Date
June 17, 2025, 6:35 a.m.
Failure - kunit - _Component
<8>[ 323.496478] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_Component RESULT=fail> _Component fail
Failure - kunit - _LVDS
<8>[ 323.093922] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_LVDS RESULT=fail> _LVDS fail
Failure - kunit - _SVIDEO
<8>[ 322.707053] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=_SVIDEO RESULT=fail> _SVIDEO fail
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value
<8>[ 395.105672] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value
<8>[ 394.940559] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 394.769486] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 394.608588] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value
<8>[ 394.437849] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check
<8>[ 394.263050] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_atomic_helper_connector_hdmi_check RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_hdmi_funcs_reject_rate
<8>[ 391.283948] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_hdmi_funcs_reject_rate RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_disable_connector
<8>[ 391.099909] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_disable_connector RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_12bpc
<8>[ 394.102561] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_12bpc RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_NV12Normalsizes
<8>[ 380.453972] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_NV12Normalsizes RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_10bpc
<8>[ 393.930715] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_10bpc RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_8bpc
<8>[ 393.759663] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_tmds_char_rate_rgb_8bpc RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_rgb_only
<8>[ 393.593855] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_rgb_only RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_8bpc_only
<8>[ 393.390611] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_driver_8bpc_only RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_rgb_only
<8>[ 393.214977] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_rgb_only RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_drm_test_framebuffer_create
<8>[ 385.841609] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_drm_test_framebuffer_create RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_8bpc_only
<8>[ 393.045544] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_display_8bpc_only RESULT=fail>
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 208.802959] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 208.742217] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 208.694844] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 208.848602] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_vic_1
<8>[ 392.849605] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_format_vic_1 RESULT=fail>
Failure - kunit - drm_test_fb_build_fourcc_list_removeduplicates
<8>[ 369.963014] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_fb_build_fourcc_list_removeduplicates RESULT=fail>
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 208.850170] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 208.804785] Oops: Oops: 0002 [#51] SMP KASAN PTI [ 208.744063] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 208.697960] Oops: Oops: 0002 [#49] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 206.721135] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 207.578975] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 209.130067] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 206.489031] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 208.106930] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 207.860103] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 208.156103] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 205.323511] Oops: general protection fault, probably for non-canonical address 0xe0053c17000000c9: 0000 [#2] SMP KASAN PTI [ 207.386750] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 207.100955] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 206.581614] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 206.536647] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 206.960399] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 206.765366] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 207.532309] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 207.148171] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 207.675484] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 207.248624] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 208.989491] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 208.547241] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 208.353657] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 208.251979] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 207.434159] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 207.192358] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 209.036518] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 208.946452] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 209.176381] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 206.625165] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 208.397861] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 207.624549] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 206.858536] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 207.340412] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 208.058770] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 208.305081] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI [ 206.675438] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 207.055309] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 207.720868] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 209.086456] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 207.814772] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 206.812672] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 207.907938] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 207.958159] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 208.012539] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 208.905979] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 208.203770] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 208.641535] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 207.007881] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 208.593902] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 208.446760] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 207.488135] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 206.907453] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 207.769862] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 207.293510] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 151.171727] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 208.494829] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_dvi
<8>[ 392.680650] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_dvi RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_crtc_mode_not_changed
<8>[ 392.500919] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_crtc_mode_not_changed RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 57.372541] ================================================================== [ 57.373130] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 57.373130] [ 57.373815] Use-after-free read at 0x(____ptrval____) (in kfence-#174): [ 57.374413] test_krealloc+0x6fc/0xbe0 [ 57.374747] kunit_try_run_case+0x1a5/0x480 [ 57.375183] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.375666] kthread+0x337/0x6f0 [ 57.376010] ret_from_fork+0x116/0x1d0 [ 57.376450] ret_from_fork_asm+0x1a/0x30 [ 57.376846] [ 57.377052] kfence-#174: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 57.377052] [ 57.377685] allocated by task 364 on cpu 0 at 57.371694s (0.005986s ago): [ 57.378279] test_alloc+0x364/0x10f0 [ 57.378551] test_krealloc+0xad/0xbe0 [ 57.378967] kunit_try_run_case+0x1a5/0x480 [ 57.379549] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.380002] kthread+0x337/0x6f0 [ 57.380444] ret_from_fork+0x116/0x1d0 [ 57.380801] ret_from_fork_asm+0x1a/0x30 [ 57.381117] [ 57.381298] freed by task 364 on cpu 0 at 57.371993s (0.009299s ago): [ 57.382050] krealloc_noprof+0x108/0x340 [ 57.382511] test_krealloc+0x226/0xbe0 [ 57.382880] kunit_try_run_case+0x1a5/0x480 [ 57.383202] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.383665] kthread+0x337/0x6f0 [ 57.383996] ret_from_fork+0x116/0x1d0 [ 57.384306] ret_from_fork_asm+0x1a/0x30 [ 57.384757] [ 57.385031] CPU: 0 UID: 0 PID: 364 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 57.385755] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.386179] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.386938] ==================================================================
Failure - kunit - drm_test_framebuffer_create_X0L2Modifierforinexistentplane
<8>[ 385.679087] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Modifierforinexistentplane RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 57.273881] ================================================================== [ 57.274581] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 57.274581] [ 57.275407] Use-after-free read at 0x(____ptrval____) (in kfence-#173): [ 57.275916] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 57.276404] kunit_try_run_case+0x1a5/0x480 [ 57.276707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.277061] kthread+0x337/0x6f0 [ 57.277427] ret_from_fork+0x116/0x1d0 [ 57.277869] ret_from_fork_asm+0x1a/0x30 [ 57.279059] [ 57.279321] kfence-#173: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 57.279321] [ 57.279889] allocated by task 362 on cpu 1 at 57.268680s (0.011204s ago): [ 57.280548] test_alloc+0x2a6/0x10f0 [ 57.280890] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 57.281373] kunit_try_run_case+0x1a5/0x480 [ 57.281709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.282372] kthread+0x337/0x6f0 [ 57.282643] ret_from_fork+0x116/0x1d0 [ 57.282965] ret_from_fork_asm+0x1a/0x30 [ 57.283376] [ 57.283608] freed by task 362 on cpu 1 at 57.268850s (0.014752s ago): [ 57.284066] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 57.284447] kunit_try_run_case+0x1a5/0x480 [ 57.285062] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 57.285717] kthread+0x337/0x6f0 [ 57.285996] ret_from_fork+0x116/0x1d0 [ 57.286396] ret_from_fork_asm+0x1a/0x30 [ 57.286794] [ 57.287067] CPU: 1 UID: 0 PID: 362 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 57.288487] Tainted: [B]=BAD_PAGE, [N]=TEST [ 57.288767] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 57.290143] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 33.054934] ================================================================== [ 33.055680] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 33.055680] [ 33.056412] Invalid read at 0x(____ptrval____): [ 33.056902] test_invalid_access+0xf0/0x210 [ 33.057379] kunit_try_run_case+0x1a5/0x480 [ 33.057748] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 33.058263] kthread+0x337/0x6f0 [ 33.058632] ret_from_fork+0x116/0x1d0 [ 33.058957] ret_from_fork_asm+0x1a/0x30 [ 33.059418] [ 33.059700] CPU: 1 UID: 0 PID: 358 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 33.060579] Tainted: [B]=BAD_PAGE, [N]=TEST [ 33.061190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 33.061748] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 32.828149] ================================================================== [ 32.828748] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 32.828748] [ 32.829892] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#169): [ 32.831316] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 32.831802] kunit_try_run_case+0x1a5/0x480 [ 32.832329] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.832777] kthread+0x337/0x6f0 [ 32.833047] ret_from_fork+0x116/0x1d0 [ 32.833413] ret_from_fork_asm+0x1a/0x30 [ 32.833857] [ 32.834055] kfence-#169: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 32.834055] [ 32.834680] allocated by task 352 on cpu 1 at 32.827795s (0.006880s ago): [ 32.835104] test_alloc+0x364/0x10f0 [ 32.835411] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 32.835731] kunit_try_run_case+0x1a5/0x480 [ 32.836162] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.836656] kthread+0x337/0x6f0 [ 32.837050] ret_from_fork+0x116/0x1d0 [ 32.837457] ret_from_fork_asm+0x1a/0x30 [ 32.837720] [ 32.837903] freed by task 352 on cpu 1 at 32.828024s (0.009874s ago): [ 32.838357] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 32.838860] kunit_try_run_case+0x1a5/0x480 [ 32.839319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.839816] kthread+0x337/0x6f0 [ 32.840256] ret_from_fork+0x116/0x1d0 [ 32.840694] ret_from_fork_asm+0x1a/0x30 [ 32.841120] [ 32.841400] CPU: 1 UID: 0 PID: 352 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 32.842062] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.842387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.842933] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 32.724009] ================================================================== [ 32.724621] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 32.724621] [ 32.725494] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#168): [ 32.726023] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 32.726486] kunit_try_run_case+0x1a5/0x480 [ 32.726785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.727529] kthread+0x337/0x6f0 [ 32.727972] ret_from_fork+0x116/0x1d0 [ 32.728361] ret_from_fork_asm+0x1a/0x30 [ 32.728757] [ 32.728941] kfence-#168: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 32.728941] [ 32.729897] allocated by task 350 on cpu 0 at 32.723692s (0.006200s ago): [ 32.730450] test_alloc+0x364/0x10f0 [ 32.730728] test_kmalloc_aligned_oob_read+0x105/0x560 [ 32.731221] kunit_try_run_case+0x1a5/0x480 [ 32.731659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 32.732170] kthread+0x337/0x6f0 [ 32.732474] ret_from_fork+0x116/0x1d0 [ 32.732751] ret_from_fork_asm+0x1a/0x30 [ 32.733153] [ 32.733505] CPU: 0 UID: 0 PID: 350 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 32.734438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 32.734818] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 32.735586] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 28.564057] ================================================================== [ 28.564660] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 28.564660] [ 28.565250] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#128): [ 28.567264] test_corruption+0x131/0x3e0 [ 28.567934] kunit_try_run_case+0x1a5/0x480 [ 28.568683] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.569391] kthread+0x337/0x6f0 [ 28.569730] ret_from_fork+0x116/0x1d0 [ 28.570072] ret_from_fork_asm+0x1a/0x30 [ 28.570505] [ 28.570711] kfence-#128: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.570711] [ 28.571499] allocated by task 340 on cpu 0 at 28.563847s (0.007646s ago): [ 28.572184] test_alloc+0x2a6/0x10f0 [ 28.572486] test_corruption+0xe6/0x3e0 [ 28.573087] kunit_try_run_case+0x1a5/0x480 [ 28.573874] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.574196] kthread+0x337/0x6f0 [ 28.574460] ret_from_fork+0x116/0x1d0 [ 28.575248] ret_from_fork_asm+0x1a/0x30 [ 28.575864] [ 28.576182] freed by task 340 on cpu 0 at 28.563937s (0.012240s ago): [ 28.576914] test_corruption+0x131/0x3e0 [ 28.577211] kunit_try_run_case+0x1a5/0x480 [ 28.577789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.578278] kthread+0x337/0x6f0 [ 28.578606] ret_from_fork+0x116/0x1d0 [ 28.579015] ret_from_fork_asm+0x1a/0x30 [ 28.579389] [ 28.579656] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 28.580626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.581065] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.582013] ================================================================== [ 28.460254] ================================================================== [ 28.460768] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 28.460768] [ 28.461553] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#127): [ 28.462227] test_corruption+0x2df/0x3e0 [ 28.462543] kunit_try_run_case+0x1a5/0x480 [ 28.463018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.463709] kthread+0x337/0x6f0 [ 28.464150] ret_from_fork+0x116/0x1d0 [ 28.464560] ret_from_fork_asm+0x1a/0x30 [ 28.465026] [ 28.465247] kfence-#127: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 28.465247] [ 28.466155] allocated by task 338 on cpu 1 at 28.459865s (0.006285s ago): [ 28.466706] test_alloc+0x364/0x10f0 [ 28.467131] test_corruption+0x1cb/0x3e0 [ 28.467740] kunit_try_run_case+0x1a5/0x480 [ 28.468189] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.468741] kthread+0x337/0x6f0 [ 28.469136] ret_from_fork+0x116/0x1d0 [ 28.469549] ret_from_fork_asm+0x1a/0x30 [ 28.469960] [ 28.470284] freed by task 338 on cpu 1 at 28.460017s (0.010261s ago): [ 28.470733] test_corruption+0x2df/0x3e0 [ 28.471061] kunit_try_run_case+0x1a5/0x480 [ 28.471751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.472311] kthread+0x337/0x6f0 [ 28.472696] ret_from_fork+0x116/0x1d0 [ 28.473094] ret_from_fork_asm+0x1a/0x30 [ 28.473683] [ 28.473984] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 28.475028] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.475430] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.476223] ================================================================== [ 27.731941] ================================================================== [ 27.732591] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 27.732591] [ 27.733261] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#120): [ 27.734497] test_corruption+0x2d2/0x3e0 [ 27.735042] kunit_try_run_case+0x1a5/0x480 [ 27.735442] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.735899] kthread+0x337/0x6f0 [ 27.736206] ret_from_fork+0x116/0x1d0 [ 27.736909] ret_from_fork_asm+0x1a/0x30 [ 27.737349] [ 27.737553] kfence-#120: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.737553] [ 27.738273] allocated by task 338 on cpu 1 at 27.731668s (0.006599s ago): [ 27.738968] test_alloc+0x364/0x10f0 [ 27.739412] test_corruption+0xe6/0x3e0 [ 27.739714] kunit_try_run_case+0x1a5/0x480 [ 27.740037] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.740591] kthread+0x337/0x6f0 [ 27.741000] ret_from_fork+0x116/0x1d0 [ 27.741492] ret_from_fork_asm+0x1a/0x30 [ 27.741959] [ 27.742169] freed by task 338 on cpu 1 at 27.731845s (0.010319s ago): [ 27.742776] test_corruption+0x2d2/0x3e0 [ 27.743080] kunit_try_run_case+0x1a5/0x480 [ 27.743592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.744128] kthread+0x337/0x6f0 [ 27.744558] ret_from_fork+0x116/0x1d0 [ 27.744972] ret_from_fork_asm+0x1a/0x30 [ 27.745368] [ 27.745577] CPU: 1 UID: 0 PID: 338 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 27.746631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.747074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.747680] ================================================================== [ 28.876508] ================================================================== [ 28.877411] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 28.877411] [ 28.878474] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#131): [ 28.879884] test_corruption+0x216/0x3e0 [ 28.880155] kunit_try_run_case+0x1a5/0x480 [ 28.880411] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.880692] kthread+0x337/0x6f0 [ 28.880927] ret_from_fork+0x116/0x1d0 [ 28.881341] ret_from_fork_asm+0x1a/0x30 [ 28.881786] [ 28.882042] kfence-#131: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 28.882042] [ 28.882721] allocated by task 340 on cpu 0 at 28.876295s (0.006420s ago): [ 28.884868] test_alloc+0x2a6/0x10f0 [ 28.885146] test_corruption+0x1cb/0x3e0 [ 28.885454] kunit_try_run_case+0x1a5/0x480 [ 28.885745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.886245] kthread+0x337/0x6f0 [ 28.886521] ret_from_fork+0x116/0x1d0 [ 28.886804] ret_from_fork_asm+0x1a/0x30 [ 28.887141] [ 28.887390] freed by task 340 on cpu 0 at 28.876382s (0.011002s ago): [ 28.887994] test_corruption+0x216/0x3e0 [ 28.888497] kunit_try_run_case+0x1a5/0x480 [ 28.888948] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 28.889478] kthread+0x337/0x6f0 [ 28.889857] ret_from_fork+0x116/0x1d0 [ 28.890259] ret_from_fork_asm+0x1a/0x30 [ 28.890731] [ 28.891069] CPU: 0 UID: 0 PID: 340 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 28.891720] Tainted: [B]=BAD_PAGE, [N]=TEST [ 28.892000] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 28.892790] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 27.524033] ================================================================== [ 27.524749] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 27.524749] [ 27.525401] Invalid free of 0x(____ptrval____) (in kfence-#118): [ 27.525920] test_invalid_addr_free+0xfb/0x260 [ 27.526270] kunit_try_run_case+0x1a5/0x480 [ 27.526613] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.527154] kthread+0x337/0x6f0 [ 27.527490] ret_from_fork+0x116/0x1d0 [ 27.527817] ret_from_fork_asm+0x1a/0x30 [ 27.528259] [ 27.528475] kfence-#118: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.528475] [ 27.529133] allocated by task 336 on cpu 1 at 27.523853s (0.005275s ago): [ 27.529812] test_alloc+0x2a6/0x10f0 [ 27.530144] test_invalid_addr_free+0xdb/0x260 [ 27.530532] kunit_try_run_case+0x1a5/0x480 [ 27.530959] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.531425] kthread+0x337/0x6f0 [ 27.531738] ret_from_fork+0x116/0x1d0 [ 27.532119] ret_from_fork_asm+0x1a/0x30 [ 27.532682] [ 27.532937] CPU: 1 UID: 0 PID: 336 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 27.533921] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.534246] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.534874] ================================================================== [ 27.420013] ================================================================== [ 27.420549] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 27.420549] [ 27.421261] Invalid free of 0x(____ptrval____) (in kfence-#117): [ 27.421936] test_invalid_addr_free+0x1e1/0x260 [ 27.422821] kunit_try_run_case+0x1a5/0x480 [ 27.423155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.423655] kthread+0x337/0x6f0 [ 27.424153] ret_from_fork+0x116/0x1d0 [ 27.424647] ret_from_fork_asm+0x1a/0x30 [ 27.425070] [ 27.425264] kfence-#117: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.425264] [ 27.426074] allocated by task 334 on cpu 0 at 27.419785s (0.006283s ago): [ 27.426752] test_alloc+0x364/0x10f0 [ 27.427213] test_invalid_addr_free+0xdb/0x260 [ 27.427630] kunit_try_run_case+0x1a5/0x480 [ 27.427991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.428468] kthread+0x337/0x6f0 [ 27.428983] ret_from_fork+0x116/0x1d0 [ 27.429390] ret_from_fork_asm+0x1a/0x30 [ 27.429796] [ 27.430069] CPU: 0 UID: 0 PID: 334 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 27.431171] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.431493] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.432114] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 27.316153] ================================================================== [ 27.316744] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 27.316744] [ 27.317365] Invalid free of 0x(____ptrval____) (in kfence-#116): [ 27.317867] test_double_free+0x112/0x260 [ 27.318267] kunit_try_run_case+0x1a5/0x480 [ 27.318685] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.319248] kthread+0x337/0x6f0 [ 27.319683] ret_from_fork+0x116/0x1d0 [ 27.320079] ret_from_fork_asm+0x1a/0x30 [ 27.320542] [ 27.320855] kfence-#116: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 27.320855] [ 27.321607] allocated by task 332 on cpu 1 at 27.315824s (0.005778s ago): [ 27.322050] test_alloc+0x2a6/0x10f0 [ 27.322506] test_double_free+0xdb/0x260 [ 27.322941] kunit_try_run_case+0x1a5/0x480 [ 27.323473] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.323986] kthread+0x337/0x6f0 [ 27.324463] ret_from_fork+0x116/0x1d0 [ 27.324855] ret_from_fork_asm+0x1a/0x30 [ 27.325403] [ 27.325598] freed by task 332 on cpu 1 at 27.315931s (0.009661s ago): [ 27.326312] test_double_free+0xfa/0x260 [ 27.326705] kunit_try_run_case+0x1a5/0x480 [ 27.327180] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.327793] kthread+0x337/0x6f0 [ 27.328161] ret_from_fork+0x116/0x1d0 [ 27.328713] ret_from_fork_asm+0x1a/0x30 [ 27.329166] [ 27.329475] CPU: 1 UID: 0 PID: 332 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 27.330162] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.330674] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.331474] ================================================================== [ 27.212120] ================================================================== [ 27.212703] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 27.212703] [ 27.213361] Invalid free of 0x(____ptrval____) (in kfence-#115): [ 27.214463] test_double_free+0x1d3/0x260 [ 27.214784] kunit_try_run_case+0x1a5/0x480 [ 27.215117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.216060] kthread+0x337/0x6f0 [ 27.216456] ret_from_fork+0x116/0x1d0 [ 27.216851] ret_from_fork_asm+0x1a/0x30 [ 27.217268] [ 27.217482] kfence-#115: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 27.217482] [ 27.218421] allocated by task 330 on cpu 0 at 27.211817s (0.006599s ago): [ 27.218928] test_alloc+0x364/0x10f0 [ 27.219216] test_double_free+0xdb/0x260 [ 27.219647] kunit_try_run_case+0x1a5/0x480 [ 27.220143] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.220625] kthread+0x337/0x6f0 [ 27.221017] ret_from_fork+0x116/0x1d0 [ 27.221470] ret_from_fork_asm+0x1a/0x30 [ 27.221842] [ 27.222085] freed by task 330 on cpu 0 at 27.211913s (0.010166s ago): [ 27.222616] test_double_free+0x1e0/0x260 [ 27.223120] kunit_try_run_case+0x1a5/0x480 [ 27.223632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 27.224058] kthread+0x337/0x6f0 [ 27.224544] ret_from_fork+0x116/0x1d0 [ 27.224954] ret_from_fork_asm+0x1a/0x30 [ 27.225428] [ 27.225678] CPU: 0 UID: 0 PID: 330 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 27.226681] Tainted: [B]=BAD_PAGE, [N]=TEST [ 27.227118] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 27.227751] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 26.796106] ================================================================== [ 26.796738] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 26.796738] [ 26.797507] Use-after-free read at 0x(____ptrval____) (in kfence-#111): [ 26.798130] test_use_after_free_read+0x129/0x270 [ 26.798454] kunit_try_run_case+0x1a5/0x480 [ 26.798922] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.799441] kthread+0x337/0x6f0 [ 26.799928] ret_from_fork+0x116/0x1d0 [ 26.800367] ret_from_fork_asm+0x1a/0x30 [ 26.800669] [ 26.800872] kfence-#111: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.800872] [ 26.801992] allocated by task 322 on cpu 1 at 26.795754s (0.006232s ago): [ 26.802581] test_alloc+0x364/0x10f0 [ 26.802955] test_use_after_free_read+0xdc/0x270 [ 26.803501] kunit_try_run_case+0x1a5/0x480 [ 26.804018] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.804506] kthread+0x337/0x6f0 [ 26.804764] ret_from_fork+0x116/0x1d0 [ 26.805186] ret_from_fork_asm+0x1a/0x30 [ 26.805605] [ 26.805861] freed by task 322 on cpu 1 at 26.795882s (0.009973s ago): [ 26.806553] test_use_after_free_read+0x1e7/0x270 [ 26.807073] kunit_try_run_case+0x1a5/0x480 [ 26.807583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.808026] kthread+0x337/0x6f0 [ 26.808296] ret_from_fork+0x116/0x1d0 [ 26.808581] ret_from_fork_asm+0x1a/0x30 [ 26.809010] [ 26.809279] CPU: 1 UID: 0 PID: 322 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 26.810347] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.810624] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.811773] ================================================================== [ 26.899955] ================================================================== [ 26.900525] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 26.900525] [ 26.901311] Use-after-free read at 0x(____ptrval____) (in kfence-#112): [ 26.901899] test_use_after_free_read+0x129/0x270 [ 26.902251] kunit_try_run_case+0x1a5/0x480 [ 26.902708] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.903261] kthread+0x337/0x6f0 [ 26.903608] ret_from_fork+0x116/0x1d0 [ 26.904000] ret_from_fork_asm+0x1a/0x30 [ 26.904637] [ 26.904894] kfence-#112: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.904894] [ 26.905532] allocated by task 324 on cpu 1 at 26.899735s (0.005792s ago): [ 26.906205] test_alloc+0x2a6/0x10f0 [ 26.906625] test_use_after_free_read+0xdc/0x270 [ 26.907075] kunit_try_run_case+0x1a5/0x480 [ 26.907529] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.908039] kthread+0x337/0x6f0 [ 26.908418] ret_from_fork+0x116/0x1d0 [ 26.908844] ret_from_fork_asm+0x1a/0x30 [ 26.909199] [ 26.909478] freed by task 324 on cpu 1 at 26.899820s (0.009652s ago): [ 26.910039] test_use_after_free_read+0xfb/0x270 [ 26.910670] kunit_try_run_case+0x1a5/0x480 [ 26.911107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.911613] kthread+0x337/0x6f0 [ 26.911984] ret_from_fork+0x116/0x1d0 [ 26.912386] ret_from_fork_asm+0x1a/0x30 [ 26.913064] [ 26.913325] CPU: 1 UID: 0 PID: 324 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 26.914493] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.914770] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.915757] ==================================================================
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_crtc_mode_changed
<8>[ 392.325659] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_output_bpc_crtc_mode_changed RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_driver_unsupported_fallback_yuv420
<8>[ 392.158574] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_driver_unsupported_fallback_yuv420 RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 26.691917] ================================================================== [ 26.692542] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 26.692542] [ 26.693890] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#110): [ 26.694167] test_out_of_bounds_write+0x10d/0x260 [ 26.694851] kunit_try_run_case+0x1a5/0x480 [ 26.695178] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.695722] kthread+0x337/0x6f0 [ 26.696113] ret_from_fork+0x116/0x1d0 [ 26.696557] ret_from_fork_asm+0x1a/0x30 [ 26.696989] [ 26.697202] kfence-#110: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.697202] [ 26.698078] allocated by task 320 on cpu 1 at 26.691797s (0.006275s ago): [ 26.698596] test_alloc+0x2a6/0x10f0 [ 26.699051] test_out_of_bounds_write+0xd4/0x260 [ 26.699573] kunit_try_run_case+0x1a5/0x480 [ 26.700049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.700573] kthread+0x337/0x6f0 [ 26.700961] ret_from_fork+0x116/0x1d0 [ 26.701388] ret_from_fork_asm+0x1a/0x30 [ 26.701815] [ 26.702103] CPU: 1 UID: 0 PID: 320 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 26.703181] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.703581] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.704384] ================================================================== [ 26.275980] ================================================================== [ 26.276642] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 26.276642] [ 26.277421] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#106): [ 26.278085] test_out_of_bounds_write+0x10d/0x260 [ 26.278511] kunit_try_run_case+0x1a5/0x480 [ 26.279096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.279853] kthread+0x337/0x6f0 [ 26.280207] ret_from_fork+0x116/0x1d0 [ 26.280618] ret_from_fork_asm+0x1a/0x30 [ 26.280939] [ 26.281189] kfence-#106: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 26.281189] [ 26.281991] allocated by task 318 on cpu 0 at 26.275750s (0.006235s ago): [ 26.282654] test_alloc+0x364/0x10f0 [ 26.282995] test_out_of_bounds_write+0xd4/0x260 [ 26.283567] kunit_try_run_case+0x1a5/0x480 [ 26.283950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.284307] kthread+0x337/0x6f0 [ 26.284605] ret_from_fork+0x116/0x1d0 [ 26.284999] ret_from_fork_asm+0x1a/0x30 [ 26.285570] [ 26.285845] CPU: 0 UID: 0 PID: 318 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 26.286737] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.287035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.288224] ==================================================================
Failure - kunit - drm_test_framebuffer_create_X0L2Validmodifier
<8>[ 385.514755] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Validmodifier RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 25.133298] ================================================================== [ 25.133940] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 25.133940] [ 25.135157] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#95): [ 25.135727] test_out_of_bounds_read+0x126/0x4e0 [ 25.136205] kunit_try_run_case+0x1a5/0x480 [ 25.136627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.137253] kthread+0x337/0x6f0 [ 25.137529] ret_from_fork+0x116/0x1d0 [ 25.137810] ret_from_fork_asm+0x1a/0x30 [ 25.138271] [ 25.138487] kfence-#95: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 25.138487] [ 25.139354] allocated by task 314 on cpu 1 at 25.131779s (0.007570s ago): [ 25.139929] test_alloc+0x364/0x10f0 [ 25.140203] test_out_of_bounds_read+0xed/0x4e0 [ 25.140614] kunit_try_run_case+0x1a5/0x480 [ 25.141080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.141653] kthread+0x337/0x6f0 [ 25.142055] ret_from_fork+0x116/0x1d0 [ 25.142466] ret_from_fork_asm+0x1a/0x30 [ 25.142962] [ 25.143296] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 25.144244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.144530] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.145346] ================================================================== [ 25.963821] ================================================================== [ 25.964461] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 25.964461] [ 25.965210] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#103): [ 25.965754] test_out_of_bounds_read+0x126/0x4e0 [ 25.966223] kunit_try_run_case+0x1a5/0x480 [ 25.966657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.967056] kthread+0x337/0x6f0 [ 25.967409] ret_from_fork+0x116/0x1d0 [ 25.968066] ret_from_fork_asm+0x1a/0x30 [ 25.968393] [ 25.968557] kfence-#103: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 25.968557] [ 25.969085] allocated by task 316 on cpu 1 at 25.963726s (0.005354s ago): [ 25.969814] test_alloc+0x2a6/0x10f0 [ 25.970411] test_out_of_bounds_read+0xed/0x4e0 [ 25.970934] kunit_try_run_case+0x1a5/0x480 [ 25.971461] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.971999] kthread+0x337/0x6f0 [ 25.972289] ret_from_fork+0x116/0x1d0 [ 25.972964] ret_from_fork_asm+0x1a/0x30 [ 25.973411] [ 25.973671] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 25.974462] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.974738] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.975927] ================================================================== [ 26.067683] ================================================================== [ 26.068246] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 26.068246] [ 26.069014] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#104): [ 26.069711] test_out_of_bounds_read+0x216/0x4e0 [ 26.070161] kunit_try_run_case+0x1a5/0x480 [ 26.070640] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.071056] kthread+0x337/0x6f0 [ 26.071460] ret_from_fork+0x116/0x1d0 [ 26.071905] ret_from_fork_asm+0x1a/0x30 [ 26.072322] [ 26.072528] kfence-#104: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 26.072528] [ 26.073232] allocated by task 316 on cpu 1 at 26.067615s (0.005611s ago): [ 26.073748] test_alloc+0x2a6/0x10f0 [ 26.074131] test_out_of_bounds_read+0x1e2/0x4e0 [ 26.074610] kunit_try_run_case+0x1a5/0x480 [ 26.075002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 26.075691] kthread+0x337/0x6f0 [ 26.076050] ret_from_fork+0x116/0x1d0 [ 26.076440] ret_from_fork_asm+0x1a/0x30 [ 26.076865] [ 26.077079] CPU: 1 UID: 0 PID: 316 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 26.077883] Tainted: [B]=BAD_PAGE, [N]=TEST [ 26.078294] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 26.079223] ================================================================== [ 25.340065] ================================================================== [ 25.340628] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 25.340628] [ 25.341389] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#97): [ 25.341891] test_out_of_bounds_read+0x216/0x4e0 [ 25.342318] kunit_try_run_case+0x1a5/0x480 [ 25.342753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.343180] kthread+0x337/0x6f0 [ 25.343570] ret_from_fork+0x116/0x1d0 [ 25.343976] ret_from_fork_asm+0x1a/0x30 [ 25.344339] [ 25.344573] kfence-#97: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 25.344573] [ 25.345298] allocated by task 314 on cpu 1 at 25.339772s (0.005522s ago): [ 25.345758] test_alloc+0x364/0x10f0 [ 25.346141] test_out_of_bounds_read+0x1e2/0x4e0 [ 25.346570] kunit_try_run_case+0x1a5/0x480 [ 25.346971] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.347331] kthread+0x337/0x6f0 [ 25.347779] ret_from_fork+0x116/0x1d0 [ 25.348248] ret_from_fork_asm+0x1a/0x30 [ 25.348677] [ 25.348955] CPU: 1 UID: 0 PID: 314 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 25.349767] Tainted: [B]=BAD_PAGE, [N]=TEST [ 25.350164] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 25.352084] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kmalloc_oob_memset_16
[ 18.189787] ================================================================== [ 18.191744] BUG: KFENCE: memory corruption in kmalloc_oob_memset_16+0x187/0x330 [ 18.191744] [ 18.192421] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . ] (in kfence-#66): [ 18.193732] kmalloc_oob_memset_16+0x187/0x330 [ 18.194285] kunit_try_run_case+0x1a5/0x480 [ 18.194793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.195440] kthread+0x337/0x6f0 [ 18.195729] ret_from_fork+0x116/0x1d0 [ 18.196137] ret_from_fork_asm+0x1a/0x30 [ 18.196521] [ 18.196811] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 18.196811] [ 18.197594] allocated by task 205 on cpu 0 at 18.188521s (0.009068s ago): [ 18.198051] kmalloc_oob_memset_16+0xac/0x330 [ 18.198405] kunit_try_run_case+0x1a5/0x480 [ 18.198829] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.199377] kthread+0x337/0x6f0 [ 18.199740] ret_from_fork+0x116/0x1d0 [ 18.200128] ret_from_fork_asm+0x1a/0x30 [ 18.200601] [ 18.200788] freed by task 205 on cpu 0 at 18.189727s (0.011055s ago): [ 18.201404] kmalloc_oob_memset_16+0x187/0x330 [ 18.201808] kunit_try_run_case+0x1a5/0x480 [ 18.202188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.202621] kthread+0x337/0x6f0 [ 18.203365] ret_from_fork+0x116/0x1d0 [ 18.203749] ret_from_fork_asm+0x1a/0x30 [ 18.204116] [ 18.204314] CPU: 0 UID: 0 PID: 205 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.205272] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.205541] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.206533] ==================================================================
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_rgb
<8>[ 391.462943] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_rgb RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-kmalloc_track_caller_oob_right
[ 16.877982] ================================================================== [ 16.879982] BUG: KFENCE: memory corruption in kmalloc_track_caller_oob_right+0x288/0x520 [ 16.879982] [ 16.880925] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . ] (in kfence-#54): [ 16.882767] kmalloc_track_caller_oob_right+0x288/0x520 [ 16.883244] kunit_try_run_case+0x1a5/0x480 [ 16.883729] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.884212] kthread+0x337/0x6f0 [ 16.884575] ret_from_fork+0x116/0x1d0 [ 16.884945] ret_from_fork_asm+0x1a/0x30 [ 16.885441] [ 16.886000] kfence-#54: 0x(____ptrval____)-0x(____ptrval____), size=120, cache=kmalloc-128 [ 16.886000] [ 16.887104] allocated by task 169 on cpu 0 at 16.874505s (0.012481s ago): [ 16.888073] kmalloc_track_caller_oob_right+0x19a/0x520 [ 16.888693] kunit_try_run_case+0x1a5/0x480 [ 16.889114] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.889946] kthread+0x337/0x6f0 [ 16.890394] ret_from_fork+0x116/0x1d0 [ 16.891009] ret_from_fork_asm+0x1a/0x30 [ 16.891711] [ 16.892164] freed by task 169 on cpu 0 at 16.877267s (0.014728s ago): [ 16.892809] kmalloc_track_caller_oob_right+0x288/0x520 [ 16.893311] kunit_try_run_case+0x1a5/0x480 [ 16.893649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.894186] kthread+0x337/0x6f0 [ 16.894505] ret_from_fork+0x116/0x1d0 [ 16.894890] ret_from_fork_asm+0x1a/0x30 [ 16.895342] [ 16.895676] CPU: 0 UID: 0 PID: 169 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 16.896629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.897017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.897743] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 17.983890] ================================================================== [ 17.984663] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 17.985195] Write of size 128 at addr ffff888103393a00 by task kunit_try_catch/197 [ 17.985767] [ 17.986054] CPU: 0 UID: 0 PID: 197 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.986177] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.986251] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.986314] Call Trace: [ 17.986376] <TASK> [ 17.986426] dump_stack_lvl+0x73/0xb0 [ 17.986512] print_report+0xd1/0x650 [ 17.986589] ? __virt_addr_valid+0x1db/0x2d0 [ 17.986662] ? kmalloc_oob_in_memset+0x15f/0x320 [ 17.986737] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.986807] ? kmalloc_oob_in_memset+0x15f/0x320 [ 17.986900] kasan_report+0x141/0x180 [ 17.986973] ? kmalloc_oob_in_memset+0x15f/0x320 [ 17.987053] kasan_check_range+0x10c/0x1c0 [ 17.987131] __asan_memset+0x27/0x50 [ 17.987195] kmalloc_oob_in_memset+0x15f/0x320 [ 17.987323] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 17.987398] ? __schedule+0x10cc/0x2b60 [ 17.987465] ? __pfx_read_tsc+0x10/0x10 [ 17.987531] ? ktime_get_ts64+0x86/0x230 [ 17.987624] kunit_try_run_case+0x1a5/0x480 [ 17.987709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.987780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.987863] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.987940] ? __kthread_parkme+0x82/0x180 [ 17.987980] ? preempt_count_sub+0x50/0x80 [ 17.988014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.988047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.988077] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.988108] kthread+0x337/0x6f0 [ 17.988133] ? trace_preempt_on+0x20/0xc0 [ 17.988167] ? __pfx_kthread+0x10/0x10 [ 17.988194] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.988351] ? calculate_sigpending+0x7b/0xa0 [ 17.988397] ? __pfx_kthread+0x10/0x10 [ 17.988428] ret_from_fork+0x116/0x1d0 [ 17.988456] ? __pfx_kthread+0x10/0x10 [ 17.988484] ret_from_fork_asm+0x1a/0x30 [ 17.988525] </TASK> [ 17.988541] [ 18.006653] Allocated by task 197: [ 18.007465] kasan_save_stack+0x45/0x70 [ 18.008164] kasan_save_track+0x18/0x40 [ 18.008918] kasan_save_alloc_info+0x3b/0x50 [ 18.009386] __kasan_kmalloc+0xb7/0xc0 [ 18.009762] __kmalloc_cache_noprof+0x189/0x420 [ 18.010145] kmalloc_oob_in_memset+0xac/0x320 [ 18.010685] kunit_try_run_case+0x1a5/0x480 [ 18.011096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.011727] kthread+0x337/0x6f0 [ 18.012065] ret_from_fork+0x116/0x1d0 [ 18.012783] ret_from_fork_asm+0x1a/0x30 [ 18.014097] [ 18.014377] The buggy address belongs to the object at ffff888103393a00 [ 18.014377] which belongs to the cache kmalloc-128 of size 128 [ 18.014995] The buggy address is located 0 bytes inside of [ 18.014995] allocated 120-byte region [ffff888103393a00, ffff888103393a78) [ 18.015589] [ 18.015727] The buggy address belongs to the physical page: [ 18.018852] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103393 [ 18.021712] flags: 0x200000000000000(node=0|zone=2) [ 18.023689] page_type: f5(slab) [ 18.025466] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.026804] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.027660] page dumped because: kasan: bad access detected [ 18.028100] [ 18.028296] Memory state around the buggy address: [ 18.029202] ffff888103393900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.029981] ffff888103393980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.030767] >ffff888103393a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.031317] ^ [ 18.032193] ffff888103393a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.033216] ffff888103393b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.033750] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 17.926861] ================================================================== [ 17.928096] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 17.928904] Read of size 16 at addr ffff888102264540 by task kunit_try_catch/195 [ 17.930164] [ 17.930435] CPU: 1 UID: 0 PID: 195 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.930561] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.930597] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.930655] Call Trace: [ 17.930693] <TASK> [ 17.930738] dump_stack_lvl+0x73/0xb0 [ 17.930822] print_report+0xd1/0x650 [ 17.930917] ? __virt_addr_valid+0x1db/0x2d0 [ 17.930995] ? kmalloc_uaf_16+0x47b/0x4c0 [ 17.931064] ? kasan_complete_mode_report_info+0x64/0x200 [ 17.931139] ? kmalloc_uaf_16+0x47b/0x4c0 [ 17.931207] kasan_report+0x141/0x180 [ 17.931319] ? kmalloc_uaf_16+0x47b/0x4c0 [ 17.931421] __asan_report_load16_noabort+0x18/0x20 [ 17.931461] kmalloc_uaf_16+0x47b/0x4c0 [ 17.931491] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 17.931523] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 17.931568] kunit_try_run_case+0x1a5/0x480 [ 17.931605] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.931636] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.931666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.931701] ? __kthread_parkme+0x82/0x180 [ 17.931728] ? preempt_count_sub+0x50/0x80 [ 17.931759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.931792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.931822] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.931882] kthread+0x337/0x6f0 [ 17.931910] ? trace_preempt_on+0x20/0xc0 [ 17.931945] ? __pfx_kthread+0x10/0x10 [ 17.931972] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.932005] ? calculate_sigpending+0x7b/0xa0 [ 17.932039] ? __pfx_kthread+0x10/0x10 [ 17.932067] ret_from_fork+0x116/0x1d0 [ 17.932092] ? __pfx_kthread+0x10/0x10 [ 17.932119] ret_from_fork_asm+0x1a/0x30 [ 17.932159] </TASK> [ 17.932174] [ 17.950943] Allocated by task 195: [ 17.951572] kasan_save_stack+0x45/0x70 [ 17.952012] kasan_save_track+0x18/0x40 [ 17.952640] kasan_save_alloc_info+0x3b/0x50 [ 17.952970] __kasan_kmalloc+0xb7/0xc0 [ 17.953649] __kmalloc_cache_noprof+0x189/0x420 [ 17.954410] kmalloc_uaf_16+0x15b/0x4c0 [ 17.954986] kunit_try_run_case+0x1a5/0x480 [ 17.955570] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.956352] kthread+0x337/0x6f0 [ 17.956862] ret_from_fork+0x116/0x1d0 [ 17.957207] ret_from_fork_asm+0x1a/0x30 [ 17.957537] [ 17.957690] Freed by task 195: [ 17.957948] kasan_save_stack+0x45/0x70 [ 17.959496] kasan_save_track+0x18/0x40 [ 17.959924] kasan_save_free_info+0x3f/0x60 [ 17.960396] __kasan_slab_free+0x56/0x70 [ 17.960727] kfree+0x222/0x3f0 [ 17.961038] kmalloc_uaf_16+0x1d6/0x4c0 [ 17.961488] kunit_try_run_case+0x1a5/0x480 [ 17.962105] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.962755] kthread+0x337/0x6f0 [ 17.963143] ret_from_fork+0x116/0x1d0 [ 17.963724] ret_from_fork_asm+0x1a/0x30 [ 17.964185] [ 17.964408] The buggy address belongs to the object at ffff888102264540 [ 17.964408] which belongs to the cache kmalloc-16 of size 16 [ 17.965656] The buggy address is located 0 bytes inside of [ 17.965656] freed 16-byte region [ffff888102264540, ffff888102264550) [ 17.967013] [ 17.967284] The buggy address belongs to the physical page: [ 17.968272] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 17.968768] flags: 0x200000000000000(node=0|zone=2) [ 17.969484] page_type: f5(slab) [ 17.969874] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 17.970763] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.971639] page dumped because: kasan: bad access detected [ 17.972077] [ 17.972263] Memory state around the buggy address: [ 17.973100] ffff888102264400: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 17.973624] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 17.974155] >ffff888102264500: fa fb fc fc 00 00 fc fc fa fb fc fc fc fc fc fc [ 17.974697] ^ [ 17.975630] ffff888102264580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.976196] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.976826] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 17.880803] ================================================================== [ 17.881633] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 17.882509] Write of size 16 at addr ffff8881022644e0 by task kunit_try_catch/193 [ 17.883180] [ 17.883607] CPU: 1 UID: 0 PID: 193 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.883742] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.883780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.883895] Call Trace: [ 17.883942] <TASK> [ 17.883993] dump_stack_lvl+0x73/0xb0 [ 17.884085] print_report+0xd1/0x650 [ 17.884157] ? __virt_addr_valid+0x1db/0x2d0 [ 17.884683] ? kmalloc_oob_16+0x452/0x4a0 [ 17.884755] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.884824] ? kmalloc_oob_16+0x452/0x4a0 [ 17.884888] kasan_report+0x141/0x180 [ 17.884922] ? kmalloc_oob_16+0x452/0x4a0 [ 17.884959] __asan_report_store16_noabort+0x1b/0x30 [ 17.884995] kmalloc_oob_16+0x452/0x4a0 [ 17.885024] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 17.885055] ? __schedule+0x10cc/0x2b60 [ 17.885085] ? irqentry_exit+0x2a/0x60 [ 17.885114] ? __pfx_read_tsc+0x10/0x10 [ 17.885145] ? ktime_get_ts64+0x86/0x230 [ 17.885179] kunit_try_run_case+0x1a5/0x480 [ 17.885227] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.885299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.885396] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.885442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.885477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.885510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.885543] kthread+0x337/0x6f0 [ 17.885573] ? trace_preempt_on+0x20/0xc0 [ 17.885607] ? __pfx_kthread+0x10/0x10 [ 17.885636] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.885670] ? calculate_sigpending+0x7b/0xa0 [ 17.885705] ? __pfx_kthread+0x10/0x10 [ 17.885735] ret_from_fork+0x116/0x1d0 [ 17.885760] ? __pfx_kthread+0x10/0x10 [ 17.885788] ret_from_fork_asm+0x1a/0x30 [ 17.885850] </TASK> [ 17.885872] [ 17.901048] Allocated by task 193: [ 17.901569] kasan_save_stack+0x45/0x70 [ 17.901982] kasan_save_track+0x18/0x40 [ 17.902742] kasan_save_alloc_info+0x3b/0x50 [ 17.903208] __kasan_kmalloc+0xb7/0xc0 [ 17.903857] __kmalloc_cache_noprof+0x189/0x420 [ 17.904463] kmalloc_oob_16+0xa8/0x4a0 [ 17.904858] kunit_try_run_case+0x1a5/0x480 [ 17.905420] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.905772] kthread+0x337/0x6f0 [ 17.906161] ret_from_fork+0x116/0x1d0 [ 17.906983] ret_from_fork_asm+0x1a/0x30 [ 17.907589] [ 17.907819] The buggy address belongs to the object at ffff8881022644e0 [ 17.907819] which belongs to the cache kmalloc-16 of size 16 [ 17.908805] The buggy address is located 0 bytes inside of [ 17.908805] allocated 13-byte region [ffff8881022644e0, ffff8881022644ed) [ 17.909771] [ 17.910026] The buggy address belongs to the physical page: [ 17.911002] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 17.911876] flags: 0x200000000000000(node=0|zone=2) [ 17.912486] page_type: f5(slab) [ 17.912852] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 17.913709] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 17.914166] page dumped because: kasan: bad access detected [ 17.915074] [ 17.915712] Memory state around the buggy address: [ 17.916161] ffff888102264380: 00 06 fc fc 00 06 fc fc 00 06 fc fc fa fb fc fc [ 17.916864] ffff888102264400: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 17.917756] >ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc 00 05 fc fc [ 17.918728] ^ [ 17.919448] ffff888102264500: 00 00 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.920134] ffff888102264580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.920829] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 17.822005] ================================================================== [ 17.822795] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 17.823583] Read of size 1 at addr ffff888100391a00 by task kunit_try_catch/191 [ 17.825068] [ 17.825278] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.825401] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.825439] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.825495] Call Trace: [ 17.825532] <TASK> [ 17.825579] dump_stack_lvl+0x73/0xb0 [ 17.825660] print_report+0xd1/0x650 [ 17.825733] ? __virt_addr_valid+0x1db/0x2d0 [ 17.825803] ? krealloc_uaf+0x53c/0x5e0 [ 17.825888] ? kasan_complete_mode_report_info+0x64/0x200 [ 17.825958] ? krealloc_uaf+0x53c/0x5e0 [ 17.826000] kasan_report+0x141/0x180 [ 17.826043] ? krealloc_uaf+0x53c/0x5e0 [ 17.826091] __asan_report_load1_noabort+0x18/0x20 [ 17.826128] krealloc_uaf+0x53c/0x5e0 [ 17.826157] ? __pfx_krealloc_uaf+0x10/0x10 [ 17.826185] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.826228] ? __pfx_krealloc_uaf+0x10/0x10 [ 17.826306] kunit_try_run_case+0x1a5/0x480 [ 17.826372] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.826406] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.826434] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.826469] ? __kthread_parkme+0x82/0x180 [ 17.826497] ? preempt_count_sub+0x50/0x80 [ 17.826528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.826561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.826592] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.826623] kthread+0x337/0x6f0 [ 17.826648] ? trace_preempt_on+0x20/0xc0 [ 17.826679] ? __pfx_kthread+0x10/0x10 [ 17.826706] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.826738] ? calculate_sigpending+0x7b/0xa0 [ 17.826771] ? __pfx_kthread+0x10/0x10 [ 17.826798] ret_from_fork+0x116/0x1d0 [ 17.826822] ? __pfx_kthread+0x10/0x10 [ 17.826877] ret_from_fork_asm+0x1a/0x30 [ 17.826919] </TASK> [ 17.826932] [ 17.844260] Allocated by task 191: [ 17.844575] kasan_save_stack+0x45/0x70 [ 17.844958] kasan_save_track+0x18/0x40 [ 17.845315] kasan_save_alloc_info+0x3b/0x50 [ 17.845731] __kasan_kmalloc+0xb7/0xc0 [ 17.846386] __kmalloc_cache_noprof+0x189/0x420 [ 17.846708] krealloc_uaf+0xbb/0x5e0 [ 17.846993] kunit_try_run_case+0x1a5/0x480 [ 17.847545] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.848042] kthread+0x337/0x6f0 [ 17.848855] ret_from_fork+0x116/0x1d0 [ 17.849398] ret_from_fork_asm+0x1a/0x30 [ 17.849883] [ 17.850081] Freed by task 191: [ 17.850619] kasan_save_stack+0x45/0x70 [ 17.851092] kasan_save_track+0x18/0x40 [ 17.851668] kasan_save_free_info+0x3f/0x60 [ 17.852109] __kasan_slab_free+0x56/0x70 [ 17.852668] kfree+0x222/0x3f0 [ 17.853037] krealloc_uaf+0x13d/0x5e0 [ 17.853856] kunit_try_run_case+0x1a5/0x480 [ 17.854514] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.855053] kthread+0x337/0x6f0 [ 17.855462] ret_from_fork+0x116/0x1d0 [ 17.855858] ret_from_fork_asm+0x1a/0x30 [ 17.856529] [ 17.856735] The buggy address belongs to the object at ffff888100391a00 [ 17.856735] which belongs to the cache kmalloc-256 of size 256 [ 17.858016] The buggy address is located 0 bytes inside of [ 17.858016] freed 256-byte region [ffff888100391a00, ffff888100391b00) [ 17.859593] [ 17.859808] The buggy address belongs to the physical page: [ 17.860547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100390 [ 17.861391] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.862021] flags: 0x200000000000040(head|node=0|zone=2) [ 17.862691] page_type: f5(slab) [ 17.863037] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.864041] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.865011] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.865975] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.866915] head: 0200000000000001 ffffea000400e401 00000000ffffffff 00000000ffffffff [ 17.867610] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.867892] page dumped because: kasan: bad access detected [ 17.868074] [ 17.868149] Memory state around the buggy address: [ 17.869464] ffff888100391900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.870469] ffff888100391980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.871079] >ffff888100391a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.871695] ^ [ 17.872052] ffff888100391a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.872797] ffff888100391b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.873474] ================================================================== [ 17.766725] ================================================================== [ 17.768122] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 17.768795] Read of size 1 at addr ffff888100391a00 by task kunit_try_catch/191 [ 17.769467] [ 17.769729] CPU: 0 UID: 0 PID: 191 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.769876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.769913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.769969] Call Trace: [ 17.770033] <TASK> [ 17.770102] dump_stack_lvl+0x73/0xb0 [ 17.770183] print_report+0xd1/0x650 [ 17.770351] ? __virt_addr_valid+0x1db/0x2d0 [ 17.770427] ? krealloc_uaf+0x1b8/0x5e0 [ 17.770492] ? kasan_complete_mode_report_info+0x64/0x200 [ 17.770537] ? krealloc_uaf+0x1b8/0x5e0 [ 17.770568] kasan_report+0x141/0x180 [ 17.770599] ? krealloc_uaf+0x1b8/0x5e0 [ 17.770659] ? krealloc_uaf+0x1b8/0x5e0 [ 17.770732] __kasan_check_byte+0x3d/0x50 [ 17.770798] krealloc_noprof+0x3f/0x340 [ 17.770858] krealloc_uaf+0x1b8/0x5e0 [ 17.770901] ? __pfx_krealloc_uaf+0x10/0x10 [ 17.770931] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.770970] ? __pfx_krealloc_uaf+0x10/0x10 [ 17.771004] kunit_try_run_case+0x1a5/0x480 [ 17.771036] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.771067] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.771095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.771132] ? __kthread_parkme+0x82/0x180 [ 17.771159] ? preempt_count_sub+0x50/0x80 [ 17.771190] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.771232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.771307] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.771373] kthread+0x337/0x6f0 [ 17.771405] ? trace_preempt_on+0x20/0xc0 [ 17.771440] ? __pfx_kthread+0x10/0x10 [ 17.771468] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.771500] ? calculate_sigpending+0x7b/0xa0 [ 17.771534] ? __pfx_kthread+0x10/0x10 [ 17.771582] ret_from_fork+0x116/0x1d0 [ 17.771609] ? __pfx_kthread+0x10/0x10 [ 17.771636] ret_from_fork_asm+0x1a/0x30 [ 17.771677] </TASK> [ 17.771693] [ 17.790220] Allocated by task 191: [ 17.791013] kasan_save_stack+0x45/0x70 [ 17.791867] kasan_save_track+0x18/0x40 [ 17.792636] kasan_save_alloc_info+0x3b/0x50 [ 17.793149] __kasan_kmalloc+0xb7/0xc0 [ 17.793502] __kmalloc_cache_noprof+0x189/0x420 [ 17.793883] krealloc_uaf+0xbb/0x5e0 [ 17.794247] kunit_try_run_case+0x1a5/0x480 [ 17.794599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.795769] kthread+0x337/0x6f0 [ 17.796130] ret_from_fork+0x116/0x1d0 [ 17.796661] ret_from_fork_asm+0x1a/0x30 [ 17.797031] [ 17.797378] Freed by task 191: [ 17.797721] kasan_save_stack+0x45/0x70 [ 17.798072] kasan_save_track+0x18/0x40 [ 17.798623] kasan_save_free_info+0x3f/0x60 [ 17.799037] __kasan_slab_free+0x56/0x70 [ 17.799865] kfree+0x222/0x3f0 [ 17.800144] krealloc_uaf+0x13d/0x5e0 [ 17.800705] kunit_try_run_case+0x1a5/0x480 [ 17.801096] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.801746] kthread+0x337/0x6f0 [ 17.802063] ret_from_fork+0x116/0x1d0 [ 17.802631] ret_from_fork_asm+0x1a/0x30 [ 17.803028] [ 17.803349] The buggy address belongs to the object at ffff888100391a00 [ 17.803349] which belongs to the cache kmalloc-256 of size 256 [ 17.804778] The buggy address is located 0 bytes inside of [ 17.804778] freed 256-byte region [ffff888100391a00, ffff888100391b00) [ 17.805953] [ 17.806128] The buggy address belongs to the physical page: [ 17.806768] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100390 [ 17.807577] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.808124] flags: 0x200000000000040(head|node=0|zone=2) [ 17.808781] page_type: f5(slab) [ 17.809148] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.810152] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.810928] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.811573] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.812406] head: 0200000000000001 ffffea000400e401 00000000ffffffff 00000000ffffffff [ 17.813369] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.813968] page dumped because: kasan: bad access detected [ 17.814779] [ 17.815384] Memory state around the buggy address: [ 17.816099] ffff888100391900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.816672] ffff888100391980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.817243] >ffff888100391a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.817815] ^ [ 17.818524] ffff888100391a80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 17.819135] ffff888100391b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.819923] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 205.261688] ================================================================== [ 205.262215] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 205.262846] Read of size 8 at addr ffff88810583c070 by task kunit_try_catch/1606 [ 205.263410] [ 205.263639] CPU: 1 UID: 0 PID: 1606 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 205.263817] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 205.263858] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 205.263915] Call Trace: [ 205.263952] <TASK> [ 205.264000] dump_stack_lvl+0x73/0xb0 [ 205.264082] print_report+0xd1/0x650 [ 205.264160] ? __virt_addr_valid+0x1db/0x2d0 [ 205.264253] ? drm_encoder_cleanup+0x265/0x270 [ 205.264321] ? kasan_complete_mode_report_info+0x64/0x200 [ 205.264388] ? drm_encoder_cleanup+0x265/0x270 [ 205.264455] kasan_report+0x141/0x180 [ 205.264510] ? drm_encoder_cleanup+0x265/0x270 [ 205.264568] __asan_report_load8_noabort+0x18/0x20 [ 205.264626] drm_encoder_cleanup+0x265/0x270 [ 205.264699] drmm_encoder_alloc_release+0x36/0x60 [ 205.264770] drm_managed_release+0x15c/0x470 [ 205.264864] ? simple_release_fs+0x86/0xb0 [ 205.264945] drm_dev_put.part.0+0xa1/0x100 [ 205.265016] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 205.265094] devm_drm_dev_init_release+0x17/0x30 [ 205.265168] devm_action_release+0x50/0x80 [ 205.265245] devres_release_all+0x186/0x240 [ 205.265319] ? __pfx_devres_release_all+0x10/0x10 [ 205.265386] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 205.265430] ? sysfs_remove_file_ns+0x56/0xa0 [ 205.265466] device_unbind_cleanup+0x1b/0x1b0 [ 205.265498] device_release_driver_internal+0x3e4/0x540 [ 205.265530] ? klist_devices_put+0x35/0x50 [ 205.265566] device_release_driver+0x16/0x20 [ 205.265597] bus_remove_device+0x1e9/0x3d0 [ 205.265627] device_del+0x397/0x980 [ 205.265659] ? __pfx_device_del+0x10/0x10 [ 205.265687] ? __kasan_check_write+0x18/0x20 [ 205.265713] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 205.265742] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 205.265776] device_unregister+0x1b/0xa0 [ 205.265832] device_unregister_wrapper+0x12/0x20 [ 205.265866] __kunit_action_free+0x57/0x70 [ 205.265899] kunit_remove_resource+0x133/0x200 [ 205.265930] ? preempt_count_sub+0x50/0x80 [ 205.265963] kunit_cleanup+0x7a/0x120 [ 205.265999] kunit_try_run_case_cleanup+0xbd/0xf0 [ 205.266030] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 205.266064] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 205.266093] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 205.266121] kthread+0x337/0x6f0 [ 205.266151] ? trace_preempt_on+0x20/0xc0 [ 205.266191] ? __pfx_kthread+0x10/0x10 [ 205.266243] ? _raw_spin_unlock_irq+0x47/0x80 [ 205.266280] ? calculate_sigpending+0x7b/0xa0 [ 205.266315] ? __pfx_kthread+0x10/0x10 [ 205.266345] ret_from_fork+0x116/0x1d0 [ 205.266373] ? __pfx_kthread+0x10/0x10 [ 205.266402] ret_from_fork_asm+0x1a/0x30 [ 205.266444] </TASK> [ 205.266462] [ 205.289380] Allocated by task 1605: [ 205.289739] kasan_save_stack+0x45/0x70 [ 205.290167] kasan_save_track+0x18/0x40 [ 205.290504] kasan_save_alloc_info+0x3b/0x50 [ 205.290835] __kasan_kmalloc+0xb7/0xc0 [ 205.291251] __kmalloc_noprof+0x1c9/0x500 [ 205.291660] __devm_drm_bridge_alloc+0x33/0x170 [ 205.292062] drm_test_bridge_init+0x188/0x5c0 [ 205.292483] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 205.292893] kunit_try_run_case+0x1a5/0x480 [ 205.293330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 205.293822] kthread+0x337/0x6f0 [ 205.294169] ret_from_fork+0x116/0x1d0 [ 205.294629] ret_from_fork_asm+0x1a/0x30 [ 205.294958] [ 205.295118] Freed by task 1606: [ 205.295401] kasan_save_stack+0x45/0x70 [ 205.295694] kasan_save_track+0x18/0x40 [ 205.296115] kasan_save_free_info+0x3f/0x60 [ 205.296592] __kasan_slab_free+0x56/0x70 [ 205.296997] kfree+0x222/0x3f0 [ 205.297408] drm_bridge_put.part.0+0xc7/0x100 [ 205.297834] drm_bridge_put_void+0x17/0x30 [ 205.298256] devm_action_release+0x50/0x80 [ 205.298549] devres_release_all+0x186/0x240 [ 205.298863] device_unbind_cleanup+0x1b/0x1b0 [ 205.299274] device_release_driver_internal+0x3e4/0x540 [ 205.299767] device_release_driver+0x16/0x20 [ 205.300249] bus_remove_device+0x1e9/0x3d0 [ 205.300646] device_del+0x397/0x980 [ 205.301043] device_unregister+0x1b/0xa0 [ 205.301480] device_unregister_wrapper+0x12/0x20 [ 205.301962] __kunit_action_free+0x57/0x70 [ 205.302338] kunit_remove_resource+0x133/0x200 [ 205.302760] kunit_cleanup+0x7a/0x120 [ 205.303150] kunit_try_run_case_cleanup+0xbd/0xf0 [ 205.303592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 205.304010] kthread+0x337/0x6f0 [ 205.304328] ret_from_fork+0x116/0x1d0 [ 205.304611] ret_from_fork_asm+0x1a/0x30 [ 205.304981] [ 205.305224] The buggy address belongs to the object at ffff88810583c000 [ 205.305224] which belongs to the cache kmalloc-512 of size 512 [ 205.306308] The buggy address is located 112 bytes inside of [ 205.306308] freed 512-byte region [ffff88810583c000, ffff88810583c200) [ 205.307039] [ 205.307247] The buggy address belongs to the physical page: [ 205.307722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10583c [ 205.308434] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 205.309100] anon flags: 0x200000000000040(head|node=0|zone=2) [ 205.309623] page_type: f5(slab) [ 205.309951] raw: 0200000000000040 ffff888100041c80 0000000000000000 0000000000000001 [ 205.310552] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 205.311139] head: 0200000000000040 ffff888100041c80 0000000000000000 0000000000000001 [ 205.311706] head: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 205.312254] head: 0200000000000002 ffffea0004160f01 00000000ffffffff 00000000ffffffff [ 205.312853] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 205.315054] page dumped because: kasan: bad access detected [ 205.315601] [ 205.315827] Memory state around the buggy address: [ 205.316885] ffff88810583bf00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 205.317547] ffff88810583bf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 205.318173] >ffff88810583c000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 205.318734] ^ [ 205.319173] ffff88810583c080: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 205.319705] ffff88810583c100: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 205.320339] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 24.989256] ================================================================== [ 24.990652] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 24.991167] Write of size 1 at addr ffff8881033b2278 by task kunit_try_catch/312 [ 24.991714] [ 24.993068] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.993168] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.993190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.993235] Call Trace: [ 24.993288] <TASK> [ 24.993338] dump_stack_lvl+0x73/0xb0 [ 24.993422] print_report+0xd1/0x650 [ 24.993495] ? __virt_addr_valid+0x1db/0x2d0 [ 24.993569] ? strncpy_from_user+0x1a5/0x1d0 [ 24.993609] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.993643] ? strncpy_from_user+0x1a5/0x1d0 [ 24.993678] kasan_report+0x141/0x180 [ 24.993710] ? strncpy_from_user+0x1a5/0x1d0 [ 24.993750] __asan_report_store1_noabort+0x1b/0x30 [ 24.993786] strncpy_from_user+0x1a5/0x1d0 [ 24.993824] copy_user_test_oob+0x760/0x10f0 [ 24.993891] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.993926] ? finish_task_switch.isra.0+0x153/0x700 [ 24.993962] ? __switch_to+0x47/0xf50 [ 24.993997] ? __schedule+0x10cc/0x2b60 [ 24.994025] ? __pfx_read_tsc+0x10/0x10 [ 24.994055] ? ktime_get_ts64+0x86/0x230 [ 24.994090] kunit_try_run_case+0x1a5/0x480 [ 24.994127] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.994159] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.994189] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.994245] ? __kthread_parkme+0x82/0x180 [ 24.994287] ? preempt_count_sub+0x50/0x80 [ 24.994320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.994355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.994390] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.994424] kthread+0x337/0x6f0 [ 24.994452] ? trace_preempt_on+0x20/0xc0 [ 24.994484] ? __pfx_kthread+0x10/0x10 [ 24.994514] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.994548] ? calculate_sigpending+0x7b/0xa0 [ 24.994587] ? __pfx_kthread+0x10/0x10 [ 24.994618] ret_from_fork+0x116/0x1d0 [ 24.994645] ? __pfx_kthread+0x10/0x10 [ 24.994674] ret_from_fork_asm+0x1a/0x30 [ 24.994717] </TASK> [ 24.994733] [ 25.010311] Allocated by task 312: [ 25.010996] kasan_save_stack+0x45/0x70 [ 25.011607] kasan_save_track+0x18/0x40 [ 25.012184] kasan_save_alloc_info+0x3b/0x50 [ 25.012544] __kasan_kmalloc+0xb7/0xc0 [ 25.012825] __kmalloc_noprof+0x1c9/0x500 [ 25.013139] kunit_kmalloc_array+0x25/0x60 [ 25.013687] copy_user_test_oob+0xab/0x10f0 [ 25.014116] kunit_try_run_case+0x1a5/0x480 [ 25.014859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 25.015371] kthread+0x337/0x6f0 [ 25.015934] ret_from_fork+0x116/0x1d0 [ 25.016350] ret_from_fork_asm+0x1a/0x30 [ 25.016756] [ 25.017113] The buggy address belongs to the object at ffff8881033b2200 [ 25.017113] which belongs to the cache kmalloc-128 of size 128 [ 25.018139] The buggy address is located 0 bytes to the right of [ 25.018139] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 25.019292] [ 25.019454] The buggy address belongs to the physical page: [ 25.019793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 25.020945] flags: 0x200000000000000(node=0|zone=2) [ 25.021465] page_type: f5(slab) [ 25.021816] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 25.022728] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 25.023407] page dumped because: kasan: bad access detected [ 25.023892] [ 25.024207] Memory state around the buggy address: [ 25.024903] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 25.025545] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.026507] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 25.026927] ^ [ 25.027486] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.028036] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 25.028540] ================================================================== [ 24.947103] ================================================================== [ 24.948354] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 24.949148] Write of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.949658] [ 24.949978] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.950109] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.950149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.950210] Call Trace: [ 24.950287] <TASK> [ 24.950340] dump_stack_lvl+0x73/0xb0 [ 24.950426] print_report+0xd1/0x650 [ 24.950505] ? __virt_addr_valid+0x1db/0x2d0 [ 24.950585] ? strncpy_from_user+0x2e/0x1d0 [ 24.950661] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.950739] ? strncpy_from_user+0x2e/0x1d0 [ 24.950819] kasan_report+0x141/0x180 [ 24.950919] ? strncpy_from_user+0x2e/0x1d0 [ 24.951010] kasan_check_range+0x10c/0x1c0 [ 24.951089] __kasan_check_write+0x18/0x20 [ 24.951156] strncpy_from_user+0x2e/0x1d0 [ 24.951236] ? __kasan_check_read+0x15/0x20 [ 24.951287] copy_user_test_oob+0x760/0x10f0 [ 24.951329] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.951363] ? finish_task_switch.isra.0+0x153/0x700 [ 24.951398] ? __switch_to+0x47/0xf50 [ 24.951435] ? __schedule+0x10cc/0x2b60 [ 24.951465] ? __pfx_read_tsc+0x10/0x10 [ 24.951496] ? ktime_get_ts64+0x86/0x230 [ 24.951531] kunit_try_run_case+0x1a5/0x480 [ 24.951579] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.951614] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.951644] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.951681] ? __kthread_parkme+0x82/0x180 [ 24.951710] ? preempt_count_sub+0x50/0x80 [ 24.951742] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.951776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.951812] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.951874] kthread+0x337/0x6f0 [ 24.951905] ? trace_preempt_on+0x20/0xc0 [ 24.951941] ? __pfx_kthread+0x10/0x10 [ 24.951973] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.952029] ? calculate_sigpending+0x7b/0xa0 [ 24.952069] ? __pfx_kthread+0x10/0x10 [ 24.952101] ret_from_fork+0x116/0x1d0 [ 24.952128] ? __pfx_kthread+0x10/0x10 [ 24.952158] ret_from_fork_asm+0x1a/0x30 [ 24.952201] </TASK> [ 24.952225] [ 24.970199] Allocated by task 312: [ 24.970667] kasan_save_stack+0x45/0x70 [ 24.971181] kasan_save_track+0x18/0x40 [ 24.971624] kasan_save_alloc_info+0x3b/0x50 [ 24.971972] __kasan_kmalloc+0xb7/0xc0 [ 24.972335] __kmalloc_noprof+0x1c9/0x500 [ 24.972745] kunit_kmalloc_array+0x25/0x60 [ 24.973303] copy_user_test_oob+0xab/0x10f0 [ 24.973681] kunit_try_run_case+0x1a5/0x480 [ 24.974007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.974412] kthread+0x337/0x6f0 [ 24.974843] ret_from_fork+0x116/0x1d0 [ 24.975447] ret_from_fork_asm+0x1a/0x30 [ 24.975984] [ 24.976323] The buggy address belongs to the object at ffff8881033b2200 [ 24.976323] which belongs to the cache kmalloc-128 of size 128 [ 24.977488] The buggy address is located 0 bytes inside of [ 24.977488] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.978585] [ 24.978798] The buggy address belongs to the physical page: [ 24.979375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.979911] flags: 0x200000000000000(node=0|zone=2) [ 24.980576] page_type: f5(slab) [ 24.981030] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.981745] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.982479] page dumped because: kasan: bad access detected [ 24.983025] [ 24.983294] Memory state around the buggy address: [ 24.983850] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.984509] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.985259] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.985862] ^ [ 24.986549] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.987279] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.987794] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 24.865460] ================================================================== [ 24.866172] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 24.866859] Write of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.867566] [ 24.867814] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.867954] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.867993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.868053] Call Trace: [ 24.868099] <TASK> [ 24.868145] dump_stack_lvl+0x73/0xb0 [ 24.868274] print_report+0xd1/0x650 [ 24.868356] ? __virt_addr_valid+0x1db/0x2d0 [ 24.868426] ? copy_user_test_oob+0x557/0x10f0 [ 24.868480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.868551] ? copy_user_test_oob+0x557/0x10f0 [ 24.868628] kasan_report+0x141/0x180 [ 24.868749] ? copy_user_test_oob+0x557/0x10f0 [ 24.868887] kasan_check_range+0x10c/0x1c0 [ 24.868973] __kasan_check_write+0x18/0x20 [ 24.869043] copy_user_test_oob+0x557/0x10f0 [ 24.869128] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.869203] ? finish_task_switch.isra.0+0x153/0x700 [ 24.869330] ? __switch_to+0x47/0xf50 [ 24.869417] ? __schedule+0x10cc/0x2b60 [ 24.869543] ? __pfx_read_tsc+0x10/0x10 [ 24.869648] ? ktime_get_ts64+0x86/0x230 [ 24.869733] kunit_try_run_case+0x1a5/0x480 [ 24.869808] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.869902] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.869975] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.870052] ? __kthread_parkme+0x82/0x180 [ 24.870120] ? preempt_count_sub+0x50/0x80 [ 24.870197] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.870322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.870401] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.870480] kthread+0x337/0x6f0 [ 24.870549] ? trace_preempt_on+0x20/0xc0 [ 24.870687] ? __pfx_kthread+0x10/0x10 [ 24.870795] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.870972] ? calculate_sigpending+0x7b/0xa0 [ 24.871055] ? __pfx_kthread+0x10/0x10 [ 24.871116] ret_from_fork+0x116/0x1d0 [ 24.871149] ? __pfx_kthread+0x10/0x10 [ 24.871182] ret_from_fork_asm+0x1a/0x30 [ 24.871257] </TASK> [ 24.871282] [ 24.885853] Allocated by task 312: [ 24.886175] kasan_save_stack+0x45/0x70 [ 24.886563] kasan_save_track+0x18/0x40 [ 24.886955] kasan_save_alloc_info+0x3b/0x50 [ 24.887427] __kasan_kmalloc+0xb7/0xc0 [ 24.887814] __kmalloc_noprof+0x1c9/0x500 [ 24.888171] kunit_kmalloc_array+0x25/0x60 [ 24.888583] copy_user_test_oob+0xab/0x10f0 [ 24.889020] kunit_try_run_case+0x1a5/0x480 [ 24.889371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.889725] kthread+0x337/0x6f0 [ 24.890095] ret_from_fork+0x116/0x1d0 [ 24.890517] ret_from_fork_asm+0x1a/0x30 [ 24.890949] [ 24.891151] The buggy address belongs to the object at ffff8881033b2200 [ 24.891151] which belongs to the cache kmalloc-128 of size 128 [ 24.891996] The buggy address is located 0 bytes inside of [ 24.891996] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.892974] [ 24.893198] The buggy address belongs to the physical page: [ 24.893732] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.894401] flags: 0x200000000000000(node=0|zone=2) [ 24.894806] page_type: f5(slab) [ 24.895180] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.895779] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.896436] page dumped because: kasan: bad access detected [ 24.896882] [ 24.897091] Memory state around the buggy address: [ 24.897549] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.898006] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.898561] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.899255] ^ [ 24.899789] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.900338] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.900929] ================================================================== [ 24.902096] ================================================================== [ 24.904352] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 24.904920] Read of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.905357] [ 24.905545] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.905660] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.905692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.905745] Call Trace: [ 24.905794] <TASK> [ 24.905887] dump_stack_lvl+0x73/0xb0 [ 24.905973] print_report+0xd1/0x650 [ 24.906054] ? __virt_addr_valid+0x1db/0x2d0 [ 24.906130] ? copy_user_test_oob+0x604/0x10f0 [ 24.906247] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.906334] ? copy_user_test_oob+0x604/0x10f0 [ 24.906414] kasan_report+0x141/0x180 [ 24.906488] ? copy_user_test_oob+0x604/0x10f0 [ 24.906578] kasan_check_range+0x10c/0x1c0 [ 24.906658] __kasan_check_read+0x15/0x20 [ 24.906729] copy_user_test_oob+0x604/0x10f0 [ 24.906816] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.906909] ? finish_task_switch.isra.0+0x153/0x700 [ 24.906983] ? __switch_to+0x47/0xf50 [ 24.907066] ? __schedule+0x10cc/0x2b60 [ 24.907140] ? __pfx_read_tsc+0x10/0x10 [ 24.907207] ? ktime_get_ts64+0x86/0x230 [ 24.907331] kunit_try_run_case+0x1a5/0x480 [ 24.907409] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.907481] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.907557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.907640] ? __kthread_parkme+0x82/0x180 [ 24.907711] ? preempt_count_sub+0x50/0x80 [ 24.907787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.907889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.907971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.908051] kthread+0x337/0x6f0 [ 24.908127] ? trace_preempt_on+0x20/0xc0 [ 24.908207] ? __pfx_kthread+0x10/0x10 [ 24.908329] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.908411] ? calculate_sigpending+0x7b/0xa0 [ 24.908494] ? __pfx_kthread+0x10/0x10 [ 24.908564] ret_from_fork+0x116/0x1d0 [ 24.908596] ? __pfx_kthread+0x10/0x10 [ 24.908629] ret_from_fork_asm+0x1a/0x30 [ 24.908673] </TASK> [ 24.908689] [ 24.921623] Allocated by task 312: [ 24.921981] kasan_save_stack+0x45/0x70 [ 24.922379] kasan_save_track+0x18/0x40 [ 24.922757] kasan_save_alloc_info+0x3b/0x50 [ 24.923153] __kasan_kmalloc+0xb7/0xc0 [ 24.923595] __kmalloc_noprof+0x1c9/0x500 [ 24.923969] kunit_kmalloc_array+0x25/0x60 [ 24.924362] copy_user_test_oob+0xab/0x10f0 [ 24.924739] kunit_try_run_case+0x1a5/0x480 [ 24.925153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.925552] kthread+0x337/0x6f0 [ 24.925785] ret_from_fork+0x116/0x1d0 [ 24.926055] ret_from_fork_asm+0x1a/0x30 [ 24.929370] [ 24.929527] The buggy address belongs to the object at ffff8881033b2200 [ 24.929527] which belongs to the cache kmalloc-128 of size 128 [ 24.930147] The buggy address is located 0 bytes inside of [ 24.930147] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.931205] [ 24.931339] The buggy address belongs to the physical page: [ 24.931622] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.932158] flags: 0x200000000000000(node=0|zone=2) [ 24.932603] page_type: f5(slab) [ 24.932985] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.936566] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.937032] page dumped because: kasan: bad access detected [ 24.941147] [ 24.941344] Memory state around the buggy address: [ 24.941611] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.942002] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.942644] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.943361] ^ [ 24.944023] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.944795] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.945505] ================================================================== [ 24.788364] ================================================================== [ 24.788871] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 24.789543] Write of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.790096] [ 24.790451] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.790586] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.790627] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.790686] Call Trace: [ 24.790729] <TASK> [ 24.790774] dump_stack_lvl+0x73/0xb0 [ 24.790876] print_report+0xd1/0x650 [ 24.790955] ? __virt_addr_valid+0x1db/0x2d0 [ 24.791033] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.791107] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.791188] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.791313] kasan_report+0x141/0x180 [ 24.791394] ? copy_user_test_oob+0x3fd/0x10f0 [ 24.791486] kasan_check_range+0x10c/0x1c0 [ 24.791576] __kasan_check_write+0x18/0x20 [ 24.791646] copy_user_test_oob+0x3fd/0x10f0 [ 24.791692] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.791729] ? finish_task_switch.isra.0+0x153/0x700 [ 24.791762] ? __switch_to+0x47/0xf50 [ 24.791798] ? __schedule+0x10cc/0x2b60 [ 24.791845] ? __pfx_read_tsc+0x10/0x10 [ 24.791886] ? ktime_get_ts64+0x86/0x230 [ 24.791923] kunit_try_run_case+0x1a5/0x480 [ 24.791961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.791995] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.792024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.792060] ? __kthread_parkme+0x82/0x180 [ 24.792090] ? preempt_count_sub+0x50/0x80 [ 24.792122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.792156] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.792189] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.792265] kthread+0x337/0x6f0 [ 24.792302] ? trace_preempt_on+0x20/0xc0 [ 24.792340] ? __pfx_kthread+0x10/0x10 [ 24.792370] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.792405] ? calculate_sigpending+0x7b/0xa0 [ 24.792441] ? __pfx_kthread+0x10/0x10 [ 24.792474] ret_from_fork+0x116/0x1d0 [ 24.792502] ? __pfx_kthread+0x10/0x10 [ 24.792532] ret_from_fork_asm+0x1a/0x30 [ 24.792577] </TASK> [ 24.792593] [ 24.807082] Allocated by task 312: [ 24.807643] kasan_save_stack+0x45/0x70 [ 24.808081] kasan_save_track+0x18/0x40 [ 24.809079] kasan_save_alloc_info+0x3b/0x50 [ 24.809512] __kasan_kmalloc+0xb7/0xc0 [ 24.809797] __kmalloc_noprof+0x1c9/0x500 [ 24.810110] kunit_kmalloc_array+0x25/0x60 [ 24.810754] copy_user_test_oob+0xab/0x10f0 [ 24.812456] kunit_try_run_case+0x1a5/0x480 [ 24.813089] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.813593] kthread+0x337/0x6f0 [ 24.813990] ret_from_fork+0x116/0x1d0 [ 24.814330] ret_from_fork_asm+0x1a/0x30 [ 24.814768] [ 24.814986] The buggy address belongs to the object at ffff8881033b2200 [ 24.814986] which belongs to the cache kmalloc-128 of size 128 [ 24.816360] The buggy address is located 0 bytes inside of [ 24.816360] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.817663] [ 24.817881] The buggy address belongs to the physical page: [ 24.818373] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.818996] flags: 0x200000000000000(node=0|zone=2) [ 24.819409] page_type: f5(slab) [ 24.819698] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.820782] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.821485] page dumped because: kasan: bad access detected [ 24.822194] [ 24.822487] Memory state around the buggy address: [ 24.823115] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.824526] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.825020] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.825549] ^ [ 24.826068] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.826588] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.827396] ================================================================== [ 24.828590] ================================================================== [ 24.829241] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 24.830149] Read of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.830657] [ 24.830985] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.831146] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.831347] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.831408] Call Trace: [ 24.831495] <TASK> [ 24.831556] dump_stack_lvl+0x73/0xb0 [ 24.831787] print_report+0xd1/0x650 [ 24.831897] ? __virt_addr_valid+0x1db/0x2d0 [ 24.832114] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.832316] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.832405] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.832485] kasan_report+0x141/0x180 [ 24.832560] ? copy_user_test_oob+0x4aa/0x10f0 [ 24.832646] kasan_check_range+0x10c/0x1c0 [ 24.832725] __kasan_check_read+0x15/0x20 [ 24.832792] copy_user_test_oob+0x4aa/0x10f0 [ 24.832897] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.832974] ? finish_task_switch.isra.0+0x153/0x700 [ 24.833051] ? __switch_to+0x47/0xf50 [ 24.833136] ? __schedule+0x10cc/0x2b60 [ 24.833257] ? __pfx_read_tsc+0x10/0x10 [ 24.833362] ? ktime_get_ts64+0x86/0x230 [ 24.833441] kunit_try_run_case+0x1a5/0x480 [ 24.833502] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.833539] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.833569] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.833607] ? __kthread_parkme+0x82/0x180 [ 24.833637] ? preempt_count_sub+0x50/0x80 [ 24.833671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.833707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.833740] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.833774] kthread+0x337/0x6f0 [ 24.833803] ? trace_preempt_on+0x20/0xc0 [ 24.833862] ? __pfx_kthread+0x10/0x10 [ 24.833897] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.833934] ? calculate_sigpending+0x7b/0xa0 [ 24.833971] ? __pfx_kthread+0x10/0x10 [ 24.834002] ret_from_fork+0x116/0x1d0 [ 24.834028] ? __pfx_kthread+0x10/0x10 [ 24.834058] ret_from_fork_asm+0x1a/0x30 [ 24.834100] </TASK> [ 24.834116] [ 24.848546] Allocated by task 312: [ 24.848802] kasan_save_stack+0x45/0x70 [ 24.849250] kasan_save_track+0x18/0x40 [ 24.849638] kasan_save_alloc_info+0x3b/0x50 [ 24.850099] __kasan_kmalloc+0xb7/0xc0 [ 24.850565] __kmalloc_noprof+0x1c9/0x500 [ 24.850975] kunit_kmalloc_array+0x25/0x60 [ 24.851444] copy_user_test_oob+0xab/0x10f0 [ 24.851858] kunit_try_run_case+0x1a5/0x480 [ 24.852338] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.852698] kthread+0x337/0x6f0 [ 24.852976] ret_from_fork+0x116/0x1d0 [ 24.853425] ret_from_fork_asm+0x1a/0x30 [ 24.853842] [ 24.854081] The buggy address belongs to the object at ffff8881033b2200 [ 24.854081] which belongs to the cache kmalloc-128 of size 128 [ 24.855153] The buggy address is located 0 bytes inside of [ 24.855153] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.855972] [ 24.856244] The buggy address belongs to the physical page: [ 24.856740] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.857448] flags: 0x200000000000000(node=0|zone=2) [ 24.857917] page_type: f5(slab) [ 24.858293] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.858963] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.859607] page dumped because: kasan: bad access detected [ 24.860100] [ 24.860366] Memory state around the buggy address: [ 24.860732] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.861309] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.861743] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.862334] ^ [ 24.862976] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863444] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.863886] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 24.741576] ================================================================== [ 24.742121] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 24.742736] Read of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.743422] [ 24.743683] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.743814] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.743875] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.743940] Call Trace: [ 24.743980] <TASK> [ 24.744031] dump_stack_lvl+0x73/0xb0 [ 24.744115] print_report+0xd1/0x650 [ 24.744281] ? __virt_addr_valid+0x1db/0x2d0 [ 24.744354] ? _copy_to_user+0x3c/0x70 [ 24.744422] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.744494] ? _copy_to_user+0x3c/0x70 [ 24.744560] kasan_report+0x141/0x180 [ 24.744636] ? _copy_to_user+0x3c/0x70 [ 24.744712] kasan_check_range+0x10c/0x1c0 [ 24.744785] __kasan_check_read+0x15/0x20 [ 24.744816] _copy_to_user+0x3c/0x70 [ 24.744874] copy_user_test_oob+0x364/0x10f0 [ 24.744914] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.744947] ? finish_task_switch.isra.0+0x153/0x700 [ 24.744983] ? __switch_to+0x47/0xf50 [ 24.745020] ? __schedule+0x10cc/0x2b60 [ 24.745048] ? __pfx_read_tsc+0x10/0x10 [ 24.745079] ? ktime_get_ts64+0x86/0x230 [ 24.745113] kunit_try_run_case+0x1a5/0x480 [ 24.745148] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.745181] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.745211] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.745274] ? __kthread_parkme+0x82/0x180 [ 24.745306] ? preempt_count_sub+0x50/0x80 [ 24.745337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.745371] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.745404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.745437] kthread+0x337/0x6f0 [ 24.745465] ? trace_preempt_on+0x20/0xc0 [ 24.745501] ? __pfx_kthread+0x10/0x10 [ 24.745531] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.745565] ? calculate_sigpending+0x7b/0xa0 [ 24.745600] ? __pfx_kthread+0x10/0x10 [ 24.745630] ret_from_fork+0x116/0x1d0 [ 24.745658] ? __pfx_kthread+0x10/0x10 [ 24.745687] ret_from_fork_asm+0x1a/0x30 [ 24.745729] </TASK> [ 24.745746] [ 24.761613] Allocated by task 312: [ 24.762040] kasan_save_stack+0x45/0x70 [ 24.762615] kasan_save_track+0x18/0x40 [ 24.763125] kasan_save_alloc_info+0x3b/0x50 [ 24.763591] __kasan_kmalloc+0xb7/0xc0 [ 24.764126] __kmalloc_noprof+0x1c9/0x500 [ 24.764636] kunit_kmalloc_array+0x25/0x60 [ 24.765033] copy_user_test_oob+0xab/0x10f0 [ 24.765606] kunit_try_run_case+0x1a5/0x480 [ 24.766129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.766706] kthread+0x337/0x6f0 [ 24.767130] ret_from_fork+0x116/0x1d0 [ 24.767558] ret_from_fork_asm+0x1a/0x30 [ 24.768092] [ 24.768299] The buggy address belongs to the object at ffff8881033b2200 [ 24.768299] which belongs to the cache kmalloc-128 of size 128 [ 24.769423] The buggy address is located 0 bytes inside of [ 24.769423] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.770610] [ 24.770799] The buggy address belongs to the physical page: [ 24.771409] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.772111] flags: 0x200000000000000(node=0|zone=2) [ 24.772563] page_type: f5(slab) [ 24.772977] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.773819] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.774647] page dumped because: kasan: bad access detected [ 24.775025] [ 24.775323] Memory state around the buggy address: [ 24.776077] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.778203] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.779065] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.779739] ^ [ 24.780308] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.781189] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.781914] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 24.695916] ================================================================== [ 24.697076] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 24.697814] Write of size 121 at addr ffff8881033b2200 by task kunit_try_catch/312 [ 24.698260] [ 24.698474] CPU: 0 UID: 0 PID: 312 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.698612] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.698655] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.698721] Call Trace: [ 24.698763] <TASK> [ 24.698817] dump_stack_lvl+0x73/0xb0 [ 24.698921] print_report+0xd1/0x650 [ 24.699002] ? __virt_addr_valid+0x1db/0x2d0 [ 24.699081] ? _copy_from_user+0x32/0x90 [ 24.699150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.699226] ? _copy_from_user+0x32/0x90 [ 24.699299] kasan_report+0x141/0x180 [ 24.699378] ? _copy_from_user+0x32/0x90 [ 24.699458] kasan_check_range+0x10c/0x1c0 [ 24.699551] __kasan_check_write+0x18/0x20 [ 24.699623] _copy_from_user+0x32/0x90 [ 24.699696] copy_user_test_oob+0x2be/0x10f0 [ 24.699784] ? __pfx_copy_user_test_oob+0x10/0x10 [ 24.699880] ? finish_task_switch.isra.0+0x153/0x700 [ 24.699940] ? __switch_to+0x47/0xf50 [ 24.699982] ? __schedule+0x10cc/0x2b60 [ 24.700013] ? __pfx_read_tsc+0x10/0x10 [ 24.700045] ? ktime_get_ts64+0x86/0x230 [ 24.700080] kunit_try_run_case+0x1a5/0x480 [ 24.700117] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.700151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.700181] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.700232] ? __kthread_parkme+0x82/0x180 [ 24.700285] ? preempt_count_sub+0x50/0x80 [ 24.700320] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.700354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.700388] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.700423] kthread+0x337/0x6f0 [ 24.700450] ? trace_preempt_on+0x20/0xc0 [ 24.700486] ? __pfx_kthread+0x10/0x10 [ 24.700517] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.700551] ? calculate_sigpending+0x7b/0xa0 [ 24.700587] ? __pfx_kthread+0x10/0x10 [ 24.700618] ret_from_fork+0x116/0x1d0 [ 24.700645] ? __pfx_kthread+0x10/0x10 [ 24.700673] ret_from_fork_asm+0x1a/0x30 [ 24.700719] </TASK> [ 24.700737] [ 24.716985] Allocated by task 312: [ 24.717368] kasan_save_stack+0x45/0x70 [ 24.717759] kasan_save_track+0x18/0x40 [ 24.718339] kasan_save_alloc_info+0x3b/0x50 [ 24.718659] __kasan_kmalloc+0xb7/0xc0 [ 24.719159] __kmalloc_noprof+0x1c9/0x500 [ 24.720007] kunit_kmalloc_array+0x25/0x60 [ 24.720482] copy_user_test_oob+0xab/0x10f0 [ 24.720989] kunit_try_run_case+0x1a5/0x480 [ 24.721680] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.722135] kthread+0x337/0x6f0 [ 24.722439] ret_from_fork+0x116/0x1d0 [ 24.722722] ret_from_fork_asm+0x1a/0x30 [ 24.723088] [ 24.723413] The buggy address belongs to the object at ffff8881033b2200 [ 24.723413] which belongs to the cache kmalloc-128 of size 128 [ 24.724776] The buggy address is located 0 bytes inside of [ 24.724776] allocated 120-byte region [ffff8881033b2200, ffff8881033b2278) [ 24.726059] [ 24.726379] The buggy address belongs to the physical page: [ 24.727010] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033b2 [ 24.727890] flags: 0x200000000000000(node=0|zone=2) [ 24.728274] page_type: f5(slab) [ 24.728550] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.729493] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.730202] page dumped because: kasan: bad access detected [ 24.730746] [ 24.731083] Memory state around the buggy address: [ 24.731708] ffff8881033b2100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.732510] ffff8881033b2180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.733063] >ffff8881033b2200: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.733859] ^ [ 24.734440] ffff8881033b2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.735166] ffff8881033b2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.735782] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 24.623752] ================================================================== [ 24.624265] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 24.625666] Write of size 8 at addr ffff888100ab0378 by task kunit_try_catch/308 [ 24.626618] [ 24.626824] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.626970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.627011] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.627074] Call Trace: [ 24.627114] <TASK> [ 24.627165] dump_stack_lvl+0x73/0xb0 [ 24.627266] print_report+0xd1/0x650 [ 24.627347] ? __virt_addr_valid+0x1db/0x2d0 [ 24.627422] ? copy_to_kernel_nofault+0x99/0x260 [ 24.627502] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.627584] ? copy_to_kernel_nofault+0x99/0x260 [ 24.627659] kasan_report+0x141/0x180 [ 24.627732] ? copy_to_kernel_nofault+0x99/0x260 [ 24.627818] kasan_check_range+0x10c/0x1c0 [ 24.627920] __kasan_check_write+0x18/0x20 [ 24.627992] copy_to_kernel_nofault+0x99/0x260 [ 24.628077] copy_to_kernel_nofault_oob+0x288/0x560 [ 24.628167] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.628252] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.628334] ? trace_hardirqs_on+0x37/0xe0 [ 24.628430] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.628477] kunit_try_run_case+0x1a5/0x480 [ 24.628517] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.628551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.628582] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.628622] ? __kthread_parkme+0x82/0x180 [ 24.628652] ? preempt_count_sub+0x50/0x80 [ 24.628689] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.628724] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.628759] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.628794] kthread+0x337/0x6f0 [ 24.628823] ? trace_preempt_on+0x20/0xc0 [ 24.628885] ? __pfx_kthread+0x10/0x10 [ 24.628917] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.628953] ? calculate_sigpending+0x7b/0xa0 [ 24.628987] ? __pfx_kthread+0x10/0x10 [ 24.629019] ret_from_fork+0x116/0x1d0 [ 24.629048] ? __pfx_kthread+0x10/0x10 [ 24.629079] ret_from_fork_asm+0x1a/0x30 [ 24.629123] </TASK> [ 24.629140] [ 24.645170] Allocated by task 308: [ 24.646036] kasan_save_stack+0x45/0x70 [ 24.647656] kasan_save_track+0x18/0x40 [ 24.649059] kasan_save_alloc_info+0x3b/0x50 [ 24.649994] __kasan_kmalloc+0xb7/0xc0 [ 24.650733] __kmalloc_cache_noprof+0x189/0x420 [ 24.651206] copy_to_kernel_nofault_oob+0x12f/0x560 [ 24.651763] kunit_try_run_case+0x1a5/0x480 [ 24.652505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.653691] kthread+0x337/0x6f0 [ 24.654415] ret_from_fork+0x116/0x1d0 [ 24.655094] ret_from_fork_asm+0x1a/0x30 [ 24.655623] [ 24.655784] The buggy address belongs to the object at ffff888100ab0300 [ 24.655784] which belongs to the cache kmalloc-128 of size 128 [ 24.656543] The buggy address is located 0 bytes to the right of [ 24.656543] allocated 120-byte region [ffff888100ab0300, ffff888100ab0378) [ 24.657472] [ 24.657680] The buggy address belongs to the physical page: [ 24.658498] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 24.658945] flags: 0x200000000000000(node=0|zone=2) [ 24.659391] page_type: f5(slab) [ 24.659652] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.660110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.663373] page dumped because: kasan: bad access detected [ 24.664376] [ 24.664899] Memory state around the buggy address: [ 24.666314] ffff888100ab0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.668642] ffff888100ab0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.670723] >ffff888100ab0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.672122] ^ [ 24.673745] ffff888100ab0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.675156] ffff888100ab0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.675987] ================================================================== [ 24.577667] ================================================================== [ 24.578818] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 24.580483] Read of size 8 at addr ffff888100ab0378 by task kunit_try_catch/308 [ 24.581133] [ 24.581716] CPU: 1 UID: 0 PID: 308 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.581902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.581947] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.582009] Call Trace: [ 24.582052] <TASK> [ 24.582094] dump_stack_lvl+0x73/0xb0 [ 24.582144] print_report+0xd1/0x650 [ 24.582179] ? __virt_addr_valid+0x1db/0x2d0 [ 24.582216] ? copy_to_kernel_nofault+0x225/0x260 [ 24.582292] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.582373] ? copy_to_kernel_nofault+0x225/0x260 [ 24.582431] kasan_report+0x141/0x180 [ 24.582466] ? copy_to_kernel_nofault+0x225/0x260 [ 24.582506] __asan_report_load8_noabort+0x18/0x20 [ 24.582544] copy_to_kernel_nofault+0x225/0x260 [ 24.582580] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 24.582614] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.582647] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 24.582683] ? trace_hardirqs_on+0x37/0xe0 [ 24.582725] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 24.582763] kunit_try_run_case+0x1a5/0x480 [ 24.582801] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.582859] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.582894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.582933] ? __kthread_parkme+0x82/0x180 [ 24.582963] ? preempt_count_sub+0x50/0x80 [ 24.582996] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.583031] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.583064] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.583096] kthread+0x337/0x6f0 [ 24.583126] ? trace_preempt_on+0x20/0xc0 [ 24.583158] ? __pfx_kthread+0x10/0x10 [ 24.583186] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.583233] ? calculate_sigpending+0x7b/0xa0 [ 24.583319] ? __pfx_kthread+0x10/0x10 [ 24.583367] ret_from_fork+0x116/0x1d0 [ 24.583396] ? __pfx_kthread+0x10/0x10 [ 24.583427] ret_from_fork_asm+0x1a/0x30 [ 24.583471] </TASK> [ 24.583489] [ 24.602067] Allocated by task 308: [ 24.602393] kasan_save_stack+0x45/0x70 [ 24.602810] kasan_save_track+0x18/0x40 [ 24.603561] kasan_save_alloc_info+0x3b/0x50 [ 24.604664] __kasan_kmalloc+0xb7/0xc0 [ 24.604999] __kmalloc_cache_noprof+0x189/0x420 [ 24.605611] copy_to_kernel_nofault_oob+0x12f/0x560 [ 24.606245] kunit_try_run_case+0x1a5/0x480 [ 24.606634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.607385] kthread+0x337/0x6f0 [ 24.607760] ret_from_fork+0x116/0x1d0 [ 24.608312] ret_from_fork_asm+0x1a/0x30 [ 24.608778] [ 24.609197] The buggy address belongs to the object at ffff888100ab0300 [ 24.609197] which belongs to the cache kmalloc-128 of size 128 [ 24.610431] The buggy address is located 0 bytes to the right of [ 24.610431] allocated 120-byte region [ffff888100ab0300, ffff888100ab0378) [ 24.611656] [ 24.611882] The buggy address belongs to the physical page: [ 24.612647] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 24.613136] flags: 0x200000000000000(node=0|zone=2) [ 24.613514] page_type: f5(slab) [ 24.613895] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 24.614972] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 24.616037] page dumped because: kasan: bad access detected [ 24.616569] [ 24.616782] Memory state around the buggy address: [ 24.617164] ffff888100ab0200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 24.618056] ffff888100ab0280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.618851] >ffff888100ab0300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 24.619864] ^ [ 24.620689] ffff888100ab0380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.621287] ffff888100ab0400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.622107] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 23.773914] ================================================================== [ 23.774793] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 23.775510] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.776154] [ 23.776476] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.776602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.776643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.776705] Call Trace: [ 23.776757] <TASK> [ 23.776798] dump_stack_lvl+0x73/0xb0 [ 23.776898] print_report+0xd1/0x650 [ 23.776977] ? __virt_addr_valid+0x1db/0x2d0 [ 23.777052] ? kasan_atomics_helper+0x19e3/0x5450 [ 23.777150] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.777295] ? kasan_atomics_helper+0x19e3/0x5450 [ 23.777372] kasan_report+0x141/0x180 [ 23.777499] ? kasan_atomics_helper+0x19e3/0x5450 [ 23.777589] kasan_check_range+0x10c/0x1c0 [ 23.777675] __kasan_check_write+0x18/0x20 [ 23.777748] kasan_atomics_helper+0x19e3/0x5450 [ 23.777873] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.777953] ? kasan_save_alloc_info+0x3b/0x50 [ 23.778047] kasan_atomics+0x1dc/0x310 [ 23.778150] ? __pfx_kasan_atomics+0x10/0x10 [ 23.778303] ? __pfx_read_tsc+0x10/0x10 [ 23.778378] ? ktime_get_ts64+0x86/0x230 [ 23.778486] kunit_try_run_case+0x1a5/0x480 [ 23.778595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.778672] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.778766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.778894] ? __kthread_parkme+0x82/0x180 [ 23.778965] ? preempt_count_sub+0x50/0x80 [ 23.779006] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.779044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.779081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.779155] kthread+0x337/0x6f0 [ 23.779243] ? trace_preempt_on+0x20/0xc0 [ 23.779397] ? __pfx_kthread+0x10/0x10 [ 23.779477] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.779565] ? calculate_sigpending+0x7b/0xa0 [ 23.779694] ? __pfx_kthread+0x10/0x10 [ 23.779775] ret_from_fork+0x116/0x1d0 [ 23.779858] ? __pfx_kthread+0x10/0x10 [ 23.779898] ret_from_fork_asm+0x1a/0x30 [ 23.779945] </TASK> [ 23.779962] [ 23.793974] Allocated by task 292: [ 23.794270] kasan_save_stack+0x45/0x70 [ 23.794680] kasan_save_track+0x18/0x40 [ 23.795099] kasan_save_alloc_info+0x3b/0x50 [ 23.795597] __kasan_kmalloc+0xb7/0xc0 [ 23.795997] __kmalloc_cache_noprof+0x189/0x420 [ 23.796500] kasan_atomics+0x95/0x310 [ 23.796901] kunit_try_run_case+0x1a5/0x480 [ 23.797356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.797712] kthread+0x337/0x6f0 [ 23.798066] ret_from_fork+0x116/0x1d0 [ 23.798498] ret_from_fork_asm+0x1a/0x30 [ 23.798913] [ 23.799120] The buggy address belongs to the object at ffff88810383ae00 [ 23.799120] which belongs to the cache kmalloc-64 of size 64 [ 23.800119] The buggy address is located 0 bytes to the right of [ 23.800119] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.800941] [ 23.801150] The buggy address belongs to the physical page: [ 23.801650] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.802272] flags: 0x200000000000000(node=0|zone=2) [ 23.802598] page_type: f5(slab) [ 23.802891] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.803574] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.804205] page dumped because: kasan: bad access detected [ 23.804739] [ 23.804918] Memory state around the buggy address: [ 23.805266] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.805866] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.806484] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.807067] ^ [ 23.807487] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.808087] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.808653] ================================================================== [ 21.875033] ================================================================== [ 21.876014] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 21.877083] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 21.878479] [ 21.878878] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.879007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.879096] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.879177] Call Trace: [ 21.879225] <TASK> [ 21.879270] dump_stack_lvl+0x73/0xb0 [ 21.879366] print_report+0xd1/0x650 [ 21.879447] ? __virt_addr_valid+0x1db/0x2d0 [ 21.879521] ? kasan_atomics_helper+0x4b6e/0x5450 [ 21.879566] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.879600] ? kasan_atomics_helper+0x4b6e/0x5450 [ 21.879633] kasan_report+0x141/0x180 [ 21.879666] ? kasan_atomics_helper+0x4b6e/0x5450 [ 21.879700] __asan_report_store4_noabort+0x1b/0x30 [ 21.879738] kasan_atomics_helper+0x4b6e/0x5450 [ 21.879770] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 21.879800] ? kasan_save_alloc_info+0x3b/0x50 [ 21.879866] kasan_atomics+0x1dc/0x310 [ 21.879905] ? __pfx_kasan_atomics+0x10/0x10 [ 21.879943] ? __pfx_read_tsc+0x10/0x10 [ 21.879973] ? ktime_get_ts64+0x86/0x230 [ 21.880008] kunit_try_run_case+0x1a5/0x480 [ 21.880044] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.880076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.880106] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.880143] ? __kthread_parkme+0x82/0x180 [ 21.880171] ? preempt_count_sub+0x50/0x80 [ 21.880204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.880284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.880358] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.880396] kthread+0x337/0x6f0 [ 21.880423] ? trace_preempt_on+0x20/0xc0 [ 21.880459] ? __pfx_kthread+0x10/0x10 [ 21.880489] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.880522] ? calculate_sigpending+0x7b/0xa0 [ 21.880558] ? __pfx_kthread+0x10/0x10 [ 21.880588] ret_from_fork+0x116/0x1d0 [ 21.880615] ? __pfx_kthread+0x10/0x10 [ 21.880643] ret_from_fork_asm+0x1a/0x30 [ 21.880686] </TASK> [ 21.880700] [ 21.900044] Allocated by task 292: [ 21.900578] kasan_save_stack+0x45/0x70 [ 21.900987] kasan_save_track+0x18/0x40 [ 21.901728] kasan_save_alloc_info+0x3b/0x50 [ 21.902064] __kasan_kmalloc+0xb7/0xc0 [ 21.902511] __kmalloc_cache_noprof+0x189/0x420 [ 21.903257] kasan_atomics+0x95/0x310 [ 21.903660] kunit_try_run_case+0x1a5/0x480 [ 21.904147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.904505] kthread+0x337/0x6f0 [ 21.905028] ret_from_fork+0x116/0x1d0 [ 21.905415] ret_from_fork_asm+0x1a/0x30 [ 21.906169] [ 21.906486] The buggy address belongs to the object at ffff88810383ae00 [ 21.906486] which belongs to the cache kmalloc-64 of size 64 [ 21.907217] The buggy address is located 0 bytes to the right of [ 21.907217] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 21.908799] [ 21.909042] The buggy address belongs to the physical page: [ 21.909847] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 21.910366] flags: 0x200000000000000(node=0|zone=2) [ 21.910977] page_type: f5(slab) [ 21.911503] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 21.912098] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.912979] page dumped because: kasan: bad access detected [ 21.913344] [ 21.913506] Memory state around the buggy address: [ 21.913912] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.914898] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.915637] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.916175] ^ [ 21.916937] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.917697] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.918170] ================================================================== [ 22.016417] ================================================================== [ 22.018022] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 22.019847] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.021086] [ 22.021315] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.021448] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.021491] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.021554] Call Trace: [ 22.021604] <TASK> [ 22.021641] dump_stack_lvl+0x73/0xb0 [ 22.021704] print_report+0xd1/0x650 [ 22.021776] ? __virt_addr_valid+0x1db/0x2d0 [ 22.021850] ? kasan_atomics_helper+0x4a0/0x5450 [ 22.021903] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.021956] ? kasan_atomics_helper+0x4a0/0x5450 [ 22.022006] kasan_report+0x141/0x180 [ 22.022067] ? kasan_atomics_helper+0x4a0/0x5450 [ 22.022133] kasan_check_range+0x10c/0x1c0 [ 22.022191] __kasan_check_write+0x18/0x20 [ 22.022709] kasan_atomics_helper+0x4a0/0x5450 [ 22.022796] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.022876] ? kasan_save_alloc_info+0x3b/0x50 [ 22.022947] kasan_atomics+0x1dc/0x310 [ 22.023009] ? __pfx_kasan_atomics+0x10/0x10 [ 22.023084] ? __pfx_read_tsc+0x10/0x10 [ 22.023155] ? ktime_get_ts64+0x86/0x230 [ 22.023344] kunit_try_run_case+0x1a5/0x480 [ 22.023415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.023469] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.023521] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.023594] ? __kthread_parkme+0x82/0x180 [ 22.023647] ? preempt_count_sub+0x50/0x80 [ 22.023685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.023721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.023755] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.023790] kthread+0x337/0x6f0 [ 22.023823] ? trace_preempt_on+0x20/0xc0 [ 22.023890] ? __pfx_kthread+0x10/0x10 [ 22.023924] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.023959] ? calculate_sigpending+0x7b/0xa0 [ 22.023996] ? __pfx_kthread+0x10/0x10 [ 22.024027] ret_from_fork+0x116/0x1d0 [ 22.024056] ? __pfx_kthread+0x10/0x10 [ 22.024085] ret_from_fork_asm+0x1a/0x30 [ 22.024129] </TASK> [ 22.024144] [ 22.042012] Allocated by task 292: [ 22.042572] kasan_save_stack+0x45/0x70 [ 22.043036] kasan_save_track+0x18/0x40 [ 22.043610] kasan_save_alloc_info+0x3b/0x50 [ 22.044059] __kasan_kmalloc+0xb7/0xc0 [ 22.044485] __kmalloc_cache_noprof+0x189/0x420 [ 22.044960] kasan_atomics+0x95/0x310 [ 22.045659] kunit_try_run_case+0x1a5/0x480 [ 22.046126] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.046764] kthread+0x337/0x6f0 [ 22.047179] ret_from_fork+0x116/0x1d0 [ 22.047524] ret_from_fork_asm+0x1a/0x30 [ 22.047848] [ 22.048140] The buggy address belongs to the object at ffff88810383ae00 [ 22.048140] which belongs to the cache kmalloc-64 of size 64 [ 22.049691] The buggy address is located 0 bytes to the right of [ 22.049691] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.050803] [ 22.051191] The buggy address belongs to the physical page: [ 22.051778] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.052671] flags: 0x200000000000000(node=0|zone=2) [ 22.053141] page_type: f5(slab) [ 22.053741] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.054483] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.055565] page dumped because: kasan: bad access detected [ 22.056094] [ 22.056304] Memory state around the buggy address: [ 22.056671] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.058146] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.058595] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.058847] ^ [ 22.059205] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.060470] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.061593] ================================================================== [ 22.619047] ================================================================== [ 22.619753] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 22.620717] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.621712] [ 22.622487] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.622939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.622993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.623029] Call Trace: [ 22.623054] <TASK> [ 22.623078] dump_stack_lvl+0x73/0xb0 [ 22.623120] print_report+0xd1/0x650 [ 22.623153] ? __virt_addr_valid+0x1db/0x2d0 [ 22.623186] ? kasan_atomics_helper+0xc70/0x5450 [ 22.623240] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.623322] ? kasan_atomics_helper+0xc70/0x5450 [ 22.623398] kasan_report+0x141/0x180 [ 22.623437] ? kasan_atomics_helper+0xc70/0x5450 [ 22.623475] kasan_check_range+0x10c/0x1c0 [ 22.623510] __kasan_check_write+0x18/0x20 [ 22.623550] kasan_atomics_helper+0xc70/0x5450 [ 22.623585] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.623617] ? kasan_save_alloc_info+0x3b/0x50 [ 22.623658] kasan_atomics+0x1dc/0x310 [ 22.623693] ? __pfx_kasan_atomics+0x10/0x10 [ 22.623728] ? __pfx_read_tsc+0x10/0x10 [ 22.623759] ? ktime_get_ts64+0x86/0x230 [ 22.623796] kunit_try_run_case+0x1a5/0x480 [ 22.623852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.623907] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.623941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.623978] ? __kthread_parkme+0x82/0x180 [ 22.624008] ? preempt_count_sub+0x50/0x80 [ 22.624042] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.624077] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.624111] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.624146] kthread+0x337/0x6f0 [ 22.624173] ? trace_preempt_on+0x20/0xc0 [ 22.624207] ? __pfx_kthread+0x10/0x10 [ 22.624273] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.624348] ? calculate_sigpending+0x7b/0xa0 [ 22.624388] ? __pfx_kthread+0x10/0x10 [ 22.624421] ret_from_fork+0x116/0x1d0 [ 22.624448] ? __pfx_kthread+0x10/0x10 [ 22.624478] ret_from_fork_asm+0x1a/0x30 [ 22.624519] </TASK> [ 22.624535] [ 22.638646] Allocated by task 292: [ 22.638963] kasan_save_stack+0x45/0x70 [ 22.639746] kasan_save_track+0x18/0x40 [ 22.640171] kasan_save_alloc_info+0x3b/0x50 [ 22.640927] __kasan_kmalloc+0xb7/0xc0 [ 22.641348] __kmalloc_cache_noprof+0x189/0x420 [ 22.641789] kasan_atomics+0x95/0x310 [ 22.642186] kunit_try_run_case+0x1a5/0x480 [ 22.642666] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.643075] kthread+0x337/0x6f0 [ 22.643346] ret_from_fork+0x116/0x1d0 [ 22.643639] ret_from_fork_asm+0x1a/0x30 [ 22.644114] [ 22.644660] The buggy address belongs to the object at ffff88810383ae00 [ 22.644660] which belongs to the cache kmalloc-64 of size 64 [ 22.646043] The buggy address is located 0 bytes to the right of [ 22.646043] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.647547] [ 22.647712] The buggy address belongs to the physical page: [ 22.648127] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.649376] flags: 0x200000000000000(node=0|zone=2) [ 22.649727] page_type: f5(slab) [ 22.650075] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.651144] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.651785] page dumped because: kasan: bad access detected [ 22.652546] [ 22.652759] Memory state around the buggy address: [ 22.653105] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.653752] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.654560] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.654991] ^ [ 22.655309] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.655750] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.656399] ================================================================== [ 22.657472] ================================================================== [ 22.658157] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 22.659160] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.660270] [ 22.660514] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.660644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.660690] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.660753] Call Trace: [ 22.660793] <TASK> [ 22.660852] dump_stack_lvl+0x73/0xb0 [ 22.660921] print_report+0xd1/0x650 [ 22.660996] ? __virt_addr_valid+0x1db/0x2d0 [ 22.661074] ? kasan_atomics_helper+0x4a84/0x5450 [ 22.661148] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.661225] ? kasan_atomics_helper+0x4a84/0x5450 [ 22.661302] kasan_report+0x141/0x180 [ 22.661377] ? kasan_atomics_helper+0x4a84/0x5450 [ 22.661462] __asan_report_load4_noabort+0x18/0x20 [ 22.661543] kasan_atomics_helper+0x4a84/0x5450 [ 22.661620] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.661692] ? kasan_save_alloc_info+0x3b/0x50 [ 22.661782] kasan_atomics+0x1dc/0x310 [ 22.661973] ? __pfx_kasan_atomics+0x10/0x10 [ 22.662057] ? __pfx_read_tsc+0x10/0x10 [ 22.662131] ? ktime_get_ts64+0x86/0x230 [ 22.662215] kunit_try_run_case+0x1a5/0x480 [ 22.662580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.662657] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.662729] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.662814] ? __kthread_parkme+0x82/0x180 [ 22.662907] ? preempt_count_sub+0x50/0x80 [ 22.662992] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.663072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.663156] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.663231] kthread+0x337/0x6f0 [ 22.663433] ? trace_preempt_on+0x20/0xc0 [ 22.663512] ? __pfx_kthread+0x10/0x10 [ 22.663601] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.663683] ? calculate_sigpending+0x7b/0xa0 [ 22.663764] ? __pfx_kthread+0x10/0x10 [ 22.663852] ret_from_fork+0x116/0x1d0 [ 22.663924] ? __pfx_kthread+0x10/0x10 [ 22.663995] ret_from_fork_asm+0x1a/0x30 [ 22.664087] </TASK> [ 22.664124] [ 22.679156] Allocated by task 292: [ 22.679451] kasan_save_stack+0x45/0x70 [ 22.679773] kasan_save_track+0x18/0x40 [ 22.680079] kasan_save_alloc_info+0x3b/0x50 [ 22.680486] __kasan_kmalloc+0xb7/0xc0 [ 22.681200] __kmalloc_cache_noprof+0x189/0x420 [ 22.681772] kasan_atomics+0x95/0x310 [ 22.682197] kunit_try_run_case+0x1a5/0x480 [ 22.682705] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.683158] kthread+0x337/0x6f0 [ 22.683579] ret_from_fork+0x116/0x1d0 [ 22.683970] ret_from_fork_asm+0x1a/0x30 [ 22.684727] [ 22.684946] The buggy address belongs to the object at ffff88810383ae00 [ 22.684946] which belongs to the cache kmalloc-64 of size 64 [ 22.685892] The buggy address is located 0 bytes to the right of [ 22.685892] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.686751] [ 22.687040] The buggy address belongs to the physical page: [ 22.687787] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.688341] flags: 0x200000000000000(node=0|zone=2) [ 22.689103] page_type: f5(slab) [ 22.689552] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.690092] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.690524] page dumped because: kasan: bad access detected [ 22.690878] [ 22.691073] Memory state around the buggy address: [ 22.691507] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.692146] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.693195] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.693735] ^ [ 22.694191] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.694812] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.695505] ================================================================== [ 22.341681] ================================================================== [ 22.342642] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 22.343884] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.344702] [ 22.344947] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.345137] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.345184] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.345247] Call Trace: [ 22.345299] <TASK> [ 22.345349] dump_stack_lvl+0x73/0xb0 [ 22.345499] print_report+0xd1/0x650 [ 22.345585] ? __virt_addr_valid+0x1db/0x2d0 [ 22.345667] ? kasan_atomics_helper+0x860/0x5450 [ 22.345750] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.345854] ? kasan_atomics_helper+0x860/0x5450 [ 22.345935] kasan_report+0x141/0x180 [ 22.346010] ? kasan_atomics_helper+0x860/0x5450 [ 22.346053] kasan_check_range+0x10c/0x1c0 [ 22.346091] __kasan_check_write+0x18/0x20 [ 22.346120] kasan_atomics_helper+0x860/0x5450 [ 22.346152] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.346184] ? kasan_save_alloc_info+0x3b/0x50 [ 22.346240] kasan_atomics+0x1dc/0x310 [ 22.346324] ? __pfx_kasan_atomics+0x10/0x10 [ 22.346381] ? __pfx_read_tsc+0x10/0x10 [ 22.346416] ? ktime_get_ts64+0x86/0x230 [ 22.346453] kunit_try_run_case+0x1a5/0x480 [ 22.346488] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.346523] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.346553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.346592] ? __kthread_parkme+0x82/0x180 [ 22.346620] ? preempt_count_sub+0x50/0x80 [ 22.346655] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.346690] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.346724] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.346758] kthread+0x337/0x6f0 [ 22.346786] ? trace_preempt_on+0x20/0xc0 [ 22.346819] ? __pfx_kthread+0x10/0x10 [ 22.346879] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.346917] ? calculate_sigpending+0x7b/0xa0 [ 22.346956] ? __pfx_kthread+0x10/0x10 [ 22.346988] ret_from_fork+0x116/0x1d0 [ 22.347014] ? __pfx_kthread+0x10/0x10 [ 22.347045] ret_from_fork_asm+0x1a/0x30 [ 22.347086] </TASK> [ 22.347100] [ 22.365615] Allocated by task 292: [ 22.366059] kasan_save_stack+0x45/0x70 [ 22.366722] kasan_save_track+0x18/0x40 [ 22.367276] kasan_save_alloc_info+0x3b/0x50 [ 22.367758] __kasan_kmalloc+0xb7/0xc0 [ 22.368191] __kmalloc_cache_noprof+0x189/0x420 [ 22.369171] kasan_atomics+0x95/0x310 [ 22.369628] kunit_try_run_case+0x1a5/0x480 [ 22.370972] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.372022] kthread+0x337/0x6f0 [ 22.372437] ret_from_fork+0x116/0x1d0 [ 22.373151] ret_from_fork_asm+0x1a/0x30 [ 22.373933] [ 22.374150] The buggy address belongs to the object at ffff88810383ae00 [ 22.374150] which belongs to the cache kmalloc-64 of size 64 [ 22.375590] The buggy address is located 0 bytes to the right of [ 22.375590] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.376688] [ 22.376873] The buggy address belongs to the physical page: [ 22.377264] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.377813] flags: 0x200000000000000(node=0|zone=2) [ 22.378362] page_type: f5(slab) [ 22.378772] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.379612] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.380175] page dumped because: kasan: bad access detected [ 22.380744] [ 22.381001] Memory state around the buggy address: [ 22.381377] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.381799] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.382322] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.382993] ^ [ 22.383636] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.384274] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.385599] ================================================================== [ 24.219723] ================================================================== [ 24.220871] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 24.221340] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.222481] [ 24.222736] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.222892] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.222935] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.223003] Call Trace: [ 24.223050] <TASK> [ 24.223097] dump_stack_lvl+0x73/0xb0 [ 24.223183] print_report+0xd1/0x650 [ 24.223306] ? __virt_addr_valid+0x1db/0x2d0 [ 24.223386] ? kasan_atomics_helper+0x2006/0x5450 [ 24.223458] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.223532] ? kasan_atomics_helper+0x2006/0x5450 [ 24.223616] kasan_report+0x141/0x180 [ 24.223693] ? kasan_atomics_helper+0x2006/0x5450 [ 24.223777] kasan_check_range+0x10c/0x1c0 [ 24.223916] __kasan_check_write+0x18/0x20 [ 24.223997] kasan_atomics_helper+0x2006/0x5450 [ 24.224121] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.224200] ? kasan_save_alloc_info+0x3b/0x50 [ 24.224401] kasan_atomics+0x1dc/0x310 [ 24.224490] ? __pfx_kasan_atomics+0x10/0x10 [ 24.224575] ? __pfx_read_tsc+0x10/0x10 [ 24.224637] ? ktime_get_ts64+0x86/0x230 [ 24.224703] kunit_try_run_case+0x1a5/0x480 [ 24.224787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.224917] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.225023] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.225164] ? __kthread_parkme+0x82/0x180 [ 24.225304] ? preempt_count_sub+0x50/0x80 [ 24.225415] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.225493] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.225571] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.225647] kthread+0x337/0x6f0 [ 24.225717] ? trace_preempt_on+0x20/0xc0 [ 24.225796] ? __pfx_kthread+0x10/0x10 [ 24.225889] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.225968] ? calculate_sigpending+0x7b/0xa0 [ 24.226047] ? __pfx_kthread+0x10/0x10 [ 24.226118] ret_from_fork+0x116/0x1d0 [ 24.226366] ? __pfx_kthread+0x10/0x10 [ 24.226439] ret_from_fork_asm+0x1a/0x30 [ 24.226531] </TASK> [ 24.226563] [ 24.240743] Allocated by task 292: [ 24.241096] kasan_save_stack+0x45/0x70 [ 24.241560] kasan_save_track+0x18/0x40 [ 24.241962] kasan_save_alloc_info+0x3b/0x50 [ 24.242423] __kasan_kmalloc+0xb7/0xc0 [ 24.242800] __kmalloc_cache_noprof+0x189/0x420 [ 24.243255] kasan_atomics+0x95/0x310 [ 24.243705] kunit_try_run_case+0x1a5/0x480 [ 24.244124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.244649] kthread+0x337/0x6f0 [ 24.244999] ret_from_fork+0x116/0x1d0 [ 24.245426] ret_from_fork_asm+0x1a/0x30 [ 24.245876] [ 24.246056] The buggy address belongs to the object at ffff88810383ae00 [ 24.246056] which belongs to the cache kmalloc-64 of size 64 [ 24.247051] The buggy address is located 0 bytes to the right of [ 24.247051] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.248031] [ 24.248259] The buggy address belongs to the physical page: [ 24.248685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.249266] flags: 0x200000000000000(node=0|zone=2) [ 24.249701] page_type: f5(slab) [ 24.250056] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.250594] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.251195] page dumped because: kasan: bad access detected [ 24.251728] [ 24.251944] Memory state around the buggy address: [ 24.252373] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.252925] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.253402] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.253814] ^ [ 24.254332] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.254977] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.255646] ================================================================== [ 23.456088] ================================================================== [ 23.456720] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 23.457324] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.458010] [ 23.458218] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.458350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.458435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.458524] Call Trace: [ 23.458619] <TASK> [ 23.458696] dump_stack_lvl+0x73/0xb0 [ 23.458780] print_report+0xd1/0x650 [ 23.458930] ? __virt_addr_valid+0x1db/0x2d0 [ 23.459039] ? kasan_atomics_helper+0x151d/0x5450 [ 23.459108] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.459184] ? kasan_atomics_helper+0x151d/0x5450 [ 23.459260] kasan_report+0x141/0x180 [ 23.459341] ? kasan_atomics_helper+0x151d/0x5450 [ 23.459449] kasan_check_range+0x10c/0x1c0 [ 23.459568] __kasan_check_write+0x18/0x20 [ 23.459621] kasan_atomics_helper+0x151d/0x5450 [ 23.459659] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.459696] ? kasan_save_alloc_info+0x3b/0x50 [ 23.459739] kasan_atomics+0x1dc/0x310 [ 23.459773] ? __pfx_kasan_atomics+0x10/0x10 [ 23.459810] ? __pfx_read_tsc+0x10/0x10 [ 23.459867] ? ktime_get_ts64+0x86/0x230 [ 23.459906] kunit_try_run_case+0x1a5/0x480 [ 23.459942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.459977] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.460008] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.460047] ? __kthread_parkme+0x82/0x180 [ 23.460077] ? preempt_count_sub+0x50/0x80 [ 23.460110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.460147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.460181] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.460226] kthread+0x337/0x6f0 [ 23.460278] ? trace_preempt_on+0x20/0xc0 [ 23.460316] ? __pfx_kthread+0x10/0x10 [ 23.460348] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.460384] ? calculate_sigpending+0x7b/0xa0 [ 23.460420] ? __pfx_kthread+0x10/0x10 [ 23.460453] ret_from_fork+0x116/0x1d0 [ 23.460479] ? __pfx_kthread+0x10/0x10 [ 23.460511] ret_from_fork_asm+0x1a/0x30 [ 23.460554] </TASK> [ 23.460571] [ 23.477520] Allocated by task 292: [ 23.477893] kasan_save_stack+0x45/0x70 [ 23.478952] kasan_save_track+0x18/0x40 [ 23.479431] kasan_save_alloc_info+0x3b/0x50 [ 23.479761] __kasan_kmalloc+0xb7/0xc0 [ 23.480165] __kmalloc_cache_noprof+0x189/0x420 [ 23.480746] kasan_atomics+0x95/0x310 [ 23.481055] kunit_try_run_case+0x1a5/0x480 [ 23.481524] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.482106] kthread+0x337/0x6f0 [ 23.482627] ret_from_fork+0x116/0x1d0 [ 23.482935] ret_from_fork_asm+0x1a/0x30 [ 23.483297] [ 23.483549] The buggy address belongs to the object at ffff88810383ae00 [ 23.483549] which belongs to the cache kmalloc-64 of size 64 [ 23.485122] The buggy address is located 0 bytes to the right of [ 23.485122] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.486564] [ 23.486769] The buggy address belongs to the physical page: [ 23.487666] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.488648] flags: 0x200000000000000(node=0|zone=2) [ 23.489114] page_type: f5(slab) [ 23.489452] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.490320] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.491201] page dumped because: kasan: bad access detected [ 23.491711] [ 23.491944] Memory state around the buggy address: [ 23.492370] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.493096] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.493774] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.494691] ^ [ 23.495292] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.495792] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.496525] ================================================================== [ 23.327471] ================================================================== [ 23.328107] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 23.328699] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.329147] [ 23.329399] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.329529] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.329569] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.329628] Call Trace: [ 23.329682] <TASK> [ 23.329769] dump_stack_lvl+0x73/0xb0 [ 23.329876] print_report+0xd1/0x650 [ 23.329995] ? __virt_addr_valid+0x1db/0x2d0 [ 23.330109] ? kasan_atomics_helper+0x4eae/0x5450 [ 23.330278] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.330390] ? kasan_atomics_helper+0x4eae/0x5450 [ 23.330497] kasan_report+0x141/0x180 [ 23.330610] ? kasan_atomics_helper+0x4eae/0x5450 [ 23.330703] __asan_report_load8_noabort+0x18/0x20 [ 23.330785] kasan_atomics_helper+0x4eae/0x5450 [ 23.330880] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.330956] ? kasan_save_alloc_info+0x3b/0x50 [ 23.331049] kasan_atomics+0x1dc/0x310 [ 23.331125] ? __pfx_kasan_atomics+0x10/0x10 [ 23.331207] ? __pfx_read_tsc+0x10/0x10 [ 23.331325] ? ktime_get_ts64+0x86/0x230 [ 23.331405] kunit_try_run_case+0x1a5/0x480 [ 23.331483] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.331568] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.331623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.331695] ? __kthread_parkme+0x82/0x180 [ 23.331762] ? preempt_count_sub+0x50/0x80 [ 23.331907] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.331987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.332069] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.332186] kthread+0x337/0x6f0 [ 23.332311] ? trace_preempt_on+0x20/0xc0 [ 23.332427] ? __pfx_kthread+0x10/0x10 [ 23.332534] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.332615] ? calculate_sigpending+0x7b/0xa0 [ 23.332731] ? __pfx_kthread+0x10/0x10 [ 23.332852] ret_from_fork+0x116/0x1d0 [ 23.332923] ? __pfx_kthread+0x10/0x10 [ 23.332998] ret_from_fork_asm+0x1a/0x30 [ 23.333095] </TASK> [ 23.333137] [ 23.355286] Allocated by task 292: [ 23.355817] kasan_save_stack+0x45/0x70 [ 23.356189] kasan_save_track+0x18/0x40 [ 23.356681] kasan_save_alloc_info+0x3b/0x50 [ 23.357078] __kasan_kmalloc+0xb7/0xc0 [ 23.357552] __kmalloc_cache_noprof+0x189/0x420 [ 23.357960] kasan_atomics+0x95/0x310 [ 23.358452] kunit_try_run_case+0x1a5/0x480 [ 23.358899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.359366] kthread+0x337/0x6f0 [ 23.359647] ret_from_fork+0x116/0x1d0 [ 23.359982] ret_from_fork_asm+0x1a/0x30 [ 23.360484] [ 23.360699] The buggy address belongs to the object at ffff88810383ae00 [ 23.360699] which belongs to the cache kmalloc-64 of size 64 [ 23.361789] The buggy address is located 0 bytes to the right of [ 23.361789] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.362821] [ 23.363021] The buggy address belongs to the physical page: [ 23.363568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.364053] flags: 0x200000000000000(node=0|zone=2) [ 23.364561] page_type: f5(slab) [ 23.364952] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.365704] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.366161] page dumped because: kasan: bad access detected [ 23.366616] [ 23.366860] Memory state around the buggy address: [ 23.367346] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.368046] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.368772] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.369399] ^ [ 23.369864] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.370486] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.370890] ================================================================== [ 22.105877] ================================================================== [ 22.107299] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 22.108070] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.109419] [ 22.109795] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.109945] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.109987] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.110052] Call Trace: [ 22.110110] <TASK> [ 22.110278] dump_stack_lvl+0x73/0xb0 [ 22.110349] print_report+0xd1/0x650 [ 22.110389] ? __virt_addr_valid+0x1db/0x2d0 [ 22.110427] ? kasan_atomics_helper+0x565/0x5450 [ 22.110460] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.110494] ? kasan_atomics_helper+0x565/0x5450 [ 22.110526] kasan_report+0x141/0x180 [ 22.110559] ? kasan_atomics_helper+0x565/0x5450 [ 22.110622] kasan_check_range+0x10c/0x1c0 [ 22.110709] __kasan_check_write+0x18/0x20 [ 22.110761] kasan_atomics_helper+0x565/0x5450 [ 22.110797] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.110851] ? kasan_save_alloc_info+0x3b/0x50 [ 22.110902] kasan_atomics+0x1dc/0x310 [ 22.110938] ? __pfx_kasan_atomics+0x10/0x10 [ 22.110976] ? __pfx_read_tsc+0x10/0x10 [ 22.111009] ? ktime_get_ts64+0x86/0x230 [ 22.111045] kunit_try_run_case+0x1a5/0x480 [ 22.111081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.111113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.111144] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.111182] ? __kthread_parkme+0x82/0x180 [ 22.111213] ? preempt_count_sub+0x50/0x80 [ 22.111246] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.111282] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.111367] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.111443] kthread+0x337/0x6f0 [ 22.111474] ? trace_preempt_on+0x20/0xc0 [ 22.111513] ? __pfx_kthread+0x10/0x10 [ 22.111552] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.111588] ? calculate_sigpending+0x7b/0xa0 [ 22.111623] ? __pfx_kthread+0x10/0x10 [ 22.111653] ret_from_fork+0x116/0x1d0 [ 22.111678] ? __pfx_kthread+0x10/0x10 [ 22.111708] ret_from_fork_asm+0x1a/0x30 [ 22.111748] </TASK> [ 22.111762] [ 22.130699] Allocated by task 292: [ 22.131306] kasan_save_stack+0x45/0x70 [ 22.132725] kasan_save_track+0x18/0x40 [ 22.133158] kasan_save_alloc_info+0x3b/0x50 [ 22.133911] __kasan_kmalloc+0xb7/0xc0 [ 22.134328] __kmalloc_cache_noprof+0x189/0x420 [ 22.134711] kasan_atomics+0x95/0x310 [ 22.135185] kunit_try_run_case+0x1a5/0x480 [ 22.135762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.136229] kthread+0x337/0x6f0 [ 22.136518] ret_from_fork+0x116/0x1d0 [ 22.137048] ret_from_fork_asm+0x1a/0x30 [ 22.137752] [ 22.137959] The buggy address belongs to the object at ffff88810383ae00 [ 22.137959] which belongs to the cache kmalloc-64 of size 64 [ 22.138976] The buggy address is located 0 bytes to the right of [ 22.138976] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.140286] [ 22.140496] The buggy address belongs to the physical page: [ 22.141099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.142787] flags: 0x200000000000000(node=0|zone=2) [ 22.143117] page_type: f5(slab) [ 22.143700] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.144444] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.145178] page dumped because: kasan: bad access detected [ 22.145784] [ 22.146042] Memory state around the buggy address: [ 22.146480] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.147500] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.148275] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.149012] ^ [ 22.149634] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.150492] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.151405] ================================================================== [ 22.246641] ================================================================== [ 22.247883] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 22.248797] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.250158] [ 22.250545] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.250678] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.250712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.250746] Call Trace: [ 22.250770] <TASK> [ 22.250794] dump_stack_lvl+0x73/0xb0 [ 22.250868] print_report+0xd1/0x650 [ 22.250954] ? __virt_addr_valid+0x1db/0x2d0 [ 22.251032] ? kasan_atomics_helper+0x72f/0x5450 [ 22.251107] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.251191] ? kasan_atomics_helper+0x72f/0x5450 [ 22.251268] kasan_report+0x141/0x180 [ 22.251349] ? kasan_atomics_helper+0x72f/0x5450 [ 22.251443] kasan_check_range+0x10c/0x1c0 [ 22.251532] __kasan_check_write+0x18/0x20 [ 22.251622] kasan_atomics_helper+0x72f/0x5450 [ 22.251702] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.251746] ? kasan_save_alloc_info+0x3b/0x50 [ 22.251789] kasan_atomics+0x1dc/0x310 [ 22.251824] ? __pfx_kasan_atomics+0x10/0x10 [ 22.251888] ? __pfx_read_tsc+0x10/0x10 [ 22.251921] ? ktime_get_ts64+0x86/0x230 [ 22.251959] kunit_try_run_case+0x1a5/0x480 [ 22.251994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.252025] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.252055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.252092] ? __kthread_parkme+0x82/0x180 [ 22.252120] ? preempt_count_sub+0x50/0x80 [ 22.252156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.252190] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.252235] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.252317] kthread+0x337/0x6f0 [ 22.252370] ? trace_preempt_on+0x20/0xc0 [ 22.252407] ? __pfx_kthread+0x10/0x10 [ 22.252438] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.252472] ? calculate_sigpending+0x7b/0xa0 [ 22.252506] ? __pfx_kthread+0x10/0x10 [ 22.252537] ret_from_fork+0x116/0x1d0 [ 22.252565] ? __pfx_kthread+0x10/0x10 [ 22.252595] ret_from_fork_asm+0x1a/0x30 [ 22.252637] </TASK> [ 22.252652] [ 22.270799] Allocated by task 292: [ 22.271703] kasan_save_stack+0x45/0x70 [ 22.272128] kasan_save_track+0x18/0x40 [ 22.272635] kasan_save_alloc_info+0x3b/0x50 [ 22.272985] __kasan_kmalloc+0xb7/0xc0 [ 22.273410] __kmalloc_cache_noprof+0x189/0x420 [ 22.273905] kasan_atomics+0x95/0x310 [ 22.274446] kunit_try_run_case+0x1a5/0x480 [ 22.274896] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.275442] kthread+0x337/0x6f0 [ 22.277385] ret_from_fork+0x116/0x1d0 [ 22.279371] ret_from_fork_asm+0x1a/0x30 [ 22.279690] [ 22.279821] The buggy address belongs to the object at ffff88810383ae00 [ 22.279821] which belongs to the cache kmalloc-64 of size 64 [ 22.281133] The buggy address is located 0 bytes to the right of [ 22.281133] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.284784] [ 22.284974] The buggy address belongs to the physical page: [ 22.286172] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.286787] flags: 0x200000000000000(node=0|zone=2) [ 22.287083] page_type: f5(slab) [ 22.287287] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.287757] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.288713] page dumped because: kasan: bad access detected [ 22.290263] [ 22.290408] Memory state around the buggy address: [ 22.290662] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.292360] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.293599] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.294823] ^ [ 22.295228] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.295818] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.296579] ================================================================== [ 23.696561] ================================================================== [ 23.697115] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 23.697598] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.698262] [ 23.698618] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.698724] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.698759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.698819] Call Trace: [ 23.698890] <TASK> [ 23.698933] dump_stack_lvl+0x73/0xb0 [ 23.699014] print_report+0xd1/0x650 [ 23.699089] ? __virt_addr_valid+0x1db/0x2d0 [ 23.699163] ? kasan_atomics_helper+0x18b1/0x5450 [ 23.699279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.699356] ? kasan_atomics_helper+0x18b1/0x5450 [ 23.699429] kasan_report+0x141/0x180 [ 23.699504] ? kasan_atomics_helper+0x18b1/0x5450 [ 23.699597] kasan_check_range+0x10c/0x1c0 [ 23.699678] __kasan_check_write+0x18/0x20 [ 23.699750] kasan_atomics_helper+0x18b1/0x5450 [ 23.699823] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.699922] ? kasan_save_alloc_info+0x3b/0x50 [ 23.700012] kasan_atomics+0x1dc/0x310 [ 23.700089] ? __pfx_kasan_atomics+0x10/0x10 [ 23.700166] ? __pfx_read_tsc+0x10/0x10 [ 23.700279] ? ktime_get_ts64+0x86/0x230 [ 23.700362] kunit_try_run_case+0x1a5/0x480 [ 23.700440] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.700515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.700589] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.700667] ? __kthread_parkme+0x82/0x180 [ 23.700721] ? preempt_count_sub+0x50/0x80 [ 23.700787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.700883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.701009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.701094] kthread+0x337/0x6f0 [ 23.701161] ? trace_preempt_on+0x20/0xc0 [ 23.701316] ? __pfx_kthread+0x10/0x10 [ 23.701397] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.701474] ? calculate_sigpending+0x7b/0xa0 [ 23.701557] ? __pfx_kthread+0x10/0x10 [ 23.701674] ret_from_fork+0x116/0x1d0 [ 23.701742] ? __pfx_kthread+0x10/0x10 [ 23.701819] ret_from_fork_asm+0x1a/0x30 [ 23.701962] </TASK> [ 23.702008] [ 23.716307] Allocated by task 292: [ 23.716656] kasan_save_stack+0x45/0x70 [ 23.716975] kasan_save_track+0x18/0x40 [ 23.717378] kasan_save_alloc_info+0x3b/0x50 [ 23.717821] __kasan_kmalloc+0xb7/0xc0 [ 23.718200] __kmalloc_cache_noprof+0x189/0x420 [ 23.718521] kasan_atomics+0x95/0x310 [ 23.718926] kunit_try_run_case+0x1a5/0x480 [ 23.719419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.719866] kthread+0x337/0x6f0 [ 23.720128] ret_from_fork+0x116/0x1d0 [ 23.720456] ret_from_fork_asm+0x1a/0x30 [ 23.720752] [ 23.721003] The buggy address belongs to the object at ffff88810383ae00 [ 23.721003] which belongs to the cache kmalloc-64 of size 64 [ 23.723136] The buggy address is located 0 bytes to the right of [ 23.723136] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.725149] [ 23.725555] The buggy address belongs to the physical page: [ 23.726076] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.727760] flags: 0x200000000000000(node=0|zone=2) [ 23.728363] page_type: f5(slab) [ 23.728821] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.729459] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.730152] page dumped because: kasan: bad access detected [ 23.730692] [ 23.730897] Memory state around the buggy address: [ 23.731370] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.732015] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.732649] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.733300] ^ [ 23.733747] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.734373] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.734865] ================================================================== [ 23.497972] ================================================================== [ 23.499553] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 23.499810] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.501082] [ 23.501437] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.501566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.501605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.501666] Call Trace: [ 23.501718] <TASK> [ 23.501770] dump_stack_lvl+0x73/0xb0 [ 23.501909] print_report+0xd1/0x650 [ 23.501994] ? __virt_addr_valid+0x1db/0x2d0 [ 23.502076] ? kasan_atomics_helper+0x15b6/0x5450 [ 23.502152] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.502197] ? kasan_atomics_helper+0x15b6/0x5450 [ 23.502278] kasan_report+0x141/0x180 [ 23.502359] ? kasan_atomics_helper+0x15b6/0x5450 [ 23.502403] kasan_check_range+0x10c/0x1c0 [ 23.502440] __kasan_check_write+0x18/0x20 [ 23.502470] kasan_atomics_helper+0x15b6/0x5450 [ 23.502503] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.502535] ? kasan_save_alloc_info+0x3b/0x50 [ 23.502577] kasan_atomics+0x1dc/0x310 [ 23.502612] ? __pfx_kasan_atomics+0x10/0x10 [ 23.502649] ? __pfx_read_tsc+0x10/0x10 [ 23.502680] ? ktime_get_ts64+0x86/0x230 [ 23.502717] kunit_try_run_case+0x1a5/0x480 [ 23.502753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.502787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.502816] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.502887] ? __kthread_parkme+0x82/0x180 [ 23.502919] ? preempt_count_sub+0x50/0x80 [ 23.502955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.502989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.503024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.503058] kthread+0x337/0x6f0 [ 23.503087] ? trace_preempt_on+0x20/0xc0 [ 23.503124] ? __pfx_kthread+0x10/0x10 [ 23.503156] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.503192] ? calculate_sigpending+0x7b/0xa0 [ 23.503230] ? __pfx_kthread+0x10/0x10 [ 23.503262] ret_from_fork+0x116/0x1d0 [ 23.503289] ? __pfx_kthread+0x10/0x10 [ 23.503355] ret_from_fork_asm+0x1a/0x30 [ 23.503443] </TASK> [ 23.503464] [ 23.520428] Allocated by task 292: [ 23.520858] kasan_save_stack+0x45/0x70 [ 23.521161] kasan_save_track+0x18/0x40 [ 23.521555] kasan_save_alloc_info+0x3b/0x50 [ 23.522055] __kasan_kmalloc+0xb7/0xc0 [ 23.522432] __kmalloc_cache_noprof+0x189/0x420 [ 23.522757] kasan_atomics+0x95/0x310 [ 23.523144] kunit_try_run_case+0x1a5/0x480 [ 23.523760] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.524199] kthread+0x337/0x6f0 [ 23.524553] ret_from_fork+0x116/0x1d0 [ 23.525010] ret_from_fork_asm+0x1a/0x30 [ 23.525318] [ 23.525481] The buggy address belongs to the object at ffff88810383ae00 [ 23.525481] which belongs to the cache kmalloc-64 of size 64 [ 23.526654] The buggy address is located 0 bytes to the right of [ 23.526654] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.527862] [ 23.528027] The buggy address belongs to the physical page: [ 23.528513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.529400] flags: 0x200000000000000(node=0|zone=2) [ 23.529863] page_type: f5(slab) [ 23.530134] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.531195] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.531797] page dumped because: kasan: bad access detected [ 23.532342] [ 23.532586] Memory state around the buggy address: [ 23.533022] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.533688] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.534302] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.534894] ^ [ 23.535326] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.535956] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.536586] ================================================================== [ 23.809643] ================================================================== [ 23.810230] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 23.810725] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.811324] [ 23.811560] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.811685] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.811725] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.811787] Call Trace: [ 23.812052] <TASK> [ 23.812108] dump_stack_lvl+0x73/0xb0 [ 23.812190] print_report+0xd1/0x650 [ 23.812317] ? __virt_addr_valid+0x1db/0x2d0 [ 23.812398] ? kasan_atomics_helper+0x1a7f/0x5450 [ 23.812475] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.812552] ? kasan_atomics_helper+0x1a7f/0x5450 [ 23.812628] kasan_report+0x141/0x180 [ 23.812708] ? kasan_atomics_helper+0x1a7f/0x5450 [ 23.812797] kasan_check_range+0x10c/0x1c0 [ 23.812906] __kasan_check_write+0x18/0x20 [ 23.812978] kasan_atomics_helper+0x1a7f/0x5450 [ 23.813058] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.813134] ? kasan_save_alloc_info+0x3b/0x50 [ 23.813269] kasan_atomics+0x1dc/0x310 [ 23.813359] ? __pfx_kasan_atomics+0x10/0x10 [ 23.813439] ? __pfx_read_tsc+0x10/0x10 [ 23.813511] ? ktime_get_ts64+0x86/0x230 [ 23.813588] kunit_try_run_case+0x1a5/0x480 [ 23.813671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.813745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.813814] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.813917] ? __kthread_parkme+0x82/0x180 [ 23.813986] ? preempt_count_sub+0x50/0x80 [ 23.814063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.814140] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.814256] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.814341] kthread+0x337/0x6f0 [ 23.814408] ? trace_preempt_on+0x20/0xc0 [ 23.814488] ? __pfx_kthread+0x10/0x10 [ 23.814557] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.814638] ? calculate_sigpending+0x7b/0xa0 [ 23.814717] ? __pfx_kthread+0x10/0x10 [ 23.814789] ret_from_fork+0x116/0x1d0 [ 23.815270] ? __pfx_kthread+0x10/0x10 [ 23.815353] ret_from_fork_asm+0x1a/0x30 [ 23.815447] </TASK> [ 23.815486] [ 23.833062] Allocated by task 292: [ 23.833960] kasan_save_stack+0x45/0x70 [ 23.834537] kasan_save_track+0x18/0x40 [ 23.835058] kasan_save_alloc_info+0x3b/0x50 [ 23.835750] __kasan_kmalloc+0xb7/0xc0 [ 23.836087] __kmalloc_cache_noprof+0x189/0x420 [ 23.836507] kasan_atomics+0x95/0x310 [ 23.836968] kunit_try_run_case+0x1a5/0x480 [ 23.837621] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.838016] kthread+0x337/0x6f0 [ 23.838361] ret_from_fork+0x116/0x1d0 [ 23.838763] ret_from_fork_asm+0x1a/0x30 [ 23.839102] [ 23.839345] The buggy address belongs to the object at ffff88810383ae00 [ 23.839345] which belongs to the cache kmalloc-64 of size 64 [ 23.840125] The buggy address is located 0 bytes to the right of [ 23.840125] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.841082] [ 23.841302] The buggy address belongs to the physical page: [ 23.841773] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.842902] flags: 0x200000000000000(node=0|zone=2) [ 23.843328] page_type: f5(slab) [ 23.843779] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.844808] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.845799] page dumped because: kasan: bad access detected [ 23.846440] [ 23.846646] Memory state around the buggy address: [ 23.847429] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.848042] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.848926] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.849767] ^ [ 23.850410] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.851197] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.852306] ================================================================== [ 24.062647] ================================================================== [ 24.063268] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 24.063815] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.064449] [ 24.064685] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.064818] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.064877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.064939] Call Trace: [ 24.064988] <TASK> [ 24.065037] dump_stack_lvl+0x73/0xb0 [ 24.065118] print_report+0xd1/0x650 [ 24.065200] ? __virt_addr_valid+0x1db/0x2d0 [ 24.065326] ? kasan_atomics_helper+0x1e12/0x5450 [ 24.065401] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.065478] ? kasan_atomics_helper+0x1e12/0x5450 [ 24.065552] kasan_report+0x141/0x180 [ 24.065631] ? kasan_atomics_helper+0x1e12/0x5450 [ 24.065712] kasan_check_range+0x10c/0x1c0 [ 24.065772] __kasan_check_write+0x18/0x20 [ 24.065844] kasan_atomics_helper+0x1e12/0x5450 [ 24.065923] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.066004] ? kasan_save_alloc_info+0x3b/0x50 [ 24.066099] kasan_atomics+0x1dc/0x310 [ 24.066180] ? __pfx_kasan_atomics+0x10/0x10 [ 24.066306] ? __pfx_read_tsc+0x10/0x10 [ 24.066383] ? ktime_get_ts64+0x86/0x230 [ 24.066465] kunit_try_run_case+0x1a5/0x480 [ 24.066546] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.066609] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.066645] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.066684] ? __kthread_parkme+0x82/0x180 [ 24.066712] ? preempt_count_sub+0x50/0x80 [ 24.066749] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.066784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.066819] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.066884] kthread+0x337/0x6f0 [ 24.066915] ? trace_preempt_on+0x20/0xc0 [ 24.066952] ? __pfx_kthread+0x10/0x10 [ 24.066983] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.067019] ? calculate_sigpending+0x7b/0xa0 [ 24.067055] ? __pfx_kthread+0x10/0x10 [ 24.067086] ret_from_fork+0x116/0x1d0 [ 24.067112] ? __pfx_kthread+0x10/0x10 [ 24.067142] ret_from_fork_asm+0x1a/0x30 [ 24.067185] </TASK> [ 24.067200] [ 24.083301] Allocated by task 292: [ 24.083592] kasan_save_stack+0x45/0x70 [ 24.083945] kasan_save_track+0x18/0x40 [ 24.084358] kasan_save_alloc_info+0x3b/0x50 [ 24.084780] __kasan_kmalloc+0xb7/0xc0 [ 24.085187] __kmalloc_cache_noprof+0x189/0x420 [ 24.085646] kasan_atomics+0x95/0x310 [ 24.086059] kunit_try_run_case+0x1a5/0x480 [ 24.086507] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.087032] kthread+0x337/0x6f0 [ 24.087500] ret_from_fork+0x116/0x1d0 [ 24.087900] ret_from_fork_asm+0x1a/0x30 [ 24.088198] [ 24.088359] The buggy address belongs to the object at ffff88810383ae00 [ 24.088359] which belongs to the cache kmalloc-64 of size 64 [ 24.089470] The buggy address is located 0 bytes to the right of [ 24.089470] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.090782] [ 24.091445] The buggy address belongs to the physical page: [ 24.092820] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.093687] flags: 0x200000000000000(node=0|zone=2) [ 24.094080] page_type: f5(slab) [ 24.094399] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.094958] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.095706] page dumped because: kasan: bad access detected [ 24.096257] [ 24.096503] Memory state around the buggy address: [ 24.096968] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.097592] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.098250] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.098850] ^ [ 24.099326] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.099942] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.100576] ================================================================== [ 22.520274] ================================================================== [ 22.520752] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 22.521215] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.522142] [ 22.522386] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.522511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.522551] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.522614] Call Trace: [ 22.522660] <TASK> [ 22.522707] dump_stack_lvl+0x73/0xb0 [ 22.522788] print_report+0xd1/0x650 [ 22.522883] ? __virt_addr_valid+0x1db/0x2d0 [ 22.522955] ? kasan_atomics_helper+0xac7/0x5450 [ 22.523152] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.523363] ? kasan_atomics_helper+0xac7/0x5450 [ 22.523515] kasan_report+0x141/0x180 [ 22.523954] ? kasan_atomics_helper+0xac7/0x5450 [ 22.524043] kasan_check_range+0x10c/0x1c0 [ 22.524162] __kasan_check_write+0x18/0x20 [ 22.524419] kasan_atomics_helper+0xac7/0x5450 [ 22.524569] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.524645] ? kasan_save_alloc_info+0x3b/0x50 [ 22.524698] kasan_atomics+0x1dc/0x310 [ 22.524735] ? __pfx_kasan_atomics+0x10/0x10 [ 22.524770] ? __pfx_read_tsc+0x10/0x10 [ 22.524801] ? ktime_get_ts64+0x86/0x230 [ 22.524864] kunit_try_run_case+0x1a5/0x480 [ 22.524904] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.524939] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.524970] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.525006] ? __kthread_parkme+0x82/0x180 [ 22.525035] ? preempt_count_sub+0x50/0x80 [ 22.525069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.525104] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.525138] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.525172] kthread+0x337/0x6f0 [ 22.525200] ? trace_preempt_on+0x20/0xc0 [ 22.525309] ? __pfx_kthread+0x10/0x10 [ 22.525371] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.525410] ? calculate_sigpending+0x7b/0xa0 [ 22.525446] ? __pfx_kthread+0x10/0x10 [ 22.525478] ret_from_fork+0x116/0x1d0 [ 22.525511] ? __pfx_kthread+0x10/0x10 [ 22.525542] ret_from_fork_asm+0x1a/0x30 [ 22.525586] </TASK> [ 22.525601] [ 22.542817] Allocated by task 292: [ 22.543097] kasan_save_stack+0x45/0x70 [ 22.543380] kasan_save_track+0x18/0x40 [ 22.543651] kasan_save_alloc_info+0x3b/0x50 [ 22.544017] __kasan_kmalloc+0xb7/0xc0 [ 22.544262] __kmalloc_cache_noprof+0x189/0x420 [ 22.544557] kasan_atomics+0x95/0x310 [ 22.547162] kunit_try_run_case+0x1a5/0x480 [ 22.550262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.552080] kthread+0x337/0x6f0 [ 22.553660] ret_from_fork+0x116/0x1d0 [ 22.554618] ret_from_fork_asm+0x1a/0x30 [ 22.555584] [ 22.556375] The buggy address belongs to the object at ffff88810383ae00 [ 22.556375] which belongs to the cache kmalloc-64 of size 64 [ 22.557434] The buggy address is located 0 bytes to the right of [ 22.557434] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.559599] [ 22.559772] The buggy address belongs to the physical page: [ 22.561009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.561600] flags: 0x200000000000000(node=0|zone=2) [ 22.562054] page_type: f5(slab) [ 22.562604] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.563375] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.564331] page dumped because: kasan: bad access detected [ 22.565127] [ 22.565394] Memory state around the buggy address: [ 22.566058] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.566806] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.567749] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.568534] ^ [ 22.569296] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.570040] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.570770] ================================================================== [ 23.852988] ================================================================== [ 23.854560] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 23.855119] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.855692] [ 23.856038] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.856230] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.856273] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.856335] Call Trace: [ 23.856382] <TASK> [ 23.856428] dump_stack_lvl+0x73/0xb0 [ 23.856513] print_report+0xd1/0x650 [ 23.856592] ? __virt_addr_valid+0x1db/0x2d0 [ 23.856669] ? kasan_atomics_helper+0x1b22/0x5450 [ 23.856743] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.856817] ? kasan_atomics_helper+0x1b22/0x5450 [ 23.856915] kasan_report+0x141/0x180 [ 23.856993] ? kasan_atomics_helper+0x1b22/0x5450 [ 23.857077] kasan_check_range+0x10c/0x1c0 [ 23.857156] __kasan_check_write+0x18/0x20 [ 23.857228] kasan_atomics_helper+0x1b22/0x5450 [ 23.857286] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.857322] ? kasan_save_alloc_info+0x3b/0x50 [ 23.857366] kasan_atomics+0x1dc/0x310 [ 23.857403] ? __pfx_kasan_atomics+0x10/0x10 [ 23.857440] ? __pfx_read_tsc+0x10/0x10 [ 23.857472] ? ktime_get_ts64+0x86/0x230 [ 23.857508] kunit_try_run_case+0x1a5/0x480 [ 23.857545] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.857579] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.857608] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.857647] ? __kthread_parkme+0x82/0x180 [ 23.857676] ? preempt_count_sub+0x50/0x80 [ 23.857711] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.857749] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.857784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.857820] kthread+0x337/0x6f0 [ 23.857878] ? trace_preempt_on+0x20/0xc0 [ 23.857918] ? __pfx_kthread+0x10/0x10 [ 23.857952] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.857989] ? calculate_sigpending+0x7b/0xa0 [ 23.858025] ? __pfx_kthread+0x10/0x10 [ 23.858057] ret_from_fork+0x116/0x1d0 [ 23.858084] ? __pfx_kthread+0x10/0x10 [ 23.858115] ret_from_fork_asm+0x1a/0x30 [ 23.858160] </TASK> [ 23.858176] [ 23.876317] Allocated by task 292: [ 23.876573] kasan_save_stack+0x45/0x70 [ 23.878498] kasan_save_track+0x18/0x40 [ 23.879146] kasan_save_alloc_info+0x3b/0x50 [ 23.879471] __kasan_kmalloc+0xb7/0xc0 [ 23.879719] __kmalloc_cache_noprof+0x189/0x420 [ 23.881486] kasan_atomics+0x95/0x310 [ 23.882201] kunit_try_run_case+0x1a5/0x480 [ 23.882992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.883884] kthread+0x337/0x6f0 [ 23.884279] ret_from_fork+0x116/0x1d0 [ 23.884737] ret_from_fork_asm+0x1a/0x30 [ 23.885464] [ 23.885617] The buggy address belongs to the object at ffff88810383ae00 [ 23.885617] which belongs to the cache kmalloc-64 of size 64 [ 23.886690] The buggy address is located 0 bytes to the right of [ 23.886690] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.887758] [ 23.888022] The buggy address belongs to the physical page: [ 23.888547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.889179] flags: 0x200000000000000(node=0|zone=2) [ 23.889723] page_type: f5(slab) [ 23.890194] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.890801] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.891561] page dumped because: kasan: bad access detected [ 23.892130] [ 23.892333] Memory state around the buggy address: [ 23.892819] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.893610] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.894277] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.894812] ^ [ 23.895198] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.895799] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.896339] ================================================================== [ 24.022888] ================================================================== [ 24.024047] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 24.024865] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.026693] [ 24.026968] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.027339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.027387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.027447] Call Trace: [ 24.027498] <TASK> [ 24.027551] dump_stack_lvl+0x73/0xb0 [ 24.027634] print_report+0xd1/0x650 [ 24.027696] ? __virt_addr_valid+0x1db/0x2d0 [ 24.027735] ? kasan_atomics_helper+0x1d7a/0x5450 [ 24.027768] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.027803] ? kasan_atomics_helper+0x1d7a/0x5450 [ 24.027859] kasan_report+0x141/0x180 [ 24.027898] ? kasan_atomics_helper+0x1d7a/0x5450 [ 24.027937] kasan_check_range+0x10c/0x1c0 [ 24.027972] __kasan_check_write+0x18/0x20 [ 24.028001] kasan_atomics_helper+0x1d7a/0x5450 [ 24.028035] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.028067] ? kasan_save_alloc_info+0x3b/0x50 [ 24.028111] kasan_atomics+0x1dc/0x310 [ 24.028143] ? __pfx_kasan_atomics+0x10/0x10 [ 24.028178] ? __pfx_read_tsc+0x10/0x10 [ 24.028224] ? ktime_get_ts64+0x86/0x230 [ 24.028288] kunit_try_run_case+0x1a5/0x480 [ 24.028326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.028361] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.028393] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.028432] ? __kthread_parkme+0x82/0x180 [ 24.028462] ? preempt_count_sub+0x50/0x80 [ 24.028498] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.028534] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.028568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.028604] kthread+0x337/0x6f0 [ 24.028634] ? trace_preempt_on+0x20/0xc0 [ 24.028670] ? __pfx_kthread+0x10/0x10 [ 24.028702] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.028739] ? calculate_sigpending+0x7b/0xa0 [ 24.028776] ? __pfx_kthread+0x10/0x10 [ 24.028809] ret_from_fork+0x116/0x1d0 [ 24.028858] ? __pfx_kthread+0x10/0x10 [ 24.028893] ret_from_fork_asm+0x1a/0x30 [ 24.028938] </TASK> [ 24.028955] [ 24.042650] Allocated by task 292: [ 24.043074] kasan_save_stack+0x45/0x70 [ 24.043575] kasan_save_track+0x18/0x40 [ 24.044030] kasan_save_alloc_info+0x3b/0x50 [ 24.044495] __kasan_kmalloc+0xb7/0xc0 [ 24.044957] __kmalloc_cache_noprof+0x189/0x420 [ 24.045480] kasan_atomics+0x95/0x310 [ 24.045849] kunit_try_run_case+0x1a5/0x480 [ 24.046288] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.046763] kthread+0x337/0x6f0 [ 24.047053] ret_from_fork+0x116/0x1d0 [ 24.047864] ret_from_fork_asm+0x1a/0x30 [ 24.048290] [ 24.048502] The buggy address belongs to the object at ffff88810383ae00 [ 24.048502] which belongs to the cache kmalloc-64 of size 64 [ 24.051390] The buggy address is located 0 bytes to the right of [ 24.051390] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.052334] [ 24.052501] The buggy address belongs to the physical page: [ 24.052855] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.053641] flags: 0x200000000000000(node=0|zone=2) [ 24.054752] page_type: f5(slab) [ 24.055131] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.055905] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.056685] page dumped because: kasan: bad access detected [ 24.057050] [ 24.057265] Memory state around the buggy address: [ 24.057717] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.058617] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.059172] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.059871] ^ [ 24.060172] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.060952] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.061549] ================================================================== [ 23.164727] ================================================================== [ 23.165176] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 23.166183] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.166722] [ 23.166965] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.167133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.167207] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.167312] Call Trace: [ 23.167394] <TASK> [ 23.167453] dump_stack_lvl+0x73/0xb0 [ 23.167547] print_report+0xd1/0x650 [ 23.167625] ? __virt_addr_valid+0x1db/0x2d0 [ 23.167700] ? kasan_atomics_helper+0x49e8/0x5450 [ 23.167772] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.167863] ? kasan_atomics_helper+0x49e8/0x5450 [ 23.167942] kasan_report+0x141/0x180 [ 23.168016] ? kasan_atomics_helper+0x49e8/0x5450 [ 23.168100] __asan_report_load4_noabort+0x18/0x20 [ 23.168184] kasan_atomics_helper+0x49e8/0x5450 [ 23.168319] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.168477] ? kasan_save_alloc_info+0x3b/0x50 [ 23.168601] kasan_atomics+0x1dc/0x310 [ 23.168680] ? __pfx_kasan_atomics+0x10/0x10 [ 23.168748] ? __pfx_read_tsc+0x10/0x10 [ 23.168785] ? ktime_get_ts64+0x86/0x230 [ 23.168826] kunit_try_run_case+0x1a5/0x480 [ 23.168892] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.168929] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.168960] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.168999] ? __kthread_parkme+0x82/0x180 [ 23.169028] ? preempt_count_sub+0x50/0x80 [ 23.169063] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.169100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.169134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.169168] kthread+0x337/0x6f0 [ 23.169198] ? trace_preempt_on+0x20/0xc0 [ 23.169267] ? __pfx_kthread+0x10/0x10 [ 23.169303] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.169339] ? calculate_sigpending+0x7b/0xa0 [ 23.169376] ? __pfx_kthread+0x10/0x10 [ 23.169407] ret_from_fork+0x116/0x1d0 [ 23.169434] ? __pfx_kthread+0x10/0x10 [ 23.169463] ret_from_fork_asm+0x1a/0x30 [ 23.169506] </TASK> [ 23.169521] [ 23.183765] Allocated by task 292: [ 23.184171] kasan_save_stack+0x45/0x70 [ 23.184604] kasan_save_track+0x18/0x40 [ 23.185030] kasan_save_alloc_info+0x3b/0x50 [ 23.185432] __kasan_kmalloc+0xb7/0xc0 [ 23.185716] __kmalloc_cache_noprof+0x189/0x420 [ 23.186193] kasan_atomics+0x95/0x310 [ 23.186661] kunit_try_run_case+0x1a5/0x480 [ 23.187121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.187664] kthread+0x337/0x6f0 [ 23.187954] ret_from_fork+0x116/0x1d0 [ 23.188274] ret_from_fork_asm+0x1a/0x30 [ 23.188631] [ 23.188899] The buggy address belongs to the object at ffff88810383ae00 [ 23.188899] which belongs to the cache kmalloc-64 of size 64 [ 23.189988] The buggy address is located 0 bytes to the right of [ 23.189988] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.190990] [ 23.191158] The buggy address belongs to the physical page: [ 23.191670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.192452] flags: 0x200000000000000(node=0|zone=2) [ 23.193462] page_type: f5(slab) [ 23.193728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.194194] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.195904] page dumped because: kasan: bad access detected [ 23.197069] [ 23.197269] Memory state around the buggy address: [ 23.198092] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.198991] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.199732] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.200532] ^ [ 23.201287] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.201978] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.202581] ================================================================== [ 23.203454] ================================================================== [ 23.204369] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 23.204939] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.205556] [ 23.205788] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.205933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.205975] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.206036] Call Trace: [ 23.206087] <TASK> [ 23.206133] dump_stack_lvl+0x73/0xb0 [ 23.206258] print_report+0xd1/0x650 [ 23.206342] ? __virt_addr_valid+0x1db/0x2d0 [ 23.206419] ? kasan_atomics_helper+0x12e6/0x5450 [ 23.206494] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.206566] ? kasan_atomics_helper+0x12e6/0x5450 [ 23.206638] kasan_report+0x141/0x180 [ 23.206713] ? kasan_atomics_helper+0x12e6/0x5450 [ 23.206796] kasan_check_range+0x10c/0x1c0 [ 23.206894] __kasan_check_write+0x18/0x20 [ 23.206965] kasan_atomics_helper+0x12e6/0x5450 [ 23.207042] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.207117] ? kasan_save_alloc_info+0x3b/0x50 [ 23.207248] kasan_atomics+0x1dc/0x310 [ 23.207334] ? __pfx_kasan_atomics+0x10/0x10 [ 23.207421] ? __pfx_read_tsc+0x10/0x10 [ 23.207494] ? ktime_get_ts64+0x86/0x230 [ 23.207598] kunit_try_run_case+0x1a5/0x480 [ 23.207682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.207757] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.207827] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.207900] ? __kthread_parkme+0x82/0x180 [ 23.207931] ? preempt_count_sub+0x50/0x80 [ 23.207969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.208007] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.208043] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.208079] kthread+0x337/0x6f0 [ 23.208109] ? trace_preempt_on+0x20/0xc0 [ 23.208144] ? __pfx_kthread+0x10/0x10 [ 23.208176] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.208228] ? calculate_sigpending+0x7b/0xa0 [ 23.208290] ? __pfx_kthread+0x10/0x10 [ 23.208324] ret_from_fork+0x116/0x1d0 [ 23.208353] ? __pfx_kthread+0x10/0x10 [ 23.208384] ret_from_fork_asm+0x1a/0x30 [ 23.208428] </TASK> [ 23.208444] [ 23.223739] Allocated by task 292: [ 23.224048] kasan_save_stack+0x45/0x70 [ 23.224460] kasan_save_track+0x18/0x40 [ 23.224904] kasan_save_alloc_info+0x3b/0x50 [ 23.225432] __kasan_kmalloc+0xb7/0xc0 [ 23.225810] __kmalloc_cache_noprof+0x189/0x420 [ 23.226361] kasan_atomics+0x95/0x310 [ 23.226795] kunit_try_run_case+0x1a5/0x480 [ 23.228858] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.229219] kthread+0x337/0x6f0 [ 23.229487] ret_from_fork+0x116/0x1d0 [ 23.229772] ret_from_fork_asm+0x1a/0x30 [ 23.230110] [ 23.230455] The buggy address belongs to the object at ffff88810383ae00 [ 23.230455] which belongs to the cache kmalloc-64 of size 64 [ 23.231157] The buggy address is located 0 bytes to the right of [ 23.231157] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.233149] [ 23.233339] The buggy address belongs to the physical page: [ 23.234140] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.234969] flags: 0x200000000000000(node=0|zone=2) [ 23.235396] page_type: f5(slab) [ 23.235726] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.236428] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.236861] page dumped because: kasan: bad access detected [ 23.237170] [ 23.237315] Memory state around the buggy address: [ 23.237704] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.239682] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.240088] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.242182] ^ [ 23.242502] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.243270] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.243721] ================================================================== [ 23.121757] ================================================================== [ 23.123622] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 23.124202] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.124998] [ 23.125176] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.125651] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.125996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.126086] Call Trace: [ 23.126200] <TASK> [ 23.126244] dump_stack_lvl+0x73/0xb0 [ 23.126298] print_report+0xd1/0x650 [ 23.126336] ? __virt_addr_valid+0x1db/0x2d0 [ 23.126372] ? kasan_atomics_helper+0x1217/0x5450 [ 23.126404] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.126437] ? kasan_atomics_helper+0x1217/0x5450 [ 23.126469] kasan_report+0x141/0x180 [ 23.126502] ? kasan_atomics_helper+0x1217/0x5450 [ 23.126541] kasan_check_range+0x10c/0x1c0 [ 23.126577] __kasan_check_write+0x18/0x20 [ 23.126606] kasan_atomics_helper+0x1217/0x5450 [ 23.126639] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.126672] ? kasan_save_alloc_info+0x3b/0x50 [ 23.126714] kasan_atomics+0x1dc/0x310 [ 23.126749] ? __pfx_kasan_atomics+0x10/0x10 [ 23.126785] ? __pfx_read_tsc+0x10/0x10 [ 23.126816] ? ktime_get_ts64+0x86/0x230 [ 23.126880] kunit_try_run_case+0x1a5/0x480 [ 23.126919] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.126953] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.126984] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.127022] ? __kthread_parkme+0x82/0x180 [ 23.127051] ? preempt_count_sub+0x50/0x80 [ 23.127085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.127120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.127154] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.127189] kthread+0x337/0x6f0 [ 23.127235] ? trace_preempt_on+0x20/0xc0 [ 23.127286] ? __pfx_kthread+0x10/0x10 [ 23.127317] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.127353] ? calculate_sigpending+0x7b/0xa0 [ 23.127389] ? __pfx_kthread+0x10/0x10 [ 23.127420] ret_from_fork+0x116/0x1d0 [ 23.127447] ? __pfx_kthread+0x10/0x10 [ 23.127477] ret_from_fork_asm+0x1a/0x30 [ 23.127520] </TASK> [ 23.127542] [ 23.145739] Allocated by task 292: [ 23.145991] kasan_save_stack+0x45/0x70 [ 23.146387] kasan_save_track+0x18/0x40 [ 23.146769] kasan_save_alloc_info+0x3b/0x50 [ 23.147267] __kasan_kmalloc+0xb7/0xc0 [ 23.147565] __kmalloc_cache_noprof+0x189/0x420 [ 23.148020] kasan_atomics+0x95/0x310 [ 23.148554] kunit_try_run_case+0x1a5/0x480 [ 23.149399] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.150035] kthread+0x337/0x6f0 [ 23.150675] ret_from_fork+0x116/0x1d0 [ 23.151379] ret_from_fork_asm+0x1a/0x30 [ 23.151960] [ 23.152169] The buggy address belongs to the object at ffff88810383ae00 [ 23.152169] which belongs to the cache kmalloc-64 of size 64 [ 23.153098] The buggy address is located 0 bytes to the right of [ 23.153098] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.153920] [ 23.154204] The buggy address belongs to the physical page: [ 23.154713] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.155243] flags: 0x200000000000000(node=0|zone=2) [ 23.155788] page_type: f5(slab) [ 23.156113] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.156773] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.157980] page dumped because: kasan: bad access detected [ 23.158631] [ 23.159028] Memory state around the buggy address: [ 23.159583] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.160267] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.160793] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.161636] ^ [ 23.162171] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.162973] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.163708] ================================================================== [ 23.574902] ================================================================== [ 23.575574] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 23.576461] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.576920] [ 23.577113] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.577241] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.577284] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.577346] Call Trace: [ 23.577391] <TASK> [ 23.577436] dump_stack_lvl+0x73/0xb0 [ 23.577519] print_report+0xd1/0x650 [ 23.577595] ? __virt_addr_valid+0x1db/0x2d0 [ 23.577670] ? kasan_atomics_helper+0x16e7/0x5450 [ 23.577740] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.577815] ? kasan_atomics_helper+0x16e7/0x5450 [ 23.577910] kasan_report+0x141/0x180 [ 23.577990] ? kasan_atomics_helper+0x16e7/0x5450 [ 23.578076] kasan_check_range+0x10c/0x1c0 [ 23.578156] __kasan_check_write+0x18/0x20 [ 23.578228] kasan_atomics_helper+0x16e7/0x5450 [ 23.578309] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.578389] ? kasan_save_alloc_info+0x3b/0x50 [ 23.578479] kasan_atomics+0x1dc/0x310 [ 23.578559] ? __pfx_kasan_atomics+0x10/0x10 [ 23.578640] ? __pfx_read_tsc+0x10/0x10 [ 23.578800] ? ktime_get_ts64+0x86/0x230 [ 23.578905] kunit_try_run_case+0x1a5/0x480 [ 23.578985] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.579057] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.579127] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.579205] ? __kthread_parkme+0x82/0x180 [ 23.579276] ? preempt_count_sub+0x50/0x80 [ 23.579357] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.579434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.579509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.579603] kthread+0x337/0x6f0 [ 23.579669] ? trace_preempt_on+0x20/0xc0 [ 23.579747] ? __pfx_kthread+0x10/0x10 [ 23.579818] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.579914] ? calculate_sigpending+0x7b/0xa0 [ 23.579983] ? __pfx_kthread+0x10/0x10 [ 23.580039] ret_from_fork+0x116/0x1d0 [ 23.580106] ? __pfx_kthread+0x10/0x10 [ 23.580236] ret_from_fork_asm+0x1a/0x30 [ 23.580414] </TASK> [ 23.580531] [ 23.596207] Allocated by task 292: [ 23.596522] kasan_save_stack+0x45/0x70 [ 23.596913] kasan_save_track+0x18/0x40 [ 23.599264] kasan_save_alloc_info+0x3b/0x50 [ 23.600069] __kasan_kmalloc+0xb7/0xc0 [ 23.601009] __kmalloc_cache_noprof+0x189/0x420 [ 23.602139] kasan_atomics+0x95/0x310 [ 23.603374] kunit_try_run_case+0x1a5/0x480 [ 23.604554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.605133] kthread+0x337/0x6f0 [ 23.605938] ret_from_fork+0x116/0x1d0 [ 23.606580] ret_from_fork_asm+0x1a/0x30 [ 23.607607] [ 23.608502] The buggy address belongs to the object at ffff88810383ae00 [ 23.608502] which belongs to the cache kmalloc-64 of size 64 [ 23.609683] The buggy address is located 0 bytes to the right of [ 23.609683] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.612361] [ 23.612864] The buggy address belongs to the physical page: [ 23.613573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.614986] flags: 0x200000000000000(node=0|zone=2) [ 23.615754] page_type: f5(slab) [ 23.616158] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.616877] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.617496] page dumped because: kasan: bad access detected [ 23.617986] [ 23.618208] Memory state around the buggy address: [ 23.618711] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.619303] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.619883] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.620572] ^ [ 23.621057] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.621714] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.622276] ================================================================== [ 22.386857] ================================================================== [ 22.388432] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 22.389670] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.390227] [ 22.390641] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.390872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.390917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.390977] Call Trace: [ 22.391030] <TASK> [ 22.391082] dump_stack_lvl+0x73/0xb0 [ 22.391170] print_report+0xd1/0x650 [ 22.391248] ? __virt_addr_valid+0x1db/0x2d0 [ 22.391329] ? kasan_atomics_helper+0x8f9/0x5450 [ 22.391426] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.391517] ? kasan_atomics_helper+0x8f9/0x5450 [ 22.391612] kasan_report+0x141/0x180 [ 22.391691] ? kasan_atomics_helper+0x8f9/0x5450 [ 22.391734] kasan_check_range+0x10c/0x1c0 [ 22.391774] __kasan_check_write+0x18/0x20 [ 22.391805] kasan_atomics_helper+0x8f9/0x5450 [ 22.391864] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.391903] ? kasan_save_alloc_info+0x3b/0x50 [ 22.391947] kasan_atomics+0x1dc/0x310 [ 22.391985] ? __pfx_kasan_atomics+0x10/0x10 [ 22.392023] ? __pfx_read_tsc+0x10/0x10 [ 22.392056] ? ktime_get_ts64+0x86/0x230 [ 22.392096] kunit_try_run_case+0x1a5/0x480 [ 22.392134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.392168] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.392201] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.392293] ? __kthread_parkme+0x82/0x180 [ 22.392361] ? preempt_count_sub+0x50/0x80 [ 22.392400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.392436] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.392473] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.392511] kthread+0x337/0x6f0 [ 22.392540] ? trace_preempt_on+0x20/0xc0 [ 22.392577] ? __pfx_kthread+0x10/0x10 [ 22.392607] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.392644] ? calculate_sigpending+0x7b/0xa0 [ 22.392681] ? __pfx_kthread+0x10/0x10 [ 22.392713] ret_from_fork+0x116/0x1d0 [ 22.392740] ? __pfx_kthread+0x10/0x10 [ 22.392771] ret_from_fork_asm+0x1a/0x30 [ 22.392816] </TASK> [ 22.392872] [ 22.410743] Allocated by task 292: [ 22.411122] kasan_save_stack+0x45/0x70 [ 22.411979] kasan_save_track+0x18/0x40 [ 22.412437] kasan_save_alloc_info+0x3b/0x50 [ 22.413082] __kasan_kmalloc+0xb7/0xc0 [ 22.413697] __kmalloc_cache_noprof+0x189/0x420 [ 22.414044] kasan_atomics+0x95/0x310 [ 22.414328] kunit_try_run_case+0x1a5/0x480 [ 22.414898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.415388] kthread+0x337/0x6f0 [ 22.415751] ret_from_fork+0x116/0x1d0 [ 22.416149] ret_from_fork_asm+0x1a/0x30 [ 22.416550] [ 22.416761] The buggy address belongs to the object at ffff88810383ae00 [ 22.416761] which belongs to the cache kmalloc-64 of size 64 [ 22.418343] The buggy address is located 0 bytes to the right of [ 22.418343] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.419093] [ 22.419397] The buggy address belongs to the physical page: [ 22.419974] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.420764] flags: 0x200000000000000(node=0|zone=2) [ 22.421639] page_type: f5(slab) [ 22.421994] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.422941] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.424014] page dumped because: kasan: bad access detected [ 22.424756] [ 22.424975] Memory state around the buggy address: [ 22.425630] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.426439] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.427175] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.427691] ^ [ 22.428073] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.428671] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.429109] ================================================================== [ 23.537608] ================================================================== [ 23.538221] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 23.538784] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.539440] [ 23.539735] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.539876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.539918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.539979] Call Trace: [ 23.540029] <TASK> [ 23.540077] dump_stack_lvl+0x73/0xb0 [ 23.540159] print_report+0xd1/0x650 [ 23.540237] ? __virt_addr_valid+0x1db/0x2d0 [ 23.540313] ? kasan_atomics_helper+0x164f/0x5450 [ 23.540389] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.540465] ? kasan_atomics_helper+0x164f/0x5450 [ 23.540538] kasan_report+0x141/0x180 [ 23.540617] ? kasan_atomics_helper+0x164f/0x5450 [ 23.540704] kasan_check_range+0x10c/0x1c0 [ 23.540803] __kasan_check_write+0x18/0x20 [ 23.540911] kasan_atomics_helper+0x164f/0x5450 [ 23.540990] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.541065] ? kasan_save_alloc_info+0x3b/0x50 [ 23.541152] kasan_atomics+0x1dc/0x310 [ 23.541231] ? __pfx_kasan_atomics+0x10/0x10 [ 23.541314] ? __pfx_read_tsc+0x10/0x10 [ 23.541382] ? ktime_get_ts64+0x86/0x230 [ 23.541462] kunit_try_run_case+0x1a5/0x480 [ 23.541537] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.541610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.541678] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.541759] ? __kthread_parkme+0x82/0x180 [ 23.541826] ? preempt_count_sub+0x50/0x80 [ 23.541925] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.542004] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.542062] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.542126] kthread+0x337/0x6f0 [ 23.542195] ? trace_preempt_on+0x20/0xc0 [ 23.542275] ? __pfx_kthread+0x10/0x10 [ 23.542399] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.542500] ? calculate_sigpending+0x7b/0xa0 [ 23.542628] ? __pfx_kthread+0x10/0x10 [ 23.542731] ret_from_fork+0x116/0x1d0 [ 23.542815] ? __pfx_kthread+0x10/0x10 [ 23.542921] ret_from_fork_asm+0x1a/0x30 [ 23.543014] </TASK> [ 23.543054] [ 23.556708] Allocated by task 292: [ 23.557141] kasan_save_stack+0x45/0x70 [ 23.557577] kasan_save_track+0x18/0x40 [ 23.558010] kasan_save_alloc_info+0x3b/0x50 [ 23.558890] __kasan_kmalloc+0xb7/0xc0 [ 23.559321] __kmalloc_cache_noprof+0x189/0x420 [ 23.559867] kasan_atomics+0x95/0x310 [ 23.560367] kunit_try_run_case+0x1a5/0x480 [ 23.560902] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.561473] kthread+0x337/0x6f0 [ 23.561811] ret_from_fork+0x116/0x1d0 [ 23.562215] ret_from_fork_asm+0x1a/0x30 [ 23.562575] [ 23.562736] The buggy address belongs to the object at ffff88810383ae00 [ 23.562736] which belongs to the cache kmalloc-64 of size 64 [ 23.563917] The buggy address is located 0 bytes to the right of [ 23.563917] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.565102] [ 23.565418] The buggy address belongs to the physical page: [ 23.565885] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.566350] flags: 0x200000000000000(node=0|zone=2) [ 23.566677] page_type: f5(slab) [ 23.566992] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.567640] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.568391] page dumped because: kasan: bad access detected [ 23.568895] [ 23.569194] Memory state around the buggy address: [ 23.569792] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.570501] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.571101] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.571670] ^ [ 23.572006] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.572530] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.573574] ================================================================== [ 23.660976] ================================================================== [ 23.661644] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 23.662249] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.662928] [ 23.663138] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.663346] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.663391] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.663455] Call Trace: [ 23.663504] <TASK> [ 23.663559] dump_stack_lvl+0x73/0xb0 [ 23.663682] print_report+0xd1/0x650 [ 23.663767] ? __virt_addr_valid+0x1db/0x2d0 [ 23.663891] ? kasan_atomics_helper+0x1818/0x5450 [ 23.663976] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.664056] ? kasan_atomics_helper+0x1818/0x5450 [ 23.664135] kasan_report+0x141/0x180 [ 23.664255] ? kasan_atomics_helper+0x1818/0x5450 [ 23.664381] kasan_check_range+0x10c/0x1c0 [ 23.664469] __kasan_check_write+0x18/0x20 [ 23.664541] kasan_atomics_helper+0x1818/0x5450 [ 23.664617] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.664690] ? kasan_save_alloc_info+0x3b/0x50 [ 23.664781] kasan_atomics+0x1dc/0x310 [ 23.664876] ? __pfx_kasan_atomics+0x10/0x10 [ 23.664947] ? __pfx_read_tsc+0x10/0x10 [ 23.665004] ? ktime_get_ts64+0x86/0x230 [ 23.665088] kunit_try_run_case+0x1a5/0x480 [ 23.665244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.665329] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.665404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.665487] ? __kthread_parkme+0x82/0x180 [ 23.665563] ? preempt_count_sub+0x50/0x80 [ 23.665645] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.665766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.665855] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.665918] kthread+0x337/0x6f0 [ 23.665984] ? trace_preempt_on+0x20/0xc0 [ 23.666060] ? __pfx_kthread+0x10/0x10 [ 23.666134] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.666255] ? calculate_sigpending+0x7b/0xa0 [ 23.666344] ? __pfx_kthread+0x10/0x10 [ 23.666416] ret_from_fork+0x116/0x1d0 [ 23.666485] ? __pfx_kthread+0x10/0x10 [ 23.666562] ret_from_fork_asm+0x1a/0x30 [ 23.666657] </TASK> [ 23.666698] [ 23.680129] Allocated by task 292: [ 23.680533] kasan_save_stack+0x45/0x70 [ 23.680974] kasan_save_track+0x18/0x40 [ 23.681479] kasan_save_alloc_info+0x3b/0x50 [ 23.681916] __kasan_kmalloc+0xb7/0xc0 [ 23.682393] __kmalloc_cache_noprof+0x189/0x420 [ 23.682905] kasan_atomics+0x95/0x310 [ 23.683371] kunit_try_run_case+0x1a5/0x480 [ 23.683780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.684154] kthread+0x337/0x6f0 [ 23.684475] ret_from_fork+0x116/0x1d0 [ 23.684895] ret_from_fork_asm+0x1a/0x30 [ 23.685383] [ 23.685625] The buggy address belongs to the object at ffff88810383ae00 [ 23.685625] which belongs to the cache kmalloc-64 of size 64 [ 23.686665] The buggy address is located 0 bytes to the right of [ 23.686665] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.687523] [ 23.687702] The buggy address belongs to the physical page: [ 23.688298] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.689019] flags: 0x200000000000000(node=0|zone=2) [ 23.689470] page_type: f5(slab) [ 23.689727] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.690455] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.691059] page dumped because: kasan: bad access detected [ 23.691451] [ 23.691620] Memory state around the buggy address: [ 23.691945] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.692410] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.692959] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.693638] ^ [ 23.694122] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.694806] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.695493] ================================================================== [ 22.993854] ================================================================== [ 22.995074] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 22.995733] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.996391] [ 22.996649] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.996825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.996885] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.996942] Call Trace: [ 22.996967] <TASK> [ 22.996993] dump_stack_lvl+0x73/0xb0 [ 22.997037] print_report+0xd1/0x650 [ 22.997099] ? __virt_addr_valid+0x1db/0x2d0 [ 22.997157] ? kasan_atomics_helper+0x4a1c/0x5450 [ 22.997259] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.997342] ? kasan_atomics_helper+0x4a1c/0x5450 [ 22.997416] kasan_report+0x141/0x180 [ 22.997492] ? kasan_atomics_helper+0x4a1c/0x5450 [ 22.997579] __asan_report_load4_noabort+0x18/0x20 [ 22.997655] kasan_atomics_helper+0x4a1c/0x5450 [ 22.997734] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.997813] ? kasan_save_alloc_info+0x3b/0x50 [ 22.997928] kasan_atomics+0x1dc/0x310 [ 22.998012] ? __pfx_kasan_atomics+0x10/0x10 [ 22.998138] ? __pfx_read_tsc+0x10/0x10 [ 22.998252] ? ktime_get_ts64+0x86/0x230 [ 22.998339] kunit_try_run_case+0x1a5/0x480 [ 22.998420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.998493] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.998561] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.998640] ? __kthread_parkme+0x82/0x180 [ 22.998711] ? preempt_count_sub+0x50/0x80 [ 22.998789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.998885] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.998933] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.998972] kthread+0x337/0x6f0 [ 22.999003] ? trace_preempt_on+0x20/0xc0 [ 22.999042] ? __pfx_kthread+0x10/0x10 [ 22.999072] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.999109] ? calculate_sigpending+0x7b/0xa0 [ 22.999146] ? __pfx_kthread+0x10/0x10 [ 22.999177] ret_from_fork+0x116/0x1d0 [ 22.999203] ? __pfx_kthread+0x10/0x10 [ 22.999277] ret_from_fork_asm+0x1a/0x30 [ 22.999323] </TASK> [ 22.999341] [ 23.015088] Allocated by task 292: [ 23.015753] kasan_save_stack+0x45/0x70 [ 23.016088] kasan_save_track+0x18/0x40 [ 23.016384] kasan_save_alloc_info+0x3b/0x50 [ 23.016697] __kasan_kmalloc+0xb7/0xc0 [ 23.017162] __kmalloc_cache_noprof+0x189/0x420 [ 23.017777] kasan_atomics+0x95/0x310 [ 23.018211] kunit_try_run_case+0x1a5/0x480 [ 23.018587] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.019106] kthread+0x337/0x6f0 [ 23.019526] ret_from_fork+0x116/0x1d0 [ 23.020262] ret_from_fork_asm+0x1a/0x30 [ 23.020651] [ 23.020914] The buggy address belongs to the object at ffff88810383ae00 [ 23.020914] which belongs to the cache kmalloc-64 of size 64 [ 23.021908] The buggy address is located 0 bytes to the right of [ 23.021908] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.023005] [ 23.024133] The buggy address belongs to the physical page: [ 23.025009] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.026140] flags: 0x200000000000000(node=0|zone=2) [ 23.026918] page_type: f5(slab) [ 23.027066] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.027718] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.028995] page dumped because: kasan: bad access detected [ 23.029588] [ 23.029977] Memory state around the buggy address: [ 23.030811] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.032164] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.033073] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.033702] ^ [ 23.034089] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.035233] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.035864] ================================================================== [ 23.623866] ================================================================== [ 23.624619] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 23.625243] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.626465] [ 23.626687] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.626873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.626917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.626979] Call Trace: [ 23.627034] <TASK> [ 23.627084] dump_stack_lvl+0x73/0xb0 [ 23.627251] print_report+0xd1/0x650 [ 23.627369] ? __virt_addr_valid+0x1db/0x2d0 [ 23.627446] ? kasan_atomics_helper+0x177f/0x5450 [ 23.627520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.627608] ? kasan_atomics_helper+0x177f/0x5450 [ 23.627757] kasan_report+0x141/0x180 [ 23.627857] ? kasan_atomics_helper+0x177f/0x5450 [ 23.627946] kasan_check_range+0x10c/0x1c0 [ 23.628067] __kasan_check_write+0x18/0x20 [ 23.628145] kasan_atomics_helper+0x177f/0x5450 [ 23.628226] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.628289] ? kasan_save_alloc_info+0x3b/0x50 [ 23.628336] kasan_atomics+0x1dc/0x310 [ 23.628371] ? __pfx_kasan_atomics+0x10/0x10 [ 23.628407] ? __pfx_read_tsc+0x10/0x10 [ 23.628440] ? ktime_get_ts64+0x86/0x230 [ 23.628477] kunit_try_run_case+0x1a5/0x480 [ 23.628512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.628545] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.628575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.628614] ? __kthread_parkme+0x82/0x180 [ 23.628641] ? preempt_count_sub+0x50/0x80 [ 23.628674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.628709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.628744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.628779] kthread+0x337/0x6f0 [ 23.628808] ? trace_preempt_on+0x20/0xc0 [ 23.628872] ? __pfx_kthread+0x10/0x10 [ 23.628907] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.628943] ? calculate_sigpending+0x7b/0xa0 [ 23.628981] ? __pfx_kthread+0x10/0x10 [ 23.629012] ret_from_fork+0x116/0x1d0 [ 23.629039] ? __pfx_kthread+0x10/0x10 [ 23.629069] ret_from_fork_asm+0x1a/0x30 [ 23.629110] </TASK> [ 23.629125] [ 23.642957] Allocated by task 292: [ 23.643379] kasan_save_stack+0x45/0x70 [ 23.643768] kasan_save_track+0x18/0x40 [ 23.644177] kasan_save_alloc_info+0x3b/0x50 [ 23.644670] __kasan_kmalloc+0xb7/0xc0 [ 23.645067] __kmalloc_cache_noprof+0x189/0x420 [ 23.645440] kasan_atomics+0x95/0x310 [ 23.645728] kunit_try_run_case+0x1a5/0x480 [ 23.646188] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.646754] kthread+0x337/0x6f0 [ 23.647208] ret_from_fork+0x116/0x1d0 [ 23.647666] ret_from_fork_asm+0x1a/0x30 [ 23.648125] [ 23.648378] The buggy address belongs to the object at ffff88810383ae00 [ 23.648378] which belongs to the cache kmalloc-64 of size 64 [ 23.649387] The buggy address is located 0 bytes to the right of [ 23.649387] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.650080] [ 23.650376] The buggy address belongs to the physical page: [ 23.650861] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.651639] flags: 0x200000000000000(node=0|zone=2) [ 23.652153] page_type: f5(slab) [ 23.652533] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.653208] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.653873] page dumped because: kasan: bad access detected [ 23.654398] [ 23.654603] Memory state around the buggy address: [ 23.655050] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.655699] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.656374] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.656984] ^ [ 23.657386] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.657809] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.658526] ================================================================== [ 22.741536] ================================================================== [ 22.742112] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 22.743813] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.744776] [ 22.745039] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.745167] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.745209] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.745273] Call Trace: [ 22.745326] <TASK> [ 22.745376] dump_stack_lvl+0x73/0xb0 [ 22.745462] print_report+0xd1/0x650 [ 22.745544] ? __virt_addr_valid+0x1db/0x2d0 [ 22.745623] ? kasan_atomics_helper+0xde0/0x5450 [ 22.745695] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.745771] ? kasan_atomics_helper+0xde0/0x5450 [ 22.745864] kasan_report+0x141/0x180 [ 22.745944] ? kasan_atomics_helper+0xde0/0x5450 [ 22.746037] kasan_check_range+0x10c/0x1c0 [ 22.746124] __kasan_check_write+0x18/0x20 [ 22.746200] kasan_atomics_helper+0xde0/0x5450 [ 22.746281] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.746363] ? kasan_save_alloc_info+0x3b/0x50 [ 22.746418] kasan_atomics+0x1dc/0x310 [ 22.746455] ? __pfx_kasan_atomics+0x10/0x10 [ 22.746492] ? __pfx_read_tsc+0x10/0x10 [ 22.746522] ? ktime_get_ts64+0x86/0x230 [ 22.746559] kunit_try_run_case+0x1a5/0x480 [ 22.746596] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.746630] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.746660] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.746698] ? __kthread_parkme+0x82/0x180 [ 22.746727] ? preempt_count_sub+0x50/0x80 [ 22.746760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.746795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.746852] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.746896] kthread+0x337/0x6f0 [ 22.746926] ? trace_preempt_on+0x20/0xc0 [ 22.746962] ? __pfx_kthread+0x10/0x10 [ 22.746994] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.747030] ? calculate_sigpending+0x7b/0xa0 [ 22.747065] ? __pfx_kthread+0x10/0x10 [ 22.747096] ret_from_fork+0x116/0x1d0 [ 22.747123] ? __pfx_kthread+0x10/0x10 [ 22.747152] ret_from_fork_asm+0x1a/0x30 [ 22.747193] </TASK> [ 22.747209] [ 22.767688] Allocated by task 292: [ 22.767974] kasan_save_stack+0x45/0x70 [ 22.768390] kasan_save_track+0x18/0x40 [ 22.768789] kasan_save_alloc_info+0x3b/0x50 [ 22.769239] __kasan_kmalloc+0xb7/0xc0 [ 22.769633] __kmalloc_cache_noprof+0x189/0x420 [ 22.770089] kasan_atomics+0x95/0x310 [ 22.770468] kunit_try_run_case+0x1a5/0x480 [ 22.770992] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.771629] kthread+0x337/0x6f0 [ 22.772022] ret_from_fork+0x116/0x1d0 [ 22.772565] ret_from_fork_asm+0x1a/0x30 [ 22.772999] [ 22.773218] The buggy address belongs to the object at ffff88810383ae00 [ 22.773218] which belongs to the cache kmalloc-64 of size 64 [ 22.773919] The buggy address is located 0 bytes to the right of [ 22.773919] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.775444] [ 22.775676] The buggy address belongs to the physical page: [ 22.776213] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.777076] flags: 0x200000000000000(node=0|zone=2) [ 22.777624] page_type: f5(slab) [ 22.778014] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.778880] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.779432] page dumped because: kasan: bad access detected [ 22.779777] [ 22.780520] Memory state around the buggy address: [ 22.781005] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.782061] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.783040] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.784054] ^ [ 22.784705] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.785303] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.785878] ================================================================== [ 23.080894] ================================================================== [ 23.083875] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 23.084878] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.085701] [ 23.085983] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.086144] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.086188] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.086375] Call Trace: [ 23.086458] <TASK> [ 23.086513] dump_stack_lvl+0x73/0xb0 [ 23.086601] print_report+0xd1/0x650 [ 23.086700] ? __virt_addr_valid+0x1db/0x2d0 [ 23.086811] ? kasan_atomics_helper+0x4a02/0x5450 [ 23.086904] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.086980] ? kasan_atomics_helper+0x4a02/0x5450 [ 23.087056] kasan_report+0x141/0x180 [ 23.087132] ? kasan_atomics_helper+0x4a02/0x5450 [ 23.087242] __asan_report_load4_noabort+0x18/0x20 [ 23.087354] kasan_atomics_helper+0x4a02/0x5450 [ 23.087486] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.087575] ? kasan_save_alloc_info+0x3b/0x50 [ 23.087626] kasan_atomics+0x1dc/0x310 [ 23.087663] ? __pfx_kasan_atomics+0x10/0x10 [ 23.087699] ? __pfx_read_tsc+0x10/0x10 [ 23.087733] ? ktime_get_ts64+0x86/0x230 [ 23.087769] kunit_try_run_case+0x1a5/0x480 [ 23.087805] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.087867] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.087904] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.087944] ? __kthread_parkme+0x82/0x180 [ 23.087976] ? preempt_count_sub+0x50/0x80 [ 23.088010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.088046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.088081] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.088116] kthread+0x337/0x6f0 [ 23.088146] ? trace_preempt_on+0x20/0xc0 [ 23.088181] ? __pfx_kthread+0x10/0x10 [ 23.088215] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.088275] ? calculate_sigpending+0x7b/0xa0 [ 23.088316] ? __pfx_kthread+0x10/0x10 [ 23.088348] ret_from_fork+0x116/0x1d0 [ 23.088377] ? __pfx_kthread+0x10/0x10 [ 23.088409] ret_from_fork_asm+0x1a/0x30 [ 23.088452] </TASK> [ 23.088468] [ 23.103890] Allocated by task 292: [ 23.104348] kasan_save_stack+0x45/0x70 [ 23.104748] kasan_save_track+0x18/0x40 [ 23.105190] kasan_save_alloc_info+0x3b/0x50 [ 23.105551] __kasan_kmalloc+0xb7/0xc0 [ 23.106059] __kmalloc_cache_noprof+0x189/0x420 [ 23.106619] kasan_atomics+0x95/0x310 [ 23.107020] kunit_try_run_case+0x1a5/0x480 [ 23.107480] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.108058] kthread+0x337/0x6f0 [ 23.108518] ret_from_fork+0x116/0x1d0 [ 23.108942] ret_from_fork_asm+0x1a/0x30 [ 23.109425] [ 23.109698] The buggy address belongs to the object at ffff88810383ae00 [ 23.109698] which belongs to the cache kmalloc-64 of size 64 [ 23.110671] The buggy address is located 0 bytes to the right of [ 23.110671] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.111741] [ 23.111994] The buggy address belongs to the physical page: [ 23.112515] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.113336] flags: 0x200000000000000(node=0|zone=2) [ 23.113847] page_type: f5(slab) [ 23.114255] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.114895] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.115460] page dumped because: kasan: bad access detected [ 23.115981] [ 23.116189] Memory state around the buggy address: [ 23.116724] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.117442] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.117884] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.118484] ^ [ 23.119057] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.119725] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.120431] ================================================================== [ 22.430579] ================================================================== [ 22.431402] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 22.431957] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.432666] [ 22.432980] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.433110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.433152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.433213] Call Trace: [ 22.433264] <TASK> [ 22.433312] dump_stack_lvl+0x73/0xb0 [ 22.433394] print_report+0xd1/0x650 [ 22.433470] ? __virt_addr_valid+0x1db/0x2d0 [ 22.433546] ? kasan_atomics_helper+0x992/0x5450 [ 22.433620] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.433733] ? kasan_atomics_helper+0x992/0x5450 [ 22.433818] kasan_report+0x141/0x180 [ 22.433945] ? kasan_atomics_helper+0x992/0x5450 [ 22.434040] kasan_check_range+0x10c/0x1c0 [ 22.434125] __kasan_check_write+0x18/0x20 [ 22.434197] kasan_atomics_helper+0x992/0x5450 [ 22.434627] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.434704] ? kasan_save_alloc_info+0x3b/0x50 [ 22.434796] kasan_atomics+0x1dc/0x310 [ 22.434893] ? __pfx_kasan_atomics+0x10/0x10 [ 22.434972] ? __pfx_read_tsc+0x10/0x10 [ 22.435008] ? ktime_get_ts64+0x86/0x230 [ 22.435047] kunit_try_run_case+0x1a5/0x480 [ 22.435086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.435124] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.435156] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.435194] ? __kthread_parkme+0x82/0x180 [ 22.435241] ? preempt_count_sub+0x50/0x80 [ 22.435322] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.435385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.435422] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.435459] kthread+0x337/0x6f0 [ 22.435489] ? trace_preempt_on+0x20/0xc0 [ 22.435526] ? __pfx_kthread+0x10/0x10 [ 22.435569] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.435606] ? calculate_sigpending+0x7b/0xa0 [ 22.435642] ? __pfx_kthread+0x10/0x10 [ 22.435674] ret_from_fork+0x116/0x1d0 [ 22.435701] ? __pfx_kthread+0x10/0x10 [ 22.435733] ret_from_fork_asm+0x1a/0x30 [ 22.435777] </TASK> [ 22.435793] [ 22.456093] Allocated by task 292: [ 22.456717] kasan_save_stack+0x45/0x70 [ 22.457129] kasan_save_track+0x18/0x40 [ 22.458000] kasan_save_alloc_info+0x3b/0x50 [ 22.458316] __kasan_kmalloc+0xb7/0xc0 [ 22.458744] __kmalloc_cache_noprof+0x189/0x420 [ 22.459268] kasan_atomics+0x95/0x310 [ 22.460098] kunit_try_run_case+0x1a5/0x480 [ 22.460513] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.461216] kthread+0x337/0x6f0 [ 22.461608] ret_from_fork+0x116/0x1d0 [ 22.462046] ret_from_fork_asm+0x1a/0x30 [ 22.462902] [ 22.463095] The buggy address belongs to the object at ffff88810383ae00 [ 22.463095] which belongs to the cache kmalloc-64 of size 64 [ 22.464293] The buggy address is located 0 bytes to the right of [ 22.464293] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.466105] [ 22.466471] The buggy address belongs to the physical page: [ 22.466827] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.467359] flags: 0x200000000000000(node=0|zone=2) [ 22.468230] page_type: f5(slab) [ 22.468744] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.470071] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.470895] page dumped because: kasan: bad access detected [ 22.471653] [ 22.471894] Memory state around the buggy address: [ 22.472284] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.473084] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.473625] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.474642] ^ [ 22.475049] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.475974] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.476601] ================================================================== [ 22.838529] ================================================================== [ 22.839152] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 22.840146] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.841082] [ 22.841321] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.841453] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.841494] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.841873] Call Trace: [ 22.842138] <TASK> [ 22.842192] dump_stack_lvl+0x73/0xb0 [ 22.842278] print_report+0xd1/0x650 [ 22.842353] ? __virt_addr_valid+0x1db/0x2d0 [ 22.842432] ? kasan_atomics_helper+0xf10/0x5450 [ 22.842520] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.842560] ? kasan_atomics_helper+0xf10/0x5450 [ 22.842593] kasan_report+0x141/0x180 [ 22.842631] ? kasan_atomics_helper+0xf10/0x5450 [ 22.842713] kasan_check_range+0x10c/0x1c0 [ 22.842796] __kasan_check_write+0x18/0x20 [ 22.842976] kasan_atomics_helper+0xf10/0x5450 [ 22.843141] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.843253] ? kasan_save_alloc_info+0x3b/0x50 [ 22.843357] kasan_atomics+0x1dc/0x310 [ 22.843427] ? __pfx_kasan_atomics+0x10/0x10 [ 22.843469] ? __pfx_read_tsc+0x10/0x10 [ 22.843521] ? ktime_get_ts64+0x86/0x230 [ 22.843579] kunit_try_run_case+0x1a5/0x480 [ 22.843631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.843673] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.843718] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.843770] ? __kthread_parkme+0x82/0x180 [ 22.843811] ? preempt_count_sub+0x50/0x80 [ 22.843879] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.843920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.843975] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.844013] kthread+0x337/0x6f0 [ 22.844062] ? trace_preempt_on+0x20/0xc0 [ 22.844098] ? __pfx_kthread+0x10/0x10 [ 22.844167] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.844217] ? calculate_sigpending+0x7b/0xa0 [ 22.844278] ? __pfx_kthread+0x10/0x10 [ 22.844313] ret_from_fork+0x116/0x1d0 [ 22.844340] ? __pfx_kthread+0x10/0x10 [ 22.844370] ret_from_fork_asm+0x1a/0x30 [ 22.844413] </TASK> [ 22.844428] [ 22.859815] Allocated by task 292: [ 22.860178] kasan_save_stack+0x45/0x70 [ 22.860581] kasan_save_track+0x18/0x40 [ 22.860975] kasan_save_alloc_info+0x3b/0x50 [ 22.862882] __kasan_kmalloc+0xb7/0xc0 [ 22.863315] __kmalloc_cache_noprof+0x189/0x420 [ 22.864063] kasan_atomics+0x95/0x310 [ 22.864341] kunit_try_run_case+0x1a5/0x480 [ 22.864826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.865366] kthread+0x337/0x6f0 [ 22.865714] ret_from_fork+0x116/0x1d0 [ 22.866117] ret_from_fork_asm+0x1a/0x30 [ 22.866717] [ 22.867038] The buggy address belongs to the object at ffff88810383ae00 [ 22.867038] which belongs to the cache kmalloc-64 of size 64 [ 22.868139] The buggy address is located 0 bytes to the right of [ 22.868139] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.869171] [ 22.869494] The buggy address belongs to the physical page: [ 22.869988] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.870708] flags: 0x200000000000000(node=0|zone=2) [ 22.871262] page_type: f5(slab) [ 22.871719] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.872409] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.873072] page dumped because: kasan: bad access detected [ 22.873607] [ 22.873859] Memory state around the buggy address: [ 22.874388] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.875043] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.875726] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.876387] ^ [ 22.876882] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.877543] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.878303] ================================================================== [ 22.880251] ================================================================== [ 22.880741] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 22.881560] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.882351] [ 22.882737] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.882884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.882926] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.882989] Call Trace: [ 22.883031] <TASK> [ 22.883078] dump_stack_lvl+0x73/0xb0 [ 22.883157] print_report+0xd1/0x650 [ 22.883254] ? __virt_addr_valid+0x1db/0x2d0 [ 22.883488] ? kasan_atomics_helper+0xfa9/0x5450 [ 22.883601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.883682] ? kasan_atomics_helper+0xfa9/0x5450 [ 22.883752] kasan_report+0x141/0x180 [ 22.883846] ? kasan_atomics_helper+0xfa9/0x5450 [ 22.883932] kasan_check_range+0x10c/0x1c0 [ 22.884016] __kasan_check_write+0x18/0x20 [ 22.884085] kasan_atomics_helper+0xfa9/0x5450 [ 22.884188] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.884320] ? kasan_save_alloc_info+0x3b/0x50 [ 22.884407] kasan_atomics+0x1dc/0x310 [ 22.884453] ? __pfx_kasan_atomics+0x10/0x10 [ 22.884494] ? __pfx_read_tsc+0x10/0x10 [ 22.884524] ? ktime_get_ts64+0x86/0x230 [ 22.884563] kunit_try_run_case+0x1a5/0x480 [ 22.884601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.884635] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.884666] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.884704] ? __kthread_parkme+0x82/0x180 [ 22.884733] ? preempt_count_sub+0x50/0x80 [ 22.884768] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.884804] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.884865] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.884906] kthread+0x337/0x6f0 [ 22.884938] ? trace_preempt_on+0x20/0xc0 [ 22.884975] ? __pfx_kthread+0x10/0x10 [ 22.885005] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.885041] ? calculate_sigpending+0x7b/0xa0 [ 22.885077] ? __pfx_kthread+0x10/0x10 [ 22.885110] ret_from_fork+0x116/0x1d0 [ 22.885138] ? __pfx_kthread+0x10/0x10 [ 22.885170] ret_from_fork_asm+0x1a/0x30 [ 22.885231] </TASK> [ 22.885269] [ 22.899260] Allocated by task 292: [ 22.899609] kasan_save_stack+0x45/0x70 [ 22.900024] kasan_save_track+0x18/0x40 [ 22.900432] kasan_save_alloc_info+0x3b/0x50 [ 22.900869] __kasan_kmalloc+0xb7/0xc0 [ 22.901247] __kmalloc_cache_noprof+0x189/0x420 [ 22.901692] kasan_atomics+0x95/0x310 [ 22.902060] kunit_try_run_case+0x1a5/0x480 [ 22.902438] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.902944] kthread+0x337/0x6f0 [ 22.903311] ret_from_fork+0x116/0x1d0 [ 22.903687] ret_from_fork_asm+0x1a/0x30 [ 22.904059] [ 22.904267] The buggy address belongs to the object at ffff88810383ae00 [ 22.904267] which belongs to the cache kmalloc-64 of size 64 [ 22.904937] The buggy address is located 0 bytes to the right of [ 22.904937] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.905547] [ 22.905756] The buggy address belongs to the physical page: [ 22.906109] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.907297] flags: 0x200000000000000(node=0|zone=2) [ 22.908072] page_type: f5(slab) [ 22.908711] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.910102] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.910648] page dumped because: kasan: bad access detected [ 22.911007] [ 22.911168] Memory state around the buggy address: [ 22.912284] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.913404] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.914504] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.915549] ^ [ 22.915985] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.916800] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.917268] ================================================================== [ 23.037692] ================================================================== [ 23.038516] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 23.039170] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.039997] [ 23.040191] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.040285] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.040307] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.040340] Call Trace: [ 23.040357] <TASK> [ 23.040379] dump_stack_lvl+0x73/0xb0 [ 23.040419] print_report+0xd1/0x650 [ 23.040451] ? __virt_addr_valid+0x1db/0x2d0 [ 23.040484] ? kasan_atomics_helper+0x1148/0x5450 [ 23.040516] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.040550] ? kasan_atomics_helper+0x1148/0x5450 [ 23.040581] kasan_report+0x141/0x180 [ 23.040613] ? kasan_atomics_helper+0x1148/0x5450 [ 23.040652] kasan_check_range+0x10c/0x1c0 [ 23.040688] __kasan_check_write+0x18/0x20 [ 23.040716] kasan_atomics_helper+0x1148/0x5450 [ 23.040749] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.040781] ? kasan_save_alloc_info+0x3b/0x50 [ 23.040823] kasan_atomics+0x1dc/0x310 [ 23.040915] ? __pfx_kasan_atomics+0x10/0x10 [ 23.040997] ? __pfx_read_tsc+0x10/0x10 [ 23.041072] ? ktime_get_ts64+0x86/0x230 [ 23.041158] kunit_try_run_case+0x1a5/0x480 [ 23.041241] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.041320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.041429] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.041520] ? __kthread_parkme+0x82/0x180 [ 23.041596] ? preempt_count_sub+0x50/0x80 [ 23.041676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.041751] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.041843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.041927] kthread+0x337/0x6f0 [ 23.041995] ? trace_preempt_on+0x20/0xc0 [ 23.042040] ? __pfx_kthread+0x10/0x10 [ 23.042073] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.042110] ? calculate_sigpending+0x7b/0xa0 [ 23.042146] ? __pfx_kthread+0x10/0x10 [ 23.042177] ret_from_fork+0x116/0x1d0 [ 23.042206] ? __pfx_kthread+0x10/0x10 [ 23.042266] ret_from_fork_asm+0x1a/0x30 [ 23.042314] </TASK> [ 23.042329] [ 23.058395] Allocated by task 292: [ 23.058733] kasan_save_stack+0x45/0x70 [ 23.059192] kasan_save_track+0x18/0x40 [ 23.059690] kasan_save_alloc_info+0x3b/0x50 [ 23.060179] __kasan_kmalloc+0xb7/0xc0 [ 23.060670] __kmalloc_cache_noprof+0x189/0x420 [ 23.061198] kasan_atomics+0x95/0x310 [ 23.061723] kunit_try_run_case+0x1a5/0x480 [ 23.062185] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.062770] kthread+0x337/0x6f0 [ 23.063170] ret_from_fork+0x116/0x1d0 [ 23.063499] ret_from_fork_asm+0x1a/0x30 [ 23.063918] [ 23.064199] The buggy address belongs to the object at ffff88810383ae00 [ 23.064199] which belongs to the cache kmalloc-64 of size 64 [ 23.065425] The buggy address is located 0 bytes to the right of [ 23.065425] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.066594] [ 23.066856] The buggy address belongs to the physical page: [ 23.067302] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.067958] flags: 0x200000000000000(node=0|zone=2) [ 23.068534] page_type: f5(slab) [ 23.068799] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.069659] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.070393] page dumped because: kasan: bad access detected [ 23.070810] [ 23.070973] Memory state around the buggy address: [ 23.072104] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.074463] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.076255] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.076618] ^ [ 23.076915] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.077276] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.077670] ================================================================== [ 23.980682] ================================================================== [ 23.981764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 23.982869] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.983948] [ 23.984407] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.984592] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.984661] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.984723] Call Trace: [ 23.984818] <TASK> [ 23.984900] dump_stack_lvl+0x73/0xb0 [ 23.984982] print_report+0xd1/0x650 [ 23.985067] ? __virt_addr_valid+0x1db/0x2d0 [ 23.985202] ? kasan_atomics_helper+0x1ce1/0x5450 [ 23.985309] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.985391] ? kasan_atomics_helper+0x1ce1/0x5450 [ 23.985516] kasan_report+0x141/0x180 [ 23.985626] ? kasan_atomics_helper+0x1ce1/0x5450 [ 23.985716] kasan_check_range+0x10c/0x1c0 [ 23.985775] __kasan_check_write+0x18/0x20 [ 23.985807] kasan_atomics_helper+0x1ce1/0x5450 [ 23.985866] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.985903] ? kasan_save_alloc_info+0x3b/0x50 [ 23.985948] kasan_atomics+0x1dc/0x310 [ 23.985984] ? __pfx_kasan_atomics+0x10/0x10 [ 23.986021] ? __pfx_read_tsc+0x10/0x10 [ 23.986053] ? ktime_get_ts64+0x86/0x230 [ 23.986093] kunit_try_run_case+0x1a5/0x480 [ 23.986130] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.986165] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.986195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.986259] ? __kthread_parkme+0x82/0x180 [ 23.986295] ? preempt_count_sub+0x50/0x80 [ 23.986332] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.986368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.986403] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.986439] kthread+0x337/0x6f0 [ 23.986467] ? trace_preempt_on+0x20/0xc0 [ 23.986505] ? __pfx_kthread+0x10/0x10 [ 23.986537] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.986573] ? calculate_sigpending+0x7b/0xa0 [ 23.986610] ? __pfx_kthread+0x10/0x10 [ 23.986641] ret_from_fork+0x116/0x1d0 [ 23.986668] ? __pfx_kthread+0x10/0x10 [ 23.986698] ret_from_fork_asm+0x1a/0x30 [ 23.986742] </TASK> [ 23.986759] [ 24.003930] Allocated by task 292: [ 24.004297] kasan_save_stack+0x45/0x70 [ 24.004777] kasan_save_track+0x18/0x40 [ 24.005222] kasan_save_alloc_info+0x3b/0x50 [ 24.005696] __kasan_kmalloc+0xb7/0xc0 [ 24.006869] __kmalloc_cache_noprof+0x189/0x420 [ 24.007230] kasan_atomics+0x95/0x310 [ 24.007643] kunit_try_run_case+0x1a5/0x480 [ 24.008017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.008599] kthread+0x337/0x6f0 [ 24.009018] ret_from_fork+0x116/0x1d0 [ 24.009494] ret_from_fork_asm+0x1a/0x30 [ 24.010749] [ 24.011094] The buggy address belongs to the object at ffff88810383ae00 [ 24.011094] which belongs to the cache kmalloc-64 of size 64 [ 24.012184] The buggy address is located 0 bytes to the right of [ 24.012184] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.013290] [ 24.013535] The buggy address belongs to the physical page: [ 24.014093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.014749] flags: 0x200000000000000(node=0|zone=2) [ 24.015303] page_type: f5(slab) [ 24.015765] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.016389] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.017042] page dumped because: kasan: bad access detected [ 24.017508] [ 24.017698] Memory state around the buggy address: [ 24.018129] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.018648] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.019424] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.019875] ^ [ 24.020334] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.021330] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.021883] ================================================================== [ 24.146870] ================================================================== [ 24.147501] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 24.148145] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.148792] [ 24.149056] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.149193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.149280] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.149346] Call Trace: [ 24.149399] <TASK> [ 24.149450] dump_stack_lvl+0x73/0xb0 [ 24.149539] print_report+0xd1/0x650 [ 24.149617] ? __virt_addr_valid+0x1db/0x2d0 [ 24.149694] ? kasan_atomics_helper+0x1f43/0x5450 [ 24.149771] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.149904] ? kasan_atomics_helper+0x1f43/0x5450 [ 24.149987] kasan_report+0x141/0x180 [ 24.150067] ? kasan_atomics_helper+0x1f43/0x5450 [ 24.150153] kasan_check_range+0x10c/0x1c0 [ 24.150271] __kasan_check_write+0x18/0x20 [ 24.150346] kasan_atomics_helper+0x1f43/0x5450 [ 24.150419] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.150490] ? kasan_save_alloc_info+0x3b/0x50 [ 24.150579] kasan_atomics+0x1dc/0x310 [ 24.150656] ? __pfx_kasan_atomics+0x10/0x10 [ 24.150733] ? __pfx_read_tsc+0x10/0x10 [ 24.150804] ? ktime_get_ts64+0x86/0x230 [ 24.150921] kunit_try_run_case+0x1a5/0x480 [ 24.150998] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.151074] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.151122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.151164] ? __kthread_parkme+0x82/0x180 [ 24.151194] ? preempt_count_sub+0x50/0x80 [ 24.151272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.151314] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.151350] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.151388] kthread+0x337/0x6f0 [ 24.151419] ? trace_preempt_on+0x20/0xc0 [ 24.151457] ? __pfx_kthread+0x10/0x10 [ 24.151489] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.151526] ? calculate_sigpending+0x7b/0xa0 [ 24.151574] ? __pfx_kthread+0x10/0x10 [ 24.151608] ret_from_fork+0x116/0x1d0 [ 24.151636] ? __pfx_kthread+0x10/0x10 [ 24.151666] ret_from_fork_asm+0x1a/0x30 [ 24.151710] </TASK> [ 24.151728] [ 24.166855] Allocated by task 292: [ 24.167182] kasan_save_stack+0x45/0x70 [ 24.167645] kasan_save_track+0x18/0x40 [ 24.168043] kasan_save_alloc_info+0x3b/0x50 [ 24.168514] __kasan_kmalloc+0xb7/0xc0 [ 24.168904] __kmalloc_cache_noprof+0x189/0x420 [ 24.169357] kasan_atomics+0x95/0x310 [ 24.169736] kunit_try_run_case+0x1a5/0x480 [ 24.170147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.170598] kthread+0x337/0x6f0 [ 24.170969] ret_from_fork+0x116/0x1d0 [ 24.171379] ret_from_fork_asm+0x1a/0x30 [ 24.171752] [ 24.171969] The buggy address belongs to the object at ffff88810383ae00 [ 24.171969] which belongs to the cache kmalloc-64 of size 64 [ 24.172845] The buggy address is located 0 bytes to the right of [ 24.172845] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.173767] [ 24.173956] The buggy address belongs to the physical page: [ 24.174350] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.174817] flags: 0x200000000000000(node=0|zone=2) [ 24.175358] page_type: f5(slab) [ 24.175728] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.176469] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.177128] page dumped because: kasan: bad access detected [ 24.177655] [ 24.177815] Memory state around the buggy address: [ 24.178142] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.178672] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.179350] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.179958] ^ [ 24.180464] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.181064] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.181628] ================================================================== [ 24.422499] ================================================================== [ 24.423085] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 24.423826] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.424575] [ 24.424777] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.424931] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.424974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.425035] Call Trace: [ 24.425089] <TASK> [ 24.425140] dump_stack_lvl+0x73/0xb0 [ 24.425279] print_report+0xd1/0x650 [ 24.425367] ? __virt_addr_valid+0x1db/0x2d0 [ 24.425465] ? kasan_atomics_helper+0x4fa5/0x5450 [ 24.425543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.425689] ? kasan_atomics_helper+0x4fa5/0x5450 [ 24.425773] kasan_report+0x141/0x180 [ 24.425870] ? kasan_atomics_helper+0x4fa5/0x5450 [ 24.426030] __asan_report_load8_noabort+0x18/0x20 [ 24.426115] kasan_atomics_helper+0x4fa5/0x5450 [ 24.426194] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.426337] ? kasan_save_alloc_info+0x3b/0x50 [ 24.426433] kasan_atomics+0x1dc/0x310 [ 24.426491] ? __pfx_kasan_atomics+0x10/0x10 [ 24.426533] ? __pfx_read_tsc+0x10/0x10 [ 24.426565] ? ktime_get_ts64+0x86/0x230 [ 24.426617] kunit_try_run_case+0x1a5/0x480 [ 24.426696] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.426853] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.426932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.427013] ? __kthread_parkme+0x82/0x180 [ 24.427087] ? preempt_count_sub+0x50/0x80 [ 24.427239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.427325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.427400] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.427442] kthread+0x337/0x6f0 [ 24.427472] ? trace_preempt_on+0x20/0xc0 [ 24.427511] ? __pfx_kthread+0x10/0x10 [ 24.427551] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.427588] ? calculate_sigpending+0x7b/0xa0 [ 24.427625] ? __pfx_kthread+0x10/0x10 [ 24.427656] ret_from_fork+0x116/0x1d0 [ 24.427684] ? __pfx_kthread+0x10/0x10 [ 24.427713] ret_from_fork_asm+0x1a/0x30 [ 24.427756] </TASK> [ 24.427771] [ 24.445923] Allocated by task 292: [ 24.446347] kasan_save_stack+0x45/0x70 [ 24.446763] kasan_save_track+0x18/0x40 [ 24.447149] kasan_save_alloc_info+0x3b/0x50 [ 24.447618] __kasan_kmalloc+0xb7/0xc0 [ 24.448069] __kmalloc_cache_noprof+0x189/0x420 [ 24.448489] kasan_atomics+0x95/0x310 [ 24.448776] kunit_try_run_case+0x1a5/0x480 [ 24.449318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.449815] kthread+0x337/0x6f0 [ 24.450260] ret_from_fork+0x116/0x1d0 [ 24.450544] ret_from_fork_asm+0x1a/0x30 [ 24.450954] [ 24.451179] The buggy address belongs to the object at ffff88810383ae00 [ 24.451179] which belongs to the cache kmalloc-64 of size 64 [ 24.452326] The buggy address is located 0 bytes to the right of [ 24.452326] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.453190] [ 24.453487] The buggy address belongs to the physical page: [ 24.454041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.454625] flags: 0x200000000000000(node=0|zone=2) [ 24.455051] page_type: f5(slab) [ 24.455482] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.456178] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.456701] page dumped because: kasan: bad access detected [ 24.457059] [ 24.457322] Memory state around the buggy address: [ 24.457776] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.458518] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.459100] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.459664] ^ [ 24.460001] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.460632] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.461352] ================================================================== [ 24.256794] ================================================================== [ 24.257392] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 24.257951] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.258540] [ 24.258735] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.258880] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.258921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.258982] Call Trace: [ 24.259030] <TASK> [ 24.259075] dump_stack_lvl+0x73/0xb0 [ 24.259154] print_report+0xd1/0x650 [ 24.259278] ? __virt_addr_valid+0x1db/0x2d0 [ 24.259362] ? kasan_atomics_helper+0x4f98/0x5450 [ 24.259436] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.259514] ? kasan_atomics_helper+0x4f98/0x5450 [ 24.259598] kasan_report+0x141/0x180 [ 24.259679] ? kasan_atomics_helper+0x4f98/0x5450 [ 24.259766] __asan_report_load8_noabort+0x18/0x20 [ 24.259873] kasan_atomics_helper+0x4f98/0x5450 [ 24.259956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.260031] ? kasan_save_alloc_info+0x3b/0x50 [ 24.260120] kasan_atomics+0x1dc/0x310 [ 24.260197] ? __pfx_kasan_atomics+0x10/0x10 [ 24.260321] ? __pfx_read_tsc+0x10/0x10 [ 24.260390] ? ktime_get_ts64+0x86/0x230 [ 24.260472] kunit_try_run_case+0x1a5/0x480 [ 24.260547] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.260622] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.260698] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.260779] ? __kthread_parkme+0x82/0x180 [ 24.260868] ? preempt_count_sub+0x50/0x80 [ 24.260949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.261023] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.261098] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.261175] kthread+0x337/0x6f0 [ 24.261289] ? trace_preempt_on+0x20/0xc0 [ 24.261369] ? __pfx_kthread+0x10/0x10 [ 24.261439] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.261515] ? calculate_sigpending+0x7b/0xa0 [ 24.261593] ? __pfx_kthread+0x10/0x10 [ 24.261663] ret_from_fork+0x116/0x1d0 [ 24.261731] ? __pfx_kthread+0x10/0x10 [ 24.261806] ret_from_fork_asm+0x1a/0x30 [ 24.261921] </TASK> [ 24.261960] [ 24.274732] Allocated by task 292: [ 24.275122] kasan_save_stack+0x45/0x70 [ 24.275588] kasan_save_track+0x18/0x40 [ 24.276011] kasan_save_alloc_info+0x3b/0x50 [ 24.276479] __kasan_kmalloc+0xb7/0xc0 [ 24.276763] __kmalloc_cache_noprof+0x189/0x420 [ 24.277134] kasan_atomics+0x95/0x310 [ 24.277545] kunit_try_run_case+0x1a5/0x480 [ 24.277968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.278529] kthread+0x337/0x6f0 [ 24.278895] ret_from_fork+0x116/0x1d0 [ 24.279320] ret_from_fork_asm+0x1a/0x30 [ 24.279663] [ 24.279879] The buggy address belongs to the object at ffff88810383ae00 [ 24.279879] which belongs to the cache kmalloc-64 of size 64 [ 24.280619] The buggy address is located 0 bytes to the right of [ 24.280619] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.282788] [ 24.283020] The buggy address belongs to the physical page: [ 24.284375] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.284981] flags: 0x200000000000000(node=0|zone=2) [ 24.285316] page_type: f5(slab) [ 24.285578] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.287794] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.288754] page dumped because: kasan: bad access detected [ 24.289352] [ 24.289559] Memory state around the buggy address: [ 24.290052] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.290721] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.291374] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.292087] ^ [ 24.292572] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.293131] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.293773] ================================================================== [ 22.062149] ================================================================== [ 22.062969] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 22.063705] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.064518] [ 22.064972] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.065104] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.065146] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.065225] Call Trace: [ 22.065279] <TASK> [ 22.065327] dump_stack_lvl+0x73/0xb0 [ 22.065409] print_report+0xd1/0x650 [ 22.065483] ? __virt_addr_valid+0x1db/0x2d0 [ 22.065558] ? kasan_atomics_helper+0x4b3a/0x5450 [ 22.065631] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.065708] ? kasan_atomics_helper+0x4b3a/0x5450 [ 22.065786] kasan_report+0x141/0x180 [ 22.065888] ? kasan_atomics_helper+0x4b3a/0x5450 [ 22.065987] __asan_report_store4_noabort+0x1b/0x30 [ 22.066047] kasan_atomics_helper+0x4b3a/0x5450 [ 22.066085] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.066118] ? kasan_save_alloc_info+0x3b/0x50 [ 22.066161] kasan_atomics+0x1dc/0x310 [ 22.066195] ? __pfx_kasan_atomics+0x10/0x10 [ 22.066231] ? __pfx_read_tsc+0x10/0x10 [ 22.066263] ? ktime_get_ts64+0x86/0x230 [ 22.066300] kunit_try_run_case+0x1a5/0x480 [ 22.066336] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.066369] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.066399] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.066438] ? __kthread_parkme+0x82/0x180 [ 22.066469] ? preempt_count_sub+0x50/0x80 [ 22.066543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.066617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.066657] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.066693] kthread+0x337/0x6f0 [ 22.066723] ? trace_preempt_on+0x20/0xc0 [ 22.066760] ? __pfx_kthread+0x10/0x10 [ 22.066791] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.066825] ? calculate_sigpending+0x7b/0xa0 [ 22.066889] ? __pfx_kthread+0x10/0x10 [ 22.066921] ret_from_fork+0x116/0x1d0 [ 22.066950] ? __pfx_kthread+0x10/0x10 [ 22.066983] ret_from_fork_asm+0x1a/0x30 [ 22.067027] </TASK> [ 22.067043] [ 22.085734] Allocated by task 292: [ 22.086131] kasan_save_stack+0x45/0x70 [ 22.086440] kasan_save_track+0x18/0x40 [ 22.087151] kasan_save_alloc_info+0x3b/0x50 [ 22.087855] __kasan_kmalloc+0xb7/0xc0 [ 22.088203] __kmalloc_cache_noprof+0x189/0x420 [ 22.088901] kasan_atomics+0x95/0x310 [ 22.089860] kunit_try_run_case+0x1a5/0x480 [ 22.090342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.090882] kthread+0x337/0x6f0 [ 22.091287] ret_from_fork+0x116/0x1d0 [ 22.091664] ret_from_fork_asm+0x1a/0x30 [ 22.092049] [ 22.092294] The buggy address belongs to the object at ffff88810383ae00 [ 22.092294] which belongs to the cache kmalloc-64 of size 64 [ 22.093155] The buggy address is located 0 bytes to the right of [ 22.093155] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.094322] [ 22.094616] The buggy address belongs to the physical page: [ 22.095151] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.095955] flags: 0x200000000000000(node=0|zone=2) [ 22.096713] page_type: f5(slab) [ 22.097012] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.097574] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.098108] page dumped because: kasan: bad access detected [ 22.098509] [ 22.098660] Memory state around the buggy address: [ 22.100146] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.101386] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.102095] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.102667] ^ [ 22.103075] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.104090] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.104876] ================================================================== [ 21.966900] ================================================================== [ 21.967688] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 21.968781] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 21.969531] [ 21.969790] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.970152] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.970339] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.970410] Call Trace: [ 21.970462] <TASK> [ 21.970514] dump_stack_lvl+0x73/0xb0 [ 21.970599] print_report+0xd1/0x650 [ 21.970673] ? __virt_addr_valid+0x1db/0x2d0 [ 21.970749] ? kasan_atomics_helper+0x4b54/0x5450 [ 21.970912] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.971041] ? kasan_atomics_helper+0x4b54/0x5450 [ 21.971174] kasan_report+0x141/0x180 [ 21.971492] ? kasan_atomics_helper+0x4b54/0x5450 [ 21.971547] __asan_report_load4_noabort+0x18/0x20 [ 21.971589] kasan_atomics_helper+0x4b54/0x5450 [ 21.971623] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 21.971659] ? kasan_save_alloc_info+0x3b/0x50 [ 21.971702] kasan_atomics+0x1dc/0x310 [ 21.971736] ? __pfx_kasan_atomics+0x10/0x10 [ 21.971773] ? __pfx_read_tsc+0x10/0x10 [ 21.971804] ? ktime_get_ts64+0x86/0x230 [ 21.971865] kunit_try_run_case+0x1a5/0x480 [ 21.971906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.971940] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.971969] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.972008] ? __kthread_parkme+0x82/0x180 [ 21.972039] ? preempt_count_sub+0x50/0x80 [ 21.972074] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.972111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.972145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.972180] kthread+0x337/0x6f0 [ 21.972210] ? trace_preempt_on+0x20/0xc0 [ 21.972304] ? __pfx_kthread+0x10/0x10 [ 21.972383] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.972470] ? calculate_sigpending+0x7b/0xa0 [ 21.972543] ? __pfx_kthread+0x10/0x10 [ 21.972579] ret_from_fork+0x116/0x1d0 [ 21.972608] ? __pfx_kthread+0x10/0x10 [ 21.972641] ret_from_fork_asm+0x1a/0x30 [ 21.972689] </TASK> [ 21.972704] [ 21.991734] Allocated by task 292: [ 21.992547] kasan_save_stack+0x45/0x70 [ 21.992873] kasan_save_track+0x18/0x40 [ 21.993159] kasan_save_alloc_info+0x3b/0x50 [ 21.994009] __kasan_kmalloc+0xb7/0xc0 [ 21.994404] __kmalloc_cache_noprof+0x189/0x420 [ 21.995245] kasan_atomics+0x95/0x310 [ 21.995662] kunit_try_run_case+0x1a5/0x480 [ 21.996040] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.996814] kthread+0x337/0x6f0 [ 21.997809] ret_from_fork+0x116/0x1d0 [ 21.998306] ret_from_fork_asm+0x1a/0x30 [ 21.998639] [ 21.998855] The buggy address belongs to the object at ffff88810383ae00 [ 21.998855] which belongs to the cache kmalloc-64 of size 64 [ 21.999962] The buggy address is located 0 bytes to the right of [ 21.999962] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.001586] [ 22.001820] The buggy address belongs to the physical page: [ 22.002283] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.003134] flags: 0x200000000000000(node=0|zone=2) [ 22.003900] page_type: f5(slab) [ 22.004264] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.005167] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.005614] page dumped because: kasan: bad access detected [ 22.006594] [ 22.006845] Memory state around the buggy address: [ 22.007628] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.008449] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.008868] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.010721] ^ [ 22.011019] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.012769] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.013627] ================================================================== [ 22.918223] ================================================================== [ 22.918793] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 22.920003] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.920597] [ 22.920866] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.920995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.921034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.921097] Call Trace: [ 22.921149] <TASK> [ 22.921198] dump_stack_lvl+0x73/0xb0 [ 22.921325] print_report+0xd1/0x650 [ 22.921405] ? __virt_addr_valid+0x1db/0x2d0 [ 22.921480] ? kasan_atomics_helper+0x4a36/0x5450 [ 22.921555] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.921629] ? kasan_atomics_helper+0x4a36/0x5450 [ 22.921703] kasan_report+0x141/0x180 [ 22.921778] ? kasan_atomics_helper+0x4a36/0x5450 [ 22.921881] __asan_report_load4_noabort+0x18/0x20 [ 22.921971] kasan_atomics_helper+0x4a36/0x5450 [ 22.922049] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.922125] ? kasan_save_alloc_info+0x3b/0x50 [ 22.922256] kasan_atomics+0x1dc/0x310 [ 22.922338] ? __pfx_kasan_atomics+0x10/0x10 [ 22.922416] ? __pfx_read_tsc+0x10/0x10 [ 22.922454] ? ktime_get_ts64+0x86/0x230 [ 22.922492] kunit_try_run_case+0x1a5/0x480 [ 22.922530] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.922565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.922595] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.922633] ? __kthread_parkme+0x82/0x180 [ 22.922662] ? preempt_count_sub+0x50/0x80 [ 22.922698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.922733] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.922767] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.922802] kthread+0x337/0x6f0 [ 22.922853] ? trace_preempt_on+0x20/0xc0 [ 22.922898] ? __pfx_kthread+0x10/0x10 [ 22.922929] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.922964] ? calculate_sigpending+0x7b/0xa0 [ 22.923000] ? __pfx_kthread+0x10/0x10 [ 22.923030] ret_from_fork+0x116/0x1d0 [ 22.923057] ? __pfx_kthread+0x10/0x10 [ 22.923087] ret_from_fork_asm+0x1a/0x30 [ 22.923128] </TASK> [ 22.923143] [ 22.935928] Allocated by task 292: [ 22.936330] kasan_save_stack+0x45/0x70 [ 22.936727] kasan_save_track+0x18/0x40 [ 22.937150] kasan_save_alloc_info+0x3b/0x50 [ 22.937608] __kasan_kmalloc+0xb7/0xc0 [ 22.937974] __kmalloc_cache_noprof+0x189/0x420 [ 22.938429] kasan_atomics+0x95/0x310 [ 22.938804] kunit_try_run_case+0x1a5/0x480 [ 22.939137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.939649] kthread+0x337/0x6f0 [ 22.940041] ret_from_fork+0x116/0x1d0 [ 22.940449] ret_from_fork_asm+0x1a/0x30 [ 22.940856] [ 22.941070] The buggy address belongs to the object at ffff88810383ae00 [ 22.941070] which belongs to the cache kmalloc-64 of size 64 [ 22.941859] The buggy address is located 0 bytes to the right of [ 22.941859] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.942593] [ 22.942762] The buggy address belongs to the physical page: [ 22.943326] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.944062] flags: 0x200000000000000(node=0|zone=2) [ 22.944526] page_type: f5(slab) [ 22.944894] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.945567] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.946111] page dumped because: kasan: bad access detected [ 22.946499] [ 22.946658] Memory state around the buggy address: [ 22.947059] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.947678] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.948282] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.951092] ^ [ 22.952610] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.953163] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.954168] ================================================================== [ 23.897703] ================================================================== [ 23.898151] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 23.899701] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.900805] [ 23.901079] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.901339] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.901384] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.901448] Call Trace: [ 23.901498] <TASK> [ 23.901549] dump_stack_lvl+0x73/0xb0 [ 23.901601] print_report+0xd1/0x650 [ 23.901639] ? __virt_addr_valid+0x1db/0x2d0 [ 23.901674] ? kasan_atomics_helper+0x1c18/0x5450 [ 23.901705] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.901737] ? kasan_atomics_helper+0x1c18/0x5450 [ 23.901768] kasan_report+0x141/0x180 [ 23.901801] ? kasan_atomics_helper+0x1c18/0x5450 [ 23.901864] kasan_check_range+0x10c/0x1c0 [ 23.901904] __kasan_check_write+0x18/0x20 [ 23.901934] kasan_atomics_helper+0x1c18/0x5450 [ 23.901968] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.902000] ? kasan_save_alloc_info+0x3b/0x50 [ 23.902041] kasan_atomics+0x1dc/0x310 [ 23.902074] ? __pfx_kasan_atomics+0x10/0x10 [ 23.902109] ? __pfx_read_tsc+0x10/0x10 [ 23.902140] ? ktime_get_ts64+0x86/0x230 [ 23.902174] kunit_try_run_case+0x1a5/0x480 [ 23.902223] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.902283] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.902317] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.902356] ? __kthread_parkme+0x82/0x180 [ 23.902384] ? preempt_count_sub+0x50/0x80 [ 23.902419] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.902454] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.902487] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.902522] kthread+0x337/0x6f0 [ 23.902550] ? trace_preempt_on+0x20/0xc0 [ 23.902586] ? __pfx_kthread+0x10/0x10 [ 23.902616] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.902651] ? calculate_sigpending+0x7b/0xa0 [ 23.902688] ? __pfx_kthread+0x10/0x10 [ 23.902724] ret_from_fork+0x116/0x1d0 [ 23.902752] ? __pfx_kthread+0x10/0x10 [ 23.902784] ret_from_fork_asm+0x1a/0x30 [ 23.902825] </TASK> [ 23.902868] [ 23.919400] Allocated by task 292: [ 23.919774] kasan_save_stack+0x45/0x70 [ 23.920264] kasan_save_track+0x18/0x40 [ 23.920698] kasan_save_alloc_info+0x3b/0x50 [ 23.921177] __kasan_kmalloc+0xb7/0xc0 [ 23.921629] __kmalloc_cache_noprof+0x189/0x420 [ 23.922125] kasan_atomics+0x95/0x310 [ 23.922571] kunit_try_run_case+0x1a5/0x480 [ 23.923003] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.923565] kthread+0x337/0x6f0 [ 23.923952] ret_from_fork+0x116/0x1d0 [ 23.924435] ret_from_fork_asm+0x1a/0x30 [ 23.924877] [ 23.925081] The buggy address belongs to the object at ffff88810383ae00 [ 23.925081] which belongs to the cache kmalloc-64 of size 64 [ 23.926041] The buggy address is located 0 bytes to the right of [ 23.926041] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.927059] [ 23.927376] The buggy address belongs to the physical page: [ 23.927913] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.928598] flags: 0x200000000000000(node=0|zone=2) [ 23.929082] page_type: f5(slab) [ 23.929520] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.930055] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.930867] page dumped because: kasan: bad access detected [ 23.931412] [ 23.931614] Memory state around the buggy address: [ 23.932026] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.932699] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.933445] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.933982] ^ [ 23.934538] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.935180] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.935865] ================================================================== [ 22.199119] ================================================================== [ 22.199602] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 22.200920] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.201630] [ 22.202042] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.202200] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.202242] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.202306] Call Trace: [ 22.202357] <TASK> [ 22.202407] dump_stack_lvl+0x73/0xb0 [ 22.202488] print_report+0xd1/0x650 [ 22.202563] ? __virt_addr_valid+0x1db/0x2d0 [ 22.202640] ? kasan_atomics_helper+0x697/0x5450 [ 22.202719] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.202796] ? kasan_atomics_helper+0x697/0x5450 [ 22.202912] kasan_report+0x141/0x180 [ 22.203021] ? kasan_atomics_helper+0x697/0x5450 [ 22.203082] kasan_check_range+0x10c/0x1c0 [ 22.203123] __kasan_check_write+0x18/0x20 [ 22.203153] kasan_atomics_helper+0x697/0x5450 [ 22.203199] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.203276] ? kasan_save_alloc_info+0x3b/0x50 [ 22.203376] kasan_atomics+0x1dc/0x310 [ 22.203466] ? __pfx_kasan_atomics+0x10/0x10 [ 22.203562] ? __pfx_read_tsc+0x10/0x10 [ 22.203598] ? ktime_get_ts64+0x86/0x230 [ 22.203638] kunit_try_run_case+0x1a5/0x480 [ 22.203674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.203709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.203740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.203780] ? __kthread_parkme+0x82/0x180 [ 22.203809] ? preempt_count_sub+0x50/0x80 [ 22.203870] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.203913] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.203950] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.203984] kthread+0x337/0x6f0 [ 22.204014] ? trace_preempt_on+0x20/0xc0 [ 22.204050] ? __pfx_kthread+0x10/0x10 [ 22.204082] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.204117] ? calculate_sigpending+0x7b/0xa0 [ 22.204154] ? __pfx_kthread+0x10/0x10 [ 22.204186] ret_from_fork+0x116/0x1d0 [ 22.204218] ? __pfx_kthread+0x10/0x10 [ 22.204291] ret_from_fork_asm+0x1a/0x30 [ 22.204369] </TASK> [ 22.204387] [ 22.224376] Allocated by task 292: [ 22.224800] kasan_save_stack+0x45/0x70 [ 22.225176] kasan_save_track+0x18/0x40 [ 22.225689] kasan_save_alloc_info+0x3b/0x50 [ 22.226686] __kasan_kmalloc+0xb7/0xc0 [ 22.227110] __kmalloc_cache_noprof+0x189/0x420 [ 22.227709] kasan_atomics+0x95/0x310 [ 22.228211] kunit_try_run_case+0x1a5/0x480 [ 22.228856] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.229661] kthread+0x337/0x6f0 [ 22.230044] ret_from_fork+0x116/0x1d0 [ 22.230367] ret_from_fork_asm+0x1a/0x30 [ 22.230736] [ 22.231458] The buggy address belongs to the object at ffff88810383ae00 [ 22.231458] which belongs to the cache kmalloc-64 of size 64 [ 22.233743] The buggy address is located 0 bytes to the right of [ 22.233743] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.234542] [ 22.234706] The buggy address belongs to the physical page: [ 22.235143] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.235704] flags: 0x200000000000000(node=0|zone=2) [ 22.236821] page_type: f5(slab) [ 22.237656] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.238394] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.238958] page dumped because: kasan: bad access detected [ 22.239432] [ 22.239700] Memory state around the buggy address: [ 22.240427] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.241209] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.241917] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.242560] ^ [ 22.243253] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.244548] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.245461] ================================================================== [ 23.736048] ================================================================== [ 23.736700] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 23.737288] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.737898] [ 23.738172] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.738373] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.738420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.738482] Call Trace: [ 23.738529] <TASK> [ 23.738576] dump_stack_lvl+0x73/0xb0 [ 23.738657] print_report+0xd1/0x650 [ 23.738733] ? __virt_addr_valid+0x1db/0x2d0 [ 23.738867] ? kasan_atomics_helper+0x194a/0x5450 [ 23.738947] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.739026] ? kasan_atomics_helper+0x194a/0x5450 [ 23.739102] kasan_report+0x141/0x180 [ 23.739253] ? kasan_atomics_helper+0x194a/0x5450 [ 23.739345] kasan_check_range+0x10c/0x1c0 [ 23.739410] __kasan_check_write+0x18/0x20 [ 23.739478] kasan_atomics_helper+0x194a/0x5450 [ 23.739608] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.739691] ? kasan_save_alloc_info+0x3b/0x50 [ 23.739785] kasan_atomics+0x1dc/0x310 [ 23.739884] ? __pfx_kasan_atomics+0x10/0x10 [ 23.739967] ? __pfx_read_tsc+0x10/0x10 [ 23.740039] ? ktime_get_ts64+0x86/0x230 [ 23.740120] kunit_try_run_case+0x1a5/0x480 [ 23.740203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.740348] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.740424] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.740506] ? __kthread_parkme+0x82/0x180 [ 23.740577] ? preempt_count_sub+0x50/0x80 [ 23.740656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.740731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.740809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.740908] kthread+0x337/0x6f0 [ 23.740976] ? trace_preempt_on+0x20/0xc0 [ 23.741023] ? __pfx_kthread+0x10/0x10 [ 23.741057] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.741094] ? calculate_sigpending+0x7b/0xa0 [ 23.741131] ? __pfx_kthread+0x10/0x10 [ 23.741162] ret_from_fork+0x116/0x1d0 [ 23.741188] ? __pfx_kthread+0x10/0x10 [ 23.741245] ret_from_fork_asm+0x1a/0x30 [ 23.741303] </TASK> [ 23.741321] [ 23.757510] Allocated by task 292: [ 23.757869] kasan_save_stack+0x45/0x70 [ 23.758335] kasan_save_track+0x18/0x40 [ 23.758724] kasan_save_alloc_info+0x3b/0x50 [ 23.759151] __kasan_kmalloc+0xb7/0xc0 [ 23.759590] __kmalloc_cache_noprof+0x189/0x420 [ 23.760053] kasan_atomics+0x95/0x310 [ 23.760504] kunit_try_run_case+0x1a5/0x480 [ 23.760966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.761408] kthread+0x337/0x6f0 [ 23.761754] ret_from_fork+0x116/0x1d0 [ 23.762161] ret_from_fork_asm+0x1a/0x30 [ 23.762652] [ 23.762820] The buggy address belongs to the object at ffff88810383ae00 [ 23.762820] which belongs to the cache kmalloc-64 of size 64 [ 23.763800] The buggy address is located 0 bytes to the right of [ 23.763800] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.764786] [ 23.765017] The buggy address belongs to the physical page: [ 23.765550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.766167] flags: 0x200000000000000(node=0|zone=2) [ 23.766688] page_type: f5(slab) [ 23.767045] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.767733] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.768412] page dumped because: kasan: bad access detected [ 23.768876] [ 23.769068] Memory state around the buggy address: [ 23.769434] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.769931] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.770645] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.771303] ^ [ 23.771732] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.772397] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.772808] ================================================================== [ 24.182928] ================================================================== [ 24.183527] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 24.184116] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.184655] [ 24.184878] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.185007] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.185048] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.185112] Call Trace: [ 24.185159] <TASK> [ 24.185205] dump_stack_lvl+0x73/0xb0 [ 24.185332] print_report+0xd1/0x650 [ 24.185408] ? __virt_addr_valid+0x1db/0x2d0 [ 24.185478] ? kasan_atomics_helper+0x4f71/0x5450 [ 24.185553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.185628] ? kasan_atomics_helper+0x4f71/0x5450 [ 24.185710] kasan_report+0x141/0x180 [ 24.185788] ? kasan_atomics_helper+0x4f71/0x5450 [ 24.185894] __asan_report_load8_noabort+0x18/0x20 [ 24.185980] kasan_atomics_helper+0x4f71/0x5450 [ 24.186058] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.186133] ? kasan_save_alloc_info+0x3b/0x50 [ 24.186268] kasan_atomics+0x1dc/0x310 [ 24.186354] ? __pfx_kasan_atomics+0x10/0x10 [ 24.186435] ? __pfx_read_tsc+0x10/0x10 [ 24.186507] ? ktime_get_ts64+0x86/0x230 [ 24.186588] kunit_try_run_case+0x1a5/0x480 [ 24.186671] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.186745] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.186816] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.187008] ? __kthread_parkme+0x82/0x180 [ 24.187089] ? preempt_count_sub+0x50/0x80 [ 24.187173] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.187330] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.187415] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.187495] kthread+0x337/0x6f0 [ 24.187570] ? trace_preempt_on+0x20/0xc0 [ 24.187649] ? __pfx_kthread+0x10/0x10 [ 24.187718] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.187794] ? calculate_sigpending+0x7b/0xa0 [ 24.187894] ? __pfx_kthread+0x10/0x10 [ 24.187970] ret_from_fork+0x116/0x1d0 [ 24.188032] ? __pfx_kthread+0x10/0x10 [ 24.188104] ret_from_fork_asm+0x1a/0x30 [ 24.188197] </TASK> [ 24.188281] [ 24.202082] Allocated by task 292: [ 24.202543] kasan_save_stack+0x45/0x70 [ 24.203007] kasan_save_track+0x18/0x40 [ 24.203402] kasan_save_alloc_info+0x3b/0x50 [ 24.203893] __kasan_kmalloc+0xb7/0xc0 [ 24.204345] __kmalloc_cache_noprof+0x189/0x420 [ 24.204815] kasan_atomics+0x95/0x310 [ 24.205292] kunit_try_run_case+0x1a5/0x480 [ 24.205721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.206347] kthread+0x337/0x6f0 [ 24.206721] ret_from_fork+0x116/0x1d0 [ 24.207144] ret_from_fork_asm+0x1a/0x30 [ 24.207606] [ 24.207809] The buggy address belongs to the object at ffff88810383ae00 [ 24.207809] which belongs to the cache kmalloc-64 of size 64 [ 24.208916] The buggy address is located 0 bytes to the right of [ 24.208916] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.209880] [ 24.210103] The buggy address belongs to the physical page: [ 24.210656] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.211387] flags: 0x200000000000000(node=0|zone=2) [ 24.211794] page_type: f5(slab) [ 24.212196] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.212902] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.213539] page dumped because: kasan: bad access detected [ 24.213902] [ 24.214062] Memory state around the buggy address: [ 24.214507] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.215141] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.215892] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.216533] ^ [ 24.217016] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.217511] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.218132] ================================================================== [ 24.462753] ================================================================== [ 24.463756] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 24.465487] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.467114] [ 24.467382] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.467512] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.467563] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.467628] Call Trace: [ 24.467683] <TASK> [ 24.467732] dump_stack_lvl+0x73/0xb0 [ 24.467820] print_report+0xd1/0x650 [ 24.467924] ? __virt_addr_valid+0x1db/0x2d0 [ 24.468006] ? kasan_atomics_helper+0x224c/0x5450 [ 24.468079] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.468157] ? kasan_atomics_helper+0x224c/0x5450 [ 24.468234] kasan_report+0x141/0x180 [ 24.468314] ? kasan_atomics_helper+0x224c/0x5450 [ 24.468402] kasan_check_range+0x10c/0x1c0 [ 24.468485] __kasan_check_write+0x18/0x20 [ 24.468553] kasan_atomics_helper+0x224c/0x5450 [ 24.468629] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.468699] ? kasan_save_alloc_info+0x3b/0x50 [ 24.468787] kasan_atomics+0x1dc/0x310 [ 24.468917] ? __pfx_kasan_atomics+0x10/0x10 [ 24.468998] ? __pfx_read_tsc+0x10/0x10 [ 24.469070] ? ktime_get_ts64+0x86/0x230 [ 24.469150] kunit_try_run_case+0x1a5/0x480 [ 24.469203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469279] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.469315] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.469355] ? __kthread_parkme+0x82/0x180 [ 24.469387] ? preempt_count_sub+0x50/0x80 [ 24.469422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.469458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.469494] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.469528] kthread+0x337/0x6f0 [ 24.469558] ? trace_preempt_on+0x20/0xc0 [ 24.469593] ? __pfx_kthread+0x10/0x10 [ 24.469624] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.469661] ? calculate_sigpending+0x7b/0xa0 [ 24.469697] ? __pfx_kthread+0x10/0x10 [ 24.469729] ret_from_fork+0x116/0x1d0 [ 24.469756] ? __pfx_kthread+0x10/0x10 [ 24.469788] ret_from_fork_asm+0x1a/0x30 [ 24.469854] </TASK> [ 24.469875] [ 24.486727] Allocated by task 292: [ 24.487185] kasan_save_stack+0x45/0x70 [ 24.487593] kasan_save_track+0x18/0x40 [ 24.487934] kasan_save_alloc_info+0x3b/0x50 [ 24.488372] __kasan_kmalloc+0xb7/0xc0 [ 24.488751] __kmalloc_cache_noprof+0x189/0x420 [ 24.489159] kasan_atomics+0x95/0x310 [ 24.489512] kunit_try_run_case+0x1a5/0x480 [ 24.489989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.490610] kthread+0x337/0x6f0 [ 24.490891] ret_from_fork+0x116/0x1d0 [ 24.491174] ret_from_fork_asm+0x1a/0x30 [ 24.491553] [ 24.491760] The buggy address belongs to the object at ffff88810383ae00 [ 24.491760] which belongs to the cache kmalloc-64 of size 64 [ 24.492767] The buggy address is located 0 bytes to the right of [ 24.492767] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.493872] [ 24.494040] The buggy address belongs to the physical page: [ 24.494427] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.495010] flags: 0x200000000000000(node=0|zone=2) [ 24.495598] page_type: f5(slab) [ 24.495970] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.496651] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.497424] page dumped because: kasan: bad access detected [ 24.497937] [ 24.498261] Memory state around the buggy address: [ 24.498692] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.499402] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.499849] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.500621] ^ [ 24.501140] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.501793] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.502860] ================================================================== [ 21.788784] ================================================================== [ 21.789477] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 21.790750] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 21.791983] [ 21.792207] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.792336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.792372] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.792431] Call Trace: [ 21.792471] <TASK> [ 21.792516] dump_stack_lvl+0x73/0xb0 [ 21.792601] print_report+0xd1/0x650 [ 21.792677] ? __virt_addr_valid+0x1db/0x2d0 [ 21.792754] ? kasan_atomics_helper+0x4ba2/0x5450 [ 21.792826] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.792919] ? kasan_atomics_helper+0x4ba2/0x5450 [ 21.792976] kasan_report+0x141/0x180 [ 21.793013] ? kasan_atomics_helper+0x4ba2/0x5450 [ 21.793049] __asan_report_store4_noabort+0x1b/0x30 [ 21.793085] kasan_atomics_helper+0x4ba2/0x5450 [ 21.793115] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 21.793144] ? kasan_save_alloc_info+0x3b/0x50 [ 21.793183] kasan_atomics+0x1dc/0x310 [ 21.793223] ? __pfx_kasan_atomics+0x10/0x10 [ 21.793298] ? __pfx_read_tsc+0x10/0x10 [ 21.793358] ? ktime_get_ts64+0x86/0x230 [ 21.793397] kunit_try_run_case+0x1a5/0x480 [ 21.793433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.793465] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.793494] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.793531] ? __kthread_parkme+0x82/0x180 [ 21.793557] ? preempt_count_sub+0x50/0x80 [ 21.793589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.793622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.793654] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.793687] kthread+0x337/0x6f0 [ 21.793713] ? trace_preempt_on+0x20/0xc0 [ 21.793747] ? __pfx_kthread+0x10/0x10 [ 21.793775] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.793808] ? calculate_sigpending+0x7b/0xa0 [ 21.793867] ? __pfx_kthread+0x10/0x10 [ 21.793902] ret_from_fork+0x116/0x1d0 [ 21.793929] ? __pfx_kthread+0x10/0x10 [ 21.793957] ret_from_fork_asm+0x1a/0x30 [ 21.793997] </TASK> [ 21.794012] [ 21.808077] Allocated by task 292: [ 21.808668] kasan_save_stack+0x45/0x70 [ 21.808986] kasan_save_track+0x18/0x40 [ 21.809272] kasan_save_alloc_info+0x3b/0x50 [ 21.809579] __kasan_kmalloc+0xb7/0xc0 [ 21.809886] __kmalloc_cache_noprof+0x189/0x420 [ 21.810632] kasan_atomics+0x95/0x310 [ 21.811068] kunit_try_run_case+0x1a5/0x480 [ 21.811644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.812219] kthread+0x337/0x6f0 [ 21.814574] ret_from_fork+0x116/0x1d0 [ 21.814987] ret_from_fork_asm+0x1a/0x30 [ 21.815439] [ 21.815614] The buggy address belongs to the object at ffff88810383ae00 [ 21.815614] which belongs to the cache kmalloc-64 of size 64 [ 21.817354] The buggy address is located 0 bytes to the right of [ 21.817354] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 21.818967] [ 21.819597] The buggy address belongs to the physical page: [ 21.819936] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 21.821065] flags: 0x200000000000000(node=0|zone=2) [ 21.821569] page_type: f5(slab) [ 21.821918] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 21.822710] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.823361] page dumped because: kasan: bad access detected [ 21.823777] [ 21.824017] Memory state around the buggy address: [ 21.824780] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.825368] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.825998] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.826786] ^ [ 21.827209] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.827910] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.828331] ================================================================== [ 22.297818] ================================================================== [ 22.298362] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 22.298996] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.300345] [ 22.300970] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.301103] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.301147] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.301211] Call Trace: [ 22.301278] <TASK> [ 22.301326] dump_stack_lvl+0x73/0xb0 [ 22.301413] print_report+0xd1/0x650 [ 22.301496] ? __virt_addr_valid+0x1db/0x2d0 [ 22.301581] ? kasan_atomics_helper+0x7c7/0x5450 [ 22.301655] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.301731] ? kasan_atomics_helper+0x7c7/0x5450 [ 22.301807] kasan_report+0x141/0x180 [ 22.301911] ? kasan_atomics_helper+0x7c7/0x5450 [ 22.302002] kasan_check_range+0x10c/0x1c0 [ 22.302085] __kasan_check_write+0x18/0x20 [ 22.302156] kasan_atomics_helper+0x7c7/0x5450 [ 22.302234] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.302314] ? kasan_save_alloc_info+0x3b/0x50 [ 22.302372] kasan_atomics+0x1dc/0x310 [ 22.302410] ? __pfx_kasan_atomics+0x10/0x10 [ 22.302448] ? __pfx_read_tsc+0x10/0x10 [ 22.302483] ? ktime_get_ts64+0x86/0x230 [ 22.302521] kunit_try_run_case+0x1a5/0x480 [ 22.302559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.302593] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.302624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.302663] ? __kthread_parkme+0x82/0x180 [ 22.302694] ? preempt_count_sub+0x50/0x80 [ 22.302728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.302765] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.302801] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.302861] kthread+0x337/0x6f0 [ 22.302895] ? trace_preempt_on+0x20/0xc0 [ 22.302932] ? __pfx_kthread+0x10/0x10 [ 22.302962] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.302998] ? calculate_sigpending+0x7b/0xa0 [ 22.303035] ? __pfx_kthread+0x10/0x10 [ 22.303066] ret_from_fork+0x116/0x1d0 [ 22.303093] ? __pfx_kthread+0x10/0x10 [ 22.303123] ret_from_fork_asm+0x1a/0x30 [ 22.303168] </TASK> [ 22.303184] [ 22.320804] Allocated by task 292: [ 22.321153] kasan_save_stack+0x45/0x70 [ 22.321481] kasan_save_track+0x18/0x40 [ 22.322442] kasan_save_alloc_info+0x3b/0x50 [ 22.322943] __kasan_kmalloc+0xb7/0xc0 [ 22.323622] __kmalloc_cache_noprof+0x189/0x420 [ 22.324164] kasan_atomics+0x95/0x310 [ 22.324587] kunit_try_run_case+0x1a5/0x480 [ 22.324937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.325850] kthread+0x337/0x6f0 [ 22.326186] ret_from_fork+0x116/0x1d0 [ 22.326780] ret_from_fork_asm+0x1a/0x30 [ 22.327428] [ 22.327728] The buggy address belongs to the object at ffff88810383ae00 [ 22.327728] which belongs to the cache kmalloc-64 of size 64 [ 22.328757] The buggy address is located 0 bytes to the right of [ 22.328757] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.330286] [ 22.330505] The buggy address belongs to the physical page: [ 22.330993] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.331589] flags: 0x200000000000000(node=0|zone=2) [ 22.332017] page_type: f5(slab) [ 22.332361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.333184] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.333958] page dumped because: kasan: bad access detected [ 22.334699] [ 22.334920] Memory state around the buggy address: [ 22.335770] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.336534] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.337153] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.338164] ^ [ 22.338599] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.339635] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.340354] ================================================================== [ 22.478151] ================================================================== [ 22.478852] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 22.479668] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.480231] [ 22.480785] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.480924] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.480969] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.481027] Call Trace: [ 22.481119] <TASK> [ 22.481197] dump_stack_lvl+0x73/0xb0 [ 22.481284] print_report+0xd1/0x650 [ 22.481363] ? __virt_addr_valid+0x1db/0x2d0 [ 22.481439] ? kasan_atomics_helper+0xa2b/0x5450 [ 22.481508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.481583] ? kasan_atomics_helper+0xa2b/0x5450 [ 22.481656] kasan_report+0x141/0x180 [ 22.481729] ? kasan_atomics_helper+0xa2b/0x5450 [ 22.481815] kasan_check_range+0x10c/0x1c0 [ 22.482053] __kasan_check_write+0x18/0x20 [ 22.482126] kasan_atomics_helper+0xa2b/0x5450 [ 22.482240] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.482415] ? kasan_save_alloc_info+0x3b/0x50 [ 22.482508] kasan_atomics+0x1dc/0x310 [ 22.482558] ? __pfx_kasan_atomics+0x10/0x10 [ 22.482598] ? __pfx_read_tsc+0x10/0x10 [ 22.482630] ? ktime_get_ts64+0x86/0x230 [ 22.482669] kunit_try_run_case+0x1a5/0x480 [ 22.482704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.482737] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.482766] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.482804] ? __kthread_parkme+0x82/0x180 [ 22.482858] ? preempt_count_sub+0x50/0x80 [ 22.482898] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.482934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.482968] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.483003] kthread+0x337/0x6f0 [ 22.483031] ? trace_preempt_on+0x20/0xc0 [ 22.483067] ? __pfx_kthread+0x10/0x10 [ 22.483096] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.483131] ? calculate_sigpending+0x7b/0xa0 [ 22.483167] ? __pfx_kthread+0x10/0x10 [ 22.483197] ret_from_fork+0x116/0x1d0 [ 22.483239] ? __pfx_kthread+0x10/0x10 [ 22.483347] ret_from_fork_asm+0x1a/0x30 [ 22.483399] </TASK> [ 22.483418] [ 22.500818] Allocated by task 292: [ 22.501145] kasan_save_stack+0x45/0x70 [ 22.501935] kasan_save_track+0x18/0x40 [ 22.502236] kasan_save_alloc_info+0x3b/0x50 [ 22.502556] __kasan_kmalloc+0xb7/0xc0 [ 22.502902] __kmalloc_cache_noprof+0x189/0x420 [ 22.503616] kasan_atomics+0x95/0x310 [ 22.504048] kunit_try_run_case+0x1a5/0x480 [ 22.504630] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.505198] kthread+0x337/0x6f0 [ 22.505584] ret_from_fork+0x116/0x1d0 [ 22.506190] ret_from_fork_asm+0x1a/0x30 [ 22.506773] [ 22.507005] The buggy address belongs to the object at ffff88810383ae00 [ 22.507005] which belongs to the cache kmalloc-64 of size 64 [ 22.508018] The buggy address is located 0 bytes to the right of [ 22.508018] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.509294] [ 22.509461] The buggy address belongs to the physical page: [ 22.509793] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.510357] flags: 0x200000000000000(node=0|zone=2) [ 22.511383] page_type: f5(slab) [ 22.511788] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.512610] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.513268] page dumped because: kasan: bad access detected [ 22.513781] [ 22.514256] Memory state around the buggy address: [ 22.514739] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.516075] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.516751] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.517531] ^ [ 22.517969] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.518670] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.519162] ================================================================== [ 22.571824] ================================================================== [ 22.572948] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 22.573825] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.574584] [ 22.575330] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.575469] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.575512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.575586] Call Trace: [ 22.575662] <TASK> [ 22.575739] dump_stack_lvl+0x73/0xb0 [ 22.575846] print_report+0xd1/0x650 [ 22.575903] ? __virt_addr_valid+0x1db/0x2d0 [ 22.575939] ? kasan_atomics_helper+0xb6a/0x5450 [ 22.575969] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.576001] ? kasan_atomics_helper+0xb6a/0x5450 [ 22.576030] kasan_report+0x141/0x180 [ 22.576064] ? kasan_atomics_helper+0xb6a/0x5450 [ 22.576101] kasan_check_range+0x10c/0x1c0 [ 22.576135] __kasan_check_write+0x18/0x20 [ 22.576162] kasan_atomics_helper+0xb6a/0x5450 [ 22.576193] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.576282] ? kasan_save_alloc_info+0x3b/0x50 [ 22.576385] kasan_atomics+0x1dc/0x310 [ 22.576427] ? __pfx_kasan_atomics+0x10/0x10 [ 22.576465] ? __pfx_read_tsc+0x10/0x10 [ 22.576496] ? ktime_get_ts64+0x86/0x230 [ 22.576533] kunit_try_run_case+0x1a5/0x480 [ 22.576570] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.576604] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.576632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.576670] ? __kthread_parkme+0x82/0x180 [ 22.576697] ? preempt_count_sub+0x50/0x80 [ 22.576731] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.576766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.576800] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.576859] kthread+0x337/0x6f0 [ 22.576892] ? trace_preempt_on+0x20/0xc0 [ 22.576928] ? __pfx_kthread+0x10/0x10 [ 22.576957] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.576992] ? calculate_sigpending+0x7b/0xa0 [ 22.577028] ? __pfx_kthread+0x10/0x10 [ 22.577058] ret_from_fork+0x116/0x1d0 [ 22.577084] ? __pfx_kthread+0x10/0x10 [ 22.577112] ret_from_fork_asm+0x1a/0x30 [ 22.577154] </TASK> [ 22.577169] [ 22.596953] Allocated by task 292: [ 22.597533] kasan_save_stack+0x45/0x70 [ 22.598010] kasan_save_track+0x18/0x40 [ 22.598470] kasan_save_alloc_info+0x3b/0x50 [ 22.598914] __kasan_kmalloc+0xb7/0xc0 [ 22.599388] __kmalloc_cache_noprof+0x189/0x420 [ 22.599741] kasan_atomics+0x95/0x310 [ 22.600045] kunit_try_run_case+0x1a5/0x480 [ 22.600525] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.601185] kthread+0x337/0x6f0 [ 22.601605] ret_from_fork+0x116/0x1d0 [ 22.602605] ret_from_fork_asm+0x1a/0x30 [ 22.603016] [ 22.603195] The buggy address belongs to the object at ffff88810383ae00 [ 22.603195] which belongs to the cache kmalloc-64 of size 64 [ 22.605683] The buggy address is located 0 bytes to the right of [ 22.605683] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.607299] [ 22.607690] The buggy address belongs to the physical page: [ 22.608204] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.608816] flags: 0x200000000000000(node=0|zone=2) [ 22.609405] page_type: f5(slab) [ 22.610185] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.610924] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.611940] page dumped because: kasan: bad access detected [ 22.612136] [ 22.612238] Memory state around the buggy address: [ 22.612622] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.613410] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.614874] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.615574] ^ [ 22.616051] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.616700] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.617265] ================================================================== [ 23.416656] ================================================================== [ 23.417160] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 23.417628] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.418356] [ 23.418619] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.418752] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.418794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.418876] Call Trace: [ 23.418930] <TASK> [ 23.418985] dump_stack_lvl+0x73/0xb0 [ 23.419068] print_report+0xd1/0x650 [ 23.419152] ? __virt_addr_valid+0x1db/0x2d0 [ 23.419233] ? kasan_atomics_helper+0x50d4/0x5450 [ 23.419308] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.419386] ? kasan_atomics_helper+0x50d4/0x5450 [ 23.419460] kasan_report+0x141/0x180 [ 23.419532] ? kasan_atomics_helper+0x50d4/0x5450 [ 23.419623] __asan_report_store8_noabort+0x1b/0x30 [ 23.419706] kasan_atomics_helper+0x50d4/0x5450 [ 23.419785] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.419883] ? kasan_save_alloc_info+0x3b/0x50 [ 23.419978] kasan_atomics+0x1dc/0x310 [ 23.420061] ? __pfx_kasan_atomics+0x10/0x10 [ 23.420144] ? __pfx_read_tsc+0x10/0x10 [ 23.420214] ? ktime_get_ts64+0x86/0x230 [ 23.420300] kunit_try_run_case+0x1a5/0x480 [ 23.420381] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.420456] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.420529] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.420618] ? __kthread_parkme+0x82/0x180 [ 23.420685] ? preempt_count_sub+0x50/0x80 [ 23.420765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.420861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.420939] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.421004] kthread+0x337/0x6f0 [ 23.421037] ? trace_preempt_on+0x20/0xc0 [ 23.421076] ? __pfx_kthread+0x10/0x10 [ 23.421107] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.421142] ? calculate_sigpending+0x7b/0xa0 [ 23.421179] ? __pfx_kthread+0x10/0x10 [ 23.421211] ret_from_fork+0x116/0x1d0 [ 23.421269] ? __pfx_kthread+0x10/0x10 [ 23.421306] ret_from_fork_asm+0x1a/0x30 [ 23.421352] </TASK> [ 23.421369] [ 23.435733] Allocated by task 292: [ 23.436071] kasan_save_stack+0x45/0x70 [ 23.436576] kasan_save_track+0x18/0x40 [ 23.437133] kasan_save_alloc_info+0x3b/0x50 [ 23.437473] __kasan_kmalloc+0xb7/0xc0 [ 23.438303] __kmalloc_cache_noprof+0x189/0x420 [ 23.438765] kasan_atomics+0x95/0x310 [ 23.439190] kunit_try_run_case+0x1a5/0x480 [ 23.439645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.441073] kthread+0x337/0x6f0 [ 23.441895] ret_from_fork+0x116/0x1d0 [ 23.442291] ret_from_fork_asm+0x1a/0x30 [ 23.442867] [ 23.443020] The buggy address belongs to the object at ffff88810383ae00 [ 23.443020] which belongs to the cache kmalloc-64 of size 64 [ 23.444516] The buggy address is located 0 bytes to the right of [ 23.444516] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.445669] [ 23.445878] The buggy address belongs to the physical page: [ 23.446553] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.447245] flags: 0x200000000000000(node=0|zone=2) [ 23.447703] page_type: f5(slab) [ 23.448107] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.448611] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.449445] page dumped because: kasan: bad access detected [ 23.449820] [ 23.450113] Memory state around the buggy address: [ 23.450567] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.451170] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.451846] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.452937] ^ [ 23.453330] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.453979] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.454661] ================================================================== [ 24.101822] ================================================================== [ 24.102440] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 24.103316] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.103757] [ 24.104032] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.104157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.104201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.104260] Call Trace: [ 24.104313] <TASK> [ 24.104360] dump_stack_lvl+0x73/0xb0 [ 24.104435] print_report+0xd1/0x650 [ 24.104494] ? __virt_addr_valid+0x1db/0x2d0 [ 24.104559] ? kasan_atomics_helper+0x1eaa/0x5450 [ 24.104624] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.104689] ? kasan_atomics_helper+0x1eaa/0x5450 [ 24.104755] kasan_report+0x141/0x180 [ 24.104815] ? kasan_atomics_helper+0x1eaa/0x5450 [ 24.104988] kasan_check_range+0x10c/0x1c0 [ 24.105072] __kasan_check_write+0x18/0x20 [ 24.105183] kasan_atomics_helper+0x1eaa/0x5450 [ 24.105299] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.105416] ? kasan_save_alloc_info+0x3b/0x50 [ 24.105539] kasan_atomics+0x1dc/0x310 [ 24.105621] ? __pfx_kasan_atomics+0x10/0x10 [ 24.105702] ? __pfx_read_tsc+0x10/0x10 [ 24.105772] ? ktime_get_ts64+0x86/0x230 [ 24.105869] kunit_try_run_case+0x1a5/0x480 [ 24.105951] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.106022] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.106095] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.106174] ? __kthread_parkme+0x82/0x180 [ 24.106293] ? preempt_count_sub+0x50/0x80 [ 24.106378] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.106504] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.106588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.106702] kthread+0x337/0x6f0 [ 24.106780] ? trace_preempt_on+0x20/0xc0 [ 24.106880] ? __pfx_kthread+0x10/0x10 [ 24.106952] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.107030] ? calculate_sigpending+0x7b/0xa0 [ 24.107109] ? __pfx_kthread+0x10/0x10 [ 24.107181] ret_from_fork+0x116/0x1d0 [ 24.107263] ? __pfx_kthread+0x10/0x10 [ 24.107300] ret_from_fork_asm+0x1a/0x30 [ 24.107345] </TASK> [ 24.107361] [ 24.123215] Allocated by task 292: [ 24.123583] kasan_save_stack+0x45/0x70 [ 24.125481] kasan_save_track+0x18/0x40 [ 24.125920] kasan_save_alloc_info+0x3b/0x50 [ 24.126606] __kasan_kmalloc+0xb7/0xc0 [ 24.127294] __kmalloc_cache_noprof+0x189/0x420 [ 24.127758] kasan_atomics+0x95/0x310 [ 24.128163] kunit_try_run_case+0x1a5/0x480 [ 24.128631] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.129188] kthread+0x337/0x6f0 [ 24.129574] ret_from_fork+0x116/0x1d0 [ 24.130000] ret_from_fork_asm+0x1a/0x30 [ 24.130460] [ 24.130692] The buggy address belongs to the object at ffff88810383ae00 [ 24.130692] which belongs to the cache kmalloc-64 of size 64 [ 24.131673] The buggy address is located 0 bytes to the right of [ 24.131673] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.134900] [ 24.135044] The buggy address belongs to the physical page: [ 24.135336] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.135730] flags: 0x200000000000000(node=0|zone=2) [ 24.136073] page_type: f5(slab) [ 24.136349] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.137001] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.137438] page dumped because: kasan: bad access detected [ 24.138915] [ 24.139747] Memory state around the buggy address: [ 24.141349] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.143003] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.143398] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.143752] ^ [ 24.144037] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.144388] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.144741] ================================================================== [ 23.245282] ================================================================== [ 23.247095] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 23.248774] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.249937] [ 23.250440] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.250597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.250640] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.250687] Call Trace: [ 23.250715] <TASK> [ 23.250742] dump_stack_lvl+0x73/0xb0 [ 23.250788] print_report+0xd1/0x650 [ 23.250824] ? __virt_addr_valid+0x1db/0x2d0 [ 23.250894] ? kasan_atomics_helper+0x49ce/0x5450 [ 23.250928] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.250961] ? kasan_atomics_helper+0x49ce/0x5450 [ 23.250992] kasan_report+0x141/0x180 [ 23.251025] ? kasan_atomics_helper+0x49ce/0x5450 [ 23.251061] __asan_report_load4_noabort+0x18/0x20 [ 23.251098] kasan_atomics_helper+0x49ce/0x5450 [ 23.251130] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.251162] ? kasan_save_alloc_info+0x3b/0x50 [ 23.251203] kasan_atomics+0x1dc/0x310 [ 23.251280] ? __pfx_kasan_atomics+0x10/0x10 [ 23.251321] ? __pfx_read_tsc+0x10/0x10 [ 23.251353] ? ktime_get_ts64+0x86/0x230 [ 23.251389] kunit_try_run_case+0x1a5/0x480 [ 23.251425] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.251458] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.251487] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.251525] ? __kthread_parkme+0x82/0x180 [ 23.251565] ? preempt_count_sub+0x50/0x80 [ 23.251600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.251635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.251668] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.251701] kthread+0x337/0x6f0 [ 23.251729] ? trace_preempt_on+0x20/0xc0 [ 23.251765] ? __pfx_kthread+0x10/0x10 [ 23.251795] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.251851] ? calculate_sigpending+0x7b/0xa0 [ 23.251896] ? __pfx_kthread+0x10/0x10 [ 23.251928] ret_from_fork+0x116/0x1d0 [ 23.251955] ? __pfx_kthread+0x10/0x10 [ 23.251985] ret_from_fork_asm+0x1a/0x30 [ 23.252027] </TASK> [ 23.252042] [ 23.269768] Allocated by task 292: [ 23.270543] kasan_save_stack+0x45/0x70 [ 23.271119] kasan_save_track+0x18/0x40 [ 23.271654] kasan_save_alloc_info+0x3b/0x50 [ 23.272133] __kasan_kmalloc+0xb7/0xc0 [ 23.272539] __kmalloc_cache_noprof+0x189/0x420 [ 23.273117] kasan_atomics+0x95/0x310 [ 23.273495] kunit_try_run_case+0x1a5/0x480 [ 23.274081] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.274710] kthread+0x337/0x6f0 [ 23.275100] ret_from_fork+0x116/0x1d0 [ 23.275590] ret_from_fork_asm+0x1a/0x30 [ 23.276060] [ 23.276366] The buggy address belongs to the object at ffff88810383ae00 [ 23.276366] which belongs to the cache kmalloc-64 of size 64 [ 23.277349] The buggy address is located 0 bytes to the right of [ 23.277349] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.278507] [ 23.278717] The buggy address belongs to the physical page: [ 23.279345] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.280077] flags: 0x200000000000000(node=0|zone=2) [ 23.280646] page_type: f5(slab) [ 23.281064] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.281868] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.282453] page dumped because: kasan: bad access detected [ 23.282954] [ 23.283138] Memory state around the buggy address: [ 23.283890] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.285477] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.286384] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.286640] ^ [ 23.286812] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.287277] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.288266] ================================================================== [ 22.697812] ================================================================== [ 22.699409] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 22.700103] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.701609] [ 22.701813] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.701961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.702001] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.702059] Call Trace: [ 22.702106] <TASK> [ 22.702152] dump_stack_lvl+0x73/0xb0 [ 22.702234] print_report+0xd1/0x650 [ 22.702314] ? __virt_addr_valid+0x1db/0x2d0 [ 22.702390] ? kasan_atomics_helper+0xd47/0x5450 [ 22.702457] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.702513] ? kasan_atomics_helper+0xd47/0x5450 [ 22.702580] kasan_report+0x141/0x180 [ 22.702656] ? kasan_atomics_helper+0xd47/0x5450 [ 22.702742] kasan_check_range+0x10c/0x1c0 [ 22.702844] __kasan_check_write+0x18/0x20 [ 22.702920] kasan_atomics_helper+0xd47/0x5450 [ 22.702996] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.703075] ? kasan_save_alloc_info+0x3b/0x50 [ 22.703170] kasan_atomics+0x1dc/0x310 [ 22.703550] ? __pfx_kasan_atomics+0x10/0x10 [ 22.703641] ? __pfx_read_tsc+0x10/0x10 [ 22.703716] ? ktime_get_ts64+0x86/0x230 [ 22.703803] kunit_try_run_case+0x1a5/0x480 [ 22.703903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.703980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.704055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.704138] ? __kthread_parkme+0x82/0x180 [ 22.704213] ? preempt_count_sub+0x50/0x80 [ 22.704399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.704484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.704565] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.704650] kthread+0x337/0x6f0 [ 22.704723] ? trace_preempt_on+0x20/0xc0 [ 22.704806] ? __pfx_kthread+0x10/0x10 [ 22.704902] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.704982] ? calculate_sigpending+0x7b/0xa0 [ 22.705059] ? __pfx_kthread+0x10/0x10 [ 22.705140] ret_from_fork+0x116/0x1d0 [ 22.705209] ? __pfx_kthread+0x10/0x10 [ 22.705382] ret_from_fork_asm+0x1a/0x30 [ 22.705477] </TASK> [ 22.705501] [ 22.719691] Allocated by task 292: [ 22.720060] kasan_save_stack+0x45/0x70 [ 22.720856] kasan_save_track+0x18/0x40 [ 22.721154] kasan_save_alloc_info+0x3b/0x50 [ 22.721471] __kasan_kmalloc+0xb7/0xc0 [ 22.721825] __kmalloc_cache_noprof+0x189/0x420 [ 22.722296] kasan_atomics+0x95/0x310 [ 22.722808] kunit_try_run_case+0x1a5/0x480 [ 22.723351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.723893] kthread+0x337/0x6f0 [ 22.724266] ret_from_fork+0x116/0x1d0 [ 22.724616] ret_from_fork_asm+0x1a/0x30 [ 22.724983] [ 22.725194] The buggy address belongs to the object at ffff88810383ae00 [ 22.725194] which belongs to the cache kmalloc-64 of size 64 [ 22.726213] The buggy address is located 0 bytes to the right of [ 22.726213] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.728367] [ 22.728583] The buggy address belongs to the physical page: [ 22.729878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.731193] flags: 0x200000000000000(node=0|zone=2) [ 22.731620] page_type: f5(slab) [ 22.731982] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.734169] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.734716] page dumped because: kasan: bad access detected [ 22.735364] [ 22.735581] Memory state around the buggy address: [ 22.735938] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.736961] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.737624] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.738391] ^ [ 22.738800] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.739511] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.740716] ================================================================== [ 23.289607] ================================================================== [ 23.290168] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 23.290820] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.291508] [ 23.291730] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.291871] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.291912] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.291967] Call Trace: [ 23.292016] <TASK> [ 23.292060] dump_stack_lvl+0x73/0xb0 [ 23.292144] print_report+0xd1/0x650 [ 23.292218] ? __virt_addr_valid+0x1db/0x2d0 [ 23.292289] ? kasan_atomics_helper+0x13b5/0x5450 [ 23.292361] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.292433] ? kasan_atomics_helper+0x13b5/0x5450 [ 23.292502] kasan_report+0x141/0x180 [ 23.292579] ? kasan_atomics_helper+0x13b5/0x5450 [ 23.292662] kasan_check_range+0x10c/0x1c0 [ 23.292739] __kasan_check_read+0x15/0x20 [ 23.292805] kasan_atomics_helper+0x13b5/0x5450 [ 23.292901] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.292971] ? kasan_save_alloc_info+0x3b/0x50 [ 23.293128] kasan_atomics+0x1dc/0x310 [ 23.293275] ? __pfx_kasan_atomics+0x10/0x10 [ 23.293366] ? __pfx_read_tsc+0x10/0x10 [ 23.293438] ? ktime_get_ts64+0x86/0x230 [ 23.293528] kunit_try_run_case+0x1a5/0x480 [ 23.293660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.293824] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.293922] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.294004] ? __kthread_parkme+0x82/0x180 [ 23.294074] ? preempt_count_sub+0x50/0x80 [ 23.294141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.294182] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.294231] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.294289] kthread+0x337/0x6f0 [ 23.294321] ? trace_preempt_on+0x20/0xc0 [ 23.294359] ? __pfx_kthread+0x10/0x10 [ 23.294391] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.294428] ? calculate_sigpending+0x7b/0xa0 [ 23.294464] ? __pfx_kthread+0x10/0x10 [ 23.294497] ret_from_fork+0x116/0x1d0 [ 23.294524] ? __pfx_kthread+0x10/0x10 [ 23.294555] ret_from_fork_asm+0x1a/0x30 [ 23.294598] </TASK> [ 23.294615] [ 23.310128] Allocated by task 292: [ 23.310436] kasan_save_stack+0x45/0x70 [ 23.310825] kasan_save_track+0x18/0x40 [ 23.311257] kasan_save_alloc_info+0x3b/0x50 [ 23.311699] __kasan_kmalloc+0xb7/0xc0 [ 23.312087] __kmalloc_cache_noprof+0x189/0x420 [ 23.312574] kasan_atomics+0x95/0x310 [ 23.312955] kunit_try_run_case+0x1a5/0x480 [ 23.313360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.313803] kthread+0x337/0x6f0 [ 23.314161] ret_from_fork+0x116/0x1d0 [ 23.314593] ret_from_fork_asm+0x1a/0x30 [ 23.314989] [ 23.315169] The buggy address belongs to the object at ffff88810383ae00 [ 23.315169] which belongs to the cache kmalloc-64 of size 64 [ 23.316039] The buggy address is located 0 bytes to the right of [ 23.316039] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.317018] [ 23.317268] The buggy address belongs to the physical page: [ 23.317660] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.318976] flags: 0x200000000000000(node=0|zone=2) [ 23.319668] page_type: f5(slab) [ 23.320059] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.320699] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.321407] page dumped because: kasan: bad access detected [ 23.321919] [ 23.322134] Memory state around the buggy address: [ 23.322617] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.323309] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.323931] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.324542] ^ [ 23.324880] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.325584] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.326303] ================================================================== [ 24.504097] ================================================================== [ 24.504767] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 24.505495] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.506093] [ 24.506443] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.506572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.506613] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.506661] Call Trace: [ 24.506701] <TASK> [ 24.506744] dump_stack_lvl+0x73/0xb0 [ 24.506825] print_report+0xd1/0x650 [ 24.507055] ? __virt_addr_valid+0x1db/0x2d0 [ 24.507169] ? kasan_atomics_helper+0x5115/0x5450 [ 24.507359] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.507437] ? kasan_atomics_helper+0x5115/0x5450 [ 24.507515] kasan_report+0x141/0x180 [ 24.507601] ? kasan_atomics_helper+0x5115/0x5450 [ 24.507653] __asan_report_load8_noabort+0x18/0x20 [ 24.507692] kasan_atomics_helper+0x5115/0x5450 [ 24.507728] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.507785] ? kasan_save_alloc_info+0x3b/0x50 [ 24.507872] kasan_atomics+0x1dc/0x310 [ 24.507913] ? __pfx_kasan_atomics+0x10/0x10 [ 24.507949] ? __pfx_read_tsc+0x10/0x10 [ 24.507980] ? ktime_get_ts64+0x86/0x230 [ 24.508016] kunit_try_run_case+0x1a5/0x480 [ 24.508050] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.508082] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.508112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.508149] ? __kthread_parkme+0x82/0x180 [ 24.508176] ? preempt_count_sub+0x50/0x80 [ 24.508229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.508291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.508329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.508362] kthread+0x337/0x6f0 [ 24.508390] ? trace_preempt_on+0x20/0xc0 [ 24.508425] ? __pfx_kthread+0x10/0x10 [ 24.508456] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.508491] ? calculate_sigpending+0x7b/0xa0 [ 24.508526] ? __pfx_kthread+0x10/0x10 [ 24.508557] ret_from_fork+0x116/0x1d0 [ 24.508583] ? __pfx_kthread+0x10/0x10 [ 24.508613] ret_from_fork_asm+0x1a/0x30 [ 24.508654] </TASK> [ 24.508669] [ 24.523813] Allocated by task 292: [ 24.524227] kasan_save_stack+0x45/0x70 [ 24.524657] kasan_save_track+0x18/0x40 [ 24.525081] kasan_save_alloc_info+0x3b/0x50 [ 24.525562] __kasan_kmalloc+0xb7/0xc0 [ 24.525978] __kmalloc_cache_noprof+0x189/0x420 [ 24.526486] kasan_atomics+0x95/0x310 [ 24.526900] kunit_try_run_case+0x1a5/0x480 [ 24.527258] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.527624] kthread+0x337/0x6f0 [ 24.527932] ret_from_fork+0x116/0x1d0 [ 24.528317] ret_from_fork_asm+0x1a/0x30 [ 24.528747] [ 24.529029] The buggy address belongs to the object at ffff88810383ae00 [ 24.529029] which belongs to the cache kmalloc-64 of size 64 [ 24.530131] The buggy address is located 0 bytes to the right of [ 24.530131] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.531017] [ 24.531180] The buggy address belongs to the physical page: [ 24.531757] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.532517] flags: 0x200000000000000(node=0|zone=2) [ 24.533041] page_type: f5(slab) [ 24.533478] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.534070] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.534713] page dumped because: kasan: bad access detected [ 24.535190] [ 24.535465] Memory state around the buggy address: [ 24.535891] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.536549] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.537092] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.537731] ^ [ 24.538126] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.538810] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.539982] ================================================================== [ 21.919040] ================================================================== [ 21.920751] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 21.921985] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 21.922845] [ 21.923073] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.923229] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.923266] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.923679] Call Trace: [ 21.923728] <TASK> [ 21.923904] dump_stack_lvl+0x73/0xb0 [ 21.923951] print_report+0xd1/0x650 [ 21.924015] ? __virt_addr_valid+0x1db/0x2d0 [ 21.924052] ? kasan_atomics_helper+0x3df/0x5450 [ 21.924083] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.924115] ? kasan_atomics_helper+0x3df/0x5450 [ 21.924148] kasan_report+0x141/0x180 [ 21.924181] ? kasan_atomics_helper+0x3df/0x5450 [ 21.924219] kasan_check_range+0x10c/0x1c0 [ 21.924301] __kasan_check_read+0x15/0x20 [ 21.924380] kasan_atomics_helper+0x3df/0x5450 [ 21.924423] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 21.924456] ? kasan_save_alloc_info+0x3b/0x50 [ 21.924500] kasan_atomics+0x1dc/0x310 [ 21.924533] ? __pfx_kasan_atomics+0x10/0x10 [ 21.924571] ? __pfx_read_tsc+0x10/0x10 [ 21.924600] ? ktime_get_ts64+0x86/0x230 [ 21.924636] kunit_try_run_case+0x1a5/0x480 [ 21.924670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.924703] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.924733] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.924771] ? __kthread_parkme+0x82/0x180 [ 21.924801] ? preempt_count_sub+0x50/0x80 [ 21.924858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.924900] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.924937] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.924972] kthread+0x337/0x6f0 [ 21.925001] ? trace_preempt_on+0x20/0xc0 [ 21.925038] ? __pfx_kthread+0x10/0x10 [ 21.925068] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.925104] ? calculate_sigpending+0x7b/0xa0 [ 21.925141] ? __pfx_kthread+0x10/0x10 [ 21.925172] ret_from_fork+0x116/0x1d0 [ 21.925200] ? __pfx_kthread+0x10/0x10 [ 21.925273] ret_from_fork_asm+0x1a/0x30 [ 21.925361] </TASK> [ 21.925380] [ 21.944822] Allocated by task 292: [ 21.945693] kasan_save_stack+0x45/0x70 [ 21.946014] kasan_save_track+0x18/0x40 [ 21.946637] kasan_save_alloc_info+0x3b/0x50 [ 21.947168] __kasan_kmalloc+0xb7/0xc0 [ 21.947787] __kmalloc_cache_noprof+0x189/0x420 [ 21.948609] kasan_atomics+0x95/0x310 [ 21.949340] kunit_try_run_case+0x1a5/0x480 [ 21.949968] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.950778] kthread+0x337/0x6f0 [ 21.951210] ret_from_fork+0x116/0x1d0 [ 21.951776] ret_from_fork_asm+0x1a/0x30 [ 21.952174] [ 21.952812] The buggy address belongs to the object at ffff88810383ae00 [ 21.952812] which belongs to the cache kmalloc-64 of size 64 [ 21.954024] The buggy address is located 0 bytes to the right of [ 21.954024] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 21.955194] [ 21.955564] The buggy address belongs to the physical page: [ 21.956149] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 21.957127] flags: 0x200000000000000(node=0|zone=2) [ 21.957816] page_type: f5(slab) [ 21.958355] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 21.959062] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.959860] page dumped because: kasan: bad access detected [ 21.960564] [ 21.960757] Memory state around the buggy address: [ 21.961273] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.962139] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.962927] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.963698] ^ [ 21.964162] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.965086] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.965861] ================================================================== [ 24.336670] ================================================================== [ 24.337351] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 24.338648] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.340137] [ 24.340380] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.340876] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.340899] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.340931] Call Trace: [ 24.340955] <TASK> [ 24.340979] dump_stack_lvl+0x73/0xb0 [ 24.341022] print_report+0xd1/0x650 [ 24.341058] ? __virt_addr_valid+0x1db/0x2d0 [ 24.341094] ? kasan_atomics_helper+0x4fb2/0x5450 [ 24.341125] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.341155] ? kasan_atomics_helper+0x4fb2/0x5450 [ 24.341186] kasan_report+0x141/0x180 [ 24.341243] ? kasan_atomics_helper+0x4fb2/0x5450 [ 24.341300] __asan_report_load8_noabort+0x18/0x20 [ 24.341339] kasan_atomics_helper+0x4fb2/0x5450 [ 24.341371] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.341402] ? kasan_save_alloc_info+0x3b/0x50 [ 24.341444] kasan_atomics+0x1dc/0x310 [ 24.341477] ? __pfx_kasan_atomics+0x10/0x10 [ 24.341511] ? __pfx_read_tsc+0x10/0x10 [ 24.341541] ? ktime_get_ts64+0x86/0x230 [ 24.341577] kunit_try_run_case+0x1a5/0x480 [ 24.341614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.341647] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.341677] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.341714] ? __kthread_parkme+0x82/0x180 [ 24.341743] ? preempt_count_sub+0x50/0x80 [ 24.341778] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.341813] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.341874] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.341912] kthread+0x337/0x6f0 [ 24.341941] ? trace_preempt_on+0x20/0xc0 [ 24.341975] ? __pfx_kthread+0x10/0x10 [ 24.342005] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.342038] ? calculate_sigpending+0x7b/0xa0 [ 24.342073] ? __pfx_kthread+0x10/0x10 [ 24.342103] ret_from_fork+0x116/0x1d0 [ 24.342129] ? __pfx_kthread+0x10/0x10 [ 24.342158] ret_from_fork_asm+0x1a/0x30 [ 24.342201] </TASK> [ 24.342225] [ 24.359027] Allocated by task 292: [ 24.359396] kasan_save_stack+0x45/0x70 [ 24.359704] kasan_save_track+0x18/0x40 [ 24.360116] kasan_save_alloc_info+0x3b/0x50 [ 24.360603] __kasan_kmalloc+0xb7/0xc0 [ 24.361058] __kmalloc_cache_noprof+0x189/0x420 [ 24.361589] kasan_atomics+0x95/0x310 [ 24.361992] kunit_try_run_case+0x1a5/0x480 [ 24.362494] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.362948] kthread+0x337/0x6f0 [ 24.363355] ret_from_fork+0x116/0x1d0 [ 24.363766] ret_from_fork_asm+0x1a/0x30 [ 24.364282] [ 24.364487] The buggy address belongs to the object at ffff88810383ae00 [ 24.364487] which belongs to the cache kmalloc-64 of size 64 [ 24.365450] The buggy address is located 0 bytes to the right of [ 24.365450] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.366424] [ 24.366652] The buggy address belongs to the physical page: [ 24.367073] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.367597] flags: 0x200000000000000(node=0|zone=2) [ 24.368059] page_type: f5(slab) [ 24.368482] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.369140] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.369856] page dumped because: kasan: bad access detected [ 24.370370] [ 24.370531] Memory state around the buggy address: [ 24.370859] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.371492] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.372120] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.372797] ^ [ 24.374044] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.374617] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.375599] ================================================================== [ 24.295023] ================================================================== [ 24.295977] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 24.296511] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.297030] [ 24.297391] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.297577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.297623] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.297718] Call Trace: [ 24.297794] <TASK> [ 24.297859] dump_stack_lvl+0x73/0xb0 [ 24.297946] print_report+0xd1/0x650 [ 24.298022] ? __virt_addr_valid+0x1db/0x2d0 [ 24.298094] ? kasan_atomics_helper+0x20c8/0x5450 [ 24.298166] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.298285] ? kasan_atomics_helper+0x20c8/0x5450 [ 24.298361] kasan_report+0x141/0x180 [ 24.298439] ? kasan_atomics_helper+0x20c8/0x5450 [ 24.298522] kasan_check_range+0x10c/0x1c0 [ 24.298599] __kasan_check_write+0x18/0x20 [ 24.298664] kasan_atomics_helper+0x20c8/0x5450 [ 24.298738] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.298811] ? kasan_save_alloc_info+0x3b/0x50 [ 24.298921] kasan_atomics+0x1dc/0x310 [ 24.299038] ? __pfx_kasan_atomics+0x10/0x10 [ 24.299152] ? __pfx_read_tsc+0x10/0x10 [ 24.299267] ? ktime_get_ts64+0x86/0x230 [ 24.299356] kunit_try_run_case+0x1a5/0x480 [ 24.299433] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.299506] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.299584] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.299665] ? __kthread_parkme+0x82/0x180 [ 24.299731] ? preempt_count_sub+0x50/0x80 [ 24.299809] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.299904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.299978] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.300054] kthread+0x337/0x6f0 [ 24.300125] ? trace_preempt_on+0x20/0xc0 [ 24.300201] ? __pfx_kthread+0x10/0x10 [ 24.300317] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.300397] ? calculate_sigpending+0x7b/0xa0 [ 24.300478] ? __pfx_kthread+0x10/0x10 [ 24.300549] ret_from_fork+0x116/0x1d0 [ 24.300613] ? __pfx_kthread+0x10/0x10 [ 24.300680] ret_from_fork_asm+0x1a/0x30 [ 24.300771] </TASK> [ 24.300811] [ 24.318710] Allocated by task 292: [ 24.319159] kasan_save_stack+0x45/0x70 [ 24.320061] kasan_save_track+0x18/0x40 [ 24.320736] kasan_save_alloc_info+0x3b/0x50 [ 24.321035] __kasan_kmalloc+0xb7/0xc0 [ 24.321510] __kmalloc_cache_noprof+0x189/0x420 [ 24.321981] kasan_atomics+0x95/0x310 [ 24.322368] kunit_try_run_case+0x1a5/0x480 [ 24.322731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.323315] kthread+0x337/0x6f0 [ 24.323690] ret_from_fork+0x116/0x1d0 [ 24.324108] ret_from_fork_asm+0x1a/0x30 [ 24.324605] [ 24.324846] The buggy address belongs to the object at ffff88810383ae00 [ 24.324846] which belongs to the cache kmalloc-64 of size 64 [ 24.325899] The buggy address is located 0 bytes to the right of [ 24.325899] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.326896] [ 24.327154] The buggy address belongs to the physical page: [ 24.327620] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.328251] flags: 0x200000000000000(node=0|zone=2) [ 24.328794] page_type: f5(slab) [ 24.329147] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.329878] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.330496] page dumped because: kasan: bad access detected [ 24.330960] [ 24.331121] Memory state around the buggy address: [ 24.331556] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.332255] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.332825] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.333486] ^ [ 24.333990] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.334617] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.335247] ================================================================== [ 22.956365] ================================================================== [ 22.956982] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 22.957743] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.958279] [ 22.958540] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.958671] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.958712] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.958771] Call Trace: [ 22.958822] <TASK> [ 22.958892] dump_stack_lvl+0x73/0xb0 [ 22.958979] print_report+0xd1/0x650 [ 22.959059] ? __virt_addr_valid+0x1db/0x2d0 [ 22.959136] ? kasan_atomics_helper+0x1079/0x5450 [ 22.959212] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.959288] ? kasan_atomics_helper+0x1079/0x5450 [ 22.959363] kasan_report+0x141/0x180 [ 22.959437] ? kasan_atomics_helper+0x1079/0x5450 [ 22.959513] kasan_check_range+0x10c/0x1c0 [ 22.959565] __kasan_check_write+0x18/0x20 [ 22.959596] kasan_atomics_helper+0x1079/0x5450 [ 22.959631] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.959667] ? kasan_save_alloc_info+0x3b/0x50 [ 22.959710] kasan_atomics+0x1dc/0x310 [ 22.959744] ? __pfx_kasan_atomics+0x10/0x10 [ 22.959779] ? __pfx_read_tsc+0x10/0x10 [ 22.959810] ? ktime_get_ts64+0x86/0x230 [ 22.959871] kunit_try_run_case+0x1a5/0x480 [ 22.959910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.959944] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.959974] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.960012] ? __kthread_parkme+0x82/0x180 [ 22.960040] ? preempt_count_sub+0x50/0x80 [ 22.960075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.960111] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.960145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.960179] kthread+0x337/0x6f0 [ 22.960209] ? trace_preempt_on+0x20/0xc0 [ 22.960272] ? __pfx_kthread+0x10/0x10 [ 22.960306] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.960340] ? calculate_sigpending+0x7b/0xa0 [ 22.960376] ? __pfx_kthread+0x10/0x10 [ 22.960407] ret_from_fork+0x116/0x1d0 [ 22.960434] ? __pfx_kthread+0x10/0x10 [ 22.960466] ret_from_fork_asm+0x1a/0x30 [ 22.960508] </TASK> [ 22.960524] [ 22.975418] Allocated by task 292: [ 22.975851] kasan_save_stack+0x45/0x70 [ 22.976338] kasan_save_track+0x18/0x40 [ 22.976664] kasan_save_alloc_info+0x3b/0x50 [ 22.977170] __kasan_kmalloc+0xb7/0xc0 [ 22.977571] __kmalloc_cache_noprof+0x189/0x420 [ 22.978089] kasan_atomics+0x95/0x310 [ 22.978527] kunit_try_run_case+0x1a5/0x480 [ 22.978953] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.979518] kthread+0x337/0x6f0 [ 22.979895] ret_from_fork+0x116/0x1d0 [ 22.980347] ret_from_fork_asm+0x1a/0x30 [ 22.980730] [ 22.980970] The buggy address belongs to the object at ffff88810383ae00 [ 22.980970] which belongs to the cache kmalloc-64 of size 64 [ 22.981928] The buggy address is located 0 bytes to the right of [ 22.981928] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.982744] [ 22.982978] The buggy address belongs to the physical page: [ 22.983576] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.984309] flags: 0x200000000000000(node=0|zone=2) [ 22.984647] page_type: f5(slab) [ 22.984993] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.985715] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.986444] page dumped because: kasan: bad access detected [ 22.986936] [ 22.987138] Memory state around the buggy address: [ 22.987622] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.988261] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.988869] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.989491] ^ [ 22.989935] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.990600] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.991263] ================================================================== [ 23.372532] ================================================================== [ 23.373408] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 23.373978] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.374412] [ 23.374746] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.374901] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.374945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.375007] Call Trace: [ 23.375064] <TASK> [ 23.375115] dump_stack_lvl+0x73/0xb0 [ 23.375198] print_report+0xd1/0x650 [ 23.375324] ? __virt_addr_valid+0x1db/0x2d0 [ 23.375406] ? kasan_atomics_helper+0x1467/0x5450 [ 23.375480] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.375564] ? kasan_atomics_helper+0x1467/0x5450 [ 23.375642] kasan_report+0x141/0x180 [ 23.375742] ? kasan_atomics_helper+0x1467/0x5450 [ 23.375878] kasan_check_range+0x10c/0x1c0 [ 23.375968] __kasan_check_write+0x18/0x20 [ 23.376063] kasan_atomics_helper+0x1467/0x5450 [ 23.376172] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.376293] ? kasan_save_alloc_info+0x3b/0x50 [ 23.376382] kasan_atomics+0x1dc/0x310 [ 23.376454] ? __pfx_kasan_atomics+0x10/0x10 [ 23.376512] ? __pfx_read_tsc+0x10/0x10 [ 23.376580] ? ktime_get_ts64+0x86/0x230 [ 23.376658] kunit_try_run_case+0x1a5/0x480 [ 23.376789] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.376886] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.376960] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.377067] ? __kthread_parkme+0x82/0x180 [ 23.377169] ? preempt_count_sub+0x50/0x80 [ 23.377297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.377427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.377509] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.377590] kthread+0x337/0x6f0 [ 23.377687] ? trace_preempt_on+0x20/0xc0 [ 23.377797] ? __pfx_kthread+0x10/0x10 [ 23.377887] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.377967] ? calculate_sigpending+0x7b/0xa0 [ 23.378071] ? __pfx_kthread+0x10/0x10 [ 23.378178] ret_from_fork+0x116/0x1d0 [ 23.378290] ? __pfx_kthread+0x10/0x10 [ 23.378388] ret_from_fork_asm+0x1a/0x30 [ 23.378509] </TASK> [ 23.378556] [ 23.396208] Allocated by task 292: [ 23.396626] kasan_save_stack+0x45/0x70 [ 23.397142] kasan_save_track+0x18/0x40 [ 23.397572] kasan_save_alloc_info+0x3b/0x50 [ 23.397906] __kasan_kmalloc+0xb7/0xc0 [ 23.398365] __kmalloc_cache_noprof+0x189/0x420 [ 23.398941] kasan_atomics+0x95/0x310 [ 23.399451] kunit_try_run_case+0x1a5/0x480 [ 23.399983] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.400583] kthread+0x337/0x6f0 [ 23.401024] ret_from_fork+0x116/0x1d0 [ 23.401430] ret_from_fork_asm+0x1a/0x30 [ 23.401729] [ 23.402013] The buggy address belongs to the object at ffff88810383ae00 [ 23.402013] which belongs to the cache kmalloc-64 of size 64 [ 23.403165] The buggy address is located 0 bytes to the right of [ 23.403165] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.404341] [ 23.404606] The buggy address belongs to the physical page: [ 23.405117] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.406475] flags: 0x200000000000000(node=0|zone=2) [ 23.407097] page_type: f5(slab) [ 23.407486] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.408119] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.409100] page dumped because: kasan: bad access detected [ 23.409893] [ 23.410090] Memory state around the buggy address: [ 23.410498] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.411759] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.412703] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.413329] ^ [ 23.413752] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.414335] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.415463] ================================================================== [ 24.376736] ================================================================== [ 24.377418] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 24.377986] Write of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 24.378711] [ 24.378946] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 24.379065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 24.379128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 24.379252] Call Trace: [ 24.379306] <TASK> [ 24.379350] dump_stack_lvl+0x73/0xb0 [ 24.379433] print_report+0xd1/0x650 [ 24.379534] ? __virt_addr_valid+0x1db/0x2d0 [ 24.379652] ? kasan_atomics_helper+0x218a/0x5450 [ 24.379728] ? kasan_complete_mode_report_info+0x2a/0x200 [ 24.379805] ? kasan_atomics_helper+0x218a/0x5450 [ 24.379944] kasan_report+0x141/0x180 [ 24.380033] ? kasan_atomics_helper+0x218a/0x5450 [ 24.380119] kasan_check_range+0x10c/0x1c0 [ 24.380268] __kasan_check_write+0x18/0x20 [ 24.380346] kasan_atomics_helper+0x218a/0x5450 [ 24.380420] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 24.380494] ? kasan_save_alloc_info+0x3b/0x50 [ 24.380584] kasan_atomics+0x1dc/0x310 [ 24.380665] ? __pfx_kasan_atomics+0x10/0x10 [ 24.380769] ? __pfx_read_tsc+0x10/0x10 [ 24.380885] ? ktime_get_ts64+0x86/0x230 [ 24.380973] kunit_try_run_case+0x1a5/0x480 [ 24.381055] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.381155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 24.381281] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 24.381325] ? __kthread_parkme+0x82/0x180 [ 24.381355] ? preempt_count_sub+0x50/0x80 [ 24.381394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 24.381431] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.381465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 24.381499] kthread+0x337/0x6f0 [ 24.381529] ? trace_preempt_on+0x20/0xc0 [ 24.381564] ? __pfx_kthread+0x10/0x10 [ 24.381597] ? _raw_spin_unlock_irq+0x47/0x80 [ 24.381633] ? calculate_sigpending+0x7b/0xa0 [ 24.381670] ? __pfx_kthread+0x10/0x10 [ 24.381701] ret_from_fork+0x116/0x1d0 [ 24.381730] ? __pfx_kthread+0x10/0x10 [ 24.381760] ret_from_fork_asm+0x1a/0x30 [ 24.381803] </TASK> [ 24.381820] [ 24.398569] Allocated by task 292: [ 24.398870] kasan_save_stack+0x45/0x70 [ 24.401553] kasan_save_track+0x18/0x40 [ 24.402011] kasan_save_alloc_info+0x3b/0x50 [ 24.402292] __kasan_kmalloc+0xb7/0xc0 [ 24.402528] __kmalloc_cache_noprof+0x189/0x420 [ 24.402797] kasan_atomics+0x95/0x310 [ 24.404625] kunit_try_run_case+0x1a5/0x480 [ 24.404927] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 24.405793] kthread+0x337/0x6f0 [ 24.406168] ret_from_fork+0x116/0x1d0 [ 24.407717] ret_from_fork_asm+0x1a/0x30 [ 24.409026] [ 24.409583] The buggy address belongs to the object at ffff88810383ae00 [ 24.409583] which belongs to the cache kmalloc-64 of size 64 [ 24.411118] The buggy address is located 0 bytes to the right of [ 24.411118] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 24.412412] [ 24.412622] The buggy address belongs to the physical page: [ 24.413176] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 24.413903] flags: 0x200000000000000(node=0|zone=2) [ 24.414467] page_type: f5(slab) [ 24.414799] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 24.415517] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 24.416298] page dumped because: kasan: bad access detected [ 24.416782] [ 24.417081] Memory state around the buggy address: [ 24.417603] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.418311] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 24.418897] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 24.419640] ^ [ 24.420049] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.420716] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 24.421436] ================================================================== [ 23.936877] ================================================================== [ 23.937504] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 23.938410] Read of size 8 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 23.938952] [ 23.939147] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 23.939461] Tainted: [B]=BAD_PAGE, [N]=TEST [ 23.939503] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 23.939588] Call Trace: [ 23.939633] <TASK> [ 23.939677] dump_stack_lvl+0x73/0xb0 [ 23.939761] print_report+0xd1/0x650 [ 23.940339] ? __virt_addr_valid+0x1db/0x2d0 [ 23.940453] ? kasan_atomics_helper+0x4f30/0x5450 [ 23.940527] ? kasan_complete_mode_report_info+0x2a/0x200 [ 23.940602] ? kasan_atomics_helper+0x4f30/0x5450 [ 23.940680] kasan_report+0x141/0x180 [ 23.940758] ? kasan_atomics_helper+0x4f30/0x5450 [ 23.940860] __asan_report_load8_noabort+0x18/0x20 [ 23.940945] kasan_atomics_helper+0x4f30/0x5450 [ 23.941020] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 23.941096] ? kasan_save_alloc_info+0x3b/0x50 [ 23.941209] kasan_atomics+0x1dc/0x310 [ 23.941316] ? __pfx_kasan_atomics+0x10/0x10 [ 23.941399] ? __pfx_read_tsc+0x10/0x10 [ 23.941469] ? ktime_get_ts64+0x86/0x230 [ 23.941577] kunit_try_run_case+0x1a5/0x480 [ 23.941685] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.941759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 23.941851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 23.941961] ? __kthread_parkme+0x82/0x180 [ 23.942060] ? preempt_count_sub+0x50/0x80 [ 23.942141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 23.942306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.942392] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 23.942472] kthread+0x337/0x6f0 [ 23.942508] ? trace_preempt_on+0x20/0xc0 [ 23.942547] ? __pfx_kthread+0x10/0x10 [ 23.942581] ? _raw_spin_unlock_irq+0x47/0x80 [ 23.942619] ? calculate_sigpending+0x7b/0xa0 [ 23.942655] ? __pfx_kthread+0x10/0x10 [ 23.942687] ret_from_fork+0x116/0x1d0 [ 23.942715] ? __pfx_kthread+0x10/0x10 [ 23.942747] ret_from_fork_asm+0x1a/0x30 [ 23.942791] </TASK> [ 23.942808] [ 23.960669] Allocated by task 292: [ 23.961076] kasan_save_stack+0x45/0x70 [ 23.961602] kasan_save_track+0x18/0x40 [ 23.962065] kasan_save_alloc_info+0x3b/0x50 [ 23.962586] __kasan_kmalloc+0xb7/0xc0 [ 23.963070] __kmalloc_cache_noprof+0x189/0x420 [ 23.963619] kasan_atomics+0x95/0x310 [ 23.964092] kunit_try_run_case+0x1a5/0x480 [ 23.964565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 23.965280] kthread+0x337/0x6f0 [ 23.965655] ret_from_fork+0x116/0x1d0 [ 23.966080] ret_from_fork_asm+0x1a/0x30 [ 23.966537] [ 23.966774] The buggy address belongs to the object at ffff88810383ae00 [ 23.966774] which belongs to the cache kmalloc-64 of size 64 [ 23.968177] The buggy address is located 0 bytes to the right of [ 23.968177] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 23.969547] [ 23.969880] The buggy address belongs to the physical page: [ 23.970433] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 23.971320] flags: 0x200000000000000(node=0|zone=2) [ 23.971844] page_type: f5(slab) [ 23.972192] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 23.973047] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 23.973533] page dumped because: kasan: bad access detected [ 23.974012] [ 23.974499] Memory state around the buggy address: [ 23.974949] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.975810] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 23.976436] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 23.977022] ^ [ 23.977630] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.978377] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 23.978858] ================================================================== [ 22.152210] ================================================================== [ 22.152855] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 22.153363] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.154005] [ 22.154301] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.154464] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.154510] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.154599] Call Trace: [ 22.154652] <TASK> [ 22.154698] dump_stack_lvl+0x73/0xb0 [ 22.154780] print_report+0xd1/0x650 [ 22.154875] ? __virt_addr_valid+0x1db/0x2d0 [ 22.154954] ? kasan_atomics_helper+0x5fe/0x5450 [ 22.155025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.155102] ? kasan_atomics_helper+0x5fe/0x5450 [ 22.155173] kasan_report+0x141/0x180 [ 22.155250] ? kasan_atomics_helper+0x5fe/0x5450 [ 22.155339] kasan_check_range+0x10c/0x1c0 [ 22.155432] __kasan_check_write+0x18/0x20 [ 22.155511] kasan_atomics_helper+0x5fe/0x5450 [ 22.155606] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.155688] ? kasan_save_alloc_info+0x3b/0x50 [ 22.155820] kasan_atomics+0x1dc/0x310 [ 22.155960] ? __pfx_kasan_atomics+0x10/0x10 [ 22.156049] ? __pfx_read_tsc+0x10/0x10 [ 22.156124] ? ktime_get_ts64+0x86/0x230 [ 22.156246] kunit_try_run_case+0x1a5/0x480 [ 22.156338] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.156449] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.156533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.156618] ? __kthread_parkme+0x82/0x180 [ 22.156689] ? preempt_count_sub+0x50/0x80 [ 22.156772] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.156865] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.156949] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.157027] kthread+0x337/0x6f0 [ 22.157097] ? trace_preempt_on+0x20/0xc0 [ 22.157143] ? __pfx_kthread+0x10/0x10 [ 22.157177] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.157216] ? calculate_sigpending+0x7b/0xa0 [ 22.157294] ? __pfx_kthread+0x10/0x10 [ 22.157361] ret_from_fork+0x116/0x1d0 [ 22.157394] ? __pfx_kthread+0x10/0x10 [ 22.157426] ret_from_fork_asm+0x1a/0x30 [ 22.157470] </TASK> [ 22.157486] [ 22.176768] Allocated by task 292: [ 22.177081] kasan_save_stack+0x45/0x70 [ 22.177482] kasan_save_track+0x18/0x40 [ 22.178544] kasan_save_alloc_info+0x3b/0x50 [ 22.178953] __kasan_kmalloc+0xb7/0xc0 [ 22.179633] __kmalloc_cache_noprof+0x189/0x420 [ 22.180190] kasan_atomics+0x95/0x310 [ 22.180894] kunit_try_run_case+0x1a5/0x480 [ 22.181715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.182097] kthread+0x337/0x6f0 [ 22.182852] ret_from_fork+0x116/0x1d0 [ 22.183606] ret_from_fork_asm+0x1a/0x30 [ 22.184338] [ 22.184689] The buggy address belongs to the object at ffff88810383ae00 [ 22.184689] which belongs to the cache kmalloc-64 of size 64 [ 22.186412] The buggy address is located 0 bytes to the right of [ 22.186412] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.187594] [ 22.188105] The buggy address belongs to the physical page: [ 22.188800] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.189792] flags: 0x200000000000000(node=0|zone=2) [ 22.190378] page_type: f5(slab) [ 22.190662] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.191221] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.191731] page dumped because: kasan: bad access detected [ 22.192127] [ 22.192334] Memory state around the buggy address: [ 22.192890] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.193423] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.194134] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.195189] ^ [ 22.196265] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.197164] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.198002] ================================================================== [ 21.734595] ================================================================== [ 21.736127] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 21.737022] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 21.737519] [ 21.737726] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.737879] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.737918] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.737981] Call Trace: [ 21.738018] <TASK> [ 21.738069] dump_stack_lvl+0x73/0xb0 [ 21.738135] print_report+0xd1/0x650 [ 21.738170] ? __virt_addr_valid+0x1db/0x2d0 [ 21.738205] ? kasan_atomics_helper+0x4bbc/0x5450 [ 21.738344] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.738463] ? kasan_atomics_helper+0x4bbc/0x5450 [ 21.738570] kasan_report+0x141/0x180 [ 21.738679] ? kasan_atomics_helper+0x4bbc/0x5450 [ 21.738790] __asan_report_load4_noabort+0x18/0x20 [ 21.738935] kasan_atomics_helper+0x4bbc/0x5450 [ 21.739044] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 21.739147] ? kasan_save_alloc_info+0x3b/0x50 [ 21.739310] kasan_atomics+0x1dc/0x310 [ 21.739427] ? __pfx_kasan_atomics+0x10/0x10 [ 21.739470] ? __pfx_read_tsc+0x10/0x10 [ 21.739507] ? ktime_get_ts64+0x86/0x230 [ 21.739553] kunit_try_run_case+0x1a5/0x480 [ 21.739594] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.739627] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.739657] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.739696] ? __kthread_parkme+0x82/0x180 [ 21.739726] ? preempt_count_sub+0x50/0x80 [ 21.739761] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.739796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.739851] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.739893] kthread+0x337/0x6f0 [ 21.739924] ? trace_preempt_on+0x20/0xc0 [ 21.739959] ? __pfx_kthread+0x10/0x10 [ 21.739988] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.740022] ? calculate_sigpending+0x7b/0xa0 [ 21.740056] ? __pfx_kthread+0x10/0x10 [ 21.740088] ret_from_fork+0x116/0x1d0 [ 21.740113] ? __pfx_kthread+0x10/0x10 [ 21.740143] ret_from_fork_asm+0x1a/0x30 [ 21.740187] </TASK> [ 21.740204] [ 21.764861] Allocated by task 292: [ 21.765297] kasan_save_stack+0x45/0x70 [ 21.765898] kasan_save_track+0x18/0x40 [ 21.766819] kasan_save_alloc_info+0x3b/0x50 [ 21.767420] __kasan_kmalloc+0xb7/0xc0 [ 21.767923] __kmalloc_cache_noprof+0x189/0x420 [ 21.768570] kasan_atomics+0x95/0x310 [ 21.768994] kunit_try_run_case+0x1a5/0x480 [ 21.769607] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.770186] kthread+0x337/0x6f0 [ 21.771046] ret_from_fork+0x116/0x1d0 [ 21.771727] ret_from_fork_asm+0x1a/0x30 [ 21.772108] [ 21.772622] The buggy address belongs to the object at ffff88810383ae00 [ 21.772622] which belongs to the cache kmalloc-64 of size 64 [ 21.774127] The buggy address is located 0 bytes to the right of [ 21.774127] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 21.776312] [ 21.776733] The buggy address belongs to the physical page: [ 21.777535] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 21.778320] flags: 0x200000000000000(node=0|zone=2) [ 21.779331] page_type: f5(slab) [ 21.779686] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 21.780909] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.781602] page dumped because: kasan: bad access detected [ 21.782036] [ 21.782268] Memory state around the buggy address: [ 21.782722] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.783300] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.783915] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.784519] ^ [ 21.785153] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.785755] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.786902] ================================================================== [ 21.829280] ================================================================== [ 21.830531] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 21.831005] Read of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 21.831775] [ 21.832035] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.832157] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.832193] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.832247] Call Trace: [ 21.832296] <TASK> [ 21.832336] dump_stack_lvl+0x73/0xb0 [ 21.832417] print_report+0xd1/0x650 [ 21.832492] ? __virt_addr_valid+0x1db/0x2d0 [ 21.832570] ? kasan_atomics_helper+0x4b88/0x5450 [ 21.832636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.832705] ? kasan_atomics_helper+0x4b88/0x5450 [ 21.832776] kasan_report+0x141/0x180 [ 21.832866] ? kasan_atomics_helper+0x4b88/0x5450 [ 21.832947] __asan_report_load4_noabort+0x18/0x20 [ 21.833028] kasan_atomics_helper+0x4b88/0x5450 [ 21.833103] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 21.833175] ? kasan_save_alloc_info+0x3b/0x50 [ 21.833265] kasan_atomics+0x1dc/0x310 [ 21.833344] ? __pfx_kasan_atomics+0x10/0x10 [ 21.833422] ? __pfx_read_tsc+0x10/0x10 [ 21.833491] ? ktime_get_ts64+0x86/0x230 [ 21.833572] kunit_try_run_case+0x1a5/0x480 [ 21.833651] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.833721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.833789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.834196] ? __kthread_parkme+0x82/0x180 [ 21.834353] ? preempt_count_sub+0x50/0x80 [ 21.834398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.834434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.834468] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.834501] kthread+0x337/0x6f0 [ 21.834530] ? trace_preempt_on+0x20/0xc0 [ 21.834563] ? __pfx_kthread+0x10/0x10 [ 21.834591] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.834624] ? calculate_sigpending+0x7b/0xa0 [ 21.834659] ? __pfx_kthread+0x10/0x10 [ 21.834688] ret_from_fork+0x116/0x1d0 [ 21.834713] ? __pfx_kthread+0x10/0x10 [ 21.834740] ret_from_fork_asm+0x1a/0x30 [ 21.834780] </TASK> [ 21.834794] [ 21.852941] Allocated by task 292: [ 21.853201] kasan_save_stack+0x45/0x70 [ 21.853592] kasan_save_track+0x18/0x40 [ 21.853995] kasan_save_alloc_info+0x3b/0x50 [ 21.854599] __kasan_kmalloc+0xb7/0xc0 [ 21.854904] __kmalloc_cache_noprof+0x189/0x420 [ 21.855223] kasan_atomics+0x95/0x310 [ 21.855629] kunit_try_run_case+0x1a5/0x480 [ 21.856094] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.856975] kthread+0x337/0x6f0 [ 21.857406] ret_from_fork+0x116/0x1d0 [ 21.858090] ret_from_fork_asm+0x1a/0x30 [ 21.859471] [ 21.860039] The buggy address belongs to the object at ffff88810383ae00 [ 21.860039] which belongs to the cache kmalloc-64 of size 64 [ 21.861434] The buggy address is located 0 bytes to the right of [ 21.861434] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 21.863442] [ 21.863827] The buggy address belongs to the physical page: [ 21.864207] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 21.864935] flags: 0x200000000000000(node=0|zone=2) [ 21.865352] page_type: f5(slab) [ 21.865770] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 21.866441] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 21.867060] page dumped because: kasan: bad access detected [ 21.867773] [ 21.868086] Memory state around the buggy address: [ 21.868583] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.869278] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 21.870793] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 21.871589] ^ [ 21.871886] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.872899] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.873880] ================================================================== [ 22.786537] ================================================================== [ 22.787328] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 22.788599] Write of size 4 at addr ffff88810383ae30 by task kunit_try_catch/292 [ 22.789239] [ 22.789470] CPU: 1 UID: 0 PID: 292 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 22.789587] Tainted: [B]=BAD_PAGE, [N]=TEST [ 22.789910] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 22.790002] Call Trace: [ 22.790053] <TASK> [ 22.790129] dump_stack_lvl+0x73/0xb0 [ 22.790242] print_report+0xd1/0x650 [ 22.790327] ? __virt_addr_valid+0x1db/0x2d0 [ 22.790437] ? kasan_atomics_helper+0xe78/0x5450 [ 22.790543] ? kasan_complete_mode_report_info+0x2a/0x200 [ 22.790620] ? kasan_atomics_helper+0xe78/0x5450 [ 22.790695] kasan_report+0x141/0x180 [ 22.790773] ? kasan_atomics_helper+0xe78/0x5450 [ 22.790873] kasan_check_range+0x10c/0x1c0 [ 22.790953] __kasan_check_write+0x18/0x20 [ 22.791022] kasan_atomics_helper+0xe78/0x5450 [ 22.791097] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 22.791170] ? kasan_save_alloc_info+0x3b/0x50 [ 22.791290] kasan_atomics+0x1dc/0x310 [ 22.791371] ? __pfx_kasan_atomics+0x10/0x10 [ 22.791452] ? __pfx_read_tsc+0x10/0x10 [ 22.791519] ? ktime_get_ts64+0x86/0x230 [ 22.791611] kunit_try_run_case+0x1a5/0x480 [ 22.791688] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.791759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 22.791846] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 22.791931] ? __kthread_parkme+0x82/0x180 [ 22.792002] ? preempt_count_sub+0x50/0x80 [ 22.792081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 22.792161] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.792242] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 22.792325] kthread+0x337/0x6f0 [ 22.792397] ? trace_preempt_on+0x20/0xc0 [ 22.792438] ? __pfx_kthread+0x10/0x10 [ 22.792470] ? _raw_spin_unlock_irq+0x47/0x80 [ 22.792507] ? calculate_sigpending+0x7b/0xa0 [ 22.792543] ? __pfx_kthread+0x10/0x10 [ 22.792573] ret_from_fork+0x116/0x1d0 [ 22.792601] ? __pfx_kthread+0x10/0x10 [ 22.792630] ret_from_fork_asm+0x1a/0x30 [ 22.792672] </TASK> [ 22.792687] [ 22.813294] Allocated by task 292: [ 22.813668] kasan_save_stack+0x45/0x70 [ 22.815693] kasan_save_track+0x18/0x40 [ 22.817113] kasan_save_alloc_info+0x3b/0x50 [ 22.818102] __kasan_kmalloc+0xb7/0xc0 [ 22.818472] __kmalloc_cache_noprof+0x189/0x420 [ 22.819514] kasan_atomics+0x95/0x310 [ 22.821054] kunit_try_run_case+0x1a5/0x480 [ 22.821540] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 22.822127] kthread+0x337/0x6f0 [ 22.822673] ret_from_fork+0x116/0x1d0 [ 22.823063] ret_from_fork_asm+0x1a/0x30 [ 22.823490] [ 22.823721] The buggy address belongs to the object at ffff88810383ae00 [ 22.823721] which belongs to the cache kmalloc-64 of size 64 [ 22.824526] The buggy address is located 0 bytes to the right of [ 22.824526] allocated 48-byte region [ffff88810383ae00, ffff88810383ae30) [ 22.825637] [ 22.825807] The buggy address belongs to the physical page: [ 22.826478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 22.827165] flags: 0x200000000000000(node=0|zone=2) [ 22.828356] page_type: f5(slab) [ 22.829203] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 22.830504] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 22.831582] page dumped because: kasan: bad access detected [ 22.832000] [ 22.832153] Memory state around the buggy address: [ 22.833076] ffff88810383ad00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.834235] ffff88810383ad80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 22.834751] >ffff88810383ae00: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 22.835376] ^ [ 22.835926] ffff88810383ae80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.836623] ffff88810383af00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 22.837292] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 21.683947] ================================================================== [ 21.685261] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 21.685930] Read of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.686480] [ 21.686731] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.686874] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.686913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.686972] Call Trace: [ 21.687020] <TASK> [ 21.687098] dump_stack_lvl+0x73/0xb0 [ 21.687184] print_report+0xd1/0x650 [ 21.687259] ? __virt_addr_valid+0x1db/0x2d0 [ 21.687334] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 21.687413] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.687482] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 21.687574] kasan_report+0x141/0x180 [ 21.687649] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 21.687718] __asan_report_load8_noabort+0x18/0x20 [ 21.687758] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 21.687801] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.687868] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.687907] ? trace_hardirqs_on+0x37/0xe0 [ 21.687939] ? kasan_bitops_generic+0x92/0x1c0 [ 21.687978] kasan_bitops_generic+0x121/0x1c0 [ 21.688012] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.688048] ? __pfx_read_tsc+0x10/0x10 [ 21.688079] ? ktime_get_ts64+0x86/0x230 [ 21.688116] kunit_try_run_case+0x1a5/0x480 [ 21.688152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.688185] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.688223] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.688282] ? __kthread_parkme+0x82/0x180 [ 21.688311] ? preempt_count_sub+0x50/0x80 [ 21.688345] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.688381] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.688414] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.688447] kthread+0x337/0x6f0 [ 21.688476] ? trace_preempt_on+0x20/0xc0 [ 21.688507] ? __pfx_kthread+0x10/0x10 [ 21.688536] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.688569] ? calculate_sigpending+0x7b/0xa0 [ 21.688604] ? __pfx_kthread+0x10/0x10 [ 21.688634] ret_from_fork+0x116/0x1d0 [ 21.688660] ? __pfx_kthread+0x10/0x10 [ 21.688687] ret_from_fork_asm+0x1a/0x30 [ 21.688730] </TASK> [ 21.688744] [ 21.704595] Allocated by task 288: [ 21.705055] kasan_save_stack+0x45/0x70 [ 21.705565] kasan_save_track+0x18/0x40 [ 21.706059] kasan_save_alloc_info+0x3b/0x50 [ 21.706531] __kasan_kmalloc+0xb7/0xc0 [ 21.707010] __kmalloc_cache_noprof+0x189/0x420 [ 21.707567] kasan_bitops_generic+0x92/0x1c0 [ 21.708092] kunit_try_run_case+0x1a5/0x480 [ 21.708503] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.709117] kthread+0x337/0x6f0 [ 21.709505] ret_from_fork+0x116/0x1d0 [ 21.709918] ret_from_fork_asm+0x1a/0x30 [ 21.710344] [ 21.710504] The buggy address belongs to the object at ffff888102264580 [ 21.710504] which belongs to the cache kmalloc-16 of size 16 [ 21.711547] The buggy address is located 8 bytes inside of [ 21.711547] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.712614] [ 21.712827] The buggy address belongs to the physical page: [ 21.713398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.714040] flags: 0x200000000000000(node=0|zone=2) [ 21.714401] page_type: f5(slab) [ 21.714653] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.715377] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.716085] page dumped because: kasan: bad access detected [ 21.716682] [ 21.716932] Memory state around the buggy address: [ 21.717497] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.718166] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.719022] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.719727] ^ [ 21.720178] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.721164] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.721786] ================================================================== [ 21.512496] ================================================================== [ 21.512923] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 21.513866] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.514764] [ 21.515122] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.515277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.515321] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.515399] Call Trace: [ 21.515453] <TASK> [ 21.515523] dump_stack_lvl+0x73/0xb0 [ 21.515623] print_report+0xd1/0x650 [ 21.515696] ? __virt_addr_valid+0x1db/0x2d0 [ 21.515772] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 21.515873] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.515992] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 21.516099] kasan_report+0x141/0x180 [ 21.516203] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 21.516343] kasan_check_range+0x10c/0x1c0 [ 21.516423] __kasan_check_write+0x18/0x20 [ 21.516514] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 21.516629] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.516702] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.516740] ? trace_hardirqs_on+0x37/0xe0 [ 21.516770] ? kasan_bitops_generic+0x92/0x1c0 [ 21.516812] kasan_bitops_generic+0x121/0x1c0 [ 21.516905] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.516983] ? __pfx_read_tsc+0x10/0x10 [ 21.517075] ? ktime_get_ts64+0x86/0x230 [ 21.517184] kunit_try_run_case+0x1a5/0x480 [ 21.517328] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.517430] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.517503] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.517574] ? __kthread_parkme+0x82/0x180 [ 21.517605] ? preempt_count_sub+0x50/0x80 [ 21.517640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.517676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.517709] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.517742] kthread+0x337/0x6f0 [ 21.517768] ? trace_preempt_on+0x20/0xc0 [ 21.517800] ? __pfx_kthread+0x10/0x10 [ 21.517853] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.517901] ? calculate_sigpending+0x7b/0xa0 [ 21.517940] ? __pfx_kthread+0x10/0x10 [ 21.517974] ret_from_fork+0x116/0x1d0 [ 21.518003] ? __pfx_kthread+0x10/0x10 [ 21.518034] ret_from_fork_asm+0x1a/0x30 [ 21.518078] </TASK> [ 21.518092] [ 21.537928] Allocated by task 288: [ 21.539278] kasan_save_stack+0x45/0x70 [ 21.539592] kasan_save_track+0x18/0x40 [ 21.539997] kasan_save_alloc_info+0x3b/0x50 [ 21.540638] __kasan_kmalloc+0xb7/0xc0 [ 21.541018] __kmalloc_cache_noprof+0x189/0x420 [ 21.541437] kasan_bitops_generic+0x92/0x1c0 [ 21.541855] kunit_try_run_case+0x1a5/0x480 [ 21.542220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.542655] kthread+0x337/0x6f0 [ 21.543180] ret_from_fork+0x116/0x1d0 [ 21.543479] ret_from_fork_asm+0x1a/0x30 [ 21.543859] [ 21.544032] The buggy address belongs to the object at ffff888102264580 [ 21.544032] which belongs to the cache kmalloc-16 of size 16 [ 21.545176] The buggy address is located 8 bytes inside of [ 21.545176] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.546261] [ 21.546423] The buggy address belongs to the physical page: [ 21.546999] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.547917] flags: 0x200000000000000(node=0|zone=2) [ 21.548387] page_type: f5(slab) [ 21.548765] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.549601] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.550189] page dumped because: kasan: bad access detected [ 21.550752] [ 21.551033] Memory state around the buggy address: [ 21.551501] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.552050] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.552865] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.553482] ^ [ 21.553959] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.554502] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.555045] ================================================================== [ 21.599916] ================================================================== [ 21.600449] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 21.602157] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.603457] [ 21.603637] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.603707] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.603726] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.603756] Call Trace: [ 21.603779] <TASK> [ 21.603799] dump_stack_lvl+0x73/0xb0 [ 21.603871] print_report+0xd1/0x650 [ 21.603950] ? __virt_addr_valid+0x1db/0x2d0 [ 21.604062] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 21.604153] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.604227] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 21.604318] kasan_report+0x141/0x180 [ 21.604392] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 21.604630] kasan_check_range+0x10c/0x1c0 [ 21.604702] __kasan_check_write+0x18/0x20 [ 21.604734] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 21.604775] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.604816] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.604879] ? trace_hardirqs_on+0x37/0xe0 [ 21.604913] ? kasan_bitops_generic+0x92/0x1c0 [ 21.604951] kasan_bitops_generic+0x121/0x1c0 [ 21.604984] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.605020] ? __pfx_read_tsc+0x10/0x10 [ 21.605050] ? ktime_get_ts64+0x86/0x230 [ 21.605084] kunit_try_run_case+0x1a5/0x480 [ 21.605119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.605152] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.605179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.605241] ? __kthread_parkme+0x82/0x180 [ 21.605289] ? preempt_count_sub+0x50/0x80 [ 21.605326] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.605360] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.605393] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.605425] kthread+0x337/0x6f0 [ 21.605454] ? trace_preempt_on+0x20/0xc0 [ 21.605485] ? __pfx_kthread+0x10/0x10 [ 21.605514] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.605549] ? calculate_sigpending+0x7b/0xa0 [ 21.605583] ? __pfx_kthread+0x10/0x10 [ 21.605612] ret_from_fork+0x116/0x1d0 [ 21.605638] ? __pfx_kthread+0x10/0x10 [ 21.605665] ret_from_fork_asm+0x1a/0x30 [ 21.605704] </TASK> [ 21.605718] [ 21.622638] Allocated by task 288: [ 21.623006] kasan_save_stack+0x45/0x70 [ 21.623441] kasan_save_track+0x18/0x40 [ 21.623903] kasan_save_alloc_info+0x3b/0x50 [ 21.624302] __kasan_kmalloc+0xb7/0xc0 [ 21.624580] __kmalloc_cache_noprof+0x189/0x420 [ 21.624958] kasan_bitops_generic+0x92/0x1c0 [ 21.625493] kunit_try_run_case+0x1a5/0x480 [ 21.625988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.626547] kthread+0x337/0x6f0 [ 21.626942] ret_from_fork+0x116/0x1d0 [ 21.627409] ret_from_fork_asm+0x1a/0x30 [ 21.627810] [ 21.628070] The buggy address belongs to the object at ffff888102264580 [ 21.628070] which belongs to the cache kmalloc-16 of size 16 [ 21.629021] The buggy address is located 8 bytes inside of [ 21.629021] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.629723] [ 21.629982] The buggy address belongs to the physical page: [ 21.630527] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.631324] flags: 0x200000000000000(node=0|zone=2) [ 21.631766] page_type: f5(slab) [ 21.632161] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.632730] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.633391] page dumped because: kasan: bad access detected [ 21.633917] [ 21.634125] Memory state around the buggy address: [ 21.634600] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.635038] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.635696] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.637120] ^ [ 21.638911] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.639819] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.640641] ================================================================== [ 21.340012] ================================================================== [ 21.341801] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 21.343607] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.344134] [ 21.344332] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.344458] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.344496] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.344553] Call Trace: [ 21.344601] <TASK> [ 21.344650] dump_stack_lvl+0x73/0xb0 [ 21.344726] print_report+0xd1/0x650 [ 21.344798] ? __virt_addr_valid+0x1db/0x2d0 [ 21.344895] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 21.344974] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.345045] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 21.345126] kasan_report+0x141/0x180 [ 21.345197] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 21.345580] kasan_check_range+0x10c/0x1c0 [ 21.345791] __kasan_check_write+0x18/0x20 [ 21.345887] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 21.345976] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.346060] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.346140] ? trace_hardirqs_on+0x37/0xe0 [ 21.346213] ? kasan_bitops_generic+0x92/0x1c0 [ 21.346302] kasan_bitops_generic+0x121/0x1c0 [ 21.346386] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.346453] ? __pfx_read_tsc+0x10/0x10 [ 21.346488] ? ktime_get_ts64+0x86/0x230 [ 21.346525] kunit_try_run_case+0x1a5/0x480 [ 21.346560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.346594] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.346623] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.346661] ? __kthread_parkme+0x82/0x180 [ 21.346690] ? preempt_count_sub+0x50/0x80 [ 21.346723] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.346758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.346792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.346825] kthread+0x337/0x6f0 [ 21.346884] ? trace_preempt_on+0x20/0xc0 [ 21.346919] ? __pfx_kthread+0x10/0x10 [ 21.346949] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.346983] ? calculate_sigpending+0x7b/0xa0 [ 21.347018] ? __pfx_kthread+0x10/0x10 [ 21.347048] ret_from_fork+0x116/0x1d0 [ 21.347073] ? __pfx_kthread+0x10/0x10 [ 21.347103] ret_from_fork_asm+0x1a/0x30 [ 21.347145] </TASK> [ 21.347161] [ 21.365952] Allocated by task 288: [ 21.366508] kasan_save_stack+0x45/0x70 [ 21.366936] kasan_save_track+0x18/0x40 [ 21.367319] kasan_save_alloc_info+0x3b/0x50 [ 21.367720] __kasan_kmalloc+0xb7/0xc0 [ 21.368171] __kmalloc_cache_noprof+0x189/0x420 [ 21.369042] kasan_bitops_generic+0x92/0x1c0 [ 21.369726] kunit_try_run_case+0x1a5/0x480 [ 21.370117] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.370688] kthread+0x337/0x6f0 [ 21.371137] ret_from_fork+0x116/0x1d0 [ 21.371468] ret_from_fork_asm+0x1a/0x30 [ 21.372018] [ 21.372225] The buggy address belongs to the object at ffff888102264580 [ 21.372225] which belongs to the cache kmalloc-16 of size 16 [ 21.373180] The buggy address is located 8 bytes inside of [ 21.373180] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.374024] [ 21.374181] The buggy address belongs to the physical page: [ 21.374679] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.375162] flags: 0x200000000000000(node=0|zone=2) [ 21.375714] page_type: f5(slab) [ 21.375994] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.376935] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.377938] page dumped because: kasan: bad access detected [ 21.378542] [ 21.378945] Memory state around the buggy address: [ 21.379342] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.379979] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.380608] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.381200] ^ [ 21.381534] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.382096] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.382777] ================================================================== [ 21.384124] ================================================================== [ 21.384654] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 21.385444] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.386189] [ 21.386479] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.386602] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.386638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.386694] Call Trace: [ 21.386737] <TASK> [ 21.386782] dump_stack_lvl+0x73/0xb0 [ 21.386877] print_report+0xd1/0x650 [ 21.386952] ? __virt_addr_valid+0x1db/0x2d0 [ 21.387021] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 21.387089] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.387155] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 21.387264] kasan_report+0x141/0x180 [ 21.387334] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 21.387430] kasan_check_range+0x10c/0x1c0 [ 21.387558] __kasan_check_write+0x18/0x20 [ 21.387632] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 21.387717] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.387805] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.387969] ? trace_hardirqs_on+0x37/0xe0 [ 21.388080] ? kasan_bitops_generic+0x92/0x1c0 [ 21.388169] kasan_bitops_generic+0x121/0x1c0 [ 21.388292] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.388375] ? __pfx_read_tsc+0x10/0x10 [ 21.388442] ? ktime_get_ts64+0x86/0x230 [ 21.388526] kunit_try_run_case+0x1a5/0x480 [ 21.388600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.388674] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.388750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.388842] ? __kthread_parkme+0x82/0x180 [ 21.388912] ? preempt_count_sub+0x50/0x80 [ 21.388987] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.389061] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.389103] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.389137] kthread+0x337/0x6f0 [ 21.389165] ? trace_preempt_on+0x20/0xc0 [ 21.389196] ? __pfx_kthread+0x10/0x10 [ 21.389272] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.389311] ? calculate_sigpending+0x7b/0xa0 [ 21.389349] ? __pfx_kthread+0x10/0x10 [ 21.389379] ret_from_fork+0x116/0x1d0 [ 21.389405] ? __pfx_kthread+0x10/0x10 [ 21.389433] ret_from_fork_asm+0x1a/0x30 [ 21.389476] </TASK> [ 21.389490] [ 21.409688] Allocated by task 288: [ 21.409990] kasan_save_stack+0x45/0x70 [ 21.410433] kasan_save_track+0x18/0x40 [ 21.410859] kasan_save_alloc_info+0x3b/0x50 [ 21.411302] __kasan_kmalloc+0xb7/0xc0 [ 21.411610] __kmalloc_cache_noprof+0x189/0x420 [ 21.412088] kasan_bitops_generic+0x92/0x1c0 [ 21.412574] kunit_try_run_case+0x1a5/0x480 [ 21.413047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.413589] kthread+0x337/0x6f0 [ 21.413870] ret_from_fork+0x116/0x1d0 [ 21.414324] ret_from_fork_asm+0x1a/0x30 [ 21.414728] [ 21.414928] The buggy address belongs to the object at ffff888102264580 [ 21.414928] which belongs to the cache kmalloc-16 of size 16 [ 21.415785] The buggy address is located 8 bytes inside of [ 21.415785] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.416790] [ 21.417048] The buggy address belongs to the physical page: [ 21.417511] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.418151] flags: 0x200000000000000(node=0|zone=2) [ 21.418683] page_type: f5(slab) [ 21.419077] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.419727] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.420298] page dumped because: kasan: bad access detected [ 21.420676] [ 21.420905] Memory state around the buggy address: [ 21.421385] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.422055] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.422672] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.423114] ^ [ 21.423522] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.424171] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.424747] ================================================================== [ 21.556544] ================================================================== [ 21.557048] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 21.558670] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.560239] [ 21.560684] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.560864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.560898] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.560956] Call Trace: [ 21.560993] <TASK> [ 21.561040] dump_stack_lvl+0x73/0xb0 [ 21.561117] print_report+0xd1/0x650 [ 21.561154] ? __virt_addr_valid+0x1db/0x2d0 [ 21.561185] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 21.561271] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.561309] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 21.561350] kasan_report+0x141/0x180 [ 21.561380] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 21.561424] kasan_check_range+0x10c/0x1c0 [ 21.561457] __kasan_check_write+0x18/0x20 [ 21.561484] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 21.561523] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.561563] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.561599] ? trace_hardirqs_on+0x37/0xe0 [ 21.561632] ? kasan_bitops_generic+0x92/0x1c0 [ 21.561669] kasan_bitops_generic+0x121/0x1c0 [ 21.561703] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.561740] ? __pfx_read_tsc+0x10/0x10 [ 21.561769] ? ktime_get_ts64+0x86/0x230 [ 21.561802] kunit_try_run_case+0x1a5/0x480 [ 21.561860] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.561897] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.561925] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.561961] ? __kthread_parkme+0x82/0x180 [ 21.561988] ? preempt_count_sub+0x50/0x80 [ 21.562021] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.562054] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.562086] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.562119] kthread+0x337/0x6f0 [ 21.562145] ? trace_preempt_on+0x20/0xc0 [ 21.562177] ? __pfx_kthread+0x10/0x10 [ 21.562206] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.562265] ? calculate_sigpending+0x7b/0xa0 [ 21.562304] ? __pfx_kthread+0x10/0x10 [ 21.562334] ret_from_fork+0x116/0x1d0 [ 21.562359] ? __pfx_kthread+0x10/0x10 [ 21.562388] ret_from_fork_asm+0x1a/0x30 [ 21.562428] </TASK> [ 21.562442] [ 21.581714] Allocated by task 288: [ 21.581988] kasan_save_stack+0x45/0x70 [ 21.582494] kasan_save_track+0x18/0x40 [ 21.582890] kasan_save_alloc_info+0x3b/0x50 [ 21.583454] __kasan_kmalloc+0xb7/0xc0 [ 21.583930] __kmalloc_cache_noprof+0x189/0x420 [ 21.584498] kasan_bitops_generic+0x92/0x1c0 [ 21.584810] kunit_try_run_case+0x1a5/0x480 [ 21.585261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.585757] kthread+0x337/0x6f0 [ 21.586119] ret_from_fork+0x116/0x1d0 [ 21.586616] ret_from_fork_asm+0x1a/0x30 [ 21.587059] [ 21.587364] The buggy address belongs to the object at ffff888102264580 [ 21.587364] which belongs to the cache kmalloc-16 of size 16 [ 21.589177] The buggy address is located 8 bytes inside of [ 21.589177] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.590006] [ 21.590212] The buggy address belongs to the physical page: [ 21.590682] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.591477] flags: 0x200000000000000(node=0|zone=2) [ 21.591935] page_type: f5(slab) [ 21.592195] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.592741] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.593495] page dumped because: kasan: bad access detected [ 21.593990] [ 21.594310] Memory state around the buggy address: [ 21.594704] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.595160] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.595892] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.596694] ^ [ 21.597052] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.597610] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.598398] ================================================================== [ 21.463647] ================================================================== [ 21.464443] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 21.465274] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.466628] [ 21.466826] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.466969] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.467009] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.467067] Call Trace: [ 21.467117] <TASK> [ 21.467166] dump_stack_lvl+0x73/0xb0 [ 21.467250] print_report+0xd1/0x650 [ 21.467329] ? __virt_addr_valid+0x1db/0x2d0 [ 21.467401] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 21.467487] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.467572] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 21.467659] kasan_report+0x141/0x180 [ 21.467738] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 21.467850] kasan_check_range+0x10c/0x1c0 [ 21.467932] __kasan_check_write+0x18/0x20 [ 21.468007] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 21.468091] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.468162] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.468318] ? trace_hardirqs_on+0x37/0xe0 [ 21.468388] ? kasan_bitops_generic+0x92/0x1c0 [ 21.468470] kasan_bitops_generic+0x121/0x1c0 [ 21.468545] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.468622] ? __pfx_read_tsc+0x10/0x10 [ 21.468688] ? ktime_get_ts64+0x86/0x230 [ 21.468765] kunit_try_run_case+0x1a5/0x480 [ 21.468858] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.468931] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.468997] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.469074] ? __kthread_parkme+0x82/0x180 [ 21.469142] ? preempt_count_sub+0x50/0x80 [ 21.469203] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.469265] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.469337] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.469408] kthread+0x337/0x6f0 [ 21.469474] ? trace_preempt_on+0x20/0xc0 [ 21.469549] ? __pfx_kthread+0x10/0x10 [ 21.469623] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.469696] ? calculate_sigpending+0x7b/0xa0 [ 21.469769] ? __pfx_kthread+0x10/0x10 [ 21.470040] ret_from_fork+0x116/0x1d0 [ 21.470277] ? __pfx_kthread+0x10/0x10 [ 21.470998] ret_from_fork_asm+0x1a/0x30 [ 21.471090] </TASK> [ 21.471126] [ 21.490895] Allocated by task 288: [ 21.493205] kasan_save_stack+0x45/0x70 [ 21.493921] kasan_save_track+0x18/0x40 [ 21.494697] kasan_save_alloc_info+0x3b/0x50 [ 21.495570] __kasan_kmalloc+0xb7/0xc0 [ 21.496239] __kmalloc_cache_noprof+0x189/0x420 [ 21.497030] kasan_bitops_generic+0x92/0x1c0 [ 21.497809] kunit_try_run_case+0x1a5/0x480 [ 21.498244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.498685] kthread+0x337/0x6f0 [ 21.499052] ret_from_fork+0x116/0x1d0 [ 21.499939] ret_from_fork_asm+0x1a/0x30 [ 21.500423] [ 21.500639] The buggy address belongs to the object at ffff888102264580 [ 21.500639] which belongs to the cache kmalloc-16 of size 16 [ 21.501664] The buggy address is located 8 bytes inside of [ 21.501664] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.502576] [ 21.502851] The buggy address belongs to the physical page: [ 21.503340] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.503925] flags: 0x200000000000000(node=0|zone=2) [ 21.504404] page_type: f5(slab) [ 21.504703] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.505336] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.505970] page dumped because: kasan: bad access detected [ 21.506462] [ 21.506717] Memory state around the buggy address: [ 21.507153] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.507788] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.508451] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.508971] ^ [ 21.509417] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.509909] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.510515] ================================================================== [ 21.641514] ================================================================== [ 21.642715] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 21.644206] Read of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.645133] [ 21.645495] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.645618] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.645656] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.645713] Call Trace: [ 21.645790] <TASK> [ 21.645853] dump_stack_lvl+0x73/0xb0 [ 21.645936] print_report+0xd1/0x650 [ 21.646014] ? __virt_addr_valid+0x1db/0x2d0 [ 21.646078] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 21.646121] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.646152] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 21.646191] kasan_report+0x141/0x180 [ 21.646252] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 21.646310] kasan_check_range+0x10c/0x1c0 [ 21.646347] __kasan_check_read+0x15/0x20 [ 21.646374] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 21.646412] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.646453] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.646486] ? trace_hardirqs_on+0x37/0xe0 [ 21.646517] ? kasan_bitops_generic+0x92/0x1c0 [ 21.646555] kasan_bitops_generic+0x121/0x1c0 [ 21.646592] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.646627] ? __pfx_read_tsc+0x10/0x10 [ 21.646655] ? ktime_get_ts64+0x86/0x230 [ 21.646689] kunit_try_run_case+0x1a5/0x480 [ 21.646721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.646753] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.646781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.646817] ? __kthread_parkme+0x82/0x180 [ 21.646869] ? preempt_count_sub+0x50/0x80 [ 21.646906] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.646941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.646974] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.647005] kthread+0x337/0x6f0 [ 21.647032] ? trace_preempt_on+0x20/0xc0 [ 21.647062] ? __pfx_kthread+0x10/0x10 [ 21.647092] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.647126] ? calculate_sigpending+0x7b/0xa0 [ 21.647159] ? __pfx_kthread+0x10/0x10 [ 21.647188] ret_from_fork+0x116/0x1d0 [ 21.647216] ? __pfx_kthread+0x10/0x10 [ 21.647272] ret_from_fork_asm+0x1a/0x30 [ 21.647315] </TASK> [ 21.647328] [ 21.664363] Allocated by task 288: [ 21.664624] kasan_save_stack+0x45/0x70 [ 21.664965] kasan_save_track+0x18/0x40 [ 21.665568] kasan_save_alloc_info+0x3b/0x50 [ 21.666160] __kasan_kmalloc+0xb7/0xc0 [ 21.666642] __kmalloc_cache_noprof+0x189/0x420 [ 21.667110] kasan_bitops_generic+0x92/0x1c0 [ 21.667641] kunit_try_run_case+0x1a5/0x480 [ 21.668155] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.668553] kthread+0x337/0x6f0 [ 21.668808] ret_from_fork+0x116/0x1d0 [ 21.669323] ret_from_fork_asm+0x1a/0x30 [ 21.669701] [ 21.669970] The buggy address belongs to the object at ffff888102264580 [ 21.669970] which belongs to the cache kmalloc-16 of size 16 [ 21.671164] The buggy address is located 8 bytes inside of [ 21.671164] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.672134] [ 21.672428] The buggy address belongs to the physical page: [ 21.673086] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.673869] flags: 0x200000000000000(node=0|zone=2) [ 21.674202] page_type: f5(slab) [ 21.674585] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.675382] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.676043] page dumped because: kasan: bad access detected [ 21.676491] [ 21.676646] Memory state around the buggy address: [ 21.677026] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.677719] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.679013] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.679975] ^ [ 21.680524] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.681456] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.682031] ================================================================== [ 21.425821] ================================================================== [ 21.426638] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 21.427167] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.428112] [ 21.428429] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.428557] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.428595] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.428652] Call Trace: [ 21.428698] <TASK> [ 21.428804] dump_stack_lvl+0x73/0xb0 [ 21.428907] print_report+0xd1/0x650 [ 21.428975] ? __virt_addr_valid+0x1db/0x2d0 [ 21.429044] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 21.429118] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.429186] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 21.429302] kasan_report+0x141/0x180 [ 21.429379] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 21.429471] kasan_check_range+0x10c/0x1c0 [ 21.429548] __kasan_check_write+0x18/0x20 [ 21.429614] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 21.429695] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 21.429779] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.429865] ? trace_hardirqs_on+0x37/0xe0 [ 21.429933] ? kasan_bitops_generic+0x92/0x1c0 [ 21.430014] kasan_bitops_generic+0x121/0x1c0 [ 21.430137] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.430260] ? __pfx_read_tsc+0x10/0x10 [ 21.430371] ? ktime_get_ts64+0x86/0x230 [ 21.430451] kunit_try_run_case+0x1a5/0x480 [ 21.430527] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.430599] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.430668] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.430793] ? __kthread_parkme+0x82/0x180 [ 21.430879] ? preempt_count_sub+0x50/0x80 [ 21.430961] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.431072] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.431155] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.431265] kthread+0x337/0x6f0 [ 21.431338] ? trace_preempt_on+0x20/0xc0 [ 21.431408] ? __pfx_kthread+0x10/0x10 [ 21.431518] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.431608] ? calculate_sigpending+0x7b/0xa0 [ 21.431690] ? __pfx_kthread+0x10/0x10 [ 21.431796] ret_from_fork+0x116/0x1d0 [ 21.431887] ? __pfx_kthread+0x10/0x10 [ 21.431954] ret_from_fork_asm+0x1a/0x30 [ 21.432036] </TASK> [ 21.432055] [ 21.448414] Allocated by task 288: [ 21.448755] kasan_save_stack+0x45/0x70 [ 21.449157] kasan_save_track+0x18/0x40 [ 21.449564] kasan_save_alloc_info+0x3b/0x50 [ 21.449951] __kasan_kmalloc+0xb7/0xc0 [ 21.450272] __kmalloc_cache_noprof+0x189/0x420 [ 21.450594] kasan_bitops_generic+0x92/0x1c0 [ 21.450944] kunit_try_run_case+0x1a5/0x480 [ 21.451419] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.451947] kthread+0x337/0x6f0 [ 21.452343] ret_from_fork+0x116/0x1d0 [ 21.452732] ret_from_fork_asm+0x1a/0x30 [ 21.453159] [ 21.453395] The buggy address belongs to the object at ffff888102264580 [ 21.453395] which belongs to the cache kmalloc-16 of size 16 [ 21.454193] The buggy address is located 8 bytes inside of [ 21.454193] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.454937] [ 21.455143] The buggy address belongs to the physical page: [ 21.455667] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.456397] flags: 0x200000000000000(node=0|zone=2) [ 21.456856] page_type: f5(slab) [ 21.457257] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.457703] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.458338] page dumped because: kasan: bad access detected [ 21.458754] [ 21.458969] Memory state around the buggy address: [ 21.459439] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.459977] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.460539] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.460960] ^ [ 21.461254] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.461673] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.462298] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 21.300791] ================================================================== [ 21.301480] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 21.302130] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.302678] [ 21.302941] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.303063] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.303099] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.303157] Call Trace: [ 21.303200] <TASK> [ 21.303289] dump_stack_lvl+0x73/0xb0 [ 21.303371] print_report+0xd1/0x650 [ 21.303444] ? __virt_addr_valid+0x1db/0x2d0 [ 21.303523] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 21.303612] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.303688] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 21.303769] kasan_report+0x141/0x180 [ 21.303859] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 21.303953] kasan_check_range+0x10c/0x1c0 [ 21.304022] __kasan_check_write+0x18/0x20 [ 21.304076] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 21.304149] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.304262] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.304344] ? trace_hardirqs_on+0x37/0xe0 [ 21.304416] ? kasan_bitops_generic+0x92/0x1c0 [ 21.304504] kasan_bitops_generic+0x116/0x1c0 [ 21.304583] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.304662] ? __pfx_read_tsc+0x10/0x10 [ 21.304725] ? ktime_get_ts64+0x86/0x230 [ 21.304803] kunit_try_run_case+0x1a5/0x480 [ 21.304901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.304970] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.305036] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.305113] ? __kthread_parkme+0x82/0x180 [ 21.305180] ? preempt_count_sub+0x50/0x80 [ 21.305303] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.305379] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.305451] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.305521] kthread+0x337/0x6f0 [ 21.305588] ? trace_preempt_on+0x20/0xc0 [ 21.305659] ? __pfx_kthread+0x10/0x10 [ 21.305727] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.305800] ? calculate_sigpending+0x7b/0xa0 [ 21.305887] ? __pfx_kthread+0x10/0x10 [ 21.305998] ret_from_fork+0x116/0x1d0 [ 21.306068] ? __pfx_kthread+0x10/0x10 [ 21.306140] ret_from_fork_asm+0x1a/0x30 [ 21.306276] </TASK> [ 21.306317] [ 21.319967] Allocated by task 288: [ 21.320358] kasan_save_stack+0x45/0x70 [ 21.320738] kasan_save_track+0x18/0x40 [ 21.321129] kasan_save_alloc_info+0x3b/0x50 [ 21.321586] __kasan_kmalloc+0xb7/0xc0 [ 21.321975] __kmalloc_cache_noprof+0x189/0x420 [ 21.322438] kasan_bitops_generic+0x92/0x1c0 [ 21.322860] kunit_try_run_case+0x1a5/0x480 [ 21.323335] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.323779] kthread+0x337/0x6f0 [ 21.324054] ret_from_fork+0x116/0x1d0 [ 21.324367] ret_from_fork_asm+0x1a/0x30 [ 21.324659] [ 21.324821] The buggy address belongs to the object at ffff888102264580 [ 21.324821] which belongs to the cache kmalloc-16 of size 16 [ 21.325774] The buggy address is located 8 bytes inside of [ 21.325774] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.326787] [ 21.327012] The buggy address belongs to the physical page: [ 21.327467] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.328002] flags: 0x200000000000000(node=0|zone=2) [ 21.328524] page_type: f5(slab) [ 21.328908] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.329611] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.330096] page dumped because: kasan: bad access detected [ 21.330483] [ 21.330640] Memory state around the buggy address: [ 21.331047] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.331688] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.332938] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.334181] ^ [ 21.335168] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.336612] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.337267] ================================================================== [ 21.178759] ================================================================== [ 21.179883] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 21.180626] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.182138] [ 21.182744] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.182884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.182922] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.182976] Call Trace: [ 21.183018] <TASK> [ 21.183056] dump_stack_lvl+0x73/0xb0 [ 21.183128] print_report+0xd1/0x650 [ 21.183199] ? __virt_addr_valid+0x1db/0x2d0 [ 21.184172] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 21.184312] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.184387] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 21.184449] kasan_report+0x141/0x180 [ 21.184483] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 21.184527] kasan_check_range+0x10c/0x1c0 [ 21.184560] __kasan_check_write+0x18/0x20 [ 21.184589] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 21.184625] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.184664] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.184701] ? trace_hardirqs_on+0x37/0xe0 [ 21.184736] ? kasan_bitops_generic+0x92/0x1c0 [ 21.184776] kasan_bitops_generic+0x116/0x1c0 [ 21.184810] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.184911] ? __pfx_read_tsc+0x10/0x10 [ 21.184982] ? ktime_get_ts64+0x86/0x230 [ 21.185446] kunit_try_run_case+0x1a5/0x480 [ 21.185656] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.185730] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.185799] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.185900] ? __kthread_parkme+0x82/0x180 [ 21.185968] ? preempt_count_sub+0x50/0x80 [ 21.186093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.186253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.186364] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.186494] kthread+0x337/0x6f0 [ 21.186545] ? trace_preempt_on+0x20/0xc0 [ 21.186610] ? __pfx_kthread+0x10/0x10 [ 21.186642] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.186681] ? calculate_sigpending+0x7b/0xa0 [ 21.186716] ? __pfx_kthread+0x10/0x10 [ 21.186746] ret_from_fork+0x116/0x1d0 [ 21.186773] ? __pfx_kthread+0x10/0x10 [ 21.186804] ret_from_fork_asm+0x1a/0x30 [ 21.186867] </TASK> [ 21.186883] [ 21.201866] Allocated by task 288: [ 21.202275] kasan_save_stack+0x45/0x70 [ 21.202688] kasan_save_track+0x18/0x40 [ 21.203115] kasan_save_alloc_info+0x3b/0x50 [ 21.203597] __kasan_kmalloc+0xb7/0xc0 [ 21.204515] __kmalloc_cache_noprof+0x189/0x420 [ 21.204918] kasan_bitops_generic+0x92/0x1c0 [ 21.205325] kunit_try_run_case+0x1a5/0x480 [ 21.205762] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.206712] kthread+0x337/0x6f0 [ 21.209274] ret_from_fork+0x116/0x1d0 [ 21.209518] ret_from_fork_asm+0x1a/0x30 [ 21.209748] [ 21.209895] The buggy address belongs to the object at ffff888102264580 [ 21.209895] which belongs to the cache kmalloc-16 of size 16 [ 21.210464] The buggy address is located 8 bytes inside of [ 21.210464] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.212269] [ 21.212435] The buggy address belongs to the physical page: [ 21.215482] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.216530] flags: 0x200000000000000(node=0|zone=2) [ 21.217050] page_type: f5(slab) [ 21.217428] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.217816] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.218282] page dumped because: kasan: bad access detected [ 21.218620] [ 21.218799] Memory state around the buggy address: [ 21.219168] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.219636] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.220206] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.220746] ^ [ 21.221030] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.221455] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.222821] ================================================================== [ 21.099800] ================================================================== [ 21.100530] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 21.101182] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.101852] [ 21.102094] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.102297] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.102334] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.102392] Call Trace: [ 21.102448] <TASK> [ 21.102522] dump_stack_lvl+0x73/0xb0 [ 21.102609] print_report+0xd1/0x650 [ 21.102684] ? __virt_addr_valid+0x1db/0x2d0 [ 21.102778] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 21.102899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.102970] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 21.103049] kasan_report+0x141/0x180 [ 21.103121] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 21.103196] kasan_check_range+0x10c/0x1c0 [ 21.103272] __kasan_check_write+0x18/0x20 [ 21.103304] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 21.103340] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.103379] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.103413] ? trace_hardirqs_on+0x37/0xe0 [ 21.103448] ? kasan_bitops_generic+0x92/0x1c0 [ 21.103487] kasan_bitops_generic+0x116/0x1c0 [ 21.103519] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.103566] ? __pfx_read_tsc+0x10/0x10 [ 21.103596] ? ktime_get_ts64+0x86/0x230 [ 21.103631] kunit_try_run_case+0x1a5/0x480 [ 21.103667] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.103698] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.103728] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.103766] ? __kthread_parkme+0x82/0x180 [ 21.103794] ? preempt_count_sub+0x50/0x80 [ 21.103844] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.103889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.103924] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.103958] kthread+0x337/0x6f0 [ 21.103987] ? trace_preempt_on+0x20/0xc0 [ 21.104019] ? __pfx_kthread+0x10/0x10 [ 21.104048] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.104083] ? calculate_sigpending+0x7b/0xa0 [ 21.104117] ? __pfx_kthread+0x10/0x10 [ 21.104148] ret_from_fork+0x116/0x1d0 [ 21.104173] ? __pfx_kthread+0x10/0x10 [ 21.104202] ret_from_fork_asm+0x1a/0x30 [ 21.104270] </TASK> [ 21.104286] [ 21.122714] Allocated by task 288: [ 21.123046] kasan_save_stack+0x45/0x70 [ 21.123524] kasan_save_track+0x18/0x40 [ 21.123969] kasan_save_alloc_info+0x3b/0x50 [ 21.124405] __kasan_kmalloc+0xb7/0xc0 [ 21.124729] __kmalloc_cache_noprof+0x189/0x420 [ 21.125185] kasan_bitops_generic+0x92/0x1c0 [ 21.125773] kunit_try_run_case+0x1a5/0x480 [ 21.126326] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.126853] kthread+0x337/0x6f0 [ 21.127336] ret_from_fork+0x116/0x1d0 [ 21.127750] ret_from_fork_asm+0x1a/0x30 [ 21.128258] [ 21.128546] The buggy address belongs to the object at ffff888102264580 [ 21.128546] which belongs to the cache kmalloc-16 of size 16 [ 21.129561] The buggy address is located 8 bytes inside of [ 21.129561] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.130638] [ 21.130820] The buggy address belongs to the physical page: [ 21.131429] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.132155] flags: 0x200000000000000(node=0|zone=2) [ 21.132752] page_type: f5(slab) [ 21.133114] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.133742] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.134250] page dumped because: kasan: bad access detected [ 21.134592] [ 21.134749] Memory state around the buggy address: [ 21.135255] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.135960] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.136762] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.137183] ^ [ 21.137556] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.138314] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.139044] ================================================================== [ 21.224819] ================================================================== [ 21.225423] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 21.225988] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.226878] [ 21.227055] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.227161] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.227191] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.227235] Call Trace: [ 21.227275] <TASK> [ 21.227314] dump_stack_lvl+0x73/0xb0 [ 21.227390] print_report+0xd1/0x650 [ 21.227461] ? __virt_addr_valid+0x1db/0x2d0 [ 21.227534] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 21.227629] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.227702] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 21.227785] kasan_report+0x141/0x180 [ 21.227914] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 21.228010] kasan_check_range+0x10c/0x1c0 [ 21.228088] __kasan_check_write+0x18/0x20 [ 21.228156] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 21.228277] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.228368] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.228444] ? trace_hardirqs_on+0x37/0xe0 [ 21.228520] ? kasan_bitops_generic+0x92/0x1c0 [ 21.228600] kasan_bitops_generic+0x116/0x1c0 [ 21.228668] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.228748] ? __pfx_read_tsc+0x10/0x10 [ 21.228816] ? ktime_get_ts64+0x86/0x230 [ 21.228910] kunit_try_run_case+0x1a5/0x480 [ 21.228986] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.229058] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.229128] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.229208] ? __kthread_parkme+0x82/0x180 [ 21.229319] ? preempt_count_sub+0x50/0x80 [ 21.229398] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.229471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.229588] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.229689] kthread+0x337/0x6f0 [ 21.229728] ? trace_preempt_on+0x20/0xc0 [ 21.229762] ? __pfx_kthread+0x10/0x10 [ 21.229791] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.229825] ? calculate_sigpending+0x7b/0xa0 [ 21.229917] ? __pfx_kthread+0x10/0x10 [ 21.229986] ret_from_fork+0x116/0x1d0 [ 21.230051] ? __pfx_kthread+0x10/0x10 [ 21.230118] ret_from_fork_asm+0x1a/0x30 [ 21.230210] </TASK> [ 21.230251] [ 21.249738] Allocated by task 288: [ 21.250094] kasan_save_stack+0x45/0x70 [ 21.250483] kasan_save_track+0x18/0x40 [ 21.250821] kasan_save_alloc_info+0x3b/0x50 [ 21.251209] __kasan_kmalloc+0xb7/0xc0 [ 21.251504] __kmalloc_cache_noprof+0x189/0x420 [ 21.251969] kasan_bitops_generic+0x92/0x1c0 [ 21.252426] kunit_try_run_case+0x1a5/0x480 [ 21.252854] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.253345] kthread+0x337/0x6f0 [ 21.253605] ret_from_fork+0x116/0x1d0 [ 21.253988] ret_from_fork_asm+0x1a/0x30 [ 21.254428] [ 21.254631] The buggy address belongs to the object at ffff888102264580 [ 21.254631] which belongs to the cache kmalloc-16 of size 16 [ 21.255460] The buggy address is located 8 bytes inside of [ 21.255460] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.256461] [ 21.256770] The buggy address belongs to the physical page: [ 21.257290] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.257985] flags: 0x200000000000000(node=0|zone=2) [ 21.258430] page_type: f5(slab) [ 21.258759] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.259389] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.260014] page dumped because: kasan: bad access detected [ 21.260468] [ 21.260639] Memory state around the buggy address: [ 21.261061] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.261646] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.262207] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.262716] ^ [ 21.262993] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.263550] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.264170] ================================================================== [ 21.265549] ================================================================== [ 21.266117] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 21.266784] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.267208] [ 21.267493] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.267627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.267664] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.267723] Call Trace: [ 21.267769] <TASK> [ 21.267812] dump_stack_lvl+0x73/0xb0 [ 21.267915] print_report+0xd1/0x650 [ 21.267989] ? __virt_addr_valid+0x1db/0x2d0 [ 21.268060] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 21.268135] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.268205] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 21.268319] kasan_report+0x141/0x180 [ 21.268376] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 21.268470] kasan_check_range+0x10c/0x1c0 [ 21.268549] __kasan_check_write+0x18/0x20 [ 21.268618] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 21.268701] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.268787] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.268878] ? trace_hardirqs_on+0x37/0xe0 [ 21.268951] ? kasan_bitops_generic+0x92/0x1c0 [ 21.269032] kasan_bitops_generic+0x116/0x1c0 [ 21.269107] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.269184] ? __pfx_read_tsc+0x10/0x10 [ 21.269289] ? ktime_get_ts64+0x86/0x230 [ 21.269375] kunit_try_run_case+0x1a5/0x480 [ 21.269451] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.269524] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.269596] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.269678] ? __kthread_parkme+0x82/0x180 [ 21.269748] ? preempt_count_sub+0x50/0x80 [ 21.269827] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.269924] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.269988] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.270045] kthread+0x337/0x6f0 [ 21.270111] ? trace_preempt_on+0x20/0xc0 [ 21.270184] ? __pfx_kthread+0x10/0x10 [ 21.270302] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.270381] ? calculate_sigpending+0x7b/0xa0 [ 21.270459] ? __pfx_kthread+0x10/0x10 [ 21.270525] ret_from_fork+0x116/0x1d0 [ 21.270589] ? __pfx_kthread+0x10/0x10 [ 21.270658] ret_from_fork_asm+0x1a/0x30 [ 21.270746] </TASK> [ 21.270783] [ 21.285310] Allocated by task 288: [ 21.285574] kasan_save_stack+0x45/0x70 [ 21.285886] kasan_save_track+0x18/0x40 [ 21.286172] kasan_save_alloc_info+0x3b/0x50 [ 21.286525] __kasan_kmalloc+0xb7/0xc0 [ 21.286894] __kmalloc_cache_noprof+0x189/0x420 [ 21.287414] kasan_bitops_generic+0x92/0x1c0 [ 21.287886] kunit_try_run_case+0x1a5/0x480 [ 21.288367] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.288902] kthread+0x337/0x6f0 [ 21.289303] ret_from_fork+0x116/0x1d0 [ 21.289706] ret_from_fork_asm+0x1a/0x30 [ 21.290058] [ 21.290278] The buggy address belongs to the object at ffff888102264580 [ 21.290278] which belongs to the cache kmalloc-16 of size 16 [ 21.291300] The buggy address is located 8 bytes inside of [ 21.291300] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.292096] [ 21.292313] The buggy address belongs to the physical page: [ 21.292645] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.293294] flags: 0x200000000000000(node=0|zone=2) [ 21.293735] page_type: f5(slab) [ 21.294095] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.294762] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.295430] page dumped because: kasan: bad access detected [ 21.295930] [ 21.296134] Memory state around the buggy address: [ 21.296539] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.297087] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.297558] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.298022] ^ [ 21.298405] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.299002] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.299615] ================================================================== [ 21.016938] ================================================================== [ 21.017822] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 21.018847] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.019820] [ 21.020096] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.020525] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.020547] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.020580] Call Trace: [ 21.020597] <TASK> [ 21.020619] dump_stack_lvl+0x73/0xb0 [ 21.020708] print_report+0xd1/0x650 [ 21.020821] ? __virt_addr_valid+0x1db/0x2d0 [ 21.020920] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 21.020994] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.021064] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 21.021115] kasan_report+0x141/0x180 [ 21.021150] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 21.021194] kasan_check_range+0x10c/0x1c0 [ 21.021270] __kasan_check_write+0x18/0x20 [ 21.021305] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 21.021343] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.021382] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.021420] ? trace_hardirqs_on+0x37/0xe0 [ 21.021452] ? kasan_bitops_generic+0x92/0x1c0 [ 21.021491] kasan_bitops_generic+0x116/0x1c0 [ 21.021526] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.021562] ? __pfx_read_tsc+0x10/0x10 [ 21.021593] ? ktime_get_ts64+0x86/0x230 [ 21.021627] kunit_try_run_case+0x1a5/0x480 [ 21.021662] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.021694] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.021724] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.021760] ? __kthread_parkme+0x82/0x180 [ 21.021789] ? preempt_count_sub+0x50/0x80 [ 21.021822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.021886] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.021919] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.021954] kthread+0x337/0x6f0 [ 21.021981] ? trace_preempt_on+0x20/0xc0 [ 21.022013] ? __pfx_kthread+0x10/0x10 [ 21.022042] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.022077] ? calculate_sigpending+0x7b/0xa0 [ 21.022113] ? __pfx_kthread+0x10/0x10 [ 21.022143] ret_from_fork+0x116/0x1d0 [ 21.022169] ? __pfx_kthread+0x10/0x10 [ 21.022197] ret_from_fork_asm+0x1a/0x30 [ 21.022274] </TASK> [ 21.022292] [ 21.037675] Allocated by task 288: [ 21.038471] kasan_save_stack+0x45/0x70 [ 21.038886] kasan_save_track+0x18/0x40 [ 21.039283] kasan_save_alloc_info+0x3b/0x50 [ 21.039706] __kasan_kmalloc+0xb7/0xc0 [ 21.040538] __kmalloc_cache_noprof+0x189/0x420 [ 21.041020] kasan_bitops_generic+0x92/0x1c0 [ 21.041514] kunit_try_run_case+0x1a5/0x480 [ 21.041950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.042508] kthread+0x337/0x6f0 [ 21.042828] ret_from_fork+0x116/0x1d0 [ 21.043243] ret_from_fork_asm+0x1a/0x30 [ 21.043535] [ 21.043698] The buggy address belongs to the object at ffff888102264580 [ 21.043698] which belongs to the cache kmalloc-16 of size 16 [ 21.044732] The buggy address is located 8 bytes inside of [ 21.044732] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.045770] [ 21.046028] The buggy address belongs to the physical page: [ 21.046559] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.047179] flags: 0x200000000000000(node=0|zone=2) [ 21.047563] page_type: f5(slab) [ 21.047821] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.048404] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.049123] page dumped because: kasan: bad access detected [ 21.050890] [ 21.051125] Memory state around the buggy address: [ 21.052009] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.052873] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.053495] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.054326] ^ [ 21.054769] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.055316] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.055907] ================================================================== [ 21.057518] ================================================================== [ 21.058183] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 21.058890] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.060182] [ 21.060701] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.061134] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.061175] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.061232] Call Trace: [ 21.061281] <TASK> [ 21.061329] dump_stack_lvl+0x73/0xb0 [ 21.061402] print_report+0xd1/0x650 [ 21.061440] ? __virt_addr_valid+0x1db/0x2d0 [ 21.061475] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 21.061512] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.061543] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 21.061580] kasan_report+0x141/0x180 [ 21.061612] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 21.061653] kasan_check_range+0x10c/0x1c0 [ 21.061687] __kasan_check_write+0x18/0x20 [ 21.061713] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 21.061750] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.061790] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.061824] ? trace_hardirqs_on+0x37/0xe0 [ 21.061888] ? kasan_bitops_generic+0x92/0x1c0 [ 21.061928] kasan_bitops_generic+0x116/0x1c0 [ 21.061964] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.062001] ? __pfx_read_tsc+0x10/0x10 [ 21.062032] ? ktime_get_ts64+0x86/0x230 [ 21.062066] kunit_try_run_case+0x1a5/0x480 [ 21.062101] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.062133] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.062161] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.062199] ? __kthread_parkme+0x82/0x180 [ 21.062276] ? preempt_count_sub+0x50/0x80 [ 21.062319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.062357] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.062391] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.062423] kthread+0x337/0x6f0 [ 21.062453] ? trace_preempt_on+0x20/0xc0 [ 21.062486] ? __pfx_kthread+0x10/0x10 [ 21.062518] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.062552] ? calculate_sigpending+0x7b/0xa0 [ 21.062587] ? __pfx_kthread+0x10/0x10 [ 21.062618] ret_from_fork+0x116/0x1d0 [ 21.062645] ? __pfx_kthread+0x10/0x10 [ 21.062673] ret_from_fork_asm+0x1a/0x30 [ 21.062714] </TASK> [ 21.062729] [ 21.079074] Allocated by task 288: [ 21.079469] kasan_save_stack+0x45/0x70 [ 21.079885] kasan_save_track+0x18/0x40 [ 21.080332] kasan_save_alloc_info+0x3b/0x50 [ 21.080758] __kasan_kmalloc+0xb7/0xc0 [ 21.081165] __kmalloc_cache_noprof+0x189/0x420 [ 21.081584] kasan_bitops_generic+0x92/0x1c0 [ 21.082019] kunit_try_run_case+0x1a5/0x480 [ 21.082521] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.083002] kthread+0x337/0x6f0 [ 21.083432] ret_from_fork+0x116/0x1d0 [ 21.083861] ret_from_fork_asm+0x1a/0x30 [ 21.084320] [ 21.084530] The buggy address belongs to the object at ffff888102264580 [ 21.084530] which belongs to the cache kmalloc-16 of size 16 [ 21.085538] The buggy address is located 8 bytes inside of [ 21.085538] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.086367] [ 21.086529] The buggy address belongs to the physical page: [ 21.087046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.087802] flags: 0x200000000000000(node=0|zone=2) [ 21.088259] page_type: f5(slab) [ 21.088521] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.089083] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.089787] page dumped because: kasan: bad access detected [ 21.090379] [ 21.090595] Memory state around the buggy address: [ 21.091039] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.091509] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.091957] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.092411] ^ [ 21.092771] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.093489] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.094143] ================================================================== [ 21.140205] ================================================================== [ 21.140923] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 21.141794] Write of size 8 at addr ffff888102264588 by task kunit_try_catch/288 [ 21.142296] [ 21.142509] CPU: 1 UID: 0 PID: 288 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 21.142619] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.142650] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.142698] Call Trace: [ 21.142735] <TASK> [ 21.142771] dump_stack_lvl+0x73/0xb0 [ 21.142853] print_report+0xd1/0x650 [ 21.142961] ? __virt_addr_valid+0x1db/0x2d0 [ 21.143038] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 21.143178] ? kasan_complete_mode_report_info+0x2a/0x200 [ 21.143321] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 21.143402] kasan_report+0x141/0x180 [ 21.143561] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 21.143646] kasan_check_range+0x10c/0x1c0 [ 21.143708] __kasan_check_write+0x18/0x20 [ 21.143776] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 21.143955] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 21.144120] ? __kmalloc_cache_noprof+0x189/0x420 [ 21.144197] ? trace_hardirqs_on+0x37/0xe0 [ 21.144314] ? kasan_bitops_generic+0x92/0x1c0 [ 21.144399] kasan_bitops_generic+0x116/0x1c0 [ 21.144472] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 21.144550] ? __pfx_read_tsc+0x10/0x10 [ 21.144612] ? ktime_get_ts64+0x86/0x230 [ 21.144692] kunit_try_run_case+0x1a5/0x480 [ 21.144767] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.144858] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 21.145018] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 21.145101] ? __kthread_parkme+0x82/0x180 [ 21.145174] ? preempt_count_sub+0x50/0x80 [ 21.145297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 21.145459] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.145538] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 21.145612] kthread+0x337/0x6f0 [ 21.145677] ? trace_preempt_on+0x20/0xc0 [ 21.145744] ? __pfx_kthread+0x10/0x10 [ 21.145801] ? _raw_spin_unlock_irq+0x47/0x80 [ 21.145861] ? calculate_sigpending+0x7b/0xa0 [ 21.145904] ? __pfx_kthread+0x10/0x10 [ 21.145936] ret_from_fork+0x116/0x1d0 [ 21.145963] ? __pfx_kthread+0x10/0x10 [ 21.145994] ret_from_fork_asm+0x1a/0x30 [ 21.146037] </TASK> [ 21.146052] [ 21.162401] Allocated by task 288: [ 21.162769] kasan_save_stack+0x45/0x70 [ 21.163179] kasan_save_track+0x18/0x40 [ 21.163674] kasan_save_alloc_info+0x3b/0x50 [ 21.164097] __kasan_kmalloc+0xb7/0xc0 [ 21.164544] __kmalloc_cache_noprof+0x189/0x420 [ 21.164881] kasan_bitops_generic+0x92/0x1c0 [ 21.165183] kunit_try_run_case+0x1a5/0x480 [ 21.165648] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.166159] kthread+0x337/0x6f0 [ 21.166625] ret_from_fork+0x116/0x1d0 [ 21.167062] ret_from_fork_asm+0x1a/0x30 [ 21.167499] [ 21.167757] The buggy address belongs to the object at ffff888102264580 [ 21.167757] which belongs to the cache kmalloc-16 of size 16 [ 21.168759] The buggy address is located 8 bytes inside of [ 21.168759] allocated 9-byte region [ffff888102264580, ffff888102264589) [ 21.169590] [ 21.169847] The buggy address belongs to the physical page: [ 21.170398] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 21.171016] flags: 0x200000000000000(node=0|zone=2) [ 21.171557] page_type: f5(slab) [ 21.171940] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 21.172619] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 21.173272] page dumped because: kasan: bad access detected [ 21.173771] [ 21.173991] Memory state around the buggy address: [ 21.174469] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.175074] ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 21.175693] >ffff888102264580: 00 01 fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.176115] ^ [ 21.176425] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.176873] ffff888102264680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 21.177595] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 20.961454] ================================================================== [ 20.961903] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 20.963106] Read of size 1 at addr ffff88810383f710 by task kunit_try_catch/286 [ 20.964393] [ 20.965106] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.965239] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.965275] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.965334] Call Trace: [ 20.965382] <TASK> [ 20.965430] dump_stack_lvl+0x73/0xb0 [ 20.965516] print_report+0xd1/0x650 [ 20.965586] ? __virt_addr_valid+0x1db/0x2d0 [ 20.965623] ? strnlen+0x73/0x80 [ 20.965651] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.965684] ? strnlen+0x73/0x80 [ 20.965712] kasan_report+0x141/0x180 [ 20.965741] ? strnlen+0x73/0x80 [ 20.965777] __asan_report_load1_noabort+0x18/0x20 [ 20.965811] strnlen+0x73/0x80 [ 20.965869] kasan_strings+0x615/0xe80 [ 20.965901] ? trace_hardirqs_on+0x37/0xe0 [ 20.965937] ? __pfx_kasan_strings+0x10/0x10 [ 20.965966] ? finish_task_switch.isra.0+0x153/0x700 [ 20.965999] ? __switch_to+0x47/0xf50 [ 20.966033] ? __schedule+0x10cc/0x2b60 [ 20.966060] ? __pfx_read_tsc+0x10/0x10 [ 20.966090] ? ktime_get_ts64+0x86/0x230 [ 20.966122] kunit_try_run_case+0x1a5/0x480 [ 20.966158] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.966190] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.966228] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.966309] ? __kthread_parkme+0x82/0x180 [ 20.966362] ? preempt_count_sub+0x50/0x80 [ 20.966395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.966429] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.966463] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.966496] kthread+0x337/0x6f0 [ 20.966524] ? trace_preempt_on+0x20/0xc0 [ 20.966556] ? __pfx_kthread+0x10/0x10 [ 20.966583] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.966618] ? calculate_sigpending+0x7b/0xa0 [ 20.966651] ? __pfx_kthread+0x10/0x10 [ 20.966679] ret_from_fork+0x116/0x1d0 [ 20.966705] ? __pfx_kthread+0x10/0x10 [ 20.966732] ret_from_fork_asm+0x1a/0x30 [ 20.966773] </TASK> [ 20.966787] [ 20.985939] Allocated by task 286: [ 20.986337] kasan_save_stack+0x45/0x70 [ 20.986754] kasan_save_track+0x18/0x40 [ 20.987589] kasan_save_alloc_info+0x3b/0x50 [ 20.987964] __kasan_kmalloc+0xb7/0xc0 [ 20.988930] __kmalloc_cache_noprof+0x189/0x420 [ 20.989626] kasan_strings+0xc0/0xe80 [ 20.990040] kunit_try_run_case+0x1a5/0x480 [ 20.990653] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.991587] kthread+0x337/0x6f0 [ 20.991946] ret_from_fork+0x116/0x1d0 [ 20.992664] ret_from_fork_asm+0x1a/0x30 [ 20.993077] [ 20.993291] Freed by task 286: [ 20.993559] kasan_save_stack+0x45/0x70 [ 20.993943] kasan_save_track+0x18/0x40 [ 20.994335] kasan_save_free_info+0x3f/0x60 [ 20.994740] __kasan_slab_free+0x56/0x70 [ 20.995361] kfree+0x222/0x3f0 [ 20.995626] kasan_strings+0x2aa/0xe80 [ 20.996003] kunit_try_run_case+0x1a5/0x480 [ 20.996904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.997589] kthread+0x337/0x6f0 [ 20.997931] ret_from_fork+0x116/0x1d0 [ 20.998544] ret_from_fork_asm+0x1a/0x30 [ 20.998942] [ 20.999114] The buggy address belongs to the object at ffff88810383f700 [ 20.999114] which belongs to the cache kmalloc-32 of size 32 [ 21.000259] The buggy address is located 16 bytes inside of [ 21.000259] freed 32-byte region [ffff88810383f700, ffff88810383f720) [ 21.001539] [ 21.001910] The buggy address belongs to the physical page: [ 21.002584] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383f [ 21.003293] flags: 0x200000000000000(node=0|zone=2) [ 21.003723] page_type: f5(slab) [ 21.004205] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 21.005081] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 21.005811] page dumped because: kasan: bad access detected [ 21.006370] [ 21.006720] Memory state around the buggy address: [ 21.007150] ffff88810383f600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 21.007930] ffff88810383f680: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 21.008571] >ffff88810383f700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 21.009618] ^ [ 21.009993] ffff88810383f780: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 21.010717] ffff88810383f800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 21.011448] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 20.902931] ================================================================== [ 20.903889] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 20.904510] Read of size 1 at addr ffff88810383f710 by task kunit_try_catch/286 [ 20.905385] [ 20.905665] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.905793] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.905851] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.905929] Call Trace: [ 20.906006] <TASK> [ 20.906054] dump_stack_lvl+0x73/0xb0 [ 20.906140] print_report+0xd1/0x650 [ 20.906216] ? __virt_addr_valid+0x1db/0x2d0 [ 20.906461] ? strlen+0x8f/0xb0 [ 20.906538] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.906610] ? strlen+0x8f/0xb0 [ 20.906676] kasan_report+0x141/0x180 [ 20.906750] ? strlen+0x8f/0xb0 [ 20.906871] __asan_report_load1_noabort+0x18/0x20 [ 20.906956] strlen+0x8f/0xb0 [ 20.907028] kasan_strings+0x57b/0xe80 [ 20.907095] ? trace_hardirqs_on+0x37/0xe0 [ 20.907171] ? __pfx_kasan_strings+0x10/0x10 [ 20.907266] ? finish_task_switch.isra.0+0x153/0x700 [ 20.907396] ? __switch_to+0x47/0xf50 [ 20.907485] ? __schedule+0x10cc/0x2b60 [ 20.907569] ? __pfx_read_tsc+0x10/0x10 [ 20.907642] ? ktime_get_ts64+0x86/0x230 [ 20.907715] kunit_try_run_case+0x1a5/0x480 [ 20.907752] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.907785] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.907817] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.907882] ? __kthread_parkme+0x82/0x180 [ 20.907912] ? preempt_count_sub+0x50/0x80 [ 20.907945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.907979] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.908012] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.908045] kthread+0x337/0x6f0 [ 20.908071] ? trace_preempt_on+0x20/0xc0 [ 20.908103] ? __pfx_kthread+0x10/0x10 [ 20.908132] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.908165] ? calculate_sigpending+0x7b/0xa0 [ 20.908200] ? __pfx_kthread+0x10/0x10 [ 20.908228] ret_from_fork+0x116/0x1d0 [ 20.908254] ? __pfx_kthread+0x10/0x10 [ 20.908282] ret_from_fork_asm+0x1a/0x30 [ 20.908323] </TASK> [ 20.908337] [ 20.928828] Allocated by task 286: [ 20.929166] kasan_save_stack+0x45/0x70 [ 20.929820] kasan_save_track+0x18/0x40 [ 20.930578] kasan_save_alloc_info+0x3b/0x50 [ 20.930906] __kasan_kmalloc+0xb7/0xc0 [ 20.931365] __kmalloc_cache_noprof+0x189/0x420 [ 20.931969] kasan_strings+0xc0/0xe80 [ 20.932524] kunit_try_run_case+0x1a5/0x480 [ 20.932998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.933452] kthread+0x337/0x6f0 [ 20.933908] ret_from_fork+0x116/0x1d0 [ 20.934307] ret_from_fork_asm+0x1a/0x30 [ 20.934638] [ 20.934858] Freed by task 286: [ 20.935153] kasan_save_stack+0x45/0x70 [ 20.935497] kasan_save_track+0x18/0x40 [ 20.936050] kasan_save_free_info+0x3f/0x60 [ 20.936466] __kasan_slab_free+0x56/0x70 [ 20.936858] kfree+0x222/0x3f0 [ 20.937113] kasan_strings+0x2aa/0xe80 [ 20.937433] kunit_try_run_case+0x1a5/0x480 [ 20.937704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.939006] kthread+0x337/0x6f0 [ 20.941276] ret_from_fork+0x116/0x1d0 [ 20.941623] ret_from_fork_asm+0x1a/0x30 [ 20.942037] [ 20.942520] The buggy address belongs to the object at ffff88810383f700 [ 20.942520] which belongs to the cache kmalloc-32 of size 32 [ 20.943803] The buggy address is located 16 bytes inside of [ 20.943803] freed 32-byte region [ffff88810383f700, ffff88810383f720) [ 20.944502] [ 20.944630] The buggy address belongs to the physical page: [ 20.946168] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383f [ 20.948976] flags: 0x200000000000000(node=0|zone=2) [ 20.950201] page_type: f5(slab) [ 20.950975] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 20.952879] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.954620] page dumped because: kasan: bad access detected [ 20.955070] [ 20.955234] Memory state around the buggy address: [ 20.955636] ffff88810383f600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.956245] ffff88810383f680: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.956887] >ffff88810383f700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.957488] ^ [ 20.957849] ffff88810383f780: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.959005] ffff88810383f800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.959639] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 20.851194] ================================================================== [ 20.852697] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 20.853638] Read of size 1 at addr ffff88810383f710 by task kunit_try_catch/286 [ 20.854635] [ 20.854822] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.855010] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.855050] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.855108] Call Trace: [ 20.855159] <TASK> [ 20.855210] dump_stack_lvl+0x73/0xb0 [ 20.855334] print_report+0xd1/0x650 [ 20.855414] ? __virt_addr_valid+0x1db/0x2d0 [ 20.855489] ? kasan_strings+0xcbc/0xe80 [ 20.855572] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.855650] ? kasan_strings+0xcbc/0xe80 [ 20.855729] kasan_report+0x141/0x180 [ 20.855808] ? kasan_strings+0xcbc/0xe80 [ 20.855899] __asan_report_load1_noabort+0x18/0x20 [ 20.855940] kasan_strings+0xcbc/0xe80 [ 20.855968] ? trace_hardirqs_on+0x37/0xe0 [ 20.856005] ? __pfx_kasan_strings+0x10/0x10 [ 20.856033] ? finish_task_switch.isra.0+0x153/0x700 [ 20.856065] ? __switch_to+0x47/0xf50 [ 20.856100] ? __schedule+0x10cc/0x2b60 [ 20.856128] ? __pfx_read_tsc+0x10/0x10 [ 20.856158] ? ktime_get_ts64+0x86/0x230 [ 20.856192] kunit_try_run_case+0x1a5/0x480 [ 20.856247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.856320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.856371] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.856409] ? __kthread_parkme+0x82/0x180 [ 20.856437] ? preempt_count_sub+0x50/0x80 [ 20.856471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.856505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.856535] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.856568] kthread+0x337/0x6f0 [ 20.856595] ? trace_preempt_on+0x20/0xc0 [ 20.856627] ? __pfx_kthread+0x10/0x10 [ 20.856655] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.856687] ? calculate_sigpending+0x7b/0xa0 [ 20.856721] ? __pfx_kthread+0x10/0x10 [ 20.856750] ret_from_fork+0x116/0x1d0 [ 20.856774] ? __pfx_kthread+0x10/0x10 [ 20.856803] ret_from_fork_asm+0x1a/0x30 [ 20.856898] </TASK> [ 20.856916] [ 20.875733] Allocated by task 286: [ 20.876167] kasan_save_stack+0x45/0x70 [ 20.876720] kasan_save_track+0x18/0x40 [ 20.877450] kasan_save_alloc_info+0x3b/0x50 [ 20.877961] __kasan_kmalloc+0xb7/0xc0 [ 20.878546] __kmalloc_cache_noprof+0x189/0x420 [ 20.879050] kasan_strings+0xc0/0xe80 [ 20.879949] kunit_try_run_case+0x1a5/0x480 [ 20.880552] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.881156] kthread+0x337/0x6f0 [ 20.881620] ret_from_fork+0x116/0x1d0 [ 20.882082] ret_from_fork_asm+0x1a/0x30 [ 20.882655] [ 20.882962] Freed by task 286: [ 20.883252] kasan_save_stack+0x45/0x70 [ 20.884146] kasan_save_track+0x18/0x40 [ 20.884615] kasan_save_free_info+0x3f/0x60 [ 20.885042] __kasan_slab_free+0x56/0x70 [ 20.885618] kfree+0x222/0x3f0 [ 20.885935] kasan_strings+0x2aa/0xe80 [ 20.886522] kunit_try_run_case+0x1a5/0x480 [ 20.887019] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.888015] kthread+0x337/0x6f0 [ 20.888585] ret_from_fork+0x116/0x1d0 [ 20.888987] ret_from_fork_asm+0x1a/0x30 [ 20.889585] [ 20.889788] The buggy address belongs to the object at ffff88810383f700 [ 20.889788] which belongs to the cache kmalloc-32 of size 32 [ 20.890898] The buggy address is located 16 bytes inside of [ 20.890898] freed 32-byte region [ffff88810383f700, ffff88810383f720) [ 20.892195] [ 20.892421] The buggy address belongs to the physical page: [ 20.893167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383f [ 20.893901] flags: 0x200000000000000(node=0|zone=2) [ 20.894555] page_type: f5(slab) [ 20.894820] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 20.896024] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.896588] page dumped because: kasan: bad access detected [ 20.897055] [ 20.897248] Memory state around the buggy address: [ 20.897645] ffff88810383f600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.898462] ffff88810383f680: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.898926] >ffff88810383f700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.899910] ^ [ 20.900404] ffff88810383f780: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.901009] ffff88810383f800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.901685] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 20.799113] ================================================================== [ 20.801709] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 20.802243] Read of size 1 at addr ffff88810383f710 by task kunit_try_catch/286 [ 20.803059] [ 20.803349] CPU: 1 UID: 0 PID: 286 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.803648] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.803692] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.803753] Call Trace: [ 20.803776] <TASK> [ 20.803800] dump_stack_lvl+0x73/0xb0 [ 20.803869] print_report+0xd1/0x650 [ 20.803944] ? __virt_addr_valid+0x1db/0x2d0 [ 20.804017] ? strcmp+0xb0/0xc0 [ 20.804109] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.804211] ? strcmp+0xb0/0xc0 [ 20.804284] kasan_report+0x141/0x180 [ 20.804401] ? strcmp+0xb0/0xc0 [ 20.804486] __asan_report_load1_noabort+0x18/0x20 [ 20.804558] strcmp+0xb0/0xc0 [ 20.804630] kasan_strings+0x431/0xe80 [ 20.804701] ? trace_hardirqs_on+0x37/0xe0 [ 20.804786] ? __pfx_kasan_strings+0x10/0x10 [ 20.804876] ? finish_task_switch.isra.0+0x153/0x700 [ 20.804949] ? __switch_to+0x47/0xf50 [ 20.804990] ? __schedule+0x10cc/0x2b60 [ 20.805022] ? __pfx_read_tsc+0x10/0x10 [ 20.805052] ? ktime_get_ts64+0x86/0x230 [ 20.805087] kunit_try_run_case+0x1a5/0x480 [ 20.805122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.805155] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.805183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.805232] ? __kthread_parkme+0x82/0x180 [ 20.805306] ? preempt_count_sub+0x50/0x80 [ 20.805366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.805403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.805439] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.805473] kthread+0x337/0x6f0 [ 20.805502] ? trace_preempt_on+0x20/0xc0 [ 20.805534] ? __pfx_kthread+0x10/0x10 [ 20.805562] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.805598] ? calculate_sigpending+0x7b/0xa0 [ 20.805635] ? __pfx_kthread+0x10/0x10 [ 20.805667] ret_from_fork+0x116/0x1d0 [ 20.805694] ? __pfx_kthread+0x10/0x10 [ 20.805724] ret_from_fork_asm+0x1a/0x30 [ 20.805767] </TASK> [ 20.805783] [ 20.823489] Allocated by task 286: [ 20.823888] kasan_save_stack+0x45/0x70 [ 20.824322] kasan_save_track+0x18/0x40 [ 20.824703] kasan_save_alloc_info+0x3b/0x50 [ 20.825500] __kasan_kmalloc+0xb7/0xc0 [ 20.825957] __kmalloc_cache_noprof+0x189/0x420 [ 20.826802] kasan_strings+0xc0/0xe80 [ 20.827449] kunit_try_run_case+0x1a5/0x480 [ 20.827904] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.828692] kthread+0x337/0x6f0 [ 20.829072] ret_from_fork+0x116/0x1d0 [ 20.829620] ret_from_fork_asm+0x1a/0x30 [ 20.830087] [ 20.830326] Freed by task 286: [ 20.830649] kasan_save_stack+0x45/0x70 [ 20.831447] kasan_save_track+0x18/0x40 [ 20.832003] kasan_save_free_info+0x3f/0x60 [ 20.832443] __kasan_slab_free+0x56/0x70 [ 20.832806] kfree+0x222/0x3f0 [ 20.833164] kasan_strings+0x2aa/0xe80 [ 20.833530] kunit_try_run_case+0x1a5/0x480 [ 20.834148] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.834580] kthread+0x337/0x6f0 [ 20.834912] ret_from_fork+0x116/0x1d0 [ 20.835264] ret_from_fork_asm+0x1a/0x30 [ 20.835634] [ 20.835818] The buggy address belongs to the object at ffff88810383f700 [ 20.835818] which belongs to the cache kmalloc-32 of size 32 [ 20.838462] The buggy address is located 16 bytes inside of [ 20.838462] freed 32-byte region [ffff88810383f700, ffff88810383f720) [ 20.840178] [ 20.840646] The buggy address belongs to the physical page: [ 20.841193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383f [ 20.841455] flags: 0x200000000000000(node=0|zone=2) [ 20.841629] page_type: f5(slab) [ 20.841762] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 20.843588] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.844341] page dumped because: kasan: bad access detected [ 20.844789] [ 20.844973] Memory state around the buggy address: [ 20.845403] ffff88810383f600: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.846141] ffff88810383f680: 00 00 00 fc fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.846768] >ffff88810383f700: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.847725] ^ [ 20.848128] ffff88810383f780: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.848794] ffff88810383f800: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 20.849557] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 20.748400] ================================================================== [ 20.749136] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 20.749598] Read of size 1 at addr ffff88810383f5d8 by task kunit_try_catch/284 [ 20.750307] [ 20.750723] CPU: 1 UID: 0 PID: 284 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.750872] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.750915] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.750975] Call Trace: [ 20.751013] <TASK> [ 20.751059] dump_stack_lvl+0x73/0xb0 [ 20.751138] print_report+0xd1/0x650 [ 20.751212] ? __virt_addr_valid+0x1db/0x2d0 [ 20.751285] ? memcmp+0x1b4/0x1d0 [ 20.751351] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.751421] ? memcmp+0x1b4/0x1d0 [ 20.751492] kasan_report+0x141/0x180 [ 20.751580] ? memcmp+0x1b4/0x1d0 [ 20.751658] __asan_report_load1_noabort+0x18/0x20 [ 20.751739] memcmp+0x1b4/0x1d0 [ 20.751811] kasan_memcmp+0x18f/0x390 [ 20.751905] ? trace_hardirqs_on+0x37/0xe0 [ 20.751982] ? __pfx_kasan_memcmp+0x10/0x10 [ 20.752047] ? finish_task_switch.isra.0+0x153/0x700 [ 20.752096] ? __switch_to+0x47/0xf50 [ 20.752139] ? __pfx_read_tsc+0x10/0x10 [ 20.752171] ? ktime_get_ts64+0x86/0x230 [ 20.752207] kunit_try_run_case+0x1a5/0x480 [ 20.752305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.752375] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.752410] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.752448] ? __kthread_parkme+0x82/0x180 [ 20.752476] ? preempt_count_sub+0x50/0x80 [ 20.752509] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.752543] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.752576] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.752608] kthread+0x337/0x6f0 [ 20.752636] ? trace_preempt_on+0x20/0xc0 [ 20.752668] ? __pfx_kthread+0x10/0x10 [ 20.752695] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.752729] ? calculate_sigpending+0x7b/0xa0 [ 20.752762] ? __pfx_kthread+0x10/0x10 [ 20.752791] ret_from_fork+0x116/0x1d0 [ 20.752817] ? __pfx_kthread+0x10/0x10 [ 20.752877] ret_from_fork_asm+0x1a/0x30 [ 20.752920] </TASK> [ 20.752937] [ 20.767824] Allocated by task 284: [ 20.768143] kasan_save_stack+0x45/0x70 [ 20.768749] kasan_save_track+0x18/0x40 [ 20.769336] kasan_save_alloc_info+0x3b/0x50 [ 20.769788] __kasan_kmalloc+0xb7/0xc0 [ 20.770183] __kmalloc_cache_noprof+0x189/0x420 [ 20.770868] kasan_memcmp+0xb7/0x390 [ 20.771211] kunit_try_run_case+0x1a5/0x480 [ 20.771753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.772422] kthread+0x337/0x6f0 [ 20.772797] ret_from_fork+0x116/0x1d0 [ 20.773249] ret_from_fork_asm+0x1a/0x30 [ 20.773646] [ 20.773856] The buggy address belongs to the object at ffff88810383f5c0 [ 20.773856] which belongs to the cache kmalloc-32 of size 32 [ 20.774977] The buggy address is located 0 bytes to the right of [ 20.774977] allocated 24-byte region [ffff88810383f5c0, ffff88810383f5d8) [ 20.776165] [ 20.776546] The buggy address belongs to the physical page: [ 20.777053] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383f [ 20.777911] flags: 0x200000000000000(node=0|zone=2) [ 20.778305] page_type: f5(slab) [ 20.778703] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 20.779512] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 20.780202] page dumped because: kasan: bad access detected [ 20.780890] [ 20.781110] Memory state around the buggy address: [ 20.781771] ffff88810383f480: fa fb fb fb fc fc fc fc 00 00 07 fc fc fc fc fc [ 20.782544] ffff88810383f500: 00 00 00 fc fc fc fc fc 00 00 00 04 fc fc fc fc [ 20.783187] >ffff88810383f580: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 20.783916] ^ [ 20.784647] ffff88810383f600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.785232] ffff88810383f680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.785988] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 20.702588] ================================================================== [ 20.703392] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 20.704243] Read of size 1 at addr ffff888103ad7c4a by task kunit_try_catch/280 [ 20.705495] [ 20.705729] CPU: 1 UID: 0 PID: 280 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.705877] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.705917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.705975] Call Trace: [ 20.706018] <TASK> [ 20.706068] dump_stack_lvl+0x73/0xb0 [ 20.706154] print_report+0xd1/0x650 [ 20.706234] ? __virt_addr_valid+0x1db/0x2d0 [ 20.706315] ? kasan_alloca_oob_right+0x329/0x390 [ 20.706388] ? kasan_addr_to_slab+0x11/0xa0 [ 20.706460] ? kasan_alloca_oob_right+0x329/0x390 [ 20.706541] kasan_report+0x141/0x180 [ 20.706620] ? kasan_alloca_oob_right+0x329/0x390 [ 20.706708] __asan_report_load1_noabort+0x18/0x20 [ 20.706790] kasan_alloca_oob_right+0x329/0x390 [ 20.706873] ? __kasan_check_write+0x18/0x20 [ 20.706907] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.706940] ? irqentry_exit+0x2a/0x60 [ 20.706969] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.707001] ? trace_hardirqs_on+0x37/0xe0 [ 20.707038] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 20.707075] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 20.707111] kunit_try_run_case+0x1a5/0x480 [ 20.707146] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.707178] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.707207] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.707282] ? __kthread_parkme+0x82/0x180 [ 20.707351] ? preempt_count_sub+0x50/0x80 [ 20.707388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.707424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.707457] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.707490] kthread+0x337/0x6f0 [ 20.707517] ? trace_preempt_on+0x20/0xc0 [ 20.707560] ? __pfx_kthread+0x10/0x10 [ 20.707588] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.707623] ? calculate_sigpending+0x7b/0xa0 [ 20.707658] ? __pfx_kthread+0x10/0x10 [ 20.707687] ret_from_fork+0x116/0x1d0 [ 20.707714] ? __pfx_kthread+0x10/0x10 [ 20.707742] ret_from_fork_asm+0x1a/0x30 [ 20.707784] </TASK> [ 20.707799] [ 20.723565] The buggy address belongs to stack of task kunit_try_catch/280 [ 20.724238] [ 20.724542] The buggy address belongs to the physical page: [ 20.725099] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad7 [ 20.726426] flags: 0x200000000000000(node=0|zone=2) [ 20.726967] raw: 0200000000000000 ffffea00040eb5c8 ffffea00040eb5c8 0000000000000000 [ 20.728966] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 20.730341] page dumped because: kasan: bad access detected [ 20.731099] [ 20.731668] Memory state around the buggy address: [ 20.732055] ffff888103ad7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.733251] ffff888103ad7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.734211] >ffff888103ad7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 20.734982] ^ [ 20.735568] ffff888103ad7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 20.736091] ffff888103ad7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 20.736939] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 17.637921] ================================================================== [ 17.639135] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 17.639961] Write of size 1 at addr ffff88810395a0da by task kunit_try_catch/189 [ 17.640390] [ 17.640590] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.640711] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.640748] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.640804] Call Trace: [ 17.640857] <TASK> [ 17.640906] dump_stack_lvl+0x73/0xb0 [ 17.640987] print_report+0xd1/0x650 [ 17.641060] ? __virt_addr_valid+0x1db/0x2d0 [ 17.641135] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 17.641203] ? kasan_addr_to_slab+0x11/0xa0 [ 17.641276] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 17.641353] kasan_report+0x141/0x180 [ 17.641429] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 17.641594] __asan_report_store1_noabort+0x1b/0x30 [ 17.641674] krealloc_less_oob_helper+0xec6/0x11d0 [ 17.641751] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.641824] ? finish_task_switch.isra.0+0x153/0x700 [ 17.641914] ? __switch_to+0x47/0xf50 [ 17.641991] ? __schedule+0x10cc/0x2b60 [ 17.642056] ? __pfx_read_tsc+0x10/0x10 [ 17.642112] krealloc_large_less_oob+0x1c/0x30 [ 17.642147] kunit_try_run_case+0x1a5/0x480 [ 17.642181] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.642211] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.642294] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.642376] ? __kthread_parkme+0x82/0x180 [ 17.642408] ? preempt_count_sub+0x50/0x80 [ 17.642439] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.642471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.642503] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.642535] kthread+0x337/0x6f0 [ 17.642561] ? trace_preempt_on+0x20/0xc0 [ 17.642593] ? __pfx_kthread+0x10/0x10 [ 17.642621] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.642653] ? calculate_sigpending+0x7b/0xa0 [ 17.642687] ? __pfx_kthread+0x10/0x10 [ 17.642715] ret_from_fork+0x116/0x1d0 [ 17.642741] ? __pfx_kthread+0x10/0x10 [ 17.642769] ret_from_fork_asm+0x1a/0x30 [ 17.642808] </TASK> [ 17.642822] [ 17.661726] The buggy address belongs to the physical page: [ 17.662274] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.663105] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.664541] flags: 0x200000000000040(head|node=0|zone=2) [ 17.665107] page_type: f8(unknown) [ 17.665568] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.666347] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.666974] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.667794] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.668789] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.669477] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.670205] page dumped because: kasan: bad access detected [ 17.670787] [ 17.670985] Memory state around the buggy address: [ 17.671578] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.672150] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.672880] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.673861] ^ [ 17.674484] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.675040] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.675751] ================================================================== [ 17.677122] ================================================================== [ 17.677919] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 17.678663] Write of size 1 at addr ffff88810395a0ea by task kunit_try_catch/189 [ 17.679439] [ 17.679741] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.679878] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.679916] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.679995] Call Trace: [ 17.680058] <TASK> [ 17.680108] dump_stack_lvl+0x73/0xb0 [ 17.680192] print_report+0xd1/0x650 [ 17.680454] ? __virt_addr_valid+0x1db/0x2d0 [ 17.680529] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 17.680602] ? kasan_addr_to_slab+0x11/0xa0 [ 17.680690] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 17.680792] kasan_report+0x141/0x180 [ 17.680886] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 17.680971] __asan_report_store1_noabort+0x1b/0x30 [ 17.681095] krealloc_less_oob_helper+0xe90/0x11d0 [ 17.681177] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.681349] ? finish_task_switch.isra.0+0x153/0x700 [ 17.681392] ? __switch_to+0x47/0xf50 [ 17.681426] ? __schedule+0x10cc/0x2b60 [ 17.681452] ? __pfx_read_tsc+0x10/0x10 [ 17.681484] krealloc_large_less_oob+0x1c/0x30 [ 17.681517] kunit_try_run_case+0x1a5/0x480 [ 17.681550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.681582] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.681610] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.681644] ? __kthread_parkme+0x82/0x180 [ 17.681670] ? preempt_count_sub+0x50/0x80 [ 17.681700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.681731] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.681761] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.681792] kthread+0x337/0x6f0 [ 17.681817] ? trace_preempt_on+0x20/0xc0 [ 17.681875] ? __pfx_kthread+0x10/0x10 [ 17.681905] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.681938] ? calculate_sigpending+0x7b/0xa0 [ 17.681970] ? __pfx_kthread+0x10/0x10 [ 17.681998] ret_from_fork+0x116/0x1d0 [ 17.682022] ? __pfx_kthread+0x10/0x10 [ 17.682049] ret_from_fork_asm+0x1a/0x30 [ 17.682090] </TASK> [ 17.682105] [ 17.700483] The buggy address belongs to the physical page: [ 17.700982] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.702416] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.703037] flags: 0x200000000000040(head|node=0|zone=2) [ 17.703768] page_type: f8(unknown) [ 17.704371] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.705073] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.706000] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.707069] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.707902] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.708706] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.709470] page dumped because: kasan: bad access detected [ 17.709967] [ 17.710232] Memory state around the buggy address: [ 17.711177] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.712426] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.713261] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.714238] ^ [ 17.714960] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.715661] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.716309] ================================================================== [ 17.407782] ================================================================== [ 17.409198] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 17.410026] Write of size 1 at addr ffff888103908aeb by task kunit_try_catch/185 [ 17.410615] [ 17.410867] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.411133] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.411173] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.411314] Call Trace: [ 17.411362] <TASK> [ 17.411403] dump_stack_lvl+0x73/0xb0 [ 17.411481] print_report+0xd1/0x650 [ 17.411558] ? __virt_addr_valid+0x1db/0x2d0 [ 17.411628] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 17.411699] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.411769] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 17.411829] kasan_report+0x141/0x180 [ 17.411886] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 17.411929] __asan_report_store1_noabort+0x1b/0x30 [ 17.411965] krealloc_less_oob_helper+0xd47/0x11d0 [ 17.412000] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.412033] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.412069] ? __pfx_krealloc_less_oob+0x10/0x10 [ 17.412104] krealloc_less_oob+0x1c/0x30 [ 17.412133] kunit_try_run_case+0x1a5/0x480 [ 17.412166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.412197] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.412265] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.412307] ? __kthread_parkme+0x82/0x180 [ 17.412334] ? preempt_count_sub+0x50/0x80 [ 17.412366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.412398] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.412430] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.412461] kthread+0x337/0x6f0 [ 17.412487] ? trace_preempt_on+0x20/0xc0 [ 17.412519] ? __pfx_kthread+0x10/0x10 [ 17.412546] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.412578] ? calculate_sigpending+0x7b/0xa0 [ 17.412611] ? __pfx_kthread+0x10/0x10 [ 17.412640] ret_from_fork+0x116/0x1d0 [ 17.412664] ? __pfx_kthread+0x10/0x10 [ 17.412692] ret_from_fork_asm+0x1a/0x30 [ 17.412732] </TASK> [ 17.412745] [ 17.426806] Allocated by task 185: [ 17.427130] kasan_save_stack+0x45/0x70 [ 17.427587] kasan_save_track+0x18/0x40 [ 17.427979] kasan_save_alloc_info+0x3b/0x50 [ 17.428460] __kasan_krealloc+0x190/0x1f0 [ 17.428920] krealloc_noprof+0xf3/0x340 [ 17.429322] krealloc_less_oob_helper+0x1aa/0x11d0 [ 17.429763] krealloc_less_oob+0x1c/0x30 [ 17.430187] kunit_try_run_case+0x1a5/0x480 [ 17.430672] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.431266] kthread+0x337/0x6f0 [ 17.431634] ret_from_fork+0x116/0x1d0 [ 17.432041] ret_from_fork_asm+0x1a/0x30 [ 17.432509] [ 17.432710] The buggy address belongs to the object at ffff888103908a00 [ 17.432710] which belongs to the cache kmalloc-256 of size 256 [ 17.433623] The buggy address is located 34 bytes to the right of [ 17.433623] allocated 201-byte region [ffff888103908a00, ffff888103908ac9) [ 17.434664] [ 17.434896] The buggy address belongs to the physical page: [ 17.435450] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.436090] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.436762] flags: 0x200000000000040(head|node=0|zone=2) [ 17.437306] page_type: f5(slab) [ 17.437672] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.438347] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.438891] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.439627] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.440154] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.440821] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.441605] page dumped because: kasan: bad access detected [ 17.442117] [ 17.442375] Memory state around the buggy address: [ 17.442852] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.443548] ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.444052] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.444560] ^ [ 17.445160] ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.445818] ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.446490] ================================================================== [ 17.321942] ================================================================== [ 17.322573] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 17.323590] Write of size 1 at addr ffff888103908ada by task kunit_try_catch/185 [ 17.324190] [ 17.324448] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.324569] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.324605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.324662] Call Trace: [ 17.324698] <TASK> [ 17.324743] dump_stack_lvl+0x73/0xb0 [ 17.324818] print_report+0xd1/0x650 [ 17.324910] ? __virt_addr_valid+0x1db/0x2d0 [ 17.324981] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 17.325057] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.325128] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 17.325206] kasan_report+0x141/0x180 [ 17.325278] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 17.325399] __asan_report_store1_noabort+0x1b/0x30 [ 17.325465] krealloc_less_oob_helper+0xec6/0x11d0 [ 17.325515] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.325548] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.325585] ? __pfx_krealloc_less_oob+0x10/0x10 [ 17.325621] krealloc_less_oob+0x1c/0x30 [ 17.325650] kunit_try_run_case+0x1a5/0x480 [ 17.325684] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.325715] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.325743] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.325779] ? __kthread_parkme+0x82/0x180 [ 17.325806] ? preempt_count_sub+0x50/0x80 [ 17.325862] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.325898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.325930] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.325962] kthread+0x337/0x6f0 [ 17.325989] ? trace_preempt_on+0x20/0xc0 [ 17.326022] ? __pfx_kthread+0x10/0x10 [ 17.326050] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.326083] ? calculate_sigpending+0x7b/0xa0 [ 17.326117] ? __pfx_kthread+0x10/0x10 [ 17.326146] ret_from_fork+0x116/0x1d0 [ 17.326171] ? __pfx_kthread+0x10/0x10 [ 17.326200] ret_from_fork_asm+0x1a/0x30 [ 17.326276] </TASK> [ 17.326293] [ 17.341733] Allocated by task 185: [ 17.342148] kasan_save_stack+0x45/0x70 [ 17.342644] kasan_save_track+0x18/0x40 [ 17.343068] kasan_save_alloc_info+0x3b/0x50 [ 17.343546] __kasan_krealloc+0x190/0x1f0 [ 17.344037] krealloc_noprof+0xf3/0x340 [ 17.344491] krealloc_less_oob_helper+0x1aa/0x11d0 [ 17.344994] krealloc_less_oob+0x1c/0x30 [ 17.345457] kunit_try_run_case+0x1a5/0x480 [ 17.345883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.346396] kthread+0x337/0x6f0 [ 17.346760] ret_from_fork+0x116/0x1d0 [ 17.347150] ret_from_fork_asm+0x1a/0x30 [ 17.347609] [ 17.347813] The buggy address belongs to the object at ffff888103908a00 [ 17.347813] which belongs to the cache kmalloc-256 of size 256 [ 17.348823] The buggy address is located 17 bytes to the right of [ 17.348823] allocated 201-byte region [ffff888103908a00, ffff888103908ac9) [ 17.349924] [ 17.350136] The buggy address belongs to the physical page: [ 17.350625] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.351448] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.352110] flags: 0x200000000000040(head|node=0|zone=2) [ 17.352655] page_type: f5(slab) [ 17.353087] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.353818] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.354493] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.355171] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.356035] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.356814] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.357549] page dumped because: kasan: bad access detected [ 17.358059] [ 17.358312] Memory state around the buggy address: [ 17.358664] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.359171] ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.359904] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.360644] ^ [ 17.361329] ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.361892] ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.362573] ================================================================== [ 17.599798] ================================================================== [ 17.600514] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 17.601133] Write of size 1 at addr ffff88810395a0d0 by task kunit_try_catch/189 [ 17.601868] [ 17.602117] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.602240] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.602277] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.602334] Call Trace: [ 17.602369] <TASK> [ 17.602415] dump_stack_lvl+0x73/0xb0 [ 17.602495] print_report+0xd1/0x650 [ 17.602572] ? __virt_addr_valid+0x1db/0x2d0 [ 17.602643] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 17.602719] ? kasan_addr_to_slab+0x11/0xa0 [ 17.602787] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 17.602894] kasan_report+0x141/0x180 [ 17.602976] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 17.603061] __asan_report_store1_noabort+0x1b/0x30 [ 17.603141] krealloc_less_oob_helper+0xe23/0x11d0 [ 17.603222] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.603302] ? finish_task_switch.isra.0+0x153/0x700 [ 17.603376] ? __switch_to+0x47/0xf50 [ 17.603451] ? __schedule+0x10cc/0x2b60 [ 17.603517] ? __pfx_read_tsc+0x10/0x10 [ 17.603604] krealloc_large_less_oob+0x1c/0x30 [ 17.603678] kunit_try_run_case+0x1a5/0x480 [ 17.603754] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.603824] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.603911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.603991] ? __kthread_parkme+0x82/0x180 [ 17.604060] ? preempt_count_sub+0x50/0x80 [ 17.604136] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.604206] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.604281] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.604357] kthread+0x337/0x6f0 [ 17.604419] ? trace_preempt_on+0x20/0xc0 [ 17.604455] ? __pfx_kthread+0x10/0x10 [ 17.604483] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.604515] ? calculate_sigpending+0x7b/0xa0 [ 17.604548] ? __pfx_kthread+0x10/0x10 [ 17.604578] ret_from_fork+0x116/0x1d0 [ 17.604603] ? __pfx_kthread+0x10/0x10 [ 17.604630] ret_from_fork_asm+0x1a/0x30 [ 17.604672] </TASK> [ 17.604686] [ 17.621852] The buggy address belongs to the physical page: [ 17.622542] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.623147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.624006] flags: 0x200000000000040(head|node=0|zone=2) [ 17.624607] page_type: f8(unknown) [ 17.624908] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.625757] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.626809] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.627648] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.628160] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.629004] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.629790] page dumped because: kasan: bad access detected [ 17.630250] [ 17.630404] Memory state around the buggy address: [ 17.630827] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.632088] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.632800] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.633574] ^ [ 17.634125] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.635487] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.636209] ================================================================== [ 17.558118] ================================================================== [ 17.559425] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 17.560236] Write of size 1 at addr ffff88810395a0c9 by task kunit_try_catch/189 [ 17.560771] [ 17.561016] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.561140] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.561177] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.561234] Call Trace: [ 17.561272] <TASK> [ 17.561318] dump_stack_lvl+0x73/0xb0 [ 17.561405] print_report+0xd1/0x650 [ 17.561480] ? __virt_addr_valid+0x1db/0x2d0 [ 17.561550] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 17.561624] ? kasan_addr_to_slab+0x11/0xa0 [ 17.561692] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 17.561766] kasan_report+0x141/0x180 [ 17.561956] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 17.562051] __asan_report_store1_noabort+0x1b/0x30 [ 17.562127] krealloc_less_oob_helper+0xd70/0x11d0 [ 17.562210] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.562388] ? finish_task_switch.isra.0+0x153/0x700 [ 17.562463] ? __switch_to+0x47/0xf50 [ 17.562539] ? __schedule+0x10cc/0x2b60 [ 17.562609] ? __pfx_read_tsc+0x10/0x10 [ 17.562681] krealloc_large_less_oob+0x1c/0x30 [ 17.562731] kunit_try_run_case+0x1a5/0x480 [ 17.562769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.562801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.562851] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.562898] ? __kthread_parkme+0x82/0x180 [ 17.562926] ? preempt_count_sub+0x50/0x80 [ 17.562957] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.562990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.563024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.563055] kthread+0x337/0x6f0 [ 17.563081] ? trace_preempt_on+0x20/0xc0 [ 17.563112] ? __pfx_kthread+0x10/0x10 [ 17.563139] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.563171] ? calculate_sigpending+0x7b/0xa0 [ 17.563204] ? __pfx_kthread+0x10/0x10 [ 17.563316] ret_from_fork+0x116/0x1d0 [ 17.563379] ? __pfx_kthread+0x10/0x10 [ 17.563411] ret_from_fork_asm+0x1a/0x30 [ 17.563453] </TASK> [ 17.563469] [ 17.584098] The buggy address belongs to the physical page: [ 17.584559] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.585050] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.586038] flags: 0x200000000000040(head|node=0|zone=2) [ 17.586983] page_type: f8(unknown) [ 17.587449] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.588041] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.588614] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.589735] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.590416] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.591212] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.592023] page dumped because: kasan: bad access detected [ 17.592805] [ 17.592956] Memory state around the buggy address: [ 17.593354] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.594230] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.595253] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.595707] ^ [ 17.596178] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.596793] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.597603] ================================================================== [ 17.363904] ================================================================== [ 17.364471] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 17.365507] Write of size 1 at addr ffff888103908aea by task kunit_try_catch/185 [ 17.366178] [ 17.366411] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.366526] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.366562] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.366613] Call Trace: [ 17.366653] <TASK> [ 17.366755] dump_stack_lvl+0x73/0xb0 [ 17.366851] print_report+0xd1/0x650 [ 17.366984] ? __virt_addr_valid+0x1db/0x2d0 [ 17.367059] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 17.367197] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.367309] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 17.367384] kasan_report+0x141/0x180 [ 17.367455] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 17.367548] __asan_report_store1_noabort+0x1b/0x30 [ 17.367629] krealloc_less_oob_helper+0xe90/0x11d0 [ 17.367770] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.367861] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.367947] ? __pfx_krealloc_less_oob+0x10/0x10 [ 17.368016] krealloc_less_oob+0x1c/0x30 [ 17.368068] kunit_try_run_case+0x1a5/0x480 [ 17.368142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.368210] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.368387] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.368466] ? __kthread_parkme+0x82/0x180 [ 17.368529] ? preempt_count_sub+0x50/0x80 [ 17.368659] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.368742] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.368813] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.368887] kthread+0x337/0x6f0 [ 17.368917] ? trace_preempt_on+0x20/0xc0 [ 17.368951] ? __pfx_kthread+0x10/0x10 [ 17.368979] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.369012] ? calculate_sigpending+0x7b/0xa0 [ 17.369047] ? __pfx_kthread+0x10/0x10 [ 17.369075] ret_from_fork+0x116/0x1d0 [ 17.369100] ? __pfx_kthread+0x10/0x10 [ 17.369127] ret_from_fork_asm+0x1a/0x30 [ 17.369167] </TASK> [ 17.369180] [ 17.386248] Allocated by task 185: [ 17.386530] kasan_save_stack+0x45/0x70 [ 17.386932] kasan_save_track+0x18/0x40 [ 17.387276] kasan_save_alloc_info+0x3b/0x50 [ 17.387699] __kasan_krealloc+0x190/0x1f0 [ 17.388267] krealloc_noprof+0xf3/0x340 [ 17.388553] krealloc_less_oob_helper+0x1aa/0x11d0 [ 17.388894] krealloc_less_oob+0x1c/0x30 [ 17.389264] kunit_try_run_case+0x1a5/0x480 [ 17.389758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.390316] kthread+0x337/0x6f0 [ 17.390661] ret_from_fork+0x116/0x1d0 [ 17.391140] ret_from_fork_asm+0x1a/0x30 [ 17.391557] [ 17.391736] The buggy address belongs to the object at ffff888103908a00 [ 17.391736] which belongs to the cache kmalloc-256 of size 256 [ 17.392915] The buggy address is located 33 bytes to the right of [ 17.392915] allocated 201-byte region [ffff888103908a00, ffff888103908ac9) [ 17.393857] [ 17.394016] The buggy address belongs to the physical page: [ 17.394458] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.395204] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.396082] flags: 0x200000000000040(head|node=0|zone=2) [ 17.397200] page_type: f5(slab) [ 17.397529] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.398116] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.398890] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.399518] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.400436] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.400888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.401542] page dumped because: kasan: bad access detected [ 17.401903] [ 17.402101] Memory state around the buggy address: [ 17.402633] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.403341] ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.403893] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.404654] ^ [ 17.405298] ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.405802] ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.406415] ================================================================== [ 17.277545] ================================================================== [ 17.278093] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 17.278691] Write of size 1 at addr ffff888103908ad0 by task kunit_try_catch/185 [ 17.279262] [ 17.279518] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.279652] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.279688] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.279747] Call Trace: [ 17.279784] <TASK> [ 17.279829] dump_stack_lvl+0x73/0xb0 [ 17.279928] print_report+0xd1/0x650 [ 17.280003] ? __virt_addr_valid+0x1db/0x2d0 [ 17.280081] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 17.280155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.280261] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 17.280341] kasan_report+0x141/0x180 [ 17.280416] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 17.280501] __asan_report_store1_noabort+0x1b/0x30 [ 17.280581] krealloc_less_oob_helper+0xe23/0x11d0 [ 17.280660] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.280734] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.280822] ? __pfx_krealloc_less_oob+0x10/0x10 [ 17.280911] krealloc_less_oob+0x1c/0x30 [ 17.280980] kunit_try_run_case+0x1a5/0x480 [ 17.281048] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.281084] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.281114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.281152] ? __kthread_parkme+0x82/0x180 [ 17.281180] ? preempt_count_sub+0x50/0x80 [ 17.281212] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.281284] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.281321] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.281354] kthread+0x337/0x6f0 [ 17.281380] ? trace_preempt_on+0x20/0xc0 [ 17.281415] ? __pfx_kthread+0x10/0x10 [ 17.281443] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.281476] ? calculate_sigpending+0x7b/0xa0 [ 17.281510] ? __pfx_kthread+0x10/0x10 [ 17.281539] ret_from_fork+0x116/0x1d0 [ 17.281563] ? __pfx_kthread+0x10/0x10 [ 17.281591] ret_from_fork_asm+0x1a/0x30 [ 17.281633] </TASK> [ 17.281648] [ 17.295985] Allocated by task 185: [ 17.296429] kasan_save_stack+0x45/0x70 [ 17.296892] kasan_save_track+0x18/0x40 [ 17.297396] kasan_save_alloc_info+0x3b/0x50 [ 17.297857] __kasan_krealloc+0x190/0x1f0 [ 17.298343] krealloc_noprof+0xf3/0x340 [ 17.298913] krealloc_less_oob_helper+0x1aa/0x11d0 [ 17.299704] krealloc_less_oob+0x1c/0x30 [ 17.300265] kunit_try_run_case+0x1a5/0x480 [ 17.300714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.301293] kthread+0x337/0x6f0 [ 17.301662] ret_from_fork+0x116/0x1d0 [ 17.302077] ret_from_fork_asm+0x1a/0x30 [ 17.302531] [ 17.302744] The buggy address belongs to the object at ffff888103908a00 [ 17.302744] which belongs to the cache kmalloc-256 of size 256 [ 17.303897] The buggy address is located 7 bytes to the right of [ 17.303897] allocated 201-byte region [ffff888103908a00, ffff888103908ac9) [ 17.304885] [ 17.305090] The buggy address belongs to the physical page: [ 17.305694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.306443] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.307063] flags: 0x200000000000040(head|node=0|zone=2) [ 17.307771] page_type: f5(slab) [ 17.308162] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.308849] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.309625] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.310373] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.311017] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.311696] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.312470] page dumped because: kasan: bad access detected [ 17.314432] [ 17.314785] Memory state around the buggy address: [ 17.315121] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.316042] ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.316704] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.317342] ^ [ 17.317714] ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.318501] ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.319119] ================================================================== [ 17.717727] ================================================================== [ 17.718259] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 17.719172] Write of size 1 at addr ffff88810395a0eb by task kunit_try_catch/189 [ 17.719727] [ 17.720017] CPU: 0 UID: 0 PID: 189 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.720197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.720262] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.720355] Call Trace: [ 17.720405] <TASK> [ 17.720512] dump_stack_lvl+0x73/0xb0 [ 17.720620] print_report+0xd1/0x650 [ 17.720694] ? __virt_addr_valid+0x1db/0x2d0 [ 17.720763] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 17.720850] ? kasan_addr_to_slab+0x11/0xa0 [ 17.720919] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 17.720992] kasan_report+0x141/0x180 [ 17.721063] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 17.721145] __asan_report_store1_noabort+0x1b/0x30 [ 17.721219] krealloc_less_oob_helper+0xd47/0x11d0 [ 17.721297] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.721369] ? finish_task_switch.isra.0+0x153/0x700 [ 17.721441] ? __switch_to+0x47/0xf50 [ 17.721541] ? __schedule+0x10cc/0x2b60 [ 17.721635] ? __pfx_read_tsc+0x10/0x10 [ 17.721747] krealloc_large_less_oob+0x1c/0x30 [ 17.721820] kunit_try_run_case+0x1a5/0x480 [ 17.721912] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.721948] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.721978] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.722014] ? __kthread_parkme+0x82/0x180 [ 17.722041] ? preempt_count_sub+0x50/0x80 [ 17.722071] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.722103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.722134] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.722164] kthread+0x337/0x6f0 [ 17.722190] ? trace_preempt_on+0x20/0xc0 [ 17.722233] ? __pfx_kthread+0x10/0x10 [ 17.722305] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.722367] ? calculate_sigpending+0x7b/0xa0 [ 17.722404] ? __pfx_kthread+0x10/0x10 [ 17.722433] ret_from_fork+0x116/0x1d0 [ 17.722459] ? __pfx_kthread+0x10/0x10 [ 17.722487] ret_from_fork_asm+0x1a/0x30 [ 17.722528] </TASK> [ 17.722542] [ 17.741464] The buggy address belongs to the physical page: [ 17.741952] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.742786] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.743816] flags: 0x200000000000040(head|node=0|zone=2) [ 17.744414] page_type: f8(unknown) [ 17.744684] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.745453] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.746145] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.746826] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.747714] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.748585] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.749186] page dumped because: kasan: bad access detected [ 17.749921] [ 17.750078] Memory state around the buggy address: [ 17.751735] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.753643] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.754352] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 17.754703] ^ [ 17.755055] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.755394] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.755728] ================================================================== [ 17.233795] ================================================================== [ 17.234907] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 17.235446] Write of size 1 at addr ffff888103908ac9 by task kunit_try_catch/185 [ 17.236024] [ 17.236250] CPU: 1 UID: 0 PID: 185 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.236376] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.236413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.236469] Call Trace: [ 17.236508] <TASK> [ 17.236556] dump_stack_lvl+0x73/0xb0 [ 17.236635] print_report+0xd1/0x650 [ 17.236708] ? __virt_addr_valid+0x1db/0x2d0 [ 17.236777] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 17.236905] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.236983] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 17.237064] kasan_report+0x141/0x180 [ 17.237136] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 17.237261] __asan_report_store1_noabort+0x1b/0x30 [ 17.237346] krealloc_less_oob_helper+0xd70/0x11d0 [ 17.237427] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 17.237471] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 17.237512] ? __pfx_krealloc_less_oob+0x10/0x10 [ 17.237550] krealloc_less_oob+0x1c/0x30 [ 17.237582] kunit_try_run_case+0x1a5/0x480 [ 17.237618] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.237650] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.237679] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.237716] ? __kthread_parkme+0x82/0x180 [ 17.237743] ? preempt_count_sub+0x50/0x80 [ 17.237775] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.237808] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.237867] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.237905] kthread+0x337/0x6f0 [ 17.237932] ? trace_preempt_on+0x20/0xc0 [ 17.237965] ? __pfx_kthread+0x10/0x10 [ 17.237994] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.238030] ? calculate_sigpending+0x7b/0xa0 [ 17.238065] ? __pfx_kthread+0x10/0x10 [ 17.238095] ret_from_fork+0x116/0x1d0 [ 17.238120] ? __pfx_kthread+0x10/0x10 [ 17.238148] ret_from_fork_asm+0x1a/0x30 [ 17.238190] </TASK> [ 17.238206] [ 17.255136] Allocated by task 185: [ 17.255732] kasan_save_stack+0x45/0x70 [ 17.256359] kasan_save_track+0x18/0x40 [ 17.256542] kasan_save_alloc_info+0x3b/0x50 [ 17.256704] __kasan_krealloc+0x190/0x1f0 [ 17.256901] krealloc_noprof+0xf3/0x340 [ 17.257325] krealloc_less_oob_helper+0x1aa/0x11d0 [ 17.257741] krealloc_less_oob+0x1c/0x30 [ 17.258086] kunit_try_run_case+0x1a5/0x480 [ 17.258766] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.259171] kthread+0x337/0x6f0 [ 17.259564] ret_from_fork+0x116/0x1d0 [ 17.260093] ret_from_fork_asm+0x1a/0x30 [ 17.260534] [ 17.261048] The buggy address belongs to the object at ffff888103908a00 [ 17.261048] which belongs to the cache kmalloc-256 of size 256 [ 17.262178] The buggy address is located 0 bytes to the right of [ 17.262178] allocated 201-byte region [ffff888103908a00, ffff888103908ac9) [ 17.263285] [ 17.263640] The buggy address belongs to the physical page: [ 17.264367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.265068] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.266118] flags: 0x200000000000040(head|node=0|zone=2) [ 17.266757] page_type: f5(slab) [ 17.267094] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.267645] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.268179] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.268722] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.269397] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.269966] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.270568] page dumped because: kasan: bad access detected [ 17.270956] [ 17.271164] Memory state around the buggy address: [ 17.271632] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.272181] ffff888103908a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.272794] >ffff888103908a80: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 17.273362] ^ [ 17.273723] ffff888103908b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.274345] ffff888103908b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.274790] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 17.125933] ================================================================== [ 17.126943] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.127717] Write of size 1 at addr ffff8881039088eb by task kunit_try_catch/183 [ 17.128721] [ 17.129055] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.129432] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.129499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.129556] Call Trace: [ 17.129591] <TASK> [ 17.129634] dump_stack_lvl+0x73/0xb0 [ 17.129713] print_report+0xd1/0x650 [ 17.129748] ? __virt_addr_valid+0x1db/0x2d0 [ 17.129781] ? krealloc_more_oob_helper+0x821/0x930 [ 17.129813] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.129867] ? krealloc_more_oob_helper+0x821/0x930 [ 17.129904] kasan_report+0x141/0x180 [ 17.129935] ? krealloc_more_oob_helper+0x821/0x930 [ 17.129974] __asan_report_store1_noabort+0x1b/0x30 [ 17.130008] krealloc_more_oob_helper+0x821/0x930 [ 17.130038] ? __schedule+0x10cc/0x2b60 [ 17.130066] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.130099] ? finish_task_switch.isra.0+0x153/0x700 [ 17.130132] ? __switch_to+0x47/0xf50 [ 17.130166] ? __schedule+0x10cc/0x2b60 [ 17.130191] ? __pfx_read_tsc+0x10/0x10 [ 17.130269] krealloc_more_oob+0x1c/0x30 [ 17.130353] kunit_try_run_case+0x1a5/0x480 [ 17.130414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.130447] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.130476] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.130513] ? __kthread_parkme+0x82/0x180 [ 17.130541] ? preempt_count_sub+0x50/0x80 [ 17.130573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.130608] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.130640] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.130672] kthread+0x337/0x6f0 [ 17.130700] ? trace_preempt_on+0x20/0xc0 [ 17.130734] ? __pfx_kthread+0x10/0x10 [ 17.130762] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.130796] ? calculate_sigpending+0x7b/0xa0 [ 17.130849] ? __pfx_kthread+0x10/0x10 [ 17.130889] ret_from_fork+0x116/0x1d0 [ 17.130914] ? __pfx_kthread+0x10/0x10 [ 17.130943] ret_from_fork_asm+0x1a/0x30 [ 17.130985] </TASK> [ 17.131003] [ 17.150954] Allocated by task 183: [ 17.151513] kasan_save_stack+0x45/0x70 [ 17.152091] kasan_save_track+0x18/0x40 [ 17.152572] kasan_save_alloc_info+0x3b/0x50 [ 17.153172] __kasan_krealloc+0x190/0x1f0 [ 17.153747] krealloc_noprof+0xf3/0x340 [ 17.154373] krealloc_more_oob_helper+0x1a9/0x930 [ 17.154980] krealloc_more_oob+0x1c/0x30 [ 17.155606] kunit_try_run_case+0x1a5/0x480 [ 17.156120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.156826] kthread+0x337/0x6f0 [ 17.157150] ret_from_fork+0x116/0x1d0 [ 17.157763] ret_from_fork_asm+0x1a/0x30 [ 17.158417] [ 17.158673] The buggy address belongs to the object at ffff888103908800 [ 17.158673] which belongs to the cache kmalloc-256 of size 256 [ 17.159892] The buggy address is located 0 bytes to the right of [ 17.159892] allocated 235-byte region [ffff888103908800, ffff8881039088eb) [ 17.160811] [ 17.161449] The buggy address belongs to the physical page: [ 17.161882] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.163059] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.163934] flags: 0x200000000000040(head|node=0|zone=2) [ 17.164266] page_type: f5(slab) [ 17.164503] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.164923] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.165335] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.166128] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.166819] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.169053] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.169783] page dumped because: kasan: bad access detected [ 17.170416] [ 17.170623] Memory state around the buggy address: [ 17.171065] ffff888103908780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.171895] ffff888103908800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.172657] >ffff888103908880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.173204] ^ [ 17.173891] ffff888103908900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.174551] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.175093] ================================================================== [ 17.176678] ================================================================== [ 17.177200] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.177879] Write of size 1 at addr ffff8881039088f0 by task kunit_try_catch/183 [ 17.178655] [ 17.178915] CPU: 1 UID: 0 PID: 183 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.179040] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.179076] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.179135] Call Trace: [ 17.179170] <TASK> [ 17.179335] dump_stack_lvl+0x73/0xb0 [ 17.179976] print_report+0xd1/0x650 [ 17.180051] ? __virt_addr_valid+0x1db/0x2d0 [ 17.180123] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.180194] ? kasan_complete_mode_report_info+0x2a/0x200 [ 17.180278] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.180353] kasan_report+0x141/0x180 [ 17.180426] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.180510] __asan_report_store1_noabort+0x1b/0x30 [ 17.180587] krealloc_more_oob_helper+0x7eb/0x930 [ 17.180660] ? __schedule+0x10cc/0x2b60 [ 17.180728] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.180799] ? finish_task_switch.isra.0+0x153/0x700 [ 17.180888] ? __switch_to+0x47/0xf50 [ 17.180965] ? __schedule+0x10cc/0x2b60 [ 17.181035] ? __pfx_read_tsc+0x10/0x10 [ 17.181102] krealloc_more_oob+0x1c/0x30 [ 17.181160] kunit_try_run_case+0x1a5/0x480 [ 17.181221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.181281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.181337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.181404] ? __kthread_parkme+0x82/0x180 [ 17.181459] ? preempt_count_sub+0x50/0x80 [ 17.181512] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.181576] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.181650] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.181723] kthread+0x337/0x6f0 [ 17.181788] ? trace_preempt_on+0x20/0xc0 [ 17.181872] ? __pfx_kthread+0x10/0x10 [ 17.181942] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.182007] ? calculate_sigpending+0x7b/0xa0 [ 17.182079] ? __pfx_kthread+0x10/0x10 [ 17.182113] ret_from_fork+0x116/0x1d0 [ 17.182139] ? __pfx_kthread+0x10/0x10 [ 17.182167] ret_from_fork_asm+0x1a/0x30 [ 17.182210] </TASK> [ 17.182236] [ 17.199743] Allocated by task 183: [ 17.200129] kasan_save_stack+0x45/0x70 [ 17.200750] kasan_save_track+0x18/0x40 [ 17.201156] kasan_save_alloc_info+0x3b/0x50 [ 17.201751] __kasan_krealloc+0x190/0x1f0 [ 17.202192] krealloc_noprof+0xf3/0x340 [ 17.202989] krealloc_more_oob_helper+0x1a9/0x930 [ 17.203427] krealloc_more_oob+0x1c/0x30 [ 17.203864] kunit_try_run_case+0x1a5/0x480 [ 17.204275] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.204647] kthread+0x337/0x6f0 [ 17.205008] ret_from_fork+0x116/0x1d0 [ 17.205395] ret_from_fork_asm+0x1a/0x30 [ 17.205722] [ 17.206029] The buggy address belongs to the object at ffff888103908800 [ 17.206029] which belongs to the cache kmalloc-256 of size 256 [ 17.207599] The buggy address is located 5 bytes to the right of [ 17.207599] allocated 235-byte region [ffff888103908800, ffff8881039088eb) [ 17.208872] [ 17.209068] The buggy address belongs to the physical page: [ 17.209581] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103908 [ 17.210718] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.211584] flags: 0x200000000000040(head|node=0|zone=2) [ 17.212093] page_type: f5(slab) [ 17.212638] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.213398] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.214040] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 17.214967] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 17.216146] head: 0200000000000001 ffffea00040e4201 00000000ffffffff 00000000ffffffff [ 17.218622] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 17.219106] page dumped because: kasan: bad access detected [ 17.220302] [ 17.220906] Memory state around the buggy address: [ 17.221696] ffff888103908780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.222248] ffff888103908800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.223887] >ffff888103908880: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 17.224445] ^ [ 17.224918] ffff888103908900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.225307] ffff888103908980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.225676] ================================================================== [ 17.501755] ================================================================== [ 17.502900] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 17.503448] Write of size 1 at addr ffff88810395a0f0 by task kunit_try_catch/187 [ 17.505689] [ 17.506103] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.506215] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.506244] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.506291] Call Trace: [ 17.506332] <TASK> [ 17.506371] dump_stack_lvl+0x73/0xb0 [ 17.506435] print_report+0xd1/0x650 [ 17.506486] ? __virt_addr_valid+0x1db/0x2d0 [ 17.506535] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.506585] ? kasan_addr_to_slab+0x11/0xa0 [ 17.506631] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.506683] kasan_report+0x141/0x180 [ 17.506732] ? krealloc_more_oob_helper+0x7eb/0x930 [ 17.506792] __asan_report_store1_noabort+0x1b/0x30 [ 17.506862] krealloc_more_oob_helper+0x7eb/0x930 [ 17.506915] ? __schedule+0x10cc/0x2b60 [ 17.506962] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.507014] ? finish_task_switch.isra.0+0x153/0x700 [ 17.507062] ? __switch_to+0x47/0xf50 [ 17.507115] ? __schedule+0x10cc/0x2b60 [ 17.507157] ? __pfx_read_tsc+0x10/0x10 [ 17.507210] krealloc_large_more_oob+0x1c/0x30 [ 17.507258] kunit_try_run_case+0x1a5/0x480 [ 17.507309] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.507358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.507404] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.507457] ? __kthread_parkme+0x82/0x180 [ 17.507500] ? preempt_count_sub+0x50/0x80 [ 17.507560] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.507612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.507663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.507710] kthread+0x337/0x6f0 [ 17.507752] ? trace_preempt_on+0x20/0xc0 [ 17.507802] ? __pfx_kthread+0x10/0x10 [ 17.507884] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.507962] ? calculate_sigpending+0x7b/0xa0 [ 17.508040] ? __pfx_kthread+0x10/0x10 [ 17.508156] ret_from_fork+0x116/0x1d0 [ 17.508391] ? __pfx_kthread+0x10/0x10 [ 17.508456] ret_from_fork_asm+0x1a/0x30 [ 17.508525] </TASK> [ 17.508553] [ 17.531101] The buggy address belongs to the physical page: [ 17.532196] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.533609] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.535118] flags: 0x200000000000040(head|node=0|zone=2) [ 17.536192] page_type: f8(unknown) [ 17.536765] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.538011] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.539125] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.541210] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.541721] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.542601] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.543165] page dumped because: kasan: bad access detected [ 17.544466] [ 17.544689] Memory state around the buggy address: [ 17.545803] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.546793] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.547694] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.548537] ^ [ 17.550099] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.551194] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.551713] ================================================================== [ 17.454052] ================================================================== [ 17.454899] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 17.456599] Write of size 1 at addr ffff88810395a0eb by task kunit_try_catch/187 [ 17.457721] [ 17.458140] CPU: 0 UID: 0 PID: 187 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.458594] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.458636] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.458721] Call Trace: [ 17.458760] <TASK> [ 17.458807] dump_stack_lvl+0x73/0xb0 [ 17.458887] print_report+0xd1/0x650 [ 17.458923] ? __virt_addr_valid+0x1db/0x2d0 [ 17.458956] ? krealloc_more_oob_helper+0x821/0x930 [ 17.458989] ? kasan_addr_to_slab+0x11/0xa0 [ 17.459017] ? krealloc_more_oob_helper+0x821/0x930 [ 17.459049] kasan_report+0x141/0x180 [ 17.459080] ? krealloc_more_oob_helper+0x821/0x930 [ 17.459118] __asan_report_store1_noabort+0x1b/0x30 [ 17.459153] krealloc_more_oob_helper+0x821/0x930 [ 17.459185] ? __schedule+0x10cc/0x2b60 [ 17.459227] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 17.459301] ? finish_task_switch.isra.0+0x153/0x700 [ 17.459394] ? __switch_to+0x47/0xf50 [ 17.459439] ? __schedule+0x10cc/0x2b60 [ 17.459466] ? __pfx_read_tsc+0x10/0x10 [ 17.459500] krealloc_large_more_oob+0x1c/0x30 [ 17.459533] kunit_try_run_case+0x1a5/0x480 [ 17.459587] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.459619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.459647] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.459683] ? __kthread_parkme+0x82/0x180 [ 17.459711] ? preempt_count_sub+0x50/0x80 [ 17.459740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.459772] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.459803] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.459861] kthread+0x337/0x6f0 [ 17.459895] ? trace_preempt_on+0x20/0xc0 [ 17.459930] ? __pfx_kthread+0x10/0x10 [ 17.459958] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.459990] ? calculate_sigpending+0x7b/0xa0 [ 17.460024] ? __pfx_kthread+0x10/0x10 [ 17.460053] ret_from_fork+0x116/0x1d0 [ 17.460079] ? __pfx_kthread+0x10/0x10 [ 17.460106] ret_from_fork_asm+0x1a/0x30 [ 17.460148] </TASK> [ 17.460164] [ 17.478679] The buggy address belongs to the physical page: [ 17.479400] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103958 [ 17.480198] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.481020] flags: 0x200000000000040(head|node=0|zone=2) [ 17.481766] page_type: f8(unknown) [ 17.482042] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.484008] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.485358] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.487808] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.488336] head: 0200000000000002 ffffea00040e5601 00000000ffffffff 00000000ffffffff [ 17.488995] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.489715] page dumped because: kasan: bad access detected [ 17.490570] [ 17.492513] Memory state around the buggy address: [ 17.492925] ffff888103959f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.493412] ffff88810395a000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.493774] >ffff88810395a080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 17.494156] ^ [ 17.495788] ffff88810395a100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.497296] ffff88810395a180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.500447] ==================================================================
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_ignore_yuv420
<8>[ 391.997591] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_ignore_yuv420 RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_ignore_yuv422
<8>[ 391.820530] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_ignore_yuv422 RESULT=fail>
Failure - kunit - drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_yuv420
<8>[ 391.636640] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_check_broadcast_rgb_cea_mode_yuv420_drm_test_check_max_tmds_rate_bpc_fallback_yuv420 RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 20.658848] ================================================================== [ 20.659681] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 20.660275] Read of size 1 at addr ffff888103aa7c3f by task kunit_try_catch/278 [ 20.660885] [ 20.661127] CPU: 0 UID: 0 PID: 278 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.661304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.661345] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.661406] Call Trace: [ 20.661447] <TASK> [ 20.661493] dump_stack_lvl+0x73/0xb0 [ 20.661579] print_report+0xd1/0x650 [ 20.661654] ? __virt_addr_valid+0x1db/0x2d0 [ 20.661725] ? kasan_alloca_oob_left+0x320/0x380 [ 20.661794] ? kasan_addr_to_slab+0x11/0xa0 [ 20.661881] ? kasan_alloca_oob_left+0x320/0x380 [ 20.661954] kasan_report+0x141/0x180 [ 20.662028] ? kasan_alloca_oob_left+0x320/0x380 [ 20.662110] __asan_report_load1_noabort+0x18/0x20 [ 20.662191] kasan_alloca_oob_left+0x320/0x380 [ 20.662314] ? trace_hardirqs_on+0x37/0xe0 [ 20.662434] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.662528] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 20.662610] ? __softirqentry_text_end+0x16/0x16 [ 20.662684] ? __pfx_read_tsc+0x10/0x10 [ 20.662729] ? ktime_get_ts64+0x86/0x230 [ 20.662768] kunit_try_run_case+0x1a5/0x480 [ 20.662803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.662860] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.662895] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.662931] ? __kthread_parkme+0x82/0x180 [ 20.662960] ? preempt_count_sub+0x50/0x80 [ 20.662991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.663025] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.663057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.663089] kthread+0x337/0x6f0 [ 20.663114] ? trace_preempt_on+0x20/0xc0 [ 20.663146] ? __pfx_kthread+0x10/0x10 [ 20.663173] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.663207] ? calculate_sigpending+0x7b/0xa0 [ 20.663299] ? __pfx_kthread+0x10/0x10 [ 20.663359] ret_from_fork+0x116/0x1d0 [ 20.663388] ? __pfx_kthread+0x10/0x10 [ 20.663418] ret_from_fork_asm+0x1a/0x30 [ 20.663460] </TASK> [ 20.663476] [ 20.686290] The buggy address belongs to stack of task kunit_try_catch/278 [ 20.687717] [ 20.687943] The buggy address belongs to the physical page: [ 20.688407] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103aa7 [ 20.689170] flags: 0x200000000000000(node=0|zone=2) [ 20.689715] raw: 0200000000000000 ffffea00040ea9c8 ffffea00040ea9c8 0000000000000000 [ 20.690539] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 20.691199] page dumped because: kasan: bad access detected [ 20.691808] [ 20.692024] Memory state around the buggy address: [ 20.692562] ffff888103aa7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.693187] ffff888103aa7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.693925] >ffff888103aa7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 20.694686] ^ [ 20.695098] ffff888103aa7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 20.695918] ffff888103aa7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 20.696494] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 20.614649] ================================================================== [ 20.615760] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 20.616350] Read of size 1 at addr ffff888103ad7d02 by task kunit_try_catch/276 [ 20.617156] [ 20.617638] CPU: 0 UID: 0 PID: 276 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.617864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.617907] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.617969] Call Trace: [ 20.618055] <TASK> [ 20.618114] dump_stack_lvl+0x73/0xb0 [ 20.618316] print_report+0xd1/0x650 [ 20.618402] ? __virt_addr_valid+0x1db/0x2d0 [ 20.618789] ? kasan_stack_oob+0x2b5/0x300 [ 20.619015] ? kasan_addr_to_slab+0x11/0xa0 [ 20.619053] ? kasan_stack_oob+0x2b5/0x300 [ 20.619084] kasan_report+0x141/0x180 [ 20.619117] ? kasan_stack_oob+0x2b5/0x300 [ 20.619152] __asan_report_load1_noabort+0x18/0x20 [ 20.619189] kasan_stack_oob+0x2b5/0x300 [ 20.619224] ? __pfx_kasan_stack_oob+0x10/0x10 [ 20.619290] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.619374] ? __pfx_kasan_stack_oob+0x10/0x10 [ 20.619412] kunit_try_run_case+0x1a5/0x480 [ 20.619450] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.619482] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.619511] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.619557] ? __kthread_parkme+0x82/0x180 [ 20.619588] ? preempt_count_sub+0x50/0x80 [ 20.619620] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.619652] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.619686] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.619720] kthread+0x337/0x6f0 [ 20.619748] ? trace_preempt_on+0x20/0xc0 [ 20.619783] ? __pfx_kthread+0x10/0x10 [ 20.619813] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.619873] ? calculate_sigpending+0x7b/0xa0 [ 20.619912] ? __pfx_kthread+0x10/0x10 [ 20.619942] ret_from_fork+0x116/0x1d0 [ 20.619969] ? __pfx_kthread+0x10/0x10 [ 20.619997] ret_from_fork_asm+0x1a/0x30 [ 20.620038] </TASK> [ 20.620053] [ 20.638809] The buggy address belongs to stack of task kunit_try_catch/276 [ 20.639713] and is located at offset 138 in frame: [ 20.640090] kasan_stack_oob+0x0/0x300 [ 20.640846] [ 20.641089] This frame has 4 objects: [ 20.641714] [48, 49) '__assertion' [ 20.641781] [64, 72) 'array' [ 20.642040] [96, 112) '__assertion' [ 20.642374] [128, 138) 'stack_array' [ 20.642692] [ 20.643639] The buggy address belongs to the physical page: [ 20.644167] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad7 [ 20.644963] flags: 0x200000000000000(node=0|zone=2) [ 20.645564] raw: 0200000000000000 ffffea00040eb5c8 ffffea00040eb5c8 0000000000000000 [ 20.646577] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 20.647131] page dumped because: kasan: bad access detected [ 20.647734] [ 20.647909] Memory state around the buggy address: [ 20.648498] ffff888103ad7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 20.649078] ffff888103ad7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 20.649769] >ffff888103ad7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 20.650605] ^ [ 20.650931] ffff888103ad7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 20.651642] ffff888103ad7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.652376] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 20.572690] ================================================================== [ 20.573713] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 20.574503] Read of size 1 at addr ffffffffbf86ce8d by task kunit_try_catch/272 [ 20.574936] [ 20.575234] CPU: 1 UID: 0 PID: 272 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.575365] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.575403] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.575465] Call Trace: [ 20.575506] <TASK> [ 20.575553] dump_stack_lvl+0x73/0xb0 [ 20.575597] print_report+0xd1/0x650 [ 20.575630] ? __virt_addr_valid+0x1db/0x2d0 [ 20.575662] ? kasan_global_oob_right+0x286/0x2d0 [ 20.575691] ? kasan_addr_to_slab+0x11/0xa0 [ 20.575720] ? kasan_global_oob_right+0x286/0x2d0 [ 20.575750] kasan_report+0x141/0x180 [ 20.575779] ? kasan_global_oob_right+0x286/0x2d0 [ 20.575814] __asan_report_load1_noabort+0x18/0x20 [ 20.575877] kasan_global_oob_right+0x286/0x2d0 [ 20.575910] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 20.575943] ? __schedule+0x10cc/0x2b60 [ 20.575970] ? __pfx_read_tsc+0x10/0x10 [ 20.576000] ? ktime_get_ts64+0x86/0x230 [ 20.576034] kunit_try_run_case+0x1a5/0x480 [ 20.576067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.576098] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.576125] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.576161] ? __kthread_parkme+0x82/0x180 [ 20.576189] ? preempt_count_sub+0x50/0x80 [ 20.576234] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.576318] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.576405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.576478] kthread+0x337/0x6f0 [ 20.576545] ? trace_preempt_on+0x20/0xc0 [ 20.576624] ? __pfx_kthread+0x10/0x10 [ 20.576698] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.576772] ? calculate_sigpending+0x7b/0xa0 [ 20.576906] ? __pfx_kthread+0x10/0x10 [ 20.577006] ret_from_fork+0x116/0x1d0 [ 20.577126] ? __pfx_kthread+0x10/0x10 [ 20.577224] ret_from_fork_asm+0x1a/0x30 [ 20.577321] </TASK> [ 20.577358] [ 20.593926] The buggy address belongs to the variable: [ 20.594432] global_array+0xd/0x40 [ 20.594969] [ 20.595593] The buggy address belongs to the physical page: [ 20.596122] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x2246c [ 20.596888] flags: 0x100000000002000(reserved|node=0|zone=1) [ 20.597477] raw: 0100000000002000 ffffea0000891b08 ffffea0000891b08 0000000000000000 [ 20.598337] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.599015] page dumped because: kasan: bad access detected [ 20.599608] [ 20.599849] Memory state around the buggy address: [ 20.600181] ffffffffbf86cd80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.601088] ffffffffbf86ce00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.601912] >ffffffffbf86ce80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 20.602534] ^ [ 20.602787] ffffffffbf86cf00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 20.603513] ffffffffbf86cf80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 20.604322] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 20.523417] ================================================================== [ 20.524281] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.524921] Free of addr ffff888103970001 by task kunit_try_catch/270 [ 20.525643] [ 20.525882] CPU: 0 UID: 0 PID: 270 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.525961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.525981] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.526011] Call Trace: [ 20.526030] <TASK> [ 20.526053] dump_stack_lvl+0x73/0xb0 [ 20.526096] print_report+0xd1/0x650 [ 20.526127] ? __virt_addr_valid+0x1db/0x2d0 [ 20.526162] ? kasan_addr_to_slab+0x11/0xa0 [ 20.526191] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526237] kasan_report_invalid_free+0x10a/0x130 [ 20.526321] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526409] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526487] __kasan_mempool_poison_object+0x102/0x1d0 [ 20.526563] mempool_free+0x2ec/0x380 [ 20.526646] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.526725] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.526810] ? __kasan_check_write+0x18/0x20 [ 20.526903] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.526974] ? finish_task_switch.isra.0+0x153/0x700 [ 20.527058] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 20.527137] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 20.527226] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.527302] ? __pfx_mempool_kfree+0x10/0x10 [ 20.527381] ? __pfx_read_tsc+0x10/0x10 [ 20.527450] ? ktime_get_ts64+0x86/0x230 [ 20.527531] kunit_try_run_case+0x1a5/0x480 [ 20.527625] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.527696] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.527767] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.527864] ? __kthread_parkme+0x82/0x180 [ 20.527936] ? preempt_count_sub+0x50/0x80 [ 20.528016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.528070] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.528105] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.528140] kthread+0x337/0x6f0 [ 20.528167] ? trace_preempt_on+0x20/0xc0 [ 20.528205] ? __pfx_kthread+0x10/0x10 [ 20.528265] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.528345] ? calculate_sigpending+0x7b/0xa0 [ 20.528385] ? __pfx_kthread+0x10/0x10 [ 20.528415] ret_from_fork+0x116/0x1d0 [ 20.528443] ? __pfx_kthread+0x10/0x10 [ 20.528471] ret_from_fork_asm+0x1a/0x30 [ 20.528513] </TASK> [ 20.528529] [ 20.552133] The buggy address belongs to the physical page: [ 20.553354] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103970 [ 20.554147] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.554890] flags: 0x200000000000040(head|node=0|zone=2) [ 20.555547] page_type: f8(unknown) [ 20.555849] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.556499] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.557678] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.558325] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.559118] head: 0200000000000002 ffffea00040e5c01 00000000ffffffff 00000000ffffffff [ 20.559904] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.560884] page dumped because: kasan: bad access detected [ 20.561389] [ 20.561774] Memory state around the buggy address: [ 20.562163] ffff88810396ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.562791] ffff88810396ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.563871] >ffff888103970000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.564386] ^ [ 20.565337] ffff888103970080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.566070] ffff888103970100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.566886] ================================================================== [ 20.471723] ================================================================== [ 20.472962] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.474250] Free of addr ffff888100ab0001 by task kunit_try_catch/268 [ 20.475009] [ 20.475246] CPU: 1 UID: 0 PID: 268 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.475380] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.475420] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.475477] Call Trace: [ 20.475518] <TASK> [ 20.475580] dump_stack_lvl+0x73/0xb0 [ 20.475664] print_report+0xd1/0x650 [ 20.475739] ? __virt_addr_valid+0x1db/0x2d0 [ 20.475822] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.475912] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.475985] kasan_report_invalid_free+0x10a/0x130 [ 20.476065] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476155] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476232] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476313] check_slab_allocation+0x11f/0x130 [ 20.476364] __kasan_mempool_poison_object+0x91/0x1d0 [ 20.476402] mempool_free+0x2ec/0x380 [ 20.476442] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 20.476480] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 20.476522] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.476553] ? finish_task_switch.isra.0+0x153/0x700 [ 20.476589] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.476622] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 20.476660] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.476691] ? __pfx_mempool_kfree+0x10/0x10 [ 20.476724] ? __pfx_read_tsc+0x10/0x10 [ 20.476755] ? ktime_get_ts64+0x86/0x230 [ 20.476790] kunit_try_run_case+0x1a5/0x480 [ 20.476826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.476884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.476917] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.476954] ? __kthread_parkme+0x82/0x180 [ 20.476983] ? preempt_count_sub+0x50/0x80 [ 20.477014] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.477048] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.477079] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.477112] kthread+0x337/0x6f0 [ 20.477139] ? trace_preempt_on+0x20/0xc0 [ 20.477173] ? __pfx_kthread+0x10/0x10 [ 20.477202] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.477263] ? calculate_sigpending+0x7b/0xa0 [ 20.477345] ? __pfx_kthread+0x10/0x10 [ 20.477380] ret_from_fork+0x116/0x1d0 [ 20.477410] ? __pfx_kthread+0x10/0x10 [ 20.477440] ret_from_fork_asm+0x1a/0x30 [ 20.477483] </TASK> [ 20.477498] [ 20.498069] Allocated by task 268: [ 20.498575] kasan_save_stack+0x45/0x70 [ 20.498991] kasan_save_track+0x18/0x40 [ 20.499561] kasan_save_alloc_info+0x3b/0x50 [ 20.499924] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.500459] remove_element+0x11e/0x190 [ 20.500895] mempool_alloc_preallocated+0x4d/0x90 [ 20.501493] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 20.501976] mempool_kmalloc_invalid_free+0xed/0x140 [ 20.502484] kunit_try_run_case+0x1a5/0x480 [ 20.502912] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.503612] kthread+0x337/0x6f0 [ 20.503982] ret_from_fork+0x116/0x1d0 [ 20.504317] ret_from_fork_asm+0x1a/0x30 [ 20.504815] [ 20.504993] The buggy address belongs to the object at ffff888100ab0000 [ 20.504993] which belongs to the cache kmalloc-128 of size 128 [ 20.506078] The buggy address is located 1 bytes inside of [ 20.506078] 128-byte region [ffff888100ab0000, ffff888100ab0080) [ 20.507043] [ 20.507255] The buggy address belongs to the physical page: [ 20.507878] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab0 [ 20.508539] flags: 0x200000000000000(node=0|zone=2) [ 20.508973] page_type: f5(slab) [ 20.509462] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.510107] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.510695] page dumped because: kasan: bad access detected [ 20.511445] [ 20.511658] Memory state around the buggy address: [ 20.512066] ffff888100aaff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.512787] ffff888100aaff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.513501] >ffff888100ab0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.514035] ^ [ 20.514508] ffff888100ab0080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.515085] ffff888100ab0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.515513] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 20.312696] ================================================================== [ 20.313558] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 20.314947] Free of addr ffff888100ab8c00 by task kunit_try_catch/262 [ 20.315444] [ 20.315897] CPU: 1 UID: 0 PID: 262 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.316091] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.316132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.316192] Call Trace: [ 20.316229] <TASK> [ 20.316443] dump_stack_lvl+0x73/0xb0 [ 20.316530] print_report+0xd1/0x650 [ 20.316606] ? __virt_addr_valid+0x1db/0x2d0 [ 20.316653] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.316688] ? mempool_double_free_helper+0x184/0x370 [ 20.316724] kasan_report_invalid_free+0x10a/0x130 [ 20.316759] ? mempool_double_free_helper+0x184/0x370 [ 20.316797] ? mempool_double_free_helper+0x184/0x370 [ 20.316848] ? mempool_double_free_helper+0x184/0x370 [ 20.316891] check_slab_allocation+0x101/0x130 [ 20.316925] __kasan_mempool_poison_object+0x91/0x1d0 [ 20.316959] mempool_free+0x2ec/0x380 [ 20.317001] mempool_double_free_helper+0x184/0x370 [ 20.317035] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 20.317070] ? __kasan_check_write+0x18/0x20 [ 20.317098] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.317130] ? finish_task_switch.isra.0+0x153/0x700 [ 20.317167] mempool_kmalloc_double_free+0xed/0x140 [ 20.317202] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 20.317242] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.317276] ? __pfx_mempool_kfree+0x10/0x10 [ 20.317312] ? __pfx_read_tsc+0x10/0x10 [ 20.317343] ? ktime_get_ts64+0x86/0x230 [ 20.317378] kunit_try_run_case+0x1a5/0x480 [ 20.317414] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.317448] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.317480] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.317590] ? __kthread_parkme+0x82/0x180 [ 20.317638] ? preempt_count_sub+0x50/0x80 [ 20.317674] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.317709] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.317744] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.317778] kthread+0x337/0x6f0 [ 20.317806] ? trace_preempt_on+0x20/0xc0 [ 20.317871] ? __pfx_kthread+0x10/0x10 [ 20.317903] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.317938] ? calculate_sigpending+0x7b/0xa0 [ 20.317974] ? __pfx_kthread+0x10/0x10 [ 20.318005] ret_from_fork+0x116/0x1d0 [ 20.318034] ? __pfx_kthread+0x10/0x10 [ 20.318063] ret_from_fork_asm+0x1a/0x30 [ 20.318109] </TASK> [ 20.318125] [ 20.338961] Allocated by task 262: [ 20.339377] kasan_save_stack+0x45/0x70 [ 20.339803] kasan_save_track+0x18/0x40 [ 20.340499] kasan_save_alloc_info+0x3b/0x50 [ 20.340923] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.341478] remove_element+0x11e/0x190 [ 20.341774] mempool_alloc_preallocated+0x4d/0x90 [ 20.342453] mempool_double_free_helper+0x8a/0x370 [ 20.342949] mempool_kmalloc_double_free+0xed/0x140 [ 20.344001] kunit_try_run_case+0x1a5/0x480 [ 20.344478] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.345022] kthread+0x337/0x6f0 [ 20.345499] ret_from_fork+0x116/0x1d0 [ 20.345729] ret_from_fork_asm+0x1a/0x30 [ 20.346001] [ 20.346358] Freed by task 262: [ 20.346602] kasan_save_stack+0x45/0x70 [ 20.346945] kasan_save_track+0x18/0x40 [ 20.347645] kasan_save_free_info+0x3f/0x60 [ 20.348611] __kasan_mempool_poison_object+0x131/0x1d0 [ 20.350480] mempool_free+0x2ec/0x380 [ 20.350706] mempool_double_free_helper+0x109/0x370 [ 20.351278] mempool_kmalloc_double_free+0xed/0x140 [ 20.352128] kunit_try_run_case+0x1a5/0x480 [ 20.353012] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.353517] kthread+0x337/0x6f0 [ 20.354074] ret_from_fork+0x116/0x1d0 [ 20.354650] ret_from_fork_asm+0x1a/0x30 [ 20.355038] [ 20.355264] The buggy address belongs to the object at ffff888100ab8c00 [ 20.355264] which belongs to the cache kmalloc-128 of size 128 [ 20.356591] The buggy address is located 0 bytes inside of [ 20.356591] 128-byte region [ffff888100ab8c00, ffff888100ab8c80) [ 20.357560] [ 20.357759] The buggy address belongs to the physical page: [ 20.358193] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 20.358744] flags: 0x200000000000000(node=0|zone=2) [ 20.359032] page_type: f5(slab) [ 20.359388] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.359855] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 20.360208] page dumped because: kasan: bad access detected [ 20.360460] [ 20.360568] Memory state around the buggy address: [ 20.360795] ffff888100ab8b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.361143] ffff888100ab8b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.361461] >ffff888100ab8c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.361915] ^ [ 20.362107] ffff888100ab8c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.362827] ffff888100ab8d00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.363187] ================================================================== [ 20.428709] ================================================================== [ 20.429729] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 20.430414] Free of addr ffff888103970000 by task kunit_try_catch/266 [ 20.431113] [ 20.431600] CPU: 0 UID: 0 PID: 266 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.431766] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.431808] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.431920] Call Trace: [ 20.432070] <TASK> [ 20.432098] dump_stack_lvl+0x73/0xb0 [ 20.432144] print_report+0xd1/0x650 [ 20.432178] ? __virt_addr_valid+0x1db/0x2d0 [ 20.432213] ? kasan_addr_to_slab+0x11/0xa0 [ 20.432408] ? mempool_double_free_helper+0x184/0x370 [ 20.432497] kasan_report_invalid_free+0x10a/0x130 [ 20.432578] ? mempool_double_free_helper+0x184/0x370 [ 20.432662] ? mempool_double_free_helper+0x184/0x370 [ 20.432741] __kasan_mempool_poison_pages+0x115/0x130 [ 20.432824] mempool_free+0x290/0x380 [ 20.432930] mempool_double_free_helper+0x184/0x370 [ 20.432987] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 20.433045] ? irqentry_exit+0x2a/0x60 [ 20.433113] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.433148] ? trace_hardirqs_on+0x37/0xe0 [ 20.433182] ? irqentry_exit+0x2a/0x60 [ 20.433226] mempool_page_alloc_double_free+0xe8/0x140 [ 20.433339] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 20.433393] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 20.433429] ? __pfx_mempool_free_pages+0x10/0x10 [ 20.433466] ? __pfx_read_tsc+0x10/0x10 [ 20.433496] ? ktime_get_ts64+0x86/0x230 [ 20.433533] kunit_try_run_case+0x1a5/0x480 [ 20.433568] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.433600] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.433629] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.433665] ? __kthread_parkme+0x82/0x180 [ 20.433693] ? preempt_count_sub+0x50/0x80 [ 20.433725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.433759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.433791] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.433825] kthread+0x337/0x6f0 [ 20.433885] ? trace_preempt_on+0x20/0xc0 [ 20.433919] ? __pfx_kthread+0x10/0x10 [ 20.433948] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.433982] ? calculate_sigpending+0x7b/0xa0 [ 20.434017] ? __pfx_kthread+0x10/0x10 [ 20.434047] ret_from_fork+0x116/0x1d0 [ 20.434073] ? __pfx_kthread+0x10/0x10 [ 20.434103] ret_from_fork_asm+0x1a/0x30 [ 20.434146] </TASK> [ 20.434164] [ 20.456453] The buggy address belongs to the physical page: [ 20.456829] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103970 [ 20.458389] flags: 0x200000000000000(node=0|zone=2) [ 20.459029] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 20.460196] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.461101] page dumped because: kasan: bad access detected [ 20.461569] [ 20.461751] Memory state around the buggy address: [ 20.462172] ffff88810396ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.462792] ffff88810396ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.463307] >ffff888103970000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.463850] ^ [ 20.464155] ffff888103970080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.464641] ffff888103970100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.465138] ================================================================== [ 20.373467] ================================================================== [ 20.374521] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 20.374904] Free of addr ffff888103970000 by task kunit_try_catch/264 [ 20.375193] [ 20.375378] CPU: 0 UID: 0 PID: 264 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.375505] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.375549] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.375601] Call Trace: [ 20.375634] <TASK> [ 20.375674] dump_stack_lvl+0x73/0xb0 [ 20.375753] print_report+0xd1/0x650 [ 20.375851] ? __virt_addr_valid+0x1db/0x2d0 [ 20.375934] ? kasan_addr_to_slab+0x11/0xa0 [ 20.376654] ? mempool_double_free_helper+0x184/0x370 [ 20.376736] kasan_report_invalid_free+0x10a/0x130 [ 20.376818] ? mempool_double_free_helper+0x184/0x370 [ 20.376920] ? mempool_double_free_helper+0x184/0x370 [ 20.376973] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 20.377040] mempool_free+0x2ec/0x380 [ 20.377127] mempool_double_free_helper+0x184/0x370 [ 20.377207] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 20.377307] ? __kasan_check_write+0x18/0x20 [ 20.377462] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.377572] ? finish_task_switch.isra.0+0x153/0x700 [ 20.377657] mempool_kmalloc_large_double_free+0xed/0x140 [ 20.377741] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 20.377826] ? __kasan_check_write+0x18/0x20 [ 20.377917] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.377987] ? __pfx_mempool_kfree+0x10/0x10 [ 20.378057] ? __pfx_read_tsc+0x10/0x10 [ 20.378105] ? ktime_get_ts64+0x86/0x230 [ 20.378144] kunit_try_run_case+0x1a5/0x480 [ 20.378183] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.378239] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 20.378318] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.378394] ? __kthread_parkme+0x82/0x180 [ 20.378427] ? preempt_count_sub+0x50/0x80 [ 20.378459] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.378492] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.378525] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.378559] kthread+0x337/0x6f0 [ 20.378586] ? trace_preempt_on+0x20/0xc0 [ 20.378630] ? __pfx_kthread+0x10/0x10 [ 20.378661] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.378696] ? calculate_sigpending+0x7b/0xa0 [ 20.378732] ? __pfx_kthread+0x10/0x10 [ 20.378760] ret_from_fork+0x116/0x1d0 [ 20.378785] ? __pfx_kthread+0x10/0x10 [ 20.378819] ret_from_fork_asm+0x1a/0x30 [ 20.378898] </TASK> [ 20.378917] [ 20.403509] The buggy address belongs to the physical page: [ 20.403819] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103970 [ 20.404223] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.404565] flags: 0x200000000000040(head|node=0|zone=2) [ 20.406709] page_type: f8(unknown) [ 20.407070] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.407689] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.408104] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.409197] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.411093] head: 0200000000000002 ffffea00040e5c01 00000000ffffffff 00000000ffffffff [ 20.411536] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.411986] page dumped because: kasan: bad access detected [ 20.412292] [ 20.412423] Memory state around the buggy address: [ 20.412695] ffff88810396ff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.416031] ffff88810396ff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.417965] >ffff888103970000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.419531] ^ [ 20.419926] ffff888103970080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.420286] ffff888103970100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.421691] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 20.270960] ================================================================== [ 20.271693] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 20.272407] Read of size 1 at addr ffff88810396c000 by task kunit_try_catch/260 [ 20.273169] [ 20.273568] CPU: 0 UID: 0 PID: 260 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.273704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.273745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.273803] Call Trace: [ 20.273861] <TASK> [ 20.273909] dump_stack_lvl+0x73/0xb0 [ 20.274015] print_report+0xd1/0x650 [ 20.274119] ? __virt_addr_valid+0x1db/0x2d0 [ 20.274198] ? mempool_uaf_helper+0x392/0x400 [ 20.274267] ? kasan_addr_to_slab+0x11/0xa0 [ 20.274737] ? mempool_uaf_helper+0x392/0x400 [ 20.274867] kasan_report+0x141/0x180 [ 20.274950] ? mempool_uaf_helper+0x392/0x400 [ 20.275030] __asan_report_load1_noabort+0x18/0x20 [ 20.275105] mempool_uaf_helper+0x392/0x400 [ 20.275159] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 20.275191] ? update_load_avg+0x1be/0x21b0 [ 20.275244] ? dequeue_entities+0x27e/0x1740 [ 20.275323] ? irqentry_exit+0x2a/0x60 [ 20.275392] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.275462] mempool_page_alloc_uaf+0xed/0x140 [ 20.275534] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 20.275620] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 20.275674] ? __pfx_mempool_free_pages+0x10/0x10 [ 20.275712] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 20.275750] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 20.275786] kunit_try_run_case+0x1a5/0x480 [ 20.275822] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.275884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.275916] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.275956] ? __kthread_parkme+0x82/0x180 [ 20.275984] ? preempt_count_sub+0x50/0x80 [ 20.276016] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.276050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.276082] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.276114] kthread+0x337/0x6f0 [ 20.276140] ? trace_preempt_on+0x20/0xc0 [ 20.276173] ? __pfx_kthread+0x10/0x10 [ 20.276201] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.276262] ? calculate_sigpending+0x7b/0xa0 [ 20.276348] ? __pfx_kthread+0x10/0x10 [ 20.276401] ret_from_fork+0x116/0x1d0 [ 20.276430] ? __pfx_kthread+0x10/0x10 [ 20.276460] ret_from_fork_asm+0x1a/0x30 [ 20.276502] </TASK> [ 20.276518] [ 20.297136] The buggy address belongs to the physical page: [ 20.298066] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10396c [ 20.298765] flags: 0x200000000000000(node=0|zone=2) [ 20.299305] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 20.300430] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 20.301197] page dumped because: kasan: bad access detected [ 20.301756] [ 20.301942] Memory state around the buggy address: [ 20.302453] ffff88810396bf00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.303028] ffff88810396bf80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.303862] >ffff88810396c000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.304819] ^ [ 20.305152] ffff88810396c080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.305888] ffff88810396c100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.306468] ================================================================== [ 20.159186] ================================================================== [ 20.160153] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 20.160796] Read of size 1 at addr ffff888103884000 by task kunit_try_catch/256 [ 20.161411] [ 20.161872] CPU: 1 UID: 0 PID: 256 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.162005] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.162042] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.162096] Call Trace: [ 20.162126] <TASK> [ 20.162169] dump_stack_lvl+0x73/0xb0 [ 20.162248] print_report+0xd1/0x650 [ 20.162330] ? __virt_addr_valid+0x1db/0x2d0 [ 20.162409] ? mempool_uaf_helper+0x392/0x400 [ 20.162499] ? kasan_addr_to_slab+0x11/0xa0 [ 20.162602] ? mempool_uaf_helper+0x392/0x400 [ 20.162678] kasan_report+0x141/0x180 [ 20.162716] ? mempool_uaf_helper+0x392/0x400 [ 20.162755] __asan_report_load1_noabort+0x18/0x20 [ 20.162791] mempool_uaf_helper+0x392/0x400 [ 20.162860] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 20.162938] ? __kasan_check_write+0x18/0x20 [ 20.163026] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.163135] ? finish_task_switch.isra.0+0x153/0x700 [ 20.163221] mempool_kmalloc_large_uaf+0xef/0x140 [ 20.163299] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 20.163386] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.163485] ? __pfx_mempool_kfree+0x10/0x10 [ 20.163597] ? __pfx_read_tsc+0x10/0x10 [ 20.163672] ? ktime_get_ts64+0x86/0x230 [ 20.163730] kunit_try_run_case+0x1a5/0x480 [ 20.163770] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.163806] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.163862] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.163905] ? __kthread_parkme+0x82/0x180 [ 20.163935] ? preempt_count_sub+0x50/0x80 [ 20.163968] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.164001] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.164034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.164067] kthread+0x337/0x6f0 [ 20.164095] ? trace_preempt_on+0x20/0xc0 [ 20.164130] ? __pfx_kthread+0x10/0x10 [ 20.164159] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.164192] ? calculate_sigpending+0x7b/0xa0 [ 20.164242] ? __pfx_kthread+0x10/0x10 [ 20.164317] ret_from_fork+0x116/0x1d0 [ 20.164367] ? __pfx_kthread+0x10/0x10 [ 20.164398] ret_from_fork_asm+0x1a/0x30 [ 20.164442] </TASK> [ 20.164458] [ 20.183811] The buggy address belongs to the physical page: [ 20.184300] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103884 [ 20.185206] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.185929] flags: 0x200000000000040(head|node=0|zone=2) [ 20.186435] page_type: f8(unknown) [ 20.186873] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.187668] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.188626] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.189409] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.190106] head: 0200000000000002 ffffea00040e2101 00000000ffffffff 00000000ffffffff [ 20.190796] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.191246] page dumped because: kasan: bad access detected [ 20.191900] [ 20.192102] Memory state around the buggy address: [ 20.192569] ffff888103883f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.193595] ffff888103883f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.194378] >ffff888103884000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.194963] ^ [ 20.195293] ffff888103884080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.196030] ffff888103884100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 20.196728] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 20.094918] ================================================================== [ 20.096141] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 20.096610] Read of size 1 at addr ffff888103393f00 by task kunit_try_catch/254 [ 20.097671] [ 20.097898] CPU: 0 UID: 0 PID: 254 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.098032] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.098073] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.098133] Call Trace: [ 20.098171] <TASK> [ 20.098236] dump_stack_lvl+0x73/0xb0 [ 20.098322] print_report+0xd1/0x650 [ 20.098402] ? __virt_addr_valid+0x1db/0x2d0 [ 20.098482] ? mempool_uaf_helper+0x392/0x400 [ 20.098550] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.098620] ? mempool_uaf_helper+0x392/0x400 [ 20.098689] kasan_report+0x141/0x180 [ 20.098759] ? mempool_uaf_helper+0x392/0x400 [ 20.098859] __asan_report_load1_noabort+0x18/0x20 [ 20.098979] mempool_uaf_helper+0x392/0x400 [ 20.099063] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 20.099139] ? __kasan_check_write+0x18/0x20 [ 20.099204] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.099275] ? irqentry_exit+0x2a/0x60 [ 20.099350] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 20.099426] mempool_kmalloc_uaf+0xef/0x140 [ 20.099482] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 20.099520] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.099568] ? __pfx_mempool_kfree+0x10/0x10 [ 20.099604] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 20.099638] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 20.099671] kunit_try_run_case+0x1a5/0x480 [ 20.099710] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.099743] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.099771] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.099809] ? __kthread_parkme+0x82/0x180 [ 20.099864] ? preempt_count_sub+0x50/0x80 [ 20.099903] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.099937] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.099971] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.100003] kthread+0x337/0x6f0 [ 20.100030] ? trace_preempt_on+0x20/0xc0 [ 20.100063] ? __pfx_kthread+0x10/0x10 [ 20.100094] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.100126] ? calculate_sigpending+0x7b/0xa0 [ 20.100160] ? __pfx_kthread+0x10/0x10 [ 20.100190] ret_from_fork+0x116/0x1d0 [ 20.100221] ? __pfx_kthread+0x10/0x10 [ 20.100293] ret_from_fork_asm+0x1a/0x30 [ 20.100369] </TASK> [ 20.100388] [ 20.120957] Allocated by task 254: [ 20.121276] kasan_save_stack+0x45/0x70 [ 20.121799] kasan_save_track+0x18/0x40 [ 20.122345] kasan_save_alloc_info+0x3b/0x50 [ 20.122927] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 20.123668] remove_element+0x11e/0x190 [ 20.124034] mempool_alloc_preallocated+0x4d/0x90 [ 20.124748] mempool_uaf_helper+0x96/0x400 [ 20.125156] mempool_kmalloc_uaf+0xef/0x140 [ 20.125632] kunit_try_run_case+0x1a5/0x480 [ 20.126030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.126745] kthread+0x337/0x6f0 [ 20.127025] ret_from_fork+0x116/0x1d0 [ 20.127523] ret_from_fork_asm+0x1a/0x30 [ 20.127960] [ 20.128205] Freed by task 254: [ 20.128501] kasan_save_stack+0x45/0x70 [ 20.128884] kasan_save_track+0x18/0x40 [ 20.129637] kasan_save_free_info+0x3f/0x60 [ 20.130149] __kasan_mempool_poison_object+0x131/0x1d0 [ 20.130647] mempool_free+0x2ec/0x380 [ 20.131083] mempool_uaf_helper+0x11a/0x400 [ 20.131448] mempool_kmalloc_uaf+0xef/0x140 [ 20.132035] kunit_try_run_case+0x1a5/0x480 [ 20.132926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.133295] kthread+0x337/0x6f0 [ 20.133694] ret_from_fork+0x116/0x1d0 [ 20.134157] ret_from_fork_asm+0x1a/0x30 [ 20.134632] [ 20.134884] The buggy address belongs to the object at ffff888103393f00 [ 20.134884] which belongs to the cache kmalloc-128 of size 128 [ 20.135755] The buggy address is located 0 bytes inside of [ 20.135755] freed 128-byte region [ffff888103393f00, ffff888103393f80) [ 20.136493] [ 20.136640] The buggy address belongs to the physical page: [ 20.137684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103393 [ 20.138344] flags: 0x200000000000000(node=0|zone=2) [ 20.140142] page_type: f5(slab) [ 20.141107] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 20.142354] raw: 0000000000000000 0000000000100010 00000000f5000000 0000000000000000 [ 20.142765] page dumped because: kasan: bad access detected [ 20.145700] [ 20.146287] Memory state around the buggy address: [ 20.148246] ffff888103393e00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.149202] ffff888103393e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.150457] >ffff888103393f00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.150959] ^ [ 20.151592] ffff888103393f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.152300] ffff888103394000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.153015] ================================================================== [ 20.203728] ================================================================== [ 20.204800] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 20.205548] Read of size 1 at addr ffff88810383f240 by task kunit_try_catch/258 [ 20.206416] [ 20.206683] CPU: 1 UID: 0 PID: 258 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.206812] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.206865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.206927] Call Trace: [ 20.206963] <TASK> [ 20.207046] dump_stack_lvl+0x73/0xb0 [ 20.207134] print_report+0xd1/0x650 [ 20.207348] ? __virt_addr_valid+0x1db/0x2d0 [ 20.207433] ? mempool_uaf_helper+0x392/0x400 [ 20.207506] ? kasan_complete_mode_report_info+0x64/0x200 [ 20.207591] ? mempool_uaf_helper+0x392/0x400 [ 20.207666] kasan_report+0x141/0x180 [ 20.207739] ? mempool_uaf_helper+0x392/0x400 [ 20.207825] __asan_report_load1_noabort+0x18/0x20 [ 20.207927] mempool_uaf_helper+0x392/0x400 [ 20.208001] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 20.208083] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.208185] ? finish_task_switch.isra.0+0x153/0x700 [ 20.208402] mempool_slab_uaf+0xea/0x140 [ 20.208477] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 20.208560] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 20.208635] ? __pfx_mempool_free_slab+0x10/0x10 [ 20.208681] ? __pfx_read_tsc+0x10/0x10 [ 20.208714] ? ktime_get_ts64+0x86/0x230 [ 20.208749] kunit_try_run_case+0x1a5/0x480 [ 20.208787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.208819] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.208878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.208920] ? __kthread_parkme+0x82/0x180 [ 20.208949] ? preempt_count_sub+0x50/0x80 [ 20.208982] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.209017] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.209051] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.209085] kthread+0x337/0x6f0 [ 20.209113] ? trace_preempt_on+0x20/0xc0 [ 20.209147] ? __pfx_kthread+0x10/0x10 [ 20.209176] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.209211] ? calculate_sigpending+0x7b/0xa0 [ 20.209248] ? __pfx_kthread+0x10/0x10 [ 20.209279] ret_from_fork+0x116/0x1d0 [ 20.209367] ? __pfx_kthread+0x10/0x10 [ 20.209447] ret_from_fork_asm+0x1a/0x30 [ 20.209541] </TASK> [ 20.209578] [ 20.229825] Allocated by task 258: [ 20.230208] kasan_save_stack+0x45/0x70 [ 20.230673] kasan_save_track+0x18/0x40 [ 20.231134] kasan_save_alloc_info+0x3b/0x50 [ 20.231915] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 20.232475] remove_element+0x11e/0x190 [ 20.232881] mempool_alloc_preallocated+0x4d/0x90 [ 20.233608] mempool_uaf_helper+0x96/0x400 [ 20.233930] mempool_slab_uaf+0xea/0x140 [ 20.234541] kunit_try_run_case+0x1a5/0x480 [ 20.234969] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.236306] kthread+0x337/0x6f0 [ 20.236891] ret_from_fork+0x116/0x1d0 [ 20.237532] ret_from_fork_asm+0x1a/0x30 [ 20.238158] [ 20.238321] Freed by task 258: [ 20.238638] kasan_save_stack+0x45/0x70 [ 20.239012] kasan_save_track+0x18/0x40 [ 20.239394] kasan_save_free_info+0x3f/0x60 [ 20.240725] __kasan_mempool_poison_object+0x131/0x1d0 [ 20.241231] mempool_free+0x2ec/0x380 [ 20.241701] mempool_uaf_helper+0x11a/0x400 [ 20.242046] mempool_slab_uaf+0xea/0x140 [ 20.243016] kunit_try_run_case+0x1a5/0x480 [ 20.243380] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.244630] kthread+0x337/0x6f0 [ 20.245138] ret_from_fork+0x116/0x1d0 [ 20.245505] ret_from_fork_asm+0x1a/0x30 [ 20.245864] [ 20.246066] The buggy address belongs to the object at ffff88810383f240 [ 20.246066] which belongs to the cache test_cache of size 123 [ 20.247636] The buggy address is located 0 bytes inside of [ 20.247636] freed 123-byte region [ffff88810383f240, ffff88810383f2bb) [ 20.248593] [ 20.248778] The buggy address belongs to the physical page: [ 20.249856] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383f [ 20.250898] flags: 0x200000000000000(node=0|zone=2) [ 20.251302] page_type: f5(slab) [ 20.251792] raw: 0200000000000000 ffff888101db3b40 dead000000000122 0000000000000000 [ 20.252349] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 20.253096] page dumped because: kasan: bad access detected [ 20.253691] [ 20.253936] Memory state around the buggy address: [ 20.254474] ffff88810383f100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.255035] ffff88810383f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.255751] >ffff88810383f200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 20.256495] ^ [ 20.256883] ffff88810383f280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 20.257633] ffff88810383f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.258584] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 19.944360] ================================================================== [ 19.945419] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 19.946084] Read of size 1 at addr ffff888100ab8873 by task kunit_try_catch/248 [ 19.946888] [ 19.947128] CPU: 1 UID: 0 PID: 248 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.947431] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.947469] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.947531] Call Trace: [ 19.947580] <TASK> [ 19.947633] dump_stack_lvl+0x73/0xb0 [ 19.947767] print_report+0xd1/0x650 [ 19.947863] ? __virt_addr_valid+0x1db/0x2d0 [ 19.947942] ? mempool_oob_right_helper+0x318/0x380 [ 19.948014] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.948085] ? mempool_oob_right_helper+0x318/0x380 [ 19.948159] kasan_report+0x141/0x180 [ 19.948233] ? mempool_oob_right_helper+0x318/0x380 [ 19.948320] __asan_report_load1_noabort+0x18/0x20 [ 19.948380] mempool_oob_right_helper+0x318/0x380 [ 19.948418] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 19.948455] ? __pfx_sched_clock_cpu+0x10/0x10 [ 19.948487] ? finish_task_switch.isra.0+0x153/0x700 [ 19.948524] mempool_kmalloc_oob_right+0xf2/0x150 [ 19.948557] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 19.948593] ? __pfx_mempool_kmalloc+0x10/0x10 [ 19.948627] ? __pfx_mempool_kfree+0x10/0x10 [ 19.948660] ? __pfx_read_tsc+0x10/0x10 [ 19.948691] ? ktime_get_ts64+0x86/0x230 [ 19.948724] kunit_try_run_case+0x1a5/0x480 [ 19.948760] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.948792] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.948821] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.948891] ? __kthread_parkme+0x82/0x180 [ 19.948922] ? preempt_count_sub+0x50/0x80 [ 19.948955] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.948988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.949019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.949052] kthread+0x337/0x6f0 [ 19.949079] ? trace_preempt_on+0x20/0xc0 [ 19.949112] ? __pfx_kthread+0x10/0x10 [ 19.949140] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.949174] ? calculate_sigpending+0x7b/0xa0 [ 19.949208] ? __pfx_kthread+0x10/0x10 [ 19.949272] ret_from_fork+0x116/0x1d0 [ 19.949340] ? __pfx_kthread+0x10/0x10 [ 19.949400] ret_from_fork_asm+0x1a/0x30 [ 19.949446] </TASK> [ 19.949464] [ 19.969607] Allocated by task 248: [ 19.970269] kasan_save_stack+0x45/0x70 [ 19.970985] kasan_save_track+0x18/0x40 [ 19.971787] kasan_save_alloc_info+0x3b/0x50 [ 19.972199] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 19.972944] remove_element+0x11e/0x190 [ 19.973488] mempool_alloc_preallocated+0x4d/0x90 [ 19.973933] mempool_oob_right_helper+0x8a/0x380 [ 19.974447] mempool_kmalloc_oob_right+0xf2/0x150 [ 19.974902] kunit_try_run_case+0x1a5/0x480 [ 19.975490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.976010] kthread+0x337/0x6f0 [ 19.976508] ret_from_fork+0x116/0x1d0 [ 19.976927] ret_from_fork_asm+0x1a/0x30 [ 19.977453] [ 19.977632] The buggy address belongs to the object at ffff888100ab8800 [ 19.977632] which belongs to the cache kmalloc-128 of size 128 [ 19.978670] The buggy address is located 0 bytes to the right of [ 19.978670] allocated 115-byte region [ffff888100ab8800, ffff888100ab8873) [ 19.979908] [ 19.980103] The buggy address belongs to the physical page: [ 19.980615] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 19.981529] flags: 0x200000000000000(node=0|zone=2) [ 19.981939] page_type: f5(slab) [ 19.982468] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 19.983051] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 19.983737] page dumped because: kasan: bad access detected [ 19.984519] [ 19.984701] Memory state around the buggy address: [ 19.985155] ffff888100ab8700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.985785] ffff888100ab8780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.986762] >ffff888100ab8800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.987253] ^ [ 19.988061] ffff888100ab8880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.988821] ffff888100ab8900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 19.989513] ================================================================== [ 19.995947] ================================================================== [ 19.997053] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 19.997811] Read of size 1 at addr ffff888103886001 by task kunit_try_catch/250 [ 19.998536] [ 19.998805] CPU: 1 UID: 0 PID: 250 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.998953] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.998993] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.999052] Call Trace: [ 19.999090] <TASK> [ 19.999135] dump_stack_lvl+0x73/0xb0 [ 19.999377] print_report+0xd1/0x650 [ 19.999467] ? __virt_addr_valid+0x1db/0x2d0 [ 19.999552] ? mempool_oob_right_helper+0x318/0x380 [ 19.999629] ? kasan_addr_to_slab+0x11/0xa0 [ 19.999732] ? mempool_oob_right_helper+0x318/0x380 [ 19.999818] kasan_report+0x141/0x180 [ 19.999909] ? mempool_oob_right_helper+0x318/0x380 [ 19.999995] __asan_report_load1_noabort+0x18/0x20 [ 20.000043] mempool_oob_right_helper+0x318/0x380 [ 20.000081] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 20.000118] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.000153] ? finish_task_switch.isra.0+0x153/0x700 [ 20.000188] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 20.000251] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 20.000340] ? __pfx_mempool_kmalloc+0x10/0x10 [ 20.000385] ? __pfx_mempool_kfree+0x10/0x10 [ 20.000422] ? __pfx_read_tsc+0x10/0x10 [ 20.000451] ? ktime_get_ts64+0x86/0x230 [ 20.000485] kunit_try_run_case+0x1a5/0x480 [ 20.000520] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.000553] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.000583] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.000621] ? __kthread_parkme+0x82/0x180 [ 20.000649] ? preempt_count_sub+0x50/0x80 [ 20.000681] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.000715] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.000746] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.000778] kthread+0x337/0x6f0 [ 20.000805] ? trace_preempt_on+0x20/0xc0 [ 20.000862] ? __pfx_kthread+0x10/0x10 [ 20.000894] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.000929] ? calculate_sigpending+0x7b/0xa0 [ 20.000964] ? __pfx_kthread+0x10/0x10 [ 20.000994] ret_from_fork+0x116/0x1d0 [ 20.001021] ? __pfx_kthread+0x10/0x10 [ 20.001049] ret_from_fork_asm+0x1a/0x30 [ 20.001089] </TASK> [ 20.001104] [ 20.020149] The buggy address belongs to the physical page: [ 20.021074] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103884 [ 20.021660] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 20.022928] flags: 0x200000000000040(head|node=0|zone=2) [ 20.023690] page_type: f8(unknown) [ 20.024110] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.025357] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.026652] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 20.027562] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 20.028381] head: 0200000000000002 ffffea00040e2101 00000000ffffffff 00000000ffffffff [ 20.028977] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 20.029500] page dumped because: kasan: bad access detected [ 20.030027] [ 20.030279] Memory state around the buggy address: [ 20.030899] ffff888103885f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.031913] ffff888103885f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 20.033060] >ffff888103886000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.034400] ^ [ 20.034881] ffff888103886080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.035965] ffff888103886100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 20.036198] ================================================================== [ 20.044399] ================================================================== [ 20.045320] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 20.046104] Read of size 1 at addr ffff88810383d2bb by task kunit_try_catch/252 [ 20.046767] [ 20.047258] CPU: 1 UID: 0 PID: 252 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 20.047535] Tainted: [B]=BAD_PAGE, [N]=TEST [ 20.047582] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 20.047642] Call Trace: [ 20.047683] <TASK> [ 20.047728] dump_stack_lvl+0x73/0xb0 [ 20.047823] print_report+0xd1/0x650 [ 20.047922] ? __virt_addr_valid+0x1db/0x2d0 [ 20.048020] ? mempool_oob_right_helper+0x318/0x380 [ 20.048124] ? kasan_complete_mode_report_info+0x2a/0x200 [ 20.048196] ? mempool_oob_right_helper+0x318/0x380 [ 20.048273] kasan_report+0x141/0x180 [ 20.048346] ? mempool_oob_right_helper+0x318/0x380 [ 20.048458] __asan_report_load1_noabort+0x18/0x20 [ 20.048506] mempool_oob_right_helper+0x318/0x380 [ 20.048543] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 20.048582] ? __pfx_sched_clock_cpu+0x10/0x10 [ 20.048615] ? finish_task_switch.isra.0+0x153/0x700 [ 20.048652] mempool_slab_oob_right+0xed/0x140 [ 20.048687] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 20.048725] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 20.048760] ? __pfx_mempool_free_slab+0x10/0x10 [ 20.048796] ? __pfx_read_tsc+0x10/0x10 [ 20.048826] ? ktime_get_ts64+0x86/0x230 [ 20.048890] kunit_try_run_case+0x1a5/0x480 [ 20.048930] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.048962] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 20.048992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 20.049029] ? __kthread_parkme+0x82/0x180 [ 20.049057] ? preempt_count_sub+0x50/0x80 [ 20.049088] ? __pfx_kunit_try_run_case+0x10/0x10 [ 20.049120] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.049152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 20.049184] kthread+0x337/0x6f0 [ 20.049212] ? trace_preempt_on+0x20/0xc0 [ 20.049275] ? __pfx_kthread+0x10/0x10 [ 20.049305] ? _raw_spin_unlock_irq+0x47/0x80 [ 20.049341] ? calculate_sigpending+0x7b/0xa0 [ 20.049375] ? __pfx_kthread+0x10/0x10 [ 20.049405] ret_from_fork+0x116/0x1d0 [ 20.049431] ? __pfx_kthread+0x10/0x10 [ 20.049459] ret_from_fork_asm+0x1a/0x30 [ 20.049500] </TASK> [ 20.049515] [ 20.064370] Allocated by task 252: [ 20.064623] kasan_save_stack+0x45/0x70 [ 20.064971] kasan_save_track+0x18/0x40 [ 20.065399] kasan_save_alloc_info+0x3b/0x50 [ 20.065882] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 20.066509] remove_element+0x11e/0x190 [ 20.066978] mempool_alloc_preallocated+0x4d/0x90 [ 20.067472] mempool_oob_right_helper+0x8a/0x380 [ 20.068026] mempool_slab_oob_right+0xed/0x140 [ 20.068514] kunit_try_run_case+0x1a5/0x480 [ 20.068891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 20.069383] kthread+0x337/0x6f0 [ 20.069647] ret_from_fork+0x116/0x1d0 [ 20.069986] ret_from_fork_asm+0x1a/0x30 [ 20.070404] [ 20.070607] The buggy address belongs to the object at ffff88810383d240 [ 20.070607] which belongs to the cache test_cache of size 123 [ 20.071646] The buggy address is located 0 bytes to the right of [ 20.071646] allocated 123-byte region [ffff88810383d240, ffff88810383d2bb) [ 20.072653] [ 20.072817] The buggy address belongs to the physical page: [ 20.073908] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383d [ 20.074628] flags: 0x200000000000000(node=0|zone=2) [ 20.075135] page_type: f5(slab) [ 20.075460] raw: 0200000000000000 ffff888101db3a00 dead000000000122 0000000000000000 [ 20.076087] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 20.076767] page dumped because: kasan: bad access detected [ 20.077281] [ 20.077482] Memory state around the buggy address: [ 20.077959] ffff88810383d180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 20.078579] ffff88810383d200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 20.079153] >ffff88810383d280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 20.079683] ^ [ 20.080028] ffff88810383d300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.080491] ffff88810383d380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 20.081046] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 19.331784] ================================================================== [ 19.332521] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 19.333209] Read of size 1 at addr ffff8881017f13c0 by task kunit_try_catch/242 [ 19.333752] [ 19.333995] CPU: 0 UID: 0 PID: 242 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.334156] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.334190] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.334247] Call Trace: [ 19.334283] <TASK> [ 19.334331] dump_stack_lvl+0x73/0xb0 [ 19.334452] print_report+0xd1/0x650 [ 19.334558] ? __virt_addr_valid+0x1db/0x2d0 [ 19.334640] ? kmem_cache_double_destroy+0x1bf/0x380 [ 19.335155] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.335228] ? kmem_cache_double_destroy+0x1bf/0x380 [ 19.335307] kasan_report+0x141/0x180 [ 19.335378] ? kmem_cache_double_destroy+0x1bf/0x380 [ 19.335459] ? kmem_cache_double_destroy+0x1bf/0x380 [ 19.335535] __kasan_check_byte+0x3d/0x50 [ 19.335619] kmem_cache_destroy+0x25/0x1d0 [ 19.335693] kmem_cache_double_destroy+0x1bf/0x380 [ 19.335768] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 19.335858] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 19.335935] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 19.335981] kunit_try_run_case+0x1a5/0x480 [ 19.336019] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.336052] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.336083] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.336123] ? __kthread_parkme+0x82/0x180 [ 19.336154] ? preempt_count_sub+0x50/0x80 [ 19.336189] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.336232] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.336310] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.336368] kthread+0x337/0x6f0 [ 19.336398] ? trace_preempt_on+0x20/0xc0 [ 19.336435] ? __pfx_kthread+0x10/0x10 [ 19.336464] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.336497] ? calculate_sigpending+0x7b/0xa0 [ 19.336532] ? __pfx_kthread+0x10/0x10 [ 19.336561] ret_from_fork+0x116/0x1d0 [ 19.336588] ? __pfx_kthread+0x10/0x10 [ 19.336618] ret_from_fork_asm+0x1a/0x30 [ 19.336661] </TASK> [ 19.336676] [ 19.354611] Allocated by task 242: [ 19.355140] kasan_save_stack+0x45/0x70 [ 19.355550] kasan_save_track+0x18/0x40 [ 19.357617] kasan_save_alloc_info+0x3b/0x50 [ 19.358937] __kasan_slab_alloc+0x91/0xa0 [ 19.359574] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.361144] __kmem_cache_create_args+0x169/0x240 [ 19.362258] kmem_cache_double_destroy+0xd5/0x380 [ 19.363496] kunit_try_run_case+0x1a5/0x480 [ 19.364536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.365028] kthread+0x337/0x6f0 [ 19.365359] ret_from_fork+0x116/0x1d0 [ 19.365660] ret_from_fork_asm+0x1a/0x30 [ 19.365922] [ 19.366079] Freed by task 242: [ 19.366309] kasan_save_stack+0x45/0x70 [ 19.366555] kasan_save_track+0x18/0x40 [ 19.366774] kasan_save_free_info+0x3f/0x60 [ 19.369577] __kasan_slab_free+0x56/0x70 [ 19.370017] kmem_cache_free+0x249/0x420 [ 19.370866] slab_kmem_cache_release+0x2e/0x40 [ 19.371378] kmem_cache_release+0x16/0x20 [ 19.371780] kobject_put+0x181/0x450 [ 19.372449] sysfs_slab_release+0x16/0x20 [ 19.372970] kmem_cache_destroy+0xf0/0x1d0 [ 19.373523] kmem_cache_double_destroy+0x14e/0x380 [ 19.374101] kunit_try_run_case+0x1a5/0x480 [ 19.374883] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.375401] kthread+0x337/0x6f0 [ 19.375965] ret_from_fork+0x116/0x1d0 [ 19.376468] ret_from_fork_asm+0x1a/0x30 [ 19.377011] [ 19.377424] The buggy address belongs to the object at ffff8881017f13c0 [ 19.377424] which belongs to the cache kmem_cache of size 208 [ 19.378823] The buggy address is located 0 bytes inside of [ 19.378823] freed 208-byte region [ffff8881017f13c0, ffff8881017f1490) [ 19.380049] [ 19.380409] The buggy address belongs to the physical page: [ 19.380947] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1017f1 [ 19.381611] flags: 0x200000000000000(node=0|zone=2) [ 19.382631] page_type: f5(slab) [ 19.382928] raw: 0200000000000000 ffff888100041000 dead000000000122 0000000000000000 [ 19.383787] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 19.384551] page dumped because: kasan: bad access detected [ 19.385007] [ 19.385421] Memory state around the buggy address: [ 19.385967] ffff8881017f1280: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.386849] ffff8881017f1300: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 19.387665] >ffff8881017f1380: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 19.388414] ^ [ 19.388933] ffff8881017f1400: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.389642] ffff8881017f1480: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.390555] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 19.248575] ================================================================== [ 19.249277] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 19.250239] Read of size 1 at addr ffff88810383a000 by task kunit_try_catch/240 [ 19.250972] [ 19.251630] CPU: 1 UID: 0 PID: 240 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.251761] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.251797] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.251936] Call Trace: [ 19.252037] <TASK> [ 19.252089] dump_stack_lvl+0x73/0xb0 [ 19.252175] print_report+0xd1/0x650 [ 19.252389] ? __virt_addr_valid+0x1db/0x2d0 [ 19.252465] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 19.252503] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.252536] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 19.252569] kasan_report+0x141/0x180 [ 19.252600] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 19.252640] __asan_report_load1_noabort+0x18/0x20 [ 19.252677] kmem_cache_rcu_uaf+0x3e3/0x510 [ 19.252711] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 19.252742] ? finish_task_switch.isra.0+0x153/0x700 [ 19.252773] ? __switch_to+0x47/0xf50 [ 19.252811] ? __pfx_read_tsc+0x10/0x10 [ 19.252869] ? ktime_get_ts64+0x86/0x230 [ 19.252905] kunit_try_run_case+0x1a5/0x480 [ 19.252942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.252973] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.253002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.253038] ? __kthread_parkme+0x82/0x180 [ 19.253067] ? preempt_count_sub+0x50/0x80 [ 19.253098] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.253131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.253164] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.253196] kthread+0x337/0x6f0 [ 19.253284] ? trace_preempt_on+0x20/0xc0 [ 19.253359] ? __pfx_kthread+0x10/0x10 [ 19.253390] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.253423] ? calculate_sigpending+0x7b/0xa0 [ 19.253458] ? __pfx_kthread+0x10/0x10 [ 19.253486] ret_from_fork+0x116/0x1d0 [ 19.253512] ? __pfx_kthread+0x10/0x10 [ 19.253540] ret_from_fork_asm+0x1a/0x30 [ 19.253581] </TASK> [ 19.253597] [ 19.270212] Allocated by task 240: [ 19.270736] kasan_save_stack+0x45/0x70 [ 19.271193] kasan_save_track+0x18/0x40 [ 19.271721] kasan_save_alloc_info+0x3b/0x50 [ 19.272178] __kasan_slab_alloc+0x91/0xa0 [ 19.272763] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.273143] kmem_cache_rcu_uaf+0x155/0x510 [ 19.273915] kunit_try_run_case+0x1a5/0x480 [ 19.274390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.275027] kthread+0x337/0x6f0 [ 19.275569] ret_from_fork+0x116/0x1d0 [ 19.275935] ret_from_fork_asm+0x1a/0x30 [ 19.276503] [ 19.276729] Freed by task 0: [ 19.277042] kasan_save_stack+0x45/0x70 [ 19.277493] kasan_save_track+0x18/0x40 [ 19.278108] kasan_save_free_info+0x3f/0x60 [ 19.278707] __kasan_slab_free+0x56/0x70 [ 19.279124] slab_free_after_rcu_debug+0xe4/0x310 [ 19.279768] rcu_core+0x66f/0x1c40 [ 19.280189] rcu_core_si+0x12/0x20 [ 19.280665] handle_softirqs+0x209/0x730 [ 19.280976] __irq_exit_rcu+0xc9/0x110 [ 19.281523] irq_exit_rcu+0x12/0x20 [ 19.282158] sysvec_apic_timer_interrupt+0x81/0x90 [ 19.282748] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 19.283190] [ 19.283566] Last potentially related work creation: [ 19.284057] kasan_save_stack+0x45/0x70 [ 19.284578] kasan_record_aux_stack+0xb2/0xc0 [ 19.285010] kmem_cache_free+0x131/0x420 [ 19.285492] kmem_cache_rcu_uaf+0x194/0x510 [ 19.285908] kunit_try_run_case+0x1a5/0x480 [ 19.286639] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.287094] kthread+0x337/0x6f0 [ 19.287651] ret_from_fork+0x116/0x1d0 [ 19.287970] ret_from_fork_asm+0x1a/0x30 [ 19.288545] [ 19.288749] The buggy address belongs to the object at ffff88810383a000 [ 19.288749] which belongs to the cache test_cache of size 200 [ 19.289799] The buggy address is located 0 bytes inside of [ 19.289799] freed 200-byte region [ffff88810383a000, ffff88810383a0c8) [ 19.291172] [ 19.291545] The buggy address belongs to the physical page: [ 19.291989] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10383a [ 19.292779] flags: 0x200000000000000(node=0|zone=2) [ 19.293371] page_type: f5(slab) [ 19.293738] raw: 0200000000000000 ffff888101db3780 dead000000000122 0000000000000000 [ 19.294612] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.295313] page dumped because: kasan: bad access detected [ 19.295761] [ 19.295975] Memory state around the buggy address: [ 19.296340] ffff888103839f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.297189] ffff888103839f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.297878] >ffff88810383a000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.298794] ^ [ 19.299105] ffff88810383a080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 19.299818] ffff88810383a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.300524] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 19.165530] ================================================================== [ 19.166354] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 19.166943] Free of addr ffff8881033aa001 by task kunit_try_catch/238 [ 19.167421] [ 19.167649] CPU: 0 UID: 0 PID: 238 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.167776] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.167812] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.167923] Call Trace: [ 19.167962] <TASK> [ 19.168014] dump_stack_lvl+0x73/0xb0 [ 19.168098] print_report+0xd1/0x650 [ 19.168171] ? __virt_addr_valid+0x1db/0x2d0 [ 19.168294] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.168370] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.168443] kasan_report_invalid_free+0x10a/0x130 [ 19.168507] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.168576] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.168640] check_slab_allocation+0x11f/0x130 [ 19.168698] __kasan_slab_pre_free+0x28/0x40 [ 19.168755] kmem_cache_free+0xed/0x420 [ 19.168811] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.168890] ? kmem_cache_invalid_free+0x1d8/0x460 [ 19.168961] kmem_cache_invalid_free+0x1d8/0x460 [ 19.169028] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 19.169084] ? finish_task_switch.isra.0+0x153/0x700 [ 19.169143] ? __switch_to+0x47/0xf50 [ 19.169256] ? __pfx_read_tsc+0x10/0x10 [ 19.169329] ? ktime_get_ts64+0x86/0x230 [ 19.169405] kunit_try_run_case+0x1a5/0x480 [ 19.169487] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.169555] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.169624] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.169707] ? __kthread_parkme+0x82/0x180 [ 19.169776] ? preempt_count_sub+0x50/0x80 [ 19.169863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.169938] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.170009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.170080] kthread+0x337/0x6f0 [ 19.170142] ? trace_preempt_on+0x20/0xc0 [ 19.170256] ? __pfx_kthread+0x10/0x10 [ 19.170326] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.170395] ? calculate_sigpending+0x7b/0xa0 [ 19.170462] ? __pfx_kthread+0x10/0x10 [ 19.170529] ret_from_fork+0x116/0x1d0 [ 19.170593] ? __pfx_kthread+0x10/0x10 [ 19.170662] ret_from_fork_asm+0x1a/0x30 [ 19.170754] </TASK> [ 19.170790] [ 19.187506] Allocated by task 238: [ 19.187802] kasan_save_stack+0x45/0x70 [ 19.188366] kasan_save_track+0x18/0x40 [ 19.188696] kasan_save_alloc_info+0x3b/0x50 [ 19.189115] __kasan_slab_alloc+0x91/0xa0 [ 19.189640] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.190047] kmem_cache_invalid_free+0x157/0x460 [ 19.190825] kunit_try_run_case+0x1a5/0x480 [ 19.191170] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.191643] kthread+0x337/0x6f0 [ 19.191995] ret_from_fork+0x116/0x1d0 [ 19.192307] ret_from_fork_asm+0x1a/0x30 [ 19.192628] [ 19.192991] The buggy address belongs to the object at ffff8881033aa000 [ 19.192991] which belongs to the cache test_cache of size 200 [ 19.193991] The buggy address is located 1 bytes inside of [ 19.193991] 200-byte region [ffff8881033aa000, ffff8881033aa0c8) [ 19.195021] [ 19.195359] The buggy address belongs to the physical page: [ 19.195863] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033aa [ 19.196699] flags: 0x200000000000000(node=0|zone=2) [ 19.197196] page_type: f5(slab) [ 19.197680] raw: 0200000000000000 ffff8881017f1280 dead000000000122 0000000000000000 [ 19.198251] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.199133] page dumped because: kasan: bad access detected [ 19.199719] [ 19.199912] Memory state around the buggy address: [ 19.200403] ffff8881033a9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.200952] ffff8881033a9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.201527] >ffff8881033aa000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.202100] ^ [ 19.202419] ffff8881033aa080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 19.203024] ffff8881033aa100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.203570] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 19.099162] ================================================================== [ 19.099778] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 19.100225] Free of addr ffff888103838000 by task kunit_try_catch/236 [ 19.100878] [ 19.101054] CPU: 1 UID: 0 PID: 236 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.101163] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.101194] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.101247] Call Trace: [ 19.101281] <TASK> [ 19.101324] dump_stack_lvl+0x73/0xb0 [ 19.101415] print_report+0xd1/0x650 [ 19.101492] ? __virt_addr_valid+0x1db/0x2d0 [ 19.101569] ? kasan_complete_mode_report_info+0x64/0x200 [ 19.101638] ? kmem_cache_double_free+0x1e5/0x480 [ 19.101704] kasan_report_invalid_free+0x10a/0x130 [ 19.101777] ? kmem_cache_double_free+0x1e5/0x480 [ 19.101871] ? kmem_cache_double_free+0x1e5/0x480 [ 19.101945] check_slab_allocation+0x101/0x130 [ 19.102018] __kasan_slab_pre_free+0x28/0x40 [ 19.102088] kmem_cache_free+0xed/0x420 [ 19.102156] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.102222] ? kmem_cache_double_free+0x1e5/0x480 [ 19.102307] kmem_cache_double_free+0x1e5/0x480 [ 19.102383] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 19.102457] ? finish_task_switch.isra.0+0x153/0x700 [ 19.102530] ? __switch_to+0x47/0xf50 [ 19.102618] ? __pfx_read_tsc+0x10/0x10 [ 19.102686] ? ktime_get_ts64+0x86/0x230 [ 19.102768] kunit_try_run_case+0x1a5/0x480 [ 19.103185] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.103358] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.103445] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.103528] ? __kthread_parkme+0x82/0x180 [ 19.103609] ? preempt_count_sub+0x50/0x80 [ 19.103682] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.103753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.103858] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.103935] kthread+0x337/0x6f0 [ 19.103983] ? trace_preempt_on+0x20/0xc0 [ 19.104020] ? __pfx_kthread+0x10/0x10 [ 19.104049] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.104083] ? calculate_sigpending+0x7b/0xa0 [ 19.104117] ? __pfx_kthread+0x10/0x10 [ 19.104146] ret_from_fork+0x116/0x1d0 [ 19.104173] ? __pfx_kthread+0x10/0x10 [ 19.104201] ret_from_fork_asm+0x1a/0x30 [ 19.104307] </TASK> [ 19.104351] [ 19.125205] Allocated by task 236: [ 19.125513] kasan_save_stack+0x45/0x70 [ 19.125893] kasan_save_track+0x18/0x40 [ 19.126598] kasan_save_alloc_info+0x3b/0x50 [ 19.127151] __kasan_slab_alloc+0x91/0xa0 [ 19.128009] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.129077] kmem_cache_double_free+0x14f/0x480 [ 19.130062] kunit_try_run_case+0x1a5/0x480 [ 19.130931] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.131329] kthread+0x337/0x6f0 [ 19.131864] ret_from_fork+0x116/0x1d0 [ 19.132586] ret_from_fork_asm+0x1a/0x30 [ 19.133010] [ 19.133167] Freed by task 236: [ 19.133853] kasan_save_stack+0x45/0x70 [ 19.134698] kasan_save_track+0x18/0x40 [ 19.135416] kasan_save_free_info+0x3f/0x60 [ 19.135752] __kasan_slab_free+0x56/0x70 [ 19.136165] kmem_cache_free+0x249/0x420 [ 19.136541] kmem_cache_double_free+0x16a/0x480 [ 19.136949] kunit_try_run_case+0x1a5/0x480 [ 19.137315] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.137687] kthread+0x337/0x6f0 [ 19.138043] ret_from_fork+0x116/0x1d0 [ 19.138450] ret_from_fork_asm+0x1a/0x30 [ 19.139242] [ 19.139526] The buggy address belongs to the object at ffff888103838000 [ 19.139526] which belongs to the cache test_cache of size 200 [ 19.140986] The buggy address is located 0 bytes inside of [ 19.140986] 200-byte region [ffff888103838000, ffff8881038380c8) [ 19.142103] [ 19.142487] The buggy address belongs to the physical page: [ 19.143568] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103838 [ 19.144147] flags: 0x200000000000000(node=0|zone=2) [ 19.144552] page_type: f5(slab) [ 19.145006] raw: 0200000000000000 ffff888101db3640 dead000000000122 0000000000000000 [ 19.145756] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.146325] page dumped because: kasan: bad access detected [ 19.147078] [ 19.147368] Memory state around the buggy address: [ 19.147728] ffff888103837f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.148345] ffff888103837f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.148884] >ffff888103838000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 19.149448] ^ [ 19.149756] ffff888103838080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 19.150556] ffff888103838100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.151048] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 19.024606] ================================================================== [ 19.025658] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 19.026163] Read of size 1 at addr ffff8881033a80c8 by task kunit_try_catch/234 [ 19.026942] [ 19.027176] CPU: 0 UID: 0 PID: 234 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 19.027331] Tainted: [B]=BAD_PAGE, [N]=TEST [ 19.027369] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 19.027425] Call Trace: [ 19.027464] <TASK> [ 19.027531] dump_stack_lvl+0x73/0xb0 [ 19.027783] print_report+0xd1/0x650 [ 19.027878] ? __virt_addr_valid+0x1db/0x2d0 [ 19.027978] ? kmem_cache_oob+0x402/0x530 [ 19.028075] ? kasan_complete_mode_report_info+0x2a/0x200 [ 19.028146] ? kmem_cache_oob+0x402/0x530 [ 19.028250] kasan_report+0x141/0x180 [ 19.028339] ? kmem_cache_oob+0x402/0x530 [ 19.028426] __asan_report_load1_noabort+0x18/0x20 [ 19.028517] kmem_cache_oob+0x402/0x530 [ 19.028590] ? trace_hardirqs_on+0x37/0xe0 [ 19.028630] ? __pfx_kmem_cache_oob+0x10/0x10 [ 19.028662] ? finish_task_switch.isra.0+0x153/0x700 [ 19.028692] ? __switch_to+0x47/0xf50 [ 19.028730] ? __pfx_read_tsc+0x10/0x10 [ 19.028759] ? ktime_get_ts64+0x86/0x230 [ 19.028792] kunit_try_run_case+0x1a5/0x480 [ 19.028826] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.028885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 19.028918] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 19.028955] ? __kthread_parkme+0x82/0x180 [ 19.028982] ? preempt_count_sub+0x50/0x80 [ 19.029012] ? __pfx_kunit_try_run_case+0x10/0x10 [ 19.029045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.029075] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 19.029106] kthread+0x337/0x6f0 [ 19.029132] ? trace_preempt_on+0x20/0xc0 [ 19.029162] ? __pfx_kthread+0x10/0x10 [ 19.029189] ? _raw_spin_unlock_irq+0x47/0x80 [ 19.029231] ? calculate_sigpending+0x7b/0xa0 [ 19.029309] ? __pfx_kthread+0x10/0x10 [ 19.029373] ret_from_fork+0x116/0x1d0 [ 19.029404] ? __pfx_kthread+0x10/0x10 [ 19.029433] ret_from_fork_asm+0x1a/0x30 [ 19.029475] </TASK> [ 19.029491] [ 19.046913] Allocated by task 234: [ 19.047677] kasan_save_stack+0x45/0x70 [ 19.048016] kasan_save_track+0x18/0x40 [ 19.048296] kasan_save_alloc_info+0x3b/0x50 [ 19.048812] __kasan_slab_alloc+0x91/0xa0 [ 19.049323] kmem_cache_alloc_noprof+0x123/0x3f0 [ 19.049821] kmem_cache_oob+0x157/0x530 [ 19.050158] kunit_try_run_case+0x1a5/0x480 [ 19.050573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 19.051188] kthread+0x337/0x6f0 [ 19.052257] ret_from_fork+0x116/0x1d0 [ 19.052868] ret_from_fork_asm+0x1a/0x30 [ 19.053443] [ 19.053784] The buggy address belongs to the object at ffff8881033a8000 [ 19.053784] which belongs to the cache test_cache of size 200 [ 19.055088] The buggy address is located 0 bytes to the right of [ 19.055088] allocated 200-byte region [ffff8881033a8000, ffff8881033a80c8) [ 19.056423] [ 19.057096] The buggy address belongs to the physical page: [ 19.057552] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1033a8 [ 19.058162] flags: 0x200000000000000(node=0|zone=2) [ 19.058711] page_type: f5(slab) [ 19.059005] raw: 0200000000000000 ffff8881017f1140 dead000000000122 0000000000000000 [ 19.059724] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 19.061086] page dumped because: kasan: bad access detected [ 19.061713] [ 19.061938] Memory state around the buggy address: [ 19.062388] ffff8881033a7f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.062947] ffff8881033a8000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 19.063499] >ffff8881033a8080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 19.064124] ^ [ 19.065012] ffff8881033a8100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.065643] ffff8881033a8180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.066157] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 18.954130] ================================================================== [ 18.955287] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 18.956049] Read of size 8 at addr ffff888102a1a180 by task kunit_try_catch/227 [ 18.957077] [ 18.957463] CPU: 1 UID: 0 PID: 227 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.957621] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.957660] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.957748] Call Trace: [ 18.957787] <TASK> [ 18.957852] dump_stack_lvl+0x73/0xb0 [ 18.957940] print_report+0xd1/0x650 [ 18.958012] ? __virt_addr_valid+0x1db/0x2d0 [ 18.958082] ? workqueue_uaf+0x4d6/0x560 [ 18.958147] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.958214] ? workqueue_uaf+0x4d6/0x560 [ 18.958303] kasan_report+0x141/0x180 [ 18.958378] ? workqueue_uaf+0x4d6/0x560 [ 18.958445] __asan_report_load8_noabort+0x18/0x20 [ 18.958483] workqueue_uaf+0x4d6/0x560 [ 18.958515] ? __pfx_workqueue_uaf+0x10/0x10 [ 18.958546] ? __schedule+0x10cc/0x2b60 [ 18.958579] ? __pfx_read_tsc+0x10/0x10 [ 18.958609] ? ktime_get_ts64+0x86/0x230 [ 18.958644] kunit_try_run_case+0x1a5/0x480 [ 18.958679] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.958712] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.958741] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.958778] ? __kthread_parkme+0x82/0x180 [ 18.958806] ? preempt_count_sub+0x50/0x80 [ 18.958863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.958901] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.958934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.958966] kthread+0x337/0x6f0 [ 18.958993] ? trace_preempt_on+0x20/0xc0 [ 18.959028] ? __pfx_kthread+0x10/0x10 [ 18.959058] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.959092] ? calculate_sigpending+0x7b/0xa0 [ 18.959127] ? __pfx_kthread+0x10/0x10 [ 18.959156] ret_from_fork+0x116/0x1d0 [ 18.959181] ? __pfx_kthread+0x10/0x10 [ 18.959209] ret_from_fork_asm+0x1a/0x30 [ 18.959291] </TASK> [ 18.959507] [ 18.978812] Allocated by task 227: [ 18.979283] kasan_save_stack+0x45/0x70 [ 18.979721] kasan_save_track+0x18/0x40 [ 18.980029] kasan_save_alloc_info+0x3b/0x50 [ 18.980526] __kasan_kmalloc+0xb7/0xc0 [ 18.981167] __kmalloc_cache_noprof+0x189/0x420 [ 18.981529] workqueue_uaf+0x152/0x560 [ 18.982106] kunit_try_run_case+0x1a5/0x480 [ 18.982663] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.983031] kthread+0x337/0x6f0 [ 18.983582] ret_from_fork+0x116/0x1d0 [ 18.984025] ret_from_fork_asm+0x1a/0x30 [ 18.984592] [ 18.984807] Freed by task 40: [ 18.985073] kasan_save_stack+0x45/0x70 [ 18.985609] kasan_save_track+0x18/0x40 [ 18.986010] kasan_save_free_info+0x3f/0x60 [ 18.986699] __kasan_slab_free+0x56/0x70 [ 18.987148] kfree+0x222/0x3f0 [ 18.987644] workqueue_uaf_work+0x12/0x20 [ 18.988011] process_one_work+0x5ee/0xf60 [ 18.988413] worker_thread+0x758/0x1220 [ 18.988714] kthread+0x337/0x6f0 [ 18.989392] ret_from_fork+0x116/0x1d0 [ 18.989848] ret_from_fork_asm+0x1a/0x30 [ 18.990348] [ 18.990564] Last potentially related work creation: [ 18.991050] kasan_save_stack+0x45/0x70 [ 18.991715] kasan_record_aux_stack+0xb2/0xc0 [ 18.992198] __queue_work+0x61a/0xe70 [ 18.992687] queue_work_on+0xb6/0xc0 [ 18.992981] workqueue_uaf+0x26d/0x560 [ 18.993541] kunit_try_run_case+0x1a5/0x480 [ 18.993963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.994589] kthread+0x337/0x6f0 [ 18.995006] ret_from_fork+0x116/0x1d0 [ 18.995561] ret_from_fork_asm+0x1a/0x30 [ 18.995910] [ 18.996157] The buggy address belongs to the object at ffff888102a1a180 [ 18.996157] which belongs to the cache kmalloc-32 of size 32 [ 18.997014] The buggy address is located 0 bytes inside of [ 18.997014] freed 32-byte region [ffff888102a1a180, ffff888102a1a1a0) [ 18.998183] [ 18.998522] The buggy address belongs to the physical page: [ 18.999046] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1a [ 18.999743] flags: 0x200000000000000(node=0|zone=2) [ 19.000397] page_type: f5(slab) [ 19.000792] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 19.001586] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 19.002154] page dumped because: kasan: bad access detected [ 19.003045] [ 19.003347] Memory state around the buggy address: [ 19.003802] ffff888102a1a080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 19.004540] ffff888102a1a100: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 19.005161] >ffff888102a1a180: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 19.005798] ^ [ 19.006191] ffff888102a1a200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.006898] ffff888102a1a280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 19.007954] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 18.885474] ================================================================== [ 18.886426] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 18.887031] Read of size 4 at addr ffff888102a1a0c0 by task swapper/1/0 [ 18.887546] [ 18.887751] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.888046] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.888086] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.888146] Call Trace: [ 18.888208] <IRQ> [ 18.888402] dump_stack_lvl+0x73/0xb0 [ 18.888495] print_report+0xd1/0x650 [ 18.888568] ? __virt_addr_valid+0x1db/0x2d0 [ 18.888644] ? rcu_uaf_reclaim+0x50/0x60 [ 18.888713] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.888782] ? rcu_uaf_reclaim+0x50/0x60 [ 18.888867] kasan_report+0x141/0x180 [ 18.888946] ? rcu_uaf_reclaim+0x50/0x60 [ 18.889026] __asan_report_load4_noabort+0x18/0x20 [ 18.889102] rcu_uaf_reclaim+0x50/0x60 [ 18.889168] rcu_core+0x66f/0x1c40 [ 18.889317] ? __pfx_rcu_core+0x10/0x10 [ 18.889360] ? ktime_get+0x6b/0x150 [ 18.889401] rcu_core_si+0x12/0x20 [ 18.889431] handle_softirqs+0x209/0x730 [ 18.889462] ? hrtimer_interrupt+0x2fe/0x780 [ 18.889494] ? __pfx_handle_softirqs+0x10/0x10 [ 18.889528] __irq_exit_rcu+0xc9/0x110 [ 18.889556] irq_exit_rcu+0x12/0x20 [ 18.889582] sysvec_apic_timer_interrupt+0x81/0x90 [ 18.889614] </IRQ> [ 18.889651] <TASK> [ 18.889668] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 18.889783] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 18.890061] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d c3 48 1f 00 fb f4 <e9> 7c 1d 02 00 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 18.890170] RSP: 0000:ffff888100877dc8 EFLAGS: 00010212 [ 18.890393] RAX: ffff88819b969000 RBX: ffff888100853000 RCX: ffffffffbd297225 [ 18.890459] RDX: ffffed102b62618b RSI: 0000000000000004 RDI: 00000000000103fc [ 18.890519] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102b62618a [ 18.890576] R10: ffff88815b130c53 R11: 0000000000072c00 R12: 0000000000000001 [ 18.890631] R13: ffffed102010a600 R14: ffffffffbefb7990 R15: 0000000000000000 [ 18.890707] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 18.890783] ? default_idle+0xd/0x20 [ 18.890818] arch_cpu_idle+0xd/0x20 [ 18.890868] default_idle_call+0x48/0x80 [ 18.890900] do_idle+0x379/0x4f0 [ 18.890936] ? __pfx_do_idle+0x10/0x10 [ 18.890966] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 18.891004] ? complete+0x15b/0x1d0 [ 18.891033] cpu_startup_entry+0x5c/0x70 [ 18.891066] start_secondary+0x211/0x290 [ 18.891095] ? __pfx_start_secondary+0x10/0x10 [ 18.891129] common_startup_64+0x13e/0x148 [ 18.891170] </TASK> [ 18.891185] [ 18.910180] Allocated by task 225: [ 18.910667] kasan_save_stack+0x45/0x70 [ 18.911085] kasan_save_track+0x18/0x40 [ 18.911610] kasan_save_alloc_info+0x3b/0x50 [ 18.912039] __kasan_kmalloc+0xb7/0xc0 [ 18.912532] __kmalloc_cache_noprof+0x189/0x420 [ 18.912947] rcu_uaf+0xb0/0x330 [ 18.913201] kunit_try_run_case+0x1a5/0x480 [ 18.913599] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.914106] kthread+0x337/0x6f0 [ 18.914444] ret_from_fork+0x116/0x1d0 [ 18.915149] ret_from_fork_asm+0x1a/0x30 [ 18.915605] [ 18.915765] Freed by task 0: [ 18.916075] kasan_save_stack+0x45/0x70 [ 18.916612] kasan_save_track+0x18/0x40 [ 18.917007] kasan_save_free_info+0x3f/0x60 [ 18.918579] __kasan_slab_free+0x56/0x70 [ 18.918952] kfree+0x222/0x3f0 [ 18.919264] rcu_uaf_reclaim+0x1f/0x60 [ 18.920749] rcu_core+0x66f/0x1c40 [ 18.921083] rcu_core_si+0x12/0x20 [ 18.921418] handle_softirqs+0x209/0x730 [ 18.921770] __irq_exit_rcu+0xc9/0x110 [ 18.922853] irq_exit_rcu+0x12/0x20 [ 18.923210] sysvec_apic_timer_interrupt+0x81/0x90 [ 18.924435] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 18.924923] [ 18.925118] Last potentially related work creation: [ 18.925529] kasan_save_stack+0x45/0x70 [ 18.925921] kasan_record_aux_stack+0xb2/0xc0 [ 18.926346] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 18.926755] call_rcu+0x12/0x20 [ 18.928003] rcu_uaf+0x168/0x330 [ 18.928311] kunit_try_run_case+0x1a5/0x480 [ 18.928704] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.929794] kthread+0x337/0x6f0 [ 18.930328] ret_from_fork+0x116/0x1d0 [ 18.930687] ret_from_fork_asm+0x1a/0x30 [ 18.931237] [ 18.931863] The buggy address belongs to the object at ffff888102a1a0c0 [ 18.931863] which belongs to the cache kmalloc-32 of size 32 [ 18.933113] The buggy address is located 0 bytes inside of [ 18.933113] freed 32-byte region [ffff888102a1a0c0, ffff888102a1a0e0) [ 18.934940] [ 18.935247] The buggy address belongs to the physical page: [ 18.935594] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a1a [ 18.936566] flags: 0x200000000000000(node=0|zone=2) [ 18.936872] page_type: f5(slab) [ 18.937514] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 18.938200] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 18.938913] page dumped because: kasan: bad access detected [ 18.939763] [ 18.939959] Memory state around the buggy address: [ 18.940554] ffff888102a19f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.941778] ffff888102a1a000: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 18.942326] >ffff888102a1a080: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 18.943140] ^ [ 18.943792] ffff888102a1a100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.944368] ffff888102a1a180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.944885] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 18.726719] ================================================================== [ 18.727767] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 18.728757] Read of size 1 at addr ffff888103393c00 by task kunit_try_catch/223 [ 18.729666] [ 18.730207] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.730349] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.730387] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.730444] Call Trace: [ 18.730484] <TASK> [ 18.730529] dump_stack_lvl+0x73/0xb0 [ 18.730614] print_report+0xd1/0x650 [ 18.730690] ? __virt_addr_valid+0x1db/0x2d0 [ 18.730765] ? ksize_uaf+0x19d/0x6c0 [ 18.730854] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.730932] ? ksize_uaf+0x19d/0x6c0 [ 18.731003] kasan_report+0x141/0x180 [ 18.731078] ? ksize_uaf+0x19d/0x6c0 [ 18.731122] ? ksize_uaf+0x19d/0x6c0 [ 18.731166] __kasan_check_byte+0x3d/0x50 [ 18.731207] ksize+0x20/0x60 [ 18.731268] ksize_uaf+0x19d/0x6c0 [ 18.731344] ? __pfx_ksize_uaf+0x10/0x10 [ 18.731412] ? __schedule+0x10cc/0x2b60 [ 18.731444] ? __pfx_read_tsc+0x10/0x10 [ 18.731476] ? ktime_get_ts64+0x86/0x230 [ 18.731508] kunit_try_run_case+0x1a5/0x480 [ 18.731553] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.731588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.731620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.731655] ? __kthread_parkme+0x82/0x180 [ 18.731683] ? preempt_count_sub+0x50/0x80 [ 18.731713] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.731745] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.731775] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.731806] kthread+0x337/0x6f0 [ 18.731854] ? trace_preempt_on+0x20/0xc0 [ 18.731894] ? __pfx_kthread+0x10/0x10 [ 18.731922] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.731956] ? calculate_sigpending+0x7b/0xa0 [ 18.731990] ? __pfx_kthread+0x10/0x10 [ 18.732018] ret_from_fork+0x116/0x1d0 [ 18.732043] ? __pfx_kthread+0x10/0x10 [ 18.732070] ret_from_fork_asm+0x1a/0x30 [ 18.732112] </TASK> [ 18.732129] [ 18.750535] Allocated by task 223: [ 18.751450] kasan_save_stack+0x45/0x70 [ 18.751878] kasan_save_track+0x18/0x40 [ 18.752412] kasan_save_alloc_info+0x3b/0x50 [ 18.752875] __kasan_kmalloc+0xb7/0xc0 [ 18.753278] __kmalloc_cache_noprof+0x189/0x420 [ 18.753732] ksize_uaf+0xaa/0x6c0 [ 18.754096] kunit_try_run_case+0x1a5/0x480 [ 18.754527] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.755545] kthread+0x337/0x6f0 [ 18.755922] ret_from_fork+0x116/0x1d0 [ 18.756423] ret_from_fork_asm+0x1a/0x30 [ 18.756812] [ 18.757056] Freed by task 223: [ 18.757585] kasan_save_stack+0x45/0x70 [ 18.757984] kasan_save_track+0x18/0x40 [ 18.758699] kasan_save_free_info+0x3f/0x60 [ 18.759115] __kasan_slab_free+0x56/0x70 [ 18.759688] kfree+0x222/0x3f0 [ 18.760096] ksize_uaf+0x12c/0x6c0 [ 18.760594] kunit_try_run_case+0x1a5/0x480 [ 18.761032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.761676] kthread+0x337/0x6f0 [ 18.762021] ret_from_fork+0x116/0x1d0 [ 18.762431] ret_from_fork_asm+0x1a/0x30 [ 18.763157] [ 18.763629] The buggy address belongs to the object at ffff888103393c00 [ 18.763629] which belongs to the cache kmalloc-128 of size 128 [ 18.764742] The buggy address is located 0 bytes inside of [ 18.764742] freed 128-byte region [ffff888103393c00, ffff888103393c80) [ 18.765802] [ 18.766054] The buggy address belongs to the physical page: [ 18.766764] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103393 [ 18.767784] flags: 0x200000000000000(node=0|zone=2) [ 18.768434] page_type: f5(slab) [ 18.768765] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.769461] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.770111] page dumped because: kasan: bad access detected [ 18.770947] [ 18.771184] Memory state around the buggy address: [ 18.771756] ffff888103393b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.772335] ffff888103393b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.772895] >ffff888103393c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.773486] ^ [ 18.773780] ffff888103393c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.774428] ffff888103393d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.774960] ================================================================== [ 18.776561] ================================================================== [ 18.777137] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 18.778345] Read of size 1 at addr ffff888103393c00 by task kunit_try_catch/223 [ 18.778894] [ 18.779134] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.779438] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.779475] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.779530] Call Trace: [ 18.779576] <TASK> [ 18.779619] dump_stack_lvl+0x73/0xb0 [ 18.779700] print_report+0xd1/0x650 [ 18.779774] ? __virt_addr_valid+0x1db/0x2d0 [ 18.779865] ? ksize_uaf+0x5fe/0x6c0 [ 18.779934] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.780004] ? ksize_uaf+0x5fe/0x6c0 [ 18.780074] kasan_report+0x141/0x180 [ 18.780149] ? ksize_uaf+0x5fe/0x6c0 [ 18.780549] __asan_report_load1_noabort+0x18/0x20 [ 18.780637] ksize_uaf+0x5fe/0x6c0 [ 18.780709] ? __pfx_ksize_uaf+0x10/0x10 [ 18.780778] ? __schedule+0x10cc/0x2b60 [ 18.780862] ? __pfx_read_tsc+0x10/0x10 [ 18.780923] ? ktime_get_ts64+0x86/0x230 [ 18.781001] kunit_try_run_case+0x1a5/0x480 [ 18.781075] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.781147] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.781345] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.781408] ? __kthread_parkme+0x82/0x180 [ 18.781440] ? preempt_count_sub+0x50/0x80 [ 18.781473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.781506] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.781539] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.781572] kthread+0x337/0x6f0 [ 18.781598] ? trace_preempt_on+0x20/0xc0 [ 18.781629] ? __pfx_kthread+0x10/0x10 [ 18.781657] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.781689] ? calculate_sigpending+0x7b/0xa0 [ 18.781723] ? __pfx_kthread+0x10/0x10 [ 18.781751] ret_from_fork+0x116/0x1d0 [ 18.781776] ? __pfx_kthread+0x10/0x10 [ 18.781803] ret_from_fork_asm+0x1a/0x30 [ 18.781868] </TASK> [ 18.781885] [ 18.796080] Allocated by task 223: [ 18.796745] kasan_save_stack+0x45/0x70 [ 18.797152] kasan_save_track+0x18/0x40 [ 18.797588] kasan_save_alloc_info+0x3b/0x50 [ 18.797940] __kasan_kmalloc+0xb7/0xc0 [ 18.798468] __kmalloc_cache_noprof+0x189/0x420 [ 18.798950] ksize_uaf+0xaa/0x6c0 [ 18.799495] kunit_try_run_case+0x1a5/0x480 [ 18.799932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.800678] kthread+0x337/0x6f0 [ 18.800955] ret_from_fork+0x116/0x1d0 [ 18.801302] ret_from_fork_asm+0x1a/0x30 [ 18.801681] [ 18.801892] Freed by task 223: [ 18.802208] kasan_save_stack+0x45/0x70 [ 18.802715] kasan_save_track+0x18/0x40 [ 18.803116] kasan_save_free_info+0x3f/0x60 [ 18.803681] __kasan_slab_free+0x56/0x70 [ 18.804074] kfree+0x222/0x3f0 [ 18.804726] ksize_uaf+0x12c/0x6c0 [ 18.805028] kunit_try_run_case+0x1a5/0x480 [ 18.805451] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.805882] kthread+0x337/0x6f0 [ 18.806222] ret_from_fork+0x116/0x1d0 [ 18.806584] ret_from_fork_asm+0x1a/0x30 [ 18.807052] [ 18.807452] The buggy address belongs to the object at ffff888103393c00 [ 18.807452] which belongs to the cache kmalloc-128 of size 128 [ 18.808732] The buggy address is located 0 bytes inside of [ 18.808732] freed 128-byte region [ffff888103393c00, ffff888103393c80) [ 18.809845] [ 18.810048] The buggy address belongs to the physical page: [ 18.810590] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103393 [ 18.811201] flags: 0x200000000000000(node=0|zone=2) [ 18.811784] page_type: f5(slab) [ 18.812133] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.812970] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.813711] page dumped because: kasan: bad access detected [ 18.814180] [ 18.814523] Memory state around the buggy address: [ 18.814979] ffff888103393b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.815781] ffff888103393b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.816739] >ffff888103393c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.817286] ^ [ 18.817544] ffff888103393c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.818397] ffff888103393d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.818804] ================================================================== [ 18.821627] ================================================================== [ 18.822207] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 18.823426] Read of size 1 at addr ffff888103393c78 by task kunit_try_catch/223 [ 18.824030] [ 18.824359] CPU: 0 UID: 0 PID: 223 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.824483] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.824517] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.824570] Call Trace: [ 18.824615] <TASK> [ 18.824661] dump_stack_lvl+0x73/0xb0 [ 18.824740] print_report+0xd1/0x650 [ 18.824810] ? __virt_addr_valid+0x1db/0x2d0 [ 18.824905] ? ksize_uaf+0x5e4/0x6c0 [ 18.824976] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.825047] ? ksize_uaf+0x5e4/0x6c0 [ 18.825738] kasan_report+0x141/0x180 [ 18.827202] ? ksize_uaf+0x5e4/0x6c0 [ 18.827283] __asan_report_load1_noabort+0x18/0x20 [ 18.827355] ksize_uaf+0x5e4/0x6c0 [ 18.827420] ? __pfx_ksize_uaf+0x10/0x10 [ 18.827481] ? __schedule+0x10cc/0x2b60 [ 18.827531] ? __pfx_read_tsc+0x10/0x10 [ 18.827597] ? ktime_get_ts64+0x86/0x230 [ 18.827661] kunit_try_run_case+0x1a5/0x480 [ 18.827720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.827774] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.827824] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.827922] ? __kthread_parkme+0x82/0x180 [ 18.827994] ? preempt_count_sub+0x50/0x80 [ 18.828066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.828121] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.828176] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.828240] kthread+0x337/0x6f0 [ 18.828310] ? trace_preempt_on+0x20/0xc0 [ 18.828383] ? __pfx_kthread+0x10/0x10 [ 18.828436] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.828496] ? calculate_sigpending+0x7b/0xa0 [ 18.828562] ? __pfx_kthread+0x10/0x10 [ 18.828623] ret_from_fork+0x116/0x1d0 [ 18.828679] ? __pfx_kthread+0x10/0x10 [ 18.828739] ret_from_fork_asm+0x1a/0x30 [ 18.828818] </TASK> [ 18.828877] [ 18.849140] Allocated by task 223: [ 18.849640] kasan_save_stack+0x45/0x70 [ 18.850050] kasan_save_track+0x18/0x40 [ 18.850727] kasan_save_alloc_info+0x3b/0x50 [ 18.851124] __kasan_kmalloc+0xb7/0xc0 [ 18.851627] __kmalloc_cache_noprof+0x189/0x420 [ 18.852028] ksize_uaf+0xaa/0x6c0 [ 18.852422] kunit_try_run_case+0x1a5/0x480 [ 18.852723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.853216] kthread+0x337/0x6f0 [ 18.853586] ret_from_fork+0x116/0x1d0 [ 18.854037] ret_from_fork_asm+0x1a/0x30 [ 18.854329] [ 18.854825] Freed by task 223: [ 18.855171] kasan_save_stack+0x45/0x70 [ 18.855687] kasan_save_track+0x18/0x40 [ 18.856087] kasan_save_free_info+0x3f/0x60 [ 18.856815] __kasan_slab_free+0x56/0x70 [ 18.857146] kfree+0x222/0x3f0 [ 18.857399] ksize_uaf+0x12c/0x6c0 [ 18.857744] kunit_try_run_case+0x1a5/0x480 [ 18.858174] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.858965] kthread+0x337/0x6f0 [ 18.859400] ret_from_fork+0x116/0x1d0 [ 18.859707] ret_from_fork_asm+0x1a/0x30 [ 18.860104] [ 18.860267] The buggy address belongs to the object at ffff888103393c00 [ 18.860267] which belongs to the cache kmalloc-128 of size 128 [ 18.861009] The buggy address is located 120 bytes inside of [ 18.861009] freed 128-byte region [ffff888103393c00, ffff888103393c80) [ 18.862155] [ 18.862318] The buggy address belongs to the physical page: [ 18.862642] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103393 [ 18.863276] flags: 0x200000000000000(node=0|zone=2) [ 18.863722] page_type: f5(slab) [ 18.864073] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.864925] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.865991] page dumped because: kasan: bad access detected [ 18.866324] [ 18.866537] Memory state around the buggy address: [ 18.867159] ffff888103393b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.867751] ffff888103393b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.869193] >ffff888103393c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.870041] ^ [ 18.870576] ffff888103393c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.872129] ffff888103393d00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.872816] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 18.635684] ================================================================== [ 18.636200] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 18.637021] Read of size 1 at addr ffff888100ab8578 by task kunit_try_catch/221 [ 18.637711] [ 18.637976] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.638097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.638132] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.638188] Call Trace: [ 18.638243] <TASK> [ 18.638288] dump_stack_lvl+0x73/0xb0 [ 18.638379] print_report+0xd1/0x650 [ 18.638459] ? __virt_addr_valid+0x1db/0x2d0 [ 18.638528] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 18.638599] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.638669] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 18.638745] kasan_report+0x141/0x180 [ 18.638817] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 18.638921] __asan_report_load1_noabort+0x18/0x20 [ 18.639000] ksize_unpoisons_memory+0x7e9/0x9b0 [ 18.639075] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 18.639150] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.639238] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 18.639321] kunit_try_run_case+0x1a5/0x480 [ 18.639397] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.639468] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.639550] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.639631] ? __kthread_parkme+0x82/0x180 [ 18.639702] ? preempt_count_sub+0x50/0x80 [ 18.639779] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.640047] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.640131] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.640209] kthread+0x337/0x6f0 [ 18.640274] ? trace_preempt_on+0x20/0xc0 [ 18.640390] ? __pfx_kthread+0x10/0x10 [ 18.640426] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.640464] ? calculate_sigpending+0x7b/0xa0 [ 18.640499] ? __pfx_kthread+0x10/0x10 [ 18.640530] ret_from_fork+0x116/0x1d0 [ 18.640556] ? __pfx_kthread+0x10/0x10 [ 18.640584] ret_from_fork_asm+0x1a/0x30 [ 18.640627] </TASK> [ 18.640641] [ 18.654739] Allocated by task 221: [ 18.655020] kasan_save_stack+0x45/0x70 [ 18.655787] kasan_save_track+0x18/0x40 [ 18.656186] kasan_save_alloc_info+0x3b/0x50 [ 18.656792] __kasan_kmalloc+0xb7/0xc0 [ 18.657184] __kmalloc_cache_noprof+0x189/0x420 [ 18.657851] ksize_unpoisons_memory+0xc7/0x9b0 [ 18.658418] kunit_try_run_case+0x1a5/0x480 [ 18.658847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.659771] kthread+0x337/0x6f0 [ 18.660073] ret_from_fork+0x116/0x1d0 [ 18.660367] ret_from_fork_asm+0x1a/0x30 [ 18.660938] [ 18.661152] The buggy address belongs to the object at ffff888100ab8500 [ 18.661152] which belongs to the cache kmalloc-128 of size 128 [ 18.662416] The buggy address is located 5 bytes to the right of [ 18.662416] allocated 115-byte region [ffff888100ab8500, ffff888100ab8573) [ 18.663829] [ 18.664082] The buggy address belongs to the physical page: [ 18.664547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 18.665527] flags: 0x200000000000000(node=0|zone=2) [ 18.665950] page_type: f5(slab) [ 18.666471] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.667140] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.668139] page dumped because: kasan: bad access detected [ 18.668777] [ 18.668996] Memory state around the buggy address: [ 18.669398] ffff888100ab8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.669858] ffff888100ab8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.670475] >ffff888100ab8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.671627] ^ [ 18.672378] ffff888100ab8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.673017] ffff888100ab8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.673636] ================================================================== [ 18.676578] ================================================================== [ 18.677156] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 18.677948] Read of size 1 at addr ffff888100ab857f by task kunit_try_catch/221 [ 18.678958] [ 18.679921] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.679992] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.680010] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.680039] Call Trace: [ 18.680056] <TASK> [ 18.680075] dump_stack_lvl+0x73/0xb0 [ 18.680118] print_report+0xd1/0x650 [ 18.680150] ? __virt_addr_valid+0x1db/0x2d0 [ 18.680181] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 18.680215] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.680284] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 18.680361] kasan_report+0x141/0x180 [ 18.680431] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 18.680473] __asan_report_load1_noabort+0x18/0x20 [ 18.680507] ksize_unpoisons_memory+0x7b6/0x9b0 [ 18.680540] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 18.680571] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.680610] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 18.680647] kunit_try_run_case+0x1a5/0x480 [ 18.680680] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.680711] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.680740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.680777] ? __kthread_parkme+0x82/0x180 [ 18.680803] ? preempt_count_sub+0x50/0x80 [ 18.680859] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.680897] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.680929] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.680961] kthread+0x337/0x6f0 [ 18.680986] ? trace_preempt_on+0x20/0xc0 [ 18.681019] ? __pfx_kthread+0x10/0x10 [ 18.681046] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.681081] ? calculate_sigpending+0x7b/0xa0 [ 18.681116] ? __pfx_kthread+0x10/0x10 [ 18.681146] ret_from_fork+0x116/0x1d0 [ 18.681171] ? __pfx_kthread+0x10/0x10 [ 18.681198] ret_from_fork_asm+0x1a/0x30 [ 18.681264] </TASK> [ 18.681302] [ 18.699858] Allocated by task 221: [ 18.700228] kasan_save_stack+0x45/0x70 [ 18.701150] kasan_save_track+0x18/0x40 [ 18.701931] kasan_save_alloc_info+0x3b/0x50 [ 18.702604] __kasan_kmalloc+0xb7/0xc0 [ 18.703107] __kmalloc_cache_noprof+0x189/0x420 [ 18.703713] ksize_unpoisons_memory+0xc7/0x9b0 [ 18.704152] kunit_try_run_case+0x1a5/0x480 [ 18.704721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.705225] kthread+0x337/0x6f0 [ 18.705566] ret_from_fork+0x116/0x1d0 [ 18.705920] ret_from_fork_asm+0x1a/0x30 [ 18.706314] [ 18.706883] The buggy address belongs to the object at ffff888100ab8500 [ 18.706883] which belongs to the cache kmalloc-128 of size 128 [ 18.707620] The buggy address is located 12 bytes to the right of [ 18.707620] allocated 115-byte region [ffff888100ab8500, ffff888100ab8573) [ 18.708809] [ 18.709276] The buggy address belongs to the physical page: [ 18.709804] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 18.711052] flags: 0x200000000000000(node=0|zone=2) [ 18.711746] page_type: f5(slab) [ 18.712135] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.712999] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.713819] page dumped because: kasan: bad access detected [ 18.714368] [ 18.714553] Memory state around the buggy address: [ 18.715076] ffff888100ab8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.715990] ffff888100ab8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.716772] >ffff888100ab8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.717398] ^ [ 18.718076] ffff888100ab8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.718890] ffff888100ab8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.719673] ================================================================== [ 18.593794] ================================================================== [ 18.595003] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 18.595794] Read of size 1 at addr ffff888100ab8573 by task kunit_try_catch/221 [ 18.596733] [ 18.596997] CPU: 1 UID: 0 PID: 221 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.597158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.597197] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.597268] Call Trace: [ 18.597307] <TASK> [ 18.597355] dump_stack_lvl+0x73/0xb0 [ 18.597444] print_report+0xd1/0x650 [ 18.597518] ? __virt_addr_valid+0x1db/0x2d0 [ 18.597600] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 18.597676] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.597749] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 18.597824] kasan_report+0x141/0x180 [ 18.597917] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 18.597984] __asan_report_load1_noabort+0x18/0x20 [ 18.598022] ksize_unpoisons_memory+0x81c/0x9b0 [ 18.598058] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 18.598091] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.598131] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 18.598169] kunit_try_run_case+0x1a5/0x480 [ 18.598204] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.598281] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.598358] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.598403] ? __kthread_parkme+0x82/0x180 [ 18.598434] ? preempt_count_sub+0x50/0x80 [ 18.598467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.598500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.598534] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.598568] kthread+0x337/0x6f0 [ 18.598596] ? trace_preempt_on+0x20/0xc0 [ 18.598630] ? __pfx_kthread+0x10/0x10 [ 18.598659] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.598695] ? calculate_sigpending+0x7b/0xa0 [ 18.598731] ? __pfx_kthread+0x10/0x10 [ 18.598761] ret_from_fork+0x116/0x1d0 [ 18.598787] ? __pfx_kthread+0x10/0x10 [ 18.598816] ret_from_fork_asm+0x1a/0x30 [ 18.598886] </TASK> [ 18.598902] [ 18.614194] Allocated by task 221: [ 18.614453] kasan_save_stack+0x45/0x70 [ 18.614742] kasan_save_track+0x18/0x40 [ 18.615487] kasan_save_alloc_info+0x3b/0x50 [ 18.615957] __kasan_kmalloc+0xb7/0xc0 [ 18.616327] __kmalloc_cache_noprof+0x189/0x420 [ 18.616770] ksize_unpoisons_memory+0xc7/0x9b0 [ 18.617976] kunit_try_run_case+0x1a5/0x480 [ 18.619138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.620612] kthread+0x337/0x6f0 [ 18.621046] ret_from_fork+0x116/0x1d0 [ 18.621806] ret_from_fork_asm+0x1a/0x30 [ 18.622265] [ 18.622482] The buggy address belongs to the object at ffff888100ab8500 [ 18.622482] which belongs to the cache kmalloc-128 of size 128 [ 18.624169] The buggy address is located 0 bytes to the right of [ 18.624169] allocated 115-byte region [ffff888100ab8500, ffff888100ab8573) [ 18.625080] [ 18.625291] The buggy address belongs to the physical page: [ 18.625766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 18.626360] flags: 0x200000000000000(node=0|zone=2) [ 18.626805] page_type: f5(slab) [ 18.627658] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.628363] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.628959] page dumped because: kasan: bad access detected [ 18.629526] [ 18.629732] Memory state around the buggy address: [ 18.630109] ffff888100ab8400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.631055] ffff888100ab8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.631653] >ffff888100ab8500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 18.632265] ^ [ 18.632880] ffff888100ab8580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.633505] ffff888100ab8600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.634104] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 18.536431] ================================================================== [ 18.538169] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 18.539380] Free of addr ffff8881027b1d60 by task kunit_try_catch/219 [ 18.540212] [ 18.540577] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.540704] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.540724] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.540755] Call Trace: [ 18.540772] <TASK> [ 18.540791] dump_stack_lvl+0x73/0xb0 [ 18.540854] print_report+0xd1/0x650 [ 18.540948] ? __virt_addr_valid+0x1db/0x2d0 [ 18.541051] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.541123] ? kfree_sensitive+0x2e/0x90 [ 18.541186] kasan_report_invalid_free+0x10a/0x130 [ 18.541294] ? kfree_sensitive+0x2e/0x90 [ 18.541375] ? kfree_sensitive+0x2e/0x90 [ 18.541444] check_slab_allocation+0x101/0x130 [ 18.541518] __kasan_slab_pre_free+0x28/0x40 [ 18.541589] kfree+0xf0/0x3f0 [ 18.541626] ? add_taint+0x2e/0xa0 [ 18.541651] ? kfree_sensitive+0x2e/0x90 [ 18.541679] kfree_sensitive+0x2e/0x90 [ 18.541704] kmalloc_double_kzfree+0x19c/0x350 [ 18.541735] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.541770] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.541805] kunit_try_run_case+0x1a5/0x480 [ 18.541865] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.541901] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.541929] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.541963] ? __kthread_parkme+0x82/0x180 [ 18.541989] ? preempt_count_sub+0x50/0x80 [ 18.542020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.542052] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.542085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.542116] kthread+0x337/0x6f0 [ 18.542142] ? trace_preempt_on+0x20/0xc0 [ 18.542174] ? __pfx_kthread+0x10/0x10 [ 18.542201] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.542279] ? calculate_sigpending+0x7b/0xa0 [ 18.542361] ? __pfx_kthread+0x10/0x10 [ 18.542396] ret_from_fork+0x116/0x1d0 [ 18.542423] ? __pfx_kthread+0x10/0x10 [ 18.542451] ret_from_fork_asm+0x1a/0x30 [ 18.542490] </TASK> [ 18.542504] [ 18.558885] Allocated by task 219: [ 18.559107] kasan_save_stack+0x45/0x70 [ 18.559487] kasan_save_track+0x18/0x40 [ 18.559956] kasan_save_alloc_info+0x3b/0x50 [ 18.560511] __kasan_kmalloc+0xb7/0xc0 [ 18.560903] __kmalloc_cache_noprof+0x189/0x420 [ 18.561730] kmalloc_double_kzfree+0xa9/0x350 [ 18.562517] kunit_try_run_case+0x1a5/0x480 [ 18.562776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.563798] kthread+0x337/0x6f0 [ 18.564760] ret_from_fork+0x116/0x1d0 [ 18.565167] ret_from_fork_asm+0x1a/0x30 [ 18.567807] [ 18.568032] Freed by task 219: [ 18.568558] kasan_save_stack+0x45/0x70 [ 18.568798] kasan_save_track+0x18/0x40 [ 18.569127] kasan_save_free_info+0x3f/0x60 [ 18.569579] __kasan_slab_free+0x56/0x70 [ 18.569905] kfree+0x222/0x3f0 [ 18.570231] kfree_sensitive+0x67/0x90 [ 18.570781] kmalloc_double_kzfree+0x12b/0x350 [ 18.571389] kunit_try_run_case+0x1a5/0x480 [ 18.571863] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.572171] kthread+0x337/0x6f0 [ 18.573676] ret_from_fork+0x116/0x1d0 [ 18.574085] ret_from_fork_asm+0x1a/0x30 [ 18.575426] [ 18.575630] The buggy address belongs to the object at ffff8881027b1d60 [ 18.575630] which belongs to the cache kmalloc-16 of size 16 [ 18.576369] The buggy address is located 0 bytes inside of [ 18.576369] 16-byte region [ffff8881027b1d60, ffff8881027b1d70) [ 18.577616] [ 18.577821] The buggy address belongs to the physical page: [ 18.578509] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b1 [ 18.579154] flags: 0x200000000000000(node=0|zone=2) [ 18.579703] page_type: f5(slab) [ 18.580113] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 18.581365] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.581977] page dumped because: kasan: bad access detected [ 18.582611] [ 18.582878] Memory state around the buggy address: [ 18.583460] ffff8881027b1c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.584073] ffff8881027b1c80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 18.584790] >ffff8881027b1d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.585484] ^ [ 18.585874] ffff8881027b1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.586731] ffff8881027b1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.587494] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 18.486655] ================================================================== [ 18.487851] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 18.488717] Read of size 1 at addr ffff8881027b1d60 by task kunit_try_catch/219 [ 18.490045] [ 18.490347] CPU: 0 UID: 0 PID: 219 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.490625] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.490665] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.490723] Call Trace: [ 18.490757] <TASK> [ 18.490802] dump_stack_lvl+0x73/0xb0 [ 18.490883] print_report+0xd1/0x650 [ 18.490917] ? __virt_addr_valid+0x1db/0x2d0 [ 18.490950] ? kmalloc_double_kzfree+0x19c/0x350 [ 18.490981] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.491012] ? kmalloc_double_kzfree+0x19c/0x350 [ 18.491043] kasan_report+0x141/0x180 [ 18.491073] ? kmalloc_double_kzfree+0x19c/0x350 [ 18.491108] ? kmalloc_double_kzfree+0x19c/0x350 [ 18.491139] __kasan_check_byte+0x3d/0x50 [ 18.491168] kfree_sensitive+0x22/0x90 [ 18.491198] kmalloc_double_kzfree+0x19c/0x350 [ 18.491243] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.491322] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 18.491391] kunit_try_run_case+0x1a5/0x480 [ 18.491430] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.491461] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.491490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.491525] ? __kthread_parkme+0x82/0x180 [ 18.491566] ? preempt_count_sub+0x50/0x80 [ 18.491598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.491632] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.491663] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.491693] kthread+0x337/0x6f0 [ 18.491719] ? trace_preempt_on+0x20/0xc0 [ 18.491751] ? __pfx_kthread+0x10/0x10 [ 18.491779] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.491811] ? calculate_sigpending+0x7b/0xa0 [ 18.491871] ? __pfx_kthread+0x10/0x10 [ 18.491903] ret_from_fork+0x116/0x1d0 [ 18.491929] ? __pfx_kthread+0x10/0x10 [ 18.491957] ret_from_fork_asm+0x1a/0x30 [ 18.491997] </TASK> [ 18.492013] [ 18.509955] Allocated by task 219: [ 18.510383] kasan_save_stack+0x45/0x70 [ 18.510921] kasan_save_track+0x18/0x40 [ 18.511396] kasan_save_alloc_info+0x3b/0x50 [ 18.511887] __kasan_kmalloc+0xb7/0xc0 [ 18.512246] __kmalloc_cache_noprof+0x189/0x420 [ 18.512631] kmalloc_double_kzfree+0xa9/0x350 [ 18.512962] kunit_try_run_case+0x1a5/0x480 [ 18.513311] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.513961] kthread+0x337/0x6f0 [ 18.514776] ret_from_fork+0x116/0x1d0 [ 18.515145] ret_from_fork_asm+0x1a/0x30 [ 18.515671] [ 18.515899] Freed by task 219: [ 18.516413] kasan_save_stack+0x45/0x70 [ 18.516695] kasan_save_track+0x18/0x40 [ 18.517128] kasan_save_free_info+0x3f/0x60 [ 18.517653] __kasan_slab_free+0x56/0x70 [ 18.518044] kfree+0x222/0x3f0 [ 18.518806] kfree_sensitive+0x67/0x90 [ 18.519676] kmalloc_double_kzfree+0x12b/0x350 [ 18.520457] kunit_try_run_case+0x1a5/0x480 [ 18.520987] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.521527] kthread+0x337/0x6f0 [ 18.522169] ret_from_fork+0x116/0x1d0 [ 18.522693] ret_from_fork_asm+0x1a/0x30 [ 18.523082] [ 18.523479] The buggy address belongs to the object at ffff8881027b1d60 [ 18.523479] which belongs to the cache kmalloc-16 of size 16 [ 18.524396] The buggy address is located 0 bytes inside of [ 18.524396] freed 16-byte region [ffff8881027b1d60, ffff8881027b1d70) [ 18.525794] [ 18.526014] The buggy address belongs to the physical page: [ 18.526607] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1027b1 [ 18.527499] flags: 0x200000000000000(node=0|zone=2) [ 18.527963] page_type: f5(slab) [ 18.528338] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 18.529030] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.529806] page dumped because: kasan: bad access detected [ 18.530432] [ 18.530670] Memory state around the buggy address: [ 18.531079] ffff8881027b1c00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.531606] ffff8881027b1c80: fa fb fc fc fa fb fc fc 00 05 fc fc fa fb fc fc [ 18.532126] >ffff8881027b1d00: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.532697] ^ [ 18.533708] ffff8881027b1d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.534433] ffff8881027b1e00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.534990] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 18.427023] ================================================================== [ 18.427908] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 18.428437] Read of size 1 at addr ffff888102aa78a8 by task kunit_try_catch/215 [ 18.429000] [ 18.429242] CPU: 1 UID: 0 PID: 215 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.429367] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.429401] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.429457] Call Trace: [ 18.429493] <TASK> [ 18.429538] dump_stack_lvl+0x73/0xb0 [ 18.429626] print_report+0xd1/0x650 [ 18.429704] ? __virt_addr_valid+0x1db/0x2d0 [ 18.429779] ? kmalloc_uaf2+0x4a8/0x520 [ 18.429895] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.429971] ? kmalloc_uaf2+0x4a8/0x520 [ 18.430047] kasan_report+0x141/0x180 [ 18.430118] ? kmalloc_uaf2+0x4a8/0x520 [ 18.430193] __asan_report_load1_noabort+0x18/0x20 [ 18.430317] kmalloc_uaf2+0x4a8/0x520 [ 18.430390] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 18.430453] ? finish_task_switch.isra.0+0x153/0x700 [ 18.430525] ? __switch_to+0x47/0xf50 [ 18.430612] ? __schedule+0x10cc/0x2b60 [ 18.430690] ? __pfx_read_tsc+0x10/0x10 [ 18.430761] ? ktime_get_ts64+0x86/0x230 [ 18.430856] kunit_try_run_case+0x1a5/0x480 [ 18.430939] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.431009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.431078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.431156] ? __kthread_parkme+0x82/0x180 [ 18.431197] ? preempt_count_sub+0x50/0x80 [ 18.431359] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.431402] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.431434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.431466] kthread+0x337/0x6f0 [ 18.431493] ? trace_preempt_on+0x20/0xc0 [ 18.431528] ? __pfx_kthread+0x10/0x10 [ 18.431565] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.431599] ? calculate_sigpending+0x7b/0xa0 [ 18.431634] ? __pfx_kthread+0x10/0x10 [ 18.431662] ret_from_fork+0x116/0x1d0 [ 18.431689] ? __pfx_kthread+0x10/0x10 [ 18.431716] ret_from_fork_asm+0x1a/0x30 [ 18.431756] </TASK> [ 18.431772] [ 18.450599] Allocated by task 215: [ 18.450913] kasan_save_stack+0x45/0x70 [ 18.451934] kasan_save_track+0x18/0x40 [ 18.452807] kasan_save_alloc_info+0x3b/0x50 [ 18.454289] __kasan_kmalloc+0xb7/0xc0 [ 18.455042] __kmalloc_cache_noprof+0x189/0x420 [ 18.455994] kmalloc_uaf2+0xc6/0x520 [ 18.456239] kunit_try_run_case+0x1a5/0x480 [ 18.456644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.457110] kthread+0x337/0x6f0 [ 18.457470] ret_from_fork+0x116/0x1d0 [ 18.457777] ret_from_fork_asm+0x1a/0x30 [ 18.458382] [ 18.458564] Freed by task 215: [ 18.458848] kasan_save_stack+0x45/0x70 [ 18.459600] kasan_save_track+0x18/0x40 [ 18.459945] kasan_save_free_info+0x3f/0x60 [ 18.460502] __kasan_slab_free+0x56/0x70 [ 18.460860] kfree+0x222/0x3f0 [ 18.461114] kmalloc_uaf2+0x14c/0x520 [ 18.461622] kunit_try_run_case+0x1a5/0x480 [ 18.462050] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.462643] kthread+0x337/0x6f0 [ 18.462952] ret_from_fork+0x116/0x1d0 [ 18.463708] ret_from_fork_asm+0x1a/0x30 [ 18.464129] [ 18.464490] The buggy address belongs to the object at ffff888102aa7880 [ 18.464490] which belongs to the cache kmalloc-64 of size 64 [ 18.465366] The buggy address is located 40 bytes inside of [ 18.465366] freed 64-byte region [ffff888102aa7880, ffff888102aa78c0) [ 18.466323] [ 18.466514] The buggy address belongs to the physical page: [ 18.466868] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa7 [ 18.467533] flags: 0x200000000000000(node=0|zone=2) [ 18.468521] page_type: f5(slab) [ 18.468872] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 18.469569] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 18.470122] page dumped because: kasan: bad access detected [ 18.470668] [ 18.470886] Memory state around the buggy address: [ 18.471672] ffff888102aa7780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.472447] ffff888102aa7800: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.472967] >ffff888102aa7880: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.473684] ^ [ 18.474041] ffff888102aa7900: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 18.474742] ffff888102aa7980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.475702] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 18.374095] ================================================================== [ 18.375034] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 18.375667] Write of size 33 at addr ffff888102aa7780 by task kunit_try_catch/213 [ 18.376602] [ 18.376811] CPU: 1 UID: 0 PID: 213 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.376995] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.377035] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.377093] Call Trace: [ 18.377129] <TASK> [ 18.377212] dump_stack_lvl+0x73/0xb0 [ 18.377309] print_report+0xd1/0x650 [ 18.377433] ? __virt_addr_valid+0x1db/0x2d0 [ 18.377517] ? kmalloc_uaf_memset+0x1a3/0x360 [ 18.377800] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.377900] ? kmalloc_uaf_memset+0x1a3/0x360 [ 18.377971] kasan_report+0x141/0x180 [ 18.378041] ? kmalloc_uaf_memset+0x1a3/0x360 [ 18.378118] kasan_check_range+0x10c/0x1c0 [ 18.378190] __asan_memset+0x27/0x50 [ 18.378252] kmalloc_uaf_memset+0x1a3/0x360 [ 18.378327] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 18.378405] ? __schedule+0x10cc/0x2b60 [ 18.378452] ? __pfx_read_tsc+0x10/0x10 [ 18.378485] ? ktime_get_ts64+0x86/0x230 [ 18.378522] kunit_try_run_case+0x1a5/0x480 [ 18.378557] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.378589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.378620] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.378658] ? __kthread_parkme+0x82/0x180 [ 18.378686] ? preempt_count_sub+0x50/0x80 [ 18.378719] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.378753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.378784] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.378816] kthread+0x337/0x6f0 [ 18.378870] ? trace_preempt_on+0x20/0xc0 [ 18.378907] ? __pfx_kthread+0x10/0x10 [ 18.378936] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.378971] ? calculate_sigpending+0x7b/0xa0 [ 18.379006] ? __pfx_kthread+0x10/0x10 [ 18.379035] ret_from_fork+0x116/0x1d0 [ 18.379060] ? __pfx_kthread+0x10/0x10 [ 18.379089] ret_from_fork_asm+0x1a/0x30 [ 18.379131] </TASK> [ 18.379148] [ 18.396973] Allocated by task 213: [ 18.397385] kasan_save_stack+0x45/0x70 [ 18.397794] kasan_save_track+0x18/0x40 [ 18.398145] kasan_save_alloc_info+0x3b/0x50 [ 18.398695] __kasan_kmalloc+0xb7/0xc0 [ 18.399053] __kmalloc_cache_noprof+0x189/0x420 [ 18.399519] kmalloc_uaf_memset+0xa9/0x360 [ 18.399888] kunit_try_run_case+0x1a5/0x480 [ 18.400291] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.400684] kthread+0x337/0x6f0 [ 18.401514] ret_from_fork+0x116/0x1d0 [ 18.401899] ret_from_fork_asm+0x1a/0x30 [ 18.402440] [ 18.402598] Freed by task 213: [ 18.402865] kasan_save_stack+0x45/0x70 [ 18.403384] kasan_save_track+0x18/0x40 [ 18.403782] kasan_save_free_info+0x3f/0x60 [ 18.404199] __kasan_slab_free+0x56/0x70 [ 18.404922] kfree+0x222/0x3f0 [ 18.405370] kmalloc_uaf_memset+0x12b/0x360 [ 18.405802] kunit_try_run_case+0x1a5/0x480 [ 18.406200] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.406790] kthread+0x337/0x6f0 [ 18.407091] ret_from_fork+0x116/0x1d0 [ 18.407625] ret_from_fork_asm+0x1a/0x30 [ 18.408035] [ 18.408593] The buggy address belongs to the object at ffff888102aa7780 [ 18.408593] which belongs to the cache kmalloc-64 of size 64 [ 18.409572] The buggy address is located 0 bytes inside of [ 18.409572] freed 64-byte region [ffff888102aa7780, ffff888102aa77c0) [ 18.410963] [ 18.411161] The buggy address belongs to the physical page: [ 18.411661] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa7 [ 18.412218] flags: 0x200000000000000(node=0|zone=2) [ 18.412663] page_type: f5(slab) [ 18.413527] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 18.414067] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 18.414828] page dumped because: kasan: bad access detected [ 18.415453] [ 18.415658] Memory state around the buggy address: [ 18.416109] ffff888102aa7680: 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc fc [ 18.417024] ffff888102aa7700: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.417800] >ffff888102aa7780: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.418467] ^ [ 18.418786] ffff888102aa7800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.419561] ffff888102aa7880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.420190] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 18.318708] ================================================================== [ 18.319696] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 18.320779] Read of size 1 at addr ffff888102264568 by task kunit_try_catch/211 [ 18.321479] [ 18.321963] CPU: 1 UID: 0 PID: 211 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.322158] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.322198] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.322414] Call Trace: [ 18.322454] <TASK> [ 18.322501] dump_stack_lvl+0x73/0xb0 [ 18.322589] print_report+0xd1/0x650 [ 18.322643] ? __virt_addr_valid+0x1db/0x2d0 [ 18.322680] ? kmalloc_uaf+0x320/0x380 [ 18.322709] ? kasan_complete_mode_report_info+0x64/0x200 [ 18.322740] ? kmalloc_uaf+0x320/0x380 [ 18.322770] kasan_report+0x141/0x180 [ 18.322800] ? kmalloc_uaf+0x320/0x380 [ 18.322858] __asan_report_load1_noabort+0x18/0x20 [ 18.322898] kmalloc_uaf+0x320/0x380 [ 18.322927] ? __pfx_kmalloc_uaf+0x10/0x10 [ 18.322956] ? __schedule+0x10cc/0x2b60 [ 18.322986] ? __pfx_read_tsc+0x10/0x10 [ 18.323017] ? ktime_get_ts64+0x86/0x230 [ 18.323052] kunit_try_run_case+0x1a5/0x480 [ 18.323090] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.323122] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.323151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.323187] ? __kthread_parkme+0x82/0x180 [ 18.323238] ? preempt_count_sub+0x50/0x80 [ 18.323364] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.323441] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.323478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.323511] kthread+0x337/0x6f0 [ 18.323549] ? trace_preempt_on+0x20/0xc0 [ 18.323587] ? __pfx_kthread+0x10/0x10 [ 18.323615] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.323648] ? calculate_sigpending+0x7b/0xa0 [ 18.323682] ? __pfx_kthread+0x10/0x10 [ 18.323711] ret_from_fork+0x116/0x1d0 [ 18.323737] ? __pfx_kthread+0x10/0x10 [ 18.323764] ret_from_fork_asm+0x1a/0x30 [ 18.323806] </TASK> [ 18.323821] [ 18.341054] Allocated by task 211: [ 18.341944] kasan_save_stack+0x45/0x70 [ 18.342661] kasan_save_track+0x18/0x40 [ 18.343092] kasan_save_alloc_info+0x3b/0x50 [ 18.343736] __kasan_kmalloc+0xb7/0xc0 [ 18.344128] __kmalloc_cache_noprof+0x189/0x420 [ 18.344875] kmalloc_uaf+0xaa/0x380 [ 18.345541] kunit_try_run_case+0x1a5/0x480 [ 18.345990] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.346550] kthread+0x337/0x6f0 [ 18.346819] ret_from_fork+0x116/0x1d0 [ 18.347204] ret_from_fork_asm+0x1a/0x30 [ 18.347627] [ 18.348069] Freed by task 211: [ 18.348582] kasan_save_stack+0x45/0x70 [ 18.348886] kasan_save_track+0x18/0x40 [ 18.349166] kasan_save_free_info+0x3f/0x60 [ 18.350130] __kasan_slab_free+0x56/0x70 [ 18.350652] kfree+0x222/0x3f0 [ 18.351063] kmalloc_uaf+0x12c/0x380 [ 18.351669] kunit_try_run_case+0x1a5/0x480 [ 18.352159] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.352859] kthread+0x337/0x6f0 [ 18.353686] ret_from_fork+0x116/0x1d0 [ 18.354101] ret_from_fork_asm+0x1a/0x30 [ 18.354768] [ 18.355381] The buggy address belongs to the object at ffff888102264560 [ 18.355381] which belongs to the cache kmalloc-16 of size 16 [ 18.356736] The buggy address is located 8 bytes inside of [ 18.356736] freed 16-byte region [ffff888102264560, ffff888102264570) [ 18.358137] [ 18.358348] The buggy address belongs to the physical page: [ 18.358766] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102264 [ 18.359795] flags: 0x200000000000000(node=0|zone=2) [ 18.360253] page_type: f5(slab) [ 18.360828] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 18.361980] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 18.362657] page dumped because: kasan: bad access detected [ 18.363360] [ 18.363865] Memory state around the buggy address: [ 18.364235] ffff888102264400: fa fb fc fc 00 00 fc fc fa fb fc fc fa fb fc fc [ 18.365018] ffff888102264480: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.365515] >ffff888102264500: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 18.366286] ^ [ 18.367145] ffff888102264580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.367999] ffff888102264600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.368389] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 18.263009] ================================================================== [ 18.264163] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 18.265522] Read of size 64 at addr ffff88810339bd84 by task kunit_try_catch/209 [ 18.265994] [ 18.266210] CPU: 0 UID: 0 PID: 209 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.266476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.266515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.266571] Call Trace: [ 18.266607] <TASK> [ 18.266654] dump_stack_lvl+0x73/0xb0 [ 18.266738] print_report+0xd1/0x650 [ 18.266804] ? __virt_addr_valid+0x1db/0x2d0 [ 18.266902] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 18.266978] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.267017] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 18.267052] kasan_report+0x141/0x180 [ 18.267083] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 18.267123] kasan_check_range+0x10c/0x1c0 [ 18.267155] __asan_memmove+0x27/0x70 [ 18.267181] kmalloc_memmove_invalid_size+0x16f/0x330 [ 18.267214] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 18.267308] ? __schedule+0x10cc/0x2b60 [ 18.267384] ? __pfx_read_tsc+0x10/0x10 [ 18.267454] ? ktime_get_ts64+0x86/0x230 [ 18.267530] kunit_try_run_case+0x1a5/0x480 [ 18.267601] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.267634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.267663] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.267699] ? __kthread_parkme+0x82/0x180 [ 18.267727] ? preempt_count_sub+0x50/0x80 [ 18.267758] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.267789] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.267820] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.267881] kthread+0x337/0x6f0 [ 18.267912] ? trace_preempt_on+0x20/0xc0 [ 18.267945] ? __pfx_kthread+0x10/0x10 [ 18.267973] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.268005] ? calculate_sigpending+0x7b/0xa0 [ 18.268038] ? __pfx_kthread+0x10/0x10 [ 18.268066] ret_from_fork+0x116/0x1d0 [ 18.268091] ? __pfx_kthread+0x10/0x10 [ 18.268118] ret_from_fork_asm+0x1a/0x30 [ 18.268160] </TASK> [ 18.268177] [ 18.286376] Allocated by task 209: [ 18.286771] kasan_save_stack+0x45/0x70 [ 18.287188] kasan_save_track+0x18/0x40 [ 18.287870] kasan_save_alloc_info+0x3b/0x50 [ 18.288998] __kasan_kmalloc+0xb7/0xc0 [ 18.289878] __kmalloc_cache_noprof+0x189/0x420 [ 18.290948] kmalloc_memmove_invalid_size+0xac/0x330 [ 18.292256] kunit_try_run_case+0x1a5/0x480 [ 18.293977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.294759] kthread+0x337/0x6f0 [ 18.296130] ret_from_fork+0x116/0x1d0 [ 18.296606] ret_from_fork_asm+0x1a/0x30 [ 18.296877] [ 18.297018] The buggy address belongs to the object at ffff88810339bd80 [ 18.297018] which belongs to the cache kmalloc-64 of size 64 [ 18.299047] The buggy address is located 4 bytes inside of [ 18.299047] allocated 64-byte region [ffff88810339bd80, ffff88810339bdc0) [ 18.301787] [ 18.301954] The buggy address belongs to the physical page: [ 18.302582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10339b [ 18.303781] flags: 0x200000000000000(node=0|zone=2) [ 18.304376] page_type: f5(slab) [ 18.304999] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 18.305795] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 18.306751] page dumped because: kasan: bad access detected [ 18.307320] [ 18.307522] Memory state around the buggy address: [ 18.308421] ffff88810339bc80: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.309144] ffff88810339bd00: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.309744] >ffff88810339bd80: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 18.310444] ^ [ 18.310788] ffff88810339be00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.311467] ffff88810339be80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.312298] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 18.213158] ================================================================== [ 18.214622] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 18.215390] Read of size 18446744073709551614 at addr ffff888102aa7504 by task kunit_try_catch/207 [ 18.216149] [ 18.216739] CPU: 1 UID: 0 PID: 207 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.216884] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.216921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.216976] Call Trace: [ 18.217012] <TASK> [ 18.217057] dump_stack_lvl+0x73/0xb0 [ 18.217143] print_report+0xd1/0x650 [ 18.217227] ? __virt_addr_valid+0x1db/0x2d0 [ 18.217303] ? kmalloc_memmove_negative_size+0x171/0x330 [ 18.217382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.217455] ? kmalloc_memmove_negative_size+0x171/0x330 [ 18.217562] kasan_report+0x141/0x180 [ 18.217642] ? kmalloc_memmove_negative_size+0x171/0x330 [ 18.217688] kasan_check_range+0x10c/0x1c0 [ 18.217722] __asan_memmove+0x27/0x70 [ 18.217749] kmalloc_memmove_negative_size+0x171/0x330 [ 18.217783] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 18.217818] ? __schedule+0x10cc/0x2b60 [ 18.217875] ? __pfx_read_tsc+0x10/0x10 [ 18.217909] ? ktime_get_ts64+0x86/0x230 [ 18.217943] kunit_try_run_case+0x1a5/0x480 [ 18.217977] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.218009] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.218038] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.218074] ? __kthread_parkme+0x82/0x180 [ 18.218101] ? preempt_count_sub+0x50/0x80 [ 18.218133] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.218164] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.218195] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.218240] kthread+0x337/0x6f0 [ 18.218308] ? trace_preempt_on+0x20/0xc0 [ 18.218372] ? __pfx_kthread+0x10/0x10 [ 18.218404] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.218439] ? calculate_sigpending+0x7b/0xa0 [ 18.218474] ? __pfx_kthread+0x10/0x10 [ 18.218529] ret_from_fork+0x116/0x1d0 [ 18.218585] ? __pfx_kthread+0x10/0x10 [ 18.218638] ret_from_fork_asm+0x1a/0x30 [ 18.218713] </TASK> [ 18.218747] [ 18.235891] Allocated by task 207: [ 18.236417] kasan_save_stack+0x45/0x70 [ 18.236856] kasan_save_track+0x18/0x40 [ 18.237666] kasan_save_alloc_info+0x3b/0x50 [ 18.238124] __kasan_kmalloc+0xb7/0xc0 [ 18.238510] __kmalloc_cache_noprof+0x189/0x420 [ 18.239187] kmalloc_memmove_negative_size+0xac/0x330 [ 18.239857] kunit_try_run_case+0x1a5/0x480 [ 18.240501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.241054] kthread+0x337/0x6f0 [ 18.241648] ret_from_fork+0x116/0x1d0 [ 18.242028] ret_from_fork_asm+0x1a/0x30 [ 18.243109] [ 18.243452] The buggy address belongs to the object at ffff888102aa7500 [ 18.243452] which belongs to the cache kmalloc-64 of size 64 [ 18.244698] The buggy address is located 4 bytes inside of [ 18.244698] 64-byte region [ffff888102aa7500, ffff888102aa7540) [ 18.245751] [ 18.246047] The buggy address belongs to the physical page: [ 18.246694] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102aa7 [ 18.247611] flags: 0x200000000000000(node=0|zone=2) [ 18.248026] page_type: f5(slab) [ 18.249118] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 18.249746] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 18.250296] page dumped because: kasan: bad access detected [ 18.250764] [ 18.251430] Memory state around the buggy address: [ 18.251860] ffff888102aa7400: 00 00 00 00 05 fc fc fc fc fc fc fc fc fc fc fc [ 18.252605] ffff888102aa7480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 18.253979] >ffff888102aa7500: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 18.254710] ^ [ 18.255052] ffff888102aa7580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.255894] ffff888102aa7600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.256781] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 18.140718] ================================================================== [ 18.141863] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 18.142637] Write of size 8 at addr ffff888100ab8471 by task kunit_try_catch/203 [ 18.143088] [ 18.143559] CPU: 1 UID: 0 PID: 203 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.143687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.143723] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.143777] Call Trace: [ 18.143812] <TASK> [ 18.143873] dump_stack_lvl+0x73/0xb0 [ 18.143961] print_report+0xd1/0x650 [ 18.144035] ? __virt_addr_valid+0x1db/0x2d0 [ 18.144110] ? kmalloc_oob_memset_8+0x166/0x330 [ 18.144177] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.144331] ? kmalloc_oob_memset_8+0x166/0x330 [ 18.144398] kasan_report+0x141/0x180 [ 18.144434] ? kmalloc_oob_memset_8+0x166/0x330 [ 18.144472] kasan_check_range+0x10c/0x1c0 [ 18.144507] __asan_memset+0x27/0x50 [ 18.144536] kmalloc_oob_memset_8+0x166/0x330 [ 18.144567] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 18.144598] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 18.144633] ? trace_hardirqs_on+0x37/0xe0 [ 18.144667] ? __pfx_read_tsc+0x10/0x10 [ 18.144696] ? ktime_get_ts64+0x86/0x230 [ 18.144731] kunit_try_run_case+0x1a5/0x480 [ 18.144764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.144799] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.144828] ? __kthread_parkme+0x82/0x180 [ 18.144888] ? preempt_count_sub+0x50/0x80 [ 18.144922] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.144955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.144987] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.145019] kthread+0x337/0x6f0 [ 18.145045] ? trace_preempt_on+0x20/0xc0 [ 18.145076] ? __pfx_kthread+0x10/0x10 [ 18.145106] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.145141] ? calculate_sigpending+0x7b/0xa0 [ 18.145174] ? __pfx_kthread+0x10/0x10 [ 18.145204] ret_from_fork+0x116/0x1d0 [ 18.145287] ? __pfx_kthread+0x10/0x10 [ 18.145371] ret_from_fork_asm+0x1a/0x30 [ 18.145419] </TASK> [ 18.145437] [ 18.162379] Allocated by task 203: [ 18.162659] kasan_save_stack+0x45/0x70 [ 18.163043] kasan_save_track+0x18/0x40 [ 18.163571] kasan_save_alloc_info+0x3b/0x50 [ 18.164003] __kasan_kmalloc+0xb7/0xc0 [ 18.164480] __kmalloc_cache_noprof+0x189/0x420 [ 18.164931] kmalloc_oob_memset_8+0xac/0x330 [ 18.165397] kunit_try_run_case+0x1a5/0x480 [ 18.165703] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.166350] kthread+0x337/0x6f0 [ 18.166715] ret_from_fork+0x116/0x1d0 [ 18.167130] ret_from_fork_asm+0x1a/0x30 [ 18.167706] [ 18.167926] The buggy address belongs to the object at ffff888100ab8400 [ 18.167926] which belongs to the cache kmalloc-128 of size 128 [ 18.168914] The buggy address is located 113 bytes inside of [ 18.168914] allocated 120-byte region [ffff888100ab8400, ffff888100ab8478) [ 18.169821] [ 18.170041] The buggy address belongs to the physical page: [ 18.170680] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 18.171495] flags: 0x200000000000000(node=0|zone=2) [ 18.171963] page_type: f5(slab) [ 18.172495] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.173086] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.173724] page dumped because: kasan: bad access detected [ 18.174200] [ 18.174543] Memory state around the buggy address: [ 18.174905] ffff888100ab8300: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.177529] ffff888100ab8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.178032] >ffff888100ab8400: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.178433] ^ [ 18.179074] ffff888100ab8480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.179670] ffff888100ab8500: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.180262] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 18.089076] ================================================================== [ 18.090103] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 18.091534] Write of size 4 at addr ffff888103393b75 by task kunit_try_catch/201 [ 18.092889] [ 18.093515] CPU: 0 UID: 0 PID: 201 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.093646] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.093683] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.093740] Call Trace: [ 18.093777] <TASK> [ 18.093826] dump_stack_lvl+0x73/0xb0 [ 18.093971] print_report+0xd1/0x650 [ 18.094048] ? __virt_addr_valid+0x1db/0x2d0 [ 18.094114] ? kmalloc_oob_memset_4+0x166/0x330 [ 18.094156] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.094226] ? kmalloc_oob_memset_4+0x166/0x330 [ 18.094304] kasan_report+0x141/0x180 [ 18.094378] ? kmalloc_oob_memset_4+0x166/0x330 [ 18.094419] kasan_check_range+0x10c/0x1c0 [ 18.094454] __asan_memset+0x27/0x50 [ 18.094481] kmalloc_oob_memset_4+0x166/0x330 [ 18.094513] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 18.094544] ? __schedule+0x10cc/0x2b60 [ 18.094573] ? __pfx_read_tsc+0x10/0x10 [ 18.094603] ? ktime_get_ts64+0x86/0x230 [ 18.094635] kunit_try_run_case+0x1a5/0x480 [ 18.094670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.094699] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.094727] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.094762] ? __kthread_parkme+0x82/0x180 [ 18.094789] ? preempt_count_sub+0x50/0x80 [ 18.094820] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.094882] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.094917] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.094949] kthread+0x337/0x6f0 [ 18.094977] ? trace_preempt_on+0x20/0xc0 [ 18.095010] ? __pfx_kthread+0x10/0x10 [ 18.095038] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.095071] ? calculate_sigpending+0x7b/0xa0 [ 18.095104] ? __pfx_kthread+0x10/0x10 [ 18.095133] ret_from_fork+0x116/0x1d0 [ 18.095158] ? __pfx_kthread+0x10/0x10 [ 18.095186] ret_from_fork_asm+0x1a/0x30 [ 18.095245] </TASK> [ 18.095285] [ 18.114021] Allocated by task 201: [ 18.114402] kasan_save_stack+0x45/0x70 [ 18.115130] kasan_save_track+0x18/0x40 [ 18.115930] kasan_save_alloc_info+0x3b/0x50 [ 18.116255] __kasan_kmalloc+0xb7/0xc0 [ 18.116897] __kmalloc_cache_noprof+0x189/0x420 [ 18.117792] kmalloc_oob_memset_4+0xac/0x330 [ 18.118537] kunit_try_run_case+0x1a5/0x480 [ 18.118977] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.119374] kthread+0x337/0x6f0 [ 18.119656] ret_from_fork+0x116/0x1d0 [ 18.120098] ret_from_fork_asm+0x1a/0x30 [ 18.120620] [ 18.121380] The buggy address belongs to the object at ffff888103393b00 [ 18.121380] which belongs to the cache kmalloc-128 of size 128 [ 18.122534] The buggy address is located 117 bytes inside of [ 18.122534] allocated 120-byte region [ffff888103393b00, ffff888103393b78) [ 18.123788] [ 18.124011] The buggy address belongs to the physical page: [ 18.124693] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103393 [ 18.125233] flags: 0x200000000000000(node=0|zone=2) [ 18.125685] page_type: f5(slab) [ 18.126066] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.127106] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.128706] page dumped because: kasan: bad access detected [ 18.129098] [ 18.129595] Memory state around the buggy address: [ 18.129978] ffff888103393a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.130813] ffff888103393a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.131874] >ffff888103393b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.132653] ^ [ 18.133143] ffff888103393b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.134166] ffff888103393c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.135083] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 18.039986] ================================================================== [ 18.041062] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 18.041642] Write of size 2 at addr ffff888100ab8377 by task kunit_try_catch/199 [ 18.042252] [ 18.042503] CPU: 1 UID: 0 PID: 199 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 18.042801] Tainted: [B]=BAD_PAGE, [N]=TEST [ 18.042917] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 18.043180] Call Trace: [ 18.043226] <TASK> [ 18.043276] dump_stack_lvl+0x73/0xb0 [ 18.043363] print_report+0xd1/0x650 [ 18.043437] ? __virt_addr_valid+0x1db/0x2d0 [ 18.043513] ? kmalloc_oob_memset_2+0x166/0x330 [ 18.043689] ? kasan_complete_mode_report_info+0x2a/0x200 [ 18.043724] ? kmalloc_oob_memset_2+0x166/0x330 [ 18.043757] kasan_report+0x141/0x180 [ 18.043788] ? kmalloc_oob_memset_2+0x166/0x330 [ 18.043824] kasan_check_range+0x10c/0x1c0 [ 18.043884] __asan_memset+0x27/0x50 [ 18.043911] kmalloc_oob_memset_2+0x166/0x330 [ 18.043941] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 18.043974] ? __schedule+0x10cc/0x2b60 [ 18.044003] ? __pfx_read_tsc+0x10/0x10 [ 18.044032] ? ktime_get_ts64+0x86/0x230 [ 18.044066] kunit_try_run_case+0x1a5/0x480 [ 18.044100] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.044131] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 18.044159] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 18.044194] ? __kthread_parkme+0x82/0x180 [ 18.044247] ? preempt_count_sub+0x50/0x80 [ 18.044324] ? __pfx_kunit_try_run_case+0x10/0x10 [ 18.044404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.044452] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 18.044485] kthread+0x337/0x6f0 [ 18.044511] ? trace_preempt_on+0x20/0xc0 [ 18.044546] ? __pfx_kthread+0x10/0x10 [ 18.044574] ? _raw_spin_unlock_irq+0x47/0x80 [ 18.044608] ? calculate_sigpending+0x7b/0xa0 [ 18.044641] ? __pfx_kthread+0x10/0x10 [ 18.044669] ret_from_fork+0x116/0x1d0 [ 18.044694] ? __pfx_kthread+0x10/0x10 [ 18.044721] ret_from_fork_asm+0x1a/0x30 [ 18.044762] </TASK> [ 18.044778] [ 18.061691] Allocated by task 199: [ 18.063013] kasan_save_stack+0x45/0x70 [ 18.063629] kasan_save_track+0x18/0x40 [ 18.064047] kasan_save_alloc_info+0x3b/0x50 [ 18.064668] __kasan_kmalloc+0xb7/0xc0 [ 18.065149] __kmalloc_cache_noprof+0x189/0x420 [ 18.065804] kmalloc_oob_memset_2+0xac/0x330 [ 18.066187] kunit_try_run_case+0x1a5/0x480 [ 18.067083] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 18.067777] kthread+0x337/0x6f0 [ 18.068082] ret_from_fork+0x116/0x1d0 [ 18.068664] ret_from_fork_asm+0x1a/0x30 [ 18.069138] [ 18.069487] The buggy address belongs to the object at ffff888100ab8300 [ 18.069487] which belongs to the cache kmalloc-128 of size 128 [ 18.070675] The buggy address is located 119 bytes inside of [ 18.070675] allocated 120-byte region [ffff888100ab8300, ffff888100ab8378) [ 18.071811] [ 18.072031] The buggy address belongs to the physical page: [ 18.072795] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100ab8 [ 18.073619] flags: 0x200000000000000(node=0|zone=2) [ 18.074150] page_type: f5(slab) [ 18.074627] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 18.076061] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 18.076665] page dumped because: kasan: bad access detected [ 18.077309] [ 18.077523] Memory state around the buggy address: [ 18.077904] ffff888100ab8200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 18.078612] ffff888100ab8280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.079186] >ffff888100ab8300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 18.079951] ^ [ 18.080455] ffff888100ab8380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.080888] ffff888100ab8400: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 18.081750] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 17.087023] ================================================================== [ 17.088193] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 17.088861] Read of size 1 at addr ffff888103a00000 by task kunit_try_catch/181 [ 17.090098] [ 17.090597] CPU: 0 UID: 0 PID: 181 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.090747] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.090787] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.090882] Call Trace: [ 17.090918] <TASK> [ 17.090941] dump_stack_lvl+0x73/0xb0 [ 17.090987] print_report+0xd1/0x650 [ 17.091018] ? __virt_addr_valid+0x1db/0x2d0 [ 17.091051] ? page_alloc_uaf+0x356/0x3d0 [ 17.091080] ? kasan_addr_to_slab+0x11/0xa0 [ 17.091107] ? page_alloc_uaf+0x356/0x3d0 [ 17.091137] kasan_report+0x141/0x180 [ 17.091165] ? page_alloc_uaf+0x356/0x3d0 [ 17.091200] __asan_report_load1_noabort+0x18/0x20 [ 17.091289] page_alloc_uaf+0x356/0x3d0 [ 17.091364] ? __pfx_page_alloc_uaf+0x10/0x10 [ 17.091439] ? __schedule+0x10cc/0x2b60 [ 17.091508] ? __pfx_read_tsc+0x10/0x10 [ 17.091583] ? ktime_get_ts64+0x86/0x230 [ 17.091664] kunit_try_run_case+0x1a5/0x480 [ 17.091759] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.091804] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.091858] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.091900] ? __kthread_parkme+0x82/0x180 [ 17.091929] ? preempt_count_sub+0x50/0x80 [ 17.091962] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.091994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.092025] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.092056] kthread+0x337/0x6f0 [ 17.092083] ? trace_preempt_on+0x20/0xc0 [ 17.092117] ? __pfx_kthread+0x10/0x10 [ 17.092144] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.092176] ? calculate_sigpending+0x7b/0xa0 [ 17.092209] ? __pfx_kthread+0x10/0x10 [ 17.092303] ret_from_fork+0x116/0x1d0 [ 17.092375] ? __pfx_kthread+0x10/0x10 [ 17.092410] ret_from_fork_asm+0x1a/0x30 [ 17.092452] </TASK> [ 17.092470] [ 17.108965] The buggy address belongs to the physical page: [ 17.109665] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103a00 [ 17.110642] flags: 0x200000000000000(node=0|zone=2) [ 17.111138] page_type: f0(buddy) [ 17.111525] raw: 0200000000000000 ffff88817fffb5c8 ffff88817fffb5c8 0000000000000000 [ 17.112051] raw: 0000000000000000 0000000000000009 00000000f0000000 0000000000000000 [ 17.112663] page dumped because: kasan: bad access detected [ 17.113803] [ 17.114103] Memory state around the buggy address: [ 17.114714] ffff8881039fff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.115586] ffff8881039fff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.116139] >ffff888103a00000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.116784] ^ [ 17.117060] ffff888103a00080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.118158] ffff888103a00100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.119175] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 17.040930] ================================================================== [ 17.042238] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 17.043037] Free of addr ffff888102a88001 by task kunit_try_catch/177 [ 17.043709] [ 17.043979] CPU: 1 UID: 0 PID: 177 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.044102] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.044499] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.044557] Call Trace: [ 17.044594] <TASK> [ 17.044631] dump_stack_lvl+0x73/0xb0 [ 17.044675] print_report+0xd1/0x650 [ 17.044709] ? __virt_addr_valid+0x1db/0x2d0 [ 17.044744] ? kasan_addr_to_slab+0x11/0xa0 [ 17.044773] ? kfree+0x274/0x3f0 [ 17.044803] kasan_report_invalid_free+0x10a/0x130 [ 17.044867] ? kfree+0x274/0x3f0 [ 17.044904] ? kfree+0x274/0x3f0 [ 17.044934] __kasan_kfree_large+0x86/0xd0 [ 17.044965] free_large_kmalloc+0x4b/0x110 [ 17.044997] kfree+0x274/0x3f0 [ 17.045032] kmalloc_large_invalid_free+0x120/0x2b0 [ 17.045064] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 17.045096] ? __schedule+0x10cc/0x2b60 [ 17.045125] ? __pfx_read_tsc+0x10/0x10 [ 17.045155] ? ktime_get_ts64+0x86/0x230 [ 17.045189] kunit_try_run_case+0x1a5/0x480 [ 17.045247] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.045320] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.045391] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.045432] ? __kthread_parkme+0x82/0x180 [ 17.045463] ? preempt_count_sub+0x50/0x80 [ 17.045495] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.045528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.045561] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.045593] kthread+0x337/0x6f0 [ 17.045620] ? trace_preempt_on+0x20/0xc0 [ 17.045652] ? __pfx_kthread+0x10/0x10 [ 17.045680] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.045712] ? calculate_sigpending+0x7b/0xa0 [ 17.045747] ? __pfx_kthread+0x10/0x10 [ 17.045776] ret_from_fork+0x116/0x1d0 [ 17.045800] ? __pfx_kthread+0x10/0x10 [ 17.045828] ret_from_fork_asm+0x1a/0x30 [ 17.045898] </TASK> [ 17.045914] [ 17.063079] The buggy address belongs to the physical page: [ 17.063738] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102a88 [ 17.064500] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 17.064951] flags: 0x200000000000040(head|node=0|zone=2) [ 17.065614] page_type: f8(unknown) [ 17.065990] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.066959] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.067721] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 17.068392] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 17.069049] head: 0200000000000002 ffffea00040aa201 00000000ffffffff 00000000ffffffff [ 17.069870] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 17.070754] page dumped because: kasan: bad access detected [ 17.071188] [ 17.071395] Memory state around the buggy address: [ 17.071712] ffff888102a87f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.072476] ffff888102a87f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.073063] >ffff888102a88000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.073782] ^ [ 17.074111] ffff888102a88080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.075004] ffff888102a88100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 17.075676] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 17.006633] ================================================================== [ 17.007607] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 17.008575] Read of size 1 at addr ffff888103954000 by task kunit_try_catch/175 [ 17.009194] [ 17.010042] CPU: 0 UID: 0 PID: 175 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 17.010243] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.010295] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.010355] Call Trace: [ 17.010392] <TASK> [ 17.010439] dump_stack_lvl+0x73/0xb0 [ 17.010519] print_report+0xd1/0x650 [ 17.010579] ? __virt_addr_valid+0x1db/0x2d0 [ 17.010615] ? kmalloc_large_uaf+0x2f1/0x340 [ 17.010643] ? kasan_addr_to_slab+0x11/0xa0 [ 17.010672] ? kmalloc_large_uaf+0x2f1/0x340 [ 17.010701] kasan_report+0x141/0x180 [ 17.010731] ? kmalloc_large_uaf+0x2f1/0x340 [ 17.010764] __asan_report_load1_noabort+0x18/0x20 [ 17.010798] kmalloc_large_uaf+0x2f1/0x340 [ 17.010825] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 17.010888] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 17.010923] kunit_try_run_case+0x1a5/0x480 [ 17.010959] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.010990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 17.011017] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 17.011052] ? __kthread_parkme+0x82/0x180 [ 17.011080] ? preempt_count_sub+0x50/0x80 [ 17.011110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 17.011142] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.011172] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 17.011202] kthread+0x337/0x6f0 [ 17.011265] ? trace_preempt_on+0x20/0xc0 [ 17.011305] ? __pfx_kthread+0x10/0x10 [ 17.011334] ? _raw_spin_unlock_irq+0x47/0x80 [ 17.011366] ? calculate_sigpending+0x7b/0xa0 [ 17.011399] ? __pfx_kthread+0x10/0x10 [ 17.011427] ret_from_fork+0x116/0x1d0 [ 17.011453] ? __pfx_kthread+0x10/0x10 [ 17.011482] ret_from_fork_asm+0x1a/0x30 [ 17.011524] </TASK> [ 17.011548] [ 17.026659] The buggy address belongs to the physical page: [ 17.027205] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103954 [ 17.027912] flags: 0x200000000000000(node=0|zone=2) [ 17.028491] raw: 0200000000000000 ffffea00040e5608 ffff88815b039f80 0000000000000000 [ 17.029163] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 17.029872] page dumped because: kasan: bad access detected [ 17.030357] [ 17.030512] Memory state around the buggy address: [ 17.031020] ffff888103953f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.031743] ffff888103953f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 17.032250] >ffff888103954000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.032830] ^ [ 17.033204] ffff888103954080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.033887] ffff888103954100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 17.034592] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 16.965101] ================================================================== [ 16.966147] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 16.967403] Write of size 1 at addr ffff88810395600a by task kunit_try_catch/173 [ 16.967961] [ 16.968379] CPU: 0 UID: 0 PID: 173 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250617 #1 PREEMPT(voluntary) [ 16.968566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.968605] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.968662] Call Trace: [ 16.968699] <TASK> [ 16.968744] dump_stack_lvl+0x73/0xb0 [ 16.968793] print_report+0xd1/0x650 [ 16.968825] ? __virt_addr_valid+0x1db/0x2d0 [ 16.968892] ? kmalloc_large_oob_right+0x2e9/0x330 [ 16.968925] ? kasan_addr_to_slab+0x11/0xa0 [ 16.968955] ? kmalloc_large_oob_right+0x2e9/0x330 [ 16.968987] kasan_report+0x141/0x180 [ 16.969017] ? kmalloc_large_oob_right+0x2e9/0x330 [ 16.969052] __asan_report_store1_noabort+0x1b/0x30 [ 16.969088] kmalloc_large_oob_right+0x2e9/0x330 [ 16.969119] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 16.969150] ? __schedule+0x10cc/0x2b60 [ 16.969178] ? __pfx_read_tsc+0x10/0x10 [ 16.969207] ? ktime_get_ts64+0x86/0x230 [ 16.969336] kunit_try_run_case+0x1a5/0x480 [ 16.969416] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.969491] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 16.969557] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 16.969657] ? __kthread_parkme+0x82/0x180 [ 16.969693] ? preempt_count_sub+0x50/0x80 [ 16.969726] ? __pfx_kunit_try_run_case+0x10/0x10 [ 16.969759] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.969792] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 16.969824] kthread+0x337/0x6f0 [ 16.969890] ? trace_preempt_on+0x20/0xc0 [ 16.969925] ? __pfx_kthread+0x10/0x10 [ 16.969952] ? _raw_spin_unlock_irq+0x47/0x80 [ 16.969985] ? calculate_sigpending+0x7b/0xa0 [ 16.970018] ? __pfx_kthread+0x10/0x10 [ 16.970046] ret_from_fork+0x116/0x1d0 [ 16.970071] ? __pfx_kthread+0x10/0x10 [ 16.970098] ret_from_fork_asm+0x1a/0x30 [ 16.970137] </TASK> [ 16.970153] [ 16.986753] The buggy address belongs to the physical page: [ 16.987650] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103954 [ 16.988405] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 16.989155] flags: 0x200000000000040(head|node=0|zone=2) [ 16.989777] page_type: f8(unknown) [ 16.990145] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.990942] raw: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.991699] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 16.992686] head: 0000000000000000 0000000000000000 00000001f8000000 0000000000000000 [ 16.993444] head: 0200000000000002 ffffea00040e5501 00000000ffffffff 00000000ffffffff [ 16.994143] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 16.994988] page dumped because: kasan: bad access detected [ 16.995579] [ 16.995782] Memory state around the buggy address: [ 16.996206] ffff888103955f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.996889] ffff888103955f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 16.997468] >ffff888103956000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.998538] ^ [ 16.998793] ffff888103956080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 16.999821] ffff888103956100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 17.000528] ==================================================================