x73/0xb0 [ 11.754725] print_report+0xd1/0x650 [ 11.754748] ? __virt_addr_valid+0x1db/0x2d0 [ 11.754771] ? kmalloc_uaf2+0x4a8/0x520 [ 11.754790] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.754811] ? kmalloc_uaf2+0x4a8/0x520 [ 11.754830] kasan_report+0x141/0x180 [ 11.754851] ? kmalloc_uaf2+0x4a8/0x520 [ 11.754875] __asan_report_load1_noabort+0x18/0x20 [ 11.754898] kmalloc_uaf2+0x4a8/0x520 [ 11.754917] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.754946] ? finish_task_switch.isra.0+0x153/0x700 [ 11.754968] ? __switch_to+0x47/0xf50 [ 11.754994] ? __schedule+0x10cc/0x2b60 [ 11.755016] ? __pfx_read_tsc+0x10/0x10 [ 11.755037] ? ktime_get_ts64+0x86/0x230 [ 11.755062] kunit_try_run_case+0x1a5/0x480 [ 11.755087] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.755107] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.755128] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.755150] ? __kthread_parkme+0x82/0x180 [ 11.755170] ? preempt_count_sub+0x50/0x80 [ 11.755192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.755214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.755236] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.755257] kthread+0x337/0x6f0 [ 11.755276] ? trace_preempt_on+0x20/0xc0 [ 11.755299] ? __pfx_kthread+0x10/0x10 [ 11.755319] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.755338] ? calculate_sigpending+0x7b/0xa0 [ 11.755362] ? __pfx_kthread+0x10/0x10 [ 11.755383] ret_from_fork+0x116/0x1d0 [ 11.755400] ? __pfx_kthread+0x10/0x10 [ 11.755420] ret_from_fork_asm+0x1a/0x30 [ 11.755450] </TASK> [ 11.755460] [ 11.770525] Allocated by task 213: [ 11.770953] kasan_save_stack+0x45/0x70 [ 11.771321] kasan_save_track+0x18/0x40 [ 11.771717] kasan_save_alloc_info+0x3b/0x50 [ 11.772085] __kasan_kmalloc+0xb7/0xc0 [ 11.772214] __kmalloc_cache_noprof+0x189/0x420 [ 11.772364] kmalloc_uaf2+0xc6/0x520 [ 11.773026] kunit_try_run_case+0x1a5/0x480 [ 11.773426] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.773998] kthread+0x337/0x6f0 [ 11.774320] ret_from_fork+0x116/0x1d0 [ 11.774647] ret_from_fork_asm+0x1a/0x30 [ 11.774787] [ 11.774852] Freed by task 213: [ 11.774974] kasan_save_stack+0x45/0x70 [ 11.775108] kasan_save_track+0x18/0x40 [ 11.775236] kasan_save_free_info+0x3f/0x60 [ 11.775372] __kasan_slab_free+0x56/0x70 [ 11.776089] kfree+0x222/0x3f0 [ 11.776397] kmalloc_uaf2+0x14c/0x520 [ 11.776735] kunit_try_run_case+0x1a5/0x480 [ 11.777281] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.777885] kthread+0x337/0x6f0 [ 11.778198] ret_from_fork+0x116/0x1d0 [ 11.778615] ret_from_fork_asm+0x1a/0x30 [ 11.778992] [ 11.779154] The buggy address belongs to the object at ffff8881028c9700 [ 11.779154] which belongs to the cache kmalloc-64 of size 64 [ 11.780265] The buggy address is located 40 bytes inside of [ 11.780265] freed 64-byte region [ffff8881028c9700, ffff8881028c9740) [ 11.780949] [ 11.781028] The buggy address belongs to the physical page: [ 11.781196] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c9 [ 11.781551] flags: 0x200000000000000(node=0|zone=2) [ 11.782001] page_type: f5(slab) [ 11.782283] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.783133] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.783995] page dumped because: kasan: bad access detected [ 11.784754] [ 11.784918] Memory state around the buggy address: [ 11.785270] ffff8881028c9600: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.785743] ffff8881028c9680: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.786288] >ffff8881028c9700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.786595] ^ [ 11.787013] ffff8881028c9780: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.787720] ffff8881028c9800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.788264] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.725310] ================================================================== [ 11.725732] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.726022] Write of size 33 at addr ffff888102a1ee00 by task kunit_try_catch/211 [ 11.726277] [ 11.726365] CPU: 0 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.726422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.726434] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.726456] Call Trace: [ 11.726469] <TASK> [ 11.726488] dump_stack_lvl+0x73/0xb0 [ 11.726516] print_report+0xd1/0x650 [ 11.726537] ? __virt_addr_valid+0x1db/0x2d0 [ 11.726560] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.726579] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.726600] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.726620] kasan_report+0x141/0x180 [ 11.726640] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.726664] kasan_check_range+0x10c/0x1c0 [ 11.726687] __asan_memset+0x27/0x50 [ 11.726706] kmalloc_uaf_memset+0x1a3/0x360 [ 11.726727] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.726781] ? __schedule+0x10cc/0x2b60 [ 11.726904] ? __pfx_read_tsc+0x10/0x10 [ 11.726925] ? ktime_get_ts64+0x86/0x230 [ 11.726962] kunit_try_run_case+0x1a5/0x480 [ 11.726986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.727007] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.727027] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.727049] ? __kthread_parkme+0x82/0x180 [ 11.727069] ? preempt_count_sub+0x50/0x80 [ 11.727092] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.727114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.727135] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.727156] kthread+0x337/0x6f0 [ 11.727175] ? trace_preempt_on+0x20/0xc0 [ 11.727199] ? __pfx_kthread+0x10/0x10 [ 11.727219] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.727238] ? calculate_sigpending+0x7b/0xa0 [ 11.727261] ? __pfx_kthread+0x10/0x10 [ 11.727282] ret_from_fork+0x116/0x1d0 [ 11.727299] ? __pfx_kthread+0x10/0x10 [ 11.727318] ret_from_fork_asm+0x1a/0x30 [ 11.727347] </TASK> [ 11.727360] [ 11.737593] Allocated by task 211: [ 11.737793] kasan_save_stack+0x45/0x70 [ 11.738003] kasan_save_track+0x18/0x40 [ 11.738166] kasan_save_alloc_info+0x3b/0x50 [ 11.738368] __kasan_kmalloc+0xb7/0xc0 [ 11.738630] __kmalloc_cache_noprof+0x189/0x420 [ 11.738852] kmalloc_uaf_memset+0xa9/0x360 [ 11.739069] kunit_try_run_case+0x1a5/0x480 [ 11.739214] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.739377] kthread+0x337/0x6f0 [ 11.739567] ret_from_fork+0x116/0x1d0 [ 11.739779] ret_from_fork_asm+0x1a/0x30 [ 11.740113] [ 11.740240] Freed by task 211: [ 11.740574] kasan_save_stack+0x45/0x70 [ 11.740850] kasan_save_track+0x18/0x40 [ 11.741053] kasan_save_free_info+0x3f/0x60 [ 11.741248] __kasan_slab_free+0x56/0x70 [ 11.741549] kfree+0x222/0x3f0 [ 11.741736] kmalloc_uaf_memset+0x12b/0x360 [ 11.741966] kunit_try_run_case+0x1a5/0x480 [ 11.742166] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.742486] kthread+0x337/0x6f0 [ 11.742660] ret_from_fork+0x116/0x1d0 [ 11.742783] ret_from_fork_asm+0x1a/0x30 [ 11.742909] [ 11.742985] The buggy address belongs to the object at ffff888102a1ee00 [ 11.742985] which belongs to the cache kmalloc-64 of size 64 [ 11.743718] The buggy address is located 0 bytes inside of [ 11.743718] freed 64-byte region [ffff888102a1ee00, ffff888102a1ee40) [ 11.744078] [ 11.744144] The buggy address belongs to the physical page: [ 11.744303] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1e [ 11.744597] flags: 0x200000000000000(node=0|zone=2) [ 11.744850] page_type: f5(slab) [ 11.745125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.745462] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.746145] page dumped because: kasan: bad access detected [ 11.747060] [ 11.747314] Memory state around the buggy address: [ 11.747567] ffff888102a1ed00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.747983] ffff888102a1ed80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.748397] >ffff888102a1ee00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.748959] ^ [ 11.749132] ffff888102a1ee80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.749430] ffff888102a1ef00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.750158] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.695386] ================================================================== [ 11.696564] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.697152] Read of size 1 at addr ffff888102539488 by task kunit_try_catch/209 [ 11.697923] [ 11.698175] CPU: 1 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.698223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.698235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.698256] Call Trace: [ 11.698268] <TASK> [ 11.698285] dump_stack_lvl+0x73/0xb0 [ 11.698314] print_report+0xd1/0x650 [ 11.698336] ? __virt_addr_valid+0x1db/0x2d0 [ 11.698358] ? kmalloc_uaf+0x320/0x380 [ 11.698397] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.698431] ? kmalloc_uaf+0x320/0x380 [ 11.698450] kasan_report+0x141/0x180 [ 11.698471] ? kmalloc_uaf+0x320/0x380 [ 11.698494] __asan_report_load1_noabort+0x18/0x20 [ 11.698517] kmalloc_uaf+0x320/0x380 [ 11.698536] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.698556] ? __schedule+0x10cc/0x2b60 [ 11.698577] ? __pfx_read_tsc+0x10/0x10 [ 11.698597] ? ktime_get_ts64+0x86/0x230 [ 11.698623] kunit_try_run_case+0x1a5/0x480 [ 11.698646] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.698667] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.698688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.698709] ? __kthread_parkme+0x82/0x180 [ 11.698730] ? preempt_count_sub+0x50/0x80 [ 11.698754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.698777] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.698799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.698820] kthread+0x337/0x6f0 [ 11.698839] ? trace_preempt_on+0x20/0xc0 [ 11.698863] ? __pfx_kthread+0x10/0x10 [ 11.698885] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.698904] ? calculate_sigpending+0x7b/0xa0 [ 11.698928] ? __pfx_kthread+0x10/0x10 [ 11.698958] ret_from_fork+0x116/0x1d0 [ 11.698976] ? __pfx_kthread+0x10/0x10 [ 11.698996] ret_from_fork_asm+0x1a/0x30 [ 11.699026] </TASK> [ 11.699036] [ 11.710903] Allocated by task 209: [ 11.711044] kasan_save_stack+0x45/0x70 [ 11.711183] kasan_save_track+0x18/0x40 [ 11.711310] kasan_save_alloc_info+0x3b/0x50 [ 11.711468] __kasan_kmalloc+0xb7/0xc0 [ 11.711593] __kmalloc_cache_noprof+0x189/0x420 [ 11.711885] kmalloc_uaf+0xaa/0x380 [ 11.712020] kunit_try_run_case+0x1a5/0x480 [ 11.712219] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.712461] kthread+0x337/0x6f0 [ 11.712605] ret_from_fork+0x116/0x1d0 [ 11.712731] ret_from_fork_asm+0x1a/0x30 [ 11.712899] [ 11.712998] Freed by task 209: [ 11.713148] kasan_save_stack+0x45/0x70 [ 11.713334] kasan_save_track+0x18/0x40 [ 11.713608] kasan_save_free_info+0x3f/0x60 [ 11.713767] __kasan_slab_free+0x56/0x70 [ 11.713898] kfree+0x222/0x3f0 [ 11.714095] kmalloc_uaf+0x12c/0x380 [ 11.714387] kunit_try_run_case+0x1a5/0x480 [ 11.714606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.714822] kthread+0x337/0x6f0 [ 11.714947] ret_from_fork+0x116/0x1d0 [ 11.715073] ret_from_fork_asm+0x1a/0x30 [ 11.715233] [ 11.715350] The buggy address belongs to the object at ffff888102539480 [ 11.715350] which belongs to the cache kmalloc-16 of size 16 [ 11.715948] The buggy address is located 8 bytes inside of [ 11.715948] freed 16-byte region [ffff888102539480, ffff888102539490) [ 11.716287] [ 11.716385] The buggy address belongs to the physical page: [ 11.716634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102539 [ 11.717221] flags: 0x200000000000000(node=0|zone=2) [ 11.717516] page_type: f5(slab) [ 11.717779] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.718098] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.718318] page dumped because: kasan: bad access detected [ 11.718717] [ 11.718825] Memory state around the buggy address: [ 11.719130] ffff888102539380: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.719341] ffff888102539400: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.719757] >ffff888102539480: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.720437] ^ [ 11.720625] ffff888102539500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.720979] ffff888102539580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.721776] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.667230] ================================================================== [ 11.668398] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.668669] Read of size 64 at addr ffff8881028c9404 by task kunit_try_catch/207 [ 11.668887] [ 11.668993] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.669042] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.669054] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.669075] Call Trace: [ 11.669087] <TASK> [ 11.669107] dump_stack_lvl+0x73/0xb0 [ 11.669137] print_report+0xd1/0x650 [ 11.669159] ? __virt_addr_valid+0x1db/0x2d0 [ 11.669183] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.669206] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.669227] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.669250] kasan_report+0x141/0x180 [ 11.669271] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.669298] kasan_check_range+0x10c/0x1c0 [ 11.669320] __asan_memmove+0x27/0x70 [ 11.669339] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.669362] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.669385] ? __schedule+0x10cc/0x2b60 [ 11.669407] ? __pfx_read_tsc+0x10/0x10 [ 11.669428] ? ktime_get_ts64+0x86/0x230 [ 11.669453] kunit_try_run_case+0x1a5/0x480 [ 11.669477] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.669498] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.669519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.669541] ? __kthread_parkme+0x82/0x180 [ 11.669632] ? preempt_count_sub+0x50/0x80 [ 11.669655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.669678] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.669706] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.669728] kthread+0x337/0x6f0 [ 11.669746] ? trace_preempt_on+0x20/0xc0 [ 11.669771] ? __pfx_kthread+0x10/0x10 [ 11.669792] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.669812] ? calculate_sigpending+0x7b/0xa0 [ 11.669835] ? __pfx_kthread+0x10/0x10 [ 11.669856] ret_from_fork+0x116/0x1d0 [ 11.669873] ? __pfx_kthread+0x10/0x10 [ 11.669893] ret_from_fork_asm+0x1a/0x30 [ 11.669923] </TASK> [ 11.669948] [ 11.680059] Allocated by task 207: [ 11.680338] kasan_save_stack+0x45/0x70 [ 11.680619] kasan_save_track+0x18/0x40 [ 11.681073] kasan_save_alloc_info+0x3b/0x50 [ 11.681240] __kasan_kmalloc+0xb7/0xc0 [ 11.681628] __kmalloc_cache_noprof+0x189/0x420 [ 11.681908] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.682106] kunit_try_run_case+0x1a5/0x480 [ 11.682305] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.682803] kthread+0x337/0x6f0 [ 11.682954] ret_from_fork+0x116/0x1d0 [ 11.683264] ret_from_fork_asm+0x1a/0x30 [ 11.683576] [ 11.683681] The buggy address belongs to the object at ffff8881028c9400 [ 11.683681] which belongs to the cache kmalloc-64 of size 64 [ 11.684043] The buggy address is located 4 bytes inside of [ 11.684043] allocated 64-byte region [ffff8881028c9400, ffff8881028c9440) [ 11.684385] [ 11.684453] The buggy address belongs to the physical page: [ 11.684619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c9 [ 11.684851] flags: 0x200000000000000(node=0|zone=2) [ 11.685782] page_type: f5(slab) [ 11.686698] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.687369] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.688199] page dumped because: kasan: bad access detected [ 11.688673] [ 11.688802] Memory state around the buggy address: [ 11.689088] ffff8881028c9300: 00 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc [ 11.689688] ffff8881028c9380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.690279] >ffff8881028c9400: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.690753] ^ [ 11.691226] ffff8881028c9480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.691697] ffff8881028c9500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.691944] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.624043] ================================================================== [ 11.624432] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.624676] Read of size 18446744073709551614 at addr ffff8881028c9284 by task kunit_try_catch/205 [ 11.625045] [ 11.625592] CPU: 1 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.625646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.625658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.625681] Call Trace: [ 11.625699] <TASK> [ 11.625718] dump_stack_lvl+0x73/0xb0 [ 11.625749] print_report+0xd1/0x650 [ 11.625770] ? __virt_addr_valid+0x1db/0x2d0 [ 11.625792] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.625815] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.625836] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.625882] kasan_report+0x141/0x180 [ 11.625904] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.626228] kasan_check_range+0x10c/0x1c0 [ 11.626260] __asan_memmove+0x27/0x70 [ 11.626279] kmalloc_memmove_negative_size+0x171/0x330 [ 11.626302] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.626326] ? __schedule+0x10cc/0x2b60 [ 11.626347] ? __pfx_read_tsc+0x10/0x10 [ 11.626368] ? ktime_get_ts64+0x86/0x230 [ 11.626421] kunit_try_run_case+0x1a5/0x480 [ 11.626445] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.626466] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.626487] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.626509] ? __kthread_parkme+0x82/0x180 [ 11.626528] ? preempt_count_sub+0x50/0x80 [ 11.626551] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.626573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.626594] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.626615] kthread+0x337/0x6f0 [ 11.626634] ? trace_preempt_on+0x20/0xc0 [ 11.626658] ? __pfx_kthread+0x10/0x10 [ 11.626677] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.626696] ? calculate_sigpending+0x7b/0xa0 [ 11.626719] ? __pfx_kthread+0x10/0x10 [ 11.626739] ret_from_fork+0x116/0x1d0 [ 11.626757] ? __pfx_kthread+0x10/0x10 [ 11.626776] ret_from_fork_asm+0x1a/0x30 [ 11.626807] </TASK> [ 11.626818] [ 11.641544] Allocated by task 205: [ 11.641688] kasan_save_stack+0x45/0x70 [ 11.641832] kasan_save_track+0x18/0x40 [ 11.643009] kasan_save_alloc_info+0x3b/0x50 [ 11.643740] __kasan_kmalloc+0xb7/0xc0 [ 11.644331] __kmalloc_cache_noprof+0x189/0x420 [ 11.645042] kmalloc_memmove_negative_size+0xac/0x330 [ 11.645865] kunit_try_run_case+0x1a5/0x480 [ 11.646836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.647477] kthread+0x337/0x6f0 [ 11.648104] ret_from_fork+0x116/0x1d0 [ 11.648667] ret_from_fork_asm+0x1a/0x30 [ 11.649225] [ 11.649396] The buggy address belongs to the object at ffff8881028c9280 [ 11.649396] which belongs to the cache kmalloc-64 of size 64 [ 11.651063] The buggy address is located 4 bytes inside of [ 11.651063] 64-byte region [ffff8881028c9280, ffff8881028c92c0) [ 11.652556] [ 11.652730] The buggy address belongs to the physical page: [ 11.653493] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028c9 [ 11.654379] flags: 0x200000000000000(node=0|zone=2) [ 11.655049] page_type: f5(slab) [ 11.655414] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.655818] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.656764] page dumped because: kasan: bad access detected [ 11.657180] [ 11.657256] Memory state around the buggy address: [ 11.657626] ffff8881028c9180: 00 00 00 00 01 fc fc fc fc fc fc fc fc fc fc fc [ 11.658367] ffff8881028c9200: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.659327] >ffff8881028c9280: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.659911] ^ [ 11.660255] ffff8881028c9300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.661328] ffff8881028c9380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.662290] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.594140] ================================================================== [ 11.594681] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.595033] Write of size 16 at addr ffff888102a15d69 by task kunit_try_catch/203 [ 11.595321] [ 11.595533] CPU: 0 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.595586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.595597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.595618] Call Trace: [ 11.595654] <TASK> [ 11.595674] dump_stack_lvl+0x73/0xb0 [ 11.595706] print_report+0xd1/0x650 [ 11.595742] ? __virt_addr_valid+0x1db/0x2d0 [ 11.595767] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.595787] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.595808] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.595829] kasan_report+0x141/0x180 [ 11.595850] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.595875] kasan_check_range+0x10c/0x1c0 [ 11.595897] __asan_memset+0x27/0x50 [ 11.595916] kmalloc_oob_memset_16+0x166/0x330 [ 11.595949] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.595971] ? __schedule+0x10cc/0x2b60 [ 11.596010] ? __pfx_read_tsc+0x10/0x10 [ 11.596033] ? ktime_get_ts64+0x86/0x230 [ 11.596058] kunit_try_run_case+0x1a5/0x480 [ 11.596082] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.596103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.596124] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.596145] ? __kthread_parkme+0x82/0x180 [ 11.596183] ? preempt_count_sub+0x50/0x80 [ 11.596207] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.596229] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.596250] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.596272] kthread+0x337/0x6f0 [ 11.596291] ? trace_preempt_on+0x20/0xc0 [ 11.596314] ? __pfx_kthread+0x10/0x10 [ 11.596334] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.596353] ? calculate_sigpending+0x7b/0xa0 [ 11.596377] ? __pfx_kthread+0x10/0x10 [ 11.596448] ret_from_fork+0x116/0x1d0 [ 11.596469] ? __pfx_kthread+0x10/0x10 [ 11.596489] ret_from_fork_asm+0x1a/0x30 [ 11.596522] </TASK> [ 11.596533] [ 11.606398] Allocated by task 203: [ 11.606584] kasan_save_stack+0x45/0x70 [ 11.606784] kasan_save_track+0x18/0x40 [ 11.607754] kasan_save_alloc_info+0x3b/0x50 [ 11.608314] __kasan_kmalloc+0xb7/0xc0 [ 11.608515] __kmalloc_cache_noprof+0x189/0x420 [ 11.608742] kmalloc_oob_memset_16+0xac/0x330 [ 11.609605] kunit_try_run_case+0x1a5/0x480 [ 11.609927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.610344] kthread+0x337/0x6f0 [ 11.610800] ret_from_fork+0x116/0x1d0 [ 11.611383] ret_from_fork_asm+0x1a/0x30 [ 11.611597] [ 11.611716] The buggy address belongs to the object at ffff888102a15d00 [ 11.611716] which belongs to the cache kmalloc-128 of size 128 [ 11.612857] The buggy address is located 105 bytes inside of [ 11.612857] allocated 120-byte region [ffff888102a15d00, ffff888102a15d78) [ 11.613830] [ 11.614032] The buggy address belongs to the physical page: [ 11.614279] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a15 [ 11.614793] flags: 0x200000000000000(node=0|zone=2) [ 11.615036] page_type: f5(slab) [ 11.615194] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.615990] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.616346] page dumped because: kasan: bad access detected [ 11.616879] [ 11.616989] Memory state around the buggy address: [ 11.617361] ffff888102a15c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.617805] ffff888102a15c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.618460] >ffff888102a15d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.618899] ^ [ 11.619194] ffff888102a15d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.619701] ffff888102a15e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.620217] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.567158] ================================================================== [ 11.567622] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.567972] Write of size 8 at addr ffff888102a15c71 by task kunit_try_catch/201 [ 11.568240] [ 11.568356] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.568404] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.568416] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.568718] Call Trace: [ 11.568760] <TASK> [ 11.568781] dump_stack_lvl+0x73/0xb0 [ 11.568816] print_report+0xd1/0x650 [ 11.568840] ? __virt_addr_valid+0x1db/0x2d0 [ 11.568864] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.568885] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.568905] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.568926] kasan_report+0x141/0x180 [ 11.568958] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.568983] kasan_check_range+0x10c/0x1c0 [ 11.569005] __asan_memset+0x27/0x50 [ 11.569023] kmalloc_oob_memset_8+0x166/0x330 [ 11.569044] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.569065] ? __schedule+0x10cc/0x2b60 [ 11.569086] ? __pfx_read_tsc+0x10/0x10 [ 11.569107] ? ktime_get_ts64+0x86/0x230 [ 11.569132] kunit_try_run_case+0x1a5/0x480 [ 11.569156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.569176] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.569197] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.569218] ? __kthread_parkme+0x82/0x180 [ 11.569239] ? preempt_count_sub+0x50/0x80 [ 11.569262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.569284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.569305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.569327] kthread+0x337/0x6f0 [ 11.569345] ? trace_preempt_on+0x20/0xc0 [ 11.569369] ? __pfx_kthread+0x10/0x10 [ 11.569728] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.569754] ? calculate_sigpending+0x7b/0xa0 [ 11.569780] ? __pfx_kthread+0x10/0x10 [ 11.569801] ret_from_fork+0x116/0x1d0 [ 11.569820] ? __pfx_kthread+0x10/0x10 [ 11.569839] ret_from_fork_asm+0x1a/0x30 [ 11.569870] </TASK> [ 11.569883] [ 11.580768] Allocated by task 201: [ 11.580997] kasan_save_stack+0x45/0x70 [ 11.581283] kasan_save_track+0x18/0x40 [ 11.581424] kasan_save_alloc_info+0x3b/0x50 [ 11.581566] __kasan_kmalloc+0xb7/0xc0 [ 11.581755] __kmalloc_cache_noprof+0x189/0x420 [ 11.582129] kmalloc_oob_memset_8+0xac/0x330 [ 11.582409] kunit_try_run_case+0x1a5/0x480 [ 11.582636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.582949] kthread+0x337/0x6f0 [ 11.583113] ret_from_fork+0x116/0x1d0 [ 11.583313] ret_from_fork_asm+0x1a/0x30 [ 11.583646] [ 11.583723] The buggy address belongs to the object at ffff888102a15c00 [ 11.583723] which belongs to the cache kmalloc-128 of size 128 [ 11.584172] The buggy address is located 113 bytes inside of [ 11.584172] allocated 120-byte region [ffff888102a15c00, ffff888102a15c78) [ 11.584758] [ 11.584826] The buggy address belongs to the physical page: [ 11.585442] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a15 [ 11.585915] flags: 0x200000000000000(node=0|zone=2) [ 11.586167] page_type: f5(slab) [ 11.586319] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.586675] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.587013] page dumped because: kasan: bad access detected [ 11.587276] [ 11.587360] Memory state around the buggy address: [ 11.587594] ffff888102a15b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.588042] ffff888102a15b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.588304] >ffff888102a15c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.588713] ^ [ 11.589158] ffff888102a15c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.589553] ffff888102a15d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.589856] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.534860] ================================================================== [ 11.535710] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.536351] Write of size 4 at addr ffff8881028e2475 by task kunit_try_catch/199 [ 11.536738] [ 11.536833] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 11.536881] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.536891] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.536912] Call Trace: [ 11.536924] <TASK> [ 11.536956] dump_stack_lvl+0x73/0xb0 [ 11.536985] print_report+0xd1/0x650 [ 11.537007] ? __virt_addr_valid+0x1db/0x2d0 [ 11.537029] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.537049] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.537070] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.537090] kasan_report+0x141/0x180 [ 11.537111] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.537136] kasan_check_range+0x10c/0x1c0 [ 11.537158] __asan_memset+0x27/0x50 [ 11.537176] kmalloc_oob_memset_4+0x166/0x330 [ 11.537197] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.537219] ? __schedule+0x10cc/0x2b60 [ 11.537240] ? __pfx_read_tsc+0x10/0x10 [ 11.537260] ? ktime_get_ts64+0x86/0x230 [ 11.537286] kunit_try_run_case+0x1a5/0x480 [ 11.537309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.537330] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.537352] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.537373] ? __kthread_parkme+0x82/0x180 [ 11.537547] ? preempt_count_sub+0x50/0x80 [ 11.537570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.537592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.537614] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.537635] kthread+0x337/0x6f0 [ 11.537654] ? trace_preempt_on+0x20/0xc0 [ 11.537677] ? __pfx_kthread+0x10/0x10 [ 11.537704] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.537723] ? calculate_sigpending+0x7b/0xa0 [ 11.537746] ? __pfx_kthread+0x10/0x10 [ 11.537767] ret_from_fork+0x116/0x1d0 [ 11.537784] ? __pfx_kthread+0x10/0x10 [ 11.537803] ret_from_fork_asm+0x1a/0x30 [ 11.537834] </TASK> [ 11.537844] [ 11.548389] Allocated by task 199: [ 11.548568] kasan_save_stack+0x45/0x70 [ 11.548764] kasan_save_track+0x18/0x40 [ 11.548944] kasan_save_alloc_info+0x3b/0x50 [ 11.549132] __kasan_kmalloc+0xb7/0xc0 [ 11.549296] __kmalloc_cache_noprof+0x189/0x420 [ 11.550117] kmalloc_oob_memset_4+0xac/0x330 [ 11.550296] kunit_try_run_case+0x1a5/0x480 [ 11.550698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.551466] kthread+0x337/0x6f0 [ 11.551953] ret_from_fork+0x116/0x1d0 [ 11.552601] ret_from_fork_asm+0x1a/0x30 [ 11.553002] [ 11.553076] The buggy address belongs to the object at ffff8881028e2400 [ 11.553076] which belongs to the cache kmalloc-128 of size 128 [ 11.553807] The buggy address is located 117 bytes inside of [ 11.553807] allocated 120-byte region [ffff8881028e2400, ffff8881028e2478) [ 11.555442] [ 11.555835] The buggy address belongs to the physical page: [ 11.556354] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 11.557192] flags: 0x200000000000000(node=0|zone=2) [ 11.557456] page_type: f5(slab) [ 11.557846] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.558531] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.558755] page dumped because: kasan: bad access detected [ 11.558915] [ 11.558992] Memory state around the buggy address: [ 11.559138] ffff8881028e2300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.559339] ffff8881028e2380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.560421] >ffff8881028e2400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.561135] ^ [ 11.561817] ffff8881028e2480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.562616] ffff8881028e2500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.563256] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 10.954423] ================================================================== [ 10.955029] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 10.955309] Read of size 1 at addr ffff8881039a0000 by task kunit_try_catch/179 [ 10.956062] [ 10.956311] CPU: 1 UID: 0 PID: 179 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.956363] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.956513] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.956536] Call Trace: [ 10.956549] <TASK> [ 10.956567] dump_stack_lvl+0x73/0xb0 [ 10.956599] print_report+0xd1/0x650 [ 10.956622] ? __virt_addr_valid+0x1db/0x2d0 [ 10.956645] ? page_alloc_uaf+0x356/0x3d0 [ 10.956665] ? kasan_addr_to_slab+0x11/0xa0 [ 10.956685] ? page_alloc_uaf+0x356/0x3d0 [ 10.956705] kasan_report+0x141/0x180 [ 10.956726] ? page_alloc_uaf+0x356/0x3d0 [ 10.956751] __asan_report_load1_noabort+0x18/0x20 [ 10.956774] page_alloc_uaf+0x356/0x3d0 [ 10.956794] ? __pfx_page_alloc_uaf+0x10/0x10 [ 10.956815] ? __schedule+0x10cc/0x2b60 [ 10.956837] ? __pfx_read_tsc+0x10/0x10 [ 10.956857] ? ktime_get_ts64+0x86/0x230 [ 10.956883] kunit_try_run_case+0x1a5/0x480 [ 10.956907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.956928] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.956960] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.956981] ? __kthread_parkme+0x82/0x180 [ 10.957001] ? preempt_count_sub+0x50/0x80 [ 10.957023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.957067] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.957089] kthread+0x337/0x6f0 [ 10.957107] ? trace_preempt_on+0x20/0xc0 [ 10.957130] ? __pfx_kthread+0x10/0x10 [ 10.957149] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.957168] ? calculate_sigpending+0x7b/0xa0 [ 10.957191] ? __pfx_kthread+0x10/0x10 [ 10.957211] ret_from_fork+0x116/0x1d0 [ 10.957228] ? __pfx_kthread+0x10/0x10 [ 10.957247] ret_from_fork_asm+0x1a/0x30 [ 10.957278] </TASK> [ 10.957289] [ 10.967692] The buggy address belongs to the physical page: [ 10.967949] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1039a0 [ 10.968387] flags: 0x200000000000000(node=0|zone=2) [ 10.968919] page_type: f0(buddy) [ 10.969055] raw: 0200000000000000 ffff88817fffd4a8 ffff88817fffd4a8 0000000000000000 [ 10.969392] raw: 0000000000000000 0000000000000005 00000000f0000000 0000000000000000 [ 10.969960] page dumped because: kasan: bad access detected [ 10.970297] [ 10.970609] Memory state around the buggy address: [ 10.970838] ffff88810399ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.971217] ffff88810399ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.971725] >ffff8881039a0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.972123] ^ [ 10.972395] ffff8881039a0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.972999] ffff8881039a0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.973394] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 10.928972] ================================================================== [ 10.929874] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 10.930265] Free of addr ffff888102ad0001 by task kunit_try_catch/175 [ 10.930858] [ 10.931002] CPU: 1 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.931053] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.931065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.931087] Call Trace: [ 10.931102] <TASK> [ 10.931121] dump_stack_lvl+0x73/0xb0 [ 10.931155] print_report+0xd1/0x650 [ 10.931179] ? __virt_addr_valid+0x1db/0x2d0 [ 10.931202] ? kasan_addr_to_slab+0x11/0xa0 [ 10.931221] ? kfree+0x274/0x3f0 [ 10.931243] kasan_report_invalid_free+0x10a/0x130 [ 10.931266] ? kfree+0x274/0x3f0 [ 10.931288] ? kfree+0x274/0x3f0 [ 10.931307] __kasan_kfree_large+0x86/0xd0 [ 10.931327] free_large_kmalloc+0x4b/0x110 [ 10.931350] kfree+0x274/0x3f0 [ 10.931373] kmalloc_large_invalid_free+0x120/0x2b0 [ 10.931395] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 10.931416] ? __schedule+0x10cc/0x2b60 [ 10.931438] ? __pfx_read_tsc+0x10/0x10 [ 10.931458] ? ktime_get_ts64+0x86/0x230 [ 10.931483] kunit_try_run_case+0x1a5/0x480 [ 10.931531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.931552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.931574] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.931595] ? __kthread_parkme+0x82/0x180 [ 10.931614] ? preempt_count_sub+0x50/0x80 [ 10.931638] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.931660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.931683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.931705] kthread+0x337/0x6f0 [ 10.931723] ? trace_preempt_on+0x20/0xc0 [ 10.931747] ? __pfx_kthread+0x10/0x10 [ 10.931766] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.931785] ? calculate_sigpending+0x7b/0xa0 [ 10.931809] ? __pfx_kthread+0x10/0x10 [ 10.931829] ret_from_fork+0x116/0x1d0 [ 10.931846] ? __pfx_kthread+0x10/0x10 [ 10.931866] ret_from_fork_asm+0x1a/0x30 [ 10.931896] </TASK> [ 10.931907] [ 10.941226] The buggy address belongs to the physical page: [ 10.941753] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ad0 [ 10.942190] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.942686] flags: 0x200000000000040(head|node=0|zone=2) [ 10.942901] page_type: f8(unknown) [ 10.943079] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.943702] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.944078] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.944394] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.944916] head: 0200000000000002 ffffea00040ab401 00000000ffffffff 00000000ffffffff [ 10.945339] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.945881] page dumped because: kasan: bad access detected [ 10.946228] [ 10.946302] Memory state around the buggy address: [ 10.946611] ffff888102acff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.947089] ffff888102acff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.947352] >ffff888102ad0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.947790] ^ [ 10.948062] ffff888102ad0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.948334] ffff888102ad0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.948648] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 10.904801] ================================================================== [ 10.905233] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 10.905743] Read of size 1 at addr ffff888102a88000 by task kunit_try_catch/173 [ 10.906465] [ 10.906672] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.906722] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.906733] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.906754] Call Trace: [ 10.906768] <TASK> [ 10.906786] dump_stack_lvl+0x73/0xb0 [ 10.906817] print_report+0xd1/0x650 [ 10.906840] ? __virt_addr_valid+0x1db/0x2d0 [ 10.906863] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.906882] ? kasan_addr_to_slab+0x11/0xa0 [ 10.906902] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.906922] kasan_report+0x141/0x180 [ 10.906987] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.907012] __asan_report_load1_noabort+0x18/0x20 [ 10.907035] kmalloc_large_uaf+0x2f1/0x340 [ 10.907054] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 10.907075] ? __schedule+0x10cc/0x2b60 [ 10.907095] ? __pfx_read_tsc+0x10/0x10 [ 10.907117] ? ktime_get_ts64+0x86/0x230 [ 10.907142] kunit_try_run_case+0x1a5/0x480 [ 10.907166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.907186] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.907208] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.907229] ? __kthread_parkme+0x82/0x180 [ 10.907249] ? preempt_count_sub+0x50/0x80 [ 10.907272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.907294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.907316] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.907337] kthread+0x337/0x6f0 [ 10.907356] ? trace_preempt_on+0x20/0xc0 [ 10.907402] ? __pfx_kthread+0x10/0x10 [ 10.907422] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.907442] ? calculate_sigpending+0x7b/0xa0 [ 10.907465] ? __pfx_kthread+0x10/0x10 [ 10.907485] ret_from_fork+0x116/0x1d0 [ 10.907503] ? __pfx_kthread+0x10/0x10 [ 10.907522] ret_from_fork_asm+0x1a/0x30 [ 10.907552] </TASK> [ 10.907564] [ 10.919209] The buggy address belongs to the physical page: [ 10.919610] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88 [ 10.919856] flags: 0x200000000000000(node=0|zone=2) [ 10.920271] raw: 0200000000000000 ffffea00040aa308 ffff888154839f80 0000000000000000 [ 10.920922] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 10.921576] page dumped because: kasan: bad access detected [ 10.922050] [ 10.922199] Memory state around the buggy address: [ 10.922620] ffff888102a87f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.922902] ffff888102a87f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.923121] >ffff888102a88000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.923325] ^ [ 10.923579] ffff888102a88080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.924176] ffff888102a88100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.924782] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 10.883142] ================================================================== [ 10.884193] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 10.884892] Write of size 1 at addr ffff888102a8a00a by task kunit_try_catch/171 [ 10.885126] [ 10.885216] CPU: 0 UID: 0 PID: 171 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.885266] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.885277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.885298] Call Trace: [ 10.885312] <TASK> [ 10.885331] dump_stack_lvl+0x73/0xb0 [ 10.885360] print_report+0xd1/0x650 [ 10.885382] ? __virt_addr_valid+0x1db/0x2d0 [ 10.885407] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.885427] ? kasan_addr_to_slab+0x11/0xa0 [ 10.885447] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.885468] kasan_report+0x141/0x180 [ 10.885488] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.885514] __asan_report_store1_noabort+0x1b/0x30 [ 10.885537] kmalloc_large_oob_right+0x2e9/0x330 [ 10.885571] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 10.885592] ? __schedule+0x10cc/0x2b60 [ 10.885613] ? __pfx_read_tsc+0x10/0x10 [ 10.885646] ? ktime_get_ts64+0x86/0x230 [ 10.885672] kunit_try_run_case+0x1a5/0x480 [ 10.885700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.885721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.885742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.885773] ? __kthread_parkme+0x82/0x180 [ 10.885794] ? preempt_count_sub+0x50/0x80 [ 10.885817] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.885851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.885873] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.885894] kthread+0x337/0x6f0 [ 10.885923] ? trace_preempt_on+0x20/0xc0 [ 10.885955] ? __pfx_kthread+0x10/0x10 [ 10.885975] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.885994] ? calculate_sigpending+0x7b/0xa0 [ 10.886017] ? __pfx_kthread+0x10/0x10 [ 10.886038] ret_from_fork+0x116/0x1d0 [ 10.886056] ? __pfx_kthread+0x10/0x10 [ 10.886075] ret_from_fork_asm+0x1a/0x30 [ 10.886115] </TASK> [ 10.886127] [ 10.893603] The buggy address belongs to the physical page: [ 10.893870] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88 [ 10.894236] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.894675] flags: 0x200000000000040(head|node=0|zone=2) [ 10.894869] page_type: f8(unknown) [ 10.895057] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.895386] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.895734] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.896062] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 10.896374] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff [ 10.896726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.897039] page dumped because: kasan: bad access detected [ 10.897277] [ 10.897340] Memory state around the buggy address: [ 10.897634] ffff888102a89f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.898236] ffff888102a89f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.898488] >ffff888102a8a000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.899045] ^ [ 10.899163] ffff888102a8a080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.899368] ffff888102a8a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.900101] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 10.847756] ================================================================== [ 10.848184] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 10.848430] Write of size 1 at addr ffff888103901f00 by task kunit_try_catch/169 [ 10.848645] [ 10.848733] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.848780] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.848791] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.848812] Call Trace: [ 10.848824] <TASK> [ 10.848844] dump_stack_lvl+0x73/0xb0 [ 10.848873] print_report+0xd1/0x650 [ 10.848894] ? __virt_addr_valid+0x1db/0x2d0 [ 10.848917] ? kmalloc_big_oob_right+0x316/0x370 [ 10.848978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.849000] ? kmalloc_big_oob_right+0x316/0x370 [ 10.849021] kasan_report+0x141/0x180 [ 10.849042] ? kmalloc_big_oob_right+0x316/0x370 [ 10.849067] __asan_report_store1_noabort+0x1b/0x30 [ 10.849090] kmalloc_big_oob_right+0x316/0x370 [ 10.849111] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 10.849133] ? __schedule+0x10cc/0x2b60 [ 10.849155] ? __pfx_read_tsc+0x10/0x10 [ 10.849178] ? ktime_get_ts64+0x86/0x230 [ 10.849203] kunit_try_run_case+0x1a5/0x480 [ 10.849227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.849248] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.849269] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.849291] ? __kthread_parkme+0x82/0x180 [ 10.849339] ? preempt_count_sub+0x50/0x80 [ 10.849363] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.849405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.849427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.849448] kthread+0x337/0x6f0 [ 10.849467] ? trace_preempt_on+0x20/0xc0 [ 10.849491] ? __pfx_kthread+0x10/0x10 [ 10.849510] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.849529] ? calculate_sigpending+0x7b/0xa0 [ 10.849553] ? __pfx_kthread+0x10/0x10 [ 10.849573] ret_from_fork+0x116/0x1d0 [ 10.849591] ? __pfx_kthread+0x10/0x10 [ 10.849611] ret_from_fork_asm+0x1a/0x30 [ 10.849643] </TASK> [ 10.849654] [ 10.862634] Allocated by task 169: [ 10.862945] kasan_save_stack+0x45/0x70 [ 10.863279] kasan_save_track+0x18/0x40 [ 10.863657] kasan_save_alloc_info+0x3b/0x50 [ 10.864025] __kasan_kmalloc+0xb7/0xc0 [ 10.864356] __kmalloc_cache_noprof+0x189/0x420 [ 10.864804] kmalloc_big_oob_right+0xa9/0x370 [ 10.865202] kunit_try_run_case+0x1a5/0x480 [ 10.865706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.866054] kthread+0x337/0x6f0 [ 10.866174] ret_from_fork+0x116/0x1d0 [ 10.866301] ret_from_fork_asm+0x1a/0x30 [ 10.866576] [ 10.866728] The buggy address belongs to the object at ffff888103900000 [ 10.866728] which belongs to the cache kmalloc-8k of size 8192 [ 10.867831] The buggy address is located 0 bytes to the right of [ 10.867831] allocated 7936-byte region [ffff888103900000, ffff888103901f00) [ 10.868782] [ 10.868856] The buggy address belongs to the physical page: [ 10.869038] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103900 [ 10.869277] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.869974] flags: 0x200000000000040(head|node=0|zone=2) [ 10.870445] page_type: f5(slab) [ 10.870719] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.871428] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.872150] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.872876] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.873549] head: 0200000000000003 ffffea00040e4001 00000000ffffffff 00000000ffffffff [ 10.873903] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.874130] page dumped because: kasan: bad access detected [ 10.874291] [ 10.874352] Memory state around the buggy address: [ 10.875063] ffff888103901e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.875795] ffff888103901e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.876396] >ffff888103901f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.877210] ^ [ 10.877544] ffff888103901f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.878387] ffff888103902000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.879114] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 10.786698] ================================================================== [ 10.787213] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.788184] Write of size 1 at addr ffff8881028e2178 by task kunit_try_catch/167 [ 10.788884] [ 10.788989] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.789037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.789048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.789070] Call Trace: [ 10.789083] <TASK> [ 10.789104] dump_stack_lvl+0x73/0xb0 [ 10.789136] print_report+0xd1/0x650 [ 10.789158] ? __virt_addr_valid+0x1db/0x2d0 [ 10.789182] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.789225] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789248] kasan_report+0x141/0x180 [ 10.789268] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789296] __asan_report_store1_noabort+0x1b/0x30 [ 10.789319] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.789342] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.789366] ? __schedule+0x10cc/0x2b60 [ 10.789387] ? __pfx_read_tsc+0x10/0x10 [ 10.789410] ? ktime_get_ts64+0x86/0x230 [ 10.789643] kunit_try_run_case+0x1a5/0x480 [ 10.789672] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.789697] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.789719] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.789739] ? __kthread_parkme+0x82/0x180 [ 10.789760] ? preempt_count_sub+0x50/0x80 [ 10.789782] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.789804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.789826] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.789847] kthread+0x337/0x6f0 [ 10.789865] ? trace_preempt_on+0x20/0xc0 [ 10.789889] ? __pfx_kthread+0x10/0x10 [ 10.789908] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.789927] ? calculate_sigpending+0x7b/0xa0 [ 10.789960] ? __pfx_kthread+0x10/0x10 [ 10.789980] ret_from_fork+0x116/0x1d0 [ 10.789997] ? __pfx_kthread+0x10/0x10 [ 10.790017] ret_from_fork_asm+0x1a/0x30 [ 10.790047] </TASK> [ 10.790059] [ 10.800561] Allocated by task 167: [ 10.800849] kasan_save_stack+0x45/0x70 [ 10.801060] kasan_save_track+0x18/0x40 [ 10.801230] kasan_save_alloc_info+0x3b/0x50 [ 10.801639] __kasan_kmalloc+0xb7/0xc0 [ 10.802015] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.802261] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.802702] kunit_try_run_case+0x1a5/0x480 [ 10.803106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.803489] kthread+0x337/0x6f0 [ 10.803649] ret_from_fork+0x116/0x1d0 [ 10.803812] ret_from_fork_asm+0x1a/0x30 [ 10.803986] [ 10.804068] The buggy address belongs to the object at ffff8881028e2100 [ 10.804068] which belongs to the cache kmalloc-128 of size 128 [ 10.804912] The buggy address is located 0 bytes to the right of [ 10.804912] allocated 120-byte region [ffff8881028e2100, ffff8881028e2178) [ 10.805757] [ 10.806041] The buggy address belongs to the physical page: [ 10.806346] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 10.806951] flags: 0x200000000000000(node=0|zone=2) [ 10.807184] page_type: f5(slab) [ 10.807338] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.808039] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.808350] page dumped because: kasan: bad access detected [ 10.809300] [ 10.809409] Memory state around the buggy address: [ 10.809927] ffff8881028e2000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.810219] ffff8881028e2080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.810998] >ffff8881028e2100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.811603] ^ [ 10.811921] ffff8881028e2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.812218] ffff8881028e2200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.813012] ================================================================== [ 10.814709] ================================================================== [ 10.815245] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.815517] Write of size 1 at addr ffff8881028e2278 by task kunit_try_catch/167 [ 10.815735] [ 10.815816] CPU: 1 UID: 0 PID: 167 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.815861] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.815879] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.815899] Call Trace: [ 10.815913] <TASK> [ 10.815940] dump_stack_lvl+0x73/0xb0 [ 10.815967] print_report+0xd1/0x650 [ 10.815988] ? __virt_addr_valid+0x1db/0x2d0 [ 10.816009] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.816052] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816075] kasan_report+0x141/0x180 [ 10.816096] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816123] __asan_report_store1_noabort+0x1b/0x30 [ 10.816145] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.816168] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.816191] ? __schedule+0x10cc/0x2b60 [ 10.816212] ? __pfx_read_tsc+0x10/0x10 [ 10.816232] ? ktime_get_ts64+0x86/0x230 [ 10.816257] kunit_try_run_case+0x1a5/0x480 [ 10.816280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.816300] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.816320] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.816341] ? __kthread_parkme+0x82/0x180 [ 10.816360] ? preempt_count_sub+0x50/0x80 [ 10.816382] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.816404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.816425] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.816445] kthread+0x337/0x6f0 [ 10.816464] ? trace_preempt_on+0x20/0xc0 [ 10.816487] ? __pfx_kthread+0x10/0x10 [ 10.816507] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.816526] ? calculate_sigpending+0x7b/0xa0 [ 10.816549] ? __pfx_kthread+0x10/0x10 [ 10.816569] ret_from_fork+0x116/0x1d0 [ 10.816586] ? __pfx_kthread+0x10/0x10 [ 10.816605] ret_from_fork_asm+0x1a/0x30 [ 10.816634] </TASK> [ 10.816644] [ 10.831820] Allocated by task 167: [ 10.832019] kasan_save_stack+0x45/0x70 [ 10.832222] kasan_save_track+0x18/0x40 [ 10.832387] kasan_save_alloc_info+0x3b/0x50 [ 10.832923] __kasan_kmalloc+0xb7/0xc0 [ 10.833132] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.833353] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.833787] kunit_try_run_case+0x1a5/0x480 [ 10.834179] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.834553] kthread+0x337/0x6f0 [ 10.834847] ret_from_fork+0x116/0x1d0 [ 10.835060] ret_from_fork_asm+0x1a/0x30 [ 10.835229] [ 10.835311] The buggy address belongs to the object at ffff8881028e2200 [ 10.835311] which belongs to the cache kmalloc-128 of size 128 [ 10.836420] The buggy address is located 0 bytes to the right of [ 10.836420] allocated 120-byte region [ffff8881028e2200, ffff8881028e2278) [ 10.837678] [ 10.837924] The buggy address belongs to the physical page: [ 10.838430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1028e2 [ 10.838834] flags: 0x200000000000000(node=0|zone=2) [ 10.839056] page_type: f5(slab) [ 10.839211] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.839746] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.840348] page dumped because: kasan: bad access detected [ 10.840884] [ 10.841005] Memory state around the buggy address: [ 10.841369] ffff8881028e2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.841808] ffff8881028e2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.842104] >ffff8881028e2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.842380] ^ [ 10.843030] ffff8881028e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.843520] ffff8881028e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.843797] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.759448] ================================================================== [ 10.760322] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.760771] Read of size 1 at addr ffff888102bc5000 by task kunit_try_catch/165 [ 10.761190] [ 10.761341] CPU: 0 UID: 0 PID: 165 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.761389] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.761400] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.761421] Call Trace: [ 10.761434] <TASK> [ 10.761449] dump_stack_lvl+0x73/0xb0 [ 10.761477] print_report+0xd1/0x650 [ 10.761499] ? __virt_addr_valid+0x1db/0x2d0 [ 10.761520] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.761542] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.761564] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.761586] kasan_report+0x141/0x180 [ 10.761607] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.761634] __asan_report_load1_noabort+0x18/0x20 [ 10.761656] kmalloc_node_oob_right+0x369/0x3c0 [ 10.761679] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.761707] ? __schedule+0x10cc/0x2b60 [ 10.761728] ? __pfx_read_tsc+0x10/0x10 [ 10.761748] ? ktime_get_ts64+0x86/0x230 [ 10.761772] kunit_try_run_case+0x1a5/0x480 [ 10.761795] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.761816] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.761837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.761858] ? __kthread_parkme+0x82/0x180 [ 10.761878] ? preempt_count_sub+0x50/0x80 [ 10.761900] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.761923] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.761957] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.761979] kthread+0x337/0x6f0 [ 10.761997] ? trace_preempt_on+0x20/0xc0 [ 10.762020] ? __pfx_kthread+0x10/0x10 [ 10.762040] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.762059] ? calculate_sigpending+0x7b/0xa0 [ 10.762083] ? __pfx_kthread+0x10/0x10 [ 10.762103] ret_from_fork+0x116/0x1d0 [ 10.762120] ? __pfx_kthread+0x10/0x10 [ 10.762140] ret_from_fork_asm+0x1a/0x30 [ 10.762170] </TASK> [ 10.762181] [ 10.771179] Allocated by task 165: [ 10.771567] kasan_save_stack+0x45/0x70 [ 10.771767] kasan_save_track+0x18/0x40 [ 10.772072] kasan_save_alloc_info+0x3b/0x50 [ 10.772353] __kasan_kmalloc+0xb7/0xc0 [ 10.772575] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.772797] kmalloc_node_oob_right+0xab/0x3c0 [ 10.773007] kunit_try_run_case+0x1a5/0x480 [ 10.773191] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.773638] kthread+0x337/0x6f0 [ 10.773871] ret_from_fork+0x116/0x1d0 [ 10.774027] ret_from_fork_asm+0x1a/0x30 [ 10.774226] [ 10.774293] The buggy address belongs to the object at ffff888102bc4000 [ 10.774293] which belongs to the cache kmalloc-4k of size 4096 [ 10.775033] The buggy address is located 0 bytes to the right of [ 10.775033] allocated 4096-byte region [ffff888102bc4000, ffff888102bc5000) [ 10.775635] [ 10.775717] The buggy address belongs to the physical page: [ 10.776093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102bc0 [ 10.776818] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.777138] flags: 0x200000000000040(head|node=0|zone=2) [ 10.777589] page_type: f5(slab) [ 10.777750] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.778187] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.778617] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.778991] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.779302] head: 0200000000000003 ffffea00040af001 00000000ffffffff 00000000ffffffff [ 10.779720] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.780072] page dumped because: kasan: bad access detected [ 10.780391] [ 10.780552] Memory state around the buggy address: [ 10.780899] ffff888102bc4f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.781298] ffff888102bc4f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.781563] >ffff888102bc5000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.781973] ^ [ 10.782123] ffff888102bc5080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.782513] ffff888102bc5100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.782911] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.739478] ================================================================== [ 10.740031] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.740344] Read of size 1 at addr ffff888102225d7f by task kunit_try_catch/163 [ 10.740601] [ 10.740703] CPU: 0 UID: 0 PID: 163 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.740748] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.740759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.740779] Call Trace: [ 10.740791] <TASK> [ 10.740806] dump_stack_lvl+0x73/0xb0 [ 10.740848] print_report+0xd1/0x650 [ 10.740869] ? __virt_addr_valid+0x1db/0x2d0 [ 10.740903] ? kmalloc_oob_left+0x361/0x3c0 [ 10.740923] ? kasan_complete_mode_report_info+0x64/0x200 [ 10.740957] ? kmalloc_oob_left+0x361/0x3c0 [ 10.740978] kasan_report+0x141/0x180 [ 10.740998] ? kmalloc_oob_left+0x361/0x3c0 [ 10.741023] __asan_report_load1_noabort+0x18/0x20 [ 10.741046] kmalloc_oob_left+0x361/0x3c0 [ 10.741067] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.741088] ? __schedule+0x10cc/0x2b60 [ 10.741109] ? __pfx_read_tsc+0x10/0x10 [ 10.741129] ? ktime_get_ts64+0x86/0x230 [ 10.741153] kunit_try_run_case+0x1a5/0x480 [ 10.741176] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.741197] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.741218] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.741240] ? __kthread_parkme+0x82/0x180 [ 10.741259] ? preempt_count_sub+0x50/0x80 [ 10.741281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.741303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.741325] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.741347] kthread+0x337/0x6f0 [ 10.741365] ? trace_preempt_on+0x20/0xc0 [ 10.741387] ? __pfx_kthread+0x10/0x10 [ 10.741407] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.741426] ? calculate_sigpending+0x7b/0xa0 [ 10.741449] ? __pfx_kthread+0x10/0x10 [ 10.741470] ret_from_fork+0x116/0x1d0 [ 10.741487] ? __pfx_kthread+0x10/0x10 [ 10.741517] ret_from_fork_asm+0x1a/0x30 [ 10.741547] </TASK> [ 10.741556] [ 10.747971] Allocated by task 26: [ 10.748127] kasan_save_stack+0x45/0x70 [ 10.748284] kasan_save_track+0x18/0x40 [ 10.748451] kasan_save_alloc_info+0x3b/0x50 [ 10.748647] __kasan_kmalloc+0xb7/0xc0 [ 10.748872] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.749101] kstrdup+0x3e/0xa0 [ 10.749229] devtmpfs_work_loop+0x96d/0xf30 [ 10.749371] devtmpfsd+0x3b/0x40 [ 10.749485] kthread+0x337/0x6f0 [ 10.749599] ret_from_fork+0x116/0x1d0 [ 10.749735] ret_from_fork_asm+0x1a/0x30 [ 10.749924] [ 10.750037] Freed by task 26: [ 10.750212] kasan_save_stack+0x45/0x70 [ 10.750401] kasan_save_track+0x18/0x40 [ 10.750569] kasan_save_free_info+0x3f/0x60 [ 10.750708] __kasan_slab_free+0x56/0x70 [ 10.750839] kfree+0x222/0x3f0 [ 10.750963] devtmpfs_work_loop+0xacb/0xf30 [ 10.751102] devtmpfsd+0x3b/0x40 [ 10.751400] kthread+0x337/0x6f0 [ 10.751563] ret_from_fork+0x116/0x1d0 [ 10.751747] ret_from_fork_asm+0x1a/0x30 [ 10.751966] [ 10.752084] The buggy address belongs to the object at ffff888102225d60 [ 10.752084] which belongs to the cache kmalloc-16 of size 16 [ 10.752787] The buggy address is located 15 bytes to the right of [ 10.752787] allocated 16-byte region [ffff888102225d60, ffff888102225d70) [ 10.753194] [ 10.753259] The buggy address belongs to the physical page: [ 10.753447] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102225 [ 10.753802] flags: 0x200000000000000(node=0|zone=2) [ 10.754037] page_type: f5(slab) [ 10.754196] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.754504] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.754803] page dumped because: kasan: bad access detected [ 10.754981] [ 10.755044] Memory state around the buggy address: [ 10.755191] ffff888102225c00: 00 05 fc fc 00 02 fc fc 00 02 fc fc 00 02 fc fc [ 10.755398] ffff888102225c80: 00 02 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 10.755807] >ffff888102225d00: 00 05 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 10.756135] ^ [ 10.756423] ffff888102225d80: 00 07 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.756629] ffff888102225e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.756833] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.718759] ================================================================== [ 10.719063] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.719325] Read of size 1 at addr ffff888102a15a80 by task kunit_try_catch/161 [ 10.719642] [ 10.719996] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.720049] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.720060] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.720083] Call Trace: [ 10.720096] <TASK> [ 10.720112] dump_stack_lvl+0x73/0xb0 [ 10.720141] print_report+0xd1/0x650 [ 10.720163] ? __virt_addr_valid+0x1db/0x2d0 [ 10.720185] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.720204] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.720225] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.720246] kasan_report+0x141/0x180 [ 10.720266] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.720291] __asan_report_load1_noabort+0x18/0x20 [ 10.720314] kmalloc_oob_right+0x68a/0x7f0 [ 10.720336] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.720357] ? __schedule+0x10cc/0x2b60 [ 10.720379] ? __pfx_read_tsc+0x10/0x10 [ 10.720596] ? ktime_get_ts64+0x86/0x230 [ 10.720634] kunit_try_run_case+0x1a5/0x480 [ 10.720659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.720680] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.720702] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.720724] ? __kthread_parkme+0x82/0x180 [ 10.720744] ? preempt_count_sub+0x50/0x80 [ 10.720767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.720790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.720812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.720834] kthread+0x337/0x6f0 [ 10.720852] ? trace_preempt_on+0x20/0xc0 [ 10.720876] ? __pfx_kthread+0x10/0x10 [ 10.720895] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.720914] ? calculate_sigpending+0x7b/0xa0 [ 10.720953] ? __pfx_kthread+0x10/0x10 [ 10.720973] ret_from_fork+0x116/0x1d0 [ 10.720991] ? __pfx_kthread+0x10/0x10 [ 10.721010] ret_from_fork_asm+0x1a/0x30 [ 10.721040] </TASK> [ 10.721051] [ 10.727681] Allocated by task 161: [ 10.727840] kasan_save_stack+0x45/0x70 [ 10.728050] kasan_save_track+0x18/0x40 [ 10.728210] kasan_save_alloc_info+0x3b/0x50 [ 10.728577] __kasan_kmalloc+0xb7/0xc0 [ 10.728725] __kmalloc_cache_noprof+0x189/0x420 [ 10.728957] kmalloc_oob_right+0xa9/0x7f0 [ 10.729149] kunit_try_run_case+0x1a5/0x480 [ 10.729316] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.729690] kthread+0x337/0x6f0 [ 10.729851] ret_from_fork+0x116/0x1d0 [ 10.730038] ret_from_fork_asm+0x1a/0x30 [ 10.730171] [ 10.730235] The buggy address belongs to the object at ffff888102a15a00 [ 10.730235] which belongs to the cache kmalloc-128 of size 128 [ 10.731013] The buggy address is located 13 bytes to the right of [ 10.731013] allocated 115-byte region [ffff888102a15a00, ffff888102a15a73) [ 10.731445] [ 10.731533] The buggy address belongs to the physical page: [ 10.731883] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a15 [ 10.732167] flags: 0x200000000000000(node=0|zone=2) [ 10.732391] page_type: f5(slab) [ 10.732566] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.732845] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.733145] page dumped because: kasan: bad access detected [ 10.733349] [ 10.733482] Memory state around the buggy address: [ 10.733686] ffff888102a15980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.733968] ffff888102a15a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.734240] >ffff888102a15a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.734719] ^ [ 10.734861] ffff888102a15b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.735145] ffff888102a15b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.735423] ================================================================== [ 10.670255] ================================================================== [ 10.670886] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.671763] Write of size 1 at addr ffff888102a15a73 by task kunit_try_catch/161 [ 10.672151] [ 10.673106] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.673462] Tainted: [N]=TEST [ 10.673494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.673708] Call Trace: [ 10.673775] <TASK> [ 10.673919] dump_stack_lvl+0x73/0xb0 [ 10.674042] print_report+0xd1/0x650 [ 10.674071] ? __virt_addr_valid+0x1db/0x2d0 [ 10.674097] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.674117] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.674138] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.674159] kasan_report+0x141/0x180 [ 10.674180] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.674205] __asan_report_store1_noabort+0x1b/0x30 [ 10.674228] kmalloc_oob_right+0x6f0/0x7f0 [ 10.674249] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.674271] ? __schedule+0x10cc/0x2b60 [ 10.674292] ? __pfx_read_tsc+0x10/0x10 [ 10.674314] ? ktime_get_ts64+0x86/0x230 [ 10.674339] kunit_try_run_case+0x1a5/0x480 [ 10.674365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.674386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.674407] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.674429] ? __kthread_parkme+0x82/0x180 [ 10.674450] ? preempt_count_sub+0x50/0x80 [ 10.674474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.674496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.674518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.674540] kthread+0x337/0x6f0 [ 10.674559] ? trace_preempt_on+0x20/0xc0 [ 10.674583] ? __pfx_kthread+0x10/0x10 [ 10.674602] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.674622] ? calculate_sigpending+0x7b/0xa0 [ 10.674646] ? __pfx_kthread+0x10/0x10 [ 10.674666] ret_from_fork+0x116/0x1d0 [ 10.674683] ? __pfx_kthread+0x10/0x10 [ 10.674703] ret_from_fork_asm+0x1a/0x30 [ 10.674756] </TASK> [ 10.674823] [ 10.682024] Allocated by task 161: [ 10.682815] kasan_save_stack+0x45/0x70 [ 10.683082] kasan_save_track+0x18/0x40 [ 10.683276] kasan_save_alloc_info+0x3b/0x50 [ 10.683814] __kasan_kmalloc+0xb7/0xc0 [ 10.684085] __kmalloc_cache_noprof+0x189/0x420 [ 10.684319] kmalloc_oob_right+0xa9/0x7f0 [ 10.684753] kunit_try_run_case+0x1a5/0x480 [ 10.685155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.685542] kthread+0x337/0x6f0 [ 10.685753] ret_from_fork+0x116/0x1d0 [ 10.685919] ret_from_fork_asm+0x1a/0x30 [ 10.686116] [ 10.686264] The buggy address belongs to the object at ffff888102a15a00 [ 10.686264] which belongs to the cache kmalloc-128 of size 128 [ 10.686926] The buggy address is located 0 bytes to the right of [ 10.686926] allocated 115-byte region [ffff888102a15a00, ffff888102a15a73) [ 10.687464] [ 10.687894] The buggy address belongs to the physical page: [ 10.688813] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a15 [ 10.689368] flags: 0x200000000000000(node=0|zone=2) [ 10.690051] page_type: f5(slab) [ 10.690612] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.690925] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.691352] page dumped because: kasan: bad access detected [ 10.691651] [ 10.691825] Memory state around the buggy address: [ 10.692344] ffff888102a15900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.692738] ffff888102a15980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.693188] >ffff888102a15a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.693548] ^ [ 10.693965] ffff888102a15a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.694235] ffff888102a15b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.694645] ================================================================== [ 10.695946] ================================================================== [ 10.696367] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.696719] Write of size 1 at addr ffff888102a15a78 by task kunit_try_catch/161 [ 10.697235] [ 10.697343] CPU: 0 UID: 0 PID: 161 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 10.697393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.697404] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.697426] Call Trace: [ 10.697445] <TASK> [ 10.697465] dump_stack_lvl+0x73/0xb0 [ 10.697493] print_report+0xd1/0x650 [ 10.697517] ? __virt_addr_valid+0x1db/0x2d0 [ 10.697540] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.697559] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.697580] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.697600] kasan_report+0x141/0x180 [ 10.697621] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.697646] __asan_report_store1_noabort+0x1b/0x30 [ 10.697669] kmalloc_oob_right+0x6bd/0x7f0 [ 10.697696] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.697718] ? __schedule+0x10cc/0x2b60 [ 10.697739] ? __pfx_read_tsc+0x10/0x10 [ 10.697759] ? ktime_get_ts64+0x86/0x230 [ 10.697811] kunit_try_run_case+0x1a5/0x480 [ 10.697834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.697855] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.697890] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.697911] ? __kthread_parkme+0x82/0x180 [ 10.697960] ? preempt_count_sub+0x50/0x80 [ 10.697984] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.698006] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.698038] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.698060] kthread+0x337/0x6f0 [ 10.698079] ? trace_preempt_on+0x20/0xc0 [ 10.698103] ? __pfx_kthread+0x10/0x10 [ 10.698122] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.698142] ? calculate_sigpending+0x7b/0xa0 [ 10.698165] ? __pfx_kthread+0x10/0x10 [ 10.698203] ret_from_fork+0x116/0x1d0 [ 10.698222] ? __pfx_kthread+0x10/0x10 [ 10.698241] ret_from_fork_asm+0x1a/0x30 [ 10.698292] </TASK> [ 10.698303] [ 10.705763] Allocated by task 161: [ 10.705887] kasan_save_stack+0x45/0x70 [ 10.706841] kasan_save_track+0x18/0x40 [ 10.707069] kasan_save_alloc_info+0x3b/0x50 [ 10.707284] __kasan_kmalloc+0xb7/0xc0 [ 10.707530] __kmalloc_cache_noprof+0x189/0x420 [ 10.707770] kmalloc_oob_right+0xa9/0x7f0 [ 10.708716] kunit_try_run_case+0x1a5/0x480 [ 10.708905] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.709167] kthread+0x337/0x6f0 [ 10.709376] ret_from_fork+0x116/0x1d0 [ 10.709548] ret_from_fork_asm+0x1a/0x30 [ 10.709786] [ 10.709904] The buggy address belongs to the object at ffff888102a15a00 [ 10.709904] which belongs to the cache kmalloc-128 of size 128 [ 10.710925] The buggy address is located 5 bytes to the right of [ 10.710925] allocated 115-byte region [ffff888102a15a00, ffff888102a15a73) [ 10.711867] [ 10.711964] The buggy address belongs to the physical page: [ 10.712461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a15 [ 10.713141] flags: 0x200000000000000(node=0|zone=2) [ 10.713364] page_type: f5(slab) [ 10.713831] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.714368] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.714909] page dumped because: kasan: bad access detected [ 10.715281] [ 10.715380] Memory state around the buggy address: [ 10.715886] ffff888102a15900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.716222] ffff888102a15980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.716580] >ffff888102a15a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.717032] ^ [ 10.717337] ffff888102a15a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.717636] ffff888102a15b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.718056] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 151.188169] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2794 [ 151.189189] Modules linked in: [ 151.190210] CPU: 1 UID: 0 PID: 2794 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 151.191515] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 151.191695] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 151.191957] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 151.192131] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 15 21 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 151.192893] RSP: 0000:ffff88810a72fc78 EFLAGS: 00010286 [ 151.193505] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 151.193769] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb5e3711c [ 151.194089] RBP: ffff88810a72fca0 R08: 0000000000000000 R09: ffffed1020eeb180 [ 151.194373] R10: ffff888107758c07 R11: 0000000000000000 R12: ffffffffb5e37108 [ 151.194758] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a72fd38 [ 151.195048] FS: 0000000000000000(0000) GS:ffff88819cb67000(0000) knlGS:0000000000000000 [ 151.195559] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 151.195769] CR2: dffffc00000000c5 CR3: 0000000171ebc000 CR4: 00000000000006f0 [ 151.196103] DR0: ffffffffb7e5d440 DR1: ffffffffb7e5d441 DR2: ffffffffb7e5d443 [ 151.196378] DR3: ffffffffb7e5d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 151.196640] Call Trace: [ 151.196951] <TASK> [ 151.197131] drm_test_rect_calc_vscale+0x108/0x270 [ 151.197344] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 151.197711] ? __schedule+0x10cc/0x2b60 [ 151.198029] ? __pfx_read_tsc+0x10/0x10 [ 151.198243] ? ktime_get_ts64+0x86/0x230 [ 151.198631] kunit_try_run_case+0x1a5/0x480 [ 151.198793] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.199014] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 151.199239] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 151.199584] ? __kthread_parkme+0x82/0x180 [ 151.199801] ? preempt_count_sub+0x50/0x80 [ 151.199991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.200146] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 151.200439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 151.200665] kthread+0x337/0x6f0 [ 151.200914] ? trace_preempt_on+0x20/0xc0 [ 151.201128] ? __pfx_kthread+0x10/0x10 [ 151.201331] ? _raw_spin_unlock_irq+0x47/0x80 [ 151.201682] ? calculate_sigpending+0x7b/0xa0 [ 151.201918] ? __pfx_kthread+0x10/0x10 [ 151.202103] ret_from_fork+0x116/0x1d0 [ 151.202249] ? __pfx_kthread+0x10/0x10 [ 151.202464] ret_from_fork_asm+0x1a/0x30 [ 151.202605] </TASK> [ 151.202897] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 151.205293] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#0: kunit_try_catch/2796 [ 151.205846] Modules linked in: [ 151.206034] CPU: 0 UID: 0 PID: 2796 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 151.206505] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 151.206875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 151.207199] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 151.207438] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 40 15 21 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 151.208198] RSP: 0000:ffff8881076ffc78 EFLAGS: 00010286 [ 151.208396] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 151.208597] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffffb5e37154 [ 151.209038] RBP: ffff8881076ffca0 R08: 0000000000000000 R09: ffffed1020eeb1c0 [ 151.209517] R10: ffff888107758e07 R11: 0000000000000000 R12: ffffffffb5e37140 [ 151.209773] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881076ffd38 [ 151.210001] FS: 0000000000000000(0000) GS:ffff88819ca67000(0000) knlGS:0000000000000000 [ 151.210230] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 151.210399] CR2: dffffc00000000c5 CR3: 0000000171ebc000 CR4: 00000000000006f0 [ 151.210600] DR0: ffffffffb7e5d440 DR1: ffffffffb7e5d441 DR2: ffffffffb7e5d442 [ 151.211063] DR3: ffffffffb7e5d443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 151.211491] Call Trace: [ 151.211624] <TASK> [ 151.211719] drm_test_rect_calc_vscale+0x108/0x270 [ 151.211912] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 151.212083] ? __schedule+0x10cc/0x2b60 [ 151.212225] ? __pfx_read_tsc+0x10/0x10 [ 151.212358] ? ktime_get_ts64+0x86/0x230 [ 151.212496] kunit_try_run_case+0x1a5/0x480 [ 151.212640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.212922] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 151.213160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 151.213433] ? __kthread_parkme+0x82/0x180 [ 151.213654] ? preempt_count_sub+0x50/0x80 [ 151.213862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.214016] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 151.214181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 151.214362] kthread+0x337/0x6f0 [ 151.214476] ? trace_preempt_on+0x20/0xc0 [ 151.214624] ? __pfx_kthread+0x10/0x10 [ 151.214766] ? _raw_spin_unlock_irq+0x47/0x80 [ 151.214919] ? calculate_sigpending+0x7b/0xa0 [ 151.215067] ? __pfx_kthread+0x10/0x10 [ 151.215437] ret_from_fork+0x116/0x1d0 [ 151.215647] ? __pfx_kthread+0x10/0x10 [ 151.215853] ret_from_fork_asm+0x1a/0x30 [ 151.216005] </TASK> [ 151.216091] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 151.132128] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2782 [ 151.132480] Modules linked in: [ 151.132634] CPU: 1 UID: 0 PID: 2782 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 151.133069] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 151.133326] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 151.133727] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 151.134528] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 151.135246] RSP: 0000:ffff88810a47fc78 EFLAGS: 00010286 [ 151.135798] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 151.136035] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb5e37120 [ 151.136353] RBP: ffff88810a47fca0 R08: 0000000000000000 R09: ffffed1020eeb0a0 [ 151.136812] R10: ffff888107758507 R11: 0000000000000000 R12: ffffffffb5e37108 [ 151.137081] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a47fd38 [ 151.137368] FS: 0000000000000000(0000) GS:ffff88819cb67000(0000) knlGS:0000000000000000 [ 151.137746] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 151.137985] CR2: dffffc00000000c5 CR3: 0000000171ebc000 CR4: 00000000000006f0 [ 151.138219] DR0: ffffffffb7e5d440 DR1: ffffffffb7e5d441 DR2: ffffffffb7e5d443 [ 151.138685] DR3: ffffffffb7e5d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 151.139003] Call Trace: [ 151.139110] <TASK> [ 151.139243] drm_test_rect_calc_hscale+0x108/0x270 [ 151.139525] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 151.139788] ? __schedule+0x10cc/0x2b60 [ 151.140018] ? __pfx_read_tsc+0x10/0x10 [ 151.140216] ? ktime_get_ts64+0x86/0x230 [ 151.140595] kunit_try_run_case+0x1a5/0x480 [ 151.140786] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.140997] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 151.141151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 151.141620] ? __kthread_parkme+0x82/0x180 [ 151.141857] ? preempt_count_sub+0x50/0x80 [ 151.142059] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.142246] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 151.142610] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 151.142892] kthread+0x337/0x6f0 [ 151.143040] ? trace_preempt_on+0x20/0xc0 [ 151.143233] ? __pfx_kthread+0x10/0x10 [ 151.143529] ? _raw_spin_unlock_irq+0x47/0x80 [ 151.143714] ? calculate_sigpending+0x7b/0xa0 [ 151.143942] ? __pfx_kthread+0x10/0x10 [ 151.144125] ret_from_fork+0x116/0x1d0 [ 151.144290] ? __pfx_kthread+0x10/0x10 [ 151.144605] ret_from_fork_asm+0x1a/0x30 [ 151.144821] </TASK> [ 151.144952] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 151.149176] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2784 [ 151.150458] Modules linked in: [ 151.150624] CPU: 1 UID: 0 PID: 2784 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 151.151291] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 151.152039] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 151.152966] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 151.153460] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 151.154974] RSP: 0000:ffff88810a297c78 EFLAGS: 00010286 [ 151.155296] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 151.155896] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffffb5e37158 [ 151.156404] RBP: ffff88810a297ca0 R08: 0000000000000000 R09: ffffed1020eeb0e0 [ 151.157012] R10: ffff888107758707 R11: 0000000000000000 R12: ffffffffb5e37140 [ 151.157238] R13: 0000000000000000 R14: 000000007fffffff R15: ffff88810a297d38 [ 151.157993] FS: 0000000000000000(0000) GS:ffff88819cb67000(0000) knlGS:0000000000000000 [ 151.158934] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 151.159378] CR2: dffffc00000000c5 CR3: 0000000171ebc000 CR4: 00000000000006f0 [ 151.159937] DR0: ffffffffb7e5d440 DR1: ffffffffb7e5d441 DR2: ffffffffb7e5d443 [ 151.160150] DR3: ffffffffb7e5d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 151.160902] Call Trace: [ 151.161190] <TASK> [ 151.161456] drm_test_rect_calc_hscale+0x108/0x270 [ 151.162221] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 151.162697] ? __schedule+0x10cc/0x2b60 [ 151.163014] ? __pfx_read_tsc+0x10/0x10 [ 151.163160] ? ktime_get_ts64+0x86/0x230 [ 151.163320] kunit_try_run_case+0x1a5/0x480 [ 151.163908] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.164386] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 151.165040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 151.165224] ? __kthread_parkme+0x82/0x180 [ 151.165509] ? preempt_count_sub+0x50/0x80 [ 151.166185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 151.166957] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 151.167189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 151.167478] kthread+0x337/0x6f0 [ 151.167863] ? trace_preempt_on+0x20/0xc0 [ 151.168263] ? __pfx_kthread+0x10/0x10 [ 151.168745] ? _raw_spin_unlock_irq+0x47/0x80 [ 151.169184] ? calculate_sigpending+0x7b/0xa0 [ 151.169433] ? __pfx_kthread+0x10/0x10 [ 151.169961] ret_from_fork+0x116/0x1d0 [ 151.170223] ? __pfx_kthread+0x10/0x10 [ 151.170539] ret_from_fork_asm+0x1a/0x30 [ 151.171128] </TASK> [ 151.171355] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 250.730735] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 250.627464] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 250.522722] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Bufferoffsetforinexistentplane
<8>[ 238.818122] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Bufferoffsetforinexistentplane RESULT=fail>
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 108.839318] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/682 [ 108.839731] Modules linked in: [ 108.840112] CPU: 1 UID: 0 PID: 682 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 108.840969] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 108.841257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.841640] RIP: 0010:intlog10+0x2a/0x40 [ 108.842130] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f e9 87 0a 89 02 90 <0f> 0b 90 31 c0 e9 7c 0a 89 02 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 108.842941] RSP: 0000:ffff888108aa7cb0 EFLAGS: 00010246 [ 108.843208] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021154fb4 [ 108.843619] RDX: 1ffffffff6b92eb8 RSI: 1ffff11021154fb3 RDI: 0000000000000000 [ 108.843899] RBP: ffff888108aa7d60 R08: 0000000000000000 R09: ffffed1020559740 [ 108.844198] R10: ffff888102acba07 R11: 0000000000000000 R12: 1ffff11021154f97 [ 108.844450] R13: ffffffffb5c975c0 R14: 0000000000000000 R15: ffff888108aa7d38 [ 108.844892] FS: 0000000000000000(0000) GS:ffff88819cb67000(0000) knlGS:0000000000000000 [ 108.845635] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.845875] CR2: ffff888154050fe0 CR3: 0000000171ebc000 CR4: 00000000000006f0 [ 108.846200] DR0: ffffffffb7e5d440 DR1: ffffffffb7e5d441 DR2: ffffffffb7e5d443 [ 108.846512] DR3: ffffffffb7e5d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 108.846789] Call Trace: [ 108.846920] <TASK> [ 108.847044] ? intlog10_test+0xf2/0x220 [ 108.847266] ? __pfx_intlog10_test+0x10/0x10 [ 108.847518] ? __schedule+0x10cc/0x2b60 [ 108.847730] ? __pfx_read_tsc+0x10/0x10 [ 108.847920] ? ktime_get_ts64+0x86/0x230 [ 108.848096] kunit_try_run_case+0x1a5/0x480 [ 108.848316] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.848568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 108.848750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 108.849002] ? __kthread_parkme+0x82/0x180 [ 108.849206] ? preempt_count_sub+0x50/0x80 [ 108.849356] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.849555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 108.850032] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 108.850302] kthread+0x337/0x6f0 [ 108.850467] ? trace_preempt_on+0x20/0xc0 [ 108.850657] ? __pfx_kthread+0x10/0x10 [ 108.850961] ? _raw_spin_unlock_irq+0x47/0x80 [ 108.851179] ? calculate_sigpending+0x7b/0xa0 [ 108.851332] ? __pfx_kthread+0x10/0x10 [ 108.851490] ret_from_fork+0x116/0x1d0 [ 108.851684] ? __pfx_kthread+0x10/0x10 [ 108.852149] ret_from_fork_asm+0x1a/0x30 [ 108.852463] </TASK> [ 108.852588] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 108.795599] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/664 [ 108.796133] Modules linked in: [ 108.796334] CPU: 1 UID: 0 PID: 664 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc2-next-20250616 #1 PREEMPT(voluntary) [ 108.796704] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 108.797069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 108.797690] RIP: 0010:intlog2+0xdf/0x110 [ 108.797880] Code: c9 b5 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 89 45 e4 e8 ef 07 56 ff 8b 45 e4 eb [ 108.798634] RSP: 0000:ffff88810852fcb0 EFLAGS: 00010246 [ 108.799155] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff110210a5fb4 [ 108.800175] RDX: 1ffffffff6b92f0c RSI: 1ffff110210a5fb3 RDI: 0000000000000000 [ 108.800647] RBP: ffff88810852fd60 R08: 0000000000000000 R09: ffffed102055b1a0 [ 108.800931] R10: ffff888102ad8d07 R11: 0000000000000000 R12: 1ffff110210a5f97 [ 108.801202] R13: ffffffffb5c97860 R14: 0000000000000000 R15: ffff88810852fd38 [ 108.801491] FS: 0000000000000000(0000) GS:ffff88819cb67000(0000) knlGS:0000000000000000 [ 108.801918] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 108.802145] CR2: ffff888154050fe0 CR3: 0000000171ebc000 CR4: 00000000000006f0 [ 108.802442] DR0: ffffffffb7e5d440 DR1: ffffffffb7e5d441 DR2: ffffffffb7e5d443 [ 108.802738] DR3: ffffffffb7e5d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 108.802974] Call Trace: [ 108.803105] <TASK> [ 108.803222] ? intlog2_test+0xf2/0x220 [ 108.803410] ? __pfx_intlog2_test+0x10/0x10 [ 108.803730] ? __schedule+0x10cc/0x2b60 [ 108.804176] ? __pfx_read_tsc+0x10/0x10 [ 108.804496] ? ktime_get_ts64+0x86/0x230 [ 108.804715] kunit_try_run_case+0x1a5/0x480 [ 108.804931] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.805106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 108.805299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 108.805522] ? __kthread_parkme+0x82/0x180 [ 108.805716] ? preempt_count_sub+0x50/0x80 [ 108.805940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 108.806105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 108.806379] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 108.806734] kthread+0x337/0x6f0 [ 108.806917] ? trace_preempt_on+0x20/0xc0 [ 108.807060] ? __pfx_kthread+0x10/0x10 [ 108.807219] ? _raw_spin_unlock_irq+0x47/0x80 [ 108.807421] ? calculate_sigpending+0x7b/0xa0 [ 108.807854] ? __pfx_kthread+0x10/0x10 [ 108.808075] ret_from_fork+0x116/0x1d0 [ 108.808229] ? __pfx_kthread+0x10/0x10 [ 108.808513] ret_from_fork_asm+0x1a/0x30 [ 108.808745] </TASK> [ 108.808909] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_drm_connector_helper_tv_get_modes
<8>[ 254.669037] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_drm_connector_helper_tv_get_modes RESULT=fail>
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_drm_test_connector_helper_tv_get_modes_check
<8>[ 254.567125] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_drm_test_connector_helper_tv_get_modes_check RESULT=fail>
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_BothPALDefaultwithNTSConcommand-line
<8>[ 254.462639] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_BothPALDefaultwithNTSConcommand-line RESULT=fail>
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_BothNTSCDefaultwithPALoncommand-line
<8>[ 254.359055] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_BothNTSCDefaultwithPALoncommand-line RESULT=fail>