Date
June 18, 2025, 6:43 a.m.
Failure - kunit - drm_test_framebuffer_create_ABGR8888Invalidflag
<8>[ 231.669850] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Invalidflag RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Bufferoffsetforinexistentplane
<8>[ 231.574174] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Bufferoffsetforinexistentplane RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_ABGR8888Largebufferoffset
<8>[ 231.479801] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_ABGR8888Largebufferoffset RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_node_oob_right
[ 10.533426] ================================================================== [ 10.534120] BUG: KASAN: slab-out-of-bounds in kmalloc_node_oob_right+0x369/0x3c0 [ 10.534775] Read of size 1 at addr ffff8881038f7000 by task kunit_try_catch/166 [ 10.535625] [ 10.535860] CPU: 0 UID: 0 PID: 166 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.535912] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.535924] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.535944] Call Trace: [ 10.535956] <TASK> [ 10.535973] dump_stack_lvl+0x73/0xb0 [ 10.536002] print_report+0xd1/0x650 [ 10.536023] ? __virt_addr_valid+0x1db/0x2d0 [ 10.536045] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.536067] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.536091] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.536113] kasan_report+0x141/0x180 [ 10.536134] ? kmalloc_node_oob_right+0x369/0x3c0 [ 10.536160] __asan_report_load1_noabort+0x18/0x20 [ 10.536182] kmalloc_node_oob_right+0x369/0x3c0 [ 10.536219] ? __pfx_kmalloc_node_oob_right+0x10/0x10 [ 10.536242] ? __schedule+0x10cc/0x2b60 [ 10.536262] ? __pfx_read_tsc+0x10/0x10 [ 10.536283] ? ktime_get_ts64+0x86/0x230 [ 10.536307] kunit_try_run_case+0x1a5/0x480 [ 10.536330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.536351] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.536373] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.536394] ? __kthread_parkme+0x82/0x180 [ 10.536413] ? preempt_count_sub+0x50/0x80 [ 10.536436] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.536458] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.536478] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.536500] kthread+0x337/0x6f0 [ 10.536518] ? trace_preempt_on+0x20/0xc0 [ 10.536540] ? __pfx_kthread+0x10/0x10 [ 10.536559] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.536578] ? calculate_sigpending+0x7b/0xa0 [ 10.536601] ? __pfx_kthread+0x10/0x10 [ 10.536621] ret_from_fork+0x116/0x1d0 [ 10.536639] ? __pfx_kthread+0x10/0x10 [ 10.536661] ret_from_fork_asm+0x1a/0x30 [ 10.536691] </TASK> [ 10.536701] [ 10.543812] Allocated by task 166: [ 10.543970] kasan_save_stack+0x45/0x70 [ 10.544151] kasan_save_track+0x18/0x40 [ 10.544370] kasan_save_alloc_info+0x3b/0x50 [ 10.544749] __kasan_kmalloc+0xb7/0xc0 [ 10.544922] __kmalloc_cache_node_noprof+0x188/0x420 [ 10.545123] kmalloc_node_oob_right+0xab/0x3c0 [ 10.545362] kunit_try_run_case+0x1a5/0x480 [ 10.545617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.545840] kthread+0x337/0x6f0 [ 10.546002] ret_from_fork+0x116/0x1d0 [ 10.546161] ret_from_fork_asm+0x1a/0x30 [ 10.546364] [ 10.546451] The buggy address belongs to the object at ffff8881038f6000 [ 10.546451] which belongs to the cache kmalloc-4k of size 4096 [ 10.546995] The buggy address is located 0 bytes to the right of [ 10.546995] allocated 4096-byte region [ffff8881038f6000, ffff8881038f7000) [ 10.547496] [ 10.547561] The buggy address belongs to the physical page: [ 10.547890] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038f0 [ 10.548468] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.548732] flags: 0x200000000000040(head|node=0|zone=2) [ 10.549174] page_type: f5(slab) [ 10.551165] raw: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.551418] raw: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.551671] head: 0200000000000040 ffff888100042140 dead000000000122 0000000000000000 [ 10.551896] head: 0000000000000000 0000000080040004 00000000f5000000 0000000000000000 [ 10.552161] head: 0200000000000003 ffffea00040e3c01 00000000ffffffff 00000000ffffffff [ 10.552921] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.553167] page dumped because: kasan: bad access detected [ 10.553402] [ 10.553511] Memory state around the buggy address: [ 10.553727] ffff8881038f6f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.554916] ffff8881038f6f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.555472] >ffff8881038f7000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.555748] ^ [ 10.555857] ffff8881038f7080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.556145] ffff8881038f7100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.556496] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_left
[ 10.503356] ================================================================== [ 10.504434] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_left+0x361/0x3c0 [ 10.504679] Read of size 1 at addr ffff888101677b9f by task kunit_try_catch/164 [ 10.504933] [ 10.505250] CPU: 0 UID: 0 PID: 164 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.505304] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.505316] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.505337] Call Trace: [ 10.505350] <TASK> [ 10.505368] dump_stack_lvl+0x73/0xb0 [ 10.505399] print_report+0xd1/0x650 [ 10.505419] ? __virt_addr_valid+0x1db/0x2d0 [ 10.505443] ? kmalloc_oob_left+0x361/0x3c0 [ 10.505462] ? kasan_complete_mode_report_info+0x64/0x200 [ 10.505486] ? kmalloc_oob_left+0x361/0x3c0 [ 10.505505] kasan_report+0x141/0x180 [ 10.505525] ? kmalloc_oob_left+0x361/0x3c0 [ 10.505549] __asan_report_load1_noabort+0x18/0x20 [ 10.505571] kmalloc_oob_left+0x361/0x3c0 [ 10.505590] ? __pfx_kmalloc_oob_left+0x10/0x10 [ 10.505610] ? __schedule+0x10cc/0x2b60 [ 10.505631] ? __pfx_read_tsc+0x10/0x10 [ 10.505651] ? ktime_get_ts64+0x86/0x230 [ 10.505676] kunit_try_run_case+0x1a5/0x480 [ 10.505698] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.505718] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.505740] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.505761] ? __kthread_parkme+0x82/0x180 [ 10.505780] ? preempt_count_sub+0x50/0x80 [ 10.505802] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.505823] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.505844] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.505866] kthread+0x337/0x6f0 [ 10.505883] ? trace_preempt_on+0x20/0xc0 [ 10.505918] ? __pfx_kthread+0x10/0x10 [ 10.505937] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.505955] ? calculate_sigpending+0x7b/0xa0 [ 10.505989] ? __pfx_kthread+0x10/0x10 [ 10.506009] ret_from_fork+0x116/0x1d0 [ 10.506026] ? __pfx_kthread+0x10/0x10 [ 10.506045] ret_from_fork_asm+0x1a/0x30 [ 10.506074] </TASK> [ 10.506084] [ 10.513701] Allocated by task 26: [ 10.513855] kasan_save_stack+0x45/0x70 [ 10.513992] kasan_save_track+0x18/0x40 [ 10.514119] kasan_save_alloc_info+0x3b/0x50 [ 10.514320] __kasan_kmalloc+0xb7/0xc0 [ 10.514498] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.514802] kstrdup+0x3e/0xa0 [ 10.515065] devtmpfs_work_loop+0x96d/0xf30 [ 10.515477] devtmpfsd+0x3b/0x40 [ 10.516016] kthread+0x337/0x6f0 [ 10.516163] ret_from_fork+0x116/0x1d0 [ 10.516352] ret_from_fork_asm+0x1a/0x30 [ 10.517780] [ 10.518004] Freed by task 26: [ 10.518179] kasan_save_stack+0x45/0x70 [ 10.518618] kasan_save_track+0x18/0x40 [ 10.518768] kasan_save_free_info+0x3f/0x60 [ 10.519100] __kasan_slab_free+0x56/0x70 [ 10.519321] kfree+0x222/0x3f0 [ 10.519706] devtmpfs_work_loop+0xacb/0xf30 [ 10.519915] devtmpfsd+0x3b/0x40 [ 10.520259] kthread+0x337/0x6f0 [ 10.520429] ret_from_fork+0x116/0x1d0 [ 10.520737] ret_from_fork_asm+0x1a/0x30 [ 10.521001] [ 10.521169] The buggy address belongs to the object at ffff888101677b80 [ 10.521169] which belongs to the cache kmalloc-16 of size 16 [ 10.521946] The buggy address is located 15 bytes to the right of [ 10.521946] allocated 16-byte region [ffff888101677b80, ffff888101677b90) [ 10.522751] [ 10.522910] The buggy address belongs to the physical page: [ 10.523136] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101677 [ 10.523828] flags: 0x200000000000000(node=0|zone=2) [ 10.524169] page_type: f5(slab) [ 10.524307] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 10.524798] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 10.525279] page dumped because: kasan: bad access detected [ 10.525530] [ 10.525615] Memory state around the buggy address: [ 10.525786] ffff888101677a80: 00 00 fc fc 00 04 fc fc 00 04 fc fc fa fb fc fc [ 10.526096] ffff888101677b00: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 10.526840] >ffff888101677b80: fa fb fc fc 00 07 fc fc fc fc fc fc fc fc fc fc [ 10.527550] ^ [ 10.527725] ffff888101677c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.528385] ffff888101677c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.528945] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_right
[ 10.450335] ================================================================== [ 10.450985] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6bd/0x7f0 [ 10.451303] Write of size 1 at addr ffff888102c54678 by task kunit_try_catch/162 [ 10.451613] [ 10.451723] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.451769] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.451781] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.451856] Call Trace: [ 10.451870] <TASK> [ 10.451883] dump_stack_lvl+0x73/0xb0 [ 10.451910] print_report+0xd1/0x650 [ 10.451930] ? __virt_addr_valid+0x1db/0x2d0 [ 10.451951] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.451970] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.451994] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.452014] kasan_report+0x141/0x180 [ 10.452034] ? kmalloc_oob_right+0x6bd/0x7f0 [ 10.452080] __asan_report_store1_noabort+0x1b/0x30 [ 10.452103] kmalloc_oob_right+0x6bd/0x7f0 [ 10.452123] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.452144] ? __schedule+0x10cc/0x2b60 [ 10.452164] ? __pfx_read_tsc+0x10/0x10 [ 10.452184] ? ktime_get_ts64+0x86/0x230 [ 10.452222] kunit_try_run_case+0x1a5/0x480 [ 10.452243] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.452280] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.452301] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.452322] ? __kthread_parkme+0x82/0x180 [ 10.452340] ? preempt_count_sub+0x50/0x80 [ 10.452362] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.452383] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.452404] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.452425] kthread+0x337/0x6f0 [ 10.452481] ? trace_preempt_on+0x20/0xc0 [ 10.452505] ? __pfx_kthread+0x10/0x10 [ 10.452524] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.452543] ? calculate_sigpending+0x7b/0xa0 [ 10.452566] ? __pfx_kthread+0x10/0x10 [ 10.452586] ret_from_fork+0x116/0x1d0 [ 10.452604] ? __pfx_kthread+0x10/0x10 [ 10.452623] ret_from_fork_asm+0x1a/0x30 [ 10.452656] </TASK> [ 10.452665] [ 10.462420] Allocated by task 162: [ 10.462587] kasan_save_stack+0x45/0x70 [ 10.462829] kasan_save_track+0x18/0x40 [ 10.463343] kasan_save_alloc_info+0x3b/0x50 [ 10.463653] __kasan_kmalloc+0xb7/0xc0 [ 10.463842] __kmalloc_cache_noprof+0x189/0x420 [ 10.464241] kmalloc_oob_right+0xa9/0x7f0 [ 10.464562] kunit_try_run_case+0x1a5/0x480 [ 10.464872] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.465192] kthread+0x337/0x6f0 [ 10.465402] ret_from_fork+0x116/0x1d0 [ 10.465704] ret_from_fork_asm+0x1a/0x30 [ 10.466105] [ 10.466224] The buggy address belongs to the object at ffff888102c54600 [ 10.466224] which belongs to the cache kmalloc-128 of size 128 [ 10.467061] The buggy address is located 5 bytes to the right of [ 10.467061] allocated 115-byte region [ffff888102c54600, ffff888102c54673) [ 10.467913] [ 10.468160] The buggy address belongs to the physical page: [ 10.468514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 10.469058] flags: 0x200000000000000(node=0|zone=2) [ 10.469309] page_type: f5(slab) [ 10.469688] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.470001] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.470523] page dumped because: kasan: bad access detected [ 10.470865] [ 10.470961] Memory state around the buggy address: [ 10.471301] ffff888102c54500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.471993] ffff888102c54580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.472320] >ffff888102c54600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.472734] ^ [ 10.473153] ffff888102c54680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.473556] ffff888102c54700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.473914] ================================================================== [ 10.419453] ================================================================== [ 10.420005] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x6f0/0x7f0 [ 10.420818] Write of size 1 at addr ffff888102c54673 by task kunit_try_catch/162 [ 10.421267] [ 10.422252] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.422626] Tainted: [N]=TEST [ 10.422657] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.422886] Call Trace: [ 10.422953] <TASK> [ 10.423095] dump_stack_lvl+0x73/0xb0 [ 10.423195] print_report+0xd1/0x650 [ 10.423237] ? __virt_addr_valid+0x1db/0x2d0 [ 10.423263] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.423283] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.423307] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.423327] kasan_report+0x141/0x180 [ 10.423348] ? kmalloc_oob_right+0x6f0/0x7f0 [ 10.423372] __asan_report_store1_noabort+0x1b/0x30 [ 10.423395] kmalloc_oob_right+0x6f0/0x7f0 [ 10.423415] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.423436] ? __schedule+0x10cc/0x2b60 [ 10.423458] ? __pfx_read_tsc+0x10/0x10 [ 10.423479] ? ktime_get_ts64+0x86/0x230 [ 10.423506] kunit_try_run_case+0x1a5/0x480 [ 10.423531] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.423552] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.423575] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.423596] ? __kthread_parkme+0x82/0x180 [ 10.423617] ? preempt_count_sub+0x50/0x80 [ 10.423640] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.423662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.423683] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.423705] kthread+0x337/0x6f0 [ 10.423724] ? trace_preempt_on+0x20/0xc0 [ 10.423747] ? __pfx_kthread+0x10/0x10 [ 10.423767] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.423786] ? calculate_sigpending+0x7b/0xa0 [ 10.423809] ? __pfx_kthread+0x10/0x10 [ 10.423829] ret_from_fork+0x116/0x1d0 [ 10.423847] ? __pfx_kthread+0x10/0x10 [ 10.423866] ret_from_fork_asm+0x1a/0x30 [ 10.423917] </TASK> [ 10.423980] [ 10.434618] Allocated by task 162: [ 10.434919] kasan_save_stack+0x45/0x70 [ 10.435106] kasan_save_track+0x18/0x40 [ 10.435608] kasan_save_alloc_info+0x3b/0x50 [ 10.435793] __kasan_kmalloc+0xb7/0xc0 [ 10.436063] __kmalloc_cache_noprof+0x189/0x420 [ 10.436317] kmalloc_oob_right+0xa9/0x7f0 [ 10.436768] kunit_try_run_case+0x1a5/0x480 [ 10.436966] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.437441] kthread+0x337/0x6f0 [ 10.437624] ret_from_fork+0x116/0x1d0 [ 10.437997] ret_from_fork_asm+0x1a/0x30 [ 10.438234] [ 10.438643] The buggy address belongs to the object at ffff888102c54600 [ 10.438643] which belongs to the cache kmalloc-128 of size 128 [ 10.439569] The buggy address is located 0 bytes to the right of [ 10.439569] allocated 115-byte region [ffff888102c54600, ffff888102c54673) [ 10.440284] [ 10.440441] The buggy address belongs to the physical page: [ 10.441144] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 10.441821] flags: 0x200000000000000(node=0|zone=2) [ 10.442575] page_type: f5(slab) [ 10.443234] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.443569] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.444127] page dumped because: kasan: bad access detected [ 10.444430] [ 10.444850] Memory state around the buggy address: [ 10.445463] ffff888102c54500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.445782] ffff888102c54580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.446220] >ffff888102c54600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.446699] ^ [ 10.447156] ffff888102c54680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.447675] ffff888102c54700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.448130] ================================================================== [ 10.475135] ================================================================== [ 10.475529] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_right+0x68a/0x7f0 [ 10.475842] Read of size 1 at addr ffff888102c54680 by task kunit_try_catch/162 [ 10.476381] [ 10.476543] CPU: 1 UID: 0 PID: 162 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.476590] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.476745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.476767] Call Trace: [ 10.476779] <TASK> [ 10.476794] dump_stack_lvl+0x73/0xb0 [ 10.476821] print_report+0xd1/0x650 [ 10.476841] ? __virt_addr_valid+0x1db/0x2d0 [ 10.476863] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.476882] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.476906] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.476926] kasan_report+0x141/0x180 [ 10.476946] ? kmalloc_oob_right+0x68a/0x7f0 [ 10.476970] __asan_report_load1_noabort+0x18/0x20 [ 10.476993] kmalloc_oob_right+0x68a/0x7f0 [ 10.477013] ? __pfx_kmalloc_oob_right+0x10/0x10 [ 10.477033] ? __schedule+0x10cc/0x2b60 [ 10.477053] ? __pfx_read_tsc+0x10/0x10 [ 10.477073] ? ktime_get_ts64+0x86/0x230 [ 10.477097] kunit_try_run_case+0x1a5/0x480 [ 10.477119] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.477140] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.477160] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.477181] ? __kthread_parkme+0x82/0x180 [ 10.477200] ? preempt_count_sub+0x50/0x80 [ 10.477233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.477256] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.477276] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.477298] kthread+0x337/0x6f0 [ 10.477316] ? trace_preempt_on+0x20/0xc0 [ 10.477337] ? __pfx_kthread+0x10/0x10 [ 10.477357] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.477375] ? calculate_sigpending+0x7b/0xa0 [ 10.477398] ? __pfx_kthread+0x10/0x10 [ 10.477418] ret_from_fork+0x116/0x1d0 [ 10.477481] ? __pfx_kthread+0x10/0x10 [ 10.477502] ret_from_fork_asm+0x1a/0x30 [ 10.477531] </TASK> [ 10.477541] [ 10.487805] Allocated by task 162: [ 10.488184] kasan_save_stack+0x45/0x70 [ 10.488387] kasan_save_track+0x18/0x40 [ 10.488644] kasan_save_alloc_info+0x3b/0x50 [ 10.488867] __kasan_kmalloc+0xb7/0xc0 [ 10.489056] __kmalloc_cache_noprof+0x189/0x420 [ 10.489298] kmalloc_oob_right+0xa9/0x7f0 [ 10.489486] kunit_try_run_case+0x1a5/0x480 [ 10.489743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.489971] kthread+0x337/0x6f0 [ 10.490132] ret_from_fork+0x116/0x1d0 [ 10.490376] ret_from_fork_asm+0x1a/0x30 [ 10.490811] [ 10.490922] The buggy address belongs to the object at ffff888102c54600 [ 10.490922] which belongs to the cache kmalloc-128 of size 128 [ 10.491461] The buggy address is located 13 bytes to the right of [ 10.491461] allocated 115-byte region [ffff888102c54600, ffff888102c54673) [ 10.492114] [ 10.492241] The buggy address belongs to the physical page: [ 10.492417] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 10.492749] flags: 0x200000000000000(node=0|zone=2) [ 10.492902] page_type: f5(slab) [ 10.493060] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.493577] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.493860] page dumped because: kasan: bad access detected [ 10.494025] [ 10.494087] Memory state around the buggy address: [ 10.494385] ffff888102c54580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.494900] ffff888102c54600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 10.495247] >ffff888102c54680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.495739] ^ [ 10.496018] ffff888102c54700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.496369] ffff888102c54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.496770] ==================================================================
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_vscale
------------[ cut here ]------------ [ 149.856838] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2794 [ 149.857176] Modules linked in: [ 149.857626] CPU: 1 UID: 0 PID: 2794 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 149.858579] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.858919] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.859366] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 149.859980] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 ce 20 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 149.861462] RSP: 0000:ffff8881031e7c78 EFLAGS: 00010286 [ 149.862162] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 149.862817] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff8643735c [ 149.863028] RBP: ffff8881031e7ca0 R08: 0000000000000000 R09: ffffed102055d7c0 [ 149.863650] R10: ffff888102aebe07 R11: 0000000000000000 R12: ffffffff86437348 [ 149.864282] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881031e7d38 [ 149.864988] FS: 0000000000000000(0000) GS:ffff8881cc367000(0000) knlGS:0000000000000000 [ 149.865765] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.866273] CR2: dffffc00000000c5 CR3: 00000001660bc000 CR4: 00000000000006f0 [ 149.866746] DR0: ffffffff8845d440 DR1: ffffffff8845d441 DR2: ffffffff8845d443 [ 149.867324] DR3: ffffffff8845d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.867882] Call Trace: [ 149.868161] <TASK> [ 149.868385] drm_test_rect_calc_vscale+0x108/0x270 [ 149.868657] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 149.868830] ? __schedule+0x10cc/0x2b60 [ 149.868968] ? __pfx_read_tsc+0x10/0x10 [ 149.869104] ? ktime_get_ts64+0x86/0x230 [ 149.869316] kunit_try_run_case+0x1a5/0x480 [ 149.869519] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.869742] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 149.869954] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.870325] ? __kthread_parkme+0x82/0x180 [ 149.870627] ? preempt_count_sub+0x50/0x80 [ 149.870833] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.871051] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.871336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.871619] kthread+0x337/0x6f0 [ 149.871763] ? trace_preempt_on+0x20/0xc0 [ 149.871965] ? __pfx_kthread+0x10/0x10 [ 149.872182] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.872387] ? calculate_sigpending+0x7b/0xa0 [ 149.872804] ? __pfx_kthread+0x10/0x10 [ 149.873001] ret_from_fork+0x116/0x1d0 [ 149.873175] ? __pfx_kthread+0x10/0x10 [ 149.873373] ret_from_fork_asm+0x1a/0x30 [ 149.873644] </TASK> [ 149.873737] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 149.877388] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_vscale+0x130/0x190, CPU#1: kunit_try_catch/2796 [ 149.878028] Modules linked in: [ 149.878193] CPU: 1 UID: 0 PID: 2796 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 149.878722] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.879303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.879976] RIP: 0010:drm_rect_calc_vscale+0x130/0x190 [ 149.880567] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d e9 10 ce 20 02 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 149.881565] RSP: 0000:ffff888102f97c78 EFLAGS: 00010286 [ 149.881754] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 149.881960] RDX: 0000000000000007 RSI: 0000000000000000 RDI: ffffffff86437394 [ 149.882302] RBP: ffff888102f97ca0 R08: 0000000000000000 R09: ffffed10206f21a0 [ 149.883129] R10: ffff888103790d07 R11: 0000000000000000 R12: ffffffff86437380 [ 149.884017] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888102f97d38 [ 149.884826] FS: 0000000000000000(0000) GS:ffff8881cc367000(0000) knlGS:0000000000000000 [ 149.885655] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.886056] CR2: dffffc00000000c5 CR3: 00000001660bc000 CR4: 00000000000006f0 [ 149.886622] DR0: ffffffff8845d440 DR1: ffffffff8845d441 DR2: ffffffff8845d443 [ 149.887127] DR3: ffffffff8845d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.887346] Call Trace: [ 149.887592] <TASK> [ 149.887844] drm_test_rect_calc_vscale+0x108/0x270 [ 149.888314] ? __pfx_drm_test_rect_calc_vscale+0x10/0x10 [ 149.888907] ? __schedule+0x10cc/0x2b60 [ 149.889412] ? __pfx_read_tsc+0x10/0x10 [ 149.889878] ? ktime_get_ts64+0x86/0x230 [ 149.890086] kunit_try_run_case+0x1a5/0x480 [ 149.890615] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.890780] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 149.890932] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.891092] ? __kthread_parkme+0x82/0x180 [ 149.891264] ? preempt_count_sub+0x50/0x80 [ 149.891497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.891720] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.893639] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.893933] kthread+0x337/0x6f0 [ 149.894082] ? trace_preempt_on+0x20/0xc0 [ 149.894247] ? __pfx_kthread+0x10/0x10 [ 149.894436] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.894595] ? calculate_sigpending+0x7b/0xa0 [ 149.895012] ? __pfx_kthread+0x10/0x10 [ 149.895296] ret_from_fork+0x116/0x1d0 [ 149.895522] ? __pfx_kthread+0x10/0x10 [ 149.895752] ret_from_fork_asm+0x1a/0x30 [ 149.895970] </TASK> [ 149.896089] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-driversgpudrmdrm_rect-at-drm_rect_calc_hscale
------------[ cut here ]------------ [ 149.825556] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#1: kunit_try_catch/2784 [ 149.826711] Modules linked in: [ 149.826879] CPU: 1 UID: 0 PID: 2784 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 149.827418] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.827970] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.828344] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 149.828605] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 149.829395] RSP: 0000:ffff8881031e7c78 EFLAGS: 00010286 [ 149.829598] RAX: 0000000000010000 RBX: 00000000ffff0000 RCX: 00000000ffff0000 [ 149.829932] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff86437398 [ 149.830250] RBP: ffff8881031e7ca0 R08: 0000000000000000 R09: ffffed102055d740 [ 149.830777] R10: ffff888102aeba07 R11: 0000000000000000 R12: ffffffff86437380 [ 149.831024] R13: 0000000000000000 R14: 000000007fffffff R15: ffff8881031e7d38 [ 149.831408] FS: 0000000000000000(0000) GS:ffff8881cc367000(0000) knlGS:0000000000000000 [ 149.831753] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.831982] CR2: dffffc00000000c5 CR3: 00000001660bc000 CR4: 00000000000006f0 [ 149.832248] DR0: ffffffff8845d440 DR1: ffffffff8845d441 DR2: ffffffff8845d443 [ 149.832583] DR3: ffffffff8845d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.832948] Call Trace: [ 149.833082] <TASK> [ 149.833229] drm_test_rect_calc_hscale+0x108/0x270 [ 149.833409] ? __kasan_check_write+0x18/0x20 [ 149.833730] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 149.833974] ? __pfx_queued_spin_lock_slowpath+0x10/0x10 [ 149.834367] ? __pfx_read_tsc+0x10/0x10 [ 149.834778] ? ktime_get_ts64+0x86/0x230 [ 149.834984] kunit_try_run_case+0x1a5/0x480 [ 149.835171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.835397] ? _raw_spin_lock_irqsave+0xf9/0x100 [ 149.835752] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.835967] ? __kthread_parkme+0x82/0x180 [ 149.836541] ? preempt_count_sub+0x50/0x80 [ 149.836740] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.836951] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.837386] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.837921] kthread+0x337/0x6f0 [ 149.838296] ? trace_preempt_on+0x20/0xc0 [ 149.838817] ? __pfx_kthread+0x10/0x10 [ 149.839002] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.839391] ? calculate_sigpending+0x7b/0xa0 [ 149.839891] ? __pfx_kthread+0x10/0x10 [ 149.840270] ret_from_fork+0x116/0x1d0 [ 149.840632] ? __pfx_kthread+0x10/0x10 [ 149.840827] ret_from_fork_asm+0x1a/0x30 [ 149.840999] </TASK> [ 149.841105] ---[ end trace 0000000000000000 ]--- ------------[ cut here ]------------ [ 149.797578] WARNING: drivers/gpu/drm/drm_rect.c:137 at drm_rect_calc_hscale+0x125/0x190, CPU#0: kunit_try_catch/2782 [ 149.798531] Modules linked in: [ 149.799003] CPU: 0 UID: 0 PID: 2782 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 149.800252] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 149.800763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 149.801045] RIP: 0010:drm_rect_calc_hscale+0x125/0x190 [ 149.801229] Code: 7f 43 41 39 ce 7c 3e 48 83 c4 08 89 c8 5b 41 5c 41 5d 41 5e 5d c3 cc cc cc cc 8d 44 08 ff 99 f7 f9 89 c1 85 c0 79 d6 eb de 90 <0f> 0b 90 b9 ea ff ff ff 48 83 c4 08 5b 89 c8 41 5c 41 5d 41 5e 5d [ 149.801705] RSP: 0000:ffff888103027c78 EFLAGS: 00010286 [ 149.801874] RAX: 00000000ffff0000 RBX: 00000000ffff0000 RCX: 0000000000010000 [ 149.803733] RDX: 0000000000000003 RSI: 0000000000000000 RDI: ffffffff86437360 [ 149.804646] RBP: ffff888103027ca0 R08: 0000000000000000 R09: ffffed10206f20a0 [ 149.805251] R10: ffff888103790507 R11: 0000000000000000 R12: ffffffff86437348 [ 149.806437] R13: 0000000000000000 R14: 000000007fffffff R15: ffff888103027d38 [ 149.807117] FS: 0000000000000000(0000) GS:ffff8881cc267000(0000) knlGS:0000000000000000 [ 149.808935] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 149.809520] CR2: dffffc00000000c5 CR3: 00000001660bc000 CR4: 00000000000006f0 [ 149.809813] DR0: ffffffff8845d440 DR1: ffffffff8845d441 DR2: ffffffff8845d442 [ 149.810076] DR3: ffffffff8845d443 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 149.810838] Call Trace: [ 149.811262] <TASK> [ 149.811404] drm_test_rect_calc_hscale+0x108/0x270 [ 149.811977] ? __pfx_drm_test_rect_calc_hscale+0x10/0x10 [ 149.812409] ? __schedule+0x10cc/0x2b60 [ 149.812886] ? __pfx_read_tsc+0x10/0x10 [ 149.813265] ? ktime_get_ts64+0x86/0x230 [ 149.813772] kunit_try_run_case+0x1a5/0x480 [ 149.813994] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.814366] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 149.815037] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 149.815830] ? __kthread_parkme+0x82/0x180 [ 149.816110] ? preempt_count_sub+0x50/0x80 [ 149.816573] ? __pfx_kunit_try_run_case+0x10/0x10 [ 149.816799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 149.817019] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 149.817295] kthread+0x337/0x6f0 [ 149.819053] ? trace_preempt_on+0x20/0xc0 [ 149.819286] ? __pfx_kthread+0x10/0x10 [ 149.819507] ? _raw_spin_unlock_irq+0x47/0x80 [ 149.819985] ? calculate_sigpending+0x7b/0xa0 [ 149.820506] ? __pfx_kthread+0x10/0x10 [ 149.820932] ret_from_fork+0x116/0x1d0 [ 149.821289] ? __pfx_kthread+0x10/0x10 [ 149.821514] ret_from_fork_asm+0x1a/0x30 [ 149.821662] </TASK> [ 149.821748] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_managed_drm_managed
<8>[ 241.366701] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_managed RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_run_action
<8>[ 241.272590] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_run_action RESULT=fail>
Failure - kunit - drm_managed_drm_test_managed_release_action
<8>[ 241.176826] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_managed_drm_test_managed_release_action RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value
<8>[ 240.020401] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_broadcast_rgb_value RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Pitchgreaterthanminimumrequired
<8>[ 234.736796] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Pitchgreaterthanminimumrequired RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid
<8>[ 241.082741] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_atomic_helper_connector_hdmi_mode_valid RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Invalidpitch
<8>[ 234.642068] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Invalidpitch RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Maxsizes
<8>[ 234.547652] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Maxsizes RESULT=fail>
Failure - log-parser-boot - bug-bug-kernel-null-pointer-dereference-address
[ 148.112589] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 148.090617] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 148.032090] BUG: kernel NULL pointer dereference, address: 0000000000000690 [ 148.065227] BUG: kernel NULL pointer dereference, address: 0000000000000690
Failure - log-parser-boot - oops-oops-oops-smp-kasan-pti
[ 148.034057] Oops: Oops: 0002 [#49] SMP KASAN PTI [ 148.113443] Oops: Oops: 0002 [#52] SMP KASAN PTI [ 148.066241] Oops: Oops: 0002 [#50] SMP KASAN PTI [ 148.091635] Oops: Oops: 0002 [#51] SMP KASAN PTI
Failure - log-parser-boot - oops-oops-general-protection-fault-probably-for-non-canonical-address-smp-kasan-pti
[ 147.169046] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#16] SMP KASAN PTI [ 147.277897] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#20] SMP KASAN PTI [ 147.199554] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#17] SMP KASAN PTI [ 147.628801] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#34] SMP KASAN PTI [ 147.920025] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#45] SMP KASAN PTI [ 146.920798] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#7] SMP KASAN PTI [ 147.803624] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#40] SMP KASAN PTI [ 147.069599] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#12] SMP KASAN PTI [ 147.943969] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#46] SMP KASAN PTI [ 147.484535] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#28] SMP KASAN PTI [ 106.106736] Oops: general protection fault, probably for non-canonical address 0xdffffc0000000000: 0000 [#1] SMP KASAN PTI [ 146.979880] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#9] SMP KASAN PTI [ 147.606247] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#33] SMP KASAN PTI [ 147.845949] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#42] SMP KASAN PTI [ 147.035622] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#11] SMP KASAN PTI [ 147.703817] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#37] SMP KASAN PTI [ 147.510310] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#29] SMP KASAN PTI [ 147.731986] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#38] SMP KASAN PTI [ 146.102250] Oops: general protection fault, probably for non-canonical address 0xe0ea7c16e00000c9: 0000 [#2] SMP KASAN PTI [ 147.380888] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#24] SMP KASAN PTI [ 147.583624] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#32] SMP KASAN PTI [ 147.970576] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#47] SMP KASAN PTI [ 147.121174] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#14] SMP KASAN PTI [ 147.897513] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#44] SMP KASAN PTI [ 146.949808] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#8] SMP KASAN PTI [ 147.254616] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#19] SMP KASAN PTI [ 147.098250] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#13] SMP KASAN PTI [ 147.223516] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#18] SMP KASAN PTI [ 147.655535] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#35] SMP KASAN PTI [ 148.146695] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#53] SMP KASAN PTI [ 148.206789] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#55] SMP KASAN PTI [ 147.331391] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#22] SMP KASAN PTI [ 147.561012] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#31] SMP KASAN PTI [ 147.869531] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#43] SMP KASAN PTI [ 146.872209] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#5] SMP KASAN PTI [ 148.172862] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#54] SMP KASAN PTI [ 147.429278] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#26] SMP KASAN PTI [ 147.407426] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#25] SMP KASAN PTI [ 146.897305] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#6] SMP KASAN PTI [ 148.001209] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#48] SMP KASAN PTI [ 148.302771] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#58] SMP KASAN PTI [ 147.144649] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#15] SMP KASAN PTI [ 147.451981] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#27] SMP KASAN PTI [ 148.337501] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#59] SMP KASAN PTI [ 147.682075] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#36] SMP KASAN PTI [ 147.301195] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#21] SMP KASAN PTI [ 147.357617] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#23] SMP KASAN PTI [ 148.270404] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#57] SMP KASAN PTI [ 147.532892] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#30] SMP KASAN PTI [ 146.809534] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#3] SMP KASAN PTI [ 147.769229] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#39] SMP KASAN PTI [ 148.236320] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#56] SMP KASAN PTI [ 146.841754] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#4] SMP KASAN PTI [ 147.008237] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#10] SMP KASAN PTI [ 147.824724] Oops: general protection fault, probably for non-canonical address 0xdffffc00000000c5: 0000 [#41] SMP KASAN PTI
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_krealloc
[ 46.602661] ================================================================== [ 46.603114] BUG: KFENCE: use-after-free read in test_krealloc+0x6fc/0xbe0 [ 46.603114] [ 46.603598] Use-after-free read at 0x(____ptrval____) (in kfence-#126): [ 46.603861] test_krealloc+0x6fc/0xbe0 [ 46.604044] kunit_try_run_case+0x1a5/0x480 [ 46.604244] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 46.604921] kthread+0x337/0x6f0 [ 46.605289] ret_from_fork+0x116/0x1d0 [ 46.605466] ret_from_fork_asm+0x1a/0x30 [ 46.605639] [ 46.605708] kfence-#126: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 46.605708] [ 46.606111] allocated by task 363 on cpu 0 at 46.601931s (0.004177s ago): [ 46.606750] test_alloc+0x364/0x10f0 [ 46.606907] test_krealloc+0xad/0xbe0 [ 46.607161] kunit_try_run_case+0x1a5/0x480 [ 46.607484] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 46.607783] kthread+0x337/0x6f0 [ 46.607948] ret_from_fork+0x116/0x1d0 [ 46.608273] ret_from_fork_asm+0x1a/0x30 [ 46.608531] [ 46.608615] freed by task 363 on cpu 0 at 46.602154s (0.006458s ago): [ 46.608982] krealloc_noprof+0x108/0x340 [ 46.609146] test_krealloc+0x226/0xbe0 [ 46.609490] kunit_try_run_case+0x1a5/0x480 [ 46.609684] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 46.609901] kthread+0x337/0x6f0 [ 46.610040] ret_from_fork+0x116/0x1d0 [ 46.610393] ret_from_fork_asm+0x1a/0x30 [ 46.610568] [ 46.610810] CPU: 0 UID: 0 PID: 363 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 46.611480] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.611740] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 46.612256] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_memcache_typesafe_by_rcu
[ 46.518118] ================================================================== [ 46.518518] BUG: KFENCE: use-after-free read in test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 46.518518] [ 46.518848] Use-after-free read at 0x(____ptrval____) (in kfence-#125): [ 46.519053] test_memcache_typesafe_by_rcu+0x2ec/0x670 [ 46.520668] kunit_try_run_case+0x1a5/0x480 [ 46.521290] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 46.522240] kthread+0x337/0x6f0 [ 46.522883] ret_from_fork+0x116/0x1d0 [ 46.523459] ret_from_fork_asm+0x1a/0x30 [ 46.523926] [ 46.524180] kfence-#125: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 46.524180] [ 46.524611] allocated by task 361 on cpu 1 at 46.497663s (0.026945s ago): [ 46.524843] test_alloc+0x2a6/0x10f0 [ 46.524968] test_memcache_typesafe_by_rcu+0x16f/0x670 [ 46.525130] kunit_try_run_case+0x1a5/0x480 [ 46.525536] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 46.525989] kthread+0x337/0x6f0 [ 46.526317] ret_from_fork+0x116/0x1d0 [ 46.526455] ret_from_fork_asm+0x1a/0x30 [ 46.526653] [ 46.526736] freed by task 361 on cpu 1 at 46.497759s (0.028975s ago): [ 46.527014] test_memcache_typesafe_by_rcu+0x1bf/0x670 [ 46.527244] kunit_try_run_case+0x1a5/0x480 [ 46.527430] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 46.527621] kthread+0x337/0x6f0 [ 46.527773] ret_from_fork+0x116/0x1d0 [ 46.527942] ret_from_fork_asm+0x1a/0x30 [ 46.528097] [ 46.528242] CPU: 1 UID: 0 PID: 361 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 46.528632] Tainted: [B]=BAD_PAGE, [N]=TEST [ 46.528829] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 46.529446] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-read-in-test_invalid_access
[ 21.654274] ================================================================== [ 21.655463] BUG: KFENCE: invalid read in test_invalid_access+0xf0/0x210 [ 21.655463] [ 21.655925] Invalid read at 0x(____ptrval____): [ 21.656161] test_invalid_access+0xf0/0x210 [ 21.656366] kunit_try_run_case+0x1a5/0x480 [ 21.656555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.656875] kthread+0x337/0x6f0 [ 21.657049] ret_from_fork+0x116/0x1d0 [ 21.657303] ret_from_fork_asm+0x1a/0x30 [ 21.657534] [ 21.657716] CPU: 1 UID: 0 PID: 357 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 21.658147] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.658340] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.659037] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_kmalloc_aligned_oob_write
[ 21.434006] ================================================================== [ 21.434378] BUG: KFENCE: memory corruption in test_kmalloc_aligned_oob_write+0x24f/0x340 [ 21.434378] [ 21.434861] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#121): [ 21.435337] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 21.435505] kunit_try_run_case+0x1a5/0x480 [ 21.435644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.435805] kthread+0x337/0x6f0 [ 21.435919] ret_from_fork+0x116/0x1d0 [ 21.436042] ret_from_fork_asm+0x1a/0x30 [ 21.436171] [ 21.436246] kfence-#121: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 21.436246] [ 21.436519] allocated by task 351 on cpu 1 at 21.433750s (0.002766s ago): [ 21.436734] test_alloc+0x364/0x10f0 [ 21.436865] test_kmalloc_aligned_oob_write+0xc8/0x340 [ 21.437030] kunit_try_run_case+0x1a5/0x480 [ 21.437169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.437375] kthread+0x337/0x6f0 [ 21.437531] ret_from_fork+0x116/0x1d0 [ 21.437712] ret_from_fork_asm+0x1a/0x30 [ 21.437905] [ 21.437992] freed by task 351 on cpu 1 at 21.433893s (0.004097s ago): [ 21.438209] test_kmalloc_aligned_oob_write+0x24f/0x340 [ 21.438367] kunit_try_run_case+0x1a5/0x480 [ 21.438500] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.438661] kthread+0x337/0x6f0 [ 21.438771] ret_from_fork+0x116/0x1d0 [ 21.438891] ret_from_fork_asm+0x1a/0x30 [ 21.439051] [ 21.439161] CPU: 1 UID: 0 PID: 351 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 21.439978] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.440169] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.440652] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_kmalloc_aligned_oob_read
[ 21.330069] ================================================================== [ 21.330556] BUG: KFENCE: out-of-bounds read in test_kmalloc_aligned_oob_read+0x27e/0x560 [ 21.330556] [ 21.330974] Out-of-bounds read at 0x(____ptrval____) (105B right of kfence-#120): [ 21.331313] test_kmalloc_aligned_oob_read+0x27e/0x560 [ 21.331542] kunit_try_run_case+0x1a5/0x480 [ 21.331820] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.332087] kthread+0x337/0x6f0 [ 21.332383] ret_from_fork+0x116/0x1d0 [ 21.332523] ret_from_fork_asm+0x1a/0x30 [ 21.332767] [ 21.332858] kfence-#120: 0x(____ptrval____)-0x(____ptrval____), size=73, cache=kmalloc-96 [ 21.332858] [ 21.333260] allocated by task 349 on cpu 0 at 21.329852s (0.003406s ago): [ 21.333596] test_alloc+0x364/0x10f0 [ 21.333935] test_kmalloc_aligned_oob_read+0x105/0x560 [ 21.334171] kunit_try_run_case+0x1a5/0x480 [ 21.334361] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 21.334524] kthread+0x337/0x6f0 [ 21.334634] ret_from_fork+0x116/0x1d0 [ 21.334800] ret_from_fork_asm+0x1a/0x30 [ 21.334992] [ 21.335128] CPU: 0 UID: 0 PID: 349 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 21.335655] Tainted: [B]=BAD_PAGE, [N]=TEST [ 21.335863] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 21.336280] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-memory-corruption-in-test_corruption
[ 17.169888] ================================================================== [ 17.170274] BUG: KFENCE: memory corruption in test_corruption+0x131/0x3e0 [ 17.170274] [ 17.170607] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#80): [ 17.171137] test_corruption+0x131/0x3e0 [ 17.171431] kunit_try_run_case+0x1a5/0x480 [ 17.171579] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.171809] kthread+0x337/0x6f0 [ 17.171975] ret_from_fork+0x116/0x1d0 [ 17.172157] ret_from_fork_asm+0x1a/0x30 [ 17.172335] [ 17.172403] kfence-#80: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.172403] [ 17.172886] allocated by task 339 on cpu 1 at 17.169760s (0.003123s ago): [ 17.173138] test_alloc+0x2a6/0x10f0 [ 17.173273] test_corruption+0xe6/0x3e0 [ 17.173461] kunit_try_run_case+0x1a5/0x480 [ 17.173659] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.173910] kthread+0x337/0x6f0 [ 17.174051] ret_from_fork+0x116/0x1d0 [ 17.174238] ret_from_fork_asm+0x1a/0x30 [ 17.174436] [ 17.174527] freed by task 339 on cpu 1 at 17.169815s (0.004710s ago): [ 17.174797] test_corruption+0x131/0x3e0 [ 17.174937] kunit_try_run_case+0x1a5/0x480 [ 17.175076] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.175308] kthread+0x337/0x6f0 [ 17.175468] ret_from_fork+0x116/0x1d0 [ 17.175645] ret_from_fork_asm+0x1a/0x30 [ 17.175804] [ 17.175891] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 17.176572] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.176772] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.177098] ================================================================== [ 16.857986] ================================================================== [ 16.858402] BUG: KFENCE: memory corruption in test_corruption+0x2d2/0x3e0 [ 16.858402] [ 16.858689] Corrupted memory at 0x(____ptrval____) [ ! . . . . . . . . . . . . . . . ] (in kfence-#77): [ 16.859777] test_corruption+0x2d2/0x3e0 [ 16.860063] kunit_try_run_case+0x1a5/0x480 [ 16.860671] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.860933] kthread+0x337/0x6f0 [ 16.861109] ret_from_fork+0x116/0x1d0 [ 16.861514] ret_from_fork_asm+0x1a/0x30 [ 16.861732] [ 16.862015] kfence-#77: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.862015] [ 16.862438] allocated by task 337 on cpu 0 at 16.857732s (0.004704s ago): [ 16.862794] test_alloc+0x364/0x10f0 [ 16.863146] test_corruption+0xe6/0x3e0 [ 16.863502] kunit_try_run_case+0x1a5/0x480 [ 16.863689] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.864033] kthread+0x337/0x6f0 [ 16.864380] ret_from_fork+0x116/0x1d0 [ 16.864588] ret_from_fork_asm+0x1a/0x30 [ 16.864783] [ 16.864855] freed by task 337 on cpu 0 at 16.857823s (0.007029s ago): [ 16.865145] test_corruption+0x2d2/0x3e0 [ 16.865625] kunit_try_run_case+0x1a5/0x480 [ 16.865792] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.866181] kthread+0x337/0x6f0 [ 16.866331] ret_from_fork+0x116/0x1d0 [ 16.866506] ret_from_fork_asm+0x1a/0x30 [ 16.866845] [ 16.866949] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.867597] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.867778] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.868131] ================================================================== [ 17.066077] ================================================================== [ 17.066492] BUG: KFENCE: memory corruption in test_corruption+0x2df/0x3e0 [ 17.066492] [ 17.066887] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#79): [ 17.067494] test_corruption+0x2df/0x3e0 [ 17.067696] kunit_try_run_case+0x1a5/0x480 [ 17.067873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.068118] kthread+0x337/0x6f0 [ 17.068262] ret_from_fork+0x116/0x1d0 [ 17.068960] ret_from_fork_asm+0x1a/0x30 [ 17.069157] [ 17.069253] kfence-#79: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 17.069253] [ 17.069811] allocated by task 337 on cpu 0 at 17.065809s (0.003998s ago): [ 17.070259] test_alloc+0x364/0x10f0 [ 17.070489] test_corruption+0x1cb/0x3e0 [ 17.070741] kunit_try_run_case+0x1a5/0x480 [ 17.070907] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.071294] kthread+0x337/0x6f0 [ 17.071459] ret_from_fork+0x116/0x1d0 [ 17.071738] ret_from_fork_asm+0x1a/0x30 [ 17.071926] [ 17.072004] freed by task 337 on cpu 0 at 17.065911s (0.006091s ago): [ 17.072281] test_corruption+0x2df/0x3e0 [ 17.072456] kunit_try_run_case+0x1a5/0x480 [ 17.072635] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.072860] kthread+0x337/0x6f0 [ 17.073021] ret_from_fork+0x116/0x1d0 [ 17.073594] ret_from_fork_asm+0x1a/0x30 [ 17.073780] [ 17.073887] CPU: 0 UID: 0 PID: 337 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 17.074545] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.074805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.075250] ================================================================== [ 17.377882] ================================================================== [ 17.378323] BUG: KFENCE: memory corruption in test_corruption+0x216/0x3e0 [ 17.378323] [ 17.378649] Corrupted memory at 0x(____ptrval____) [ ! ] (in kfence-#82): [ 17.379027] test_corruption+0x216/0x3e0 [ 17.379253] kunit_try_run_case+0x1a5/0x480 [ 17.379448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.379622] kthread+0x337/0x6f0 [ 17.379786] ret_from_fork+0x116/0x1d0 [ 17.379969] ret_from_fork_asm+0x1a/0x30 [ 17.380150] [ 17.380267] kfence-#82: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 17.380267] [ 17.380622] allocated by task 339 on cpu 1 at 17.377741s (0.002878s ago): [ 17.380857] test_alloc+0x2a6/0x10f0 [ 17.380985] test_corruption+0x1cb/0x3e0 [ 17.381169] kunit_try_run_case+0x1a5/0x480 [ 17.381368] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.381536] kthread+0x337/0x6f0 [ 17.381651] ret_from_fork+0x116/0x1d0 [ 17.381794] ret_from_fork_asm+0x1a/0x30 [ 17.381988] [ 17.382076] freed by task 339 on cpu 1 at 17.377800s (0.004274s ago): [ 17.382381] test_corruption+0x216/0x3e0 [ 17.382639] kunit_try_run_case+0x1a5/0x480 [ 17.382842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 17.383031] kthread+0x337/0x6f0 [ 17.383145] ret_from_fork+0x116/0x1d0 [ 17.383307] ret_from_fork_asm+0x1a/0x30 [ 17.383498] [ 17.383611] CPU: 1 UID: 0 PID: 339 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 17.384193] Tainted: [B]=BAD_PAGE, [N]=TEST [ 17.384333] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 17.385050] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_invalid_addr_free
[ 16.753870] ================================================================== [ 16.754323] BUG: KFENCE: invalid free in test_invalid_addr_free+0xfb/0x260 [ 16.754323] [ 16.754665] Invalid free of 0x(____ptrval____) (in kfence-#76): [ 16.754939] test_invalid_addr_free+0xfb/0x260 [ 16.755094] kunit_try_run_case+0x1a5/0x480 [ 16.755424] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.755691] kthread+0x337/0x6f0 [ 16.755848] ret_from_fork+0x116/0x1d0 [ 16.756013] ret_from_fork_asm+0x1a/0x30 [ 16.756199] [ 16.756289] kfence-#76: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.756289] [ 16.756669] allocated by task 335 on cpu 1 at 16.753772s (0.002894s ago): [ 16.756949] test_alloc+0x2a6/0x10f0 [ 16.757124] test_invalid_addr_free+0xdb/0x260 [ 16.757394] kunit_try_run_case+0x1a5/0x480 [ 16.757571] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.757785] kthread+0x337/0x6f0 [ 16.757926] ret_from_fork+0x116/0x1d0 [ 16.758080] ret_from_fork_asm+0x1a/0x30 [ 16.758294] [ 16.758407] CPU: 1 UID: 0 PID: 335 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.758758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.758890] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.759277] ================================================================== [ 16.649858] ================================================================== [ 16.650281] BUG: KFENCE: invalid free in test_invalid_addr_free+0x1e1/0x260 [ 16.650281] [ 16.650706] Invalid free of 0x(____ptrval____) (in kfence-#75): [ 16.650991] test_invalid_addr_free+0x1e1/0x260 [ 16.651172] kunit_try_run_case+0x1a5/0x480 [ 16.651323] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.651681] kthread+0x337/0x6f0 [ 16.651975] ret_from_fork+0x116/0x1d0 [ 16.652150] ret_from_fork_asm+0x1a/0x30 [ 16.652357] [ 16.652451] kfence-#75: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.652451] [ 16.652852] allocated by task 333 on cpu 0 at 16.649743s (0.003106s ago): [ 16.653131] test_alloc+0x364/0x10f0 [ 16.653260] test_invalid_addr_free+0xdb/0x260 [ 16.653399] kunit_try_run_case+0x1a5/0x480 [ 16.653706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.653970] kthread+0x337/0x6f0 [ 16.654150] ret_from_fork+0x116/0x1d0 [ 16.654541] ret_from_fork_asm+0x1a/0x30 [ 16.654743] [ 16.654834] CPU: 0 UID: 0 PID: 333 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.655946] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.656106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.656600] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-invalid-free-in-test_double_free
[ 16.442013] ================================================================== [ 16.442472] BUG: KFENCE: invalid free in test_double_free+0x1d3/0x260 [ 16.442472] [ 16.442792] Invalid free of 0x(____ptrval____) (in kfence-#73): [ 16.443090] test_double_free+0x1d3/0x260 [ 16.443303] kunit_try_run_case+0x1a5/0x480 [ 16.443538] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.443722] kthread+0x337/0x6f0 [ 16.443891] ret_from_fork+0x116/0x1d0 [ 16.444082] ret_from_fork_asm+0x1a/0x30 [ 16.444280] [ 16.444351] kfence-#73: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.444351] [ 16.444697] allocated by task 329 on cpu 0 at 16.441767s (0.002928s ago): [ 16.445002] test_alloc+0x364/0x10f0 [ 16.445139] test_double_free+0xdb/0x260 [ 16.445283] kunit_try_run_case+0x1a5/0x480 [ 16.445554] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.445813] kthread+0x337/0x6f0 [ 16.445999] ret_from_fork+0x116/0x1d0 [ 16.446190] ret_from_fork_asm+0x1a/0x30 [ 16.446340] [ 16.446432] freed by task 329 on cpu 0 at 16.441824s (0.004606s ago): [ 16.446885] test_double_free+0x1e0/0x260 [ 16.447193] kunit_try_run_case+0x1a5/0x480 [ 16.447790] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.448107] kthread+0x337/0x6f0 [ 16.448289] ret_from_fork+0x116/0x1d0 [ 16.448453] ret_from_fork_asm+0x1a/0x30 [ 16.448585] [ 16.448710] CPU: 0 UID: 0 PID: 329 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.449758] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.450024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.450571] ================================================================== [ 16.545900] ================================================================== [ 16.546299] BUG: KFENCE: invalid free in test_double_free+0x112/0x260 [ 16.546299] [ 16.546622] Invalid free of 0x(____ptrval____) (in kfence-#74): [ 16.546892] test_double_free+0x112/0x260 [ 16.547072] kunit_try_run_case+0x1a5/0x480 [ 16.547676] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.548113] kthread+0x337/0x6f0 [ 16.548303] ret_from_fork+0x116/0x1d0 [ 16.548468] ret_from_fork_asm+0x1a/0x30 [ 16.548659] [ 16.548734] kfence-#74: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.548734] [ 16.549112] allocated by task 331 on cpu 0 at 16.545759s (0.003351s ago): [ 16.549358] test_alloc+0x2a6/0x10f0 [ 16.549536] test_double_free+0xdb/0x260 [ 16.549724] kunit_try_run_case+0x1a5/0x480 [ 16.549916] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.550108] kthread+0x337/0x6f0 [ 16.550871] ret_from_fork+0x116/0x1d0 [ 16.551012] ret_from_fork_asm+0x1a/0x30 [ 16.551446] [ 16.551543] freed by task 331 on cpu 0 at 16.545799s (0.005741s ago): [ 16.551926] test_double_free+0xfa/0x260 [ 16.552084] kunit_try_run_case+0x1a5/0x480 [ 16.552404] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.552728] kthread+0x337/0x6f0 [ 16.554352] ret_from_fork+0x116/0x1d0 [ 16.554518] ret_from_fork_asm+0x1a/0x30 [ 16.554658] [ 16.554753] CPU: 0 UID: 0 PID: 331 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.555110] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.555328] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.555596] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-use-after-free-read-in-test_use_after_free_read
[ 16.129906] ================================================================== [ 16.130374] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.130374] [ 16.130855] Use-after-free read at 0x(____ptrval____) (in kfence-#70): [ 16.131088] test_use_after_free_read+0x129/0x270 [ 16.131326] kunit_try_run_case+0x1a5/0x480 [ 16.131582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.131797] kthread+0x337/0x6f0 [ 16.131940] ret_from_fork+0x116/0x1d0 [ 16.132115] ret_from_fork_asm+0x1a/0x30 [ 16.132389] [ 16.132484] kfence-#70: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 16.132484] [ 16.132792] allocated by task 323 on cpu 1 at 16.129744s (0.003046s ago): [ 16.133106] test_alloc+0x2a6/0x10f0 [ 16.133294] test_use_after_free_read+0xdc/0x270 [ 16.133510] kunit_try_run_case+0x1a5/0x480 [ 16.133744] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.133979] kthread+0x337/0x6f0 [ 16.134362] ret_from_fork+0x116/0x1d0 [ 16.134511] ret_from_fork_asm+0x1a/0x30 [ 16.134641] [ 16.134721] freed by task 323 on cpu 1 at 16.129795s (0.004924s ago): [ 16.134985] test_use_after_free_read+0xfb/0x270 [ 16.135595] kunit_try_run_case+0x1a5/0x480 [ 16.135870] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.136408] kthread+0x337/0x6f0 [ 16.136637] ret_from_fork+0x116/0x1d0 [ 16.136926] ret_from_fork_asm+0x1a/0x30 [ 16.137228] [ 16.137349] CPU: 1 UID: 0 PID: 323 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.137790] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.137968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.138525] ================================================================== [ 16.025979] ================================================================== [ 16.026447] BUG: KFENCE: use-after-free read in test_use_after_free_read+0x129/0x270 [ 16.026447] [ 16.026926] Use-after-free read at 0x(____ptrval____) (in kfence-#69): [ 16.027190] test_use_after_free_read+0x129/0x270 [ 16.027420] kunit_try_run_case+0x1a5/0x480 [ 16.027625] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.027940] kthread+0x337/0x6f0 [ 16.028225] ret_from_fork+0x116/0x1d0 [ 16.028372] ret_from_fork_asm+0x1a/0x30 [ 16.028566] [ 16.028661] kfence-#69: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 16.028661] [ 16.029061] allocated by task 321 on cpu 0 at 16.025769s (0.003290s ago): [ 16.029549] test_alloc+0x364/0x10f0 [ 16.029730] test_use_after_free_read+0xdc/0x270 [ 16.029960] kunit_try_run_case+0x1a5/0x480 [ 16.030176] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.030382] kthread+0x337/0x6f0 [ 16.030495] ret_from_fork+0x116/0x1d0 [ 16.030618] ret_from_fork_asm+0x1a/0x30 [ 16.030824] [ 16.031038] freed by task 321 on cpu 0 at 16.025823s (0.005128s ago): [ 16.031457] test_use_after_free_read+0x1e7/0x270 [ 16.031637] kunit_try_run_case+0x1a5/0x480 [ 16.031773] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 16.031935] kthread+0x337/0x6f0 [ 16.032046] ret_from_fork+0x116/0x1d0 [ 16.032168] ret_from_fork_asm+0x1a/0x30 [ 16.032406] [ 16.032526] CPU: 0 UID: 0 PID: 321 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 16.033350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 16.033479] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 16.033861] ==================================================================
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-write-in-test_out_of_bounds_write
[ 15.921813] ================================================================== [ 15.922189] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 15.922189] [ 15.922620] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#68): [ 15.922890] test_out_of_bounds_write+0x10d/0x260 [ 15.923120] kunit_try_run_case+0x1a5/0x480 [ 15.923325] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.923583] kthread+0x337/0x6f0 [ 15.923749] ret_from_fork+0x116/0x1d0 [ 15.923900] ret_from_fork_asm+0x1a/0x30 [ 15.924035] [ 15.924121] kfence-#68: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 15.924121] [ 15.924529] allocated by task 319 on cpu 1 at 15.921752s (0.002775s ago): [ 15.924813] test_alloc+0x2a6/0x10f0 [ 15.924949] test_out_of_bounds_write+0xd4/0x260 [ 15.925120] kunit_try_run_case+0x1a5/0x480 [ 15.925449] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.925615] kthread+0x337/0x6f0 [ 15.925759] ret_from_fork+0x116/0x1d0 [ 15.925943] ret_from_fork_asm+0x1a/0x30 [ 15.926133] [ 15.926262] CPU: 1 UID: 0 PID: 319 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.926637] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.926815] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.927235] ================================================================== [ 15.817803] ================================================================== [ 15.818176] BUG: KFENCE: out-of-bounds write in test_out_of_bounds_write+0x10d/0x260 [ 15.818176] [ 15.818726] Out-of-bounds write at 0x(____ptrval____) (1B left of kfence-#67): [ 15.819001] test_out_of_bounds_write+0x10d/0x260 [ 15.819602] kunit_try_run_case+0x1a5/0x480 [ 15.819801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.820011] kthread+0x337/0x6f0 [ 15.820174] ret_from_fork+0x116/0x1d0 [ 15.820670] ret_from_fork_asm+0x1a/0x30 [ 15.820846] [ 15.820942] kfence-#67: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.820942] [ 15.821525] allocated by task 317 on cpu 0 at 15.817692s (0.003830s ago): [ 15.821928] test_alloc+0x364/0x10f0 [ 15.822087] test_out_of_bounds_write+0xd4/0x260 [ 15.822450] kunit_try_run_case+0x1a5/0x480 [ 15.822636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.822862] kthread+0x337/0x6f0 [ 15.823007] ret_from_fork+0x116/0x1d0 [ 15.823164] ret_from_fork_asm+0x1a/0x30 [ 15.823591] [ 15.823708] CPU: 0 UID: 0 PID: 317 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.824336] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.824607] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.825072] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock
<8>[ 240.985740] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_max_clock RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate
<8>[ 240.888856] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject_rate RESULT=fail>
Failure - log-parser-boot - kfence-bug-kfence-out-of-bounds-read-in-test_out_of_bounds_read
[ 15.194954] ================================================================== [ 15.195384] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.195384] [ 15.195797] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#61): [ 15.196238] test_out_of_bounds_read+0x126/0x4e0 [ 15.196486] kunit_try_run_case+0x1a5/0x480 [ 15.196698] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.196928] kthread+0x337/0x6f0 [ 15.197081] ret_from_fork+0x116/0x1d0 [ 15.197291] ret_from_fork_asm+0x1a/0x30 [ 15.197437] [ 15.197673] kfence-#61: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.197673] [ 15.198305] allocated by task 313 on cpu 0 at 15.193711s (0.004417s ago): [ 15.198850] test_alloc+0x364/0x10f0 [ 15.199025] test_out_of_bounds_read+0xed/0x4e0 [ 15.199262] kunit_try_run_case+0x1a5/0x480 [ 15.199435] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.199622] kthread+0x337/0x6f0 [ 15.199783] ret_from_fork+0x116/0x1d0 [ 15.199954] ret_from_fork_asm+0x1a/0x30 [ 15.200157] [ 15.200323] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.200799] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.200960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.201417] ================================================================== [ 15.609785] ================================================================== [ 15.610172] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x126/0x4e0 [ 15.610172] [ 15.610664] Out-of-bounds read at 0x(____ptrval____) (1B left of kfence-#65): [ 15.610998] test_out_of_bounds_read+0x126/0x4e0 [ 15.611192] kunit_try_run_case+0x1a5/0x480 [ 15.611434] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.611759] kthread+0x337/0x6f0 [ 15.611943] ret_from_fork+0x116/0x1d0 [ 15.612149] ret_from_fork_asm+0x1a/0x30 [ 15.612461] [ 15.612747] kfence-#65: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 15.612747] [ 15.613070] allocated by task 315 on cpu 0 at 15.609727s (0.003341s ago): [ 15.613808] test_alloc+0x2a6/0x10f0 [ 15.614040] test_out_of_bounds_read+0xed/0x4e0 [ 15.614509] kunit_try_run_case+0x1a5/0x480 [ 15.614737] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.615055] kthread+0x337/0x6f0 [ 15.615197] ret_from_fork+0x116/0x1d0 [ 15.615484] ret_from_fork_asm+0x1a/0x30 [ 15.615630] [ 15.615746] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.616244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.616408] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.616781] ================================================================== [ 15.713804] ================================================================== [ 15.714177] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 15.714177] [ 15.714627] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#66): [ 15.714945] test_out_of_bounds_read+0x216/0x4e0 [ 15.715155] kunit_try_run_case+0x1a5/0x480 [ 15.715351] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.715519] kthread+0x337/0x6f0 [ 15.715774] ret_from_fork+0x116/0x1d0 [ 15.715963] ret_from_fork_asm+0x1a/0x30 [ 15.716162] [ 15.716276] kfence-#66: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=test [ 15.716276] [ 15.716633] allocated by task 315 on cpu 0 at 15.713753s (0.002878s ago): [ 15.716931] test_alloc+0x2a6/0x10f0 [ 15.717092] test_out_of_bounds_read+0x1e2/0x4e0 [ 15.717251] kunit_try_run_case+0x1a5/0x480 [ 15.717403] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.717648] kthread+0x337/0x6f0 [ 15.717860] ret_from_fork+0x116/0x1d0 [ 15.718033] ret_from_fork_asm+0x1a/0x30 [ 15.718168] [ 15.718297] CPU: 0 UID: 0 PID: 315 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.718775] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.718949] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.719300] ================================================================== [ 15.505934] ================================================================== [ 15.506401] BUG: KFENCE: out-of-bounds read in test_out_of_bounds_read+0x216/0x4e0 [ 15.506401] [ 15.506812] Out-of-bounds read at 0x(____ptrval____) (32B right of kfence-#64): [ 15.507110] test_out_of_bounds_read+0x216/0x4e0 [ 15.507347] kunit_try_run_case+0x1a5/0x480 [ 15.507512] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.507759] kthread+0x337/0x6f0 [ 15.507881] ret_from_fork+0x116/0x1d0 [ 15.508056] ret_from_fork_asm+0x1a/0x30 [ 15.508258] [ 15.508407] kfence-#64: 0x(____ptrval____)-0x(____ptrval____), size=32, cache=kmalloc-32 [ 15.508407] [ 15.508698] allocated by task 313 on cpu 0 at 15.505757s (0.002938s ago): [ 15.509002] test_alloc+0x364/0x10f0 [ 15.509176] test_out_of_bounds_read+0x1e2/0x4e0 [ 15.509389] kunit_try_run_case+0x1a5/0x480 [ 15.509531] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.509729] kthread+0x337/0x6f0 [ 15.509901] ret_from_fork+0x116/0x1d0 [ 15.510083] ret_from_fork_asm+0x1a/0x30 [ 15.510362] [ 15.510451] CPU: 0 UID: 0 PID: 313 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.510882] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.511078] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.511446] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-drm_encoder_cleanup
[ 146.061522] ================================================================== [ 146.062389] BUG: KASAN: slab-use-after-free in drm_encoder_cleanup+0x265/0x270 [ 146.063042] Read of size 8 at addr ffff88810a109c70 by task kunit_try_catch/1605 [ 146.063615] [ 146.063720] CPU: 0 UID: 0 PID: 1605 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 146.063767] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 146.063780] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 146.063798] Call Trace: [ 146.063812] <TASK> [ 146.063833] dump_stack_lvl+0x73/0xb0 [ 146.063866] print_report+0xd1/0x650 [ 146.063891] ? __virt_addr_valid+0x1db/0x2d0 [ 146.063915] ? drm_encoder_cleanup+0x265/0x270 [ 146.063936] ? kasan_complete_mode_report_info+0x64/0x200 [ 146.063959] ? drm_encoder_cleanup+0x265/0x270 [ 146.063981] kasan_report+0x141/0x180 [ 146.064001] ? drm_encoder_cleanup+0x265/0x270 [ 146.064026] __asan_report_load8_noabort+0x18/0x20 [ 146.064048] drm_encoder_cleanup+0x265/0x270 [ 146.064071] drmm_encoder_alloc_release+0x36/0x60 [ 146.064092] drm_managed_release+0x15c/0x470 [ 146.064114] ? simple_release_fs+0x86/0xb0 [ 146.064159] drm_dev_put.part.0+0xa1/0x100 [ 146.064181] ? __pfx_devm_drm_dev_init_release+0x10/0x10 [ 146.064203] devm_drm_dev_init_release+0x17/0x30 [ 146.064225] devm_action_release+0x50/0x80 [ 146.064249] devres_release_all+0x186/0x240 [ 146.064271] ? __pfx_devres_release_all+0x10/0x10 [ 146.064292] ? kernfs_remove_by_name_ns+0x166/0x1d0 [ 146.064317] ? sysfs_remove_file_ns+0x56/0xa0 [ 146.064340] device_unbind_cleanup+0x1b/0x1b0 [ 146.064361] device_release_driver_internal+0x3e4/0x540 [ 146.064380] ? klist_devices_put+0x35/0x50 [ 146.064406] device_release_driver+0x16/0x20 [ 146.064426] bus_remove_device+0x1e9/0x3d0 [ 146.064446] device_del+0x397/0x980 [ 146.064468] ? __pfx_device_del+0x10/0x10 [ 146.064487] ? __kasan_check_write+0x18/0x20 [ 146.064508] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 146.064531] ? __pfx_device_unregister_wrapper+0x10/0x10 [ 146.064556] device_unregister+0x1b/0xa0 [ 146.064574] device_unregister_wrapper+0x12/0x20 [ 146.064598] __kunit_action_free+0x57/0x70 [ 146.064621] kunit_remove_resource+0x133/0x200 [ 146.064641] ? preempt_count_sub+0x50/0x80 [ 146.064664] kunit_cleanup+0x7a/0x120 [ 146.064687] kunit_try_run_case_cleanup+0xbd/0xf0 [ 146.064708] ? __pfx_kunit_try_run_case_cleanup+0x10/0x10 [ 146.064730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.064749] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 146.064769] kthread+0x337/0x6f0 [ 146.064790] ? trace_preempt_on+0x20/0xc0 [ 146.064814] ? __pfx_kthread+0x10/0x10 [ 146.064834] ? _raw_spin_unlock_irq+0x47/0x80 [ 146.064853] ? calculate_sigpending+0x7b/0xa0 [ 146.064875] ? __pfx_kthread+0x10/0x10 [ 146.064896] ret_from_fork+0x116/0x1d0 [ 146.064914] ? __pfx_kthread+0x10/0x10 [ 146.064933] ret_from_fork_asm+0x1a/0x30 [ 146.064964] </TASK> [ 146.064975] [ 146.082463] Allocated by task 1604: [ 146.082797] kasan_save_stack+0x45/0x70 [ 146.083167] kasan_save_track+0x18/0x40 [ 146.083492] kasan_save_alloc_info+0x3b/0x50 [ 146.083869] __kasan_kmalloc+0xb7/0xc0 [ 146.084302] __kmalloc_noprof+0x1c9/0x500 [ 146.084607] __devm_drm_bridge_alloc+0x33/0x170 [ 146.084756] drm_test_bridge_init+0x188/0x5c0 [ 146.084900] drm_test_drm_bridge_get_current_state_atomic+0xea/0x870 [ 146.085087] kunit_try_run_case+0x1a5/0x480 [ 146.085455] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.086026] kthread+0x337/0x6f0 [ 146.086355] ret_from_fork+0x116/0x1d0 [ 146.086701] ret_from_fork_asm+0x1a/0x30 [ 146.087046] [ 146.087206] Freed by task 1605: [ 146.087511] kasan_save_stack+0x45/0x70 [ 146.087946] kasan_save_track+0x18/0x40 [ 146.088223] kasan_save_free_info+0x3f/0x60 [ 146.088382] __kasan_slab_free+0x56/0x70 [ 146.088511] kfree+0x222/0x3f0 [ 146.088627] drm_bridge_put.part.0+0xc7/0x100 [ 146.088766] drm_bridge_put_void+0x17/0x30 [ 146.088899] devm_action_release+0x50/0x80 [ 146.089031] devres_release_all+0x186/0x240 [ 146.089202] device_unbind_cleanup+0x1b/0x1b0 [ 146.089403] device_release_driver_internal+0x3e4/0x540 [ 146.089592] device_release_driver+0x16/0x20 [ 146.089792] bus_remove_device+0x1e9/0x3d0 [ 146.089961] device_del+0x397/0x980 [ 146.090123] device_unregister+0x1b/0xa0 [ 146.090295] device_unregister_wrapper+0x12/0x20 [ 146.090479] __kunit_action_free+0x57/0x70 [ 146.090612] kunit_remove_resource+0x133/0x200 [ 146.090755] kunit_cleanup+0x7a/0x120 [ 146.090932] kunit_try_run_case_cleanup+0xbd/0xf0 [ 146.091138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 146.091461] kthread+0x337/0x6f0 [ 146.091618] ret_from_fork+0x116/0x1d0 [ 146.091742] ret_from_fork_asm+0x1a/0x30 [ 146.091875] [ 146.091941] The buggy address belongs to the object at ffff88810a109c00 [ 146.091941] which belongs to the cache kmalloc-512 of size 512 [ 146.092491] The buggy address is located 112 bytes inside of [ 146.092491] freed 512-byte region [ffff88810a109c00, ffff88810a109e00) [ 146.093274] [ 146.093356] The buggy address belongs to the physical page: [ 146.093526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10a108 [ 146.093870] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 146.094755] flags: 0x200000000000040(head|node=0|zone=2) [ 146.094969] page_type: f5(slab) [ 146.095214] raw: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 146.095674] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 146.095994] head: 0200000000000040 ffff888100041c80 dead000000000122 0000000000000000 [ 146.096486] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 146.096868] head: 0200000000000002 ffffea0004284201 00000000ffffffff 00000000ffffffff [ 146.097157] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 146.097532] page dumped because: kasan: bad access detected [ 146.097781] [ 146.097861] Memory state around the buggy address: [ 146.098069] ffff88810a109b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 146.098710] ffff88810a109b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 146.098990] >ffff88810a109c00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.099501] ^ [ 146.099769] ffff88810a109c80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.100162] ffff88810a109d00: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 146.100517] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-strncpy_from_user
[ 15.123927] ================================================================== [ 15.124278] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x1a5/0x1d0 [ 15.124835] Write of size 1 at addr ffff888101addf78 by task kunit_try_catch/311 [ 15.125125] [ 15.125226] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.125273] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.125286] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.125308] Call Trace: [ 15.125322] <TASK> [ 15.125337] dump_stack_lvl+0x73/0xb0 [ 15.125363] print_report+0xd1/0x650 [ 15.125385] ? __virt_addr_valid+0x1db/0x2d0 [ 15.125407] ? strncpy_from_user+0x1a5/0x1d0 [ 15.125431] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.125458] ? strncpy_from_user+0x1a5/0x1d0 [ 15.125481] kasan_report+0x141/0x180 [ 15.125503] ? strncpy_from_user+0x1a5/0x1d0 [ 15.125531] __asan_report_store1_noabort+0x1b/0x30 [ 15.125556] strncpy_from_user+0x1a5/0x1d0 [ 15.125581] copy_user_test_oob+0x760/0x10f0 [ 15.125606] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.125628] ? finish_task_switch.isra.0+0x153/0x700 [ 15.125650] ? __switch_to+0x47/0xf50 [ 15.125674] ? __schedule+0x10cc/0x2b60 [ 15.125694] ? __pfx_read_tsc+0x10/0x10 [ 15.125715] ? ktime_get_ts64+0x86/0x230 [ 15.125740] kunit_try_run_case+0x1a5/0x480 [ 15.125765] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.125787] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.125810] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.125833] ? __kthread_parkme+0x82/0x180 [ 15.125853] ? preempt_count_sub+0x50/0x80 [ 15.125875] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.125898] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.125921] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.125945] kthread+0x337/0x6f0 [ 15.125964] ? trace_preempt_on+0x20/0xc0 [ 15.125986] ? __pfx_kthread+0x10/0x10 [ 15.126007] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.126028] ? calculate_sigpending+0x7b/0xa0 [ 15.126051] ? __pfx_kthread+0x10/0x10 [ 15.126073] ret_from_fork+0x116/0x1d0 [ 15.126091] ? __pfx_kthread+0x10/0x10 [ 15.126112] ret_from_fork_asm+0x1a/0x30 [ 15.126141] </TASK> [ 15.126153] [ 15.133016] Allocated by task 311: [ 15.133199] kasan_save_stack+0x45/0x70 [ 15.133404] kasan_save_track+0x18/0x40 [ 15.133567] kasan_save_alloc_info+0x3b/0x50 [ 15.133769] __kasan_kmalloc+0xb7/0xc0 [ 15.133942] __kmalloc_noprof+0x1c9/0x500 [ 15.134100] kunit_kmalloc_array+0x25/0x60 [ 15.134322] copy_user_test_oob+0xab/0x10f0 [ 15.134504] kunit_try_run_case+0x1a5/0x480 [ 15.134642] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.134885] kthread+0x337/0x6f0 [ 15.135045] ret_from_fork+0x116/0x1d0 [ 15.135214] ret_from_fork_asm+0x1a/0x30 [ 15.135396] [ 15.135491] The buggy address belongs to the object at ffff888101addf00 [ 15.135491] which belongs to the cache kmalloc-128 of size 128 [ 15.135934] The buggy address is located 0 bytes to the right of [ 15.135934] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.136565] [ 15.136633] The buggy address belongs to the physical page: [ 15.136854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.137086] flags: 0x200000000000000(node=0|zone=2) [ 15.137250] page_type: f5(slab) [ 15.137364] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.137589] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.137816] page dumped because: kasan: bad access detected [ 15.138055] [ 15.138139] Memory state around the buggy address: [ 15.138360] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.138665] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.138968] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.139418] ^ [ 15.139665] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.139875] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.140082] ================================================================== [ 15.106567] ================================================================== [ 15.106823] BUG: KASAN: slab-out-of-bounds in strncpy_from_user+0x2e/0x1d0 [ 15.107409] Write of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.107788] [ 15.107886] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.107947] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.107960] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.107982] Call Trace: [ 15.107999] <TASK> [ 15.108015] dump_stack_lvl+0x73/0xb0 [ 15.108041] print_report+0xd1/0x650 [ 15.108063] ? __virt_addr_valid+0x1db/0x2d0 [ 15.108086] ? strncpy_from_user+0x2e/0x1d0 [ 15.108111] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.108138] ? strncpy_from_user+0x2e/0x1d0 [ 15.108161] kasan_report+0x141/0x180 [ 15.108183] ? strncpy_from_user+0x2e/0x1d0 [ 15.108222] kasan_check_range+0x10c/0x1c0 [ 15.108245] __kasan_check_write+0x18/0x20 [ 15.108268] strncpy_from_user+0x2e/0x1d0 [ 15.108294] copy_user_test_oob+0x760/0x10f0 [ 15.108319] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.108341] ? finish_task_switch.isra.0+0x153/0x700 [ 15.108363] ? __switch_to+0x47/0xf50 [ 15.108389] ? __schedule+0x10cc/0x2b60 [ 15.108410] ? __pfx_read_tsc+0x10/0x10 [ 15.108430] ? ktime_get_ts64+0x86/0x230 [ 15.108455] kunit_try_run_case+0x1a5/0x480 [ 15.108478] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.108500] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.108523] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.108545] ? __kthread_parkme+0x82/0x180 [ 15.108565] ? preempt_count_sub+0x50/0x80 [ 15.108588] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.108611] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.108634] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.108660] kthread+0x337/0x6f0 [ 15.108680] ? trace_preempt_on+0x20/0xc0 [ 15.108703] ? __pfx_kthread+0x10/0x10 [ 15.108724] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.108744] ? calculate_sigpending+0x7b/0xa0 [ 15.108768] ? __pfx_kthread+0x10/0x10 [ 15.108789] ret_from_fork+0x116/0x1d0 [ 15.108808] ? __pfx_kthread+0x10/0x10 [ 15.108829] ret_from_fork_asm+0x1a/0x30 [ 15.108858] </TASK> [ 15.108870] [ 15.115837] Allocated by task 311: [ 15.116103] kasan_save_stack+0x45/0x70 [ 15.116456] kasan_save_track+0x18/0x40 [ 15.116635] kasan_save_alloc_info+0x3b/0x50 [ 15.116782] __kasan_kmalloc+0xb7/0xc0 [ 15.116908] __kmalloc_noprof+0x1c9/0x500 [ 15.117041] kunit_kmalloc_array+0x25/0x60 [ 15.117232] copy_user_test_oob+0xab/0x10f0 [ 15.117434] kunit_try_run_case+0x1a5/0x480 [ 15.117636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.117879] kthread+0x337/0x6f0 [ 15.118041] ret_from_fork+0x116/0x1d0 [ 15.118198] ret_from_fork_asm+0x1a/0x30 [ 15.118410] [ 15.118484] The buggy address belongs to the object at ffff888101addf00 [ 15.118484] which belongs to the cache kmalloc-128 of size 128 [ 15.118952] The buggy address is located 0 bytes inside of [ 15.118952] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.119409] [ 15.119541] The buggy address belongs to the physical page: [ 15.119746] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.119980] flags: 0x200000000000000(node=0|zone=2) [ 15.120136] page_type: f5(slab) [ 15.120260] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.120545] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.120870] page dumped because: kasan: bad access detected [ 15.121110] [ 15.121195] Memory state around the buggy address: [ 15.121563] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.121855] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.122066] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.122542] ^ [ 15.122848] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.123118] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.123439] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_user_test_oob
[ 15.085963] ================================================================== [ 15.086530] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x604/0x10f0 [ 15.086892] Read of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.087289] [ 15.087378] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.087424] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.087437] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.087458] Call Trace: [ 15.087474] <TASK> [ 15.087489] dump_stack_lvl+0x73/0xb0 [ 15.087516] print_report+0xd1/0x650 [ 15.087537] ? __virt_addr_valid+0x1db/0x2d0 [ 15.087559] ? copy_user_test_oob+0x604/0x10f0 [ 15.087582] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.087607] ? copy_user_test_oob+0x604/0x10f0 [ 15.087631] kasan_report+0x141/0x180 [ 15.087652] ? copy_user_test_oob+0x604/0x10f0 [ 15.087679] kasan_check_range+0x10c/0x1c0 [ 15.087703] __kasan_check_read+0x15/0x20 [ 15.087726] copy_user_test_oob+0x604/0x10f0 [ 15.087750] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.087773] ? finish_task_switch.isra.0+0x153/0x700 [ 15.087796] ? __switch_to+0x47/0xf50 [ 15.087820] ? __schedule+0x10cc/0x2b60 [ 15.087842] ? __pfx_read_tsc+0x10/0x10 [ 15.087862] ? ktime_get_ts64+0x86/0x230 [ 15.087887] kunit_try_run_case+0x1a5/0x480 [ 15.087911] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.087933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.087956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.088002] ? __kthread_parkme+0x82/0x180 [ 15.088023] ? preempt_count_sub+0x50/0x80 [ 15.088047] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.088069] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.088092] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.088115] kthread+0x337/0x6f0 [ 15.088135] ? trace_preempt_on+0x20/0xc0 [ 15.088158] ? __pfx_kthread+0x10/0x10 [ 15.088179] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.088199] ? calculate_sigpending+0x7b/0xa0 [ 15.088233] ? __pfx_kthread+0x10/0x10 [ 15.088254] ret_from_fork+0x116/0x1d0 [ 15.088273] ? __pfx_kthread+0x10/0x10 [ 15.088293] ret_from_fork_asm+0x1a/0x30 [ 15.088323] </TASK> [ 15.088336] [ 15.095482] Allocated by task 311: [ 15.095606] kasan_save_stack+0x45/0x70 [ 15.095742] kasan_save_track+0x18/0x40 [ 15.095869] kasan_save_alloc_info+0x3b/0x50 [ 15.096014] __kasan_kmalloc+0xb7/0xc0 [ 15.096173] __kmalloc_noprof+0x1c9/0x500 [ 15.096349] kunit_kmalloc_array+0x25/0x60 [ 15.096527] copy_user_test_oob+0xab/0x10f0 [ 15.096713] kunit_try_run_case+0x1a5/0x480 [ 15.096906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.097124] kthread+0x337/0x6f0 [ 15.098183] ret_from_fork+0x116/0x1d0 [ 15.098552] ret_from_fork_asm+0x1a/0x30 [ 15.098694] [ 15.098760] The buggy address belongs to the object at ffff888101addf00 [ 15.098760] which belongs to the cache kmalloc-128 of size 128 [ 15.099116] The buggy address is located 0 bytes inside of [ 15.099116] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.099982] [ 15.100194] The buggy address belongs to the physical page: [ 15.100611] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.101117] flags: 0x200000000000000(node=0|zone=2) [ 15.101478] page_type: f5(slab) [ 15.101636] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.101940] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.102456] page dumped because: kasan: bad access detected [ 15.102928] [ 15.103028] Memory state around the buggy address: [ 15.103487] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.103902] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.104379] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.104823] ^ [ 15.105265] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.105561] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.105846] ================================================================== [ 15.033505] ================================================================== [ 15.033805] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x3fd/0x10f0 [ 15.034105] Write of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.034527] [ 15.034625] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.034692] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.034706] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.034729] Call Trace: [ 15.034742] <TASK> [ 15.034758] dump_stack_lvl+0x73/0xb0 [ 15.034786] print_report+0xd1/0x650 [ 15.034808] ? __virt_addr_valid+0x1db/0x2d0 [ 15.034830] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.034853] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.034899] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.034922] kasan_report+0x141/0x180 [ 15.034944] ? copy_user_test_oob+0x3fd/0x10f0 [ 15.034971] kasan_check_range+0x10c/0x1c0 [ 15.035012] __kasan_check_write+0x18/0x20 [ 15.035034] copy_user_test_oob+0x3fd/0x10f0 [ 15.035059] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.035082] ? finish_task_switch.isra.0+0x153/0x700 [ 15.035104] ? __switch_to+0x47/0xf50 [ 15.035130] ? __schedule+0x10cc/0x2b60 [ 15.035151] ? __pfx_read_tsc+0x10/0x10 [ 15.035171] ? ktime_get_ts64+0x86/0x230 [ 15.035196] kunit_try_run_case+0x1a5/0x480 [ 15.035248] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.035270] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.035293] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.035317] ? __kthread_parkme+0x82/0x180 [ 15.035337] ? preempt_count_sub+0x50/0x80 [ 15.035361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.035385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.035407] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.035430] kthread+0x337/0x6f0 [ 15.035449] ? trace_preempt_on+0x20/0xc0 [ 15.035473] ? __pfx_kthread+0x10/0x10 [ 15.035494] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.035514] ? calculate_sigpending+0x7b/0xa0 [ 15.035538] ? __pfx_kthread+0x10/0x10 [ 15.035561] ret_from_fork+0x116/0x1d0 [ 15.035579] ? __pfx_kthread+0x10/0x10 [ 15.035600] ret_from_fork_asm+0x1a/0x30 [ 15.035629] </TASK> [ 15.035640] [ 15.042959] Allocated by task 311: [ 15.043081] kasan_save_stack+0x45/0x70 [ 15.043236] kasan_save_track+0x18/0x40 [ 15.043468] kasan_save_alloc_info+0x3b/0x50 [ 15.043696] __kasan_kmalloc+0xb7/0xc0 [ 15.043899] __kmalloc_noprof+0x1c9/0x500 [ 15.044086] kunit_kmalloc_array+0x25/0x60 [ 15.044289] copy_user_test_oob+0xab/0x10f0 [ 15.044496] kunit_try_run_case+0x1a5/0x480 [ 15.044707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.045017] kthread+0x337/0x6f0 [ 15.045179] ret_from_fork+0x116/0x1d0 [ 15.045373] ret_from_fork_asm+0x1a/0x30 [ 15.045555] [ 15.045631] The buggy address belongs to the object at ffff888101addf00 [ 15.045631] which belongs to the cache kmalloc-128 of size 128 [ 15.046116] The buggy address is located 0 bytes inside of [ 15.046116] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.046540] [ 15.046608] The buggy address belongs to the physical page: [ 15.046777] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.047110] flags: 0x200000000000000(node=0|zone=2) [ 15.047347] page_type: f5(slab) [ 15.047515] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.047788] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.048009] page dumped because: kasan: bad access detected [ 15.048238] [ 15.048326] Memory state around the buggy address: [ 15.048541] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.048896] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.049245] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.049544] ^ [ 15.049787] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.050090] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.050423] ================================================================== [ 15.050888] ================================================================== [ 15.051236] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x4aa/0x10f0 [ 15.051829] Read of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.052144] [ 15.052231] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.052277] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.052290] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.052312] Call Trace: [ 15.052327] <TASK> [ 15.052341] dump_stack_lvl+0x73/0xb0 [ 15.052368] print_report+0xd1/0x650 [ 15.052390] ? __virt_addr_valid+0x1db/0x2d0 [ 15.052413] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.052435] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.052461] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.052485] kasan_report+0x141/0x180 [ 15.052506] ? copy_user_test_oob+0x4aa/0x10f0 [ 15.052534] kasan_check_range+0x10c/0x1c0 [ 15.052557] __kasan_check_read+0x15/0x20 [ 15.052581] copy_user_test_oob+0x4aa/0x10f0 [ 15.052606] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.052656] ? finish_task_switch.isra.0+0x153/0x700 [ 15.052679] ? __switch_to+0x47/0xf50 [ 15.052703] ? __schedule+0x10cc/0x2b60 [ 15.052724] ? __pfx_read_tsc+0x10/0x10 [ 15.052745] ? ktime_get_ts64+0x86/0x230 [ 15.052769] kunit_try_run_case+0x1a5/0x480 [ 15.052792] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.052815] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.052837] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.052859] ? __kthread_parkme+0x82/0x180 [ 15.052880] ? preempt_count_sub+0x50/0x80 [ 15.052902] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.052926] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.052948] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.052971] kthread+0x337/0x6f0 [ 15.052990] ? trace_preempt_on+0x20/0xc0 [ 15.053013] ? __pfx_kthread+0x10/0x10 [ 15.053034] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.053055] ? calculate_sigpending+0x7b/0xa0 [ 15.053078] ? __pfx_kthread+0x10/0x10 [ 15.053099] ret_from_fork+0x116/0x1d0 [ 15.053118] ? __pfx_kthread+0x10/0x10 [ 15.053138] ret_from_fork_asm+0x1a/0x30 [ 15.053167] </TASK> [ 15.053179] [ 15.060116] Allocated by task 311: [ 15.060404] kasan_save_stack+0x45/0x70 [ 15.060596] kasan_save_track+0x18/0x40 [ 15.060803] kasan_save_alloc_info+0x3b/0x50 [ 15.061005] __kasan_kmalloc+0xb7/0xc0 [ 15.061145] __kmalloc_noprof+0x1c9/0x500 [ 15.061340] kunit_kmalloc_array+0x25/0x60 [ 15.061478] copy_user_test_oob+0xab/0x10f0 [ 15.061832] kunit_try_run_case+0x1a5/0x480 [ 15.061999] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.062165] kthread+0x337/0x6f0 [ 15.062415] ret_from_fork+0x116/0x1d0 [ 15.062600] ret_from_fork_asm+0x1a/0x30 [ 15.062783] [ 15.062847] The buggy address belongs to the object at ffff888101addf00 [ 15.062847] which belongs to the cache kmalloc-128 of size 128 [ 15.063414] The buggy address is located 0 bytes inside of [ 15.063414] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.063894] [ 15.063959] The buggy address belongs to the physical page: [ 15.064128] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.064372] flags: 0x200000000000000(node=0|zone=2) [ 15.064563] page_type: f5(slab) [ 15.064725] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.065110] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.065452] page dumped because: kasan: bad access detected [ 15.065755] [ 15.065843] Memory state around the buggy address: [ 15.066078] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.066418] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.066676] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.066885] ^ [ 15.067136] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.067690] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.067979] ================================================================== [ 15.068539] ================================================================== [ 15.068869] BUG: KASAN: slab-out-of-bounds in copy_user_test_oob+0x557/0x10f0 [ 15.069145] Write of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.069501] [ 15.069586] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.069633] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.069646] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.069669] Call Trace: [ 15.069682] <TASK> [ 15.069696] dump_stack_lvl+0x73/0xb0 [ 15.069762] print_report+0xd1/0x650 [ 15.069785] ? __virt_addr_valid+0x1db/0x2d0 [ 15.069807] ? copy_user_test_oob+0x557/0x10f0 [ 15.069831] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.069857] ? copy_user_test_oob+0x557/0x10f0 [ 15.069881] kasan_report+0x141/0x180 [ 15.069903] ? copy_user_test_oob+0x557/0x10f0 [ 15.069930] kasan_check_range+0x10c/0x1c0 [ 15.069954] __kasan_check_write+0x18/0x20 [ 15.069977] copy_user_test_oob+0x557/0x10f0 [ 15.070002] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.070025] ? finish_task_switch.isra.0+0x153/0x700 [ 15.070047] ? __switch_to+0x47/0xf50 [ 15.070071] ? __schedule+0x10cc/0x2b60 [ 15.070092] ? __pfx_read_tsc+0x10/0x10 [ 15.070113] ? ktime_get_ts64+0x86/0x230 [ 15.070138] kunit_try_run_case+0x1a5/0x480 [ 15.070160] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.070183] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.070217] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.070240] ? __kthread_parkme+0x82/0x180 [ 15.070261] ? preempt_count_sub+0x50/0x80 [ 15.070284] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.070307] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.070329] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.070372] kthread+0x337/0x6f0 [ 15.070391] ? trace_preempt_on+0x20/0xc0 [ 15.070415] ? __pfx_kthread+0x10/0x10 [ 15.070436] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.070456] ? calculate_sigpending+0x7b/0xa0 [ 15.070480] ? __pfx_kthread+0x10/0x10 [ 15.070501] ret_from_fork+0x116/0x1d0 [ 15.070538] ? __pfx_kthread+0x10/0x10 [ 15.070559] ret_from_fork_asm+0x1a/0x30 [ 15.070589] </TASK> [ 15.070599] [ 15.077779] Allocated by task 311: [ 15.077949] kasan_save_stack+0x45/0x70 [ 15.078132] kasan_save_track+0x18/0x40 [ 15.078269] kasan_save_alloc_info+0x3b/0x50 [ 15.078410] __kasan_kmalloc+0xb7/0xc0 [ 15.078535] __kmalloc_noprof+0x1c9/0x500 [ 15.078930] kunit_kmalloc_array+0x25/0x60 [ 15.079124] copy_user_test_oob+0xab/0x10f0 [ 15.079556] kunit_try_run_case+0x1a5/0x480 [ 15.079738] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.079963] kthread+0x337/0x6f0 [ 15.080115] ret_from_fork+0x116/0x1d0 [ 15.080263] ret_from_fork_asm+0x1a/0x30 [ 15.080466] [ 15.080544] The buggy address belongs to the object at ffff888101addf00 [ 15.080544] which belongs to the cache kmalloc-128 of size 128 [ 15.081016] The buggy address is located 0 bytes inside of [ 15.081016] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.081547] [ 15.081640] The buggy address belongs to the physical page: [ 15.081867] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.082192] flags: 0x200000000000000(node=0|zone=2) [ 15.082389] page_type: f5(slab) [ 15.082504] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.082729] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.082948] page dumped because: kasan: bad access detected [ 15.083200] [ 15.083295] Memory state around the buggy address: [ 15.083510] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.083814] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.084329] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.084533] ^ [ 15.084739] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.084945] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.085343] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_to_user
[ 15.012314] ================================================================== [ 15.012683] BUG: KASAN: slab-out-of-bounds in _copy_to_user+0x3c/0x70 [ 15.012982] Read of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 15.013289] [ 15.013400] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 15.013447] Tainted: [B]=BAD_PAGE, [N]=TEST [ 15.013460] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 15.013484] Call Trace: [ 15.013499] <TASK> [ 15.013515] dump_stack_lvl+0x73/0xb0 [ 15.013562] print_report+0xd1/0x650 [ 15.013585] ? __virt_addr_valid+0x1db/0x2d0 [ 15.013607] ? _copy_to_user+0x3c/0x70 [ 15.013630] ? kasan_complete_mode_report_info+0x2a/0x200 [ 15.013658] ? _copy_to_user+0x3c/0x70 [ 15.013680] kasan_report+0x141/0x180 [ 15.013701] ? _copy_to_user+0x3c/0x70 [ 15.013728] kasan_check_range+0x10c/0x1c0 [ 15.013751] __kasan_check_read+0x15/0x20 [ 15.013775] _copy_to_user+0x3c/0x70 [ 15.013797] copy_user_test_oob+0x364/0x10f0 [ 15.013822] ? __pfx_copy_user_test_oob+0x10/0x10 [ 15.013845] ? finish_task_switch.isra.0+0x153/0x700 [ 15.013868] ? __switch_to+0x47/0xf50 [ 15.013895] ? __schedule+0x10cc/0x2b60 [ 15.013938] ? __pfx_read_tsc+0x10/0x10 [ 15.013959] ? ktime_get_ts64+0x86/0x230 [ 15.013985] kunit_try_run_case+0x1a5/0x480 [ 15.014009] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.014030] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 15.014055] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 15.014078] ? __kthread_parkme+0x82/0x180 [ 15.014098] ? preempt_count_sub+0x50/0x80 [ 15.014122] ? __pfx_kunit_try_run_case+0x10/0x10 [ 15.014145] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.014168] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 15.014192] kthread+0x337/0x6f0 [ 15.014221] ? trace_preempt_on+0x20/0xc0 [ 15.014245] ? __pfx_kthread+0x10/0x10 [ 15.014265] ? _raw_spin_unlock_irq+0x47/0x80 [ 15.014287] ? calculate_sigpending+0x7b/0xa0 [ 15.014310] ? __pfx_kthread+0x10/0x10 [ 15.014331] ret_from_fork+0x116/0x1d0 [ 15.014350] ? __pfx_kthread+0x10/0x10 [ 15.014370] ret_from_fork_asm+0x1a/0x30 [ 15.014400] </TASK> [ 15.014412] [ 15.021410] Allocated by task 311: [ 15.021539] kasan_save_stack+0x45/0x70 [ 15.021727] kasan_save_track+0x18/0x40 [ 15.021909] kasan_save_alloc_info+0x3b/0x50 [ 15.022128] __kasan_kmalloc+0xb7/0xc0 [ 15.022297] __kmalloc_noprof+0x1c9/0x500 [ 15.022431] kunit_kmalloc_array+0x25/0x60 [ 15.022658] copy_user_test_oob+0xab/0x10f0 [ 15.022859] kunit_try_run_case+0x1a5/0x480 [ 15.023055] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.023313] kthread+0x337/0x6f0 [ 15.023492] ret_from_fork+0x116/0x1d0 [ 15.023642] ret_from_fork_asm+0x1a/0x30 [ 15.023840] [ 15.023930] The buggy address belongs to the object at ffff888101addf00 [ 15.023930] which belongs to the cache kmalloc-128 of size 128 [ 15.024413] The buggy address is located 0 bytes inside of [ 15.024413] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.024772] [ 15.024837] The buggy address belongs to the physical page: [ 15.025093] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.025440] flags: 0x200000000000000(node=0|zone=2) [ 15.025851] page_type: f5(slab) [ 15.026006] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.026332] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.026561] page dumped because: kasan: bad access detected [ 15.026720] [ 15.026783] Memory state around the buggy address: [ 15.026926] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.027246] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.027578] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.027908] ^ [ 15.028251] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.028517] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.028769] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-_copy_from_user
[ 14.985395] ================================================================== [ 14.986802] BUG: KASAN: slab-out-of-bounds in _copy_from_user+0x32/0x90 [ 14.987050] Write of size 121 at addr ffff888101addf00 by task kunit_try_catch/311 [ 14.987503] [ 14.987760] CPU: 0 UID: 0 PID: 311 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.987820] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.987834] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.987860] Call Trace: [ 14.987876] <TASK> [ 14.987897] dump_stack_lvl+0x73/0xb0 [ 14.987929] print_report+0xd1/0x650 [ 14.987953] ? __virt_addr_valid+0x1db/0x2d0 [ 14.987979] ? _copy_from_user+0x32/0x90 [ 14.988001] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.988029] ? _copy_from_user+0x32/0x90 [ 14.988052] kasan_report+0x141/0x180 [ 14.988074] ? _copy_from_user+0x32/0x90 [ 14.988101] kasan_check_range+0x10c/0x1c0 [ 14.988125] __kasan_check_write+0x18/0x20 [ 14.988148] _copy_from_user+0x32/0x90 [ 14.988172] copy_user_test_oob+0x2be/0x10f0 [ 14.988198] ? __pfx_copy_user_test_oob+0x10/0x10 [ 14.988237] ? finish_task_switch.isra.0+0x153/0x700 [ 14.988261] ? __switch_to+0x47/0xf50 [ 14.988289] ? __schedule+0x10cc/0x2b60 [ 14.988351] ? __pfx_read_tsc+0x10/0x10 [ 14.988373] ? ktime_get_ts64+0x86/0x230 [ 14.988448] kunit_try_run_case+0x1a5/0x480 [ 14.988473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.988494] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.988516] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.988540] ? __kthread_parkme+0x82/0x180 [ 14.988560] ? preempt_count_sub+0x50/0x80 [ 14.988583] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.988606] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.988629] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.988656] kthread+0x337/0x6f0 [ 14.988676] ? trace_preempt_on+0x20/0xc0 [ 14.988700] ? __pfx_kthread+0x10/0x10 [ 14.988722] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.988743] ? calculate_sigpending+0x7b/0xa0 [ 14.988769] ? __pfx_kthread+0x10/0x10 [ 14.988791] ret_from_fork+0x116/0x1d0 [ 14.988809] ? __pfx_kthread+0x10/0x10 [ 14.988830] ret_from_fork_asm+0x1a/0x30 [ 14.988860] </TASK> [ 14.988872] [ 14.999352] Allocated by task 311: [ 14.999474] kasan_save_stack+0x45/0x70 [ 14.999607] kasan_save_track+0x18/0x40 [ 14.999730] kasan_save_alloc_info+0x3b/0x50 [ 14.999963] __kasan_kmalloc+0xb7/0xc0 [ 15.000165] __kmalloc_noprof+0x1c9/0x500 [ 15.000369] kunit_kmalloc_array+0x25/0x60 [ 15.000584] copy_user_test_oob+0xab/0x10f0 [ 15.000782] kunit_try_run_case+0x1a5/0x480 [ 15.000988] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 15.001223] kthread+0x337/0x6f0 [ 15.001384] ret_from_fork+0x116/0x1d0 [ 15.001560] ret_from_fork_asm+0x1a/0x30 [ 15.001707] [ 15.001772] The buggy address belongs to the object at ffff888101addf00 [ 15.001772] which belongs to the cache kmalloc-128 of size 128 [ 15.002181] The buggy address is located 0 bytes inside of [ 15.002181] allocated 120-byte region [ffff888101addf00, ffff888101addf78) [ 15.002810] [ 15.002876] The buggy address belongs to the physical page: [ 15.003039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 15.003447] flags: 0x200000000000000(node=0|zone=2) [ 15.003682] page_type: f5(slab) [ 15.003861] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 15.004246] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 15.004558] page dumped because: kasan: bad access detected [ 15.004728] [ 15.004795] Memory state around the buggy address: [ 15.004970] ffff888101adde00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.005778] ffff888101adde80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.006439] >ffff888101addf00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 15.007013] ^ [ 15.007767] ffff888101addf80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 15.008424] ffff888101ade000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 15.008955] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-copy_to_kernel_nofault
[ 14.950619] ================================================================== [ 14.950895] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x99/0x260 [ 14.951233] Write of size 8 at addr ffff8881038fb878 by task kunit_try_catch/307 [ 14.951652] [ 14.951745] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.951791] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.951805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.951826] Call Trace: [ 14.951839] <TASK> [ 14.951855] dump_stack_lvl+0x73/0xb0 [ 14.951880] print_report+0xd1/0x650 [ 14.951902] ? __virt_addr_valid+0x1db/0x2d0 [ 14.951924] ? copy_to_kernel_nofault+0x99/0x260 [ 14.951946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.951972] ? copy_to_kernel_nofault+0x99/0x260 [ 14.951995] kasan_report+0x141/0x180 [ 14.952017] ? copy_to_kernel_nofault+0x99/0x260 [ 14.952045] kasan_check_range+0x10c/0x1c0 [ 14.952068] __kasan_check_write+0x18/0x20 [ 14.952091] copy_to_kernel_nofault+0x99/0x260 [ 14.952115] copy_to_kernel_nofault_oob+0x288/0x560 [ 14.952138] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.952161] ? finish_task_switch.isra.0+0x153/0x700 [ 14.952184] ? __schedule+0x10cc/0x2b60 [ 14.952214] ? trace_hardirqs_on+0x37/0xe0 [ 14.952245] ? __pfx_read_tsc+0x10/0x10 [ 14.952265] ? ktime_get_ts64+0x86/0x230 [ 14.952290] kunit_try_run_case+0x1a5/0x480 [ 14.952313] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.952335] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.952356] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.952379] ? __kthread_parkme+0x82/0x180 [ 14.952398] ? preempt_count_sub+0x50/0x80 [ 14.952421] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.952444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.952467] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.952490] kthread+0x337/0x6f0 [ 14.952510] ? trace_preempt_on+0x20/0xc0 [ 14.952531] ? __pfx_kthread+0x10/0x10 [ 14.952552] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.952572] ? calculate_sigpending+0x7b/0xa0 [ 14.952595] ? __pfx_kthread+0x10/0x10 [ 14.952617] ret_from_fork+0x116/0x1d0 [ 14.952635] ? __pfx_kthread+0x10/0x10 [ 14.952660] ret_from_fork_asm+0x1a/0x30 [ 14.952689] </TASK> [ 14.952700] [ 14.959960] Allocated by task 307: [ 14.960080] kasan_save_stack+0x45/0x70 [ 14.960276] kasan_save_track+0x18/0x40 [ 14.960461] kasan_save_alloc_info+0x3b/0x50 [ 14.960775] __kasan_kmalloc+0xb7/0xc0 [ 14.960953] __kmalloc_cache_noprof+0x189/0x420 [ 14.961147] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.961335] kunit_try_run_case+0x1a5/0x480 [ 14.961482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.961766] kthread+0x337/0x6f0 [ 14.962059] ret_from_fork+0x116/0x1d0 [ 14.962268] ret_from_fork_asm+0x1a/0x30 [ 14.962503] [ 14.962656] The buggy address belongs to the object at ffff8881038fb800 [ 14.962656] which belongs to the cache kmalloc-128 of size 128 [ 14.963156] The buggy address is located 0 bytes to the right of [ 14.963156] allocated 120-byte region [ffff8881038fb800, ffff8881038fb878) [ 14.963768] [ 14.963840] The buggy address belongs to the physical page: [ 14.964005] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fb [ 14.964341] flags: 0x200000000000000(node=0|zone=2) [ 14.964675] page_type: f5(slab) [ 14.965003] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.965276] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.965520] page dumped because: kasan: bad access detected [ 14.967572] [ 14.967676] Memory state around the buggy address: [ 14.967852] ffff8881038fb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.968066] ffff8881038fb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.968462] >ffff8881038fb800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.968685] ^ [ 14.968894] ffff8881038fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.969156] ffff8881038fb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.969407] ================================================================== [ 14.923668] ================================================================== [ 14.924907] BUG: KASAN: slab-out-of-bounds in copy_to_kernel_nofault+0x225/0x260 [ 14.925625] Read of size 8 at addr ffff8881038fb878 by task kunit_try_catch/307 [ 14.926250] [ 14.926563] CPU: 1 UID: 0 PID: 307 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.926627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.926641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.926665] Call Trace: [ 14.926678] <TASK> [ 14.926694] dump_stack_lvl+0x73/0xb0 [ 14.926723] print_report+0xd1/0x650 [ 14.926747] ? __virt_addr_valid+0x1db/0x2d0 [ 14.926770] ? copy_to_kernel_nofault+0x225/0x260 [ 14.926793] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.926819] ? copy_to_kernel_nofault+0x225/0x260 [ 14.926842] kasan_report+0x141/0x180 [ 14.926864] ? copy_to_kernel_nofault+0x225/0x260 [ 14.926892] __asan_report_load8_noabort+0x18/0x20 [ 14.926916] copy_to_kernel_nofault+0x225/0x260 [ 14.926941] copy_to_kernel_nofault_oob+0x1ed/0x560 [ 14.926964] ? __pfx_copy_to_kernel_nofault_oob+0x10/0x10 [ 14.926987] ? finish_task_switch.isra.0+0x153/0x700 [ 14.927010] ? __schedule+0x10cc/0x2b60 [ 14.927031] ? trace_hardirqs_on+0x37/0xe0 [ 14.927062] ? __pfx_read_tsc+0x10/0x10 [ 14.927084] ? ktime_get_ts64+0x86/0x230 [ 14.927109] kunit_try_run_case+0x1a5/0x480 [ 14.927134] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.927157] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.927179] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.927201] ? __kthread_parkme+0x82/0x180 [ 14.927235] ? preempt_count_sub+0x50/0x80 [ 14.927257] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.927280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.927303] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.927326] kthread+0x337/0x6f0 [ 14.927345] ? trace_preempt_on+0x20/0xc0 [ 14.927389] ? __pfx_kthread+0x10/0x10 [ 14.927410] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.927431] ? calculate_sigpending+0x7b/0xa0 [ 14.927455] ? __pfx_kthread+0x10/0x10 [ 14.927477] ret_from_fork+0x116/0x1d0 [ 14.927495] ? __pfx_kthread+0x10/0x10 [ 14.927516] ret_from_fork_asm+0x1a/0x30 [ 14.927547] </TASK> [ 14.927559] [ 14.939953] Allocated by task 307: [ 14.940333] kasan_save_stack+0x45/0x70 [ 14.940726] kasan_save_track+0x18/0x40 [ 14.941136] kasan_save_alloc_info+0x3b/0x50 [ 14.941558] __kasan_kmalloc+0xb7/0xc0 [ 14.941893] __kmalloc_cache_noprof+0x189/0x420 [ 14.942334] copy_to_kernel_nofault_oob+0x12f/0x560 [ 14.942791] kunit_try_run_case+0x1a5/0x480 [ 14.943129] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.943444] kthread+0x337/0x6f0 [ 14.943754] ret_from_fork+0x116/0x1d0 [ 14.944171] ret_from_fork_asm+0x1a/0x30 [ 14.944473] [ 14.944568] The buggy address belongs to the object at ffff8881038fb800 [ 14.944568] which belongs to the cache kmalloc-128 of size 128 [ 14.944922] The buggy address is located 0 bytes to the right of [ 14.944922] allocated 120-byte region [ffff8881038fb800, ffff8881038fb878) [ 14.945355] [ 14.945427] The buggy address belongs to the physical page: [ 14.945871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fb [ 14.946621] flags: 0x200000000000000(node=0|zone=2) [ 14.946875] page_type: f5(slab) [ 14.946993] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 14.947252] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 14.947474] page dumped because: kasan: bad access detected [ 14.947834] [ 14.948003] Memory state around the buggy address: [ 14.948155] ffff8881038fb700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 14.948394] ffff8881038fb780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.948688] >ffff8881038fb800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 14.949042] ^ [ 14.949384] ffff8881038fb880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.949647] ffff8881038fb900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.950001] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_atomics_helper
[ 13.810829] ================================================================== [ 13.811138] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x7c7/0x5450 [ 13.811651] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.812183] [ 13.812393] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.812444] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.812457] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.812479] Call Trace: [ 13.812589] <TASK> [ 13.812609] dump_stack_lvl+0x73/0xb0 [ 13.812640] print_report+0xd1/0x650 [ 13.812667] ? __virt_addr_valid+0x1db/0x2d0 [ 13.812690] ? kasan_atomics_helper+0x7c7/0x5450 [ 13.812712] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.812738] ? kasan_atomics_helper+0x7c7/0x5450 [ 13.812759] kasan_report+0x141/0x180 [ 13.812780] ? kasan_atomics_helper+0x7c7/0x5450 [ 13.812806] kasan_check_range+0x10c/0x1c0 [ 13.812829] __kasan_check_write+0x18/0x20 [ 13.812851] kasan_atomics_helper+0x7c7/0x5450 [ 13.812873] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.812895] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.812920] ? kasan_atomics+0x152/0x310 [ 13.812946] kasan_atomics+0x1dc/0x310 [ 13.812968] ? __pfx_kasan_atomics+0x10/0x10 [ 13.812991] ? __pfx_read_tsc+0x10/0x10 [ 13.813015] ? ktime_get_ts64+0x86/0x230 [ 13.813040] kunit_try_run_case+0x1a5/0x480 [ 13.813064] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.813086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.813108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.813130] ? __kthread_parkme+0x82/0x180 [ 13.813151] ? preempt_count_sub+0x50/0x80 [ 13.813175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.813197] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.813232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.813255] kthread+0x337/0x6f0 [ 13.813274] ? trace_preempt_on+0x20/0xc0 [ 13.813297] ? __pfx_kthread+0x10/0x10 [ 13.813320] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.813341] ? calculate_sigpending+0x7b/0xa0 [ 13.813365] ? __pfx_kthread+0x10/0x10 [ 13.813387] ret_from_fork+0x116/0x1d0 [ 13.813406] ? __pfx_kthread+0x10/0x10 [ 13.813427] ret_from_fork_asm+0x1a/0x30 [ 13.813457] </TASK> [ 13.813468] [ 13.823775] Allocated by task 291: [ 13.824099] kasan_save_stack+0x45/0x70 [ 13.824388] kasan_save_track+0x18/0x40 [ 13.824671] kasan_save_alloc_info+0x3b/0x50 [ 13.824870] __kasan_kmalloc+0xb7/0xc0 [ 13.825045] __kmalloc_cache_noprof+0x189/0x420 [ 13.825527] kasan_atomics+0x95/0x310 [ 13.825703] kunit_try_run_case+0x1a5/0x480 [ 13.826026] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.826341] kthread+0x337/0x6f0 [ 13.826614] ret_from_fork+0x116/0x1d0 [ 13.826868] ret_from_fork_asm+0x1a/0x30 [ 13.827129] [ 13.827201] The buggy address belongs to the object at ffff8881029e2200 [ 13.827201] which belongs to the cache kmalloc-64 of size 64 [ 13.827991] The buggy address is located 0 bytes to the right of [ 13.827991] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.828687] [ 13.828775] The buggy address belongs to the physical page: [ 13.829135] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.829611] flags: 0x200000000000000(node=0|zone=2) [ 13.829916] page_type: f5(slab) [ 13.830180] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.830520] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.830800] page dumped because: kasan: bad access detected [ 13.831041] [ 13.831117] Memory state around the buggy address: [ 13.831709] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.832087] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.832606] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.833033] ^ [ 13.833379] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.833770] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.834154] ================================================================== [ 14.427257] ================================================================== [ 14.427558] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x16e7/0x5450 [ 14.428021] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.428400] [ 14.428516] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.428562] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.428586] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.428607] Call Trace: [ 14.428622] <TASK> [ 14.428637] dump_stack_lvl+0x73/0xb0 [ 14.428666] print_report+0xd1/0x650 [ 14.428688] ? __virt_addr_valid+0x1db/0x2d0 [ 14.428709] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.428731] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.428756] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.428778] kasan_report+0x141/0x180 [ 14.428823] ? kasan_atomics_helper+0x16e7/0x5450 [ 14.428849] kasan_check_range+0x10c/0x1c0 [ 14.428872] __kasan_check_write+0x18/0x20 [ 14.428904] kasan_atomics_helper+0x16e7/0x5450 [ 14.428926] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.428948] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.428983] ? kasan_atomics+0x152/0x310 [ 14.429008] kasan_atomics+0x1dc/0x310 [ 14.429031] ? __pfx_kasan_atomics+0x10/0x10 [ 14.429055] ? __pfx_read_tsc+0x10/0x10 [ 14.429076] ? ktime_get_ts64+0x86/0x230 [ 14.429100] kunit_try_run_case+0x1a5/0x480 [ 14.429123] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.429145] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.429166] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.429215] ? __kthread_parkme+0x82/0x180 [ 14.429236] ? preempt_count_sub+0x50/0x80 [ 14.429260] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.429283] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.429306] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.429329] kthread+0x337/0x6f0 [ 14.429348] ? trace_preempt_on+0x20/0xc0 [ 14.429372] ? __pfx_kthread+0x10/0x10 [ 14.429393] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.429414] ? calculate_sigpending+0x7b/0xa0 [ 14.429437] ? __pfx_kthread+0x10/0x10 [ 14.429459] ret_from_fork+0x116/0x1d0 [ 14.429478] ? __pfx_kthread+0x10/0x10 [ 14.429499] ret_from_fork_asm+0x1a/0x30 [ 14.429530] </TASK> [ 14.429542] [ 14.437140] Allocated by task 291: [ 14.437318] kasan_save_stack+0x45/0x70 [ 14.437478] kasan_save_track+0x18/0x40 [ 14.437631] kasan_save_alloc_info+0x3b/0x50 [ 14.437869] __kasan_kmalloc+0xb7/0xc0 [ 14.438046] __kmalloc_cache_noprof+0x189/0x420 [ 14.438286] kasan_atomics+0x95/0x310 [ 14.438464] kunit_try_run_case+0x1a5/0x480 [ 14.438657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.438896] kthread+0x337/0x6f0 [ 14.439052] ret_from_fork+0x116/0x1d0 [ 14.439259] ret_from_fork_asm+0x1a/0x30 [ 14.439445] [ 14.439529] The buggy address belongs to the object at ffff8881029e2200 [ 14.439529] which belongs to the cache kmalloc-64 of size 64 [ 14.440003] The buggy address is located 0 bytes to the right of [ 14.440003] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.440394] [ 14.440459] The buggy address belongs to the physical page: [ 14.440623] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.440971] flags: 0x200000000000000(node=0|zone=2) [ 14.441246] page_type: f5(slab) [ 14.441407] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.441767] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.442094] page dumped because: kasan: bad access detected [ 14.442385] [ 14.442472] Memory state around the buggy address: [ 14.442676] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.442943] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.443238] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.443512] ^ [ 14.443707] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.443917] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.445973] ================================================================== [ 14.533372] ================================================================== [ 14.533803] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1a7f/0x5450 [ 14.534386] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.534686] [ 14.534830] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.534875] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.534888] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.534909] Call Trace: [ 14.534923] <TASK> [ 14.534937] dump_stack_lvl+0x73/0xb0 [ 14.534962] print_report+0xd1/0x650 [ 14.534983] ? __virt_addr_valid+0x1db/0x2d0 [ 14.535005] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.535025] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.535076] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.535098] kasan_report+0x141/0x180 [ 14.535119] ? kasan_atomics_helper+0x1a7f/0x5450 [ 14.535144] kasan_check_range+0x10c/0x1c0 [ 14.535184] __kasan_check_write+0x18/0x20 [ 14.535215] kasan_atomics_helper+0x1a7f/0x5450 [ 14.535238] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.535269] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.535293] ? kasan_atomics+0x152/0x310 [ 14.535318] kasan_atomics+0x1dc/0x310 [ 14.535351] ? __pfx_kasan_atomics+0x10/0x10 [ 14.535375] ? __pfx_read_tsc+0x10/0x10 [ 14.535395] ? ktime_get_ts64+0x86/0x230 [ 14.535420] kunit_try_run_case+0x1a5/0x480 [ 14.535442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.535464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.535485] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.535507] ? __kthread_parkme+0x82/0x180 [ 14.535527] ? preempt_count_sub+0x50/0x80 [ 14.535550] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.535573] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.535604] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.535627] kthread+0x337/0x6f0 [ 14.535647] ? trace_preempt_on+0x20/0xc0 [ 14.535679] ? __pfx_kthread+0x10/0x10 [ 14.535700] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.535720] ? calculate_sigpending+0x7b/0xa0 [ 14.535743] ? __pfx_kthread+0x10/0x10 [ 14.535765] ret_from_fork+0x116/0x1d0 [ 14.535783] ? __pfx_kthread+0x10/0x10 [ 14.535804] ret_from_fork_asm+0x1a/0x30 [ 14.535833] </TASK> [ 14.535844] [ 14.543361] Allocated by task 291: [ 14.543521] kasan_save_stack+0x45/0x70 [ 14.543714] kasan_save_track+0x18/0x40 [ 14.543864] kasan_save_alloc_info+0x3b/0x50 [ 14.544011] __kasan_kmalloc+0xb7/0xc0 [ 14.544137] __kmalloc_cache_noprof+0x189/0x420 [ 14.544313] kasan_atomics+0x95/0x310 [ 14.544439] kunit_try_run_case+0x1a5/0x480 [ 14.544577] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.544746] kthread+0x337/0x6f0 [ 14.544858] ret_from_fork+0x116/0x1d0 [ 14.545008] ret_from_fork_asm+0x1a/0x30 [ 14.545248] [ 14.545334] The buggy address belongs to the object at ffff8881029e2200 [ 14.545334] which belongs to the cache kmalloc-64 of size 64 [ 14.545842] The buggy address is located 0 bytes to the right of [ 14.545842] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.546400] [ 14.546498] The buggy address belongs to the physical page: [ 14.546752] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.547116] flags: 0x200000000000000(node=0|zone=2) [ 14.547373] page_type: f5(slab) [ 14.547553] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.547843] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.548062] page dumped because: kasan: bad access detected [ 14.548257] [ 14.548321] Memory state around the buggy address: [ 14.548469] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.548682] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.548889] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.549243] ^ [ 14.549487] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.549818] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.550158] ================================================================== [ 14.223761] ================================================================== [ 14.224004] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49e8/0x5450 [ 14.224406] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.225081] [ 14.225461] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.225510] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.225524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.225633] Call Trace: [ 14.225648] <TASK> [ 14.225663] dump_stack_lvl+0x73/0xb0 [ 14.225692] print_report+0xd1/0x650 [ 14.225714] ? __virt_addr_valid+0x1db/0x2d0 [ 14.225735] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.225757] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.225782] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.225804] kasan_report+0x141/0x180 [ 14.225825] ? kasan_atomics_helper+0x49e8/0x5450 [ 14.225850] __asan_report_load4_noabort+0x18/0x20 [ 14.225874] kasan_atomics_helper+0x49e8/0x5450 [ 14.225896] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.225918] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.225942] ? kasan_atomics+0x152/0x310 [ 14.225967] kasan_atomics+0x1dc/0x310 [ 14.225989] ? __pfx_kasan_atomics+0x10/0x10 [ 14.226013] ? __pfx_read_tsc+0x10/0x10 [ 14.226033] ? ktime_get_ts64+0x86/0x230 [ 14.226058] kunit_try_run_case+0x1a5/0x480 [ 14.226081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.226103] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.226125] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.226147] ? __kthread_parkme+0x82/0x180 [ 14.226168] ? preempt_count_sub+0x50/0x80 [ 14.226191] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.226226] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.226249] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.226271] kthread+0x337/0x6f0 [ 14.226291] ? trace_preempt_on+0x20/0xc0 [ 14.226313] ? __pfx_kthread+0x10/0x10 [ 14.226334] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.226354] ? calculate_sigpending+0x7b/0xa0 [ 14.226378] ? __pfx_kthread+0x10/0x10 [ 14.226400] ret_from_fork+0x116/0x1d0 [ 14.226419] ? __pfx_kthread+0x10/0x10 [ 14.226439] ret_from_fork_asm+0x1a/0x30 [ 14.226469] </TASK> [ 14.226480] [ 14.236472] Allocated by task 291: [ 14.236779] kasan_save_stack+0x45/0x70 [ 14.237036] kasan_save_track+0x18/0x40 [ 14.237228] kasan_save_alloc_info+0x3b/0x50 [ 14.237574] __kasan_kmalloc+0xb7/0xc0 [ 14.237743] __kmalloc_cache_noprof+0x189/0x420 [ 14.238049] kasan_atomics+0x95/0x310 [ 14.238333] kunit_try_run_case+0x1a5/0x480 [ 14.238490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.238833] kthread+0x337/0x6f0 [ 14.238969] ret_from_fork+0x116/0x1d0 [ 14.239154] ret_from_fork_asm+0x1a/0x30 [ 14.239562] [ 14.239658] The buggy address belongs to the object at ffff8881029e2200 [ 14.239658] which belongs to the cache kmalloc-64 of size 64 [ 14.240331] The buggy address is located 0 bytes to the right of [ 14.240331] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.240969] [ 14.241066] The buggy address belongs to the physical page: [ 14.241488] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.241811] flags: 0x200000000000000(node=0|zone=2) [ 14.242097] page_type: f5(slab) [ 14.242225] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.242685] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.243091] page dumped because: kasan: bad access detected [ 14.243390] [ 14.243640] Memory state around the buggy address: [ 14.243826] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.244183] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.244653] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.245020] ^ [ 14.245219] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.245716] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.246092] ================================================================== [ 13.608292] ================================================================== [ 13.608790] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b88/0x5450 [ 13.609243] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.609750] [ 13.609860] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.610135] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.610149] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.610171] Call Trace: [ 13.610182] <TASK> [ 13.610196] dump_stack_lvl+0x73/0xb0 [ 13.610238] print_report+0xd1/0x650 [ 13.610259] ? __virt_addr_valid+0x1db/0x2d0 [ 13.610280] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.610300] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.610325] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.610346] kasan_report+0x141/0x180 [ 13.610366] ? kasan_atomics_helper+0x4b88/0x5450 [ 13.610391] __asan_report_load4_noabort+0x18/0x20 [ 13.610414] kasan_atomics_helper+0x4b88/0x5450 [ 13.610435] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.610456] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.610479] ? kasan_atomics+0x152/0x310 [ 13.610504] kasan_atomics+0x1dc/0x310 [ 13.610525] ? __pfx_kasan_atomics+0x10/0x10 [ 13.610547] ? __pfx_read_tsc+0x10/0x10 [ 13.610567] ? ktime_get_ts64+0x86/0x230 [ 13.610590] kunit_try_run_case+0x1a5/0x480 [ 13.610613] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.610634] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.610656] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.610789] ? __kthread_parkme+0x82/0x180 [ 13.610810] ? preempt_count_sub+0x50/0x80 [ 13.610852] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.610876] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.610899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.610923] kthread+0x337/0x6f0 [ 13.610942] ? trace_preempt_on+0x20/0xc0 [ 13.610966] ? __pfx_kthread+0x10/0x10 [ 13.610987] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.611008] ? calculate_sigpending+0x7b/0xa0 [ 13.611032] ? __pfx_kthread+0x10/0x10 [ 13.611053] ret_from_fork+0x116/0x1d0 [ 13.611072] ? __pfx_kthread+0x10/0x10 [ 13.611095] ret_from_fork_asm+0x1a/0x30 [ 13.611126] </TASK> [ 13.611137] [ 13.619052] Allocated by task 291: [ 13.619292] kasan_save_stack+0x45/0x70 [ 13.619488] kasan_save_track+0x18/0x40 [ 13.619690] kasan_save_alloc_info+0x3b/0x50 [ 13.619928] __kasan_kmalloc+0xb7/0xc0 [ 13.620115] __kmalloc_cache_noprof+0x189/0x420 [ 13.620677] kasan_atomics+0x95/0x310 [ 13.621117] kunit_try_run_case+0x1a5/0x480 [ 13.621826] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.622062] kthread+0x337/0x6f0 [ 13.622241] ret_from_fork+0x116/0x1d0 [ 13.622421] ret_from_fork_asm+0x1a/0x30 [ 13.622594] [ 13.622673] The buggy address belongs to the object at ffff8881029e2200 [ 13.622673] which belongs to the cache kmalloc-64 of size 64 [ 13.623082] The buggy address is located 0 bytes to the right of [ 13.623082] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.623534] [ 13.623598] The buggy address belongs to the physical page: [ 13.623811] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.624157] flags: 0x200000000000000(node=0|zone=2) [ 13.624422] page_type: f5(slab) [ 13.624580] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.624815] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.625129] page dumped because: kasan: bad access detected [ 13.625406] [ 13.625492] Memory state around the buggy address: [ 13.625677] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.625921] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.626235] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.626447] ^ [ 13.626588] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.626890] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.627223] ================================================================== [ 13.747942] ================================================================== [ 13.748422] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5fe/0x5450 [ 13.748887] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.749252] [ 13.749353] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.749400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.749414] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.749437] Call Trace: [ 13.749449] <TASK> [ 13.749463] dump_stack_lvl+0x73/0xb0 [ 13.749490] print_report+0xd1/0x650 [ 13.749523] ? __virt_addr_valid+0x1db/0x2d0 [ 13.749545] ? kasan_atomics_helper+0x5fe/0x5450 [ 13.749566] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.749602] ? kasan_atomics_helper+0x5fe/0x5450 [ 13.749623] kasan_report+0x141/0x180 [ 13.749645] ? kasan_atomics_helper+0x5fe/0x5450 [ 13.749670] kasan_check_range+0x10c/0x1c0 [ 13.749702] __kasan_check_write+0x18/0x20 [ 13.749724] kasan_atomics_helper+0x5fe/0x5450 [ 13.749746] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.749778] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.749802] ? kasan_atomics+0x152/0x310 [ 13.749827] kasan_atomics+0x1dc/0x310 [ 13.749849] ? __pfx_kasan_atomics+0x10/0x10 [ 13.749872] ? __pfx_read_tsc+0x10/0x10 [ 13.749902] ? ktime_get_ts64+0x86/0x230 [ 13.749926] kunit_try_run_case+0x1a5/0x480 [ 13.749949] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.749980] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.750002] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.750024] ? __kthread_parkme+0x82/0x180 [ 13.750044] ? preempt_count_sub+0x50/0x80 [ 13.750068] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.750100] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.750123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.750146] kthread+0x337/0x6f0 [ 13.750175] ? trace_preempt_on+0x20/0xc0 [ 13.750199] ? __pfx_kthread+0x10/0x10 [ 13.750229] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.750249] ? calculate_sigpending+0x7b/0xa0 [ 13.750275] ? __pfx_kthread+0x10/0x10 [ 13.750296] ret_from_fork+0x116/0x1d0 [ 13.750315] ? __pfx_kthread+0x10/0x10 [ 13.750336] ret_from_fork_asm+0x1a/0x30 [ 13.750366] </TASK> [ 13.750377] [ 13.760344] Allocated by task 291: [ 13.760749] kasan_save_stack+0x45/0x70 [ 13.760946] kasan_save_track+0x18/0x40 [ 13.761271] kasan_save_alloc_info+0x3b/0x50 [ 13.761562] __kasan_kmalloc+0xb7/0xc0 [ 13.761709] __kmalloc_cache_noprof+0x189/0x420 [ 13.762051] kasan_atomics+0x95/0x310 [ 13.762284] kunit_try_run_case+0x1a5/0x480 [ 13.762629] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.762862] kthread+0x337/0x6f0 [ 13.763038] ret_from_fork+0x116/0x1d0 [ 13.763359] ret_from_fork_asm+0x1a/0x30 [ 13.763638] [ 13.763726] The buggy address belongs to the object at ffff8881029e2200 [ 13.763726] which belongs to the cache kmalloc-64 of size 64 [ 13.764527] The buggy address is located 0 bytes to the right of [ 13.764527] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.765128] [ 13.765224] The buggy address belongs to the physical page: [ 13.765551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.766060] flags: 0x200000000000000(node=0|zone=2) [ 13.766379] page_type: f5(slab) [ 13.766534] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.766848] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.767151] page dumped because: kasan: bad access detected [ 13.767686] [ 13.767771] Memory state around the buggy address: [ 13.768125] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.768576] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.768982] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.769248] ^ [ 13.769672] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.769973] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.770401] ================================================================== [ 14.794154] ================================================================== [ 14.794542] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x218a/0x5450 [ 14.794866] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.795196] [ 14.795304] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.795350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.795363] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.795384] Call Trace: [ 14.795410] <TASK> [ 14.795425] dump_stack_lvl+0x73/0xb0 [ 14.795451] print_report+0xd1/0x650 [ 14.795486] ? __virt_addr_valid+0x1db/0x2d0 [ 14.795510] ? kasan_atomics_helper+0x218a/0x5450 [ 14.795534] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.795561] ? kasan_atomics_helper+0x218a/0x5450 [ 14.795592] kasan_report+0x141/0x180 [ 14.795614] ? kasan_atomics_helper+0x218a/0x5450 [ 14.795652] kasan_check_range+0x10c/0x1c0 [ 14.795676] __kasan_check_write+0x18/0x20 [ 14.795699] kasan_atomics_helper+0x218a/0x5450 [ 14.795730] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.795752] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.795777] ? kasan_atomics+0x152/0x310 [ 14.795813] kasan_atomics+0x1dc/0x310 [ 14.795835] ? __pfx_kasan_atomics+0x10/0x10 [ 14.795859] ? __pfx_read_tsc+0x10/0x10 [ 14.795880] ? ktime_get_ts64+0x86/0x230 [ 14.795914] kunit_try_run_case+0x1a5/0x480 [ 14.795937] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.795969] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.795991] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.796014] ? __kthread_parkme+0x82/0x180 [ 14.796043] ? preempt_count_sub+0x50/0x80 [ 14.796067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.796091] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.796123] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.796147] kthread+0x337/0x6f0 [ 14.796192] ? trace_preempt_on+0x20/0xc0 [ 14.796223] ? __pfx_kthread+0x10/0x10 [ 14.796244] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.796275] ? calculate_sigpending+0x7b/0xa0 [ 14.796298] ? __pfx_kthread+0x10/0x10 [ 14.796321] ret_from_fork+0x116/0x1d0 [ 14.796340] ? __pfx_kthread+0x10/0x10 [ 14.796369] ret_from_fork_asm+0x1a/0x30 [ 14.796399] </TASK> [ 14.796410] [ 14.807920] Allocated by task 291: [ 14.808304] kasan_save_stack+0x45/0x70 [ 14.808686] kasan_save_track+0x18/0x40 [ 14.808962] kasan_save_alloc_info+0x3b/0x50 [ 14.809341] __kasan_kmalloc+0xb7/0xc0 [ 14.809469] __kmalloc_cache_noprof+0x189/0x420 [ 14.809612] kasan_atomics+0x95/0x310 [ 14.809735] kunit_try_run_case+0x1a5/0x480 [ 14.809871] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.810032] kthread+0x337/0x6f0 [ 14.810141] ret_from_fork+0x116/0x1d0 [ 14.810522] ret_from_fork_asm+0x1a/0x30 [ 14.810869] [ 14.811045] The buggy address belongs to the object at ffff8881029e2200 [ 14.811045] which belongs to the cache kmalloc-64 of size 64 [ 14.812131] The buggy address is located 0 bytes to the right of [ 14.812131] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.813270] [ 14.813421] The buggy address belongs to the physical page: [ 14.813923] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.814646] flags: 0x200000000000000(node=0|zone=2) [ 14.815099] page_type: f5(slab) [ 14.815451] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.815895] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.816120] page dumped because: kasan: bad access detected [ 14.816619] [ 14.816773] Memory state around the buggy address: [ 14.817284] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.817902] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.818542] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.818917] ^ [ 14.819067] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.819563] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.820211] ================================================================== [ 13.771109] ================================================================== [ 13.771757] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x697/0x5450 [ 13.772167] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.772567] [ 13.772659] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.772705] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.772719] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.772741] Call Trace: [ 13.772758] <TASK> [ 13.772773] dump_stack_lvl+0x73/0xb0 [ 13.772800] print_report+0xd1/0x650 [ 13.772822] ? __virt_addr_valid+0x1db/0x2d0 [ 13.772844] ? kasan_atomics_helper+0x697/0x5450 [ 13.772865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.772890] ? kasan_atomics_helper+0x697/0x5450 [ 13.772912] kasan_report+0x141/0x180 [ 13.772933] ? kasan_atomics_helper+0x697/0x5450 [ 13.772959] kasan_check_range+0x10c/0x1c0 [ 13.772981] __kasan_check_write+0x18/0x20 [ 13.773004] kasan_atomics_helper+0x697/0x5450 [ 13.773026] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.773048] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.773071] ? kasan_atomics+0x152/0x310 [ 13.773096] kasan_atomics+0x1dc/0x310 [ 13.773118] ? __pfx_kasan_atomics+0x10/0x10 [ 13.773142] ? __pfx_read_tsc+0x10/0x10 [ 13.773162] ? ktime_get_ts64+0x86/0x230 [ 13.773186] kunit_try_run_case+0x1a5/0x480 [ 13.773221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.773243] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.773264] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.773287] ? __kthread_parkme+0x82/0x180 [ 13.773308] ? preempt_count_sub+0x50/0x80 [ 13.773330] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.773354] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.773376] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.773399] kthread+0x337/0x6f0 [ 13.773418] ? trace_preempt_on+0x20/0xc0 [ 13.773443] ? __pfx_kthread+0x10/0x10 [ 13.773463] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.773484] ? calculate_sigpending+0x7b/0xa0 [ 13.773509] ? __pfx_kthread+0x10/0x10 [ 13.773530] ret_from_fork+0x116/0x1d0 [ 13.773548] ? __pfx_kthread+0x10/0x10 [ 13.773569] ret_from_fork_asm+0x1a/0x30 [ 13.773599] </TASK> [ 13.773609] [ 13.780627] Allocated by task 291: [ 13.780797] kasan_save_stack+0x45/0x70 [ 13.780985] kasan_save_track+0x18/0x40 [ 13.781164] kasan_save_alloc_info+0x3b/0x50 [ 13.781353] __kasan_kmalloc+0xb7/0xc0 [ 13.781479] __kmalloc_cache_noprof+0x189/0x420 [ 13.781627] kasan_atomics+0x95/0x310 [ 13.781751] kunit_try_run_case+0x1a5/0x480 [ 13.781954] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.782220] kthread+0x337/0x6f0 [ 13.782387] ret_from_fork+0x116/0x1d0 [ 13.782539] ret_from_fork_asm+0x1a/0x30 [ 13.782708] [ 13.782771] The buggy address belongs to the object at ffff8881029e2200 [ 13.782771] which belongs to the cache kmalloc-64 of size 64 [ 13.783293] The buggy address is located 0 bytes to the right of [ 13.783293] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.783705] [ 13.783786] The buggy address belongs to the physical page: [ 13.783952] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.784184] flags: 0x200000000000000(node=0|zone=2) [ 13.784511] page_type: f5(slab) [ 13.784698] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.785021] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.785378] page dumped because: kasan: bad access detected [ 13.785617] [ 13.785701] Memory state around the buggy address: [ 13.785912] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.786250] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.786463] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.786669] ^ [ 13.786820] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.787138] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.787510] ================================================================== [ 13.627737] ================================================================== [ 13.628069] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b6e/0x5450 [ 13.628712] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.629044] [ 13.629125] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.629192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.629214] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.629235] Call Trace: [ 13.629250] <TASK> [ 13.629264] dump_stack_lvl+0x73/0xb0 [ 13.629292] print_report+0xd1/0x650 [ 13.629314] ? __virt_addr_valid+0x1db/0x2d0 [ 13.629336] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.629357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.629383] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.629406] kasan_report+0x141/0x180 [ 13.629427] ? kasan_atomics_helper+0x4b6e/0x5450 [ 13.629452] __asan_report_store4_noabort+0x1b/0x30 [ 13.629477] kasan_atomics_helper+0x4b6e/0x5450 [ 13.629500] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.629522] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.629546] ? kasan_atomics+0x152/0x310 [ 13.629571] kasan_atomics+0x1dc/0x310 [ 13.629594] ? __pfx_kasan_atomics+0x10/0x10 [ 13.629618] ? __pfx_read_tsc+0x10/0x10 [ 13.629639] ? ktime_get_ts64+0x86/0x230 [ 13.629664] kunit_try_run_case+0x1a5/0x480 [ 13.629687] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.629710] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.629733] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.629755] ? __kthread_parkme+0x82/0x180 [ 13.629777] ? preempt_count_sub+0x50/0x80 [ 13.629800] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.629824] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.629846] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.629870] kthread+0x337/0x6f0 [ 13.629889] ? trace_preempt_on+0x20/0xc0 [ 13.629913] ? __pfx_kthread+0x10/0x10 [ 13.629934] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.629955] ? calculate_sigpending+0x7b/0xa0 [ 13.629978] ? __pfx_kthread+0x10/0x10 [ 13.630000] ret_from_fork+0x116/0x1d0 [ 13.630019] ? __pfx_kthread+0x10/0x10 [ 13.630040] ret_from_fork_asm+0x1a/0x30 [ 13.630070] </TASK> [ 13.630081] [ 13.636658] Allocated by task 291: [ 13.636819] kasan_save_stack+0x45/0x70 [ 13.636971] kasan_save_track+0x18/0x40 [ 13.637095] kasan_save_alloc_info+0x3b/0x50 [ 13.637266] __kasan_kmalloc+0xb7/0xc0 [ 13.637391] __kmalloc_cache_noprof+0x189/0x420 [ 13.637540] kasan_atomics+0x95/0x310 [ 13.637714] kunit_try_run_case+0x1a5/0x480 [ 13.637914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.638153] kthread+0x337/0x6f0 [ 13.638338] ret_from_fork+0x116/0x1d0 [ 13.638515] ret_from_fork_asm+0x1a/0x30 [ 13.638708] [ 13.638797] The buggy address belongs to the object at ffff8881029e2200 [ 13.638797] which belongs to the cache kmalloc-64 of size 64 [ 13.639348] The buggy address is located 0 bytes to the right of [ 13.639348] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.639785] [ 13.639870] The buggy address belongs to the physical page: [ 13.640113] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.640388] flags: 0x200000000000000(node=0|zone=2) [ 13.640540] page_type: f5(slab) [ 13.640654] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.640870] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.641154] page dumped because: kasan: bad access detected [ 13.641417] [ 13.641500] Memory state around the buggy address: [ 13.641709] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.642007] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.642311] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.642551] ^ [ 13.642693] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.642893] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.643099] ================================================================== [ 13.722045] ================================================================== [ 13.723467] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x565/0x5450 [ 13.723931] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.724243] [ 13.724346] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.724392] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.724405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.724427] Call Trace: [ 13.724439] <TASK> [ 13.724453] dump_stack_lvl+0x73/0xb0 [ 13.724480] print_report+0xd1/0x650 [ 13.724502] ? __virt_addr_valid+0x1db/0x2d0 [ 13.724525] ? kasan_atomics_helper+0x565/0x5450 [ 13.724546] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.724572] ? kasan_atomics_helper+0x565/0x5450 [ 13.724594] kasan_report+0x141/0x180 [ 13.724615] ? kasan_atomics_helper+0x565/0x5450 [ 13.724641] kasan_check_range+0x10c/0x1c0 [ 13.724669] __kasan_check_write+0x18/0x20 [ 13.724691] kasan_atomics_helper+0x565/0x5450 [ 13.724714] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.724736] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.724760] ? kasan_atomics+0x152/0x310 [ 13.724786] kasan_atomics+0x1dc/0x310 [ 13.724808] ? __pfx_kasan_atomics+0x10/0x10 [ 13.724832] ? __pfx_read_tsc+0x10/0x10 [ 13.724853] ? ktime_get_ts64+0x86/0x230 [ 13.724877] kunit_try_run_case+0x1a5/0x480 [ 13.724901] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.724924] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.724946] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.724968] ? __kthread_parkme+0x82/0x180 [ 13.724988] ? preempt_count_sub+0x50/0x80 [ 13.725011] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.725034] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.725057] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.725079] kthread+0x337/0x6f0 [ 13.725099] ? trace_preempt_on+0x20/0xc0 [ 13.725122] ? __pfx_kthread+0x10/0x10 [ 13.725143] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.725163] ? calculate_sigpending+0x7b/0xa0 [ 13.725187] ? __pfx_kthread+0x10/0x10 [ 13.725426] ret_from_fork+0x116/0x1d0 [ 13.725453] ? __pfx_kthread+0x10/0x10 [ 13.725476] ret_from_fork_asm+0x1a/0x30 [ 13.725521] </TASK> [ 13.725532] [ 13.736686] Allocated by task 291: [ 13.736991] kasan_save_stack+0x45/0x70 [ 13.737360] kasan_save_track+0x18/0x40 [ 13.737538] kasan_save_alloc_info+0x3b/0x50 [ 13.737713] __kasan_kmalloc+0xb7/0xc0 [ 13.737866] __kmalloc_cache_noprof+0x189/0x420 [ 13.738056] kasan_atomics+0x95/0x310 [ 13.738267] kunit_try_run_case+0x1a5/0x480 [ 13.738448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.738661] kthread+0x337/0x6f0 [ 13.738807] ret_from_fork+0x116/0x1d0 [ 13.738970] ret_from_fork_asm+0x1a/0x30 [ 13.739140] [ 13.739665] The buggy address belongs to the object at ffff8881029e2200 [ 13.739665] which belongs to the cache kmalloc-64 of size 64 [ 13.740545] The buggy address is located 0 bytes to the right of [ 13.740545] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.741361] [ 13.741584] The buggy address belongs to the physical page: [ 13.742003] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.742595] flags: 0x200000000000000(node=0|zone=2) [ 13.742943] page_type: f5(slab) [ 13.743312] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.743808] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.744406] page dumped because: kasan: bad access detected [ 13.744634] [ 13.744717] Memory state around the buggy address: [ 13.744913] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.745189] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.745452] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.745754] ^ [ 13.745952] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.746180] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.746526] ================================================================== [ 13.926682] ================================================================== [ 13.926924] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xb6a/0x5450 [ 13.927148] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.928190] [ 13.928415] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.928473] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.928486] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.928508] Call Trace: [ 13.928525] <TASK> [ 13.928541] dump_stack_lvl+0x73/0xb0 [ 13.928569] print_report+0xd1/0x650 [ 13.928592] ? __virt_addr_valid+0x1db/0x2d0 [ 13.928615] ? kasan_atomics_helper+0xb6a/0x5450 [ 13.928636] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.928665] ? kasan_atomics_helper+0xb6a/0x5450 [ 13.928686] kasan_report+0x141/0x180 [ 13.928709] ? kasan_atomics_helper+0xb6a/0x5450 [ 13.928735] kasan_check_range+0x10c/0x1c0 [ 13.928757] __kasan_check_write+0x18/0x20 [ 13.928781] kasan_atomics_helper+0xb6a/0x5450 [ 13.928803] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.928825] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.928850] ? kasan_atomics+0x152/0x310 [ 13.928875] kasan_atomics+0x1dc/0x310 [ 13.928897] ? __pfx_kasan_atomics+0x10/0x10 [ 13.928920] ? __pfx_read_tsc+0x10/0x10 [ 13.928942] ? ktime_get_ts64+0x86/0x230 [ 13.928966] kunit_try_run_case+0x1a5/0x480 [ 13.928990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.929011] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.929035] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.929058] ? __kthread_parkme+0x82/0x180 [ 13.929078] ? preempt_count_sub+0x50/0x80 [ 13.929102] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.929125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.929148] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.929171] kthread+0x337/0x6f0 [ 13.929191] ? trace_preempt_on+0x20/0xc0 [ 13.929226] ? __pfx_kthread+0x10/0x10 [ 13.929247] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.929267] ? calculate_sigpending+0x7b/0xa0 [ 13.929291] ? __pfx_kthread+0x10/0x10 [ 13.929312] ret_from_fork+0x116/0x1d0 [ 13.929331] ? __pfx_kthread+0x10/0x10 [ 13.929351] ret_from_fork_asm+0x1a/0x30 [ 13.929382] </TASK> [ 13.929393] [ 13.939685] Allocated by task 291: [ 13.939883] kasan_save_stack+0x45/0x70 [ 13.940077] kasan_save_track+0x18/0x40 [ 13.940529] kasan_save_alloc_info+0x3b/0x50 [ 13.940816] __kasan_kmalloc+0xb7/0xc0 [ 13.941089] __kmalloc_cache_noprof+0x189/0x420 [ 13.941470] kasan_atomics+0x95/0x310 [ 13.941656] kunit_try_run_case+0x1a5/0x480 [ 13.941842] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.942066] kthread+0x337/0x6f0 [ 13.942490] ret_from_fork+0x116/0x1d0 [ 13.942723] ret_from_fork_asm+0x1a/0x30 [ 13.943022] [ 13.943248] The buggy address belongs to the object at ffff8881029e2200 [ 13.943248] which belongs to the cache kmalloc-64 of size 64 [ 13.943987] The buggy address is located 0 bytes to the right of [ 13.943987] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.944714] [ 13.944812] The buggy address belongs to the physical page: [ 13.945041] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.945757] flags: 0x200000000000000(node=0|zone=2) [ 13.946028] page_type: f5(slab) [ 13.946313] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.946804] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.947475] page dumped because: kasan: bad access detected [ 13.947711] [ 13.947793] Memory state around the buggy address: [ 13.947986] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.948529] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.948987] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.949497] ^ [ 13.949932] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.950354] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.950755] ================================================================== [ 14.376853] ================================================================== [ 14.377419] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x151d/0x5450 [ 14.377782] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.378103] [ 14.378199] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.378253] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.378265] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.378286] Call Trace: [ 14.378301] <TASK> [ 14.378315] dump_stack_lvl+0x73/0xb0 [ 14.378340] print_report+0xd1/0x650 [ 14.378372] ? __virt_addr_valid+0x1db/0x2d0 [ 14.378395] ? kasan_atomics_helper+0x151d/0x5450 [ 14.378416] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.378452] ? kasan_atomics_helper+0x151d/0x5450 [ 14.378475] kasan_report+0x141/0x180 [ 14.378496] ? kasan_atomics_helper+0x151d/0x5450 [ 14.378522] kasan_check_range+0x10c/0x1c0 [ 14.378554] __kasan_check_write+0x18/0x20 [ 14.378577] kasan_atomics_helper+0x151d/0x5450 [ 14.378609] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.378632] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.378656] ? kasan_atomics+0x152/0x310 [ 14.378682] kasan_atomics+0x1dc/0x310 [ 14.378704] ? __pfx_kasan_atomics+0x10/0x10 [ 14.378728] ? __pfx_read_tsc+0x10/0x10 [ 14.378750] ? ktime_get_ts64+0x86/0x230 [ 14.378774] kunit_try_run_case+0x1a5/0x480 [ 14.378798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.378820] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.378849] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.378871] ? __kthread_parkme+0x82/0x180 [ 14.378892] ? preempt_count_sub+0x50/0x80 [ 14.378926] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.378950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.378973] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.378997] kthread+0x337/0x6f0 [ 14.379016] ? trace_preempt_on+0x20/0xc0 [ 14.379039] ? __pfx_kthread+0x10/0x10 [ 14.379059] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.379080] ? calculate_sigpending+0x7b/0xa0 [ 14.379104] ? __pfx_kthread+0x10/0x10 [ 14.379126] ret_from_fork+0x116/0x1d0 [ 14.379145] ? __pfx_kthread+0x10/0x10 [ 14.379165] ret_from_fork_asm+0x1a/0x30 [ 14.379195] </TASK> [ 14.379213] [ 14.386369] Allocated by task 291: [ 14.386565] kasan_save_stack+0x45/0x70 [ 14.386778] kasan_save_track+0x18/0x40 [ 14.386970] kasan_save_alloc_info+0x3b/0x50 [ 14.387143] __kasan_kmalloc+0xb7/0xc0 [ 14.387337] __kmalloc_cache_noprof+0x189/0x420 [ 14.387550] kasan_atomics+0x95/0x310 [ 14.387735] kunit_try_run_case+0x1a5/0x480 [ 14.387932] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.388100] kthread+0x337/0x6f0 [ 14.388263] ret_from_fork+0x116/0x1d0 [ 14.388441] ret_from_fork_asm+0x1a/0x30 [ 14.388662] [ 14.388749] The buggy address belongs to the object at ffff8881029e2200 [ 14.388749] which belongs to the cache kmalloc-64 of size 64 [ 14.389152] The buggy address is located 0 bytes to the right of [ 14.389152] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.389694] [ 14.389804] The buggy address belongs to the physical page: [ 14.390008] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.390355] flags: 0x200000000000000(node=0|zone=2) [ 14.390588] page_type: f5(slab) [ 14.390738] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.391055] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.391322] page dumped because: kasan: bad access detected [ 14.391488] [ 14.391550] Memory state around the buggy address: [ 14.391697] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.391924] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.392279] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.392582] ^ [ 14.392795] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.393100] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.393342] ================================================================== [ 14.592486] ================================================================== [ 14.593450] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f30/0x5450 [ 14.594082] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.594742] [ 14.594910] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.594956] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.594968] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.594990] Call Trace: [ 14.595005] <TASK> [ 14.595020] dump_stack_lvl+0x73/0xb0 [ 14.595045] print_report+0xd1/0x650 [ 14.595067] ? __virt_addr_valid+0x1db/0x2d0 [ 14.595089] ? kasan_atomics_helper+0x4f30/0x5450 [ 14.595110] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.595136] ? kasan_atomics_helper+0x4f30/0x5450 [ 14.595157] kasan_report+0x141/0x180 [ 14.595179] ? kasan_atomics_helper+0x4f30/0x5450 [ 14.595216] __asan_report_load8_noabort+0x18/0x20 [ 14.595240] kasan_atomics_helper+0x4f30/0x5450 [ 14.595262] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.595284] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.595309] ? kasan_atomics+0x152/0x310 [ 14.595334] kasan_atomics+0x1dc/0x310 [ 14.595356] ? __pfx_kasan_atomics+0x10/0x10 [ 14.595379] ? __pfx_read_tsc+0x10/0x10 [ 14.595400] ? ktime_get_ts64+0x86/0x230 [ 14.595424] kunit_try_run_case+0x1a5/0x480 [ 14.595447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.595468] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.595490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.595512] ? __kthread_parkme+0x82/0x180 [ 14.595532] ? preempt_count_sub+0x50/0x80 [ 14.595555] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.595578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.595601] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.595624] kthread+0x337/0x6f0 [ 14.595642] ? trace_preempt_on+0x20/0xc0 [ 14.595665] ? __pfx_kthread+0x10/0x10 [ 14.595685] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.595706] ? calculate_sigpending+0x7b/0xa0 [ 14.595728] ? __pfx_kthread+0x10/0x10 [ 14.595750] ret_from_fork+0x116/0x1d0 [ 14.595769] ? __pfx_kthread+0x10/0x10 [ 14.595789] ret_from_fork_asm+0x1a/0x30 [ 14.595820] </TASK> [ 14.595831] [ 14.603381] Allocated by task 291: [ 14.603556] kasan_save_stack+0x45/0x70 [ 14.603734] kasan_save_track+0x18/0x40 [ 14.603902] kasan_save_alloc_info+0x3b/0x50 [ 14.604042] __kasan_kmalloc+0xb7/0xc0 [ 14.604167] __kmalloc_cache_noprof+0x189/0x420 [ 14.604383] kasan_atomics+0x95/0x310 [ 14.604565] kunit_try_run_case+0x1a5/0x480 [ 14.604764] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.604974] kthread+0x337/0x6f0 [ 14.605121] ret_from_fork+0x116/0x1d0 [ 14.605374] ret_from_fork_asm+0x1a/0x30 [ 14.605538] [ 14.605616] The buggy address belongs to the object at ffff8881029e2200 [ 14.605616] which belongs to the cache kmalloc-64 of size 64 [ 14.606052] The buggy address is located 0 bytes to the right of [ 14.606052] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.606551] [ 14.606625] The buggy address belongs to the physical page: [ 14.606839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.607136] flags: 0x200000000000000(node=0|zone=2) [ 14.607499] page_type: f5(slab) [ 14.607615] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.607929] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.608149] page dumped because: kasan: bad access detected [ 14.608323] [ 14.608385] Memory state around the buggy address: [ 14.608533] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.608774] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.609078] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.609671] ^ [ 14.609850] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.610061] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.610277] ================================================================== [ 14.694553] ================================================================== [ 14.694816] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f71/0x5450 [ 14.695045] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.695348] [ 14.695501] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.695546] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.695577] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.695599] Call Trace: [ 14.695625] <TASK> [ 14.695640] dump_stack_lvl+0x73/0xb0 [ 14.695666] print_report+0xd1/0x650 [ 14.695688] ? __virt_addr_valid+0x1db/0x2d0 [ 14.695711] ? kasan_atomics_helper+0x4f71/0x5450 [ 14.695732] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.695759] ? kasan_atomics_helper+0x4f71/0x5450 [ 14.695781] kasan_report+0x141/0x180 [ 14.695802] ? kasan_atomics_helper+0x4f71/0x5450 [ 14.695828] __asan_report_load8_noabort+0x18/0x20 [ 14.695852] kasan_atomics_helper+0x4f71/0x5450 [ 14.695874] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.695896] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.695920] ? kasan_atomics+0x152/0x310 [ 14.695946] kasan_atomics+0x1dc/0x310 [ 14.695987] ? __pfx_kasan_atomics+0x10/0x10 [ 14.696011] ? __pfx_read_tsc+0x10/0x10 [ 14.696032] ? ktime_get_ts64+0x86/0x230 [ 14.696056] kunit_try_run_case+0x1a5/0x480 [ 14.696079] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.696101] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.696122] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.696145] ? __kthread_parkme+0x82/0x180 [ 14.696185] ? preempt_count_sub+0x50/0x80 [ 14.696218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.696242] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.696265] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.696288] kthread+0x337/0x6f0 [ 14.696307] ? trace_preempt_on+0x20/0xc0 [ 14.696330] ? __pfx_kthread+0x10/0x10 [ 14.696367] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.696388] ? calculate_sigpending+0x7b/0xa0 [ 14.696413] ? __pfx_kthread+0x10/0x10 [ 14.696434] ret_from_fork+0x116/0x1d0 [ 14.696453] ? __pfx_kthread+0x10/0x10 [ 14.696473] ret_from_fork_asm+0x1a/0x30 [ 14.696503] </TASK> [ 14.696513] [ 14.705563] Allocated by task 291: [ 14.705732] kasan_save_stack+0x45/0x70 [ 14.705918] kasan_save_track+0x18/0x40 [ 14.706090] kasan_save_alloc_info+0x3b/0x50 [ 14.706596] __kasan_kmalloc+0xb7/0xc0 [ 14.707453] __kmalloc_cache_noprof+0x189/0x420 [ 14.707623] kasan_atomics+0x95/0x310 [ 14.707751] kunit_try_run_case+0x1a5/0x480 [ 14.707891] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.708058] kthread+0x337/0x6f0 [ 14.708170] ret_from_fork+0x116/0x1d0 [ 14.708321] ret_from_fork_asm+0x1a/0x30 [ 14.708455] [ 14.708520] The buggy address belongs to the object at ffff8881029e2200 [ 14.708520] which belongs to the cache kmalloc-64 of size 64 [ 14.709275] The buggy address is located 0 bytes to the right of [ 14.709275] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.709801] [ 14.709895] The buggy address belongs to the physical page: [ 14.710068] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.710665] flags: 0x200000000000000(node=0|zone=2) [ 14.711033] page_type: f5(slab) [ 14.711169] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.713648] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.714995] page dumped because: kasan: bad access detected [ 14.715855] [ 14.716022] Memory state around the buggy address: [ 14.716715] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.717641] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.718311] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.718529] ^ [ 14.718681] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.718892] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.719099] ================================================================== [ 13.951365] ================================================================== [ 13.951822] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xc70/0x5450 [ 13.952115] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.952440] [ 13.952544] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.952590] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.952603] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.952625] Call Trace: [ 13.952640] <TASK> [ 13.952658] dump_stack_lvl+0x73/0xb0 [ 13.952685] print_report+0xd1/0x650 [ 13.952707] ? __virt_addr_valid+0x1db/0x2d0 [ 13.952729] ? kasan_atomics_helper+0xc70/0x5450 [ 13.952752] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.952778] ? kasan_atomics_helper+0xc70/0x5450 [ 13.952799] kasan_report+0x141/0x180 [ 13.952820] ? kasan_atomics_helper+0xc70/0x5450 [ 13.952846] kasan_check_range+0x10c/0x1c0 [ 13.952869] __kasan_check_write+0x18/0x20 [ 13.952891] kasan_atomics_helper+0xc70/0x5450 [ 13.952913] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.952935] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.952960] ? kasan_atomics+0x152/0x310 [ 13.952985] kasan_atomics+0x1dc/0x310 [ 13.953007] ? __pfx_kasan_atomics+0x10/0x10 [ 13.953030] ? __pfx_read_tsc+0x10/0x10 [ 13.953051] ? ktime_get_ts64+0x86/0x230 [ 13.953076] kunit_try_run_case+0x1a5/0x480 [ 13.953099] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.953121] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.953142] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.953164] ? __kthread_parkme+0x82/0x180 [ 13.953184] ? preempt_count_sub+0x50/0x80 [ 13.953219] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.953243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.953266] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.953289] kthread+0x337/0x6f0 [ 13.953309] ? trace_preempt_on+0x20/0xc0 [ 13.953332] ? __pfx_kthread+0x10/0x10 [ 13.953352] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.953373] ? calculate_sigpending+0x7b/0xa0 [ 13.953396] ? __pfx_kthread+0x10/0x10 [ 13.953418] ret_from_fork+0x116/0x1d0 [ 13.953436] ? __pfx_kthread+0x10/0x10 [ 13.953457] ret_from_fork_asm+0x1a/0x30 [ 13.953486] </TASK> [ 13.953498] [ 13.960377] Allocated by task 291: [ 13.960501] kasan_save_stack+0x45/0x70 [ 13.960637] kasan_save_track+0x18/0x40 [ 13.960821] kasan_save_alloc_info+0x3b/0x50 [ 13.961021] __kasan_kmalloc+0xb7/0xc0 [ 13.961198] __kmalloc_cache_noprof+0x189/0x420 [ 13.961415] kasan_atomics+0x95/0x310 [ 13.961590] kunit_try_run_case+0x1a5/0x480 [ 13.961784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.961982] kthread+0x337/0x6f0 [ 13.962097] ret_from_fork+0x116/0x1d0 [ 13.962341] ret_from_fork_asm+0x1a/0x30 [ 13.962530] [ 13.962616] The buggy address belongs to the object at ffff8881029e2200 [ 13.962616] which belongs to the cache kmalloc-64 of size 64 [ 13.963073] The buggy address is located 0 bytes to the right of [ 13.963073] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.963501] [ 13.963567] The buggy address belongs to the physical page: [ 13.963808] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.964149] flags: 0x200000000000000(node=0|zone=2) [ 13.964432] page_type: f5(slab) [ 13.964547] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.964776] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.964998] page dumped because: kasan: bad access detected [ 13.965187] [ 13.965279] Memory state around the buggy address: [ 13.965492] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.965802] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.966109] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.966360] ^ [ 13.966508] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.966715] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.966920] ================================================================== [ 14.568055] ================================================================== [ 14.568394] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1c18/0x5450 [ 14.568712] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.568929] [ 14.569004] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.569050] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.569062] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.569083] Call Trace: [ 14.569097] <TASK> [ 14.569112] dump_stack_lvl+0x73/0xb0 [ 14.569136] print_report+0xd1/0x650 [ 14.569157] ? __virt_addr_valid+0x1db/0x2d0 [ 14.569211] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.569233] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.569268] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.569290] kasan_report+0x141/0x180 [ 14.569313] ? kasan_atomics_helper+0x1c18/0x5450 [ 14.569350] kasan_check_range+0x10c/0x1c0 [ 14.569373] __kasan_check_write+0x18/0x20 [ 14.569396] kasan_atomics_helper+0x1c18/0x5450 [ 14.569417] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.569439] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.569463] ? kasan_atomics+0x152/0x310 [ 14.569489] kasan_atomics+0x1dc/0x310 [ 14.569511] ? __pfx_kasan_atomics+0x10/0x10 [ 14.569535] ? __pfx_read_tsc+0x10/0x10 [ 14.569555] ? ktime_get_ts64+0x86/0x230 [ 14.569580] kunit_try_run_case+0x1a5/0x480 [ 14.569603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.569625] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.569646] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.569669] ? __kthread_parkme+0x82/0x180 [ 14.569689] ? preempt_count_sub+0x50/0x80 [ 14.569712] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.569735] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.569758] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.569781] kthread+0x337/0x6f0 [ 14.569800] ? trace_preempt_on+0x20/0xc0 [ 14.569823] ? __pfx_kthread+0x10/0x10 [ 14.569844] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.569865] ? calculate_sigpending+0x7b/0xa0 [ 14.569888] ? __pfx_kthread+0x10/0x10 [ 14.569910] ret_from_fork+0x116/0x1d0 [ 14.569930] ? __pfx_kthread+0x10/0x10 [ 14.569950] ret_from_fork_asm+0x1a/0x30 [ 14.569981] </TASK> [ 14.569991] [ 14.580912] Allocated by task 291: [ 14.581071] kasan_save_stack+0x45/0x70 [ 14.581722] kasan_save_track+0x18/0x40 [ 14.581888] kasan_save_alloc_info+0x3b/0x50 [ 14.582298] __kasan_kmalloc+0xb7/0xc0 [ 14.582464] __kmalloc_cache_noprof+0x189/0x420 [ 14.582802] kasan_atomics+0x95/0x310 [ 14.582986] kunit_try_run_case+0x1a5/0x480 [ 14.583355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.583679] kthread+0x337/0x6f0 [ 14.583818] ret_from_fork+0x116/0x1d0 [ 14.584109] ret_from_fork_asm+0x1a/0x30 [ 14.584351] [ 14.584584] The buggy address belongs to the object at ffff8881029e2200 [ 14.584584] which belongs to the cache kmalloc-64 of size 64 [ 14.585112] The buggy address is located 0 bytes to the right of [ 14.585112] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.585933] [ 14.586015] The buggy address belongs to the physical page: [ 14.586273] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.586764] flags: 0x200000000000000(node=0|zone=2) [ 14.587068] page_type: f5(slab) [ 14.587197] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.587600] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.588062] page dumped because: kasan: bad access detected [ 14.588420] [ 14.588497] Memory state around the buggy address: [ 14.588787] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.589232] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.589913] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.590644] ^ [ 14.590802] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.591013] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.591633] ================================================================== [ 14.020760] ================================================================== [ 14.021083] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xe78/0x5450 [ 14.021408] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.021690] [ 14.021789] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.021833] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.021846] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.021867] Call Trace: [ 14.021882] <TASK> [ 14.021897] dump_stack_lvl+0x73/0xb0 [ 14.021921] print_report+0xd1/0x650 [ 14.021942] ? __virt_addr_valid+0x1db/0x2d0 [ 14.021965] ? kasan_atomics_helper+0xe78/0x5450 [ 14.021986] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.022011] ? kasan_atomics_helper+0xe78/0x5450 [ 14.022033] kasan_report+0x141/0x180 [ 14.022054] ? kasan_atomics_helper+0xe78/0x5450 [ 14.022079] kasan_check_range+0x10c/0x1c0 [ 14.022102] __kasan_check_write+0x18/0x20 [ 14.022126] kasan_atomics_helper+0xe78/0x5450 [ 14.022148] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.022170] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.022196] ? kasan_atomics+0x152/0x310 [ 14.022233] kasan_atomics+0x1dc/0x310 [ 14.022255] ? __pfx_kasan_atomics+0x10/0x10 [ 14.022279] ? __pfx_read_tsc+0x10/0x10 [ 14.022300] ? ktime_get_ts64+0x86/0x230 [ 14.022324] kunit_try_run_case+0x1a5/0x480 [ 14.022347] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.022373] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.022397] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.022422] ? __kthread_parkme+0x82/0x180 [ 14.022443] ? preempt_count_sub+0x50/0x80 [ 14.022467] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.022491] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.022514] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.022537] kthread+0x337/0x6f0 [ 14.022557] ? trace_preempt_on+0x20/0xc0 [ 14.022582] ? __pfx_kthread+0x10/0x10 [ 14.022602] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.022622] ? calculate_sigpending+0x7b/0xa0 [ 14.022645] ? __pfx_kthread+0x10/0x10 [ 14.022667] ret_from_fork+0x116/0x1d0 [ 14.022685] ? __pfx_kthread+0x10/0x10 [ 14.022706] ret_from_fork_asm+0x1a/0x30 [ 14.022736] </TASK> [ 14.022747] [ 14.029882] Allocated by task 291: [ 14.030032] kasan_save_stack+0x45/0x70 [ 14.030225] kasan_save_track+0x18/0x40 [ 14.030391] kasan_save_alloc_info+0x3b/0x50 [ 14.030543] __kasan_kmalloc+0xb7/0xc0 [ 14.030669] __kmalloc_cache_noprof+0x189/0x420 [ 14.030870] kasan_atomics+0x95/0x310 [ 14.031044] kunit_try_run_case+0x1a5/0x480 [ 14.031280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.031453] kthread+0x337/0x6f0 [ 14.031581] ret_from_fork+0x116/0x1d0 [ 14.031758] ret_from_fork_asm+0x1a/0x30 [ 14.031947] [ 14.032032] The buggy address belongs to the object at ffff8881029e2200 [ 14.032032] which belongs to the cache kmalloc-64 of size 64 [ 14.032507] The buggy address is located 0 bytes to the right of [ 14.032507] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.032995] [ 14.033070] The buggy address belongs to the physical page: [ 14.033320] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.033632] flags: 0x200000000000000(node=0|zone=2) [ 14.033820] page_type: f5(slab) [ 14.033969] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.034330] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.034620] page dumped because: kasan: bad access detected [ 14.034804] [ 14.034867] Memory state around the buggy address: [ 14.035014] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.035235] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.035443] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.035649] ^ [ 14.035795] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.036100] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.036410] ================================================================== [ 14.199295] ================================================================== [ 14.200572] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1217/0x5450 [ 14.201465] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.202046] [ 14.202134] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.202182] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.202195] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.202229] Call Trace: [ 14.202246] <TASK> [ 14.202261] dump_stack_lvl+0x73/0xb0 [ 14.202289] print_report+0xd1/0x650 [ 14.202310] ? __virt_addr_valid+0x1db/0x2d0 [ 14.202333] ? kasan_atomics_helper+0x1217/0x5450 [ 14.202354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.202380] ? kasan_atomics_helper+0x1217/0x5450 [ 14.202401] kasan_report+0x141/0x180 [ 14.202423] ? kasan_atomics_helper+0x1217/0x5450 [ 14.202448] kasan_check_range+0x10c/0x1c0 [ 14.202472] __kasan_check_write+0x18/0x20 [ 14.202494] kasan_atomics_helper+0x1217/0x5450 [ 14.202516] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.202538] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.202563] ? kasan_atomics+0x152/0x310 [ 14.202587] kasan_atomics+0x1dc/0x310 [ 14.202611] ? __pfx_kasan_atomics+0x10/0x10 [ 14.202634] ? __pfx_read_tsc+0x10/0x10 [ 14.202655] ? ktime_get_ts64+0x86/0x230 [ 14.202679] kunit_try_run_case+0x1a5/0x480 [ 14.202703] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.202725] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.202746] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.202769] ? __kthread_parkme+0x82/0x180 [ 14.202789] ? preempt_count_sub+0x50/0x80 [ 14.202812] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.202836] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.202859] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.202882] kthread+0x337/0x6f0 [ 14.202901] ? trace_preempt_on+0x20/0xc0 [ 14.202924] ? __pfx_kthread+0x10/0x10 [ 14.202945] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.202966] ? calculate_sigpending+0x7b/0xa0 [ 14.202990] ? __pfx_kthread+0x10/0x10 [ 14.203012] ret_from_fork+0x116/0x1d0 [ 14.203031] ? __pfx_kthread+0x10/0x10 [ 14.203052] ret_from_fork_asm+0x1a/0x30 [ 14.203082] </TASK> [ 14.203092] [ 14.213243] Allocated by task 291: [ 14.213425] kasan_save_stack+0x45/0x70 [ 14.213619] kasan_save_track+0x18/0x40 [ 14.213781] kasan_save_alloc_info+0x3b/0x50 [ 14.213961] __kasan_kmalloc+0xb7/0xc0 [ 14.214125] __kmalloc_cache_noprof+0x189/0x420 [ 14.214924] kasan_atomics+0x95/0x310 [ 14.215168] kunit_try_run_case+0x1a5/0x480 [ 14.215471] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.215781] kthread+0x337/0x6f0 [ 14.215904] ret_from_fork+0x116/0x1d0 [ 14.216238] ret_from_fork_asm+0x1a/0x30 [ 14.216444] [ 14.216692] The buggy address belongs to the object at ffff8881029e2200 [ 14.216692] which belongs to the cache kmalloc-64 of size 64 [ 14.217350] The buggy address is located 0 bytes to the right of [ 14.217350] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.217932] [ 14.218150] The buggy address belongs to the physical page: [ 14.218368] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.218833] flags: 0x200000000000000(node=0|zone=2) [ 14.219147] page_type: f5(slab) [ 14.219282] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.219740] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.220119] page dumped because: kasan: bad access detected [ 14.220434] [ 14.220659] Memory state around the buggy address: [ 14.220829] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.221303] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.221681] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.221976] ^ [ 14.222349] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.222720] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.223114] ================================================================== [ 14.661523] ================================================================== [ 14.661904] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1eaa/0x5450 [ 14.662635] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.662933] [ 14.663011] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.663056] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.663069] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.663090] Call Trace: [ 14.663104] <TASK> [ 14.663118] dump_stack_lvl+0x73/0xb0 [ 14.663144] print_report+0xd1/0x650 [ 14.663187] ? __virt_addr_valid+0x1db/0x2d0 [ 14.663220] ? kasan_atomics_helper+0x1eaa/0x5450 [ 14.663241] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.663266] ? kasan_atomics_helper+0x1eaa/0x5450 [ 14.663288] kasan_report+0x141/0x180 [ 14.663310] ? kasan_atomics_helper+0x1eaa/0x5450 [ 14.663336] kasan_check_range+0x10c/0x1c0 [ 14.663359] __kasan_check_write+0x18/0x20 [ 14.663382] kasan_atomics_helper+0x1eaa/0x5450 [ 14.663404] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.663425] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.663450] ? kasan_atomics+0x152/0x310 [ 14.663475] kasan_atomics+0x1dc/0x310 [ 14.663497] ? __pfx_kasan_atomics+0x10/0x10 [ 14.663520] ? __pfx_read_tsc+0x10/0x10 [ 14.663541] ? ktime_get_ts64+0x86/0x230 [ 14.663566] kunit_try_run_case+0x1a5/0x480 [ 14.663589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.663610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.663632] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.663655] ? __kthread_parkme+0x82/0x180 [ 14.663675] ? preempt_count_sub+0x50/0x80 [ 14.663699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.663723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.663745] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.663768] kthread+0x337/0x6f0 [ 14.663787] ? trace_preempt_on+0x20/0xc0 [ 14.663810] ? __pfx_kthread+0x10/0x10 [ 14.663830] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.663851] ? calculate_sigpending+0x7b/0xa0 [ 14.663874] ? __pfx_kthread+0x10/0x10 [ 14.663896] ret_from_fork+0x116/0x1d0 [ 14.663914] ? __pfx_kthread+0x10/0x10 [ 14.663935] ret_from_fork_asm+0x1a/0x30 [ 14.663964] </TASK> [ 14.663975] [ 14.671020] Allocated by task 291: [ 14.671229] kasan_save_stack+0x45/0x70 [ 14.671426] kasan_save_track+0x18/0x40 [ 14.671611] kasan_save_alloc_info+0x3b/0x50 [ 14.671812] __kasan_kmalloc+0xb7/0xc0 [ 14.671991] __kmalloc_cache_noprof+0x189/0x420 [ 14.672211] kasan_atomics+0x95/0x310 [ 14.672346] kunit_try_run_case+0x1a5/0x480 [ 14.672537] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.672755] kthread+0x337/0x6f0 [ 14.672866] ret_from_fork+0x116/0x1d0 [ 14.672988] ret_from_fork_asm+0x1a/0x30 [ 14.673115] [ 14.673201] The buggy address belongs to the object at ffff8881029e2200 [ 14.673201] which belongs to the cache kmalloc-64 of size 64 [ 14.673670] The buggy address is located 0 bytes to the right of [ 14.673670] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.674242] [ 14.674333] The buggy address belongs to the physical page: [ 14.674595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.674865] flags: 0x200000000000000(node=0|zone=2) [ 14.675015] page_type: f5(slab) [ 14.675125] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.675379] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.675671] page dumped because: kasan: bad access detected [ 14.675927] [ 14.676011] Memory state around the buggy address: [ 14.676263] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.676586] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.676910] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.677255] ^ [ 14.677474] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.677678] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.677925] ================================================================== [ 14.644516] ================================================================== [ 14.645250] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1e12/0x5450 [ 14.645794] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.646007] [ 14.646085] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.646131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.646143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.646165] Call Trace: [ 14.646186] <TASK> [ 14.646200] dump_stack_lvl+0x73/0xb0 [ 14.646234] print_report+0xd1/0x650 [ 14.646256] ? __virt_addr_valid+0x1db/0x2d0 [ 14.646278] ? kasan_atomics_helper+0x1e12/0x5450 [ 14.646301] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.646327] ? kasan_atomics_helper+0x1e12/0x5450 [ 14.646348] kasan_report+0x141/0x180 [ 14.646370] ? kasan_atomics_helper+0x1e12/0x5450 [ 14.646396] kasan_check_range+0x10c/0x1c0 [ 14.646420] __kasan_check_write+0x18/0x20 [ 14.646443] kasan_atomics_helper+0x1e12/0x5450 [ 14.646465] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.646486] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.646510] ? kasan_atomics+0x152/0x310 [ 14.646537] kasan_atomics+0x1dc/0x310 [ 14.646559] ? __pfx_kasan_atomics+0x10/0x10 [ 14.646584] ? __pfx_read_tsc+0x10/0x10 [ 14.646605] ? ktime_get_ts64+0x86/0x230 [ 14.646629] kunit_try_run_case+0x1a5/0x480 [ 14.646652] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.646675] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.646697] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.646718] ? __kthread_parkme+0x82/0x180 [ 14.646738] ? preempt_count_sub+0x50/0x80 [ 14.646762] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.646784] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.646807] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.646830] kthread+0x337/0x6f0 [ 14.646849] ? trace_preempt_on+0x20/0xc0 [ 14.646871] ? __pfx_kthread+0x10/0x10 [ 14.646892] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.646912] ? calculate_sigpending+0x7b/0xa0 [ 14.646936] ? __pfx_kthread+0x10/0x10 [ 14.646957] ret_from_fork+0x116/0x1d0 [ 14.646975] ? __pfx_kthread+0x10/0x10 [ 14.646996] ret_from_fork_asm+0x1a/0x30 [ 14.647026] </TASK> [ 14.647036] [ 14.654377] Allocated by task 291: [ 14.654547] kasan_save_stack+0x45/0x70 [ 14.654689] kasan_save_track+0x18/0x40 [ 14.654890] kasan_save_alloc_info+0x3b/0x50 [ 14.655037] __kasan_kmalloc+0xb7/0xc0 [ 14.655159] __kmalloc_cache_noprof+0x189/0x420 [ 14.655398] kasan_atomics+0x95/0x310 [ 14.655578] kunit_try_run_case+0x1a5/0x480 [ 14.655799] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.656042] kthread+0x337/0x6f0 [ 14.656248] ret_from_fork+0x116/0x1d0 [ 14.656375] ret_from_fork_asm+0x1a/0x30 [ 14.656503] [ 14.656566] The buggy address belongs to the object at ffff8881029e2200 [ 14.656566] which belongs to the cache kmalloc-64 of size 64 [ 14.656992] The buggy address is located 0 bytes to the right of [ 14.656992] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.657545] [ 14.657631] The buggy address belongs to the physical page: [ 14.657866] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.658095] flags: 0x200000000000000(node=0|zone=2) [ 14.658338] page_type: f5(slab) [ 14.658500] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.658828] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.659068] page dumped because: kasan: bad access detected [ 14.659334] [ 14.659437] Memory state around the buggy address: [ 14.659644] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.659846] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.660080] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.660408] ^ [ 14.660609] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.660818] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.661016] ================================================================== [ 14.759918] ================================================================== [ 14.760530] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x20c8/0x5450 [ 14.760836] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.761121] [ 14.761276] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.761322] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.761335] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.761357] Call Trace: [ 14.761372] <TASK> [ 14.761386] dump_stack_lvl+0x73/0xb0 [ 14.761412] print_report+0xd1/0x650 [ 14.761435] ? __virt_addr_valid+0x1db/0x2d0 [ 14.761457] ? kasan_atomics_helper+0x20c8/0x5450 [ 14.761478] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.761504] ? kasan_atomics_helper+0x20c8/0x5450 [ 14.761525] kasan_report+0x141/0x180 [ 14.761547] ? kasan_atomics_helper+0x20c8/0x5450 [ 14.761573] kasan_check_range+0x10c/0x1c0 [ 14.761595] __kasan_check_write+0x18/0x20 [ 14.761630] kasan_atomics_helper+0x20c8/0x5450 [ 14.761652] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.761675] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.761710] ? kasan_atomics+0x152/0x310 [ 14.761735] kasan_atomics+0x1dc/0x310 [ 14.761758] ? __pfx_kasan_atomics+0x10/0x10 [ 14.761781] ? __pfx_read_tsc+0x10/0x10 [ 14.761802] ? ktime_get_ts64+0x86/0x230 [ 14.761826] kunit_try_run_case+0x1a5/0x480 [ 14.761850] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.761872] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.761894] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.761925] ? __kthread_parkme+0x82/0x180 [ 14.761946] ? preempt_count_sub+0x50/0x80 [ 14.761969] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.762002] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.762024] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.762048] kthread+0x337/0x6f0 [ 14.762076] ? trace_preempt_on+0x20/0xc0 [ 14.762099] ? __pfx_kthread+0x10/0x10 [ 14.762120] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.762150] ? calculate_sigpending+0x7b/0xa0 [ 14.762191] ? __pfx_kthread+0x10/0x10 [ 14.762230] ret_from_fork+0x116/0x1d0 [ 14.762251] ? __pfx_kthread+0x10/0x10 [ 14.762274] ret_from_fork_asm+0x1a/0x30 [ 14.762316] </TASK> [ 14.762327] [ 14.769582] Allocated by task 291: [ 14.769747] kasan_save_stack+0x45/0x70 [ 14.769943] kasan_save_track+0x18/0x40 [ 14.770117] kasan_save_alloc_info+0x3b/0x50 [ 14.770321] __kasan_kmalloc+0xb7/0xc0 [ 14.770450] __kmalloc_cache_noprof+0x189/0x420 [ 14.770598] kasan_atomics+0x95/0x310 [ 14.770723] kunit_try_run_case+0x1a5/0x480 [ 14.770861] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.771027] kthread+0x337/0x6f0 [ 14.771144] ret_from_fork+0x116/0x1d0 [ 14.771367] ret_from_fork_asm+0x1a/0x30 [ 14.771553] [ 14.771638] The buggy address belongs to the object at ffff8881029e2200 [ 14.771638] which belongs to the cache kmalloc-64 of size 64 [ 14.772143] The buggy address is located 0 bytes to the right of [ 14.772143] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.772680] [ 14.772746] The buggy address belongs to the physical page: [ 14.772911] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.773142] flags: 0x200000000000000(node=0|zone=2) [ 14.773322] page_type: f5(slab) [ 14.773476] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.773830] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.774154] page dumped because: kasan: bad access detected [ 14.774434] [ 14.774522] Memory state around the buggy address: [ 14.774733] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.775064] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.775402] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.775707] ^ [ 14.775913] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.776182] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.776451] ================================================================== [ 13.904841] ================================================================== [ 13.905065] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xac7/0x5450 [ 13.905360] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.905746] [ 13.905846] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.905891] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.905904] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.905925] Call Trace: [ 13.905940] <TASK> [ 13.905954] dump_stack_lvl+0x73/0xb0 [ 13.905979] print_report+0xd1/0x650 [ 13.906000] ? __virt_addr_valid+0x1db/0x2d0 [ 13.906023] ? kasan_atomics_helper+0xac7/0x5450 [ 13.906043] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.906068] ? kasan_atomics_helper+0xac7/0x5450 [ 13.906089] kasan_report+0x141/0x180 [ 13.906110] ? kasan_atomics_helper+0xac7/0x5450 [ 13.906135] kasan_check_range+0x10c/0x1c0 [ 13.906159] __kasan_check_write+0x18/0x20 [ 13.906196] kasan_atomics_helper+0xac7/0x5450 [ 13.906255] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.906278] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.906303] ? kasan_atomics+0x152/0x310 [ 13.906328] kasan_atomics+0x1dc/0x310 [ 13.906350] ? __pfx_kasan_atomics+0x10/0x10 [ 13.906374] ? __pfx_read_tsc+0x10/0x10 [ 13.906396] ? ktime_get_ts64+0x86/0x230 [ 13.906421] kunit_try_run_case+0x1a5/0x480 [ 13.906444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.906485] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.906507] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.906541] ? __kthread_parkme+0x82/0x180 [ 13.906562] ? preempt_count_sub+0x50/0x80 [ 13.906586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.906610] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.906634] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.906657] kthread+0x337/0x6f0 [ 13.906676] ? trace_preempt_on+0x20/0xc0 [ 13.906700] ? __pfx_kthread+0x10/0x10 [ 13.906720] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.906741] ? calculate_sigpending+0x7b/0xa0 [ 13.906765] ? __pfx_kthread+0x10/0x10 [ 13.906786] ret_from_fork+0x116/0x1d0 [ 13.906804] ? __pfx_kthread+0x10/0x10 [ 13.906825] ret_from_fork_asm+0x1a/0x30 [ 13.906856] </TASK> [ 13.906866] [ 13.916155] Allocated by task 291: [ 13.916333] kasan_save_stack+0x45/0x70 [ 13.916512] kasan_save_track+0x18/0x40 [ 13.916689] kasan_save_alloc_info+0x3b/0x50 [ 13.916882] __kasan_kmalloc+0xb7/0xc0 [ 13.917048] __kmalloc_cache_noprof+0x189/0x420 [ 13.917716] kasan_atomics+0x95/0x310 [ 13.917916] kunit_try_run_case+0x1a5/0x480 [ 13.918324] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.918748] kthread+0x337/0x6f0 [ 13.919022] ret_from_fork+0x116/0x1d0 [ 13.919324] ret_from_fork_asm+0x1a/0x30 [ 13.919616] [ 13.919806] The buggy address belongs to the object at ffff8881029e2200 [ 13.919806] which belongs to the cache kmalloc-64 of size 64 [ 13.920546] The buggy address is located 0 bytes to the right of [ 13.920546] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.921595] [ 13.921696] The buggy address belongs to the physical page: [ 13.922039] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.922339] flags: 0x200000000000000(node=0|zone=2) [ 13.922504] page_type: f5(slab) [ 13.923000] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.923448] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.923685] page dumped because: kasan: bad access detected [ 13.923854] [ 13.923918] Memory state around the buggy address: [ 13.924066] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.924288] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.924499] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.925003] ^ [ 13.925171] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.925396] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.925870] ================================================================== [ 14.246752] ================================================================== [ 14.247059] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x12e6/0x5450 [ 14.247564] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.247853] [ 14.247939] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.247983] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.247996] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.248018] Call Trace: [ 14.248032] <TASK> [ 14.248046] dump_stack_lvl+0x73/0xb0 [ 14.248072] print_report+0xd1/0x650 [ 14.248093] ? __virt_addr_valid+0x1db/0x2d0 [ 14.248115] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.248136] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.248162] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.248183] kasan_report+0x141/0x180 [ 14.248215] ? kasan_atomics_helper+0x12e6/0x5450 [ 14.248240] kasan_check_range+0x10c/0x1c0 [ 14.248263] __kasan_check_write+0x18/0x20 [ 14.248286] kasan_atomics_helper+0x12e6/0x5450 [ 14.248309] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.248330] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.248354] ? kasan_atomics+0x152/0x310 [ 14.248380] kasan_atomics+0x1dc/0x310 [ 14.248402] ? __pfx_kasan_atomics+0x10/0x10 [ 14.248426] ? __pfx_read_tsc+0x10/0x10 [ 14.248446] ? ktime_get_ts64+0x86/0x230 [ 14.248470] kunit_try_run_case+0x1a5/0x480 [ 14.248494] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.248515] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.248537] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.248559] ? __kthread_parkme+0x82/0x180 [ 14.248580] ? preempt_count_sub+0x50/0x80 [ 14.248603] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.248626] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.248652] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.248675] kthread+0x337/0x6f0 [ 14.248695] ? trace_preempt_on+0x20/0xc0 [ 14.248718] ? __pfx_kthread+0x10/0x10 [ 14.248739] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.248759] ? calculate_sigpending+0x7b/0xa0 [ 14.248783] ? __pfx_kthread+0x10/0x10 [ 14.248805] ret_from_fork+0x116/0x1d0 [ 14.248824] ? __pfx_kthread+0x10/0x10 [ 14.248845] ret_from_fork_asm+0x1a/0x30 [ 14.248875] </TASK> [ 14.248886] [ 14.258658] Allocated by task 291: [ 14.258991] kasan_save_stack+0x45/0x70 [ 14.259312] kasan_save_track+0x18/0x40 [ 14.259455] kasan_save_alloc_info+0x3b/0x50 [ 14.259783] __kasan_kmalloc+0xb7/0xc0 [ 14.259965] __kmalloc_cache_noprof+0x189/0x420 [ 14.260325] kasan_atomics+0x95/0x310 [ 14.260502] kunit_try_run_case+0x1a5/0x480 [ 14.260832] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.261149] kthread+0x337/0x6f0 [ 14.261283] ret_from_fork+0x116/0x1d0 [ 14.261569] ret_from_fork_asm+0x1a/0x30 [ 14.261855] [ 14.261948] The buggy address belongs to the object at ffff8881029e2200 [ 14.261948] which belongs to the cache kmalloc-64 of size 64 [ 14.262679] The buggy address is located 0 bytes to the right of [ 14.262679] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.263172] [ 14.263247] The buggy address belongs to the physical page: [ 14.263478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.263799] flags: 0x200000000000000(node=0|zone=2) [ 14.264007] page_type: f5(slab) [ 14.264154] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.264878] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.265297] page dumped because: kasan: bad access detected [ 14.265503] [ 14.265722] Memory state around the buggy address: [ 14.265906] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.266389] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.266742] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.267013] ^ [ 14.267357] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.267717] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.267978] ================================================================== [ 14.153775] ================================================================== [ 14.154124] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1148/0x5450 [ 14.154498] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.154716] [ 14.154792] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.154836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.154848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.154870] Call Trace: [ 14.154884] <TASK> [ 14.154898] dump_stack_lvl+0x73/0xb0 [ 14.154924] print_report+0xd1/0x650 [ 14.154944] ? __virt_addr_valid+0x1db/0x2d0 [ 14.154966] ? kasan_atomics_helper+0x1148/0x5450 [ 14.154987] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.155013] ? kasan_atomics_helper+0x1148/0x5450 [ 14.155047] kasan_report+0x141/0x180 [ 14.155069] ? kasan_atomics_helper+0x1148/0x5450 [ 14.155105] kasan_check_range+0x10c/0x1c0 [ 14.155129] __kasan_check_write+0x18/0x20 [ 14.155151] kasan_atomics_helper+0x1148/0x5450 [ 14.155174] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.155195] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.155237] ? kasan_atomics+0x152/0x310 [ 14.155262] kasan_atomics+0x1dc/0x310 [ 14.155284] ? __pfx_kasan_atomics+0x10/0x10 [ 14.155318] ? __pfx_read_tsc+0x10/0x10 [ 14.155338] ? ktime_get_ts64+0x86/0x230 [ 14.155363] kunit_try_run_case+0x1a5/0x480 [ 14.155387] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.155409] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.155431] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.155453] ? __kthread_parkme+0x82/0x180 [ 14.155473] ? preempt_count_sub+0x50/0x80 [ 14.155497] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.155520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.155543] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.155566] kthread+0x337/0x6f0 [ 14.155585] ? trace_preempt_on+0x20/0xc0 [ 14.155617] ? __pfx_kthread+0x10/0x10 [ 14.155637] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.155658] ? calculate_sigpending+0x7b/0xa0 [ 14.155691] ? __pfx_kthread+0x10/0x10 [ 14.155713] ret_from_fork+0x116/0x1d0 [ 14.155731] ? __pfx_kthread+0x10/0x10 [ 14.155752] ret_from_fork_asm+0x1a/0x30 [ 14.155782] </TASK> [ 14.155792] [ 14.163594] Allocated by task 291: [ 14.163741] kasan_save_stack+0x45/0x70 [ 14.163922] kasan_save_track+0x18/0x40 [ 14.164096] kasan_save_alloc_info+0x3b/0x50 [ 14.164312] __kasan_kmalloc+0xb7/0xc0 [ 14.164439] __kmalloc_cache_noprof+0x189/0x420 [ 14.164586] kasan_atomics+0x95/0x310 [ 14.164713] kunit_try_run_case+0x1a5/0x480 [ 14.164851] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.165016] kthread+0x337/0x6f0 [ 14.165130] ret_from_fork+0x116/0x1d0 [ 14.165308] ret_from_fork_asm+0x1a/0x30 [ 14.165538] [ 14.165623] The buggy address belongs to the object at ffff8881029e2200 [ 14.165623] which belongs to the cache kmalloc-64 of size 64 [ 14.166126] The buggy address is located 0 bytes to the right of [ 14.166126] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.166596] [ 14.166672] The buggy address belongs to the physical page: [ 14.166871] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.167136] flags: 0x200000000000000(node=0|zone=2) [ 14.167539] page_type: f5(slab) [ 14.167702] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.168064] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.168463] page dumped because: kasan: bad access detected [ 14.168709] [ 14.168805] Memory state around the buggy address: [ 14.169035] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.169503] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.169715] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.169920] ^ [ 14.170065] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.170296] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.170618] ================================================================== [ 13.660732] ================================================================== [ 13.661263] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b54/0x5450 [ 13.661750] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.662062] [ 13.662601] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.662687] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.662701] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.662724] Call Trace: [ 13.662739] <TASK> [ 13.662754] dump_stack_lvl+0x73/0xb0 [ 13.662781] print_report+0xd1/0x650 [ 13.662803] ? __virt_addr_valid+0x1db/0x2d0 [ 13.662825] ? kasan_atomics_helper+0x4b54/0x5450 [ 13.662847] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.662874] ? kasan_atomics_helper+0x4b54/0x5450 [ 13.662895] kasan_report+0x141/0x180 [ 13.662917] ? kasan_atomics_helper+0x4b54/0x5450 [ 13.662943] __asan_report_load4_noabort+0x18/0x20 [ 13.662967] kasan_atomics_helper+0x4b54/0x5450 [ 13.662989] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.663012] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.663037] ? kasan_atomics+0x152/0x310 [ 13.663062] kasan_atomics+0x1dc/0x310 [ 13.663085] ? __pfx_kasan_atomics+0x10/0x10 [ 13.663109] ? __pfx_read_tsc+0x10/0x10 [ 13.663130] ? ktime_get_ts64+0x86/0x230 [ 13.663154] kunit_try_run_case+0x1a5/0x480 [ 13.663199] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.663231] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.663253] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.663275] ? __kthread_parkme+0x82/0x180 [ 13.663296] ? preempt_count_sub+0x50/0x80 [ 13.663319] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.664240] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.664277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.664303] kthread+0x337/0x6f0 [ 13.664324] ? trace_preempt_on+0x20/0xc0 [ 13.664349] ? __pfx_kthread+0x10/0x10 [ 13.664370] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.664391] ? calculate_sigpending+0x7b/0xa0 [ 13.664414] ? __pfx_kthread+0x10/0x10 [ 13.664436] ret_from_fork+0x116/0x1d0 [ 13.664455] ? __pfx_kthread+0x10/0x10 [ 13.664475] ret_from_fork_asm+0x1a/0x30 [ 13.664506] </TASK> [ 13.664517] [ 13.678440] Allocated by task 291: [ 13.678624] kasan_save_stack+0x45/0x70 [ 13.678782] kasan_save_track+0x18/0x40 [ 13.678986] kasan_save_alloc_info+0x3b/0x50 [ 13.679216] __kasan_kmalloc+0xb7/0xc0 [ 13.679351] __kmalloc_cache_noprof+0x189/0x420 [ 13.679540] kasan_atomics+0x95/0x310 [ 13.679661] kunit_try_run_case+0x1a5/0x480 [ 13.679795] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.680059] kthread+0x337/0x6f0 [ 13.680245] ret_from_fork+0x116/0x1d0 [ 13.680422] ret_from_fork_asm+0x1a/0x30 [ 13.680627] [ 13.680720] The buggy address belongs to the object at ffff8881029e2200 [ 13.680720] which belongs to the cache kmalloc-64 of size 64 [ 13.681175] The buggy address is located 0 bytes to the right of [ 13.681175] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.681533] [ 13.681609] The buggy address belongs to the physical page: [ 13.681964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.682306] flags: 0x200000000000000(node=0|zone=2) [ 13.682494] page_type: f5(slab) [ 13.682645] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.682937] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.683248] page dumped because: kasan: bad access detected [ 13.683483] [ 13.683590] Memory state around the buggy address: [ 13.683809] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.684089] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.684359] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.684569] ^ [ 13.684724] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.684934] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.685284] ================================================================== [ 14.516741] ================================================================== [ 14.517098] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x19e3/0x5450 [ 14.517406] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.517752] [ 14.517851] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.517907] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.517920] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.517952] Call Trace: [ 14.517968] <TASK> [ 14.517983] dump_stack_lvl+0x73/0xb0 [ 14.518008] print_report+0xd1/0x650 [ 14.518029] ? __virt_addr_valid+0x1db/0x2d0 [ 14.518051] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.518072] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.518098] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.518120] kasan_report+0x141/0x180 [ 14.518141] ? kasan_atomics_helper+0x19e3/0x5450 [ 14.518186] kasan_check_range+0x10c/0x1c0 [ 14.518218] __kasan_check_write+0x18/0x20 [ 14.518240] kasan_atomics_helper+0x19e3/0x5450 [ 14.518263] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.518284] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.518308] ? kasan_atomics+0x152/0x310 [ 14.518333] kasan_atomics+0x1dc/0x310 [ 14.518356] ? __pfx_kasan_atomics+0x10/0x10 [ 14.518379] ? __pfx_read_tsc+0x10/0x10 [ 14.518399] ? ktime_get_ts64+0x86/0x230 [ 14.518424] kunit_try_run_case+0x1a5/0x480 [ 14.518447] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.518468] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.518490] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.518513] ? __kthread_parkme+0x82/0x180 [ 14.518533] ? preempt_count_sub+0x50/0x80 [ 14.518556] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.518589] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.518611] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.518634] kthread+0x337/0x6f0 [ 14.518664] ? trace_preempt_on+0x20/0xc0 [ 14.518687] ? __pfx_kthread+0x10/0x10 [ 14.518708] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.518728] ? calculate_sigpending+0x7b/0xa0 [ 14.518752] ? __pfx_kthread+0x10/0x10 [ 14.518773] ret_from_fork+0x116/0x1d0 [ 14.518792] ? __pfx_kthread+0x10/0x10 [ 14.518812] ret_from_fork_asm+0x1a/0x30 [ 14.518842] </TASK> [ 14.518853] [ 14.525701] Allocated by task 291: [ 14.525872] kasan_save_stack+0x45/0x70 [ 14.526088] kasan_save_track+0x18/0x40 [ 14.526314] kasan_save_alloc_info+0x3b/0x50 [ 14.526543] __kasan_kmalloc+0xb7/0xc0 [ 14.526762] __kmalloc_cache_noprof+0x189/0x420 [ 14.526978] kasan_atomics+0x95/0x310 [ 14.527162] kunit_try_run_case+0x1a5/0x480 [ 14.527408] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.527679] kthread+0x337/0x6f0 [ 14.527822] ret_from_fork+0x116/0x1d0 [ 14.527997] ret_from_fork_asm+0x1a/0x30 [ 14.528216] [ 14.528281] The buggy address belongs to the object at ffff8881029e2200 [ 14.528281] which belongs to the cache kmalloc-64 of size 64 [ 14.528757] The buggy address is located 0 bytes to the right of [ 14.528757] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.529248] [ 14.529314] The buggy address belongs to the physical page: [ 14.529478] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.529711] flags: 0x200000000000000(node=0|zone=2) [ 14.529865] page_type: f5(slab) [ 14.529976] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.530363] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.530686] page dumped because: kasan: bad access detected [ 14.530923] [ 14.531006] Memory state around the buggy address: [ 14.531250] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.531550] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.531758] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.531963] ^ [ 14.532111] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.532383] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.532691] ================================================================== [ 14.678490] ================================================================== [ 14.678827] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1f43/0x5450 [ 14.679055] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.679338] [ 14.679463] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.679509] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.679521] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.679543] Call Trace: [ 14.679557] <TASK> [ 14.679571] dump_stack_lvl+0x73/0xb0 [ 14.679597] print_report+0xd1/0x650 [ 14.679619] ? __virt_addr_valid+0x1db/0x2d0 [ 14.679641] ? kasan_atomics_helper+0x1f43/0x5450 [ 14.679662] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.679688] ? kasan_atomics_helper+0x1f43/0x5450 [ 14.679710] kasan_report+0x141/0x180 [ 14.679731] ? kasan_atomics_helper+0x1f43/0x5450 [ 14.679757] kasan_check_range+0x10c/0x1c0 [ 14.679781] __kasan_check_write+0x18/0x20 [ 14.679804] kasan_atomics_helper+0x1f43/0x5450 [ 14.679827] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.679871] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.679896] ? kasan_atomics+0x152/0x310 [ 14.679921] kasan_atomics+0x1dc/0x310 [ 14.679943] ? __pfx_kasan_atomics+0x10/0x10 [ 14.679966] ? __pfx_read_tsc+0x10/0x10 [ 14.679987] ? ktime_get_ts64+0x86/0x230 [ 14.680012] kunit_try_run_case+0x1a5/0x480 [ 14.680035] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.680056] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.680078] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.680100] ? __kthread_parkme+0x82/0x180 [ 14.680121] ? preempt_count_sub+0x50/0x80 [ 14.680144] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.680187] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.680218] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.680242] kthread+0x337/0x6f0 [ 14.680261] ? trace_preempt_on+0x20/0xc0 [ 14.680284] ? __pfx_kthread+0x10/0x10 [ 14.680305] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.680324] ? calculate_sigpending+0x7b/0xa0 [ 14.680348] ? __pfx_kthread+0x10/0x10 [ 14.680369] ret_from_fork+0x116/0x1d0 [ 14.680405] ? __pfx_kthread+0x10/0x10 [ 14.680427] ret_from_fork_asm+0x1a/0x30 [ 14.680457] </TASK> [ 14.680467] [ 14.687187] Allocated by task 291: [ 14.687385] kasan_save_stack+0x45/0x70 [ 14.687573] kasan_save_track+0x18/0x40 [ 14.687756] kasan_save_alloc_info+0x3b/0x50 [ 14.687980] __kasan_kmalloc+0xb7/0xc0 [ 14.688151] __kmalloc_cache_noprof+0x189/0x420 [ 14.688379] kasan_atomics+0x95/0x310 [ 14.688511] kunit_try_run_case+0x1a5/0x480 [ 14.688657] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.688904] kthread+0x337/0x6f0 [ 14.689077] ret_from_fork+0x116/0x1d0 [ 14.689240] ret_from_fork_asm+0x1a/0x30 [ 14.689370] [ 14.689453] The buggy address belongs to the object at ffff8881029e2200 [ 14.689453] which belongs to the cache kmalloc-64 of size 64 [ 14.689967] The buggy address is located 0 bytes to the right of [ 14.689967] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.690347] [ 14.690410] The buggy address belongs to the physical page: [ 14.690619] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.690950] flags: 0x200000000000000(node=0|zone=2) [ 14.691185] page_type: f5(slab) [ 14.691349] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.691679] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.691996] page dumped because: kasan: bad access detected [ 14.692155] [ 14.692241] Memory state around the buggy address: [ 14.692435] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.692730] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.692932] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.693131] ^ [ 14.693397] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.693729] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.694051] ================================================================== [ 14.610755] ================================================================== [ 14.611414] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1ce1/0x5450 [ 14.611761] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.612089] [ 14.612189] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.612244] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.612257] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.612278] Call Trace: [ 14.612292] <TASK> [ 14.612306] dump_stack_lvl+0x73/0xb0 [ 14.612331] print_report+0xd1/0x650 [ 14.612352] ? __virt_addr_valid+0x1db/0x2d0 [ 14.612374] ? kasan_atomics_helper+0x1ce1/0x5450 [ 14.612395] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.612420] ? kasan_atomics_helper+0x1ce1/0x5450 [ 14.612442] kasan_report+0x141/0x180 [ 14.612463] ? kasan_atomics_helper+0x1ce1/0x5450 [ 14.612489] kasan_check_range+0x10c/0x1c0 [ 14.612512] __kasan_check_write+0x18/0x20 [ 14.612535] kasan_atomics_helper+0x1ce1/0x5450 [ 14.612556] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.612578] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.612603] ? kasan_atomics+0x152/0x310 [ 14.612627] kasan_atomics+0x1dc/0x310 [ 14.612654] ? __pfx_kasan_atomics+0x10/0x10 [ 14.612677] ? __pfx_read_tsc+0x10/0x10 [ 14.612697] ? ktime_get_ts64+0x86/0x230 [ 14.612722] kunit_try_run_case+0x1a5/0x480 [ 14.612744] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.612766] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.612789] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.612810] ? __kthread_parkme+0x82/0x180 [ 14.612830] ? preempt_count_sub+0x50/0x80 [ 14.612854] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.612877] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.612899] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.612922] kthread+0x337/0x6f0 [ 14.612941] ? trace_preempt_on+0x20/0xc0 [ 14.612963] ? __pfx_kthread+0x10/0x10 [ 14.612984] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.613004] ? calculate_sigpending+0x7b/0xa0 [ 14.613027] ? __pfx_kthread+0x10/0x10 [ 14.613049] ret_from_fork+0x116/0x1d0 [ 14.613067] ? __pfx_kthread+0x10/0x10 [ 14.613087] ret_from_fork_asm+0x1a/0x30 [ 14.613118] </TASK> [ 14.613129] [ 14.620427] Allocated by task 291: [ 14.620545] kasan_save_stack+0x45/0x70 [ 14.620685] kasan_save_track+0x18/0x40 [ 14.620813] kasan_save_alloc_info+0x3b/0x50 [ 14.620964] __kasan_kmalloc+0xb7/0xc0 [ 14.621142] __kmalloc_cache_noprof+0x189/0x420 [ 14.621606] kasan_atomics+0x95/0x310 [ 14.621786] kunit_try_run_case+0x1a5/0x480 [ 14.621981] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.622233] kthread+0x337/0x6f0 [ 14.622550] ret_from_fork+0x116/0x1d0 [ 14.622709] ret_from_fork_asm+0x1a/0x30 [ 14.622841] [ 14.622903] The buggy address belongs to the object at ffff8881029e2200 [ 14.622903] which belongs to the cache kmalloc-64 of size 64 [ 14.623256] The buggy address is located 0 bytes to the right of [ 14.623256] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.623637] [ 14.623725] The buggy address belongs to the physical page: [ 14.623966] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.624334] flags: 0x200000000000000(node=0|zone=2) [ 14.624554] page_type: f5(slab) [ 14.624714] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.625039] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.625579] page dumped because: kasan: bad access detected [ 14.625748] [ 14.625816] Memory state around the buggy address: [ 14.625968] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.626176] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.626493] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.626803] ^ [ 14.627021] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.627533] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.627830] ================================================================== [ 14.339162] ================================================================== [ 14.339770] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1467/0x5450 [ 14.340292] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.340512] [ 14.340590] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.340635] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.340652] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.340674] Call Trace: [ 14.340690] <TASK> [ 14.340705] dump_stack_lvl+0x73/0xb0 [ 14.340730] print_report+0xd1/0x650 [ 14.340751] ? __virt_addr_valid+0x1db/0x2d0 [ 14.340773] ? kasan_atomics_helper+0x1467/0x5450 [ 14.340794] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.340819] ? kasan_atomics_helper+0x1467/0x5450 [ 14.340841] kasan_report+0x141/0x180 [ 14.340862] ? kasan_atomics_helper+0x1467/0x5450 [ 14.340888] kasan_check_range+0x10c/0x1c0 [ 14.340911] __kasan_check_write+0x18/0x20 [ 14.340934] kasan_atomics_helper+0x1467/0x5450 [ 14.340956] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.340979] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.341004] ? kasan_atomics+0x152/0x310 [ 14.341029] kasan_atomics+0x1dc/0x310 [ 14.341051] ? __pfx_kasan_atomics+0x10/0x10 [ 14.341075] ? __pfx_read_tsc+0x10/0x10 [ 14.341096] ? ktime_get_ts64+0x86/0x230 [ 14.341120] kunit_try_run_case+0x1a5/0x480 [ 14.341142] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.341191] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.341223] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.341245] ? __kthread_parkme+0x82/0x180 [ 14.341266] ? preempt_count_sub+0x50/0x80 [ 14.341299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.341322] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.341345] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.341379] kthread+0x337/0x6f0 [ 14.341399] ? trace_preempt_on+0x20/0xc0 [ 14.341422] ? __pfx_kthread+0x10/0x10 [ 14.341444] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.341472] ? calculate_sigpending+0x7b/0xa0 [ 14.341496] ? __pfx_kthread+0x10/0x10 [ 14.341517] ret_from_fork+0x116/0x1d0 [ 14.341546] ? __pfx_kthread+0x10/0x10 [ 14.341569] ret_from_fork_asm+0x1a/0x30 [ 14.341602] </TASK> [ 14.341613] [ 14.351760] Allocated by task 291: [ 14.351941] kasan_save_stack+0x45/0x70 [ 14.352154] kasan_save_track+0x18/0x40 [ 14.352341] kasan_save_alloc_info+0x3b/0x50 [ 14.352536] __kasan_kmalloc+0xb7/0xc0 [ 14.352718] __kmalloc_cache_noprof+0x189/0x420 [ 14.352890] kasan_atomics+0x95/0x310 [ 14.353016] kunit_try_run_case+0x1a5/0x480 [ 14.353154] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.353428] kthread+0x337/0x6f0 [ 14.353587] ret_from_fork+0x116/0x1d0 [ 14.353762] ret_from_fork_asm+0x1a/0x30 [ 14.353944] [ 14.354106] The buggy address belongs to the object at ffff8881029e2200 [ 14.354106] which belongs to the cache kmalloc-64 of size 64 [ 14.354502] The buggy address is located 0 bytes to the right of [ 14.354502] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.354997] [ 14.355084] The buggy address belongs to the physical page: [ 14.355547] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.355855] flags: 0x200000000000000(node=0|zone=2) [ 14.356088] page_type: f5(slab) [ 14.356314] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.356621] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.356886] page dumped because: kasan: bad access detected [ 14.357144] [ 14.357270] Memory state around the buggy address: [ 14.357467] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.357761] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.358031] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.358253] ^ [ 14.358401] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.358728] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.359034] ================================================================== [ 13.968334] ================================================================== [ 13.969451] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a84/0x5450 [ 13.969797] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.970248] [ 13.970339] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.970386] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.970398] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.970420] Call Trace: [ 13.970434] <TASK> [ 13.970448] dump_stack_lvl+0x73/0xb0 [ 13.970474] print_report+0xd1/0x650 [ 13.970495] ? __virt_addr_valid+0x1db/0x2d0 [ 13.970517] ? kasan_atomics_helper+0x4a84/0x5450 [ 13.970538] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.970563] ? kasan_atomics_helper+0x4a84/0x5450 [ 13.970585] kasan_report+0x141/0x180 [ 13.970608] ? kasan_atomics_helper+0x4a84/0x5450 [ 13.970633] __asan_report_load4_noabort+0x18/0x20 [ 13.970657] kasan_atomics_helper+0x4a84/0x5450 [ 13.970679] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.970702] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.970727] ? kasan_atomics+0x152/0x310 [ 13.970752] kasan_atomics+0x1dc/0x310 [ 13.970774] ? __pfx_kasan_atomics+0x10/0x10 [ 13.970798] ? __pfx_read_tsc+0x10/0x10 [ 13.970819] ? ktime_get_ts64+0x86/0x230 [ 13.970844] kunit_try_run_case+0x1a5/0x480 [ 13.970867] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.970889] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.970911] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.970933] ? __kthread_parkme+0x82/0x180 [ 13.970952] ? preempt_count_sub+0x50/0x80 [ 13.970976] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.970998] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.971082] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.971109] kthread+0x337/0x6f0 [ 13.971130] ? trace_preempt_on+0x20/0xc0 [ 13.971153] ? __pfx_kthread+0x10/0x10 [ 13.971175] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.971195] ? calculate_sigpending+0x7b/0xa0 [ 13.971231] ? __pfx_kthread+0x10/0x10 [ 13.971253] ret_from_fork+0x116/0x1d0 [ 13.971273] ? __pfx_kthread+0x10/0x10 [ 13.971294] ret_from_fork_asm+0x1a/0x30 [ 13.971324] </TASK> [ 13.971335] [ 13.978179] Allocated by task 291: [ 13.978352] kasan_save_stack+0x45/0x70 [ 13.978534] kasan_save_track+0x18/0x40 [ 13.978691] kasan_save_alloc_info+0x3b/0x50 [ 13.978857] __kasan_kmalloc+0xb7/0xc0 [ 13.978987] __kmalloc_cache_noprof+0x189/0x420 [ 13.979136] kasan_atomics+0x95/0x310 [ 13.979291] kunit_try_run_case+0x1a5/0x480 [ 13.979490] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.979735] kthread+0x337/0x6f0 [ 13.980068] ret_from_fork+0x116/0x1d0 [ 13.980325] ret_from_fork_asm+0x1a/0x30 [ 13.980460] [ 13.980524] The buggy address belongs to the object at ffff8881029e2200 [ 13.980524] which belongs to the cache kmalloc-64 of size 64 [ 13.980873] The buggy address is located 0 bytes to the right of [ 13.980873] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.981390] [ 13.981482] The buggy address belongs to the physical page: [ 13.981722] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.982040] flags: 0x200000000000000(node=0|zone=2) [ 13.982196] page_type: f5(slab) [ 13.982423] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.982749] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.983031] page dumped because: kasan: bad access detected [ 13.983801] [ 13.983903] Memory state around the buggy address: [ 13.984453] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.984792] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.985020] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.985372] ^ [ 13.985586] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.985828] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.986126] ================================================================== [ 14.285907] ================================================================== [ 14.286276] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x13b5/0x5450 [ 14.286778] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.287034] [ 14.287110] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.287155] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.287167] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.287188] Call Trace: [ 14.287202] <TASK> [ 14.287227] dump_stack_lvl+0x73/0xb0 [ 14.287251] print_report+0xd1/0x650 [ 14.287273] ? __virt_addr_valid+0x1db/0x2d0 [ 14.287295] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.287315] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.287341] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.287362] kasan_report+0x141/0x180 [ 14.287383] ? kasan_atomics_helper+0x13b5/0x5450 [ 14.287409] kasan_check_range+0x10c/0x1c0 [ 14.287432] __kasan_check_read+0x15/0x20 [ 14.287455] kasan_atomics_helper+0x13b5/0x5450 [ 14.287476] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.287498] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.287522] ? kasan_atomics+0x152/0x310 [ 14.287548] kasan_atomics+0x1dc/0x310 [ 14.287569] ? __pfx_kasan_atomics+0x10/0x10 [ 14.287592] ? __pfx_read_tsc+0x10/0x10 [ 14.287613] ? ktime_get_ts64+0x86/0x230 [ 14.287638] kunit_try_run_case+0x1a5/0x480 [ 14.287660] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.287682] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.287705] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.287727] ? __kthread_parkme+0x82/0x180 [ 14.287747] ? preempt_count_sub+0x50/0x80 [ 14.287769] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.287793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.287816] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.287839] kthread+0x337/0x6f0 [ 14.287859] ? trace_preempt_on+0x20/0xc0 [ 14.287881] ? __pfx_kthread+0x10/0x10 [ 14.287902] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.287922] ? calculate_sigpending+0x7b/0xa0 [ 14.287945] ? __pfx_kthread+0x10/0x10 [ 14.287967] ret_from_fork+0x116/0x1d0 [ 14.287986] ? __pfx_kthread+0x10/0x10 [ 14.288006] ret_from_fork_asm+0x1a/0x30 [ 14.288036] </TASK> [ 14.288046] [ 14.298519] Allocated by task 291: [ 14.298868] kasan_save_stack+0x45/0x70 [ 14.299280] kasan_save_track+0x18/0x40 [ 14.299647] kasan_save_alloc_info+0x3b/0x50 [ 14.300049] __kasan_kmalloc+0xb7/0xc0 [ 14.300436] __kmalloc_cache_noprof+0x189/0x420 [ 14.300869] kasan_atomics+0x95/0x310 [ 14.301254] kunit_try_run_case+0x1a5/0x480 [ 14.301649] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.302131] kthread+0x337/0x6f0 [ 14.302474] ret_from_fork+0x116/0x1d0 [ 14.302796] ret_from_fork_asm+0x1a/0x30 [ 14.302928] [ 14.302991] The buggy address belongs to the object at ffff8881029e2200 [ 14.302991] which belongs to the cache kmalloc-64 of size 64 [ 14.303730] The buggy address is located 0 bytes to the right of [ 14.303730] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.304825] [ 14.304976] The buggy address belongs to the physical page: [ 14.305430] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.305657] flags: 0x200000000000000(node=0|zone=2) [ 14.305810] page_type: f5(slab) [ 14.305921] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.306138] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.306823] page dumped because: kasan: bad access detected [ 14.307322] [ 14.307469] Memory state around the buggy address: [ 14.307898] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.308529] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.309138] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.309756] ^ [ 14.310195] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.310657] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.311120] ================================================================== [ 14.875752] ================================================================== [ 14.876433] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x5115/0x5450 [ 14.877340] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.878041] [ 14.878244] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.878291] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.878303] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.878324] Call Trace: [ 14.878340] <TASK> [ 14.878355] dump_stack_lvl+0x73/0xb0 [ 14.878381] print_report+0xd1/0x650 [ 14.878402] ? __virt_addr_valid+0x1db/0x2d0 [ 14.878425] ? kasan_atomics_helper+0x5115/0x5450 [ 14.878446] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.878472] ? kasan_atomics_helper+0x5115/0x5450 [ 14.878493] kasan_report+0x141/0x180 [ 14.878515] ? kasan_atomics_helper+0x5115/0x5450 [ 14.878541] __asan_report_load8_noabort+0x18/0x20 [ 14.878565] kasan_atomics_helper+0x5115/0x5450 [ 14.878587] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.878609] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.878634] ? kasan_atomics+0x152/0x310 [ 14.878660] kasan_atomics+0x1dc/0x310 [ 14.878682] ? __pfx_kasan_atomics+0x10/0x10 [ 14.878706] ? __pfx_read_tsc+0x10/0x10 [ 14.878727] ? ktime_get_ts64+0x86/0x230 [ 14.878751] kunit_try_run_case+0x1a5/0x480 [ 14.878777] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.878800] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.878823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.878846] ? __kthread_parkme+0x82/0x180 [ 14.878866] ? preempt_count_sub+0x50/0x80 [ 14.878890] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.878914] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.878936] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.878960] kthread+0x337/0x6f0 [ 14.878979] ? trace_preempt_on+0x20/0xc0 [ 14.879002] ? __pfx_kthread+0x10/0x10 [ 14.879023] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.879043] ? calculate_sigpending+0x7b/0xa0 [ 14.879067] ? __pfx_kthread+0x10/0x10 [ 14.879089] ret_from_fork+0x116/0x1d0 [ 14.879108] ? __pfx_kthread+0x10/0x10 [ 14.879130] ret_from_fork_asm+0x1a/0x30 [ 14.879160] </TASK> [ 14.879190] [ 14.890542] Allocated by task 291: [ 14.890664] kasan_save_stack+0x45/0x70 [ 14.890801] kasan_save_track+0x18/0x40 [ 14.890927] kasan_save_alloc_info+0x3b/0x50 [ 14.891068] __kasan_kmalloc+0xb7/0xc0 [ 14.891276] __kmalloc_cache_noprof+0x189/0x420 [ 14.891660] kasan_atomics+0x95/0x310 [ 14.891971] kunit_try_run_case+0x1a5/0x480 [ 14.892356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.892808] kthread+0x337/0x6f0 [ 14.893099] ret_from_fork+0x116/0x1d0 [ 14.893455] ret_from_fork_asm+0x1a/0x30 [ 14.893804] [ 14.893950] The buggy address belongs to the object at ffff8881029e2200 [ 14.893950] which belongs to the cache kmalloc-64 of size 64 [ 14.894971] The buggy address is located 0 bytes to the right of [ 14.894971] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.895576] [ 14.895644] The buggy address belongs to the physical page: [ 14.895810] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.896042] flags: 0x200000000000000(node=0|zone=2) [ 14.896293] page_type: f5(slab) [ 14.896575] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.897225] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.897849] page dumped because: kasan: bad access detected [ 14.898350] [ 14.898497] Memory state around the buggy address: [ 14.898906] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.899518] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.900088] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.900660] ^ [ 14.900810] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.901482] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.902074] ================================================================== [ 14.268749] ================================================================== [ 14.269332] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x49ce/0x5450 [ 14.269609] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.270177] [ 14.270303] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.270350] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.270364] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.270449] Call Trace: [ 14.270467] <TASK> [ 14.270481] dump_stack_lvl+0x73/0xb0 [ 14.270508] print_report+0xd1/0x650 [ 14.270530] ? __virt_addr_valid+0x1db/0x2d0 [ 14.270553] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.270574] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.270599] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.270621] kasan_report+0x141/0x180 [ 14.270642] ? kasan_atomics_helper+0x49ce/0x5450 [ 14.270668] __asan_report_load4_noabort+0x18/0x20 [ 14.270691] kasan_atomics_helper+0x49ce/0x5450 [ 14.270714] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.270735] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.270759] ? kasan_atomics+0x152/0x310 [ 14.270784] kasan_atomics+0x1dc/0x310 [ 14.270807] ? __pfx_kasan_atomics+0x10/0x10 [ 14.270830] ? __pfx_read_tsc+0x10/0x10 [ 14.270850] ? ktime_get_ts64+0x86/0x230 [ 14.270874] kunit_try_run_case+0x1a5/0x480 [ 14.270897] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.270919] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.270941] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.270964] ? __kthread_parkme+0x82/0x180 [ 14.270984] ? preempt_count_sub+0x50/0x80 [ 14.271008] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.271032] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.271055] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.271077] kthread+0x337/0x6f0 [ 14.271096] ? trace_preempt_on+0x20/0xc0 [ 14.271119] ? __pfx_kthread+0x10/0x10 [ 14.271140] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.271161] ? calculate_sigpending+0x7b/0xa0 [ 14.271184] ? __pfx_kthread+0x10/0x10 [ 14.271216] ret_from_fork+0x116/0x1d0 [ 14.271234] ? __pfx_kthread+0x10/0x10 [ 14.271255] ret_from_fork_asm+0x1a/0x30 [ 14.271285] </TASK> [ 14.271296] [ 14.278174] Allocated by task 291: [ 14.278360] kasan_save_stack+0x45/0x70 [ 14.278497] kasan_save_track+0x18/0x40 [ 14.278625] kasan_save_alloc_info+0x3b/0x50 [ 14.278766] __kasan_kmalloc+0xb7/0xc0 [ 14.278890] __kmalloc_cache_noprof+0x189/0x420 [ 14.279255] kasan_atomics+0x95/0x310 [ 14.279436] kunit_try_run_case+0x1a5/0x480 [ 14.279637] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.279880] kthread+0x337/0x6f0 [ 14.280039] ret_from_fork+0x116/0x1d0 [ 14.280197] ret_from_fork_asm+0x1a/0x30 [ 14.280341] [ 14.280405] The buggy address belongs to the object at ffff8881029e2200 [ 14.280405] which belongs to the cache kmalloc-64 of size 64 [ 14.280807] The buggy address is located 0 bytes to the right of [ 14.280807] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.281561] [ 14.281653] The buggy address belongs to the physical page: [ 14.281893] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.282126] flags: 0x200000000000000(node=0|zone=2) [ 14.282578] page_type: f5(slab) [ 14.282742] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.283037] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.283364] page dumped because: kasan: bad access detected [ 14.283531] [ 14.283596] Memory state around the buggy address: [ 14.283808] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.284116] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.284429] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.284637] ^ [ 14.284787] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.284995] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.285396] ================================================================== [ 14.115283] ================================================================== [ 14.115698] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1079/0x5450 [ 14.116057] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.116730] [ 14.116958] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.117003] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.117017] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.117050] Call Trace: [ 14.117066] <TASK> [ 14.117081] dump_stack_lvl+0x73/0xb0 [ 14.117107] print_report+0xd1/0x650 [ 14.117128] ? __virt_addr_valid+0x1db/0x2d0 [ 14.117151] ? kasan_atomics_helper+0x1079/0x5450 [ 14.117171] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.117198] ? kasan_atomics_helper+0x1079/0x5450 [ 14.117238] kasan_report+0x141/0x180 [ 14.117260] ? kasan_atomics_helper+0x1079/0x5450 [ 14.117285] kasan_check_range+0x10c/0x1c0 [ 14.117327] __kasan_check_write+0x18/0x20 [ 14.117350] kasan_atomics_helper+0x1079/0x5450 [ 14.117372] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.117404] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.117428] ? kasan_atomics+0x152/0x310 [ 14.117453] kasan_atomics+0x1dc/0x310 [ 14.117476] ? __pfx_kasan_atomics+0x10/0x10 [ 14.117500] ? __pfx_read_tsc+0x10/0x10 [ 14.117520] ? ktime_get_ts64+0x86/0x230 [ 14.117544] kunit_try_run_case+0x1a5/0x480 [ 14.117567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.117589] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.117612] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.117634] ? __kthread_parkme+0x82/0x180 [ 14.117654] ? preempt_count_sub+0x50/0x80 [ 14.117677] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.117701] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.117723] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.117746] kthread+0x337/0x6f0 [ 14.117765] ? trace_preempt_on+0x20/0xc0 [ 14.117788] ? __pfx_kthread+0x10/0x10 [ 14.117809] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.117829] ? calculate_sigpending+0x7b/0xa0 [ 14.117853] ? __pfx_kthread+0x10/0x10 [ 14.117875] ret_from_fork+0x116/0x1d0 [ 14.117893] ? __pfx_kthread+0x10/0x10 [ 14.117913] ret_from_fork_asm+0x1a/0x30 [ 14.117944] </TASK> [ 14.117954] [ 14.128170] Allocated by task 291: [ 14.128317] kasan_save_stack+0x45/0x70 [ 14.128493] kasan_save_track+0x18/0x40 [ 14.128622] kasan_save_alloc_info+0x3b/0x50 [ 14.128766] __kasan_kmalloc+0xb7/0xc0 [ 14.128891] __kmalloc_cache_noprof+0x189/0x420 [ 14.129100] kasan_atomics+0x95/0x310 [ 14.129303] kunit_try_run_case+0x1a5/0x480 [ 14.129501] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.129740] kthread+0x337/0x6f0 [ 14.129947] ret_from_fork+0x116/0x1d0 [ 14.130124] ret_from_fork_asm+0x1a/0x30 [ 14.130334] [ 14.130420] The buggy address belongs to the object at ffff8881029e2200 [ 14.130420] which belongs to the cache kmalloc-64 of size 64 [ 14.130806] The buggy address is located 0 bytes to the right of [ 14.130806] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.131563] [ 14.131636] The buggy address belongs to the physical page: [ 14.131877] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.132218] flags: 0x200000000000000(node=0|zone=2) [ 14.132463] page_type: f5(slab) [ 14.132636] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.132950] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.133282] page dumped because: kasan: bad access detected [ 14.133589] [ 14.133689] Memory state around the buggy address: [ 14.133891] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.134201] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.134485] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.134693] ^ [ 14.134883] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.135198] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.135471] ================================================================== [ 14.628338] ================================================================== [ 14.628652] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1d7a/0x5450 [ 14.628880] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.629104] [ 14.629235] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.629280] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.629292] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.629314] Call Trace: [ 14.629328] <TASK> [ 14.629343] dump_stack_lvl+0x73/0xb0 [ 14.629367] print_report+0xd1/0x650 [ 14.629389] ? __virt_addr_valid+0x1db/0x2d0 [ 14.629411] ? kasan_atomics_helper+0x1d7a/0x5450 [ 14.629432] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.629457] ? kasan_atomics_helper+0x1d7a/0x5450 [ 14.629479] kasan_report+0x141/0x180 [ 14.629501] ? kasan_atomics_helper+0x1d7a/0x5450 [ 14.629526] kasan_check_range+0x10c/0x1c0 [ 14.629549] __kasan_check_write+0x18/0x20 [ 14.629572] kasan_atomics_helper+0x1d7a/0x5450 [ 14.629594] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.629616] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.629640] ? kasan_atomics+0x152/0x310 [ 14.629665] kasan_atomics+0x1dc/0x310 [ 14.629687] ? __pfx_kasan_atomics+0x10/0x10 [ 14.629711] ? __pfx_read_tsc+0x10/0x10 [ 14.629732] ? ktime_get_ts64+0x86/0x230 [ 14.629756] kunit_try_run_case+0x1a5/0x480 [ 14.629780] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.629801] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.629823] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.629845] ? __kthread_parkme+0x82/0x180 [ 14.629866] ? preempt_count_sub+0x50/0x80 [ 14.629888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.629911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.629934] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.629957] kthread+0x337/0x6f0 [ 14.629976] ? trace_preempt_on+0x20/0xc0 [ 14.629999] ? __pfx_kthread+0x10/0x10 [ 14.630020] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.630040] ? calculate_sigpending+0x7b/0xa0 [ 14.630063] ? __pfx_kthread+0x10/0x10 [ 14.630085] ret_from_fork+0x116/0x1d0 [ 14.630104] ? __pfx_kthread+0x10/0x10 [ 14.630124] ret_from_fork_asm+0x1a/0x30 [ 14.630154] </TASK> [ 14.630164] [ 14.637202] Allocated by task 291: [ 14.637431] kasan_save_stack+0x45/0x70 [ 14.637614] kasan_save_track+0x18/0x40 [ 14.637792] kasan_save_alloc_info+0x3b/0x50 [ 14.637986] __kasan_kmalloc+0xb7/0xc0 [ 14.638136] __kmalloc_cache_noprof+0x189/0x420 [ 14.638297] kasan_atomics+0x95/0x310 [ 14.638419] kunit_try_run_case+0x1a5/0x480 [ 14.638551] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.638711] kthread+0x337/0x6f0 [ 14.638857] ret_from_fork+0x116/0x1d0 [ 14.639046] ret_from_fork_asm+0x1a/0x30 [ 14.639246] [ 14.639325] The buggy address belongs to the object at ffff8881029e2200 [ 14.639325] which belongs to the cache kmalloc-64 of size 64 [ 14.639780] The buggy address is located 0 bytes to the right of [ 14.639780] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.640329] [ 14.640395] The buggy address belongs to the physical page: [ 14.640635] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.640902] flags: 0x200000000000000(node=0|zone=2) [ 14.641054] page_type: f5(slab) [ 14.641184] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.641531] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.641848] page dumped because: kasan: bad access detected [ 14.642087] [ 14.642197] Memory state around the buggy address: [ 14.642397] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.642601] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.642907] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.643272] ^ [ 14.643452] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.643654] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.643852] ================================================================== [ 14.482600] ================================================================== [ 14.483141] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x18b1/0x5450 [ 14.483547] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.483901] [ 14.484000] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.484054] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.484066] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.484088] Call Trace: [ 14.484102] <TASK> [ 14.484126] dump_stack_lvl+0x73/0xb0 [ 14.484153] print_report+0xd1/0x650 [ 14.484193] ? __virt_addr_valid+0x1db/0x2d0 [ 14.484234] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.484255] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.484280] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.484312] kasan_report+0x141/0x180 [ 14.484334] ? kasan_atomics_helper+0x18b1/0x5450 [ 14.484360] kasan_check_range+0x10c/0x1c0 [ 14.484383] __kasan_check_write+0x18/0x20 [ 14.484415] kasan_atomics_helper+0x18b1/0x5450 [ 14.484439] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.484463] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.484498] ? kasan_atomics+0x152/0x310 [ 14.484524] kasan_atomics+0x1dc/0x310 [ 14.484546] ? __pfx_kasan_atomics+0x10/0x10 [ 14.484580] ? __pfx_read_tsc+0x10/0x10 [ 14.484601] ? ktime_get_ts64+0x86/0x230 [ 14.484626] kunit_try_run_case+0x1a5/0x480 [ 14.484663] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.484684] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.484707] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.484729] ? __kthread_parkme+0x82/0x180 [ 14.484750] ? preempt_count_sub+0x50/0x80 [ 14.484773] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.484796] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.484818] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.484842] kthread+0x337/0x6f0 [ 14.484861] ? trace_preempt_on+0x20/0xc0 [ 14.484884] ? __pfx_kthread+0x10/0x10 [ 14.484905] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.484925] ? calculate_sigpending+0x7b/0xa0 [ 14.484949] ? __pfx_kthread+0x10/0x10 [ 14.484970] ret_from_fork+0x116/0x1d0 [ 14.484988] ? __pfx_kthread+0x10/0x10 [ 14.485009] ret_from_fork_asm+0x1a/0x30 [ 14.485039] </TASK> [ 14.485050] [ 14.492116] Allocated by task 291: [ 14.492311] kasan_save_stack+0x45/0x70 [ 14.492500] kasan_save_track+0x18/0x40 [ 14.492698] kasan_save_alloc_info+0x3b/0x50 [ 14.492880] __kasan_kmalloc+0xb7/0xc0 [ 14.493074] __kmalloc_cache_noprof+0x189/0x420 [ 14.493307] kasan_atomics+0x95/0x310 [ 14.493488] kunit_try_run_case+0x1a5/0x480 [ 14.493646] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.493900] kthread+0x337/0x6f0 [ 14.494053] ret_from_fork+0x116/0x1d0 [ 14.494223] ret_from_fork_asm+0x1a/0x30 [ 14.494359] [ 14.494422] The buggy address belongs to the object at ffff8881029e2200 [ 14.494422] which belongs to the cache kmalloc-64 of size 64 [ 14.494763] The buggy address is located 0 bytes to the right of [ 14.494763] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.495227] [ 14.495326] The buggy address belongs to the physical page: [ 14.495612] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.496011] flags: 0x200000000000000(node=0|zone=2) [ 14.496294] page_type: f5(slab) [ 14.496452] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.496779] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.497084] page dumped because: kasan: bad access detected [ 14.497321] [ 14.497420] Memory state around the buggy address: [ 14.497639] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.497955] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.498288] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.498499] ^ [ 14.498647] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.498873] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.499226] ================================================================== [ 14.085965] ================================================================== [ 14.086765] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a36/0x5450 [ 14.087461] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.087750] [ 14.087923] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.087970] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.087983] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.088005] Call Trace: [ 14.088022] <TASK> [ 14.088037] dump_stack_lvl+0x73/0xb0 [ 14.088064] print_report+0xd1/0x650 [ 14.088085] ? __virt_addr_valid+0x1db/0x2d0 [ 14.088107] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.088155] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.088181] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.088212] kasan_report+0x141/0x180 [ 14.088234] ? kasan_atomics_helper+0x4a36/0x5450 [ 14.088260] __asan_report_load4_noabort+0x18/0x20 [ 14.088284] kasan_atomics_helper+0x4a36/0x5450 [ 14.088306] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.088328] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.088361] ? kasan_atomics+0x152/0x310 [ 14.088388] kasan_atomics+0x1dc/0x310 [ 14.088416] ? __pfx_kasan_atomics+0x10/0x10 [ 14.088440] ? __pfx_read_tsc+0x10/0x10 [ 14.088460] ? ktime_get_ts64+0x86/0x230 [ 14.088486] kunit_try_run_case+0x1a5/0x480 [ 14.088508] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.088531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.088553] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.088576] ? __kthread_parkme+0x82/0x180 [ 14.088597] ? preempt_count_sub+0x50/0x80 [ 14.088621] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.088644] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.088671] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.088695] kthread+0x337/0x6f0 [ 14.088715] ? trace_preempt_on+0x20/0xc0 [ 14.088738] ? __pfx_kthread+0x10/0x10 [ 14.088759] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.088780] ? calculate_sigpending+0x7b/0xa0 [ 14.088803] ? __pfx_kthread+0x10/0x10 [ 14.088825] ret_from_fork+0x116/0x1d0 [ 14.088844] ? __pfx_kthread+0x10/0x10 [ 14.088865] ret_from_fork_asm+0x1a/0x30 [ 14.088895] </TASK> [ 14.088906] [ 14.101771] Allocated by task 291: [ 14.102027] kasan_save_stack+0x45/0x70 [ 14.102318] kasan_save_track+0x18/0x40 [ 14.102450] kasan_save_alloc_info+0x3b/0x50 [ 14.102592] __kasan_kmalloc+0xb7/0xc0 [ 14.102717] __kmalloc_cache_noprof+0x189/0x420 [ 14.102864] kasan_atomics+0x95/0x310 [ 14.102988] kunit_try_run_case+0x1a5/0x480 [ 14.103125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.103564] kthread+0x337/0x6f0 [ 14.103857] ret_from_fork+0x116/0x1d0 [ 14.104232] ret_from_fork_asm+0x1a/0x30 [ 14.104594] [ 14.104745] The buggy address belongs to the object at ffff8881029e2200 [ 14.104745] which belongs to the cache kmalloc-64 of size 64 [ 14.105862] The buggy address is located 0 bytes to the right of [ 14.105862] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.107253] [ 14.107412] The buggy address belongs to the physical page: [ 14.107934] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.108693] flags: 0x200000000000000(node=0|zone=2) [ 14.109127] page_type: f5(slab) [ 14.109461] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.109888] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.110109] page dumped because: kasan: bad access detected [ 14.110532] [ 14.110699] Memory state around the buggy address: [ 14.111112] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.111822] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.112599] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.112997] ^ [ 14.113145] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.113730] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.114409] ================================================================== [ 14.410341] ================================================================== [ 14.410705] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x164f/0x5450 [ 14.411034] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.411301] [ 14.411377] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.411422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.411435] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.411456] Call Trace: [ 14.411470] <TASK> [ 14.411485] dump_stack_lvl+0x73/0xb0 [ 14.411509] print_report+0xd1/0x650 [ 14.411531] ? __virt_addr_valid+0x1db/0x2d0 [ 14.411553] ? kasan_atomics_helper+0x164f/0x5450 [ 14.411574] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.411600] ? kasan_atomics_helper+0x164f/0x5450 [ 14.411621] kasan_report+0x141/0x180 [ 14.411643] ? kasan_atomics_helper+0x164f/0x5450 [ 14.411668] kasan_check_range+0x10c/0x1c0 [ 14.411692] __kasan_check_write+0x18/0x20 [ 14.411716] kasan_atomics_helper+0x164f/0x5450 [ 14.411738] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.411760] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.411783] ? kasan_atomics+0x152/0x310 [ 14.411809] kasan_atomics+0x1dc/0x310 [ 14.411831] ? __pfx_kasan_atomics+0x10/0x10 [ 14.411855] ? __pfx_read_tsc+0x10/0x10 [ 14.411876] ? ktime_get_ts64+0x86/0x230 [ 14.411900] kunit_try_run_case+0x1a5/0x480 [ 14.411935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.411957] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.411979] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.412021] ? __kthread_parkme+0x82/0x180 [ 14.412042] ? preempt_count_sub+0x50/0x80 [ 14.412067] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.412102] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.412125] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.412149] kthread+0x337/0x6f0 [ 14.412186] ? trace_preempt_on+0x20/0xc0 [ 14.412217] ? __pfx_kthread+0x10/0x10 [ 14.412239] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.412259] ? calculate_sigpending+0x7b/0xa0 [ 14.412283] ? __pfx_kthread+0x10/0x10 [ 14.412305] ret_from_fork+0x116/0x1d0 [ 14.412332] ? __pfx_kthread+0x10/0x10 [ 14.412353] ret_from_fork_asm+0x1a/0x30 [ 14.412394] </TASK> [ 14.412405] [ 14.419824] Allocated by task 291: [ 14.419986] kasan_save_stack+0x45/0x70 [ 14.420221] kasan_save_track+0x18/0x40 [ 14.420393] kasan_save_alloc_info+0x3b/0x50 [ 14.420563] __kasan_kmalloc+0xb7/0xc0 [ 14.420693] __kmalloc_cache_noprof+0x189/0x420 [ 14.420841] kasan_atomics+0x95/0x310 [ 14.420966] kunit_try_run_case+0x1a5/0x480 [ 14.421103] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.421304] kthread+0x337/0x6f0 [ 14.421420] ret_from_fork+0x116/0x1d0 [ 14.421545] ret_from_fork_asm+0x1a/0x30 [ 14.421754] [ 14.421840] The buggy address belongs to the object at ffff8881029e2200 [ 14.421840] which belongs to the cache kmalloc-64 of size 64 [ 14.422377] The buggy address is located 0 bytes to the right of [ 14.422377] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.422903] [ 14.422988] The buggy address belongs to the physical page: [ 14.423261] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.423604] flags: 0x200000000000000(node=0|zone=2) [ 14.423852] page_type: f5(slab) [ 14.424008] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.424371] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.424641] page dumped because: kasan: bad access detected [ 14.424809] [ 14.424870] Memory state around the buggy address: [ 14.425016] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.425278] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.425597] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.425915] ^ [ 14.426135] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.426457] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.426770] ================================================================== [ 14.847252] ================================================================== [ 14.847947] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x224c/0x5450 [ 14.848631] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.849309] [ 14.849484] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.849539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.849552] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.849574] Call Trace: [ 14.849601] <TASK> [ 14.849617] dump_stack_lvl+0x73/0xb0 [ 14.849643] print_report+0xd1/0x650 [ 14.849665] ? __virt_addr_valid+0x1db/0x2d0 [ 14.849687] ? kasan_atomics_helper+0x224c/0x5450 [ 14.849708] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.849734] ? kasan_atomics_helper+0x224c/0x5450 [ 14.849756] kasan_report+0x141/0x180 [ 14.849778] ? kasan_atomics_helper+0x224c/0x5450 [ 14.849812] kasan_check_range+0x10c/0x1c0 [ 14.849836] __kasan_check_write+0x18/0x20 [ 14.849859] kasan_atomics_helper+0x224c/0x5450 [ 14.849892] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.849914] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.849938] ? kasan_atomics+0x152/0x310 [ 14.849963] kasan_atomics+0x1dc/0x310 [ 14.849986] ? __pfx_kasan_atomics+0x10/0x10 [ 14.850010] ? __pfx_read_tsc+0x10/0x10 [ 14.850030] ? ktime_get_ts64+0x86/0x230 [ 14.850055] kunit_try_run_case+0x1a5/0x480 [ 14.850078] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.850099] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.850121] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.850144] ? __kthread_parkme+0x82/0x180 [ 14.850183] ? preempt_count_sub+0x50/0x80 [ 14.850218] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.850241] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.850264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.850288] kthread+0x337/0x6f0 [ 14.850307] ? trace_preempt_on+0x20/0xc0 [ 14.850331] ? __pfx_kthread+0x10/0x10 [ 14.850351] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.850373] ? calculate_sigpending+0x7b/0xa0 [ 14.850398] ? __pfx_kthread+0x10/0x10 [ 14.850419] ret_from_fork+0x116/0x1d0 [ 14.850438] ? __pfx_kthread+0x10/0x10 [ 14.850459] ret_from_fork_asm+0x1a/0x30 [ 14.850489] </TASK> [ 14.850499] [ 14.863191] Allocated by task 291: [ 14.863531] kasan_save_stack+0x45/0x70 [ 14.863734] kasan_save_track+0x18/0x40 [ 14.864109] kasan_save_alloc_info+0x3b/0x50 [ 14.864312] __kasan_kmalloc+0xb7/0xc0 [ 14.864673] __kmalloc_cache_noprof+0x189/0x420 [ 14.865076] kasan_atomics+0x95/0x310 [ 14.865328] kunit_try_run_case+0x1a5/0x480 [ 14.865722] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.865906] kthread+0x337/0x6f0 [ 14.866283] ret_from_fork+0x116/0x1d0 [ 14.866623] ret_from_fork_asm+0x1a/0x30 [ 14.866788] [ 14.866919] The buggy address belongs to the object at ffff8881029e2200 [ 14.866919] which belongs to the cache kmalloc-64 of size 64 [ 14.867612] The buggy address is located 0 bytes to the right of [ 14.867612] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.867972] [ 14.868036] The buggy address belongs to the physical page: [ 14.868318] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.868987] flags: 0x200000000000000(node=0|zone=2) [ 14.869458] page_type: f5(slab) [ 14.869745] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.870428] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.871075] page dumped because: kasan: bad access detected [ 14.871580] [ 14.871730] Memory state around the buggy address: [ 14.872141] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.872526] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.872742] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.872949] ^ [ 14.873099] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.873677] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.874313] ================================================================== [ 14.499749] ================================================================== [ 14.500272] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x194a/0x5450 [ 14.500751] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.500969] [ 14.501044] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.501089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.501101] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.501123] Call Trace: [ 14.501135] <TASK> [ 14.501148] dump_stack_lvl+0x73/0xb0 [ 14.501195] print_report+0xd1/0x650 [ 14.501226] ? __virt_addr_valid+0x1db/0x2d0 [ 14.501247] ? kasan_atomics_helper+0x194a/0x5450 [ 14.501268] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.501294] ? kasan_atomics_helper+0x194a/0x5450 [ 14.501315] kasan_report+0x141/0x180 [ 14.501340] ? kasan_atomics_helper+0x194a/0x5450 [ 14.501377] kasan_check_range+0x10c/0x1c0 [ 14.501402] __kasan_check_write+0x18/0x20 [ 14.501425] kasan_atomics_helper+0x194a/0x5450 [ 14.501458] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.501480] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.501504] ? kasan_atomics+0x152/0x310 [ 14.501528] kasan_atomics+0x1dc/0x310 [ 14.501551] ? __pfx_kasan_atomics+0x10/0x10 [ 14.501575] ? __pfx_read_tsc+0x10/0x10 [ 14.501596] ? ktime_get_ts64+0x86/0x230 [ 14.501620] kunit_try_run_case+0x1a5/0x480 [ 14.501643] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.501666] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.501688] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.501710] ? __kthread_parkme+0x82/0x180 [ 14.501731] ? preempt_count_sub+0x50/0x80 [ 14.501753] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.501776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.501799] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.501822] kthread+0x337/0x6f0 [ 14.501842] ? trace_preempt_on+0x20/0xc0 [ 14.501864] ? __pfx_kthread+0x10/0x10 [ 14.501884] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.501905] ? calculate_sigpending+0x7b/0xa0 [ 14.501929] ? __pfx_kthread+0x10/0x10 [ 14.501950] ret_from_fork+0x116/0x1d0 [ 14.501968] ? __pfx_kthread+0x10/0x10 [ 14.501989] ret_from_fork_asm+0x1a/0x30 [ 14.502019] </TASK> [ 14.502030] [ 14.509277] Allocated by task 291: [ 14.509445] kasan_save_stack+0x45/0x70 [ 14.509654] kasan_save_track+0x18/0x40 [ 14.509820] kasan_save_alloc_info+0x3b/0x50 [ 14.510031] __kasan_kmalloc+0xb7/0xc0 [ 14.510162] __kmalloc_cache_noprof+0x189/0x420 [ 14.510338] kasan_atomics+0x95/0x310 [ 14.510465] kunit_try_run_case+0x1a5/0x480 [ 14.510605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.510777] kthread+0x337/0x6f0 [ 14.510893] ret_from_fork+0x116/0x1d0 [ 14.511035] ret_from_fork_asm+0x1a/0x30 [ 14.511278] [ 14.511365] The buggy address belongs to the object at ffff8881029e2200 [ 14.511365] which belongs to the cache kmalloc-64 of size 64 [ 14.511870] The buggy address is located 0 bytes to the right of [ 14.511870] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.512391] [ 14.512456] The buggy address belongs to the physical page: [ 14.512621] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.512857] flags: 0x200000000000000(node=0|zone=2) [ 14.513010] page_type: f5(slab) [ 14.513123] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.513471] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.513813] page dumped because: kasan: bad access detected [ 14.514083] [ 14.514214] Memory state around the buggy address: [ 14.514465] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.514813] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.515155] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.515488] ^ [ 14.515722] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.516012] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.516247] ================================================================== [ 14.003187] ================================================================== [ 14.003530] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xde0/0x5450 [ 14.004124] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.004453] [ 14.004531] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.004578] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.004591] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.004612] Call Trace: [ 14.004626] <TASK> [ 14.004639] dump_stack_lvl+0x73/0xb0 [ 14.004669] print_report+0xd1/0x650 [ 14.004691] ? __virt_addr_valid+0x1db/0x2d0 [ 14.004713] ? kasan_atomics_helper+0xde0/0x5450 [ 14.004735] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.004761] ? kasan_atomics_helper+0xde0/0x5450 [ 14.004782] kasan_report+0x141/0x180 [ 14.004805] ? kasan_atomics_helper+0xde0/0x5450 [ 14.004830] kasan_check_range+0x10c/0x1c0 [ 14.004853] __kasan_check_write+0x18/0x20 [ 14.004876] kasan_atomics_helper+0xde0/0x5450 [ 14.004898] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.004920] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.004945] ? kasan_atomics+0x152/0x310 [ 14.004970] kasan_atomics+0x1dc/0x310 [ 14.004994] ? __pfx_kasan_atomics+0x10/0x10 [ 14.005018] ? __pfx_read_tsc+0x10/0x10 [ 14.005039] ? ktime_get_ts64+0x86/0x230 [ 14.005063] kunit_try_run_case+0x1a5/0x480 [ 14.005086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.005108] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.005130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.005153] ? __kthread_parkme+0x82/0x180 [ 14.005173] ? preempt_count_sub+0x50/0x80 [ 14.005196] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.005230] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.005252] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.005275] kthread+0x337/0x6f0 [ 14.005295] ? trace_preempt_on+0x20/0xc0 [ 14.005316] ? __pfx_kthread+0x10/0x10 [ 14.005337] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.005358] ? calculate_sigpending+0x7b/0xa0 [ 14.005381] ? __pfx_kthread+0x10/0x10 [ 14.005402] ret_from_fork+0x116/0x1d0 [ 14.005421] ? __pfx_kthread+0x10/0x10 [ 14.005440] ret_from_fork_asm+0x1a/0x30 [ 14.005471] </TASK> [ 14.005481] [ 14.013280] Allocated by task 291: [ 14.013457] kasan_save_stack+0x45/0x70 [ 14.013628] kasan_save_track+0x18/0x40 [ 14.013787] kasan_save_alloc_info+0x3b/0x50 [ 14.013928] __kasan_kmalloc+0xb7/0xc0 [ 14.014100] __kmalloc_cache_noprof+0x189/0x420 [ 14.014485] kasan_atomics+0x95/0x310 [ 14.014655] kunit_try_run_case+0x1a5/0x480 [ 14.014817] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.015048] kthread+0x337/0x6f0 [ 14.015191] ret_from_fork+0x116/0x1d0 [ 14.015335] ret_from_fork_asm+0x1a/0x30 [ 14.015489] [ 14.015577] The buggy address belongs to the object at ffff8881029e2200 [ 14.015577] which belongs to the cache kmalloc-64 of size 64 [ 14.016009] The buggy address is located 0 bytes to the right of [ 14.016009] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.016553] [ 14.016638] The buggy address belongs to the physical page: [ 14.016806] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.017038] flags: 0x200000000000000(node=0|zone=2) [ 14.017192] page_type: f5(slab) [ 14.017313] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.017537] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.017758] page dumped because: kasan: bad access detected [ 14.017922] [ 14.017984] Memory state around the buggy address: [ 14.018196] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.018887] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.019201] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.019509] ^ [ 14.019719] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.019977] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.020188] ================================================================== [ 14.466049] ================================================================== [ 14.466370] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1818/0x5450 [ 14.466733] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.467025] [ 14.467123] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.467192] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.467220] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.467240] Call Trace: [ 14.467254] <TASK> [ 14.467268] dump_stack_lvl+0x73/0xb0 [ 14.467294] print_report+0xd1/0x650 [ 14.467315] ? __virt_addr_valid+0x1db/0x2d0 [ 14.467337] ? kasan_atomics_helper+0x1818/0x5450 [ 14.467357] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.467384] ? kasan_atomics_helper+0x1818/0x5450 [ 14.467406] kasan_report+0x141/0x180 [ 14.467428] ? kasan_atomics_helper+0x1818/0x5450 [ 14.467453] kasan_check_range+0x10c/0x1c0 [ 14.467477] __kasan_check_write+0x18/0x20 [ 14.467500] kasan_atomics_helper+0x1818/0x5450 [ 14.467521] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.467543] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.467567] ? kasan_atomics+0x152/0x310 [ 14.467593] kasan_atomics+0x1dc/0x310 [ 14.467616] ? __pfx_kasan_atomics+0x10/0x10 [ 14.467640] ? __pfx_read_tsc+0x10/0x10 [ 14.467660] ? ktime_get_ts64+0x86/0x230 [ 14.467686] kunit_try_run_case+0x1a5/0x480 [ 14.467709] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467731] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.467753] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.467776] ? __kthread_parkme+0x82/0x180 [ 14.467796] ? preempt_count_sub+0x50/0x80 [ 14.467829] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.467852] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.467875] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.467908] kthread+0x337/0x6f0 [ 14.467928] ? trace_preempt_on+0x20/0xc0 [ 14.467950] ? __pfx_kthread+0x10/0x10 [ 14.467970] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.467991] ? calculate_sigpending+0x7b/0xa0 [ 14.468014] ? __pfx_kthread+0x10/0x10 [ 14.468036] ret_from_fork+0x116/0x1d0 [ 14.468054] ? __pfx_kthread+0x10/0x10 [ 14.468075] ret_from_fork_asm+0x1a/0x30 [ 14.468105] </TASK> [ 14.468116] [ 14.475064] Allocated by task 291: [ 14.475249] kasan_save_stack+0x45/0x70 [ 14.475449] kasan_save_track+0x18/0x40 [ 14.475631] kasan_save_alloc_info+0x3b/0x50 [ 14.475829] __kasan_kmalloc+0xb7/0xc0 [ 14.476005] __kmalloc_cache_noprof+0x189/0x420 [ 14.476247] kasan_atomics+0x95/0x310 [ 14.476424] kunit_try_run_case+0x1a5/0x480 [ 14.476601] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.476774] kthread+0x337/0x6f0 [ 14.476887] ret_from_fork+0x116/0x1d0 [ 14.477011] ret_from_fork_asm+0x1a/0x30 [ 14.477234] [ 14.477321] The buggy address belongs to the object at ffff8881029e2200 [ 14.477321] which belongs to the cache kmalloc-64 of size 64 [ 14.477886] The buggy address is located 0 bytes to the right of [ 14.477886] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.478387] [ 14.478476] The buggy address belongs to the physical page: [ 14.478742] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.479052] flags: 0x200000000000000(node=0|zone=2) [ 14.479278] page_type: f5(slab) [ 14.479417] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.479688] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.479994] page dumped because: kasan: bad access detected [ 14.480263] [ 14.480349] Memory state around the buggy address: [ 14.480558] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.480866] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.481183] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.481399] ^ [ 14.481545] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.481753] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.482061] ================================================================== [ 14.054579] ================================================================== [ 14.054893] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xfa9/0x5450 [ 14.055242] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.055740] [ 14.055839] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.055883] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.055896] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.055917] Call Trace: [ 14.055930] <TASK> [ 14.055944] dump_stack_lvl+0x73/0xb0 [ 14.055968] print_report+0xd1/0x650 [ 14.055990] ? __virt_addr_valid+0x1db/0x2d0 [ 14.056011] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.056032] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.056057] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.056079] kasan_report+0x141/0x180 [ 14.056101] ? kasan_atomics_helper+0xfa9/0x5450 [ 14.056125] kasan_check_range+0x10c/0x1c0 [ 14.056148] __kasan_check_write+0x18/0x20 [ 14.056171] kasan_atomics_helper+0xfa9/0x5450 [ 14.056194] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.056226] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.056250] ? kasan_atomics+0x152/0x310 [ 14.056276] kasan_atomics+0x1dc/0x310 [ 14.056300] ? __pfx_kasan_atomics+0x10/0x10 [ 14.056324] ? __pfx_read_tsc+0x10/0x10 [ 14.056346] ? ktime_get_ts64+0x86/0x230 [ 14.056370] kunit_try_run_case+0x1a5/0x480 [ 14.056394] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.056417] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.056439] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.056462] ? __kthread_parkme+0x82/0x180 [ 14.056482] ? preempt_count_sub+0x50/0x80 [ 14.056504] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.056528] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.056551] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.056575] kthread+0x337/0x6f0 [ 14.056595] ? trace_preempt_on+0x20/0xc0 [ 14.056618] ? __pfx_kthread+0x10/0x10 [ 14.056639] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.056663] ? calculate_sigpending+0x7b/0xa0 [ 14.056687] ? __pfx_kthread+0x10/0x10 [ 14.056710] ret_from_fork+0x116/0x1d0 [ 14.056729] ? __pfx_kthread+0x10/0x10 [ 14.056749] ret_from_fork_asm+0x1a/0x30 [ 14.056779] </TASK> [ 14.056789] [ 14.071086] Allocated by task 291: [ 14.071553] kasan_save_stack+0x45/0x70 [ 14.072018] kasan_save_track+0x18/0x40 [ 14.072430] kasan_save_alloc_info+0x3b/0x50 [ 14.072580] __kasan_kmalloc+0xb7/0xc0 [ 14.072714] __kmalloc_cache_noprof+0x189/0x420 [ 14.072864] kasan_atomics+0x95/0x310 [ 14.072991] kunit_try_run_case+0x1a5/0x480 [ 14.073130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.073967] kthread+0x337/0x6f0 [ 14.074555] ret_from_fork+0x116/0x1d0 [ 14.075075] ret_from_fork_asm+0x1a/0x30 [ 14.075625] [ 14.075922] The buggy address belongs to the object at ffff8881029e2200 [ 14.075922] which belongs to the cache kmalloc-64 of size 64 [ 14.077389] The buggy address is located 0 bytes to the right of [ 14.077389] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.078510] [ 14.078814] The buggy address belongs to the physical page: [ 14.079410] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.080023] flags: 0x200000000000000(node=0|zone=2) [ 14.080357] page_type: f5(slab) [ 14.080752] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.081605] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.082123] page dumped because: kasan: bad access detected [ 14.082802] [ 14.082967] Memory state around the buggy address: [ 14.083462] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.083683] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.083896] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.084103] ^ [ 14.084265] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.084483] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.085039] ================================================================== [ 14.135822] ================================================================== [ 14.136313] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a1c/0x5450 [ 14.136891] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.137201] [ 14.137290] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.137334] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.137346] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.137367] Call Trace: [ 14.137381] <TASK> [ 14.137394] dump_stack_lvl+0x73/0xb0 [ 14.137420] print_report+0xd1/0x650 [ 14.137441] ? __virt_addr_valid+0x1db/0x2d0 [ 14.137464] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.137486] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.137512] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.137533] kasan_report+0x141/0x180 [ 14.137556] ? kasan_atomics_helper+0x4a1c/0x5450 [ 14.137581] __asan_report_load4_noabort+0x18/0x20 [ 14.137605] kasan_atomics_helper+0x4a1c/0x5450 [ 14.137627] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.137648] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.137684] ? kasan_atomics+0x152/0x310 [ 14.137709] kasan_atomics+0x1dc/0x310 [ 14.137731] ? __pfx_kasan_atomics+0x10/0x10 [ 14.137766] ? __pfx_read_tsc+0x10/0x10 [ 14.137787] ? ktime_get_ts64+0x86/0x230 [ 14.137811] kunit_try_run_case+0x1a5/0x480 [ 14.137835] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.137856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.137878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.137901] ? __kthread_parkme+0x82/0x180 [ 14.137921] ? preempt_count_sub+0x50/0x80 [ 14.137944] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.137967] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.137989] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.138013] kthread+0x337/0x6f0 [ 14.138032] ? trace_preempt_on+0x20/0xc0 [ 14.138055] ? __pfx_kthread+0x10/0x10 [ 14.138076] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.138095] ? calculate_sigpending+0x7b/0xa0 [ 14.138120] ? __pfx_kthread+0x10/0x10 [ 14.138142] ret_from_fork+0x116/0x1d0 [ 14.138161] ? __pfx_kthread+0x10/0x10 [ 14.138181] ret_from_fork_asm+0x1a/0x30 [ 14.138219] </TASK> [ 14.138230] [ 14.145509] Allocated by task 291: [ 14.145627] kasan_save_stack+0x45/0x70 [ 14.145762] kasan_save_track+0x18/0x40 [ 14.145890] kasan_save_alloc_info+0x3b/0x50 [ 14.146089] __kasan_kmalloc+0xb7/0xc0 [ 14.146277] __kmalloc_cache_noprof+0x189/0x420 [ 14.146515] kasan_atomics+0x95/0x310 [ 14.146699] kunit_try_run_case+0x1a5/0x480 [ 14.146895] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.147134] kthread+0x337/0x6f0 [ 14.147445] ret_from_fork+0x116/0x1d0 [ 14.147577] ret_from_fork_asm+0x1a/0x30 [ 14.147709] [ 14.147774] The buggy address belongs to the object at ffff8881029e2200 [ 14.147774] which belongs to the cache kmalloc-64 of size 64 [ 14.148116] The buggy address is located 0 bytes to the right of [ 14.148116] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.149159] [ 14.149262] The buggy address belongs to the physical page: [ 14.149530] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.149887] flags: 0x200000000000000(node=0|zone=2) [ 14.150105] page_type: f5(slab) [ 14.150340] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.150644] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.150888] page dumped because: kasan: bad access detected [ 14.151134] [ 14.151226] Memory state around the buggy address: [ 14.151439] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.151766] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.151973] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.152175] ^ [ 14.152660] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.152975] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.153380] ================================================================== [ 14.821089] ================================================================== [ 14.821654] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fa5/0x5450 [ 14.822096] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.822666] [ 14.822852] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.822909] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.822921] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.822943] Call Trace: [ 14.822958] <TASK> [ 14.822972] dump_stack_lvl+0x73/0xb0 [ 14.822998] print_report+0xd1/0x650 [ 14.823020] ? __virt_addr_valid+0x1db/0x2d0 [ 14.823051] ? kasan_atomics_helper+0x4fa5/0x5450 [ 14.823073] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.823100] ? kasan_atomics_helper+0x4fa5/0x5450 [ 14.823132] kasan_report+0x141/0x180 [ 14.823154] ? kasan_atomics_helper+0x4fa5/0x5450 [ 14.823198] __asan_report_load8_noabort+0x18/0x20 [ 14.823231] kasan_atomics_helper+0x4fa5/0x5450 [ 14.823253] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.823275] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.823300] ? kasan_atomics+0x152/0x310 [ 14.823326] kasan_atomics+0x1dc/0x310 [ 14.823348] ? __pfx_kasan_atomics+0x10/0x10 [ 14.823372] ? __pfx_read_tsc+0x10/0x10 [ 14.823394] ? ktime_get_ts64+0x86/0x230 [ 14.823418] kunit_try_run_case+0x1a5/0x480 [ 14.823442] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.823464] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.823486] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.823510] ? __kthread_parkme+0x82/0x180 [ 14.823530] ? preempt_count_sub+0x50/0x80 [ 14.823554] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.823578] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.823600] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.823624] kthread+0x337/0x6f0 [ 14.823643] ? trace_preempt_on+0x20/0xc0 [ 14.823667] ? __pfx_kthread+0x10/0x10 [ 14.823688] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.823708] ? calculate_sigpending+0x7b/0xa0 [ 14.823734] ? __pfx_kthread+0x10/0x10 [ 14.823758] ret_from_fork+0x116/0x1d0 [ 14.823780] ? __pfx_kthread+0x10/0x10 [ 14.823802] ret_from_fork_asm+0x1a/0x30 [ 14.823832] </TASK> [ 14.823843] [ 14.835360] Allocated by task 291: [ 14.835693] kasan_save_stack+0x45/0x70 [ 14.836050] kasan_save_track+0x18/0x40 [ 14.836425] kasan_save_alloc_info+0x3b/0x50 [ 14.836829] __kasan_kmalloc+0xb7/0xc0 [ 14.837211] __kmalloc_cache_noprof+0x189/0x420 [ 14.837641] kasan_atomics+0x95/0x310 [ 14.837843] kunit_try_run_case+0x1a5/0x480 [ 14.838218] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.838596] kthread+0x337/0x6f0 [ 14.838708] ret_from_fork+0x116/0x1d0 [ 14.838829] ret_from_fork_asm+0x1a/0x30 [ 14.838956] [ 14.839017] The buggy address belongs to the object at ffff8881029e2200 [ 14.839017] which belongs to the cache kmalloc-64 of size 64 [ 14.839798] The buggy address is located 0 bytes to the right of [ 14.839798] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.840879] [ 14.841029] The buggy address belongs to the physical page: [ 14.841546] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.842237] flags: 0x200000000000000(node=0|zone=2) [ 14.842667] page_type: f5(slab) [ 14.842788] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.843290] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.843924] page dumped because: kasan: bad access detected [ 14.844104] [ 14.844186] Memory state around the buggy address: [ 14.844611] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.845235] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.845445] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.845645] ^ [ 14.845786] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.845987] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.846255] ================================================================== [ 14.446533] ================================================================== [ 14.446764] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x177f/0x5450 [ 14.446990] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.447327] [ 14.447450] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.447497] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.447509] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.447546] Call Trace: [ 14.447562] <TASK> [ 14.447576] dump_stack_lvl+0x73/0xb0 [ 14.447602] print_report+0xd1/0x650 [ 14.447624] ? __virt_addr_valid+0x1db/0x2d0 [ 14.447647] ? kasan_atomics_helper+0x177f/0x5450 [ 14.447668] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.447695] ? kasan_atomics_helper+0x177f/0x5450 [ 14.447717] kasan_report+0x141/0x180 [ 14.447739] ? kasan_atomics_helper+0x177f/0x5450 [ 14.447765] kasan_check_range+0x10c/0x1c0 [ 14.447788] __kasan_check_write+0x18/0x20 [ 14.447811] kasan_atomics_helper+0x177f/0x5450 [ 14.447833] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.447855] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.447880] ? kasan_atomics+0x152/0x310 [ 14.447905] kasan_atomics+0x1dc/0x310 [ 14.447927] ? __pfx_kasan_atomics+0x10/0x10 [ 14.447951] ? __pfx_read_tsc+0x10/0x10 [ 14.447972] ? ktime_get_ts64+0x86/0x230 [ 14.447996] kunit_try_run_case+0x1a5/0x480 [ 14.448020] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.448076] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.448099] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.448122] ? __kthread_parkme+0x82/0x180 [ 14.448153] ? preempt_count_sub+0x50/0x80 [ 14.448195] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.448261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.448284] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.448307] kthread+0x337/0x6f0 [ 14.448326] ? trace_preempt_on+0x20/0xc0 [ 14.448349] ? __pfx_kthread+0x10/0x10 [ 14.448370] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.448391] ? calculate_sigpending+0x7b/0xa0 [ 14.448414] ? __pfx_kthread+0x10/0x10 [ 14.448436] ret_from_fork+0x116/0x1d0 [ 14.448455] ? __pfx_kthread+0x10/0x10 [ 14.448476] ret_from_fork_asm+0x1a/0x30 [ 14.448505] </TASK> [ 14.448516] [ 14.458242] Allocated by task 291: [ 14.458416] kasan_save_stack+0x45/0x70 [ 14.458610] kasan_save_track+0x18/0x40 [ 14.458804] kasan_save_alloc_info+0x3b/0x50 [ 14.459010] __kasan_kmalloc+0xb7/0xc0 [ 14.459242] __kmalloc_cache_noprof+0x189/0x420 [ 14.459454] kasan_atomics+0x95/0x310 [ 14.459629] kunit_try_run_case+0x1a5/0x480 [ 14.459769] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.459940] kthread+0x337/0x6f0 [ 14.460057] ret_from_fork+0x116/0x1d0 [ 14.460306] ret_from_fork_asm+0x1a/0x30 [ 14.460498] [ 14.460591] The buggy address belongs to the object at ffff8881029e2200 [ 14.460591] which belongs to the cache kmalloc-64 of size 64 [ 14.461107] The buggy address is located 0 bytes to the right of [ 14.461107] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.461688] [ 14.461758] The buggy address belongs to the physical page: [ 14.461924] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.462159] flags: 0x200000000000000(node=0|zone=2) [ 14.462416] page_type: f5(slab) [ 14.462598] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.462952] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.463336] page dumped because: kasan: bad access detected [ 14.463570] [ 14.463649] Memory state around the buggy address: [ 14.463830] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.464139] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.464433] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.464718] ^ [ 14.464936] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.465260] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.465548] ================================================================== [ 13.870378] ================================================================== [ 13.870828] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x992/0x5450 [ 13.871179] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.871422] [ 13.871506] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.871551] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.871564] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.871585] Call Trace: [ 13.871601] <TASK> [ 13.871616] dump_stack_lvl+0x73/0xb0 [ 13.871642] print_report+0xd1/0x650 [ 13.871663] ? __virt_addr_valid+0x1db/0x2d0 [ 13.871685] ? kasan_atomics_helper+0x992/0x5450 [ 13.871706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.871731] ? kasan_atomics_helper+0x992/0x5450 [ 13.871753] kasan_report+0x141/0x180 [ 13.871774] ? kasan_atomics_helper+0x992/0x5450 [ 13.871800] kasan_check_range+0x10c/0x1c0 [ 13.871824] __kasan_check_write+0x18/0x20 [ 13.871847] kasan_atomics_helper+0x992/0x5450 [ 13.871869] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.871890] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.871914] ? kasan_atomics+0x152/0x310 [ 13.871940] kasan_atomics+0x1dc/0x310 [ 13.871962] ? __pfx_kasan_atomics+0x10/0x10 [ 13.871986] ? __pfx_read_tsc+0x10/0x10 [ 13.872008] ? ktime_get_ts64+0x86/0x230 [ 13.872032] kunit_try_run_case+0x1a5/0x480 [ 13.872056] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.872079] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.872101] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.872124] ? __kthread_parkme+0x82/0x180 [ 13.872147] ? preempt_count_sub+0x50/0x80 [ 13.872171] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.872195] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.872228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.872251] kthread+0x337/0x6f0 [ 13.872271] ? trace_preempt_on+0x20/0xc0 [ 13.872294] ? __pfx_kthread+0x10/0x10 [ 13.872314] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.872335] ? calculate_sigpending+0x7b/0xa0 [ 13.872358] ? __pfx_kthread+0x10/0x10 [ 13.872380] ret_from_fork+0x116/0x1d0 [ 13.872398] ? __pfx_kthread+0x10/0x10 [ 13.872418] ret_from_fork_asm+0x1a/0x30 [ 13.872448] </TASK> [ 13.872459] [ 13.879983] Allocated by task 291: [ 13.880146] kasan_save_stack+0x45/0x70 [ 13.880293] kasan_save_track+0x18/0x40 [ 13.880422] kasan_save_alloc_info+0x3b/0x50 [ 13.880562] __kasan_kmalloc+0xb7/0xc0 [ 13.880750] __kmalloc_cache_noprof+0x189/0x420 [ 13.880987] kasan_atomics+0x95/0x310 [ 13.881170] kunit_try_run_case+0x1a5/0x480 [ 13.881389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.881631] kthread+0x337/0x6f0 [ 13.881774] ret_from_fork+0x116/0x1d0 [ 13.881951] ret_from_fork_asm+0x1a/0x30 [ 13.882125] [ 13.882232] The buggy address belongs to the object at ffff8881029e2200 [ 13.882232] which belongs to the cache kmalloc-64 of size 64 [ 13.882691] The buggy address is located 0 bytes to the right of [ 13.882691] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.883048] [ 13.883112] The buggy address belongs to the physical page: [ 13.883551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.883912] flags: 0x200000000000000(node=0|zone=2) [ 13.884134] page_type: f5(slab) [ 13.884275] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.884499] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.884722] page dumped because: kasan: bad access detected [ 13.885071] [ 13.885160] Memory state around the buggy address: [ 13.885404] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.885718] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.886025] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.886377] ^ [ 13.886611] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.886866] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.887074] ================================================================== [ 13.835096] ================================================================== [ 13.835545] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x860/0x5450 [ 13.835964] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.836338] [ 13.836476] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.836524] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.836538] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.836560] Call Trace: [ 13.836575] <TASK> [ 13.836592] dump_stack_lvl+0x73/0xb0 [ 13.836619] print_report+0xd1/0x650 [ 13.836641] ? __virt_addr_valid+0x1db/0x2d0 [ 13.836669] ? kasan_atomics_helper+0x860/0x5450 [ 13.836690] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.836716] ? kasan_atomics_helper+0x860/0x5450 [ 13.836736] kasan_report+0x141/0x180 [ 13.836758] ? kasan_atomics_helper+0x860/0x5450 [ 13.836783] kasan_check_range+0x10c/0x1c0 [ 13.836806] __kasan_check_write+0x18/0x20 [ 13.836829] kasan_atomics_helper+0x860/0x5450 [ 13.836850] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.836872] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.836897] ? kasan_atomics+0x152/0x310 [ 13.836922] kasan_atomics+0x1dc/0x310 [ 13.836945] ? __pfx_kasan_atomics+0x10/0x10 [ 13.836968] ? __pfx_read_tsc+0x10/0x10 [ 13.836989] ? ktime_get_ts64+0x86/0x230 [ 13.837014] kunit_try_run_case+0x1a5/0x480 [ 13.837037] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.837059] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.837081] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.837104] ? __kthread_parkme+0x82/0x180 [ 13.837124] ? preempt_count_sub+0x50/0x80 [ 13.837147] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.837171] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.837192] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.837247] kthread+0x337/0x6f0 [ 13.837268] ? trace_preempt_on+0x20/0xc0 [ 13.837291] ? __pfx_kthread+0x10/0x10 [ 13.837312] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.837331] ? calculate_sigpending+0x7b/0xa0 [ 13.837355] ? __pfx_kthread+0x10/0x10 [ 13.837377] ret_from_fork+0x116/0x1d0 [ 13.837395] ? __pfx_kthread+0x10/0x10 [ 13.837415] ret_from_fork_asm+0x1a/0x30 [ 13.837447] </TASK> [ 13.837457] [ 13.844869] Allocated by task 291: [ 13.845047] kasan_save_stack+0x45/0x70 [ 13.845248] kasan_save_track+0x18/0x40 [ 13.845494] kasan_save_alloc_info+0x3b/0x50 [ 13.845669] __kasan_kmalloc+0xb7/0xc0 [ 13.845795] __kmalloc_cache_noprof+0x189/0x420 [ 13.845945] kasan_atomics+0x95/0x310 [ 13.846100] kunit_try_run_case+0x1a5/0x480 [ 13.846306] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.846553] kthread+0x337/0x6f0 [ 13.846716] ret_from_fork+0x116/0x1d0 [ 13.846964] ret_from_fork_asm+0x1a/0x30 [ 13.847151] [ 13.847225] The buggy address belongs to the object at ffff8881029e2200 [ 13.847225] which belongs to the cache kmalloc-64 of size 64 [ 13.847570] The buggy address is located 0 bytes to the right of [ 13.847570] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.848460] [ 13.848552] The buggy address belongs to the physical page: [ 13.848784] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.849019] flags: 0x200000000000000(node=0|zone=2) [ 13.849179] page_type: f5(slab) [ 13.849364] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.849718] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.850069] page dumped because: kasan: bad access detected [ 13.850368] [ 13.850474] Memory state around the buggy address: [ 13.850669] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.850912] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.851184] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.851400] ^ [ 13.851548] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.851756] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.852253] ================================================================== [ 14.719879] ================================================================== [ 14.720541] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x2006/0x5450 [ 14.721321] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.721942] [ 14.722123] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.722169] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.722181] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.722213] Call Trace: [ 14.722228] <TASK> [ 14.722242] dump_stack_lvl+0x73/0xb0 [ 14.722277] print_report+0xd1/0x650 [ 14.722300] ? __virt_addr_valid+0x1db/0x2d0 [ 14.722322] ? kasan_atomics_helper+0x2006/0x5450 [ 14.722354] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.722380] ? kasan_atomics_helper+0x2006/0x5450 [ 14.722402] kasan_report+0x141/0x180 [ 14.722423] ? kasan_atomics_helper+0x2006/0x5450 [ 14.722449] kasan_check_range+0x10c/0x1c0 [ 14.722473] __kasan_check_write+0x18/0x20 [ 14.722496] kasan_atomics_helper+0x2006/0x5450 [ 14.722518] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.722540] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.722564] ? kasan_atomics+0x152/0x310 [ 14.722590] kasan_atomics+0x1dc/0x310 [ 14.722612] ? __pfx_kasan_atomics+0x10/0x10 [ 14.722636] ? __pfx_read_tsc+0x10/0x10 [ 14.722657] ? ktime_get_ts64+0x86/0x230 [ 14.722681] kunit_try_run_case+0x1a5/0x480 [ 14.722705] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.722727] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.722750] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.722771] ? __kthread_parkme+0x82/0x180 [ 14.722791] ? preempt_count_sub+0x50/0x80 [ 14.722814] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.722837] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.722860] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.722883] kthread+0x337/0x6f0 [ 14.722902] ? trace_preempt_on+0x20/0xc0 [ 14.722924] ? __pfx_kthread+0x10/0x10 [ 14.722945] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.722965] ? calculate_sigpending+0x7b/0xa0 [ 14.722988] ? __pfx_kthread+0x10/0x10 [ 14.723010] ret_from_fork+0x116/0x1d0 [ 14.723028] ? __pfx_kthread+0x10/0x10 [ 14.723049] ret_from_fork_asm+0x1a/0x30 [ 14.723078] </TASK> [ 14.723089] [ 14.734448] Allocated by task 291: [ 14.734775] kasan_save_stack+0x45/0x70 [ 14.735148] kasan_save_track+0x18/0x40 [ 14.735520] kasan_save_alloc_info+0x3b/0x50 [ 14.735758] __kasan_kmalloc+0xb7/0xc0 [ 14.735887] __kmalloc_cache_noprof+0x189/0x420 [ 14.736037] kasan_atomics+0x95/0x310 [ 14.736165] kunit_try_run_case+0x1a5/0x480 [ 14.736345] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.736566] kthread+0x337/0x6f0 [ 14.736687] ret_from_fork+0x116/0x1d0 [ 14.736826] ret_from_fork_asm+0x1a/0x30 [ 14.737016] [ 14.737104] The buggy address belongs to the object at ffff8881029e2200 [ 14.737104] which belongs to the cache kmalloc-64 of size 64 [ 14.737649] The buggy address is located 0 bytes to the right of [ 14.737649] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.738119] [ 14.738251] The buggy address belongs to the physical page: [ 14.738514] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.738799] flags: 0x200000000000000(node=0|zone=2) [ 14.739055] page_type: f5(slab) [ 14.739249] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.739502] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.739818] page dumped because: kasan: bad access detected [ 14.740091] [ 14.740193] Memory state around the buggy address: [ 14.740351] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.740661] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.740956] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.741245] ^ [ 14.741484] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.741741] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.742035] ================================================================== [ 13.644010] ================================================================== [ 13.644383] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x3df/0x5450 [ 13.644723] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.645033] [ 13.645132] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.645197] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.645217] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.645241] Call Trace: [ 13.645253] <TASK> [ 13.645267] dump_stack_lvl+0x73/0xb0 [ 13.645293] print_report+0xd1/0x650 [ 13.645315] ? __virt_addr_valid+0x1db/0x2d0 [ 13.645337] ? kasan_atomics_helper+0x3df/0x5450 [ 13.645359] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.645384] ? kasan_atomics_helper+0x3df/0x5450 [ 13.645406] kasan_report+0x141/0x180 [ 13.645428] ? kasan_atomics_helper+0x3df/0x5450 [ 13.645453] kasan_check_range+0x10c/0x1c0 [ 13.645478] __kasan_check_read+0x15/0x20 [ 13.645501] kasan_atomics_helper+0x3df/0x5450 [ 13.645523] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.645546] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.645572] ? kasan_atomics+0x152/0x310 [ 13.645599] kasan_atomics+0x1dc/0x310 [ 13.645622] ? __pfx_kasan_atomics+0x10/0x10 [ 13.645646] ? __pfx_read_tsc+0x10/0x10 [ 13.645668] ? ktime_get_ts64+0x86/0x230 [ 13.645693] kunit_try_run_case+0x1a5/0x480 [ 13.645717] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.645739] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.645761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.645785] ? __kthread_parkme+0x82/0x180 [ 13.645806] ? preempt_count_sub+0x50/0x80 [ 13.645830] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.645853] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.645876] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.645900] kthread+0x337/0x6f0 [ 13.645919] ? trace_preempt_on+0x20/0xc0 [ 13.645943] ? __pfx_kthread+0x10/0x10 [ 13.645964] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.645984] ? calculate_sigpending+0x7b/0xa0 [ 13.646009] ? __pfx_kthread+0x10/0x10 [ 13.646030] ret_from_fork+0x116/0x1d0 [ 13.646048] ? __pfx_kthread+0x10/0x10 [ 13.646069] ret_from_fork_asm+0x1a/0x30 [ 13.646100] </TASK> [ 13.646111] [ 13.652812] Allocated by task 291: [ 13.652935] kasan_save_stack+0x45/0x70 [ 13.653124] kasan_save_track+0x18/0x40 [ 13.653363] kasan_save_alloc_info+0x3b/0x50 [ 13.653590] __kasan_kmalloc+0xb7/0xc0 [ 13.653808] __kmalloc_cache_noprof+0x189/0x420 [ 13.654047] kasan_atomics+0x95/0x310 [ 13.654258] kunit_try_run_case+0x1a5/0x480 [ 13.654457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.654635] kthread+0x337/0x6f0 [ 13.654792] ret_from_fork+0x116/0x1d0 [ 13.654989] ret_from_fork_asm+0x1a/0x30 [ 13.655243] [ 13.655328] The buggy address belongs to the object at ffff8881029e2200 [ 13.655328] which belongs to the cache kmalloc-64 of size 64 [ 13.655746] The buggy address is located 0 bytes to the right of [ 13.655746] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.656289] [ 13.656377] The buggy address belongs to the physical page: [ 13.656634] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.656981] flags: 0x200000000000000(node=0|zone=2) [ 13.657230] page_type: f5(slab) [ 13.657361] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.657664] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.657999] page dumped because: kasan: bad access detected [ 13.658259] [ 13.658322] Memory state around the buggy address: [ 13.658523] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.658778] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.659105] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.659401] ^ [ 13.659618] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.659898] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.660224] ================================================================== [ 14.777381] ================================================================== [ 14.777727] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4fb2/0x5450 [ 14.778089] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.778455] [ 14.778574] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.778631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.778644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.778666] Call Trace: [ 14.778682] <TASK> [ 14.778698] dump_stack_lvl+0x73/0xb0 [ 14.778726] print_report+0xd1/0x650 [ 14.778750] ? __virt_addr_valid+0x1db/0x2d0 [ 14.778774] ? kasan_atomics_helper+0x4fb2/0x5450 [ 14.778797] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.778823] ? kasan_atomics_helper+0x4fb2/0x5450 [ 14.778845] kasan_report+0x141/0x180 [ 14.778869] ? kasan_atomics_helper+0x4fb2/0x5450 [ 14.778895] __asan_report_load8_noabort+0x18/0x20 [ 14.778919] kasan_atomics_helper+0x4fb2/0x5450 [ 14.778942] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.778964] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.778990] ? kasan_atomics+0x152/0x310 [ 14.779016] kasan_atomics+0x1dc/0x310 [ 14.779038] ? __pfx_kasan_atomics+0x10/0x10 [ 14.779062] ? __pfx_read_tsc+0x10/0x10 [ 14.779083] ? ktime_get_ts64+0x86/0x230 [ 14.779107] kunit_try_run_case+0x1a5/0x480 [ 14.779131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.779153] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.779196] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.779227] ? __kthread_parkme+0x82/0x180 [ 14.779256] ? preempt_count_sub+0x50/0x80 [ 14.779280] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.779303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.779336] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.779359] kthread+0x337/0x6f0 [ 14.779379] ? trace_preempt_on+0x20/0xc0 [ 14.779403] ? __pfx_kthread+0x10/0x10 [ 14.779423] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.779444] ? calculate_sigpending+0x7b/0xa0 [ 14.779468] ? __pfx_kthread+0x10/0x10 [ 14.779490] ret_from_fork+0x116/0x1d0 [ 14.779508] ? __pfx_kthread+0x10/0x10 [ 14.779528] ret_from_fork_asm+0x1a/0x30 [ 14.779558] </TASK> [ 14.779568] [ 14.786621] Allocated by task 291: [ 14.786794] kasan_save_stack+0x45/0x70 [ 14.786978] kasan_save_track+0x18/0x40 [ 14.787147] kasan_save_alloc_info+0x3b/0x50 [ 14.787315] __kasan_kmalloc+0xb7/0xc0 [ 14.787442] __kmalloc_cache_noprof+0x189/0x420 [ 14.787590] kasan_atomics+0x95/0x310 [ 14.787786] kunit_try_run_case+0x1a5/0x480 [ 14.787986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.788253] kthread+0x337/0x6f0 [ 14.788414] ret_from_fork+0x116/0x1d0 [ 14.788565] ret_from_fork_asm+0x1a/0x30 [ 14.788700] [ 14.788764] The buggy address belongs to the object at ffff8881029e2200 [ 14.788764] which belongs to the cache kmalloc-64 of size 64 [ 14.789226] The buggy address is located 0 bytes to the right of [ 14.789226] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.789812] [ 14.789901] The buggy address belongs to the physical page: [ 14.790189] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.790528] flags: 0x200000000000000(node=0|zone=2) [ 14.790772] page_type: f5(slab) [ 14.790897] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.791122] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.791374] page dumped because: kasan: bad access detected [ 14.791566] [ 14.791650] Memory state around the buggy address: [ 14.791862] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.792253] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.792602] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.792814] ^ [ 14.792960] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.793187] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.793504] ================================================================== [ 13.558928] ================================================================== [ 13.559585] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4bbc/0x5450 [ 13.560248] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.560603] [ 13.560697] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.560745] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.560757] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.560779] Call Trace: [ 13.560790] <TASK> [ 13.560806] dump_stack_lvl+0x73/0xb0 [ 13.560834] print_report+0xd1/0x650 [ 13.560856] ? __virt_addr_valid+0x1db/0x2d0 [ 13.560879] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.560899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.560924] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.560944] kasan_report+0x141/0x180 [ 13.560965] ? kasan_atomics_helper+0x4bbc/0x5450 [ 13.560989] __asan_report_load4_noabort+0x18/0x20 [ 13.561012] kasan_atomics_helper+0x4bbc/0x5450 [ 13.561034] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.561054] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.561079] ? kasan_atomics+0x152/0x310 [ 13.561104] kasan_atomics+0x1dc/0x310 [ 13.561125] ? __pfx_kasan_atomics+0x10/0x10 [ 13.561148] ? __pfx_read_tsc+0x10/0x10 [ 13.561170] ? ktime_get_ts64+0x86/0x230 [ 13.561194] kunit_try_run_case+0x1a5/0x480 [ 13.561228] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.561249] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.561271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.561293] ? __kthread_parkme+0x82/0x180 [ 13.561314] ? preempt_count_sub+0x50/0x80 [ 13.561337] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.561362] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.561384] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.561407] kthread+0x337/0x6f0 [ 13.561426] ? trace_preempt_on+0x20/0xc0 [ 13.561449] ? __pfx_kthread+0x10/0x10 [ 13.561468] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.561488] ? calculate_sigpending+0x7b/0xa0 [ 13.561511] ? __pfx_kthread+0x10/0x10 [ 13.561532] ret_from_fork+0x116/0x1d0 [ 13.561550] ? __pfx_kthread+0x10/0x10 [ 13.561570] ret_from_fork_asm+0x1a/0x30 [ 13.561599] </TASK> [ 13.561609] [ 13.571895] Allocated by task 291: [ 13.572120] kasan_save_stack+0x45/0x70 [ 13.572282] kasan_save_track+0x18/0x40 [ 13.572514] kasan_save_alloc_info+0x3b/0x50 [ 13.572693] __kasan_kmalloc+0xb7/0xc0 [ 13.572853] __kmalloc_cache_noprof+0x189/0x420 [ 13.573041] kasan_atomics+0x95/0x310 [ 13.573610] kunit_try_run_case+0x1a5/0x480 [ 13.573801] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.574029] kthread+0x337/0x6f0 [ 13.574404] ret_from_fork+0x116/0x1d0 [ 13.574692] ret_from_fork_asm+0x1a/0x30 [ 13.574834] [ 13.574925] The buggy address belongs to the object at ffff8881029e2200 [ 13.574925] which belongs to the cache kmalloc-64 of size 64 [ 13.575758] The buggy address is located 0 bytes to the right of [ 13.575758] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.576433] [ 13.576583] The buggy address belongs to the physical page: [ 13.576846] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.577175] flags: 0x200000000000000(node=0|zone=2) [ 13.577693] page_type: f5(slab) [ 13.577980] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.578316] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.578788] page dumped because: kasan: bad access detected [ 13.579134] [ 13.579265] Memory state around the buggy address: [ 13.579616] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.579938] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.580533] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.580899] ^ [ 13.581080] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.581612] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.581864] ================================================================== [ 14.550759] ================================================================== [ 14.551090] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x1b22/0x5450 [ 14.551600] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.551927] [ 14.552049] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.552093] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.552106] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.552128] Call Trace: [ 14.552142] <TASK> [ 14.552156] dump_stack_lvl+0x73/0xb0 [ 14.552215] print_report+0xd1/0x650 [ 14.552236] ? __virt_addr_valid+0x1db/0x2d0 [ 14.552259] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.552280] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.552306] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.552327] kasan_report+0x141/0x180 [ 14.552349] ? kasan_atomics_helper+0x1b22/0x5450 [ 14.552384] kasan_check_range+0x10c/0x1c0 [ 14.552407] __kasan_check_write+0x18/0x20 [ 14.552430] kasan_atomics_helper+0x1b22/0x5450 [ 14.552462] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.552484] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.552508] ? kasan_atomics+0x152/0x310 [ 14.552542] kasan_atomics+0x1dc/0x310 [ 14.552564] ? __pfx_kasan_atomics+0x10/0x10 [ 14.552587] ? __pfx_read_tsc+0x10/0x10 [ 14.552618] ? ktime_get_ts64+0x86/0x230 [ 14.552643] kunit_try_run_case+0x1a5/0x480 [ 14.552670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.552692] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.552723] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.552745] ? __kthread_parkme+0x82/0x180 [ 14.552765] ? preempt_count_sub+0x50/0x80 [ 14.552798] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.552821] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.552843] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.552875] kthread+0x337/0x6f0 [ 14.552896] ? trace_preempt_on+0x20/0xc0 [ 14.552918] ? __pfx_kthread+0x10/0x10 [ 14.552949] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.552970] ? calculate_sigpending+0x7b/0xa0 [ 14.552993] ? __pfx_kthread+0x10/0x10 [ 14.553023] ret_from_fork+0x116/0x1d0 [ 14.553041] ? __pfx_kthread+0x10/0x10 [ 14.553062] ret_from_fork_asm+0x1a/0x30 [ 14.553101] </TASK> [ 14.553112] [ 14.560216] Allocated by task 291: [ 14.560383] kasan_save_stack+0x45/0x70 [ 14.560594] kasan_save_track+0x18/0x40 [ 14.560779] kasan_save_alloc_info+0x3b/0x50 [ 14.560976] __kasan_kmalloc+0xb7/0xc0 [ 14.561151] __kmalloc_cache_noprof+0x189/0x420 [ 14.561383] kasan_atomics+0x95/0x310 [ 14.561560] kunit_try_run_case+0x1a5/0x480 [ 14.561753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.561991] kthread+0x337/0x6f0 [ 14.562148] ret_from_fork+0x116/0x1d0 [ 14.562358] ret_from_fork_asm+0x1a/0x30 [ 14.562548] [ 14.562623] The buggy address belongs to the object at ffff8881029e2200 [ 14.562623] which belongs to the cache kmalloc-64 of size 64 [ 14.562964] The buggy address is located 0 bytes to the right of [ 14.562964] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.563437] [ 14.563524] The buggy address belongs to the physical page: [ 14.563791] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.564153] flags: 0x200000000000000(node=0|zone=2) [ 14.564400] page_type: f5(slab) [ 14.564581] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.564938] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.565304] page dumped because: kasan: bad access detected [ 14.565526] [ 14.565610] Memory state around the buggy address: [ 14.565819] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.566122] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.566472] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.566766] ^ [ 14.566951] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.567264] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.567565] ================================================================== [ 14.311836] ================================================================== [ 14.312076] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4eae/0x5450 [ 14.312689] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.313330] [ 14.313518] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.313566] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.313578] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.313601] Call Trace: [ 14.313615] <TASK> [ 14.313630] dump_stack_lvl+0x73/0xb0 [ 14.313656] print_report+0xd1/0x650 [ 14.313677] ? __virt_addr_valid+0x1db/0x2d0 [ 14.313699] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.313720] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.313757] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.313780] kasan_report+0x141/0x180 [ 14.313801] ? kasan_atomics_helper+0x4eae/0x5450 [ 14.313837] __asan_report_load8_noabort+0x18/0x20 [ 14.313861] kasan_atomics_helper+0x4eae/0x5450 [ 14.313883] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.313905] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.313938] ? kasan_atomics+0x152/0x310 [ 14.313963] kasan_atomics+0x1dc/0x310 [ 14.313995] ? __pfx_kasan_atomics+0x10/0x10 [ 14.314020] ? __pfx_read_tsc+0x10/0x10 [ 14.314042] ? ktime_get_ts64+0x86/0x230 [ 14.314068] kunit_try_run_case+0x1a5/0x480 [ 14.314091] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.314113] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.314134] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.314157] ? __kthread_parkme+0x82/0x180 [ 14.314197] ? preempt_count_sub+0x50/0x80 [ 14.314230] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.314254] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.314278] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.314302] kthread+0x337/0x6f0 [ 14.314322] ? trace_preempt_on+0x20/0xc0 [ 14.314345] ? __pfx_kthread+0x10/0x10 [ 14.314366] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.314388] ? calculate_sigpending+0x7b/0xa0 [ 14.314413] ? __pfx_kthread+0x10/0x10 [ 14.314435] ret_from_fork+0x116/0x1d0 [ 14.314454] ? __pfx_kthread+0x10/0x10 [ 14.314474] ret_from_fork_asm+0x1a/0x30 [ 14.314505] </TASK> [ 14.314516] [ 14.326123] Allocated by task 291: [ 14.326464] kasan_save_stack+0x45/0x70 [ 14.326822] kasan_save_track+0x18/0x40 [ 14.327189] kasan_save_alloc_info+0x3b/0x50 [ 14.327581] __kasan_kmalloc+0xb7/0xc0 [ 14.327930] __kmalloc_cache_noprof+0x189/0x420 [ 14.328362] kasan_atomics+0x95/0x310 [ 14.328708] kunit_try_run_case+0x1a5/0x480 [ 14.329090] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.329578] kthread+0x337/0x6f0 [ 14.329694] ret_from_fork+0x116/0x1d0 [ 14.329819] ret_from_fork_asm+0x1a/0x30 [ 14.329953] [ 14.330017] The buggy address belongs to the object at ffff8881029e2200 [ 14.330017] which belongs to the cache kmalloc-64 of size 64 [ 14.330825] The buggy address is located 0 bytes to the right of [ 14.330825] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.331920] [ 14.332076] The buggy address belongs to the physical page: [ 14.332582] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.333283] flags: 0x200000000000000(node=0|zone=2) [ 14.333524] page_type: f5(slab) [ 14.333851] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.334285] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.334856] page dumped because: kasan: bad access detected [ 14.335020] [ 14.335083] Memory state around the buggy address: [ 14.335408] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.336028] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.336653] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.337117] ^ [ 14.337521] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.337990] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.338302] ================================================================== [ 13.887751] ================================================================== [ 13.888083] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xa2b/0x5450 [ 13.888482] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.888811] [ 13.888892] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.888939] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.888951] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.888973] Call Trace: [ 13.888987] <TASK> [ 13.889001] dump_stack_lvl+0x73/0xb0 [ 13.889027] print_report+0xd1/0x650 [ 13.889049] ? __virt_addr_valid+0x1db/0x2d0 [ 13.889071] ? kasan_atomics_helper+0xa2b/0x5450 [ 13.889092] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.889118] ? kasan_atomics_helper+0xa2b/0x5450 [ 13.889139] kasan_report+0x141/0x180 [ 13.889161] ? kasan_atomics_helper+0xa2b/0x5450 [ 13.889186] kasan_check_range+0x10c/0x1c0 [ 13.889220] __kasan_check_write+0x18/0x20 [ 13.889243] kasan_atomics_helper+0xa2b/0x5450 [ 13.889265] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.889287] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.889311] ? kasan_atomics+0x152/0x310 [ 13.889337] kasan_atomics+0x1dc/0x310 [ 13.889358] ? __pfx_kasan_atomics+0x10/0x10 [ 13.889382] ? __pfx_read_tsc+0x10/0x10 [ 13.889426] ? ktime_get_ts64+0x86/0x230 [ 13.889451] kunit_try_run_case+0x1a5/0x480 [ 13.889474] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.889496] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.889519] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.889542] ? __kthread_parkme+0x82/0x180 [ 13.889562] ? preempt_count_sub+0x50/0x80 [ 13.889586] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.889609] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.889632] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.889655] kthread+0x337/0x6f0 [ 13.889675] ? trace_preempt_on+0x20/0xc0 [ 13.889697] ? __pfx_kthread+0x10/0x10 [ 13.889718] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.889738] ? calculate_sigpending+0x7b/0xa0 [ 13.889762] ? __pfx_kthread+0x10/0x10 [ 13.889783] ret_from_fork+0x116/0x1d0 [ 13.889802] ? __pfx_kthread+0x10/0x10 [ 13.889823] ret_from_fork_asm+0x1a/0x30 [ 13.889853] </TASK> [ 13.889882] [ 13.897152] Allocated by task 291: [ 13.897299] kasan_save_stack+0x45/0x70 [ 13.897448] kasan_save_track+0x18/0x40 [ 13.897578] kasan_save_alloc_info+0x3b/0x50 [ 13.897801] __kasan_kmalloc+0xb7/0xc0 [ 13.897983] __kmalloc_cache_noprof+0x189/0x420 [ 13.898189] kasan_atomics+0x95/0x310 [ 13.898375] kunit_try_run_case+0x1a5/0x480 [ 13.898561] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.898730] kthread+0x337/0x6f0 [ 13.898910] ret_from_fork+0x116/0x1d0 [ 13.899089] ret_from_fork_asm+0x1a/0x30 [ 13.899409] [ 13.899481] The buggy address belongs to the object at ffff8881029e2200 [ 13.899481] which belongs to the cache kmalloc-64 of size 64 [ 13.899825] The buggy address is located 0 bytes to the right of [ 13.899825] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.900381] [ 13.900470] The buggy address belongs to the physical page: [ 13.900718] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.901054] flags: 0x200000000000000(node=0|zone=2) [ 13.901400] page_type: f5(slab) [ 13.901546] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.901799] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.902039] page dumped because: kasan: bad access detected [ 13.902280] [ 13.902383] Memory state around the buggy address: [ 13.902694] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.902959] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.903159] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.903450] ^ [ 13.903660] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.903989] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.904297] ================================================================== [ 13.704302] ================================================================== [ 13.704643] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4b3a/0x5450 [ 13.704906] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.705277] [ 13.705386] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.705431] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.705444] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.705465] Call Trace: [ 13.705480] <TASK> [ 13.705495] dump_stack_lvl+0x73/0xb0 [ 13.705521] print_report+0xd1/0x650 [ 13.705543] ? __virt_addr_valid+0x1db/0x2d0 [ 13.705564] ? kasan_atomics_helper+0x4b3a/0x5450 [ 13.705585] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.705611] ? kasan_atomics_helper+0x4b3a/0x5450 [ 13.705633] kasan_report+0x141/0x180 [ 13.705654] ? kasan_atomics_helper+0x4b3a/0x5450 [ 13.705680] __asan_report_store4_noabort+0x1b/0x30 [ 13.705704] kasan_atomics_helper+0x4b3a/0x5450 [ 13.705726] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.705748] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.705772] ? kasan_atomics+0x152/0x310 [ 13.705797] kasan_atomics+0x1dc/0x310 [ 13.705820] ? __pfx_kasan_atomics+0x10/0x10 [ 13.705843] ? __pfx_read_tsc+0x10/0x10 [ 13.705864] ? ktime_get_ts64+0x86/0x230 [ 13.705888] kunit_try_run_case+0x1a5/0x480 [ 13.705913] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.705934] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.705956] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.705979] ? __kthread_parkme+0x82/0x180 [ 13.706000] ? preempt_count_sub+0x50/0x80 [ 13.706023] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.706046] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.706069] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.706092] kthread+0x337/0x6f0 [ 13.706112] ? trace_preempt_on+0x20/0xc0 [ 13.706135] ? __pfx_kthread+0x10/0x10 [ 13.706156] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.706229] ? calculate_sigpending+0x7b/0xa0 [ 13.706254] ? __pfx_kthread+0x10/0x10 [ 13.706276] ret_from_fork+0x116/0x1d0 [ 13.706295] ? __pfx_kthread+0x10/0x10 [ 13.706316] ret_from_fork_asm+0x1a/0x30 [ 13.706346] </TASK> [ 13.706357] [ 13.713183] Allocated by task 291: [ 13.713363] kasan_save_stack+0x45/0x70 [ 13.713559] kasan_save_track+0x18/0x40 [ 13.713744] kasan_save_alloc_info+0x3b/0x50 [ 13.713936] __kasan_kmalloc+0xb7/0xc0 [ 13.714114] __kmalloc_cache_noprof+0x189/0x420 [ 13.714345] kasan_atomics+0x95/0x310 [ 13.714473] kunit_try_run_case+0x1a5/0x480 [ 13.714673] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.714914] kthread+0x337/0x6f0 [ 13.715073] ret_from_fork+0x116/0x1d0 [ 13.715259] ret_from_fork_asm+0x1a/0x30 [ 13.715437] [ 13.715511] The buggy address belongs to the object at ffff8881029e2200 [ 13.715511] which belongs to the cache kmalloc-64 of size 64 [ 13.715898] The buggy address is located 0 bytes to the right of [ 13.715898] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.716290] [ 13.716402] The buggy address belongs to the physical page: [ 13.716646] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.717011] flags: 0x200000000000000(node=0|zone=2) [ 13.717272] page_type: f5(slab) [ 13.717449] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.717777] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.718081] page dumped because: kasan: bad access detected [ 13.718330] [ 13.718396] Memory state around the buggy address: [ 13.718543] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.718753] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.718961] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.719250] ^ [ 13.719486] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.719802] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.720111] ================================================================== [ 13.788253] ================================================================== [ 13.788669] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x72f/0x5450 [ 13.789014] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.789373] [ 13.789455] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.789500] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.789512] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.789534] Call Trace: [ 13.789547] <TASK> [ 13.789562] dump_stack_lvl+0x73/0xb0 [ 13.789588] print_report+0xd1/0x650 [ 13.789609] ? __virt_addr_valid+0x1db/0x2d0 [ 13.789631] ? kasan_atomics_helper+0x72f/0x5450 [ 13.789652] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.789677] ? kasan_atomics_helper+0x72f/0x5450 [ 13.789699] kasan_report+0x141/0x180 [ 13.789720] ? kasan_atomics_helper+0x72f/0x5450 [ 13.789745] kasan_check_range+0x10c/0x1c0 [ 13.789768] __kasan_check_write+0x18/0x20 [ 13.789791] kasan_atomics_helper+0x72f/0x5450 [ 13.789813] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.789835] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.789860] ? kasan_atomics+0x152/0x310 [ 13.789885] kasan_atomics+0x1dc/0x310 [ 13.789907] ? __pfx_kasan_atomics+0x10/0x10 [ 13.789931] ? __pfx_read_tsc+0x10/0x10 [ 13.789951] ? ktime_get_ts64+0x86/0x230 [ 13.789975] kunit_try_run_case+0x1a5/0x480 [ 13.789999] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.790021] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.790042] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.790064] ? __kthread_parkme+0x82/0x180 [ 13.790085] ? preempt_count_sub+0x50/0x80 [ 13.790107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.790130] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.790152] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.790184] kthread+0x337/0x6f0 [ 13.790211] ? trace_preempt_on+0x20/0xc0 [ 13.790233] ? __pfx_kthread+0x10/0x10 [ 13.790254] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.790276] ? calculate_sigpending+0x7b/0xa0 [ 13.790300] ? __pfx_kthread+0x10/0x10 [ 13.790321] ret_from_fork+0x116/0x1d0 [ 13.790340] ? __pfx_kthread+0x10/0x10 [ 13.790361] ret_from_fork_asm+0x1a/0x30 [ 13.790390] </TASK> [ 13.790401] [ 13.799237] Allocated by task 291: [ 13.799560] kasan_save_stack+0x45/0x70 [ 13.799835] kasan_save_track+0x18/0x40 [ 13.800035] kasan_save_alloc_info+0x3b/0x50 [ 13.800411] __kasan_kmalloc+0xb7/0xc0 [ 13.800671] __kmalloc_cache_noprof+0x189/0x420 [ 13.800977] kasan_atomics+0x95/0x310 [ 13.801277] kunit_try_run_case+0x1a5/0x480 [ 13.801557] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.801770] kthread+0x337/0x6f0 [ 13.801917] ret_from_fork+0x116/0x1d0 [ 13.802097] ret_from_fork_asm+0x1a/0x30 [ 13.802535] [ 13.802620] The buggy address belongs to the object at ffff8881029e2200 [ 13.802620] which belongs to the cache kmalloc-64 of size 64 [ 13.803457] The buggy address is located 0 bytes to the right of [ 13.803457] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.804160] [ 13.804251] The buggy address belongs to the physical page: [ 13.804629] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.805087] flags: 0x200000000000000(node=0|zone=2) [ 13.805406] page_type: f5(slab) [ 13.805677] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.806077] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.806544] page dumped because: kasan: bad access detected [ 13.806887] [ 13.806957] Memory state around the buggy address: [ 13.807343] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.807747] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.808137] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.808628] ^ [ 13.808945] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.809455] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.809763] ================================================================== [ 14.359514] ================================================================== [ 14.359844] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x50d4/0x5450 [ 14.360070] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.360612] [ 14.360718] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.360763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.360776] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.360797] Call Trace: [ 14.360813] <TASK> [ 14.360828] dump_stack_lvl+0x73/0xb0 [ 14.360853] print_report+0xd1/0x650 [ 14.360874] ? __virt_addr_valid+0x1db/0x2d0 [ 14.360896] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.360918] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.360944] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.360965] kasan_report+0x141/0x180 [ 14.360986] ? kasan_atomics_helper+0x50d4/0x5450 [ 14.361012] __asan_report_store8_noabort+0x1b/0x30 [ 14.361037] kasan_atomics_helper+0x50d4/0x5450 [ 14.361059] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.361081] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.361117] ? kasan_atomics+0x152/0x310 [ 14.361143] kasan_atomics+0x1dc/0x310 [ 14.361166] ? __pfx_kasan_atomics+0x10/0x10 [ 14.361201] ? __pfx_read_tsc+0x10/0x10 [ 14.361231] ? ktime_get_ts64+0x86/0x230 [ 14.361256] kunit_try_run_case+0x1a5/0x480 [ 14.361279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.361301] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.361323] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.361346] ? __kthread_parkme+0x82/0x180 [ 14.361365] ? preempt_count_sub+0x50/0x80 [ 14.361388] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.361412] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.361434] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.361457] kthread+0x337/0x6f0 [ 14.361476] ? trace_preempt_on+0x20/0xc0 [ 14.361499] ? __pfx_kthread+0x10/0x10 [ 14.361519] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.361539] ? calculate_sigpending+0x7b/0xa0 [ 14.361563] ? __pfx_kthread+0x10/0x10 [ 14.361584] ret_from_fork+0x116/0x1d0 [ 14.361603] ? __pfx_kthread+0x10/0x10 [ 14.361624] ret_from_fork_asm+0x1a/0x30 [ 14.361655] </TASK> [ 14.361666] [ 14.369039] Allocated by task 291: [ 14.369306] kasan_save_stack+0x45/0x70 [ 14.369509] kasan_save_track+0x18/0x40 [ 14.369676] kasan_save_alloc_info+0x3b/0x50 [ 14.369892] __kasan_kmalloc+0xb7/0xc0 [ 14.370067] __kmalloc_cache_noprof+0x189/0x420 [ 14.370297] kasan_atomics+0x95/0x310 [ 14.370465] kunit_try_run_case+0x1a5/0x480 [ 14.370667] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.370908] kthread+0x337/0x6f0 [ 14.371045] ret_from_fork+0x116/0x1d0 [ 14.371170] ret_from_fork_asm+0x1a/0x30 [ 14.371365] [ 14.371463] The buggy address belongs to the object at ffff8881029e2200 [ 14.371463] which belongs to the cache kmalloc-64 of size 64 [ 14.371943] The buggy address is located 0 bytes to the right of [ 14.371943] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.372507] [ 14.372587] The buggy address belongs to the physical page: [ 14.372815] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.373130] flags: 0x200000000000000(node=0|zone=2) [ 14.373421] page_type: f5(slab) [ 14.373534] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.373760] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.373982] page dumped because: kasan: bad access detected [ 14.374155] [ 14.374251] Memory state around the buggy address: [ 14.374463] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.374836] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.375183] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.375477] ^ [ 14.375627] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.375837] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.376044] ================================================================== [ 13.686017] ================================================================== [ 13.686446] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a0/0x5450 [ 13.687282] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.687647] [ 13.687728] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.687777] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.687792] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.687814] Call Trace: [ 13.687831] <TASK> [ 13.687847] dump_stack_lvl+0x73/0xb0 [ 13.687874] print_report+0xd1/0x650 [ 13.687922] ? __virt_addr_valid+0x1db/0x2d0 [ 13.687945] ? kasan_atomics_helper+0x4a0/0x5450 [ 13.687966] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.687992] ? kasan_atomics_helper+0x4a0/0x5450 [ 13.688013] kasan_report+0x141/0x180 [ 13.688035] ? kasan_atomics_helper+0x4a0/0x5450 [ 13.688059] kasan_check_range+0x10c/0x1c0 [ 13.688083] __kasan_check_write+0x18/0x20 [ 13.688106] kasan_atomics_helper+0x4a0/0x5450 [ 13.688128] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.688151] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.688176] ? kasan_atomics+0x152/0x310 [ 13.688216] kasan_atomics+0x1dc/0x310 [ 13.688241] ? __pfx_kasan_atomics+0x10/0x10 [ 13.688267] ? __pfx_read_tsc+0x10/0x10 [ 13.688289] ? ktime_get_ts64+0x86/0x230 [ 13.688315] kunit_try_run_case+0x1a5/0x480 [ 13.688339] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.688362] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.688403] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.688426] ? __kthread_parkme+0x82/0x180 [ 13.688448] ? preempt_count_sub+0x50/0x80 [ 13.688472] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.688495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.688519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.688542] kthread+0x337/0x6f0 [ 13.688561] ? trace_preempt_on+0x20/0xc0 [ 13.688585] ? __pfx_kthread+0x10/0x10 [ 13.688606] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.688627] ? calculate_sigpending+0x7b/0xa0 [ 13.688654] ? __pfx_kthread+0x10/0x10 [ 13.688676] ret_from_fork+0x116/0x1d0 [ 13.688694] ? __pfx_kthread+0x10/0x10 [ 13.688715] ret_from_fork_asm+0x1a/0x30 [ 13.688745] </TASK> [ 13.688755] [ 13.696544] Allocated by task 291: [ 13.696715] kasan_save_stack+0x45/0x70 [ 13.696892] kasan_save_track+0x18/0x40 [ 13.697042] kasan_save_alloc_info+0x3b/0x50 [ 13.697180] __kasan_kmalloc+0xb7/0xc0 [ 13.697314] __kmalloc_cache_noprof+0x189/0x420 [ 13.697539] kasan_atomics+0x95/0x310 [ 13.697717] kunit_try_run_case+0x1a5/0x480 [ 13.697911] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.698139] kthread+0x337/0x6f0 [ 13.698362] ret_from_fork+0x116/0x1d0 [ 13.698506] ret_from_fork_asm+0x1a/0x30 [ 13.698652] [ 13.698738] The buggy address belongs to the object at ffff8881029e2200 [ 13.698738] which belongs to the cache kmalloc-64 of size 64 [ 13.699266] The buggy address is located 0 bytes to the right of [ 13.699266] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.699749] [ 13.699834] The buggy address belongs to the physical page: [ 13.700065] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.700406] flags: 0x200000000000000(node=0|zone=2) [ 13.700600] page_type: f5(slab) [ 13.700775] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.701088] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.701383] page dumped because: kasan: bad access detected [ 13.701545] [ 13.701606] Memory state around the buggy address: [ 13.701749] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.701949] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.702304] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.702610] ^ [ 13.702821] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.703151] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.703491] ================================================================== [ 14.393720] ================================================================== [ 14.394078] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x15b6/0x5450 [ 14.394496] Write of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.394818] [ 14.394935] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.394993] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.395006] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.395028] Call Trace: [ 14.395040] <TASK> [ 14.395054] dump_stack_lvl+0x73/0xb0 [ 14.395078] print_report+0xd1/0x650 [ 14.395100] ? __virt_addr_valid+0x1db/0x2d0 [ 14.395122] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.395142] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.395188] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.395218] kasan_report+0x141/0x180 [ 14.395240] ? kasan_atomics_helper+0x15b6/0x5450 [ 14.395266] kasan_check_range+0x10c/0x1c0 [ 14.395290] __kasan_check_write+0x18/0x20 [ 14.395313] kasan_atomics_helper+0x15b6/0x5450 [ 14.395335] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.395357] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.395381] ? kasan_atomics+0x152/0x310 [ 14.395407] kasan_atomics+0x1dc/0x310 [ 14.395438] ? __pfx_kasan_atomics+0x10/0x10 [ 14.395463] ? __pfx_read_tsc+0x10/0x10 [ 14.395484] ? ktime_get_ts64+0x86/0x230 [ 14.395520] kunit_try_run_case+0x1a5/0x480 [ 14.395543] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.395565] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.395588] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.395610] ? __kthread_parkme+0x82/0x180 [ 14.395630] ? preempt_count_sub+0x50/0x80 [ 14.395653] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.395677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.395700] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.395723] kthread+0x337/0x6f0 [ 14.395744] ? trace_preempt_on+0x20/0xc0 [ 14.395766] ? __pfx_kthread+0x10/0x10 [ 14.395787] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.395807] ? calculate_sigpending+0x7b/0xa0 [ 14.395831] ? __pfx_kthread+0x10/0x10 [ 14.395852] ret_from_fork+0x116/0x1d0 [ 14.395872] ? __pfx_kthread+0x10/0x10 [ 14.395893] ret_from_fork_asm+0x1a/0x30 [ 14.395923] </TASK> [ 14.395934] [ 14.402833] Allocated by task 291: [ 14.403010] kasan_save_stack+0x45/0x70 [ 14.403223] kasan_save_track+0x18/0x40 [ 14.403402] kasan_save_alloc_info+0x3b/0x50 [ 14.403587] __kasan_kmalloc+0xb7/0xc0 [ 14.403775] __kmalloc_cache_noprof+0x189/0x420 [ 14.403923] kasan_atomics+0x95/0x310 [ 14.404048] kunit_try_run_case+0x1a5/0x480 [ 14.404216] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.404464] kthread+0x337/0x6f0 [ 14.404656] ret_from_fork+0x116/0x1d0 [ 14.404866] ret_from_fork_asm+0x1a/0x30 [ 14.405083] [ 14.405210] The buggy address belongs to the object at ffff8881029e2200 [ 14.405210] which belongs to the cache kmalloc-64 of size 64 [ 14.405567] The buggy address is located 0 bytes to the right of [ 14.405567] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.406085] [ 14.406195] The buggy address belongs to the physical page: [ 14.406461] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.406771] flags: 0x200000000000000(node=0|zone=2) [ 14.406987] page_type: f5(slab) [ 14.407144] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.407447] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.407755] page dumped because: kasan: bad access detected [ 14.407986] [ 14.408049] Memory state around the buggy address: [ 14.408227] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.408436] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.408644] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.408922] ^ [ 14.409148] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.409475] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.409777] ================================================================== [ 14.742617] ================================================================== [ 14.742916] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4f98/0x5450 [ 14.743295] Read of size 8 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.743575] [ 14.743697] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.743743] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.743755] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.743778] Call Trace: [ 14.743791] <TASK> [ 14.743806] dump_stack_lvl+0x73/0xb0 [ 14.743841] print_report+0xd1/0x650 [ 14.743863] ? __virt_addr_valid+0x1db/0x2d0 [ 14.743885] ? kasan_atomics_helper+0x4f98/0x5450 [ 14.743917] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.743943] ? kasan_atomics_helper+0x4f98/0x5450 [ 14.743964] kasan_report+0x141/0x180 [ 14.743994] ? kasan_atomics_helper+0x4f98/0x5450 [ 14.744020] __asan_report_load8_noabort+0x18/0x20 [ 14.744045] kasan_atomics_helper+0x4f98/0x5450 [ 14.744078] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.744099] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.744124] ? kasan_atomics+0x152/0x310 [ 14.744157] kasan_atomics+0x1dc/0x310 [ 14.744198] ? __pfx_kasan_atomics+0x10/0x10 [ 14.744236] ? __pfx_read_tsc+0x10/0x10 [ 14.744257] ? ktime_get_ts64+0x86/0x230 [ 14.744282] kunit_try_run_case+0x1a5/0x480 [ 14.744305] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.744327] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.744349] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.744371] ? __kthread_parkme+0x82/0x180 [ 14.744401] ? preempt_count_sub+0x50/0x80 [ 14.744424] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.744448] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.744481] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.744504] kthread+0x337/0x6f0 [ 14.744523] ? trace_preempt_on+0x20/0xc0 [ 14.744546] ? __pfx_kthread+0x10/0x10 [ 14.744566] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.744587] ? calculate_sigpending+0x7b/0xa0 [ 14.744611] ? __pfx_kthread+0x10/0x10 [ 14.744632] ret_from_fork+0x116/0x1d0 [ 14.744654] ? __pfx_kthread+0x10/0x10 [ 14.744675] ret_from_fork_asm+0x1a/0x30 [ 14.744705] </TASK> [ 14.744716] [ 14.751818] Allocated by task 291: [ 14.751958] kasan_save_stack+0x45/0x70 [ 14.752092] kasan_save_track+0x18/0x40 [ 14.752234] kasan_save_alloc_info+0x3b/0x50 [ 14.752380] __kasan_kmalloc+0xb7/0xc0 [ 14.752557] __kmalloc_cache_noprof+0x189/0x420 [ 14.752770] kasan_atomics+0x95/0x310 [ 14.752996] kunit_try_run_case+0x1a5/0x480 [ 14.753253] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.753505] kthread+0x337/0x6f0 [ 14.753664] ret_from_fork+0x116/0x1d0 [ 14.753838] ret_from_fork_asm+0x1a/0x30 [ 14.754026] [ 14.754128] The buggy address belongs to the object at ffff8881029e2200 [ 14.754128] which belongs to the cache kmalloc-64 of size 64 [ 14.754622] The buggy address is located 0 bytes to the right of [ 14.754622] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.755144] [ 14.755263] The buggy address belongs to the physical page: [ 14.755481] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.755805] flags: 0x200000000000000(node=0|zone=2) [ 14.756026] page_type: f5(slab) [ 14.756216] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.756546] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.756859] page dumped because: kasan: bad access detected [ 14.757025] [ 14.757088] Memory state around the buggy address: [ 14.757302] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.757620] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.757928] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.758264] ^ [ 14.758472] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.758681] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.758944] ================================================================== [ 13.986682] ================================================================== [ 13.986944] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xd47/0x5450 [ 13.987279] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.987639] [ 13.987746] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.987792] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.987805] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.987828] Call Trace: [ 13.987842] <TASK> [ 13.987858] dump_stack_lvl+0x73/0xb0 [ 13.987884] print_report+0xd1/0x650 [ 13.987905] ? __virt_addr_valid+0x1db/0x2d0 [ 13.987928] ? kasan_atomics_helper+0xd47/0x5450 [ 13.987949] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.987975] ? kasan_atomics_helper+0xd47/0x5450 [ 13.987996] kasan_report+0x141/0x180 [ 13.988017] ? kasan_atomics_helper+0xd47/0x5450 [ 13.988043] kasan_check_range+0x10c/0x1c0 [ 13.988067] __kasan_check_write+0x18/0x20 [ 13.988090] kasan_atomics_helper+0xd47/0x5450 [ 13.988112] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.988134] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.988158] ? kasan_atomics+0x152/0x310 [ 13.988184] kasan_atomics+0x1dc/0x310 [ 13.988218] ? __pfx_kasan_atomics+0x10/0x10 [ 13.988242] ? __pfx_read_tsc+0x10/0x10 [ 13.988263] ? ktime_get_ts64+0x86/0x230 [ 13.988287] kunit_try_run_case+0x1a5/0x480 [ 13.988310] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.988332] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.988355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.988377] ? __kthread_parkme+0x82/0x180 [ 13.988397] ? preempt_count_sub+0x50/0x80 [ 13.988420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.988443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.988465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.988489] kthread+0x337/0x6f0 [ 13.988508] ? trace_preempt_on+0x20/0xc0 [ 13.988531] ? __pfx_kthread+0x10/0x10 [ 13.988551] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.988572] ? calculate_sigpending+0x7b/0xa0 [ 13.988596] ? __pfx_kthread+0x10/0x10 [ 13.988617] ret_from_fork+0x116/0x1d0 [ 13.988635] ? __pfx_kthread+0x10/0x10 [ 13.988659] ret_from_fork_asm+0x1a/0x30 [ 13.988689] </TASK> [ 13.988699] [ 13.995993] Allocated by task 291: [ 13.996163] kasan_save_stack+0x45/0x70 [ 13.996396] kasan_save_track+0x18/0x40 [ 13.996557] kasan_save_alloc_info+0x3b/0x50 [ 13.996729] __kasan_kmalloc+0xb7/0xc0 [ 13.996909] __kmalloc_cache_noprof+0x189/0x420 [ 13.997101] kasan_atomics+0x95/0x310 [ 13.997255] kunit_try_run_case+0x1a5/0x480 [ 13.997396] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.997563] kthread+0x337/0x6f0 [ 13.997785] ret_from_fork+0x116/0x1d0 [ 13.997959] ret_from_fork_asm+0x1a/0x30 [ 13.998201] [ 13.998290] The buggy address belongs to the object at ffff8881029e2200 [ 13.998290] which belongs to the cache kmalloc-64 of size 64 [ 13.998649] The buggy address is located 0 bytes to the right of [ 13.998649] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.999167] [ 13.999263] The buggy address belongs to the physical page: [ 13.999512] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.999819] flags: 0x200000000000000(node=0|zone=2) [ 14.000007] page_type: f5(slab) [ 14.000153] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.000464] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.000750] page dumped because: kasan: bad access detected [ 14.000972] [ 14.001044] Memory state around the buggy address: [ 14.001278] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.001552] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.001834] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.002048] ^ [ 14.002194] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.002411] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.002619] ================================================================== [ 13.852864] ================================================================== [ 13.853218] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x8f9/0x5450 [ 13.853993] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.854239] [ 13.854320] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.854366] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.854380] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.854402] Call Trace: [ 13.854420] <TASK> [ 13.854436] dump_stack_lvl+0x73/0xb0 [ 13.854465] print_report+0xd1/0x650 [ 13.854486] ? __virt_addr_valid+0x1db/0x2d0 [ 13.854509] ? kasan_atomics_helper+0x8f9/0x5450 [ 13.854530] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.854556] ? kasan_atomics_helper+0x8f9/0x5450 [ 13.854577] kasan_report+0x141/0x180 [ 13.854600] ? kasan_atomics_helper+0x8f9/0x5450 [ 13.854625] kasan_check_range+0x10c/0x1c0 [ 13.854650] __kasan_check_write+0x18/0x20 [ 13.854674] kasan_atomics_helper+0x8f9/0x5450 [ 13.854696] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.854718] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.854742] ? kasan_atomics+0x152/0x310 [ 13.854768] kasan_atomics+0x1dc/0x310 [ 13.854790] ? __pfx_kasan_atomics+0x10/0x10 [ 13.854813] ? __pfx_read_tsc+0x10/0x10 [ 13.854834] ? ktime_get_ts64+0x86/0x230 [ 13.854859] kunit_try_run_case+0x1a5/0x480 [ 13.854910] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.854933] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.854955] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.854978] ? __kthread_parkme+0x82/0x180 [ 13.854999] ? preempt_count_sub+0x50/0x80 [ 13.855022] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.855045] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.855068] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.855090] kthread+0x337/0x6f0 [ 13.855109] ? trace_preempt_on+0x20/0xc0 [ 13.855133] ? __pfx_kthread+0x10/0x10 [ 13.855153] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.855173] ? calculate_sigpending+0x7b/0xa0 [ 13.855197] ? __pfx_kthread+0x10/0x10 [ 13.855227] ret_from_fork+0x116/0x1d0 [ 13.855246] ? __pfx_kthread+0x10/0x10 [ 13.855266] ret_from_fork_asm+0x1a/0x30 [ 13.855297] </TASK> [ 13.855308] [ 13.862568] Allocated by task 291: [ 13.862691] kasan_save_stack+0x45/0x70 [ 13.862829] kasan_save_track+0x18/0x40 [ 13.863030] kasan_save_alloc_info+0x3b/0x50 [ 13.863307] __kasan_kmalloc+0xb7/0xc0 [ 13.863484] __kmalloc_cache_noprof+0x189/0x420 [ 13.863697] kasan_atomics+0x95/0x310 [ 13.863872] kunit_try_run_case+0x1a5/0x480 [ 13.864030] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.864299] kthread+0x337/0x6f0 [ 13.864483] ret_from_fork+0x116/0x1d0 [ 13.864682] ret_from_fork_asm+0x1a/0x30 [ 13.864819] [ 13.864898] The buggy address belongs to the object at ffff8881029e2200 [ 13.864898] which belongs to the cache kmalloc-64 of size 64 [ 13.865482] The buggy address is located 0 bytes to the right of [ 13.865482] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.865893] [ 13.865957] The buggy address belongs to the physical page: [ 13.866123] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.866496] flags: 0x200000000000000(node=0|zone=2) [ 13.866720] page_type: f5(slab) [ 13.866918] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.867157] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.867390] page dumped because: kasan: bad access detected [ 13.867651] [ 13.867738] Memory state around the buggy address: [ 13.867974] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.868311] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.868790] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.868999] ^ [ 13.869151] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.869484] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.869790] ================================================================== [ 14.171061] ================================================================== [ 14.171659] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4a02/0x5450 [ 14.171903] Read of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.172117] [ 14.172192] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.172397] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.172413] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.172513] Call Trace: [ 14.172528] <TASK> [ 14.172543] dump_stack_lvl+0x73/0xb0 [ 14.172658] print_report+0xd1/0x650 [ 14.172683] ? __virt_addr_valid+0x1db/0x2d0 [ 14.172704] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.172803] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.172829] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.172862] kasan_report+0x141/0x180 [ 14.172885] ? kasan_atomics_helper+0x4a02/0x5450 [ 14.172910] __asan_report_load4_noabort+0x18/0x20 [ 14.173100] kasan_atomics_helper+0x4a02/0x5450 [ 14.173124] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.173159] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.173183] ? kasan_atomics+0x152/0x310 [ 14.173218] kasan_atomics+0x1dc/0x310 [ 14.173241] ? __pfx_kasan_atomics+0x10/0x10 [ 14.173264] ? __pfx_read_tsc+0x10/0x10 [ 14.173285] ? ktime_get_ts64+0x86/0x230 [ 14.173310] kunit_try_run_case+0x1a5/0x480 [ 14.173334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.173355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.173377] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.173400] ? __kthread_parkme+0x82/0x180 [ 14.173420] ? preempt_count_sub+0x50/0x80 [ 14.173444] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.173467] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.173489] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.173512] kthread+0x337/0x6f0 [ 14.173532] ? trace_preempt_on+0x20/0xc0 [ 14.173555] ? __pfx_kthread+0x10/0x10 [ 14.173575] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.173596] ? calculate_sigpending+0x7b/0xa0 [ 14.173618] ? __pfx_kthread+0x10/0x10 [ 14.173640] ret_from_fork+0x116/0x1d0 [ 14.173659] ? __pfx_kthread+0x10/0x10 [ 14.173680] ret_from_fork_asm+0x1a/0x30 [ 14.173710] </TASK> [ 14.173722] [ 14.181256] Allocated by task 291: [ 14.181446] kasan_save_stack+0x45/0x70 [ 14.181652] kasan_save_track+0x18/0x40 [ 14.181826] kasan_save_alloc_info+0x3b/0x50 [ 14.182011] __kasan_kmalloc+0xb7/0xc0 [ 14.182272] __kmalloc_cache_noprof+0x189/0x420 [ 14.182593] kasan_atomics+0x95/0x310 [ 14.182862] kunit_try_run_case+0x1a5/0x480 [ 14.183138] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.183316] kthread+0x337/0x6f0 [ 14.183432] ret_from_fork+0x116/0x1d0 [ 14.183557] ret_from_fork_asm+0x1a/0x30 [ 14.183689] [ 14.183845] The buggy address belongs to the object at ffff8881029e2200 [ 14.183845] which belongs to the cache kmalloc-64 of size 64 [ 14.184819] The buggy address is located 0 bytes to the right of [ 14.184819] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.188228] [ 14.188543] The buggy address belongs to the physical page: [ 14.189500] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.190253] flags: 0x200000000000000(node=0|zone=2) [ 14.190432] page_type: f5(slab) [ 14.190553] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.190783] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.191004] page dumped because: kasan: bad access detected [ 14.191170] [ 14.192063] Memory state around the buggy address: [ 14.192984] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.193897] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.194828] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.195683] ^ [ 14.196363] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.196968] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.197433] ================================================================== [ 14.037182] ================================================================== [ 14.037932] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0xf10/0x5450 [ 14.038267] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 14.038583] [ 14.038700] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 14.038746] Tainted: [B]=BAD_PAGE, [N]=TEST [ 14.038759] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 14.038780] Call Trace: [ 14.038795] <TASK> [ 14.038809] dump_stack_lvl+0x73/0xb0 [ 14.038834] print_report+0xd1/0x650 [ 14.038855] ? __virt_addr_valid+0x1db/0x2d0 [ 14.038877] ? kasan_atomics_helper+0xf10/0x5450 [ 14.038899] ? kasan_complete_mode_report_info+0x2a/0x200 [ 14.038924] ? kasan_atomics_helper+0xf10/0x5450 [ 14.038946] kasan_report+0x141/0x180 [ 14.038967] ? kasan_atomics_helper+0xf10/0x5450 [ 14.038993] kasan_check_range+0x10c/0x1c0 [ 14.039016] __kasan_check_write+0x18/0x20 [ 14.039039] kasan_atomics_helper+0xf10/0x5450 [ 14.039061] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 14.039083] ? __kmalloc_cache_noprof+0x189/0x420 [ 14.039107] ? kasan_atomics+0x152/0x310 [ 14.039132] kasan_atomics+0x1dc/0x310 [ 14.039155] ? __pfx_kasan_atomics+0x10/0x10 [ 14.039178] ? __pfx_read_tsc+0x10/0x10 [ 14.039199] ? ktime_get_ts64+0x86/0x230 [ 14.039233] kunit_try_run_case+0x1a5/0x480 [ 14.039256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.039278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 14.039300] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 14.039323] ? __kthread_parkme+0x82/0x180 [ 14.039343] ? preempt_count_sub+0x50/0x80 [ 14.039366] ? __pfx_kunit_try_run_case+0x10/0x10 [ 14.039389] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.039411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 14.039434] kthread+0x337/0x6f0 [ 14.039453] ? trace_preempt_on+0x20/0xc0 [ 14.039475] ? __pfx_kthread+0x10/0x10 [ 14.039496] ? _raw_spin_unlock_irq+0x47/0x80 [ 14.039516] ? calculate_sigpending+0x7b/0xa0 [ 14.039540] ? __pfx_kthread+0x10/0x10 [ 14.039561] ret_from_fork+0x116/0x1d0 [ 14.039579] ? __pfx_kthread+0x10/0x10 [ 14.039600] ret_from_fork_asm+0x1a/0x30 [ 14.039629] </TASK> [ 14.039639] [ 14.046763] Allocated by task 291: [ 14.046930] kasan_save_stack+0x45/0x70 [ 14.047117] kasan_save_track+0x18/0x40 [ 14.047408] kasan_save_alloc_info+0x3b/0x50 [ 14.047551] __kasan_kmalloc+0xb7/0xc0 [ 14.047675] __kmalloc_cache_noprof+0x189/0x420 [ 14.047822] kasan_atomics+0x95/0x310 [ 14.047947] kunit_try_run_case+0x1a5/0x480 [ 14.048085] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 14.048303] kthread+0x337/0x6f0 [ 14.048466] ret_from_fork+0x116/0x1d0 [ 14.048715] ret_from_fork_asm+0x1a/0x30 [ 14.048907] [ 14.048995] The buggy address belongs to the object at ffff8881029e2200 [ 14.048995] which belongs to the cache kmalloc-64 of size 64 [ 14.049783] The buggy address is located 0 bytes to the right of [ 14.049783] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 14.050292] [ 14.050367] The buggy address belongs to the physical page: [ 14.050572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 14.050891] flags: 0x200000000000000(node=0|zone=2) [ 14.051103] page_type: f5(slab) [ 14.051285] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 14.051517] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 14.051737] page dumped because: kasan: bad access detected [ 14.051899] [ 14.051960] Memory state around the buggy address: [ 14.052107] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.052447] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 14.052761] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 14.053155] ^ [ 14.053582] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.053875] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 14.054082] ================================================================== [ 13.583358] ================================================================== [ 13.583721] BUG: KASAN: slab-out-of-bounds in kasan_atomics_helper+0x4ba2/0x5450 [ 13.583993] Write of size 4 at addr ffff8881029e2230 by task kunit_try_catch/291 [ 13.584417] [ 13.584595] CPU: 1 UID: 0 PID: 291 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.584644] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.584659] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.584680] Call Trace: [ 13.584694] <TASK> [ 13.584709] dump_stack_lvl+0x73/0xb0 [ 13.584734] print_report+0xd1/0x650 [ 13.584755] ? __virt_addr_valid+0x1db/0x2d0 [ 13.584776] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.584796] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.584821] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.584842] kasan_report+0x141/0x180 [ 13.584863] ? kasan_atomics_helper+0x4ba2/0x5450 [ 13.584887] __asan_report_store4_noabort+0x1b/0x30 [ 13.584911] kasan_atomics_helper+0x4ba2/0x5450 [ 13.584932] ? __pfx_kasan_atomics_helper+0x10/0x10 [ 13.584953] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.584976] ? kasan_atomics+0x152/0x310 [ 13.585000] kasan_atomics+0x1dc/0x310 [ 13.585021] ? __pfx_kasan_atomics+0x10/0x10 [ 13.585044] ? __pfx_read_tsc+0x10/0x10 [ 13.585064] ? ktime_get_ts64+0x86/0x230 [ 13.585088] kunit_try_run_case+0x1a5/0x480 [ 13.585111] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.585132] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.585153] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.585175] ? __kthread_parkme+0x82/0x180 [ 13.585195] ? preempt_count_sub+0x50/0x80 [ 13.585229] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.585252] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.585274] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.585296] kthread+0x337/0x6f0 [ 13.585315] ? trace_preempt_on+0x20/0xc0 [ 13.585337] ? __pfx_kthread+0x10/0x10 [ 13.585357] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.585377] ? calculate_sigpending+0x7b/0xa0 [ 13.585399] ? __pfx_kthread+0x10/0x10 [ 13.585420] ret_from_fork+0x116/0x1d0 [ 13.585485] ? __pfx_kthread+0x10/0x10 [ 13.585506] ret_from_fork_asm+0x1a/0x30 [ 13.585536] </TASK> [ 13.585546] [ 13.595537] Allocated by task 291: [ 13.596075] kasan_save_stack+0x45/0x70 [ 13.596237] kasan_save_track+0x18/0x40 [ 13.596513] kasan_save_alloc_info+0x3b/0x50 [ 13.596931] __kasan_kmalloc+0xb7/0xc0 [ 13.597103] __kmalloc_cache_noprof+0x189/0x420 [ 13.597521] kasan_atomics+0x95/0x310 [ 13.597676] kunit_try_run_case+0x1a5/0x480 [ 13.597866] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.598266] kthread+0x337/0x6f0 [ 13.598431] ret_from_fork+0x116/0x1d0 [ 13.598848] ret_from_fork_asm+0x1a/0x30 [ 13.598994] [ 13.599082] The buggy address belongs to the object at ffff8881029e2200 [ 13.599082] which belongs to the cache kmalloc-64 of size 64 [ 13.600017] The buggy address is located 0 bytes to the right of [ 13.600017] allocated 48-byte region [ffff8881029e2200, ffff8881029e2230) [ 13.600770] [ 13.600868] The buggy address belongs to the physical page: [ 13.601251] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029e2 [ 13.601590] flags: 0x200000000000000(node=0|zone=2) [ 13.601746] page_type: f5(slab) [ 13.602106] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 13.602676] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 13.602993] page dumped because: kasan: bad access detected [ 13.603319] [ 13.603403] Memory state around the buggy address: [ 13.603641] ffff8881029e2100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.604371] ffff8881029e2180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 13.604762] >ffff8881029e2200: 00 00 00 00 00 00 fc fc fc fc fc fc fc fc fc fc [ 13.605074] ^ [ 13.605622] ffff8881029e2280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.605966] ffff8881029e2300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.606305] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_test_and_modifyconstprop
[ 13.396077] ================================================================== [ 13.396366] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.396884] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.397352] [ 13.397462] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.397507] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.397518] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.397637] Call Trace: [ 13.397656] <TASK> [ 13.397670] dump_stack_lvl+0x73/0xb0 [ 13.397698] print_report+0xd1/0x650 [ 13.397720] ? __virt_addr_valid+0x1db/0x2d0 [ 13.397741] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.397766] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.397791] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.397819] kasan_report+0x141/0x180 [ 13.397839] ? kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.397870] kasan_check_range+0x10c/0x1c0 [ 13.397893] __kasan_check_write+0x18/0x20 [ 13.397915] kasan_bitops_test_and_modify.constprop.0+0x23e/0xd90 [ 13.397942] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.397970] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.397992] ? trace_hardirqs_on+0x37/0xe0 [ 13.398014] ? kasan_bitops_generic+0x92/0x1c0 [ 13.398039] kasan_bitops_generic+0x121/0x1c0 [ 13.398062] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.398085] ? __pfx_read_tsc+0x10/0x10 [ 13.398106] ? ktime_get_ts64+0x86/0x230 [ 13.398129] kunit_try_run_case+0x1a5/0x480 [ 13.398152] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.398174] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.398195] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.398228] ? __kthread_parkme+0x82/0x180 [ 13.398248] ? preempt_count_sub+0x50/0x80 [ 13.398270] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.398293] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.398314] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.398336] kthread+0x337/0x6f0 [ 13.398355] ? trace_preempt_on+0x20/0xc0 [ 13.398376] ? __pfx_kthread+0x10/0x10 [ 13.398396] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.398416] ? calculate_sigpending+0x7b/0xa0 [ 13.398439] ? __pfx_kthread+0x10/0x10 [ 13.398460] ret_from_fork+0x116/0x1d0 [ 13.398478] ? __pfx_kthread+0x10/0x10 [ 13.398497] ret_from_fork_asm+0x1a/0x30 [ 13.398527] </TASK> [ 13.398537] [ 13.416720] Allocated by task 287: [ 13.416905] kasan_save_stack+0x45/0x70 [ 13.417087] kasan_save_track+0x18/0x40 [ 13.417261] kasan_save_alloc_info+0x3b/0x50 [ 13.417451] __kasan_kmalloc+0xb7/0xc0 [ 13.417583] __kmalloc_cache_noprof+0x189/0x420 [ 13.417800] kasan_bitops_generic+0x92/0x1c0 [ 13.418004] kunit_try_run_case+0x1a5/0x480 [ 13.418201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.419089] kthread+0x337/0x6f0 [ 13.419449] ret_from_fork+0x116/0x1d0 [ 13.419938] ret_from_fork_asm+0x1a/0x30 [ 13.420615] [ 13.420942] The buggy address belongs to the object at ffff8881028596c0 [ 13.420942] which belongs to the cache kmalloc-16 of size 16 [ 13.421737] The buggy address is located 8 bytes inside of [ 13.421737] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.422092] [ 13.422157] The buggy address belongs to the physical page: [ 13.423148] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.424170] flags: 0x200000000000000(node=0|zone=2) [ 13.424887] page_type: f5(slab) [ 13.425468] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.426490] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.427158] page dumped because: kasan: bad access detected [ 13.427671] [ 13.427772] Memory state around the buggy address: [ 13.428168] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.428850] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.429241] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.429790] ^ [ 13.430127] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.430903] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.431219] ================================================================== [ 13.533032] ================================================================== [ 13.533502] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.533802] Read of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.534083] [ 13.534179] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.534236] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.534270] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.534291] Call Trace: [ 13.534304] <TASK> [ 13.534317] dump_stack_lvl+0x73/0xb0 [ 13.534342] print_report+0xd1/0x650 [ 13.534363] ? __virt_addr_valid+0x1db/0x2d0 [ 13.534384] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.534409] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.534453] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.534480] kasan_report+0x141/0x180 [ 13.534501] ? kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.534531] __asan_report_load8_noabort+0x18/0x20 [ 13.534554] kasan_bitops_test_and_modify.constprop.0+0xd06/0xd90 [ 13.534580] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.534621] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.534645] ? trace_hardirqs_on+0x37/0xe0 [ 13.534666] ? kasan_bitops_generic+0x92/0x1c0 [ 13.534691] kasan_bitops_generic+0x121/0x1c0 [ 13.534713] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.534737] ? __pfx_read_tsc+0x10/0x10 [ 13.534757] ? ktime_get_ts64+0x86/0x230 [ 13.534793] kunit_try_run_case+0x1a5/0x480 [ 13.534816] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.534837] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.534858] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.534880] ? __kthread_parkme+0x82/0x180 [ 13.534899] ? preempt_count_sub+0x50/0x80 [ 13.534920] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.534943] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.534965] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.534988] kthread+0x337/0x6f0 [ 13.535007] ? trace_preempt_on+0x20/0xc0 [ 13.535029] ? __pfx_kthread+0x10/0x10 [ 13.535050] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.535070] ? calculate_sigpending+0x7b/0xa0 [ 13.535093] ? __pfx_kthread+0x10/0x10 [ 13.535380] ret_from_fork+0x116/0x1d0 [ 13.535413] ? __pfx_kthread+0x10/0x10 [ 13.535502] ret_from_fork_asm+0x1a/0x30 [ 13.535531] </TASK> [ 13.535542] [ 13.544097] Allocated by task 287: [ 13.544310] kasan_save_stack+0x45/0x70 [ 13.544597] kasan_save_track+0x18/0x40 [ 13.544789] kasan_save_alloc_info+0x3b/0x50 [ 13.544972] __kasan_kmalloc+0xb7/0xc0 [ 13.545168] __kmalloc_cache_noprof+0x189/0x420 [ 13.545409] kasan_bitops_generic+0x92/0x1c0 [ 13.545569] kunit_try_run_case+0x1a5/0x480 [ 13.545707] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.546005] kthread+0x337/0x6f0 [ 13.546195] ret_from_fork+0x116/0x1d0 [ 13.546385] ret_from_fork_asm+0x1a/0x30 [ 13.546577] [ 13.546945] The buggy address belongs to the object at ffff8881028596c0 [ 13.546945] which belongs to the cache kmalloc-16 of size 16 [ 13.547391] The buggy address is located 8 bytes inside of [ 13.547391] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.548022] [ 13.548113] The buggy address belongs to the physical page: [ 13.548402] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.548855] flags: 0x200000000000000(node=0|zone=2) [ 13.549038] page_type: f5(slab) [ 13.549153] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.549467] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.549863] page dumped because: kasan: bad access detected [ 13.550070] [ 13.550135] Memory state around the buggy address: [ 13.550348] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.550885] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.551233] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.551610] ^ [ 13.551844] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.552104] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.552516] ================================================================== [ 13.513690] ================================================================== [ 13.513958] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.514560] Read of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.514886] [ 13.514985] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.515029] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.515040] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.515060] Call Trace: [ 13.515076] <TASK> [ 13.515089] dump_stack_lvl+0x73/0xb0 [ 13.515114] print_report+0xd1/0x650 [ 13.515134] ? __virt_addr_valid+0x1db/0x2d0 [ 13.515155] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.515181] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.515219] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.515245] kasan_report+0x141/0x180 [ 13.515266] ? kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.515296] kasan_check_range+0x10c/0x1c0 [ 13.515318] __kasan_check_read+0x15/0x20 [ 13.515340] kasan_bitops_test_and_modify.constprop.0+0x557/0xd90 [ 13.515366] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.515393] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.515415] ? trace_hardirqs_on+0x37/0xe0 [ 13.515436] ? kasan_bitops_generic+0x92/0x1c0 [ 13.515461] kasan_bitops_generic+0x121/0x1c0 [ 13.515483] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.515507] ? __pfx_read_tsc+0x10/0x10 [ 13.515526] ? ktime_get_ts64+0x86/0x230 [ 13.515549] kunit_try_run_case+0x1a5/0x480 [ 13.515571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.515592] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.515613] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.515635] ? __kthread_parkme+0x82/0x180 [ 13.515653] ? preempt_count_sub+0x50/0x80 [ 13.515676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.515721] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.515743] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.515765] kthread+0x337/0x6f0 [ 13.515783] ? trace_preempt_on+0x20/0xc0 [ 13.515804] ? __pfx_kthread+0x10/0x10 [ 13.515824] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.515843] ? calculate_sigpending+0x7b/0xa0 [ 13.515867] ? __pfx_kthread+0x10/0x10 [ 13.515887] ret_from_fork+0x116/0x1d0 [ 13.515905] ? __pfx_kthread+0x10/0x10 [ 13.515924] ret_from_fork_asm+0x1a/0x30 [ 13.515953] </TASK> [ 13.515962] [ 13.524576] Allocated by task 287: [ 13.524715] kasan_save_stack+0x45/0x70 [ 13.524899] kasan_save_track+0x18/0x40 [ 13.525022] kasan_save_alloc_info+0x3b/0x50 [ 13.525158] __kasan_kmalloc+0xb7/0xc0 [ 13.525338] __kmalloc_cache_noprof+0x189/0x420 [ 13.525544] kasan_bitops_generic+0x92/0x1c0 [ 13.525732] kunit_try_run_case+0x1a5/0x480 [ 13.525899] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.526129] kthread+0x337/0x6f0 [ 13.526574] ret_from_fork+0x116/0x1d0 [ 13.526789] ret_from_fork_asm+0x1a/0x30 [ 13.526978] [ 13.527073] The buggy address belongs to the object at ffff8881028596c0 [ 13.527073] which belongs to the cache kmalloc-16 of size 16 [ 13.527698] The buggy address is located 8 bytes inside of [ 13.527698] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.528139] [ 13.528264] The buggy address belongs to the physical page: [ 13.528602] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.528852] flags: 0x200000000000000(node=0|zone=2) [ 13.529007] page_type: f5(slab) [ 13.529119] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.529506] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.529864] page dumped because: kasan: bad access detected [ 13.530107] [ 13.530172] Memory state around the buggy address: [ 13.530338] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.530636] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.530927] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.531654] ^ [ 13.531894] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.532241] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.532600] ================================================================== [ 13.431867] ================================================================== [ 13.432215] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.432666] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.432920] [ 13.433018] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.433064] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.433074] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.433095] Call Trace: [ 13.433111] <TASK> [ 13.433125] dump_stack_lvl+0x73/0xb0 [ 13.433151] print_report+0xd1/0x650 [ 13.433171] ? __virt_addr_valid+0x1db/0x2d0 [ 13.433192] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.433228] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.433253] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.433279] kasan_report+0x141/0x180 [ 13.433319] ? kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.433349] kasan_check_range+0x10c/0x1c0 [ 13.433371] __kasan_check_write+0x18/0x20 [ 13.433392] kasan_bitops_test_and_modify.constprop.0+0x2dd/0xd90 [ 13.433418] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.433444] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.433466] ? trace_hardirqs_on+0x37/0xe0 [ 13.433487] ? kasan_bitops_generic+0x92/0x1c0 [ 13.433512] kasan_bitops_generic+0x121/0x1c0 [ 13.433534] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.433558] ? __pfx_read_tsc+0x10/0x10 [ 13.433578] ? ktime_get_ts64+0x86/0x230 [ 13.433601] kunit_try_run_case+0x1a5/0x480 [ 13.433623] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.433644] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.433665] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.433686] ? __kthread_parkme+0x82/0x180 [ 13.433705] ? preempt_count_sub+0x50/0x80 [ 13.433728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.433750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.433772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.433794] kthread+0x337/0x6f0 [ 13.433827] ? trace_preempt_on+0x20/0xc0 [ 13.433848] ? __pfx_kthread+0x10/0x10 [ 13.433868] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.433887] ? calculate_sigpending+0x7b/0xa0 [ 13.433910] ? __pfx_kthread+0x10/0x10 [ 13.433930] ret_from_fork+0x116/0x1d0 [ 13.433948] ? __pfx_kthread+0x10/0x10 [ 13.433967] ret_from_fork_asm+0x1a/0x30 [ 13.433996] </TASK> [ 13.434006] [ 13.442820] Allocated by task 287: [ 13.443286] kasan_save_stack+0x45/0x70 [ 13.443472] kasan_save_track+0x18/0x40 [ 13.443603] kasan_save_alloc_info+0x3b/0x50 [ 13.443750] __kasan_kmalloc+0xb7/0xc0 [ 13.443997] __kmalloc_cache_noprof+0x189/0x420 [ 13.444322] kasan_bitops_generic+0x92/0x1c0 [ 13.444747] kunit_try_run_case+0x1a5/0x480 [ 13.444906] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.445158] kthread+0x337/0x6f0 [ 13.445488] ret_from_fork+0x116/0x1d0 [ 13.445629] ret_from_fork_asm+0x1a/0x30 [ 13.445762] [ 13.445827] The buggy address belongs to the object at ffff8881028596c0 [ 13.445827] which belongs to the cache kmalloc-16 of size 16 [ 13.446373] The buggy address is located 8 bytes inside of [ 13.446373] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.447095] [ 13.447192] The buggy address belongs to the physical page: [ 13.447513] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.447809] flags: 0x200000000000000(node=0|zone=2) [ 13.448116] page_type: f5(slab) [ 13.448253] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.448548] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.448865] page dumped because: kasan: bad access detected [ 13.449027] [ 13.449089] Memory state around the buggy address: [ 13.449597] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.449944] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.450301] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.450737] ^ [ 13.451001] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.451297] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.451723] ================================================================== [ 13.452164] ================================================================== [ 13.452567] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.452866] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.453182] [ 13.453322] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.453371] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.453382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.453403] Call Trace: [ 13.453418] <TASK> [ 13.453431] dump_stack_lvl+0x73/0xb0 [ 13.453458] print_report+0xd1/0x650 [ 13.453478] ? __virt_addr_valid+0x1db/0x2d0 [ 13.453499] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.453525] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.453550] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.453578] kasan_report+0x141/0x180 [ 13.453598] ? kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.453630] kasan_check_range+0x10c/0x1c0 [ 13.453652] __kasan_check_write+0x18/0x20 [ 13.453674] kasan_bitops_test_and_modify.constprop.0+0x37c/0xd90 [ 13.453700] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.453727] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.453849] ? trace_hardirqs_on+0x37/0xe0 [ 13.453872] ? kasan_bitops_generic+0x92/0x1c0 [ 13.453898] kasan_bitops_generic+0x121/0x1c0 [ 13.453921] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.453944] ? __pfx_read_tsc+0x10/0x10 [ 13.453964] ? ktime_get_ts64+0x86/0x230 [ 13.453987] kunit_try_run_case+0x1a5/0x480 [ 13.454010] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.454031] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.454052] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.454073] ? __kthread_parkme+0x82/0x180 [ 13.454093] ? preempt_count_sub+0x50/0x80 [ 13.454114] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.454137] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.454159] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.454180] kthread+0x337/0x6f0 [ 13.454232] ? trace_preempt_on+0x20/0xc0 [ 13.454254] ? __pfx_kthread+0x10/0x10 [ 13.454274] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.454293] ? calculate_sigpending+0x7b/0xa0 [ 13.454316] ? __pfx_kthread+0x10/0x10 [ 13.454337] ret_from_fork+0x116/0x1d0 [ 13.454355] ? __pfx_kthread+0x10/0x10 [ 13.454374] ret_from_fork_asm+0x1a/0x30 [ 13.454421] </TASK> [ 13.454431] [ 13.463629] Allocated by task 287: [ 13.463909] kasan_save_stack+0x45/0x70 [ 13.464250] kasan_save_track+0x18/0x40 [ 13.464506] kasan_save_alloc_info+0x3b/0x50 [ 13.464694] __kasan_kmalloc+0xb7/0xc0 [ 13.464868] __kmalloc_cache_noprof+0x189/0x420 [ 13.465047] kasan_bitops_generic+0x92/0x1c0 [ 13.465202] kunit_try_run_case+0x1a5/0x480 [ 13.465437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.465641] kthread+0x337/0x6f0 [ 13.465984] ret_from_fork+0x116/0x1d0 [ 13.466170] ret_from_fork_asm+0x1a/0x30 [ 13.466926] [ 13.467003] The buggy address belongs to the object at ffff8881028596c0 [ 13.467003] which belongs to the cache kmalloc-16 of size 16 [ 13.467366] The buggy address is located 8 bytes inside of [ 13.467366] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.468129] [ 13.468516] The buggy address belongs to the physical page: [ 13.468775] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.469123] flags: 0x200000000000000(node=0|zone=2) [ 13.469377] page_type: f5(slab) [ 13.469599] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.469833] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.470158] page dumped because: kasan: bad access detected [ 13.470429] [ 13.470535] Memory state around the buggy address: [ 13.470748] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.471006] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.471485] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.471908] ^ [ 13.472158] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.472607] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.472825] ================================================================== [ 13.375042] ================================================================== [ 13.375326] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.376022] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.376317] [ 13.376416] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.376511] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.376524] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.376544] Call Trace: [ 13.376556] <TASK> [ 13.376581] dump_stack_lvl+0x73/0xb0 [ 13.376607] print_report+0xd1/0x650 [ 13.376627] ? __virt_addr_valid+0x1db/0x2d0 [ 13.376648] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.376677] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.376702] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.376728] kasan_report+0x141/0x180 [ 13.376749] ? kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.376780] kasan_check_range+0x10c/0x1c0 [ 13.376812] __kasan_check_write+0x18/0x20 [ 13.376834] kasan_bitops_test_and_modify.constprop.0+0x1a0/0xd90 [ 13.376860] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.376897] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.376920] ? trace_hardirqs_on+0x37/0xe0 [ 13.376940] ? kasan_bitops_generic+0x92/0x1c0 [ 13.376966] kasan_bitops_generic+0x121/0x1c0 [ 13.376996] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.377020] ? __pfx_read_tsc+0x10/0x10 [ 13.377040] ? ktime_get_ts64+0x86/0x230 [ 13.377074] kunit_try_run_case+0x1a5/0x480 [ 13.377097] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.377117] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.377145] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.377168] ? __kthread_parkme+0x82/0x180 [ 13.377188] ? preempt_count_sub+0x50/0x80 [ 13.377226] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.377249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.377270] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.377293] kthread+0x337/0x6f0 [ 13.377311] ? trace_preempt_on+0x20/0xc0 [ 13.377332] ? __pfx_kthread+0x10/0x10 [ 13.377352] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.377372] ? calculate_sigpending+0x7b/0xa0 [ 13.377395] ? __pfx_kthread+0x10/0x10 [ 13.377416] ret_from_fork+0x116/0x1d0 [ 13.377627] ? __pfx_kthread+0x10/0x10 [ 13.377657] ret_from_fork_asm+0x1a/0x30 [ 13.377701] </TASK> [ 13.377712] [ 13.386896] Allocated by task 287: [ 13.387056] kasan_save_stack+0x45/0x70 [ 13.387257] kasan_save_track+0x18/0x40 [ 13.387420] kasan_save_alloc_info+0x3b/0x50 [ 13.387686] __kasan_kmalloc+0xb7/0xc0 [ 13.387840] __kmalloc_cache_noprof+0x189/0x420 [ 13.388035] kasan_bitops_generic+0x92/0x1c0 [ 13.388254] kunit_try_run_case+0x1a5/0x480 [ 13.388437] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.388710] kthread+0x337/0x6f0 [ 13.388885] ret_from_fork+0x116/0x1d0 [ 13.389065] ret_from_fork_asm+0x1a/0x30 [ 13.389314] [ 13.389415] The buggy address belongs to the object at ffff8881028596c0 [ 13.389415] which belongs to the cache kmalloc-16 of size 16 [ 13.390108] The buggy address is located 8 bytes inside of [ 13.390108] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.390478] [ 13.390542] The buggy address belongs to the physical page: [ 13.390708] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.391412] flags: 0x200000000000000(node=0|zone=2) [ 13.391846] page_type: f5(slab) [ 13.391971] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.392244] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.392773] page dumped because: kasan: bad access detected [ 13.393115] [ 13.393280] Memory state around the buggy address: [ 13.393650] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.393931] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.394150] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.394394] ^ [ 13.394737] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.395155] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.395507] ================================================================== [ 13.473258] ================================================================== [ 13.473718] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.474052] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.474288] [ 13.474386] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.474491] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.474505] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.474525] Call Trace: [ 13.474537] <TASK> [ 13.474550] dump_stack_lvl+0x73/0xb0 [ 13.474575] print_report+0xd1/0x650 [ 13.474596] ? __virt_addr_valid+0x1db/0x2d0 [ 13.474617] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.474642] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.474667] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.474692] kasan_report+0x141/0x180 [ 13.474713] ? kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.474742] kasan_check_range+0x10c/0x1c0 [ 13.474765] __kasan_check_write+0x18/0x20 [ 13.474809] kasan_bitops_test_and_modify.constprop.0+0x41a/0xd90 [ 13.474834] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.474873] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.474895] ? trace_hardirqs_on+0x37/0xe0 [ 13.474916] ? kasan_bitops_generic+0x92/0x1c0 [ 13.474958] kasan_bitops_generic+0x121/0x1c0 [ 13.474980] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.475004] ? __pfx_read_tsc+0x10/0x10 [ 13.475024] ? ktime_get_ts64+0x86/0x230 [ 13.475048] kunit_try_run_case+0x1a5/0x480 [ 13.475072] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.475093] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.475114] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.475136] ? __kthread_parkme+0x82/0x180 [ 13.475155] ? preempt_count_sub+0x50/0x80 [ 13.475178] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.475201] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.475232] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.475254] kthread+0x337/0x6f0 [ 13.475273] ? trace_preempt_on+0x20/0xc0 [ 13.475311] ? __pfx_kthread+0x10/0x10 [ 13.475331] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.475352] ? calculate_sigpending+0x7b/0xa0 [ 13.475375] ? __pfx_kthread+0x10/0x10 [ 13.475397] ret_from_fork+0x116/0x1d0 [ 13.475416] ? __pfx_kthread+0x10/0x10 [ 13.475619] ret_from_fork_asm+0x1a/0x30 [ 13.475655] </TASK> [ 13.475667] [ 13.484463] Allocated by task 287: [ 13.484588] kasan_save_stack+0x45/0x70 [ 13.484869] kasan_save_track+0x18/0x40 [ 13.485224] kasan_save_alloc_info+0x3b/0x50 [ 13.485449] __kasan_kmalloc+0xb7/0xc0 [ 13.485732] __kmalloc_cache_noprof+0x189/0x420 [ 13.485958] kasan_bitops_generic+0x92/0x1c0 [ 13.486167] kunit_try_run_case+0x1a5/0x480 [ 13.486477] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.486750] kthread+0x337/0x6f0 [ 13.486934] ret_from_fork+0x116/0x1d0 [ 13.487108] ret_from_fork_asm+0x1a/0x30 [ 13.487311] [ 13.487411] The buggy address belongs to the object at ffff8881028596c0 [ 13.487411] which belongs to the cache kmalloc-16 of size 16 [ 13.488110] The buggy address is located 8 bytes inside of [ 13.488110] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.488501] [ 13.488567] The buggy address belongs to the physical page: [ 13.488818] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.489161] flags: 0x200000000000000(node=0|zone=2) [ 13.489395] page_type: f5(slab) [ 13.489540] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.489793] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.490012] page dumped because: kasan: bad access detected [ 13.490176] [ 13.490371] Memory state around the buggy address: [ 13.490596] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.490909] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.491261] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.491787] ^ [ 13.492059] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.492347] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.492788] ================================================================== [ 13.493323] ================================================================== [ 13.493647] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.494092] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.494412] [ 13.494537] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.494584] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.494596] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.494616] Call Trace: [ 13.494630] <TASK> [ 13.494644] dump_stack_lvl+0x73/0xb0 [ 13.494670] print_report+0xd1/0x650 [ 13.494692] ? __virt_addr_valid+0x1db/0x2d0 [ 13.494715] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.494741] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.494834] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.494862] kasan_report+0x141/0x180 [ 13.494883] ? kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.494914] kasan_check_range+0x10c/0x1c0 [ 13.494937] __kasan_check_write+0x18/0x20 [ 13.494960] kasan_bitops_test_and_modify.constprop.0+0x4b9/0xd90 [ 13.494985] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.495032] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.495055] ? trace_hardirqs_on+0x37/0xe0 [ 13.495075] ? kasan_bitops_generic+0x92/0x1c0 [ 13.495100] kasan_bitops_generic+0x121/0x1c0 [ 13.495122] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.495145] ? __pfx_read_tsc+0x10/0x10 [ 13.495181] ? ktime_get_ts64+0x86/0x230 [ 13.495213] kunit_try_run_case+0x1a5/0x480 [ 13.495235] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.495256] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.495277] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.495299] ? __kthread_parkme+0x82/0x180 [ 13.495320] ? preempt_count_sub+0x50/0x80 [ 13.495342] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.495364] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.495386] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.495408] kthread+0x337/0x6f0 [ 13.495426] ? trace_preempt_on+0x20/0xc0 [ 13.495447] ? __pfx_kthread+0x10/0x10 [ 13.495466] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.495486] ? calculate_sigpending+0x7b/0xa0 [ 13.495509] ? __pfx_kthread+0x10/0x10 [ 13.495529] ret_from_fork+0x116/0x1d0 [ 13.495548] ? __pfx_kthread+0x10/0x10 [ 13.495568] ret_from_fork_asm+0x1a/0x30 [ 13.495597] </TASK> [ 13.495607] [ 13.504963] Allocated by task 287: [ 13.505140] kasan_save_stack+0x45/0x70 [ 13.505382] kasan_save_track+0x18/0x40 [ 13.505553] kasan_save_alloc_info+0x3b/0x50 [ 13.505694] __kasan_kmalloc+0xb7/0xc0 [ 13.505851] __kmalloc_cache_noprof+0x189/0x420 [ 13.506063] kasan_bitops_generic+0x92/0x1c0 [ 13.506275] kunit_try_run_case+0x1a5/0x480 [ 13.506457] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.506624] kthread+0x337/0x6f0 [ 13.506737] ret_from_fork+0x116/0x1d0 [ 13.507078] ret_from_fork_asm+0x1a/0x30 [ 13.507401] [ 13.507601] The buggy address belongs to the object at ffff8881028596c0 [ 13.507601] which belongs to the cache kmalloc-16 of size 16 [ 13.508091] The buggy address is located 8 bytes inside of [ 13.508091] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.508505] [ 13.508569] The buggy address belongs to the physical page: [ 13.508739] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.509306] flags: 0x200000000000000(node=0|zone=2) [ 13.509764] page_type: f5(slab) [ 13.509954] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.510317] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.510701] page dumped because: kasan: bad access detected [ 13.510867] [ 13.510932] Memory state around the buggy address: [ 13.511114] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.511595] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.511887] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.512096] ^ [ 13.512539] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.512889] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.513138] ================================================================== [ 13.353680] ================================================================== [ 13.354599] BUG: KASAN: slab-out-of-bounds in kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.354981] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.355251] [ 13.355355] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.355400] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.355412] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.355432] Call Trace: [ 13.355448] <TASK> [ 13.355463] dump_stack_lvl+0x73/0xb0 [ 13.355487] print_report+0xd1/0x650 [ 13.355507] ? __virt_addr_valid+0x1db/0x2d0 [ 13.355528] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.355553] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.355578] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.355605] kasan_report+0x141/0x180 [ 13.355625] ? kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.355655] kasan_check_range+0x10c/0x1c0 [ 13.355678] __kasan_check_write+0x18/0x20 [ 13.355699] kasan_bitops_test_and_modify.constprop.0+0x101/0xd90 [ 13.355725] ? __pfx_kasan_bitops_test_and_modify.constprop.0+0x10/0x10 [ 13.355753] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.355776] ? trace_hardirqs_on+0x37/0xe0 [ 13.355798] ? kasan_bitops_generic+0x92/0x1c0 [ 13.355822] kasan_bitops_generic+0x121/0x1c0 [ 13.355845] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.355868] ? __pfx_read_tsc+0x10/0x10 [ 13.355888] ? ktime_get_ts64+0x86/0x230 [ 13.355912] kunit_try_run_case+0x1a5/0x480 [ 13.355935] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.355956] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.355977] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.355998] ? __kthread_parkme+0x82/0x180 [ 13.356018] ? preempt_count_sub+0x50/0x80 [ 13.356040] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.356063] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.356085] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.356106] kthread+0x337/0x6f0 [ 13.356125] ? trace_preempt_on+0x20/0xc0 [ 13.356145] ? __pfx_kthread+0x10/0x10 [ 13.356165] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.356185] ? calculate_sigpending+0x7b/0xa0 [ 13.356226] ? __pfx_kthread+0x10/0x10 [ 13.356247] ret_from_fork+0x116/0x1d0 [ 13.356266] ? __pfx_kthread+0x10/0x10 [ 13.356296] ret_from_fork_asm+0x1a/0x30 [ 13.356325] </TASK> [ 13.356335] [ 13.365619] Allocated by task 287: [ 13.365819] kasan_save_stack+0x45/0x70 [ 13.365967] kasan_save_track+0x18/0x40 [ 13.366149] kasan_save_alloc_info+0x3b/0x50 [ 13.366391] __kasan_kmalloc+0xb7/0xc0 [ 13.366572] __kmalloc_cache_noprof+0x189/0x420 [ 13.366826] kasan_bitops_generic+0x92/0x1c0 [ 13.367059] kunit_try_run_case+0x1a5/0x480 [ 13.367377] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.367725] kthread+0x337/0x6f0 [ 13.367848] ret_from_fork+0x116/0x1d0 [ 13.367973] ret_from_fork_asm+0x1a/0x30 [ 13.368103] [ 13.368166] The buggy address belongs to the object at ffff8881028596c0 [ 13.368166] which belongs to the cache kmalloc-16 of size 16 [ 13.368774] The buggy address is located 8 bytes inside of [ 13.368774] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.369277] [ 13.369343] The buggy address belongs to the physical page: [ 13.369510] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.370335] flags: 0x200000000000000(node=0|zone=2) [ 13.370795] page_type: f5(slab) [ 13.370974] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.371319] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.371741] page dumped because: kasan: bad access detected [ 13.371985] [ 13.372088] Memory state around the buggy address: [ 13.372312] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.372676] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.372889] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.373125] ^ [ 13.373385] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.373691] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.374316] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kasan_bitops_modifyconstprop
[ 13.218387] ================================================================== [ 13.218743] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.219104] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.219780] [ 13.219897] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.219944] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.219955] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.219976] Call Trace: [ 13.219988] <TASK> [ 13.220002] dump_stack_lvl+0x73/0xb0 [ 13.220027] print_report+0xd1/0x650 [ 13.220048] ? __virt_addr_valid+0x1db/0x2d0 [ 13.220069] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220093] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.220118] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220142] kasan_report+0x141/0x180 [ 13.220163] ? kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220225] kasan_check_range+0x10c/0x1c0 [ 13.220248] __kasan_check_write+0x18/0x20 [ 13.220270] kasan_bitops_modify.constprop.0+0x23a/0xd50 [ 13.220294] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.220319] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.220342] ? trace_hardirqs_on+0x37/0xe0 [ 13.220364] ? kasan_bitops_generic+0x92/0x1c0 [ 13.220390] kasan_bitops_generic+0x116/0x1c0 [ 13.220412] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.220499] ? __pfx_read_tsc+0x10/0x10 [ 13.220520] ? ktime_get_ts64+0x86/0x230 [ 13.220545] kunit_try_run_case+0x1a5/0x480 [ 13.220567] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.220588] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.220609] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.220631] ? __kthread_parkme+0x82/0x180 [ 13.220653] ? preempt_count_sub+0x50/0x80 [ 13.220676] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.220699] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.220720] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.220742] kthread+0x337/0x6f0 [ 13.220761] ? trace_preempt_on+0x20/0xc0 [ 13.220782] ? __pfx_kthread+0x10/0x10 [ 13.220801] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.220820] ? calculate_sigpending+0x7b/0xa0 [ 13.220843] ? __pfx_kthread+0x10/0x10 [ 13.220863] ret_from_fork+0x116/0x1d0 [ 13.220881] ? __pfx_kthread+0x10/0x10 [ 13.220900] ret_from_fork_asm+0x1a/0x30 [ 13.220929] </TASK> [ 13.220939] [ 13.229087] Allocated by task 287: [ 13.229289] kasan_save_stack+0x45/0x70 [ 13.229576] kasan_save_track+0x18/0x40 [ 13.229768] kasan_save_alloc_info+0x3b/0x50 [ 13.229971] __kasan_kmalloc+0xb7/0xc0 [ 13.230107] __kmalloc_cache_noprof+0x189/0x420 [ 13.230358] kasan_bitops_generic+0x92/0x1c0 [ 13.230753] kunit_try_run_case+0x1a5/0x480 [ 13.230950] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.231184] kthread+0x337/0x6f0 [ 13.231341] ret_from_fork+0x116/0x1d0 [ 13.231561] ret_from_fork_asm+0x1a/0x30 [ 13.231739] [ 13.231825] The buggy address belongs to the object at ffff8881028596c0 [ 13.231825] which belongs to the cache kmalloc-16 of size 16 [ 13.232364] The buggy address is located 8 bytes inside of [ 13.232364] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.232873] [ 13.232941] The buggy address belongs to the physical page: [ 13.233105] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.233585] flags: 0x200000000000000(node=0|zone=2) [ 13.233821] page_type: f5(slab) [ 13.233977] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.234289] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.234768] page dumped because: kasan: bad access detected [ 13.235028] [ 13.235114] Memory state around the buggy address: [ 13.235367] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.235772] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.236027] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.236372] ^ [ 13.236689] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.236973] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.237230] ================================================================== [ 13.287569] ================================================================== [ 13.287915] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.288165] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.288640] [ 13.288779] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.288826] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.288838] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.288858] Call Trace: [ 13.288871] <TASK> [ 13.288884] dump_stack_lvl+0x73/0xb0 [ 13.288909] print_report+0xd1/0x650 [ 13.288930] ? __virt_addr_valid+0x1db/0x2d0 [ 13.288951] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.288974] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.288998] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.289022] kasan_report+0x141/0x180 [ 13.289043] ? kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.289072] kasan_check_range+0x10c/0x1c0 [ 13.289104] __kasan_check_write+0x18/0x20 [ 13.289125] kasan_bitops_modify.constprop.0+0x40e/0xd50 [ 13.289149] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.289184] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.289215] ? trace_hardirqs_on+0x37/0xe0 [ 13.289235] ? kasan_bitops_generic+0x92/0x1c0 [ 13.289261] kasan_bitops_generic+0x116/0x1c0 [ 13.289282] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.289305] ? __pfx_read_tsc+0x10/0x10 [ 13.289326] ? ktime_get_ts64+0x86/0x230 [ 13.289349] kunit_try_run_case+0x1a5/0x480 [ 13.289371] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.289392] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.289412] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.289435] ? __kthread_parkme+0x82/0x180 [ 13.289455] ? preempt_count_sub+0x50/0x80 [ 13.289476] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.289498] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.289519] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.289541] kthread+0x337/0x6f0 [ 13.289559] ? trace_preempt_on+0x20/0xc0 [ 13.289579] ? __pfx_kthread+0x10/0x10 [ 13.289644] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.289666] ? calculate_sigpending+0x7b/0xa0 [ 13.289688] ? __pfx_kthread+0x10/0x10 [ 13.289709] ret_from_fork+0x116/0x1d0 [ 13.289727] ? __pfx_kthread+0x10/0x10 [ 13.289746] ret_from_fork_asm+0x1a/0x30 [ 13.289774] </TASK> [ 13.289783] [ 13.298610] Allocated by task 287: [ 13.298771] kasan_save_stack+0x45/0x70 [ 13.298964] kasan_save_track+0x18/0x40 [ 13.299147] kasan_save_alloc_info+0x3b/0x50 [ 13.299353] __kasan_kmalloc+0xb7/0xc0 [ 13.299715] __kmalloc_cache_noprof+0x189/0x420 [ 13.300045] kasan_bitops_generic+0x92/0x1c0 [ 13.300218] kunit_try_run_case+0x1a5/0x480 [ 13.300518] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.300870] kthread+0x337/0x6f0 [ 13.301079] ret_from_fork+0x116/0x1d0 [ 13.301328] ret_from_fork_asm+0x1a/0x30 [ 13.301465] [ 13.301528] The buggy address belongs to the object at ffff8881028596c0 [ 13.301528] which belongs to the cache kmalloc-16 of size 16 [ 13.301873] The buggy address is located 8 bytes inside of [ 13.301873] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.302748] [ 13.302902] The buggy address belongs to the physical page: [ 13.303295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.303607] flags: 0x200000000000000(node=0|zone=2) [ 13.303794] page_type: f5(slab) [ 13.303956] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.304524] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.304876] page dumped because: kasan: bad access detected [ 13.305113] [ 13.305177] Memory state around the buggy address: [ 13.305405] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.305816] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.306145] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.306378] ^ [ 13.306546] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.306979] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.307358] ================================================================== [ 13.198017] ================================================================== [ 13.198387] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.198907] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.199175] [ 13.199285] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.199354] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.199366] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.199388] Call Trace: [ 13.199401] <TASK> [ 13.199415] dump_stack_lvl+0x73/0xb0 [ 13.199520] print_report+0xd1/0x650 [ 13.199545] ? __virt_addr_valid+0x1db/0x2d0 [ 13.199569] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199594] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.199619] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199643] kasan_report+0x141/0x180 [ 13.199665] ? kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199694] kasan_check_range+0x10c/0x1c0 [ 13.199716] __kasan_check_write+0x18/0x20 [ 13.199739] kasan_bitops_modify.constprop.0+0x19c/0xd50 [ 13.199763] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.199791] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.199814] ? trace_hardirqs_on+0x37/0xe0 [ 13.199834] ? kasan_bitops_generic+0x92/0x1c0 [ 13.199859] kasan_bitops_generic+0x116/0x1c0 [ 13.199881] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.199904] ? __pfx_read_tsc+0x10/0x10 [ 13.199923] ? ktime_get_ts64+0x86/0x230 [ 13.199947] kunit_try_run_case+0x1a5/0x480 [ 13.199970] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.199990] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.200011] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.200032] ? __kthread_parkme+0x82/0x180 [ 13.200051] ? preempt_count_sub+0x50/0x80 [ 13.200073] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.200095] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.200117] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.200138] kthread+0x337/0x6f0 [ 13.200156] ? trace_preempt_on+0x20/0xc0 [ 13.200177] ? __pfx_kthread+0x10/0x10 [ 13.200197] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.200245] ? calculate_sigpending+0x7b/0xa0 [ 13.200267] ? __pfx_kthread+0x10/0x10 [ 13.200287] ret_from_fork+0x116/0x1d0 [ 13.200304] ? __pfx_kthread+0x10/0x10 [ 13.200324] ret_from_fork_asm+0x1a/0x30 [ 13.200353] </TASK> [ 13.200363] [ 13.208576] Allocated by task 287: [ 13.208711] kasan_save_stack+0x45/0x70 [ 13.208847] kasan_save_track+0x18/0x40 [ 13.209021] kasan_save_alloc_info+0x3b/0x50 [ 13.209253] __kasan_kmalloc+0xb7/0xc0 [ 13.209497] __kmalloc_cache_noprof+0x189/0x420 [ 13.209702] kasan_bitops_generic+0x92/0x1c0 [ 13.209842] kunit_try_run_case+0x1a5/0x480 [ 13.209980] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.210194] kthread+0x337/0x6f0 [ 13.210377] ret_from_fork+0x116/0x1d0 [ 13.210758] ret_from_fork_asm+0x1a/0x30 [ 13.210958] [ 13.211046] The buggy address belongs to the object at ffff8881028596c0 [ 13.211046] which belongs to the cache kmalloc-16 of size 16 [ 13.211605] The buggy address is located 8 bytes inside of [ 13.211605] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.212058] [ 13.212140] The buggy address belongs to the physical page: [ 13.212367] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.212671] flags: 0x200000000000000(node=0|zone=2) [ 13.212860] page_type: f5(slab) [ 13.213019] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.213414] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.213766] page dumped because: kasan: bad access detected [ 13.213932] [ 13.213993] Memory state around the buggy address: [ 13.214142] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.214378] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.214845] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.215156] ^ [ 13.215483] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.215800] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.216106] ================================================================== [ 13.331265] ================================================================== [ 13.331753] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.332111] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.332626] [ 13.332912] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.332961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.332974] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.332994] Call Trace: [ 13.333005] <TASK> [ 13.333018] dump_stack_lvl+0x73/0xb0 [ 13.333045] print_report+0xd1/0x650 [ 13.333064] ? __virt_addr_valid+0x1db/0x2d0 [ 13.333086] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333109] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.333133] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333157] kasan_report+0x141/0x180 [ 13.333177] ? kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333216] kasan_check_range+0x10c/0x1c0 [ 13.333239] __kasan_check_write+0x18/0x20 [ 13.333260] kasan_bitops_modify.constprop.0+0x547/0xd50 [ 13.333284] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.333309] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.333331] ? trace_hardirqs_on+0x37/0xe0 [ 13.333351] ? kasan_bitops_generic+0x92/0x1c0 [ 13.333377] kasan_bitops_generic+0x116/0x1c0 [ 13.333400] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.333423] ? __pfx_read_tsc+0x10/0x10 [ 13.333443] ? ktime_get_ts64+0x86/0x230 [ 13.333467] kunit_try_run_case+0x1a5/0x480 [ 13.333489] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333510] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.333531] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.333553] ? __kthread_parkme+0x82/0x180 [ 13.333572] ? preempt_count_sub+0x50/0x80 [ 13.333595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.333627] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.333649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.333671] kthread+0x337/0x6f0 [ 13.333702] ? trace_preempt_on+0x20/0xc0 [ 13.333722] ? __pfx_kthread+0x10/0x10 [ 13.333742] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.333762] ? calculate_sigpending+0x7b/0xa0 [ 13.333785] ? __pfx_kthread+0x10/0x10 [ 13.333806] ret_from_fork+0x116/0x1d0 [ 13.333823] ? __pfx_kthread+0x10/0x10 [ 13.333843] ret_from_fork_asm+0x1a/0x30 [ 13.333872] </TASK> [ 13.333881] [ 13.342852] Allocated by task 287: [ 13.343009] kasan_save_stack+0x45/0x70 [ 13.343149] kasan_save_track+0x18/0x40 [ 13.343547] kasan_save_alloc_info+0x3b/0x50 [ 13.343948] __kasan_kmalloc+0xb7/0xc0 [ 13.344135] __kmalloc_cache_noprof+0x189/0x420 [ 13.344292] kasan_bitops_generic+0x92/0x1c0 [ 13.344430] kunit_try_run_case+0x1a5/0x480 [ 13.344622] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.344859] kthread+0x337/0x6f0 [ 13.345254] ret_from_fork+0x116/0x1d0 [ 13.345467] ret_from_fork_asm+0x1a/0x30 [ 13.345697] [ 13.345764] The buggy address belongs to the object at ffff8881028596c0 [ 13.345764] which belongs to the cache kmalloc-16 of size 16 [ 13.346267] The buggy address is located 8 bytes inside of [ 13.346267] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.346765] [ 13.346835] The buggy address belongs to the physical page: [ 13.347027] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.347389] flags: 0x200000000000000(node=0|zone=2) [ 13.347610] page_type: f5(slab) [ 13.347765] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.348400] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.349404] page dumped because: kasan: bad access detected [ 13.349777] [ 13.349875] Memory state around the buggy address: [ 13.350245] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.350578] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.351121] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.351721] ^ [ 13.351914] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.352375] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.352848] ================================================================== [ 13.178747] ================================================================== [ 13.179713] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180084] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.180492] [ 13.180593] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.180640] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.180658] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.180679] Call Trace: [ 13.180690] <TASK> [ 13.180705] dump_stack_lvl+0x73/0xb0 [ 13.180731] print_report+0xd1/0x650 [ 13.180751] ? __virt_addr_valid+0x1db/0x2d0 [ 13.180773] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180797] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.180821] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180845] kasan_report+0x141/0x180 [ 13.180866] ? kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180894] kasan_check_range+0x10c/0x1c0 [ 13.180916] __kasan_check_write+0x18/0x20 [ 13.180937] kasan_bitops_modify.constprop.0+0x101/0xd50 [ 13.180961] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.180985] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.181008] ? trace_hardirqs_on+0x37/0xe0 [ 13.181030] ? kasan_bitops_generic+0x92/0x1c0 [ 13.181054] kasan_bitops_generic+0x116/0x1c0 [ 13.181076] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.181099] ? __pfx_read_tsc+0x10/0x10 [ 13.181119] ? ktime_get_ts64+0x86/0x230 [ 13.181141] kunit_try_run_case+0x1a5/0x480 [ 13.181164] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.181214] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.181235] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.181257] ? __kthread_parkme+0x82/0x180 [ 13.181275] ? preempt_count_sub+0x50/0x80 [ 13.181298] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.181319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.181341] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.181363] kthread+0x337/0x6f0 [ 13.181381] ? trace_preempt_on+0x20/0xc0 [ 13.181402] ? __pfx_kthread+0x10/0x10 [ 13.181495] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.181518] ? calculate_sigpending+0x7b/0xa0 [ 13.181540] ? __pfx_kthread+0x10/0x10 [ 13.181561] ret_from_fork+0x116/0x1d0 [ 13.181580] ? __pfx_kthread+0x10/0x10 [ 13.181599] ret_from_fork_asm+0x1a/0x30 [ 13.181628] </TASK> [ 13.181637] [ 13.189907] Allocated by task 287: [ 13.190036] kasan_save_stack+0x45/0x70 [ 13.190172] kasan_save_track+0x18/0x40 [ 13.190380] kasan_save_alloc_info+0x3b/0x50 [ 13.190767] __kasan_kmalloc+0xb7/0xc0 [ 13.190956] __kmalloc_cache_noprof+0x189/0x420 [ 13.191147] kasan_bitops_generic+0x92/0x1c0 [ 13.191360] kunit_try_run_case+0x1a5/0x480 [ 13.191616] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.191842] kthread+0x337/0x6f0 [ 13.191993] ret_from_fork+0x116/0x1d0 [ 13.192143] ret_from_fork_asm+0x1a/0x30 [ 13.192341] [ 13.192499] The buggy address belongs to the object at ffff8881028596c0 [ 13.192499] which belongs to the cache kmalloc-16 of size 16 [ 13.192956] The buggy address is located 8 bytes inside of [ 13.192956] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.193511] [ 13.193596] The buggy address belongs to the physical page: [ 13.193821] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.194119] flags: 0x200000000000000(node=0|zone=2) [ 13.194355] page_type: f5(slab) [ 13.194720] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.195014] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.195310] page dumped because: kasan: bad access detected [ 13.195658] [ 13.195750] Memory state around the buggy address: [ 13.195903] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.196181] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.196562] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.196780] ^ [ 13.196947] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.197154] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.197541] ================================================================== [ 13.267747] ================================================================== [ 13.267984] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.268418] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.268722] [ 13.268911] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.268961] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.269034] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.269069] Call Trace: [ 13.269087] <TASK> [ 13.269101] dump_stack_lvl+0x73/0xb0 [ 13.269128] print_report+0xd1/0x650 [ 13.269156] ? __virt_addr_valid+0x1db/0x2d0 [ 13.269178] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269202] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.269241] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269265] kasan_report+0x141/0x180 [ 13.269286] ? kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269314] kasan_check_range+0x10c/0x1c0 [ 13.269335] __kasan_check_write+0x18/0x20 [ 13.269357] kasan_bitops_modify.constprop.0+0x373/0xd50 [ 13.269381] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.269405] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.269427] ? trace_hardirqs_on+0x37/0xe0 [ 13.269448] ? kasan_bitops_generic+0x92/0x1c0 [ 13.269473] kasan_bitops_generic+0x116/0x1c0 [ 13.269495] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.269601] ? __pfx_read_tsc+0x10/0x10 [ 13.269632] ? ktime_get_ts64+0x86/0x230 [ 13.269656] kunit_try_run_case+0x1a5/0x480 [ 13.269678] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.269709] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.269731] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.269752] ? __kthread_parkme+0x82/0x180 [ 13.269771] ? preempt_count_sub+0x50/0x80 [ 13.269794] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.269815] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.269837] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.269858] kthread+0x337/0x6f0 [ 13.269877] ? trace_preempt_on+0x20/0xc0 [ 13.269897] ? __pfx_kthread+0x10/0x10 [ 13.269917] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.269936] ? calculate_sigpending+0x7b/0xa0 [ 13.269958] ? __pfx_kthread+0x10/0x10 [ 13.269978] ret_from_fork+0x116/0x1d0 [ 13.269996] ? __pfx_kthread+0x10/0x10 [ 13.270015] ret_from_fork_asm+0x1a/0x30 [ 13.270044] </TASK> [ 13.270054] [ 13.278630] Allocated by task 287: [ 13.278977] kasan_save_stack+0x45/0x70 [ 13.279177] kasan_save_track+0x18/0x40 [ 13.279515] kasan_save_alloc_info+0x3b/0x50 [ 13.279702] __kasan_kmalloc+0xb7/0xc0 [ 13.279893] __kmalloc_cache_noprof+0x189/0x420 [ 13.280087] kasan_bitops_generic+0x92/0x1c0 [ 13.280274] kunit_try_run_case+0x1a5/0x480 [ 13.280495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.280663] kthread+0x337/0x6f0 [ 13.280775] ret_from_fork+0x116/0x1d0 [ 13.280896] ret_from_fork_asm+0x1a/0x30 [ 13.281074] [ 13.281158] The buggy address belongs to the object at ffff8881028596c0 [ 13.281158] which belongs to the cache kmalloc-16 of size 16 [ 13.281682] The buggy address is located 8 bytes inside of [ 13.281682] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.282025] [ 13.282088] The buggy address belongs to the physical page: [ 13.282684] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.283076] flags: 0x200000000000000(node=0|zone=2) [ 13.283429] page_type: f5(slab) [ 13.283595] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.284043] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.284484] page dumped because: kasan: bad access detected [ 13.284727] [ 13.284813] Memory state around the buggy address: [ 13.285019] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.285356] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.285820] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.286135] ^ [ 13.286402] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.286678] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.286956] ================================================================== [ 13.239242] ================================================================== [ 13.239973] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.240488] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.241649] [ 13.241734] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.241781] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.241794] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.241814] Call Trace: [ 13.241828] <TASK> [ 13.241842] dump_stack_lvl+0x73/0xb0 [ 13.241870] print_report+0xd1/0x650 [ 13.241890] ? __virt_addr_valid+0x1db/0x2d0 [ 13.241912] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.241936] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.241960] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.241984] kasan_report+0x141/0x180 [ 13.242005] ? kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.242033] kasan_check_range+0x10c/0x1c0 [ 13.242055] __kasan_check_write+0x18/0x20 [ 13.242077] kasan_bitops_modify.constprop.0+0x2d5/0xd50 [ 13.242101] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.242126] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.242148] ? trace_hardirqs_on+0x37/0xe0 [ 13.242169] ? kasan_bitops_generic+0x92/0x1c0 [ 13.242195] kasan_bitops_generic+0x116/0x1c0 [ 13.242228] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.242250] ? __pfx_read_tsc+0x10/0x10 [ 13.242270] ? ktime_get_ts64+0x86/0x230 [ 13.242349] kunit_try_run_case+0x1a5/0x480 [ 13.242373] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.242440] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.242463] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.242483] ? __kthread_parkme+0x82/0x180 [ 13.242514] ? preempt_count_sub+0x50/0x80 [ 13.242536] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.242558] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.242580] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.242602] kthread+0x337/0x6f0 [ 13.242621] ? trace_preempt_on+0x20/0xc0 [ 13.242641] ? __pfx_kthread+0x10/0x10 [ 13.242660] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.242680] ? calculate_sigpending+0x7b/0xa0 [ 13.242702] ? __pfx_kthread+0x10/0x10 [ 13.242722] ret_from_fork+0x116/0x1d0 [ 13.242739] ? __pfx_kthread+0x10/0x10 [ 13.242759] ret_from_fork_asm+0x1a/0x30 [ 13.242787] </TASK> [ 13.242796] [ 13.255810] Allocated by task 287: [ 13.256548] kasan_save_stack+0x45/0x70 [ 13.256766] kasan_save_track+0x18/0x40 [ 13.257045] kasan_save_alloc_info+0x3b/0x50 [ 13.257195] __kasan_kmalloc+0xb7/0xc0 [ 13.257645] __kmalloc_cache_noprof+0x189/0x420 [ 13.257807] kasan_bitops_generic+0x92/0x1c0 [ 13.258078] kunit_try_run_case+0x1a5/0x480 [ 13.258465] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.258978] kthread+0x337/0x6f0 [ 13.259126] ret_from_fork+0x116/0x1d0 [ 13.259317] ret_from_fork_asm+0x1a/0x30 [ 13.259841] [ 13.259925] The buggy address belongs to the object at ffff8881028596c0 [ 13.259925] which belongs to the cache kmalloc-16 of size 16 [ 13.260612] The buggy address is located 8 bytes inside of [ 13.260612] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.261407] [ 13.261646] The buggy address belongs to the physical page: [ 13.261976] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.262289] flags: 0x200000000000000(node=0|zone=2) [ 13.262823] page_type: f5(slab) [ 13.263106] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.263525] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.264041] page dumped because: kasan: bad access detected [ 13.264563] [ 13.264634] Memory state around the buggy address: [ 13.264784] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.264988] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.265190] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.265448] ^ [ 13.266060] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.266677] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.266921] ================================================================== [ 13.308015] ================================================================== [ 13.308580] BUG: KASAN: slab-out-of-bounds in kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.308936] Write of size 8 at addr ffff8881028596c8 by task kunit_try_catch/287 [ 13.309343] [ 13.309494] CPU: 1 UID: 0 PID: 287 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.309539] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.309616] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.309666] Call Trace: [ 13.309680] <TASK> [ 13.309694] dump_stack_lvl+0x73/0xb0 [ 13.309720] print_report+0xd1/0x650 [ 13.309753] ? __virt_addr_valid+0x1db/0x2d0 [ 13.309774] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.309798] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.309823] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.309847] kasan_report+0x141/0x180 [ 13.309867] ? kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.309896] kasan_check_range+0x10c/0x1c0 [ 13.309918] __kasan_check_write+0x18/0x20 [ 13.309970] kasan_bitops_modify.constprop.0+0x4ac/0xd50 [ 13.310006] ? __pfx_kasan_bitops_modify.constprop.0+0x10/0x10 [ 13.310044] ? __kmalloc_cache_noprof+0x189/0x420 [ 13.310067] ? trace_hardirqs_on+0x37/0xe0 [ 13.310087] ? kasan_bitops_generic+0x92/0x1c0 [ 13.310113] kasan_bitops_generic+0x116/0x1c0 [ 13.310136] ? __pfx_kasan_bitops_generic+0x10/0x10 [ 13.310160] ? __pfx_read_tsc+0x10/0x10 [ 13.310180] ? ktime_get_ts64+0x86/0x230 [ 13.310213] kunit_try_run_case+0x1a5/0x480 [ 13.310239] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.310259] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.310310] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.310331] ? __kthread_parkme+0x82/0x180 [ 13.310373] ? preempt_count_sub+0x50/0x80 [ 13.310395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.310417] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.310510] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.310537] kthread+0x337/0x6f0 [ 13.310556] ? trace_preempt_on+0x20/0xc0 [ 13.310578] ? __pfx_kthread+0x10/0x10 [ 13.310598] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.310618] ? calculate_sigpending+0x7b/0xa0 [ 13.310641] ? __pfx_kthread+0x10/0x10 [ 13.310661] ret_from_fork+0x116/0x1d0 [ 13.310679] ? __pfx_kthread+0x10/0x10 [ 13.310699] ret_from_fork_asm+0x1a/0x30 [ 13.310728] </TASK> [ 13.310737] [ 13.319963] Allocated by task 287: [ 13.320158] kasan_save_stack+0x45/0x70 [ 13.320305] kasan_save_track+0x18/0x40 [ 13.320433] kasan_save_alloc_info+0x3b/0x50 [ 13.320573] __kasan_kmalloc+0xb7/0xc0 [ 13.320861] __kmalloc_cache_noprof+0x189/0x420 [ 13.321118] kasan_bitops_generic+0x92/0x1c0 [ 13.321335] kunit_try_run_case+0x1a5/0x480 [ 13.321533] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.321742] kthread+0x337/0x6f0 [ 13.321942] ret_from_fork+0x116/0x1d0 [ 13.322426] ret_from_fork_asm+0x1a/0x30 [ 13.322653] [ 13.322805] The buggy address belongs to the object at ffff8881028596c0 [ 13.322805] which belongs to the cache kmalloc-16 of size 16 [ 13.323358] The buggy address is located 8 bytes inside of [ 13.323358] allocated 9-byte region [ffff8881028596c0, ffff8881028596c9) [ 13.323999] [ 13.324074] The buggy address belongs to the physical page: [ 13.324289] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 13.324646] flags: 0x200000000000000(node=0|zone=2) [ 13.325020] page_type: f5(slab) [ 13.325374] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 13.325716] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 13.326156] page dumped because: kasan: bad access detected [ 13.326489] [ 13.326619] Memory state around the buggy address: [ 13.326817] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.327121] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 13.327679] >ffff888102859680: fa fb fc fc fa fb fc fc 00 01 fc fc fc fc fc fc [ 13.328032] ^ [ 13.328215] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.328570] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.328868] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strnlen
[ 13.157599] ================================================================== [ 13.157973] BUG: KASAN: slab-use-after-free in strnlen+0x73/0x80 [ 13.158388] Read of size 1 at addr ffff88810262ad90 by task kunit_try_catch/285 [ 13.158943] [ 13.159130] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.159310] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.159327] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.159349] Call Trace: [ 13.159364] <TASK> [ 13.159379] dump_stack_lvl+0x73/0xb0 [ 13.159409] print_report+0xd1/0x650 [ 13.159462] ? __virt_addr_valid+0x1db/0x2d0 [ 13.159486] ? strnlen+0x73/0x80 [ 13.159506] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.159531] ? strnlen+0x73/0x80 [ 13.159551] kasan_report+0x141/0x180 [ 13.159572] ? strnlen+0x73/0x80 [ 13.159596] __asan_report_load1_noabort+0x18/0x20 [ 13.159619] strnlen+0x73/0x80 [ 13.159640] kasan_strings+0x615/0xe80 [ 13.159659] ? trace_hardirqs_on+0x37/0xe0 [ 13.159680] ? __pfx_kasan_strings+0x10/0x10 [ 13.159700] ? finish_task_switch.isra.0+0x153/0x700 [ 13.159721] ? __switch_to+0x47/0xf50 [ 13.159744] ? __schedule+0x10cc/0x2b60 [ 13.159767] ? __pfx_read_tsc+0x10/0x10 [ 13.159787] ? ktime_get_ts64+0x86/0x230 [ 13.159812] kunit_try_run_case+0x1a5/0x480 [ 13.159834] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.159856] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.159878] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.159900] ? __kthread_parkme+0x82/0x180 [ 13.159920] ? preempt_count_sub+0x50/0x80 [ 13.159942] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.159964] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.159986] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.160009] kthread+0x337/0x6f0 [ 13.160028] ? trace_preempt_on+0x20/0xc0 [ 13.160049] ? __pfx_kthread+0x10/0x10 [ 13.160069] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.160088] ? calculate_sigpending+0x7b/0xa0 [ 13.160111] ? __pfx_kthread+0x10/0x10 [ 13.160131] ret_from_fork+0x116/0x1d0 [ 13.160149] ? __pfx_kthread+0x10/0x10 [ 13.160192] ret_from_fork_asm+0x1a/0x30 [ 13.160231] </TASK> [ 13.160242] [ 13.167301] Allocated by task 285: [ 13.167477] kasan_save_stack+0x45/0x70 [ 13.167620] kasan_save_track+0x18/0x40 [ 13.167747] kasan_save_alloc_info+0x3b/0x50 [ 13.167888] __kasan_kmalloc+0xb7/0xc0 [ 13.168030] __kmalloc_cache_noprof+0x189/0x420 [ 13.168276] kasan_strings+0xc0/0xe80 [ 13.168454] kunit_try_run_case+0x1a5/0x480 [ 13.168660] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.168902] kthread+0x337/0x6f0 [ 13.169057] ret_from_fork+0x116/0x1d0 [ 13.169273] ret_from_fork_asm+0x1a/0x30 [ 13.169463] [ 13.169548] Freed by task 285: [ 13.169674] kasan_save_stack+0x45/0x70 [ 13.169854] kasan_save_track+0x18/0x40 [ 13.170012] kasan_save_free_info+0x3f/0x60 [ 13.170233] __kasan_slab_free+0x56/0x70 [ 13.170405] kfree+0x222/0x3f0 [ 13.170550] kasan_strings+0x2aa/0xe80 [ 13.170699] kunit_try_run_case+0x1a5/0x480 [ 13.170889] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.171097] kthread+0x337/0x6f0 [ 13.171287] ret_from_fork+0x116/0x1d0 [ 13.171436] ret_from_fork_asm+0x1a/0x30 [ 13.171616] [ 13.171689] The buggy address belongs to the object at ffff88810262ad80 [ 13.171689] which belongs to the cache kmalloc-32 of size 32 [ 13.172138] The buggy address is located 16 bytes inside of [ 13.172138] freed 32-byte region [ffff88810262ad80, ffff88810262ada0) [ 13.172501] [ 13.172565] The buggy address belongs to the physical page: [ 13.172736] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262a [ 13.173012] flags: 0x200000000000000(node=0|zone=2) [ 13.173271] page_type: f5(slab) [ 13.173426] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.173749] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.174039] page dumped because: kasan: bad access detected [ 13.174234] [ 13.174296] Memory state around the buggy address: [ 13.174444] ffff88810262ac80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.174654] ffff88810262ad00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.174869] >ffff88810262ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.175194] ^ [ 13.175384] ffff88810262ae00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.175697] ffff88810262ae80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.176011] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strlen
[ 13.128021] ================================================================== [ 13.128395] BUG: KASAN: slab-use-after-free in strlen+0x8f/0xb0 [ 13.128777] Read of size 1 at addr ffff88810262ad90 by task kunit_try_catch/285 [ 13.129006] [ 13.129341] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.129393] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.129405] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.129426] Call Trace: [ 13.129439] <TASK> [ 13.129524] dump_stack_lvl+0x73/0xb0 [ 13.129554] print_report+0xd1/0x650 [ 13.129576] ? __virt_addr_valid+0x1db/0x2d0 [ 13.129599] ? strlen+0x8f/0xb0 [ 13.129618] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.129644] ? strlen+0x8f/0xb0 [ 13.129664] kasan_report+0x141/0x180 [ 13.129685] ? strlen+0x8f/0xb0 [ 13.129710] __asan_report_load1_noabort+0x18/0x20 [ 13.129734] strlen+0x8f/0xb0 [ 13.129754] kasan_strings+0x57b/0xe80 [ 13.129773] ? trace_hardirqs_on+0x37/0xe0 [ 13.129795] ? __pfx_kasan_strings+0x10/0x10 [ 13.129815] ? finish_task_switch.isra.0+0x153/0x700 [ 13.129835] ? __switch_to+0x47/0xf50 [ 13.129861] ? __schedule+0x10cc/0x2b60 [ 13.129880] ? __pfx_read_tsc+0x10/0x10 [ 13.129901] ? ktime_get_ts64+0x86/0x230 [ 13.129925] kunit_try_run_case+0x1a5/0x480 [ 13.129947] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.129968] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.129990] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.130012] ? __kthread_parkme+0x82/0x180 [ 13.130030] ? preempt_count_sub+0x50/0x80 [ 13.130052] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.130075] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.130096] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.130119] kthread+0x337/0x6f0 [ 13.130138] ? trace_preempt_on+0x20/0xc0 [ 13.130159] ? __pfx_kthread+0x10/0x10 [ 13.130179] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.130199] ? calculate_sigpending+0x7b/0xa0 [ 13.130234] ? __pfx_kthread+0x10/0x10 [ 13.130255] ret_from_fork+0x116/0x1d0 [ 13.130273] ? __pfx_kthread+0x10/0x10 [ 13.130293] ret_from_fork_asm+0x1a/0x30 [ 13.130322] </TASK> [ 13.130332] [ 13.139638] Allocated by task 285: [ 13.139813] kasan_save_stack+0x45/0x70 [ 13.140118] kasan_save_track+0x18/0x40 [ 13.140399] kasan_save_alloc_info+0x3b/0x50 [ 13.140557] __kasan_kmalloc+0xb7/0xc0 [ 13.140750] __kmalloc_cache_noprof+0x189/0x420 [ 13.141085] kasan_strings+0xc0/0xe80 [ 13.141304] kunit_try_run_case+0x1a5/0x480 [ 13.141612] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.141841] kthread+0x337/0x6f0 [ 13.142538] ret_from_fork+0x116/0x1d0 [ 13.143333] ret_from_fork_asm+0x1a/0x30 [ 13.143496] [ 13.143562] Freed by task 285: [ 13.143665] kasan_save_stack+0x45/0x70 [ 13.143790] kasan_save_track+0x18/0x40 [ 13.143910] kasan_save_free_info+0x3f/0x60 [ 13.144042] __kasan_slab_free+0x56/0x70 [ 13.144172] kfree+0x222/0x3f0 [ 13.144288] kasan_strings+0x2aa/0xe80 [ 13.144409] kunit_try_run_case+0x1a5/0x480 [ 13.144541] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.144706] kthread+0x337/0x6f0 [ 13.144815] ret_from_fork+0x116/0x1d0 [ 13.144935] ret_from_fork_asm+0x1a/0x30 [ 13.145061] [ 13.145121] The buggy address belongs to the object at ffff88810262ad80 [ 13.145121] which belongs to the cache kmalloc-32 of size 32 [ 13.147976] The buggy address is located 16 bytes inside of [ 13.147976] freed 32-byte region [ffff88810262ad80, ffff88810262ada0) [ 13.149443] [ 13.150331] The buggy address belongs to the physical page: [ 13.150587] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262a [ 13.150938] flags: 0x200000000000000(node=0|zone=2) [ 13.151113] page_type: f5(slab) [ 13.151542] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.151865] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.152943] page dumped because: kasan: bad access detected [ 13.153434] [ 13.153685] Memory state around the buggy address: [ 13.153902] ffff88810262ac80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.154417] ffff88810262ad00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.154919] >ffff88810262ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.155391] ^ [ 13.155567] ffff88810262ae00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.155854] ffff88810262ae80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.156140] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kasan_strings
[ 13.102569] ================================================================== [ 13.102946] BUG: KASAN: slab-use-after-free in kasan_strings+0xcbc/0xe80 [ 13.103230] Read of size 1 at addr ffff88810262ad90 by task kunit_try_catch/285 [ 13.103531] [ 13.103786] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.103836] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.103848] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.103870] Call Trace: [ 13.103886] <TASK> [ 13.103901] dump_stack_lvl+0x73/0xb0 [ 13.103929] print_report+0xd1/0x650 [ 13.103951] ? __virt_addr_valid+0x1db/0x2d0 [ 13.103973] ? kasan_strings+0xcbc/0xe80 [ 13.103992] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.104017] ? kasan_strings+0xcbc/0xe80 [ 13.104037] kasan_report+0x141/0x180 [ 13.104058] ? kasan_strings+0xcbc/0xe80 [ 13.104082] __asan_report_load1_noabort+0x18/0x20 [ 13.104106] kasan_strings+0xcbc/0xe80 [ 13.104124] ? trace_hardirqs_on+0x37/0xe0 [ 13.104147] ? __pfx_kasan_strings+0x10/0x10 [ 13.104167] ? finish_task_switch.isra.0+0x153/0x700 [ 13.104188] ? __switch_to+0x47/0xf50 [ 13.104224] ? __schedule+0x10cc/0x2b60 [ 13.104245] ? __pfx_read_tsc+0x10/0x10 [ 13.104264] ? ktime_get_ts64+0x86/0x230 [ 13.104289] kunit_try_run_case+0x1a5/0x480 [ 13.104311] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.104334] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.104355] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.104378] ? __kthread_parkme+0x82/0x180 [ 13.104397] ? preempt_count_sub+0x50/0x80 [ 13.104420] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.104443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.104464] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.104486] kthread+0x337/0x6f0 [ 13.104505] ? trace_preempt_on+0x20/0xc0 [ 13.104527] ? __pfx_kthread+0x10/0x10 [ 13.104547] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.104566] ? calculate_sigpending+0x7b/0xa0 [ 13.104589] ? __pfx_kthread+0x10/0x10 [ 13.104611] ret_from_fork+0x116/0x1d0 [ 13.104629] ? __pfx_kthread+0x10/0x10 [ 13.104654] ret_from_fork_asm+0x1a/0x30 [ 13.104683] </TASK> [ 13.104692] [ 13.114141] Allocated by task 285: [ 13.114466] kasan_save_stack+0x45/0x70 [ 13.114695] kasan_save_track+0x18/0x40 [ 13.114994] kasan_save_alloc_info+0x3b/0x50 [ 13.115266] __kasan_kmalloc+0xb7/0xc0 [ 13.115566] __kmalloc_cache_noprof+0x189/0x420 [ 13.115810] kasan_strings+0xc0/0xe80 [ 13.116096] kunit_try_run_case+0x1a5/0x480 [ 13.116443] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.116687] kthread+0x337/0x6f0 [ 13.117023] ret_from_fork+0x116/0x1d0 [ 13.117193] ret_from_fork_asm+0x1a/0x30 [ 13.117527] [ 13.117616] Freed by task 285: [ 13.117750] kasan_save_stack+0x45/0x70 [ 13.118005] kasan_save_track+0x18/0x40 [ 13.118448] kasan_save_free_info+0x3f/0x60 [ 13.118637] __kasan_slab_free+0x56/0x70 [ 13.118875] kfree+0x222/0x3f0 [ 13.119151] kasan_strings+0x2aa/0xe80 [ 13.119422] kunit_try_run_case+0x1a5/0x480 [ 13.119633] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.120008] kthread+0x337/0x6f0 [ 13.120449] ret_from_fork+0x116/0x1d0 [ 13.120595] ret_from_fork_asm+0x1a/0x30 [ 13.120788] [ 13.120862] The buggy address belongs to the object at ffff88810262ad80 [ 13.120862] which belongs to the cache kmalloc-32 of size 32 [ 13.121652] The buggy address is located 16 bytes inside of [ 13.121652] freed 32-byte region [ffff88810262ad80, ffff88810262ada0) [ 13.122176] [ 13.122275] The buggy address belongs to the physical page: [ 13.122670] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262a [ 13.123057] flags: 0x200000000000000(node=0|zone=2) [ 13.123328] page_type: f5(slab) [ 13.123446] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.123917] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.124305] page dumped because: kasan: bad access detected [ 13.124537] [ 13.124682] Memory state around the buggy address: [ 13.124910] ffff88810262ac80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.125337] ffff88810262ad00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.125623] >ffff88810262ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.125904] ^ [ 13.126058] ffff88810262ae00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.126373] ffff88810262ae80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.126645] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-strcmp
[ 13.074619] ================================================================== [ 13.076627] BUG: KASAN: slab-use-after-free in strcmp+0xb0/0xc0 [ 13.076840] Read of size 1 at addr ffff88810262ad90 by task kunit_try_catch/285 [ 13.077058] [ 13.077139] CPU: 0 UID: 0 PID: 285 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.077189] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.077201] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.077234] Call Trace: [ 13.077250] <TASK> [ 13.077266] dump_stack_lvl+0x73/0xb0 [ 13.077292] print_report+0xd1/0x650 [ 13.077316] ? __virt_addr_valid+0x1db/0x2d0 [ 13.077340] ? strcmp+0xb0/0xc0 [ 13.077360] ? kasan_complete_mode_report_info+0x64/0x200 [ 13.077385] ? strcmp+0xb0/0xc0 [ 13.077404] kasan_report+0x141/0x180 [ 13.077426] ? strcmp+0xb0/0xc0 [ 13.077449] __asan_report_load1_noabort+0x18/0x20 [ 13.077472] strcmp+0xb0/0xc0 [ 13.077493] kasan_strings+0x431/0xe80 [ 13.077512] ? trace_hardirqs_on+0x37/0xe0 [ 13.077536] ? __pfx_kasan_strings+0x10/0x10 [ 13.077556] ? finish_task_switch.isra.0+0x153/0x700 [ 13.077579] ? __switch_to+0x47/0xf50 [ 13.077604] ? __schedule+0x10cc/0x2b60 [ 13.077626] ? __pfx_read_tsc+0x10/0x10 [ 13.077648] ? ktime_get_ts64+0x86/0x230 [ 13.077672] kunit_try_run_case+0x1a5/0x480 [ 13.077695] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.077717] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.077738] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.077761] ? __kthread_parkme+0x82/0x180 [ 13.077782] ? preempt_count_sub+0x50/0x80 [ 13.077804] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.077827] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.077849] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.077870] kthread+0x337/0x6f0 [ 13.077889] ? trace_preempt_on+0x20/0xc0 [ 13.077911] ? __pfx_kthread+0x10/0x10 [ 13.077931] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.077951] ? calculate_sigpending+0x7b/0xa0 [ 13.077974] ? __pfx_kthread+0x10/0x10 [ 13.077995] ret_from_fork+0x116/0x1d0 [ 13.078013] ? __pfx_kthread+0x10/0x10 [ 13.078033] ret_from_fork_asm+0x1a/0x30 [ 13.078063] </TASK> [ 13.078074] [ 13.088622] Allocated by task 285: [ 13.088756] kasan_save_stack+0x45/0x70 [ 13.088893] kasan_save_track+0x18/0x40 [ 13.089017] kasan_save_alloc_info+0x3b/0x50 [ 13.089154] __kasan_kmalloc+0xb7/0xc0 [ 13.089502] __kmalloc_cache_noprof+0x189/0x420 [ 13.089884] kasan_strings+0xc0/0xe80 [ 13.090228] kunit_try_run_case+0x1a5/0x480 [ 13.090645] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.091117] kthread+0x337/0x6f0 [ 13.091425] ret_from_fork+0x116/0x1d0 [ 13.091774] ret_from_fork_asm+0x1a/0x30 [ 13.092142] [ 13.092311] Freed by task 285: [ 13.092576] kasan_save_stack+0x45/0x70 [ 13.092911] kasan_save_track+0x18/0x40 [ 13.093279] kasan_save_free_info+0x3f/0x60 [ 13.093659] __kasan_slab_free+0x56/0x70 [ 13.094007] kfree+0x222/0x3f0 [ 13.094294] kasan_strings+0x2aa/0xe80 [ 13.094614] kunit_try_run_case+0x1a5/0x480 [ 13.094779] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.094941] kthread+0x337/0x6f0 [ 13.095051] ret_from_fork+0x116/0x1d0 [ 13.095171] ret_from_fork_asm+0x1a/0x30 [ 13.095319] [ 13.095403] The buggy address belongs to the object at ffff88810262ad80 [ 13.095403] which belongs to the cache kmalloc-32 of size 32 [ 13.095818] The buggy address is located 16 bytes inside of [ 13.095818] freed 32-byte region [ffff88810262ad80, ffff88810262ada0) [ 13.096261] [ 13.096352] The buggy address belongs to the physical page: [ 13.096572] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262a [ 13.096843] flags: 0x200000000000000(node=0|zone=2) [ 13.097011] page_type: f5(slab) [ 13.097172] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.097754] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.098003] page dumped because: kasan: bad access detected [ 13.098420] [ 13.098503] Memory state around the buggy address: [ 13.098702] ffff88810262ac80: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 13.098967] ffff88810262ad00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.099506] >ffff88810262ad80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.099993] ^ [ 13.100353] ffff88810262ae00: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.100806] ffff88810262ae80: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 13.101103] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-memcmp
[ 13.035969] ================================================================== [ 13.036990] BUG: KASAN: slab-out-of-bounds in memcmp+0x1b4/0x1d0 [ 13.037640] Read of size 1 at addr ffff8881038fe1d8 by task kunit_try_catch/283 [ 13.037919] [ 13.037998] CPU: 1 UID: 0 PID: 283 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.038068] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.038081] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.038117] Call Trace: [ 13.038128] <TASK> [ 13.038144] dump_stack_lvl+0x73/0xb0 [ 13.038182] print_report+0xd1/0x650 [ 13.038552] ? __virt_addr_valid+0x1db/0x2d0 [ 13.038743] ? memcmp+0x1b4/0x1d0 [ 13.038765] ? kasan_complete_mode_report_info+0x2a/0x200 [ 13.038955] ? memcmp+0x1b4/0x1d0 [ 13.038977] kasan_report+0x141/0x180 [ 13.038999] ? memcmp+0x1b4/0x1d0 [ 13.039023] __asan_report_load1_noabort+0x18/0x20 [ 13.039046] memcmp+0x1b4/0x1d0 [ 13.039068] kasan_memcmp+0x18f/0x390 [ 13.039087] ? trace_hardirqs_on+0x37/0xe0 [ 13.039110] ? __pfx_kasan_memcmp+0x10/0x10 [ 13.039129] ? finish_task_switch.isra.0+0x153/0x700 [ 13.039150] ? __switch_to+0x47/0xf50 [ 13.039178] ? __pfx_read_tsc+0x10/0x10 [ 13.039199] ? ktime_get_ts64+0x86/0x230 [ 13.039233] kunit_try_run_case+0x1a5/0x480 [ 13.039256] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.039278] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.039299] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.039320] ? __kthread_parkme+0x82/0x180 [ 13.039339] ? preempt_count_sub+0x50/0x80 [ 13.039361] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.039384] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.039405] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.039427] kthread+0x337/0x6f0 [ 13.039445] ? trace_preempt_on+0x20/0xc0 [ 13.039466] ? __pfx_kthread+0x10/0x10 [ 13.039486] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.039505] ? calculate_sigpending+0x7b/0xa0 [ 13.039528] ? __pfx_kthread+0x10/0x10 [ 13.039548] ret_from_fork+0x116/0x1d0 [ 13.039565] ? __pfx_kthread+0x10/0x10 [ 13.039585] ret_from_fork_asm+0x1a/0x30 [ 13.039615] </TASK> [ 13.039625] [ 13.050808] Allocated by task 283: [ 13.050944] kasan_save_stack+0x45/0x70 [ 13.051430] kasan_save_track+0x18/0x40 [ 13.051753] kasan_save_alloc_info+0x3b/0x50 [ 13.051993] __kasan_kmalloc+0xb7/0xc0 [ 13.052391] __kmalloc_cache_noprof+0x189/0x420 [ 13.052796] kasan_memcmp+0xb7/0x390 [ 13.053160] kunit_try_run_case+0x1a5/0x480 [ 13.053385] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.054027] kthread+0x337/0x6f0 [ 13.054234] ret_from_fork+0x116/0x1d0 [ 13.054795] ret_from_fork_asm+0x1a/0x30 [ 13.054995] [ 13.055109] The buggy address belongs to the object at ffff8881038fe1c0 [ 13.055109] which belongs to the cache kmalloc-32 of size 32 [ 13.055872] The buggy address is located 0 bytes to the right of [ 13.055872] allocated 24-byte region [ffff8881038fe1c0, ffff8881038fe1d8) [ 13.056792] [ 13.056887] The buggy address belongs to the physical page: [ 13.057299] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fe [ 13.057727] flags: 0x200000000000000(node=0|zone=2) [ 13.057949] page_type: f5(slab) [ 13.058102] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 13.058975] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 13.059333] page dumped because: kasan: bad access detected [ 13.059836] [ 13.059929] Memory state around the buggy address: [ 13.060365] ffff8881038fe080: 00 00 07 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.060825] ffff8881038fe100: 00 00 00 04 fc fc fc fc 00 00 07 fc fc fc fc fc [ 13.061318] >ffff8881038fe180: 00 00 00 fc fc fc fc fc 00 00 00 fc fc fc fc fc [ 13.061712] ^ [ 13.062176] ffff8881038fe200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.062773] ffff8881038fe280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 13.063236] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_right
[ 13.002261] ================================================================== [ 13.002854] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_right+0x329/0x390 [ 13.003692] Read of size 1 at addr ffff8881029d7c4a by task kunit_try_catch/279 [ 13.003962] [ 13.004160] CPU: 1 UID: 0 PID: 279 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 13.004217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 13.004230] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 13.004250] Call Trace: [ 13.004263] <TASK> [ 13.004277] dump_stack_lvl+0x73/0xb0 [ 13.004302] print_report+0xd1/0x650 [ 13.004322] ? __virt_addr_valid+0x1db/0x2d0 [ 13.004344] ? kasan_alloca_oob_right+0x329/0x390 [ 13.004365] ? kasan_addr_to_slab+0x11/0xa0 [ 13.004384] ? kasan_alloca_oob_right+0x329/0x390 [ 13.004405] kasan_report+0x141/0x180 [ 13.004426] ? kasan_alloca_oob_right+0x329/0x390 [ 13.004451] __asan_report_load1_noabort+0x18/0x20 [ 13.004473] kasan_alloca_oob_right+0x329/0x390 [ 13.004493] ? __kasan_check_write+0x18/0x20 [ 13.004516] ? __pfx_sched_clock_cpu+0x10/0x10 [ 13.004536] ? finish_task_switch.isra.0+0x153/0x700 [ 13.004558] ? rt_mutex_adjust_prio_chain+0x7ee/0x20e0 [ 13.004583] ? trace_hardirqs_on+0x37/0xe0 [ 13.004606] ? __pfx_kasan_alloca_oob_right+0x10/0x10 [ 13.004630] ? __schedule+0x10cc/0x2b60 [ 13.004654] ? __pfx_read_tsc+0x10/0x10 [ 13.004674] ? ktime_get_ts64+0x86/0x230 [ 13.004698] kunit_try_run_case+0x1a5/0x480 [ 13.004720] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.004741] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 13.004761] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 13.004782] ? __kthread_parkme+0x82/0x180 [ 13.004802] ? preempt_count_sub+0x50/0x80 [ 13.004823] ? __pfx_kunit_try_run_case+0x10/0x10 [ 13.004845] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 13.004866] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 13.004888] kthread+0x337/0x6f0 [ 13.004907] ? trace_preempt_on+0x20/0xc0 [ 13.004927] ? __pfx_kthread+0x10/0x10 [ 13.004947] ? _raw_spin_unlock_irq+0x47/0x80 [ 13.004966] ? calculate_sigpending+0x7b/0xa0 [ 13.004989] ? __pfx_kthread+0x10/0x10 [ 13.005009] ret_from_fork+0x116/0x1d0 [ 13.005026] ? __pfx_kthread+0x10/0x10 [ 13.005045] ret_from_fork_asm+0x1a/0x30 [ 13.005074] </TASK> [ 13.005085] [ 13.019967] The buggy address belongs to stack of task kunit_try_catch/279 [ 13.020186] [ 13.020263] The buggy address belongs to the physical page: [ 13.020441] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d7 [ 13.021175] flags: 0x200000000000000(node=0|zone=2) [ 13.021735] raw: 0200000000000000 ffffea00040a75c8 ffffea00040a75c8 0000000000000000 [ 13.022410] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 13.022631] page dumped because: kasan: bad access detected [ 13.022789] [ 13.022848] Memory state around the buggy address: [ 13.022990] ffff8881029d7b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.023201] ffff8881029d7b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 13.023869] >ffff8881029d7c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 13.024577] ^ [ 13.025146] ffff8881029d7c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 13.025846] ffff8881029d7d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 13.026507] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-alloca-out-of-bounds-in-kasan_alloca_oob_left
[ 12.981301] ================================================================== [ 12.982020] BUG: KASAN: alloca-out-of-bounds in kasan_alloca_oob_left+0x320/0x380 [ 12.982355] Read of size 1 at addr ffff888102b87c3f by task kunit_try_catch/277 [ 12.982870] [ 12.982962] CPU: 0 UID: 0 PID: 277 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.983012] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.983025] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.983047] Call Trace: [ 12.983059] <TASK> [ 12.983074] dump_stack_lvl+0x73/0xb0 [ 12.983103] print_report+0xd1/0x650 [ 12.983125] ? __virt_addr_valid+0x1db/0x2d0 [ 12.983149] ? kasan_alloca_oob_left+0x320/0x380 [ 12.983170] ? kasan_addr_to_slab+0x11/0xa0 [ 12.983190] ? kasan_alloca_oob_left+0x320/0x380 [ 12.983223] kasan_report+0x141/0x180 [ 12.983244] ? kasan_alloca_oob_left+0x320/0x380 [ 12.983269] __asan_report_load1_noabort+0x18/0x20 [ 12.983293] kasan_alloca_oob_left+0x320/0x380 [ 12.983315] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.983337] ? finish_task_switch.isra.0+0x153/0x700 [ 12.983361] ? rt_mutex_adjust_prio_chain+0x7ee/0x20e0 [ 12.983388] ? trace_hardirqs_on+0x37/0xe0 [ 12.983413] ? __pfx_kasan_alloca_oob_left+0x10/0x10 [ 12.983437] ? __schedule+0x10cc/0x2b60 [ 12.983457] ? __pfx_read_tsc+0x10/0x10 [ 12.983479] ? ktime_get_ts64+0x86/0x230 [ 12.983504] kunit_try_run_case+0x1a5/0x480 [ 12.983529] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.983551] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.983573] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.983594] ? __kthread_parkme+0x82/0x180 [ 12.983616] ? preempt_count_sub+0x50/0x80 [ 12.983639] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.983662] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.983684] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.983706] kthread+0x337/0x6f0 [ 12.983725] ? trace_preempt_on+0x20/0xc0 [ 12.983747] ? __pfx_kthread+0x10/0x10 [ 12.983767] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.983786] ? calculate_sigpending+0x7b/0xa0 [ 12.983811] ? __pfx_kthread+0x10/0x10 [ 12.983831] ret_from_fork+0x116/0x1d0 [ 12.983850] ? __pfx_kthread+0x10/0x10 [ 12.983869] ret_from_fork_asm+0x1a/0x30 [ 12.983900] </TASK> [ 12.983910] [ 12.993365] The buggy address belongs to stack of task kunit_try_catch/277 [ 12.993659] [ 12.993741] The buggy address belongs to the physical page: [ 12.993964] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b87 [ 12.994556] flags: 0x200000000000000(node=0|zone=2) [ 12.994981] raw: 0200000000000000 dead000000000100 dead000000000122 0000000000000000 [ 12.995486] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.995940] page dumped because: kasan: bad access detected [ 12.996354] [ 12.996567] Memory state around the buggy address: [ 12.996784] ffff888102b87b00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.997063] ffff888102b87b80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.997609] >ffff888102b87c00: 00 00 00 00 ca ca ca ca 00 02 cb cb cb cb cb cb [ 12.998062] ^ [ 12.998476] ffff888102b87c80: 00 00 00 f1 f1 f1 f1 01 f2 04 f2 00 f2 f2 f2 00 [ 12.998921] ffff888102b87d00: 00 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.999359] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-stack-out-of-bounds-in-kasan_stack_oob
[ 12.951930] ================================================================== [ 12.953304] BUG: KASAN: stack-out-of-bounds in kasan_stack_oob+0x2b5/0x300 [ 12.954298] Read of size 1 at addr ffff8881029d7d02 by task kunit_try_catch/275 [ 12.954597] [ 12.954786] CPU: 0 UID: 0 PID: 275 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.954844] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.954857] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.954878] Call Trace: [ 12.954891] <TASK> [ 12.954908] dump_stack_lvl+0x73/0xb0 [ 12.954937] print_report+0xd1/0x650 [ 12.954959] ? __virt_addr_valid+0x1db/0x2d0 [ 12.954983] ? kasan_stack_oob+0x2b5/0x300 [ 12.955001] ? kasan_addr_to_slab+0x11/0xa0 [ 12.955021] ? kasan_stack_oob+0x2b5/0x300 [ 12.955040] kasan_report+0x141/0x180 [ 12.955061] ? kasan_stack_oob+0x2b5/0x300 [ 12.955084] __asan_report_load1_noabort+0x18/0x20 [ 12.955107] kasan_stack_oob+0x2b5/0x300 [ 12.955127] ? __pfx_kasan_stack_oob+0x10/0x10 [ 12.955145] ? finish_task_switch.isra.0+0x153/0x700 [ 12.955167] ? __switch_to+0x47/0xf50 [ 12.955193] ? __schedule+0x10cc/0x2b60 [ 12.955224] ? __pfx_read_tsc+0x10/0x10 [ 12.955245] ? ktime_get_ts64+0x86/0x230 [ 12.955270] kunit_try_run_case+0x1a5/0x480 [ 12.955295] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955315] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.955337] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.955358] ? __kthread_parkme+0x82/0x180 [ 12.955378] ? preempt_count_sub+0x50/0x80 [ 12.955400] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.955422] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.955444] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.955466] kthread+0x337/0x6f0 [ 12.955485] ? trace_preempt_on+0x20/0xc0 [ 12.955507] ? __pfx_kthread+0x10/0x10 [ 12.955527] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.955546] ? calculate_sigpending+0x7b/0xa0 [ 12.955569] ? __pfx_kthread+0x10/0x10 [ 12.955589] ret_from_fork+0x116/0x1d0 [ 12.955607] ? __pfx_kthread+0x10/0x10 [ 12.955626] ret_from_fork_asm+0x1a/0x30 [ 12.955655] </TASK> [ 12.955665] [ 12.968744] The buggy address belongs to stack of task kunit_try_catch/275 [ 12.969253] and is located at offset 138 in frame: [ 12.969416] kasan_stack_oob+0x0/0x300 [ 12.969852] [ 12.970062] This frame has 4 objects: [ 12.970525] [48, 49) '__assertion' [ 12.970548] [64, 72) 'array' [ 12.970930] [96, 112) '__assertion' [ 12.971280] [128, 138) 'stack_array' [ 12.971626] [ 12.972177] The buggy address belongs to the physical page: [ 12.972762] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1029d7 [ 12.973012] flags: 0x200000000000000(node=0|zone=2) [ 12.973181] raw: 0200000000000000 ffffea00040a75c8 ffffea00040a75c8 0000000000000000 [ 12.973508] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 12.973796] page dumped because: kasan: bad access detected [ 12.974004] [ 12.974085] Memory state around the buggy address: [ 12.974456] ffff8881029d7c00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.974807] ffff8881029d7c80: f1 f1 f1 f1 f1 01 f2 00 f2 f2 f2 00 00 f2 f2 00 [ 12.975106] >ffff8881029d7d00: 02 f3 f3 00 00 00 00 00 00 00 00 00 00 00 00 f1 [ 12.975442] ^ [ 12.975564] ffff8881029d7d80: f1 f1 f1 00 00 f2 f2 00 00 f2 f2 00 00 f3 f3 00 [ 12.976022] ffff8881029d7e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.976376] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject
<8>[ 240.794091] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid_reject RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid
<8>[ 240.695673] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_mode_valid_drm_test_check_mode_valid RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset
<8>[ 240.603836] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_atomic_helper_connector_hdmi_reset RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value
<8>[ 240.509149] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_tmds_char_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value
<8>[ 240.410900] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_format_value RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-global-out-of-bounds-in-kasan_global_oob_right
[ 12.920799] ================================================================== [ 12.921261] BUG: KASAN: global-out-of-bounds in kasan_global_oob_right+0x286/0x2d0 [ 12.922096] Read of size 1 at addr ffffffff8846ee8d by task kunit_try_catch/271 [ 12.922881] [ 12.923116] CPU: 1 UID: 0 PID: 271 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.923165] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.923178] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.923198] Call Trace: [ 12.923221] <TASK> [ 12.923235] dump_stack_lvl+0x73/0xb0 [ 12.923262] print_report+0xd1/0x650 [ 12.923283] ? __virt_addr_valid+0x1db/0x2d0 [ 12.923305] ? kasan_global_oob_right+0x286/0x2d0 [ 12.923325] ? kasan_addr_to_slab+0x11/0xa0 [ 12.923344] ? kasan_global_oob_right+0x286/0x2d0 [ 12.923365] kasan_report+0x141/0x180 [ 12.923386] ? kasan_global_oob_right+0x286/0x2d0 [ 12.923411] __asan_report_load1_noabort+0x18/0x20 [ 12.923434] kasan_global_oob_right+0x286/0x2d0 [ 12.923454] ? __pfx_kasan_global_oob_right+0x10/0x10 [ 12.923477] ? __schedule+0x10cc/0x2b60 [ 12.923497] ? __pfx_read_tsc+0x10/0x10 [ 12.923518] ? ktime_get_ts64+0x86/0x230 [ 12.923542] kunit_try_run_case+0x1a5/0x480 [ 12.923565] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.923585] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.923606] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.923627] ? __kthread_parkme+0x82/0x180 [ 12.923646] ? preempt_count_sub+0x50/0x80 [ 12.923670] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.923692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.923714] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.923736] kthread+0x337/0x6f0 [ 12.923754] ? trace_preempt_on+0x20/0xc0 [ 12.923777] ? __pfx_kthread+0x10/0x10 [ 12.923799] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.923822] ? calculate_sigpending+0x7b/0xa0 [ 12.923846] ? __pfx_kthread+0x10/0x10 [ 12.923866] ret_from_fork+0x116/0x1d0 [ 12.923884] ? __pfx_kthread+0x10/0x10 [ 12.923903] ret_from_fork_asm+0x1a/0x30 [ 12.923932] </TASK> [ 12.923942] [ 12.938657] The buggy address belongs to the variable: [ 12.939016] global_array+0xd/0x40 [ 12.939534] [ 12.940079] The buggy address belongs to the physical page: [ 12.940433] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x16746e [ 12.941051] flags: 0x200000000002000(reserved|node=0|zone=2) [ 12.941505] raw: 0200000000002000 ffffea00059d1b88 ffffea00059d1b88 0000000000000000 [ 12.942098] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 12.942751] page dumped because: kasan: bad access detected [ 12.943046] [ 12.943278] Memory state around the buggy address: [ 12.943695] ffffffff8846ed80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.944003] ffffffff8846ee00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.944416] >ffffffff8846ee80: 00 02 f9 f9 f9 f9 f9 f9 00 f9 f9 f9 f9 f9 f9 f9 [ 12.945070] ^ [ 12.945393] ffffffff8846ef00: 04 f9 f9 f9 f9 f9 f9 f9 02 f9 f9 f9 f9 f9 f9 f9 [ 12.945693] ffffffff8846ef80: 01 f9 f9 f9 f9 f9 f9 f9 00 00 00 00 00 00 00 00 [ 12.946500] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-mempool_kmalloc_invalid_free_helper
[ 12.892037] ================================================================== [ 12.893291] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894066] Free of addr ffff888103888001 by task kunit_try_catch/269 [ 12.894387] [ 12.894577] CPU: 1 UID: 0 PID: 269 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.894627] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.894641] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.894662] Call Trace: [ 12.894674] <TASK> [ 12.894690] dump_stack_lvl+0x73/0xb0 [ 12.894717] print_report+0xd1/0x650 [ 12.894738] ? __virt_addr_valid+0x1db/0x2d0 [ 12.894762] ? kasan_addr_to_slab+0x11/0xa0 [ 12.894781] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894806] kasan_report_invalid_free+0x10a/0x130 [ 12.894829] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894856] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894879] __kasan_mempool_poison_object+0x102/0x1d0 [ 12.894902] mempool_free+0x2ec/0x380 [ 12.894926] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.894950] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.894975] ? __kasan_check_write+0x18/0x20 [ 12.894998] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.895020] ? finish_task_switch.isra.0+0x153/0x700 [ 12.895046] mempool_kmalloc_large_invalid_free+0xed/0x140 [ 12.895068] ? __pfx_mempool_kmalloc_large_invalid_free+0x10/0x10 [ 12.895094] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.895115] ? __pfx_mempool_kfree+0x10/0x10 [ 12.895138] ? __pfx_read_tsc+0x10/0x10 [ 12.895160] ? ktime_get_ts64+0x86/0x230 [ 12.895183] kunit_try_run_case+0x1a5/0x480 [ 12.895227] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.895250] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.895271] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.895293] ? __kthread_parkme+0x82/0x180 [ 12.895312] ? preempt_count_sub+0x50/0x80 [ 12.895334] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.895356] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.895378] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.895400] kthread+0x337/0x6f0 [ 12.895418] ? trace_preempt_on+0x20/0xc0 [ 12.895441] ? __pfx_kthread+0x10/0x10 [ 12.895460] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.895480] ? calculate_sigpending+0x7b/0xa0 [ 12.895503] ? __pfx_kthread+0x10/0x10 [ 12.895523] ret_from_fork+0x116/0x1d0 [ 12.895541] ? __pfx_kthread+0x10/0x10 [ 12.895560] ret_from_fork_asm+0x1a/0x30 [ 12.895590] </TASK> [ 12.895601] [ 12.909626] The buggy address belongs to the physical page: [ 12.909833] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0xffff88810388e600 pfn:0x103888 [ 12.910316] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.910760] flags: 0x200000000000040(head|node=0|zone=2) [ 12.910995] page_type: f8(unknown) [ 12.911144] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.911739] raw: ffff88810388e600 0000000000000000 00000000f8000000 0000000000000000 [ 12.912057] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.912516] head: ffff88810388e600 0000000000000000 00000000f8000000 0000000000000000 [ 12.913059] head: 0200000000000002 ffffea00040e2201 00000000ffffffff 00000000ffffffff [ 12.913627] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.914103] page dumped because: kasan: bad access detected [ 12.914600] [ 12.914687] Memory state around the buggy address: [ 12.914899] ffff888103887f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.915431] ffff888103887f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.915770] >ffff888103888000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916083] ^ [ 12.916259] ffff888103888080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916555] ffff888103888100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.916860] ================================================================== [ 12.849657] ================================================================== [ 12.850973] BUG: KASAN: invalid-free in mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.851875] Free of addr ffff888101addb01 by task kunit_try_catch/267 [ 12.852082] [ 12.852165] CPU: 0 UID: 0 PID: 267 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.852227] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.852239] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.852260] Call Trace: [ 12.852272] <TASK> [ 12.852290] dump_stack_lvl+0x73/0xb0 [ 12.852319] print_report+0xd1/0x650 [ 12.852340] ? __virt_addr_valid+0x1db/0x2d0 [ 12.852363] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.852387] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852412] kasan_report_invalid_free+0x10a/0x130 [ 12.852436] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852461] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852485] ? mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852508] check_slab_allocation+0x11f/0x130 [ 12.852528] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.852551] mempool_free+0x2ec/0x380 [ 12.852577] mempool_kmalloc_invalid_free_helper+0x132/0x2e0 [ 12.852601] ? __pfx_mempool_kmalloc_invalid_free_helper+0x10/0x10 [ 12.852628] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.852648] ? finish_task_switch.isra.0+0x153/0x700 [ 12.852679] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.852701] ? __pfx_mempool_kmalloc_invalid_free+0x10/0x10 [ 12.852727] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.852772] ? __pfx_mempool_kfree+0x10/0x10 [ 12.852796] ? __pfx_read_tsc+0x10/0x10 [ 12.852817] ? ktime_get_ts64+0x86/0x230 [ 12.852840] kunit_try_run_case+0x1a5/0x480 [ 12.852864] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.852885] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.852908] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.852930] ? __kthread_parkme+0x82/0x180 [ 12.852950] ? preempt_count_sub+0x50/0x80 [ 12.852973] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.852994] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.853015] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.853038] kthread+0x337/0x6f0 [ 12.853056] ? trace_preempt_on+0x20/0xc0 [ 12.853078] ? __pfx_kthread+0x10/0x10 [ 12.853099] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.853120] ? calculate_sigpending+0x7b/0xa0 [ 12.853143] ? __pfx_kthread+0x10/0x10 [ 12.853164] ret_from_fork+0x116/0x1d0 [ 12.853182] ? __pfx_kthread+0x10/0x10 [ 12.853201] ret_from_fork_asm+0x1a/0x30 [ 12.853240] </TASK> [ 12.853250] [ 12.870021] Allocated by task 267: [ 12.870153] kasan_save_stack+0x45/0x70 [ 12.870549] kasan_save_track+0x18/0x40 [ 12.870925] kasan_save_alloc_info+0x3b/0x50 [ 12.871390] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.871979] remove_element+0x11e/0x190 [ 12.872239] mempool_alloc_preallocated+0x4d/0x90 [ 12.872683] mempool_kmalloc_invalid_free_helper+0x83/0x2e0 [ 12.873231] mempool_kmalloc_invalid_free+0xed/0x140 [ 12.873386] kunit_try_run_case+0x1a5/0x480 [ 12.873520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.873679] kthread+0x337/0x6f0 [ 12.873791] ret_from_fork+0x116/0x1d0 [ 12.873928] ret_from_fork_asm+0x1a/0x30 [ 12.874057] [ 12.874120] The buggy address belongs to the object at ffff888101addb00 [ 12.874120] which belongs to the cache kmalloc-128 of size 128 [ 12.875187] The buggy address is located 1 bytes inside of [ 12.875187] 128-byte region [ffff888101addb00, ffff888101addb80) [ 12.876275] [ 12.876490] The buggy address belongs to the physical page: [ 12.877078] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 12.877431] flags: 0x200000000000000(node=0|zone=2) [ 12.877592] page_type: f5(slab) [ 12.877704] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.877922] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.878134] page dumped because: kasan: bad access detected [ 12.878553] [ 12.878699] Memory state around the buggy address: [ 12.879119] ffff888101adda00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.879898] ffff888101adda80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.880597] >ffff888101addb00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.881328] ^ [ 12.881792] ffff888101addb80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.882537] ffff888101addc00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.883153] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-mempool_double_free_helper
[ 12.822958] ================================================================== [ 12.824062] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 12.825115] Free of addr ffff888103888000 by task kunit_try_catch/265 [ 12.826331] [ 12.826758] CPU: 1 UID: 0 PID: 265 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.826813] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.826865] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.826889] Call Trace: [ 12.826901] <TASK> [ 12.826916] dump_stack_lvl+0x73/0xb0 [ 12.826946] print_report+0xd1/0x650 [ 12.826966] ? __virt_addr_valid+0x1db/0x2d0 [ 12.826988] ? kasan_addr_to_slab+0x11/0xa0 [ 12.827007] ? mempool_double_free_helper+0x184/0x370 [ 12.827030] kasan_report_invalid_free+0x10a/0x130 [ 12.827053] ? mempool_double_free_helper+0x184/0x370 [ 12.827078] ? mempool_double_free_helper+0x184/0x370 [ 12.827100] __kasan_mempool_poison_pages+0x115/0x130 [ 12.827123] mempool_free+0x290/0x380 [ 12.827146] mempool_double_free_helper+0x184/0x370 [ 12.827187] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 12.827220] ? __kasan_check_write+0x18/0x20 [ 12.827241] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.827263] ? finish_task_switch.isra.0+0x153/0x700 [ 12.827287] mempool_page_alloc_double_free+0xe8/0x140 [ 12.827311] ? __pfx_mempool_page_alloc_double_free+0x10/0x10 [ 12.827338] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 12.827360] ? __pfx_mempool_free_pages+0x10/0x10 [ 12.827384] ? __pfx_read_tsc+0x10/0x10 [ 12.827405] ? ktime_get_ts64+0x86/0x230 [ 12.827445] kunit_try_run_case+0x1a5/0x480 [ 12.827468] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.827488] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.827510] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.827531] ? __kthread_parkme+0x82/0x180 [ 12.827550] ? preempt_count_sub+0x50/0x80 [ 12.827571] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.827593] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.827615] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.827636] kthread+0x337/0x6f0 [ 12.827655] ? trace_preempt_on+0x20/0xc0 [ 12.827677] ? __pfx_kthread+0x10/0x10 [ 12.827696] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.827715] ? calculate_sigpending+0x7b/0xa0 [ 12.827737] ? __pfx_kthread+0x10/0x10 [ 12.827757] ret_from_fork+0x116/0x1d0 [ 12.827776] ? __pfx_kthread+0x10/0x10 [ 12.827794] ret_from_fork_asm+0x1a/0x30 [ 12.827825] </TASK> [ 12.827835] [ 12.842951] The buggy address belongs to the physical page: [ 12.843138] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0xffff88810388e600 pfn:0x103888 [ 12.843487] flags: 0x200000000000000(node=0|zone=2) [ 12.843679] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 12.843980] raw: ffff88810388e600 0000000000000000 00000001ffffffff 0000000000000000 [ 12.844258] page dumped because: kasan: bad access detected [ 12.844436] [ 12.844499] Memory state around the buggy address: [ 12.844716] ffff888103887f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.845186] ffff888103887f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.845464] >ffff888103888000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.845668] ^ [ 12.845777] ffff888103888080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.846338] ffff888103888100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.846761] ================================================================== [ 12.803024] ================================================================== [ 12.803707] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 12.804149] Free of addr ffff888102b48000 by task kunit_try_catch/263 [ 12.804424] [ 12.804562] CPU: 0 UID: 0 PID: 263 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.804615] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.804629] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.804656] Call Trace: [ 12.804670] <TASK> [ 12.804686] dump_stack_lvl+0x73/0xb0 [ 12.804716] print_report+0xd1/0x650 [ 12.804737] ? __virt_addr_valid+0x1db/0x2d0 [ 12.804760] ? kasan_addr_to_slab+0x11/0xa0 [ 12.804780] ? mempool_double_free_helper+0x184/0x370 [ 12.804804] kasan_report_invalid_free+0x10a/0x130 [ 12.804827] ? mempool_double_free_helper+0x184/0x370 [ 12.804852] ? mempool_double_free_helper+0x184/0x370 [ 12.804874] __kasan_mempool_poison_object+0x1b3/0x1d0 [ 12.804897] mempool_free+0x2ec/0x380 [ 12.804921] mempool_double_free_helper+0x184/0x370 [ 12.804944] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 12.804968] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.804992] ? finish_task_switch.isra.0+0x153/0x700 [ 12.805017] mempool_kmalloc_large_double_free+0xed/0x140 [ 12.805040] ? __pfx_mempool_kmalloc_large_double_free+0x10/0x10 [ 12.805066] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.805088] ? __pfx_mempool_kfree+0x10/0x10 [ 12.805111] ? __pfx_read_tsc+0x10/0x10 [ 12.805132] ? ktime_get_ts64+0x86/0x230 [ 12.805156] kunit_try_run_case+0x1a5/0x480 [ 12.805180] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.805201] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.805234] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.805256] ? __kthread_parkme+0x82/0x180 [ 12.805276] ? preempt_count_sub+0x50/0x80 [ 12.805297] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.805320] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.805343] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.805364] kthread+0x337/0x6f0 [ 12.805382] ? trace_preempt_on+0x20/0xc0 [ 12.805406] ? __pfx_kthread+0x10/0x10 [ 12.805425] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.805444] ? calculate_sigpending+0x7b/0xa0 [ 12.805467] ? __pfx_kthread+0x10/0x10 [ 12.805488] ret_from_fork+0x116/0x1d0 [ 12.805505] ? __pfx_kthread+0x10/0x10 [ 12.805525] ret_from_fork_asm+0x1a/0x30 [ 12.805553] </TASK> [ 12.805564] [ 12.813698] The buggy address belongs to the physical page: [ 12.813870] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b48 [ 12.814473] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.814815] flags: 0x200000000000040(head|node=0|zone=2) [ 12.815082] page_type: f8(unknown) [ 12.815289] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.815668] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 12.815885] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.816100] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 12.816432] head: 0200000000000002 ffffea00040ad201 00000000ffffffff 00000000ffffffff [ 12.816956] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.817181] page dumped because: kasan: bad access detected [ 12.817725] [ 12.817822] Memory state around the buggy address: [ 12.817964] ffff888102b47f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.818167] ffff888102b47f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.818542] >ffff888102b48000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.818854] ^ [ 12.818959] ffff888102b48080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.819159] ffff888102b48100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.819489] ================================================================== [ 12.756357] ================================================================== [ 12.757718] BUG: KASAN: double-free in mempool_double_free_helper+0x184/0x370 [ 12.758830] Free of addr ffff8881038fb600 by task kunit_try_catch/261 [ 12.759535] [ 12.759882] CPU: 1 UID: 0 PID: 261 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.759934] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.759946] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.759967] Call Trace: [ 12.759978] <TASK> [ 12.759995] dump_stack_lvl+0x73/0xb0 [ 12.760023] print_report+0xd1/0x650 [ 12.760044] ? __virt_addr_valid+0x1db/0x2d0 [ 12.760067] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.760091] ? mempool_double_free_helper+0x184/0x370 [ 12.760113] kasan_report_invalid_free+0x10a/0x130 [ 12.760136] ? mempool_double_free_helper+0x184/0x370 [ 12.760160] ? mempool_double_free_helper+0x184/0x370 [ 12.760329] ? mempool_double_free_helper+0x184/0x370 [ 12.760352] check_slab_allocation+0x101/0x130 [ 12.760373] __kasan_mempool_poison_object+0x91/0x1d0 [ 12.760409] mempool_free+0x2ec/0x380 [ 12.760485] mempool_double_free_helper+0x184/0x370 [ 12.760511] ? __pfx_mempool_double_free_helper+0x10/0x10 [ 12.760536] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.760559] ? finish_task_switch.isra.0+0x153/0x700 [ 12.760583] mempool_kmalloc_double_free+0xed/0x140 [ 12.760606] ? __pfx_mempool_kmalloc_double_free+0x10/0x10 [ 12.760631] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.760655] ? __pfx_mempool_kfree+0x10/0x10 [ 12.760679] ? __pfx_read_tsc+0x10/0x10 [ 12.760700] ? ktime_get_ts64+0x86/0x230 [ 12.760725] kunit_try_run_case+0x1a5/0x480 [ 12.760747] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.760767] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.760790] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.760811] ? __kthread_parkme+0x82/0x180 [ 12.760829] ? preempt_count_sub+0x50/0x80 [ 12.760851] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.760873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.760895] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.760917] kthread+0x337/0x6f0 [ 12.760936] ? trace_preempt_on+0x20/0xc0 [ 12.760958] ? __pfx_kthread+0x10/0x10 [ 12.760978] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.760996] ? calculate_sigpending+0x7b/0xa0 [ 12.761019] ? __pfx_kthread+0x10/0x10 [ 12.761039] ret_from_fork+0x116/0x1d0 [ 12.761057] ? __pfx_kthread+0x10/0x10 [ 12.761077] ret_from_fork_asm+0x1a/0x30 [ 12.761106] </TASK> [ 12.761116] [ 12.779070] Allocated by task 261: [ 12.779522] kasan_save_stack+0x45/0x70 [ 12.779942] kasan_save_track+0x18/0x40 [ 12.780344] kasan_save_alloc_info+0x3b/0x50 [ 12.780864] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.781385] remove_element+0x11e/0x190 [ 12.781856] mempool_alloc_preallocated+0x4d/0x90 [ 12.782320] mempool_double_free_helper+0x8a/0x370 [ 12.782862] mempool_kmalloc_double_free+0xed/0x140 [ 12.783348] kunit_try_run_case+0x1a5/0x480 [ 12.783806] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.784318] kthread+0x337/0x6f0 [ 12.784520] ret_from_fork+0x116/0x1d0 [ 12.784972] ret_from_fork_asm+0x1a/0x30 [ 12.785370] [ 12.785495] Freed by task 261: [ 12.785828] kasan_save_stack+0x45/0x70 [ 12.786132] kasan_save_track+0x18/0x40 [ 12.786400] kasan_save_free_info+0x3f/0x60 [ 12.786834] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.787266] mempool_free+0x2ec/0x380 [ 12.787391] mempool_double_free_helper+0x109/0x370 [ 12.787944] mempool_kmalloc_double_free+0xed/0x140 [ 12.788434] kunit_try_run_case+0x1a5/0x480 [ 12.788850] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.789016] kthread+0x337/0x6f0 [ 12.789125] ret_from_fork+0x116/0x1d0 [ 12.789554] ret_from_fork_asm+0x1a/0x30 [ 12.790031] [ 12.790278] The buggy address belongs to the object at ffff8881038fb600 [ 12.790278] which belongs to the cache kmalloc-128 of size 128 [ 12.791672] The buggy address is located 0 bytes inside of [ 12.791672] 128-byte region [ffff8881038fb600, ffff8881038fb680) [ 12.792627] [ 12.792730] The buggy address belongs to the physical page: [ 12.793013] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fb [ 12.793836] flags: 0x200000000000000(node=0|zone=2) [ 12.794194] page_type: f5(slab) [ 12.794535] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.794757] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.794967] page dumped because: kasan: bad access detected [ 12.795123] [ 12.795238] Memory state around the buggy address: [ 12.795763] ffff8881038fb500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.796486] ffff8881038fb580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.797219] >ffff8881038fb600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.797937] ^ [ 12.798303] ffff8881038fb680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.799014] ffff8881038fb700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.799757] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-mempool_uaf_helper
[ 12.665640] ================================================================== [ 12.666690] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.666920] Read of size 1 at addr ffff888102b44000 by task kunit_try_catch/255 [ 12.667137] [ 12.667461] CPU: 0 UID: 0 PID: 255 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.667528] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.667771] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.667800] Call Trace: [ 12.667813] <TASK> [ 12.667843] dump_stack_lvl+0x73/0xb0 [ 12.667875] print_report+0xd1/0x650 [ 12.667895] ? __virt_addr_valid+0x1db/0x2d0 [ 12.667924] ? mempool_uaf_helper+0x392/0x400 [ 12.667948] ? kasan_addr_to_slab+0x11/0xa0 [ 12.667968] ? mempool_uaf_helper+0x392/0x400 [ 12.667990] kasan_report+0x141/0x180 [ 12.668011] ? mempool_uaf_helper+0x392/0x400 [ 12.668036] __asan_report_load1_noabort+0x18/0x20 [ 12.668059] mempool_uaf_helper+0x392/0x400 [ 12.668081] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.668104] ? __kasan_check_write+0x18/0x20 [ 12.668127] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.668147] ? irqentry_exit+0x2a/0x60 [ 12.668167] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.668193] mempool_kmalloc_large_uaf+0xef/0x140 [ 12.668224] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 12.668249] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.668271] ? __pfx_mempool_kfree+0x10/0x10 [ 12.668294] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 12.668318] ? __pfx_mempool_kmalloc_large_uaf+0x10/0x10 [ 12.668342] kunit_try_run_case+0x1a5/0x480 [ 12.668365] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.668387] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.668409] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.668431] ? __kthread_parkme+0x82/0x180 [ 12.668451] ? preempt_count_sub+0x50/0x80 [ 12.668473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.668496] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.668518] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.668540] kthread+0x337/0x6f0 [ 12.668559] ? trace_preempt_on+0x20/0xc0 [ 12.668583] ? __pfx_kthread+0x10/0x10 [ 12.668602] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.668621] ? calculate_sigpending+0x7b/0xa0 [ 12.668645] ? __pfx_kthread+0x10/0x10 [ 12.668669] ret_from_fork+0x116/0x1d0 [ 12.668688] ? __pfx_kthread+0x10/0x10 [ 12.668708] ret_from_fork_asm+0x1a/0x30 [ 12.668737] </TASK> [ 12.668748] [ 12.685555] The buggy address belongs to the physical page: [ 12.686192] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b44 [ 12.686468] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.687316] flags: 0x200000000000040(head|node=0|zone=2) [ 12.687905] page_type: f8(unknown) [ 12.688261] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.688671] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 12.688900] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.689128] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 12.689822] head: 0200000000000002 ffffea00040ad101 00000000ffffffff 00000000ffffffff [ 12.690740] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.691478] page dumped because: kasan: bad access detected [ 12.692133] [ 12.692358] Memory state around the buggy address: [ 12.692898] ffff888102b43f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.693364] ffff888102b43f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.693862] >ffff888102b44000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.694069] ^ [ 12.694177] ffff888102b44080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.694392] ffff888102b44100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.694608] ================================================================== [ 12.737000] ================================================================== [ 12.737494] BUG: KASAN: use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.737847] Read of size 1 at addr ffff888102b48000 by task kunit_try_catch/259 [ 12.738222] [ 12.738312] CPU: 0 UID: 0 PID: 259 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.738382] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.738407] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.738430] Call Trace: [ 12.738442] <TASK> [ 12.738458] dump_stack_lvl+0x73/0xb0 [ 12.738488] print_report+0xd1/0x650 [ 12.738509] ? __virt_addr_valid+0x1db/0x2d0 [ 12.738533] ? mempool_uaf_helper+0x392/0x400 [ 12.738554] ? kasan_addr_to_slab+0x11/0xa0 [ 12.738573] ? mempool_uaf_helper+0x392/0x400 [ 12.738594] kasan_report+0x141/0x180 [ 12.738614] ? mempool_uaf_helper+0x392/0x400 [ 12.738640] __asan_report_load1_noabort+0x18/0x20 [ 12.738663] mempool_uaf_helper+0x392/0x400 [ 12.738685] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.738705] ? update_load_avg+0x1be/0x21b0 [ 12.738730] ? update_load_avg+0x1be/0x21b0 [ 12.738750] ? update_curr+0x80/0x810 [ 12.738772] ? finish_task_switch.isra.0+0x153/0x700 [ 12.738797] mempool_page_alloc_uaf+0xed/0x140 [ 12.738819] ? __pfx_mempool_page_alloc_uaf+0x10/0x10 [ 12.738844] ? __pfx_mempool_alloc_pages+0x10/0x10 [ 12.738867] ? __pfx_mempool_free_pages+0x10/0x10 [ 12.738892] ? __pfx_read_tsc+0x10/0x10 [ 12.738913] ? ktime_get_ts64+0x86/0x230 [ 12.738957] kunit_try_run_case+0x1a5/0x480 [ 12.738981] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.739002] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.739040] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.739062] ? __kthread_parkme+0x82/0x180 [ 12.739082] ? preempt_count_sub+0x50/0x80 [ 12.739103] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.739125] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.739147] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.739169] kthread+0x337/0x6f0 [ 12.739188] ? trace_preempt_on+0x20/0xc0 [ 12.739224] ? __pfx_kthread+0x10/0x10 [ 12.739244] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.739263] ? calculate_sigpending+0x7b/0xa0 [ 12.739287] ? __pfx_kthread+0x10/0x10 [ 12.739307] ret_from_fork+0x116/0x1d0 [ 12.739324] ? __pfx_kthread+0x10/0x10 [ 12.739344] ret_from_fork_asm+0x1a/0x30 [ 12.739374] </TASK> [ 12.739384] [ 12.748285] The buggy address belongs to the physical page: [ 12.748544] page: refcount:1 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b48 [ 12.749014] flags: 0x200000000000000(node=0|zone=2) [ 12.749514] raw: 0200000000000000 0000000000000000 dead000000000122 0000000000000000 [ 12.749938] raw: 0000000000000000 0000000000000000 00000001ffffffff 0000000000000000 [ 12.750152] page dumped because: kasan: bad access detected [ 12.750627] [ 12.750767] Memory state around the buggy address: [ 12.750961] ffff888102b47f00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.751320] ffff888102b47f80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.751648] >ffff888102b48000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.751946] ^ [ 12.752103] ffff888102b48080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.752496] ffff888102b48100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 12.752697] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-mempool_uaf_helper
[ 12.630043] ================================================================== [ 12.630956] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.631202] Read of size 1 at addr ffff8881038fb200 by task kunit_try_catch/253 [ 12.633034] [ 12.633702] CPU: 1 UID: 0 PID: 253 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.633763] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.633777] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.633802] Call Trace: [ 12.633816] <TASK> [ 12.633832] dump_stack_lvl+0x73/0xb0 [ 12.633871] print_report+0xd1/0x650 [ 12.633893] ? __virt_addr_valid+0x1db/0x2d0 [ 12.633917] ? mempool_uaf_helper+0x392/0x400 [ 12.633938] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.633963] ? mempool_uaf_helper+0x392/0x400 [ 12.633984] kasan_report+0x141/0x180 [ 12.634005] ? mempool_uaf_helper+0x392/0x400 [ 12.634029] __asan_report_load1_noabort+0x18/0x20 [ 12.634052] mempool_uaf_helper+0x392/0x400 [ 12.634073] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.634095] ? __kasan_check_write+0x18/0x20 [ 12.634117] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.634139] ? irqentry_exit+0x2a/0x60 [ 12.634160] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 12.634340] mempool_kmalloc_uaf+0xef/0x140 [ 12.634364] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.634388] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.634411] ? __pfx_mempool_kfree+0x10/0x10 [ 12.634434] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.634457] ? __pfx_mempool_kmalloc_uaf+0x10/0x10 [ 12.634480] kunit_try_run_case+0x1a5/0x480 [ 12.634505] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.634526] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.634548] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.634569] ? __kthread_parkme+0x82/0x180 [ 12.634590] ? preempt_count_sub+0x50/0x80 [ 12.634612] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.634634] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.634656] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.634678] kthread+0x337/0x6f0 [ 12.634697] ? trace_preempt_on+0x20/0xc0 [ 12.634719] ? __pfx_kthread+0x10/0x10 [ 12.634739] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.634758] ? calculate_sigpending+0x7b/0xa0 [ 12.634782] ? __pfx_kthread+0x10/0x10 [ 12.634801] ret_from_fork+0x116/0x1d0 [ 12.634821] ? __pfx_kthread+0x10/0x10 [ 12.634841] ret_from_fork_asm+0x1a/0x30 [ 12.634871] </TASK> [ 12.634882] [ 12.647905] Allocated by task 253: [ 12.648090] kasan_save_stack+0x45/0x70 [ 12.648530] kasan_save_track+0x18/0x40 [ 12.648882] kasan_save_alloc_info+0x3b/0x50 [ 12.649108] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.649550] remove_element+0x11e/0x190 [ 12.649889] mempool_alloc_preallocated+0x4d/0x90 [ 12.650260] mempool_uaf_helper+0x96/0x400 [ 12.650641] mempool_kmalloc_uaf+0xef/0x140 [ 12.650855] kunit_try_run_case+0x1a5/0x480 [ 12.651153] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.651426] kthread+0x337/0x6f0 [ 12.651789] ret_from_fork+0x116/0x1d0 [ 12.651993] ret_from_fork_asm+0x1a/0x30 [ 12.652329] [ 12.652424] Freed by task 253: [ 12.652622] kasan_save_stack+0x45/0x70 [ 12.652957] kasan_save_track+0x18/0x40 [ 12.653151] kasan_save_free_info+0x3f/0x60 [ 12.653310] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.653671] mempool_free+0x2ec/0x380 [ 12.653831] mempool_uaf_helper+0x11a/0x400 [ 12.654032] mempool_kmalloc_uaf+0xef/0x140 [ 12.654363] kunit_try_run_case+0x1a5/0x480 [ 12.654859] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.655160] kthread+0x337/0x6f0 [ 12.655298] ret_from_fork+0x116/0x1d0 [ 12.655478] ret_from_fork_asm+0x1a/0x30 [ 12.655943] [ 12.656048] The buggy address belongs to the object at ffff8881038fb200 [ 12.656048] which belongs to the cache kmalloc-128 of size 128 [ 12.656880] The buggy address is located 0 bytes inside of [ 12.656880] freed 128-byte region [ffff8881038fb200, ffff8881038fb280) [ 12.657451] [ 12.657731] The buggy address belongs to the physical page: [ 12.657969] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fb [ 12.658576] flags: 0x200000000000000(node=0|zone=2) [ 12.658862] page_type: f5(slab) [ 12.659028] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.659550] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.659819] page dumped because: kasan: bad access detected [ 12.660187] [ 12.660353] Memory state around the buggy address: [ 12.660648] ffff8881038fb100: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.660955] ffff8881038fb180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.661248] >ffff8881038fb200: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.661527] ^ [ 12.661659] ffff8881038fb280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.661937] ffff8881038fb300: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.662631] ================================================================== [ 12.697991] ================================================================== [ 12.698913] BUG: KASAN: slab-use-after-free in mempool_uaf_helper+0x392/0x400 [ 12.699172] Read of size 1 at addr ffff88810262f240 by task kunit_try_catch/257 [ 12.699404] [ 12.700227] CPU: 0 UID: 0 PID: 257 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.700283] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.700296] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.700319] Call Trace: [ 12.700333] <TASK> [ 12.700349] dump_stack_lvl+0x73/0xb0 [ 12.700381] print_report+0xd1/0x650 [ 12.700404] ? __virt_addr_valid+0x1db/0x2d0 [ 12.700427] ? mempool_uaf_helper+0x392/0x400 [ 12.700449] ? kasan_complete_mode_report_info+0x64/0x200 [ 12.700475] ? mempool_uaf_helper+0x392/0x400 [ 12.700497] kasan_report+0x141/0x180 [ 12.700519] ? mempool_uaf_helper+0x392/0x400 [ 12.700546] __asan_report_load1_noabort+0x18/0x20 [ 12.700570] mempool_uaf_helper+0x392/0x400 [ 12.700593] ? __pfx_mempool_uaf_helper+0x10/0x10 [ 12.700615] ? update_load_avg+0x1be/0x21b0 [ 12.700643] ? finish_task_switch.isra.0+0x153/0x700 [ 12.700675] mempool_slab_uaf+0xea/0x140 [ 12.700698] ? __pfx_mempool_slab_uaf+0x10/0x10 [ 12.700724] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.700749] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.700775] ? __pfx_read_tsc+0x10/0x10 [ 12.700798] ? ktime_get_ts64+0x86/0x230 [ 12.700824] kunit_try_run_case+0x1a5/0x480 [ 12.700849] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.700873] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.700897] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.700920] ? __kthread_parkme+0x82/0x180 [ 12.700941] ? preempt_count_sub+0x50/0x80 [ 12.700964] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.700989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.701013] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.701038] kthread+0x337/0x6f0 [ 12.701057] ? trace_preempt_on+0x20/0xc0 [ 12.701080] ? __pfx_kthread+0x10/0x10 [ 12.701101] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.701122] ? calculate_sigpending+0x7b/0xa0 [ 12.701145] ? __pfx_kthread+0x10/0x10 [ 12.701167] ret_from_fork+0x116/0x1d0 [ 12.701185] ? __pfx_kthread+0x10/0x10 [ 12.701214] ret_from_fork_asm+0x1a/0x30 [ 12.701243] </TASK> [ 12.701255] [ 12.711375] Allocated by task 257: [ 12.711592] kasan_save_stack+0x45/0x70 [ 12.711822] kasan_save_track+0x18/0x40 [ 12.712001] kasan_save_alloc_info+0x3b/0x50 [ 12.712243] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.712509] remove_element+0x11e/0x190 [ 12.712850] mempool_alloc_preallocated+0x4d/0x90 [ 12.713015] mempool_uaf_helper+0x96/0x400 [ 12.713178] mempool_slab_uaf+0xea/0x140 [ 12.713380] kunit_try_run_case+0x1a5/0x480 [ 12.713847] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.714085] kthread+0x337/0x6f0 [ 12.714194] ret_from_fork+0x116/0x1d0 [ 12.714329] ret_from_fork_asm+0x1a/0x30 [ 12.714457] [ 12.714520] Freed by task 257: [ 12.714747] kasan_save_stack+0x45/0x70 [ 12.714969] kasan_save_track+0x18/0x40 [ 12.715248] kasan_save_free_info+0x3f/0x60 [ 12.715513] __kasan_mempool_poison_object+0x131/0x1d0 [ 12.715828] mempool_free+0x2ec/0x380 [ 12.716152] mempool_uaf_helper+0x11a/0x400 [ 12.716377] mempool_slab_uaf+0xea/0x140 [ 12.716606] kunit_try_run_case+0x1a5/0x480 [ 12.716752] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.716952] kthread+0x337/0x6f0 [ 12.717151] ret_from_fork+0x116/0x1d0 [ 12.717385] ret_from_fork_asm+0x1a/0x30 [ 12.717648] [ 12.717914] The buggy address belongs to the object at ffff88810262f240 [ 12.717914] which belongs to the cache test_cache of size 123 [ 12.718574] The buggy address is located 0 bytes inside of [ 12.718574] freed 123-byte region [ffff88810262f240, ffff88810262f2bb) [ 12.719080] [ 12.719198] The buggy address belongs to the physical page: [ 12.719544] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10262f [ 12.719803] flags: 0x200000000000000(node=0|zone=2) [ 12.719954] page_type: f5(slab) [ 12.720071] raw: 0200000000000000 ffff888102626280 dead000000000122 0000000000000000 [ 12.720689] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.721002] page dumped because: kasan: bad access detected [ 12.721352] [ 12.721420] Memory state around the buggy address: [ 12.721565] ffff88810262f100: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.721766] ffff88810262f180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.721965] >ffff88810262f200: fc fc fc fc fc fc fc fc fa fb fb fb fb fb fb fb [ 12.722309] ^ [ 12.722662] ffff88810262f280: fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 12.723196] ffff88810262f300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.723770] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-mempool_oob_right_helper
[ 12.543144] ================================================================== [ 12.543637] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.543961] Read of size 1 at addr ffff888102c54e73 by task kunit_try_catch/247 [ 12.544263] [ 12.544390] CPU: 1 UID: 0 PID: 247 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.544442] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.544455] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.544477] Call Trace: [ 12.544489] <TASK> [ 12.544507] dump_stack_lvl+0x73/0xb0 [ 12.544535] print_report+0xd1/0x650 [ 12.544556] ? __virt_addr_valid+0x1db/0x2d0 [ 12.544579] ? mempool_oob_right_helper+0x318/0x380 [ 12.544601] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.544626] ? mempool_oob_right_helper+0x318/0x380 [ 12.544686] kasan_report+0x141/0x180 [ 12.544707] ? mempool_oob_right_helper+0x318/0x380 [ 12.544732] __asan_report_load1_noabort+0x18/0x20 [ 12.544761] mempool_oob_right_helper+0x318/0x380 [ 12.544784] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.544807] ? __kasan_check_write+0x18/0x20 [ 12.544861] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.544884] ? finish_task_switch.isra.0+0x153/0x700 [ 12.544908] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.544941] ? __pfx_mempool_kmalloc_oob_right+0x10/0x10 [ 12.544966] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.544989] ? __pfx_mempool_kfree+0x10/0x10 [ 12.545012] ? __pfx_read_tsc+0x10/0x10 [ 12.545033] ? ktime_get_ts64+0x86/0x230 [ 12.545057] kunit_try_run_case+0x1a5/0x480 [ 12.545107] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545128] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.545151] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.545183] ? __kthread_parkme+0x82/0x180 [ 12.545211] ? preempt_count_sub+0x50/0x80 [ 12.545233] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.545255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.545292] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.545314] kthread+0x337/0x6f0 [ 12.545341] ? trace_preempt_on+0x20/0xc0 [ 12.545364] ? __pfx_kthread+0x10/0x10 [ 12.545384] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.545413] ? calculate_sigpending+0x7b/0xa0 [ 12.545437] ? __pfx_kthread+0x10/0x10 [ 12.545456] ret_from_fork+0x116/0x1d0 [ 12.545474] ? __pfx_kthread+0x10/0x10 [ 12.545493] ret_from_fork_asm+0x1a/0x30 [ 12.545523] </TASK> [ 12.545534] [ 12.556497] Allocated by task 247: [ 12.556704] kasan_save_stack+0x45/0x70 [ 12.556897] kasan_save_track+0x18/0x40 [ 12.557067] kasan_save_alloc_info+0x3b/0x50 [ 12.557365] __kasan_mempool_unpoison_object+0x1a9/0x200 [ 12.557868] remove_element+0x11e/0x190 [ 12.558109] mempool_alloc_preallocated+0x4d/0x90 [ 12.558292] mempool_oob_right_helper+0x8a/0x380 [ 12.558821] mempool_kmalloc_oob_right+0xf2/0x150 [ 12.559017] kunit_try_run_case+0x1a5/0x480 [ 12.559342] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.559760] kthread+0x337/0x6f0 [ 12.559920] ret_from_fork+0x116/0x1d0 [ 12.560083] ret_from_fork_asm+0x1a/0x30 [ 12.560516] [ 12.560605] The buggy address belongs to the object at ffff888102c54e00 [ 12.560605] which belongs to the cache kmalloc-128 of size 128 [ 12.561061] The buggy address is located 0 bytes to the right of [ 12.561061] allocated 115-byte region [ffff888102c54e00, ffff888102c54e73) [ 12.561850] [ 12.561934] The buggy address belongs to the physical page: [ 12.562363] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 12.562849] flags: 0x200000000000000(node=0|zone=2) [ 12.563142] page_type: f5(slab) [ 12.563292] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 12.563950] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 12.564357] page dumped because: kasan: bad access detected [ 12.564765] [ 12.564844] Memory state around the buggy address: [ 12.565003] ffff888102c54d00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.565462] ffff888102c54d80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.565889] >ffff888102c54e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.566176] ^ [ 12.566503] ffff888102c54e80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.567051] ffff888102c54f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 12.567438] ================================================================== [ 12.598019] ================================================================== [ 12.599317] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.599711] Read of size 1 at addr ffff8881038fb2bb by task kunit_try_catch/251 [ 12.599936] [ 12.600018] CPU: 1 UID: 0 PID: 251 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.600065] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.600077] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.600098] Call Trace: [ 12.600109] <TASK> [ 12.600125] dump_stack_lvl+0x73/0xb0 [ 12.600150] print_report+0xd1/0x650 [ 12.600170] ? __virt_addr_valid+0x1db/0x2d0 [ 12.600192] ? mempool_oob_right_helper+0x318/0x380 [ 12.600225] ? kasan_complete_mode_report_info+0x2a/0x200 [ 12.600251] ? mempool_oob_right_helper+0x318/0x380 [ 12.600273] kasan_report+0x141/0x180 [ 12.600294] ? mempool_oob_right_helper+0x318/0x380 [ 12.600320] __asan_report_load1_noabort+0x18/0x20 [ 12.600343] mempool_oob_right_helper+0x318/0x380 [ 12.600365] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.600389] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.600410] ? finish_task_switch.isra.0+0x153/0x700 [ 12.600434] mempool_slab_oob_right+0xed/0x140 [ 12.600457] ? __pfx_mempool_slab_oob_right+0x10/0x10 [ 12.600482] ? __pfx_mempool_alloc_slab+0x10/0x10 [ 12.600506] ? __pfx_mempool_free_slab+0x10/0x10 [ 12.600531] ? __pfx_read_tsc+0x10/0x10 [ 12.600552] ? ktime_get_ts64+0x86/0x230 [ 12.600575] kunit_try_run_case+0x1a5/0x480 [ 12.600598] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.600619] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.600642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.600667] ? __kthread_parkme+0x82/0x180 [ 12.600687] ? preempt_count_sub+0x50/0x80 [ 12.600708] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.600730] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.600752] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.600775] kthread+0x337/0x6f0 [ 12.600793] ? trace_preempt_on+0x20/0xc0 [ 12.600815] ? __pfx_kthread+0x10/0x10 [ 12.600835] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.600854] ? calculate_sigpending+0x7b/0xa0 [ 12.600876] ? __pfx_kthread+0x10/0x10 [ 12.600897] ret_from_fork+0x116/0x1d0 [ 12.600914] ? __pfx_kthread+0x10/0x10 [ 12.600934] ret_from_fork_asm+0x1a/0x30 [ 12.600962] </TASK> [ 12.600973] [ 12.611284] Allocated by task 251: [ 12.611554] kasan_save_stack+0x45/0x70 [ 12.611794] kasan_save_track+0x18/0x40 [ 12.611999] kasan_save_alloc_info+0x3b/0x50 [ 12.612253] __kasan_mempool_unpoison_object+0x1bb/0x200 [ 12.612601] remove_element+0x11e/0x190 [ 12.612824] mempool_alloc_preallocated+0x4d/0x90 [ 12.613075] mempool_oob_right_helper+0x8a/0x380 [ 12.613339] mempool_slab_oob_right+0xed/0x140 [ 12.613680] kunit_try_run_case+0x1a5/0x480 [ 12.613890] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.614108] kthread+0x337/0x6f0 [ 12.614239] ret_from_fork+0x116/0x1d0 [ 12.614373] ret_from_fork_asm+0x1a/0x30 [ 12.614521] [ 12.614593] The buggy address belongs to the object at ffff8881038fb240 [ 12.614593] which belongs to the cache test_cache of size 123 [ 12.615050] The buggy address is located 0 bytes to the right of [ 12.615050] allocated 123-byte region [ffff8881038fb240, ffff8881038fb2bb) [ 12.615598] [ 12.615672] The buggy address belongs to the physical page: [ 12.615839] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038fb [ 12.616149] flags: 0x200000000000000(node=0|zone=2) [ 12.616399] page_type: f5(slab) [ 12.616617] raw: 0200000000000000 ffff88810108edc0 dead000000000122 0000000000000000 [ 12.616976] raw: 0000000000000000 0000000080150015 00000000f5000000 0000000000000000 [ 12.617339] page dumped because: kasan: bad access detected [ 12.617660] [ 12.617751] Memory state around the buggy address: [ 12.617938] ffff8881038fb180: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.618291] ffff8881038fb200: fc fc fc fc fc fc fc fc 00 00 00 00 00 00 00 00 [ 12.618628] >ffff8881038fb280: 00 00 00 00 00 00 00 03 fc fc fc fc fc fc fc fc [ 12.618836] ^ [ 12.619016] ffff8881038fb300: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.619358] ffff8881038fb380: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.619686] ================================================================== [ 12.572044] ================================================================== [ 12.572656] BUG: KASAN: slab-out-of-bounds in mempool_oob_right_helper+0x318/0x380 [ 12.572959] Read of size 1 at addr ffff888102b46001 by task kunit_try_catch/249 [ 12.573333] [ 12.573425] CPU: 0 UID: 0 PID: 249 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 12.573476] Tainted: [B]=BAD_PAGE, [N]=TEST [ 12.573488] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 12.573511] Call Trace: [ 12.573525] <TASK> [ 12.573577] dump_stack_lvl+0x73/0xb0 [ 12.573608] print_report+0xd1/0x650 [ 12.573630] ? __virt_addr_valid+0x1db/0x2d0 [ 12.573666] ? mempool_oob_right_helper+0x318/0x380 [ 12.573688] ? kasan_addr_to_slab+0x11/0xa0 [ 12.573707] ? mempool_oob_right_helper+0x318/0x380 [ 12.573731] kasan_report+0x141/0x180 [ 12.573752] ? mempool_oob_right_helper+0x318/0x380 [ 12.573805] __asan_report_load1_noabort+0x18/0x20 [ 12.573829] mempool_oob_right_helper+0x318/0x380 [ 12.573853] ? __pfx_mempool_oob_right_helper+0x10/0x10 [ 12.573887] ? __kasan_check_write+0x18/0x20 [ 12.573910] ? __pfx_sched_clock_cpu+0x10/0x10 [ 12.573932] ? finish_task_switch.isra.0+0x153/0x700 [ 12.573958] mempool_kmalloc_large_oob_right+0xf2/0x150 [ 12.574007] ? __pfx_mempool_kmalloc_large_oob_right+0x10/0x10 [ 12.574034] ? __pfx_mempool_kmalloc+0x10/0x10 [ 12.574056] ? __pfx_mempool_kfree+0x10/0x10 [ 12.574091] ? __pfx_read_tsc+0x10/0x10 [ 12.574112] ? ktime_get_ts64+0x86/0x230 [ 12.574160] kunit_try_run_case+0x1a5/0x480 [ 12.574184] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.574223] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 12.574246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 12.574267] ? __kthread_parkme+0x82/0x180 [ 12.574293] ? preempt_count_sub+0x50/0x80 [ 12.574314] ? __pfx_kunit_try_run_case+0x10/0x10 [ 12.574337] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 12.574359] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 12.574381] kthread+0x337/0x6f0 [ 12.574400] ? trace_preempt_on+0x20/0xc0 [ 12.574423] ? __pfx_kthread+0x10/0x10 [ 12.574442] ? _raw_spin_unlock_irq+0x47/0x80 [ 12.574462] ? calculate_sigpending+0x7b/0xa0 [ 12.574485] ? __pfx_kthread+0x10/0x10 [ 12.574506] ret_from_fork+0x116/0x1d0 [ 12.574524] ? __pfx_kthread+0x10/0x10 [ 12.574543] ret_from_fork_asm+0x1a/0x30 [ 12.574573] </TASK> [ 12.574584] [ 12.585841] The buggy address belongs to the physical page: [ 12.586304] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102b44 [ 12.586813] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 12.587123] flags: 0x200000000000040(head|node=0|zone=2) [ 12.587596] page_type: f8(unknown) [ 12.587903] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.588396] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 12.588784] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 12.589266] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 12.589950] head: 0200000000000002 ffffea00040ad101 00000000ffffffff 00000000ffffffff [ 12.590454] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 12.590802] page dumped because: kasan: bad access detected [ 12.591301] [ 12.591388] Memory state around the buggy address: [ 12.591809] ffff888102b45f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.592093] ffff888102b45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 12.592724] >ffff888102b46000: 01 fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.593013] ^ [ 12.593362] ffff888102b46080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.593808] ffff888102b46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 12.594090] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_double_destroy
[ 11.970182] ================================================================== [ 11.970855] BUG: KASAN: slab-use-after-free in kmem_cache_double_destroy+0x1bf/0x380 [ 11.971381] Read of size 1 at addr ffff88810108ec80 by task kunit_try_catch/241 [ 11.972080] [ 11.972327] CPU: 1 UID: 0 PID: 241 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.972384] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.972573] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.972600] Call Trace: [ 11.972614] <TASK> [ 11.972633] dump_stack_lvl+0x73/0xb0 [ 11.972673] print_report+0xd1/0x650 [ 11.972694] ? __virt_addr_valid+0x1db/0x2d0 [ 11.972718] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.972741] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.972766] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.972789] kasan_report+0x141/0x180 [ 11.972809] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.972835] ? kmem_cache_double_destroy+0x1bf/0x380 [ 11.972858] __kasan_check_byte+0x3d/0x50 [ 11.972878] kmem_cache_destroy+0x25/0x1d0 [ 11.972904] kmem_cache_double_destroy+0x1bf/0x380 [ 11.972926] ? __pfx_kmem_cache_double_destroy+0x10/0x10 [ 11.972948] ? finish_task_switch.isra.0+0x153/0x700 [ 11.972971] ? __switch_to+0x47/0xf50 [ 11.972998] ? __pfx_read_tsc+0x10/0x10 [ 11.973020] ? ktime_get_ts64+0x86/0x230 [ 11.973045] kunit_try_run_case+0x1a5/0x480 [ 11.973069] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.973089] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.973112] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.973133] ? __kthread_parkme+0x82/0x180 [ 11.973153] ? preempt_count_sub+0x50/0x80 [ 11.973175] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.973196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.973233] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.973257] kthread+0x337/0x6f0 [ 11.973276] ? trace_preempt_on+0x20/0xc0 [ 11.973299] ? __pfx_kthread+0x10/0x10 [ 11.973319] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.973339] ? calculate_sigpending+0x7b/0xa0 [ 11.973362] ? __pfx_kthread+0x10/0x10 [ 11.973382] ret_from_fork+0x116/0x1d0 [ 11.973400] ? __pfx_kthread+0x10/0x10 [ 11.973419] ret_from_fork_asm+0x1a/0x30 [ 11.973449] </TASK> [ 11.973459] [ 11.985910] Allocated by task 241: [ 11.986043] kasan_save_stack+0x45/0x70 [ 11.986194] kasan_save_track+0x18/0x40 [ 11.986392] kasan_save_alloc_info+0x3b/0x50 [ 11.986596] __kasan_slab_alloc+0x91/0xa0 [ 11.986783] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.986998] __kmem_cache_create_args+0x169/0x240 [ 11.987286] kmem_cache_double_destroy+0xd5/0x380 [ 11.987563] kunit_try_run_case+0x1a5/0x480 [ 11.988110] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.988762] kthread+0x337/0x6f0 [ 11.989163] ret_from_fork+0x116/0x1d0 [ 11.989507] ret_from_fork_asm+0x1a/0x30 [ 11.989912] [ 11.990005] Freed by task 241: [ 11.990259] kasan_save_stack+0x45/0x70 [ 11.990678] kasan_save_track+0x18/0x40 [ 11.990947] kasan_save_free_info+0x3f/0x60 [ 11.991083] __kasan_slab_free+0x56/0x70 [ 11.991350] kmem_cache_free+0x249/0x420 [ 11.991845] slab_kmem_cache_release+0x2e/0x40 [ 11.992302] kmem_cache_release+0x16/0x20 [ 11.992741] kobject_put+0x181/0x450 [ 11.993013] sysfs_slab_release+0x16/0x20 [ 11.993402] kmem_cache_destroy+0xf0/0x1d0 [ 11.993856] kmem_cache_double_destroy+0x14e/0x380 [ 11.994008] kunit_try_run_case+0x1a5/0x480 [ 11.994147] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.994777] kthread+0x337/0x6f0 [ 11.995126] ret_from_fork+0x116/0x1d0 [ 11.995571] ret_from_fork_asm+0x1a/0x30 [ 11.995986] [ 11.996183] The buggy address belongs to the object at ffff88810108ec80 [ 11.996183] which belongs to the cache kmem_cache of size 208 [ 11.997199] The buggy address is located 0 bytes inside of [ 11.997199] freed 208-byte region [ffff88810108ec80, ffff88810108ed50) [ 11.998108] [ 11.998200] The buggy address belongs to the physical page: [ 11.998738] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10108e [ 11.999263] flags: 0x200000000000000(node=0|zone=2) [ 11.999745] page_type: f5(slab) [ 12.000080] raw: 0200000000000000 ffff888100041000 dead000000000100 dead000000000122 [ 12.000689] raw: 0000000000000000 00000000800c000c 00000000f5000000 0000000000000000 [ 12.001296] page dumped because: kasan: bad access detected [ 12.001646] [ 12.001840] Memory state around the buggy address: [ 12.002394] ffff88810108eb80: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.002889] ffff88810108ec00: fb fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.003492] >ffff88810108ec80: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 12.003701] ^ [ 12.003805] ffff88810108ed00: fb fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc [ 12.004006] ffff88810108ed80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 12.004356] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmem_cache_rcu_uaf
[ 11.914733] ================================================================== [ 11.915157] BUG: KASAN: slab-use-after-free in kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.915414] Read of size 1 at addr ffff888102626000 by task kunit_try_catch/239 [ 11.915971] [ 11.916065] CPU: 0 UID: 0 PID: 239 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.916116] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.916128] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.916150] Call Trace: [ 11.916164] <TASK> [ 11.916184] dump_stack_lvl+0x73/0xb0 [ 11.916249] print_report+0xd1/0x650 [ 11.916285] ? __virt_addr_valid+0x1db/0x2d0 [ 11.916326] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.916348] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.916373] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.916395] kasan_report+0x141/0x180 [ 11.916415] ? kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.916442] __asan_report_load1_noabort+0x18/0x20 [ 11.916465] kmem_cache_rcu_uaf+0x3e3/0x510 [ 11.916486] ? __pfx_kmem_cache_rcu_uaf+0x10/0x10 [ 11.916508] ? finish_task_switch.isra.0+0x153/0x700 [ 11.916531] ? __switch_to+0x47/0xf50 [ 11.916559] ? __pfx_read_tsc+0x10/0x10 [ 11.916581] ? ktime_get_ts64+0x86/0x230 [ 11.916606] kunit_try_run_case+0x1a5/0x480 [ 11.916631] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.916661] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.916684] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.916707] ? __kthread_parkme+0x82/0x180 [ 11.916726] ? preempt_count_sub+0x50/0x80 [ 11.916748] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.916771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.916809] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.916831] kthread+0x337/0x6f0 [ 11.916849] ? trace_preempt_on+0x20/0xc0 [ 11.916874] ? __pfx_kthread+0x10/0x10 [ 11.916894] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.916913] ? calculate_sigpending+0x7b/0xa0 [ 11.916937] ? __pfx_kthread+0x10/0x10 [ 11.916957] ret_from_fork+0x116/0x1d0 [ 11.916976] ? __pfx_kthread+0x10/0x10 [ 11.916995] ret_from_fork_asm+0x1a/0x30 [ 11.917026] </TASK> [ 11.917037] [ 11.927763] Allocated by task 239: [ 11.927960] kasan_save_stack+0x45/0x70 [ 11.928129] kasan_save_track+0x18/0x40 [ 11.928578] kasan_save_alloc_info+0x3b/0x50 [ 11.928877] __kasan_slab_alloc+0x91/0xa0 [ 11.929166] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.929561] kmem_cache_rcu_uaf+0x155/0x510 [ 11.929741] kunit_try_run_case+0x1a5/0x480 [ 11.929920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.930135] kthread+0x337/0x6f0 [ 11.930650] ret_from_fork+0x116/0x1d0 [ 11.930897] ret_from_fork_asm+0x1a/0x30 [ 11.931185] [ 11.931401] Freed by task 0: [ 11.931660] kasan_save_stack+0x45/0x70 [ 11.931938] kasan_save_track+0x18/0x40 [ 11.932319] kasan_save_free_info+0x3f/0x60 [ 11.932661] __kasan_slab_free+0x56/0x70 [ 11.933048] slab_free_after_rcu_debug+0xe4/0x310 [ 11.933381] rcu_core+0x66f/0x1c40 [ 11.933551] rcu_core_si+0x12/0x20 [ 11.933859] handle_softirqs+0x209/0x730 [ 11.934173] __irq_exit_rcu+0xc9/0x110 [ 11.934349] irq_exit_rcu+0x12/0x20 [ 11.934665] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.935023] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.935366] [ 11.935607] Last potentially related work creation: [ 11.935798] kasan_save_stack+0x45/0x70 [ 11.935973] kasan_record_aux_stack+0xb2/0xc0 [ 11.936155] kmem_cache_free+0x131/0x420 [ 11.936337] kmem_cache_rcu_uaf+0x194/0x510 [ 11.936736] kunit_try_run_case+0x1a5/0x480 [ 11.937044] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.937635] kthread+0x337/0x6f0 [ 11.937825] ret_from_fork+0x116/0x1d0 [ 11.938235] ret_from_fork_asm+0x1a/0x30 [ 11.938663] [ 11.938870] The buggy address belongs to the object at ffff888102626000 [ 11.938870] which belongs to the cache test_cache of size 200 [ 11.939577] The buggy address is located 0 bytes inside of [ 11.939577] freed 200-byte region [ffff888102626000, ffff8881026260c8) [ 11.940831] [ 11.940901] The buggy address belongs to the physical page: [ 11.941071] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102626 [ 11.941925] flags: 0x200000000000000(node=0|zone=2) [ 11.942431] page_type: f5(slab) [ 11.942821] raw: 0200000000000000 ffff88810167fdc0 dead000000000122 0000000000000000 [ 11.943586] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.944338] page dumped because: kasan: bad access detected [ 11.944716] [ 11.944782] Memory state around the buggy address: [ 11.945216] ffff888102625f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.945949] ffff888102625f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.946475] >ffff888102626000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.946977] ^ [ 11.947356] ffff888102626080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 11.948050] ffff888102626100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.948696] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kmem_cache_invalid_free
[ 11.863723] ================================================================== [ 11.864175] BUG: KASAN: invalid-free in kmem_cache_invalid_free+0x1d8/0x460 [ 11.864749] Free of addr ffff888102ca3001 by task kunit_try_catch/237 [ 11.865169] [ 11.865321] CPU: 1 UID: 0 PID: 237 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.865370] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.865382] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.865403] Call Trace: [ 11.865415] <TASK> [ 11.865432] dump_stack_lvl+0x73/0xb0 [ 11.865464] print_report+0xd1/0x650 [ 11.865485] ? __virt_addr_valid+0x1db/0x2d0 [ 11.865508] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.865532] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.865556] kasan_report_invalid_free+0x10a/0x130 [ 11.865578] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.865602] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.865624] check_slab_allocation+0x11f/0x130 [ 11.865644] __kasan_slab_pre_free+0x28/0x40 [ 11.865663] kmem_cache_free+0xed/0x420 [ 11.865681] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.865699] ? kmem_cache_invalid_free+0x1d8/0x460 [ 11.865725] kmem_cache_invalid_free+0x1d8/0x460 [ 11.865747] ? __pfx_kmem_cache_invalid_free+0x10/0x10 [ 11.865770] ? finish_task_switch.isra.0+0x153/0x700 [ 11.865791] ? __switch_to+0x47/0xf50 [ 11.865819] ? __pfx_read_tsc+0x10/0x10 [ 11.865839] ? ktime_get_ts64+0x86/0x230 [ 11.865864] kunit_try_run_case+0x1a5/0x480 [ 11.865888] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.865909] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.865931] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.865951] ? __kthread_parkme+0x82/0x180 [ 11.865970] ? preempt_count_sub+0x50/0x80 [ 11.865991] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.866013] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.866034] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.866055] kthread+0x337/0x6f0 [ 11.866073] ? trace_preempt_on+0x20/0xc0 [ 11.866096] ? __pfx_kthread+0x10/0x10 [ 11.866115] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.866134] ? calculate_sigpending+0x7b/0xa0 [ 11.866157] ? __pfx_kthread+0x10/0x10 [ 11.866177] ret_from_fork+0x116/0x1d0 [ 11.866194] ? __pfx_kthread+0x10/0x10 [ 11.866231] ret_from_fork_asm+0x1a/0x30 [ 11.866260] </TASK> [ 11.866271] [ 11.874551] Allocated by task 237: [ 11.874732] kasan_save_stack+0x45/0x70 [ 11.875273] kasan_save_track+0x18/0x40 [ 11.875403] kasan_save_alloc_info+0x3b/0x50 [ 11.875538] __kasan_slab_alloc+0x91/0xa0 [ 11.875665] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.875955] kmem_cache_invalid_free+0x157/0x460 [ 11.876178] kunit_try_run_case+0x1a5/0x480 [ 11.876387] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.876878] kthread+0x337/0x6f0 [ 11.877069] ret_from_fork+0x116/0x1d0 [ 11.877455] ret_from_fork_asm+0x1a/0x30 [ 11.877616] [ 11.878033] The buggy address belongs to the object at ffff888102ca3000 [ 11.878033] which belongs to the cache test_cache of size 200 [ 11.879362] The buggy address is located 1 bytes inside of [ 11.879362] 200-byte region [ffff888102ca3000, ffff888102ca30c8) [ 11.879766] [ 11.879838] The buggy address belongs to the physical page: [ 11.880348] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca3 [ 11.880981] flags: 0x200000000000000(node=0|zone=2) [ 11.881430] page_type: f5(slab) [ 11.881721] raw: 0200000000000000 ffff88810108eb40 dead000000000122 0000000000000000 [ 11.882328] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.882732] page dumped because: kasan: bad access detected [ 11.882961] [ 11.883042] Memory state around the buggy address: [ 11.883510] ffff888102ca2f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.883947] ffff888102ca2f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.884369] >ffff888102ca3000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.884955] ^ [ 11.885115] ffff888102ca3080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 11.885662] ffff888102ca3100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.885914] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kmem_cache_double_free
[ 11.825265] ================================================================== [ 11.826054] BUG: KASAN: double-free in kmem_cache_double_free+0x1e5/0x480 [ 11.826342] Free of addr ffff888102624000 by task kunit_try_catch/235 [ 11.826622] [ 11.826817] CPU: 0 UID: 0 PID: 235 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.826864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.826877] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.826899] Call Trace: [ 11.826911] <TASK> [ 11.826927] dump_stack_lvl+0x73/0xb0 [ 11.826958] print_report+0xd1/0x650 [ 11.826978] ? __virt_addr_valid+0x1db/0x2d0 [ 11.827002] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.827025] ? kmem_cache_double_free+0x1e5/0x480 [ 11.827048] kasan_report_invalid_free+0x10a/0x130 [ 11.827070] ? kmem_cache_double_free+0x1e5/0x480 [ 11.827094] ? kmem_cache_double_free+0x1e5/0x480 [ 11.827116] check_slab_allocation+0x101/0x130 [ 11.827136] __kasan_slab_pre_free+0x28/0x40 [ 11.827155] kmem_cache_free+0xed/0x420 [ 11.827174] ? kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.827193] ? kmem_cache_double_free+0x1e5/0x480 [ 11.827233] kmem_cache_double_free+0x1e5/0x480 [ 11.827255] ? __pfx_kmem_cache_double_free+0x10/0x10 [ 11.827277] ? finish_task_switch.isra.0+0x153/0x700 [ 11.827298] ? __switch_to+0x47/0xf50 [ 11.827325] ? __pfx_read_tsc+0x10/0x10 [ 11.827346] ? ktime_get_ts64+0x86/0x230 [ 11.827371] kunit_try_run_case+0x1a5/0x480 [ 11.827395] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.827415] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.827437] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.827458] ? __kthread_parkme+0x82/0x180 [ 11.827478] ? preempt_count_sub+0x50/0x80 [ 11.827499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.827520] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.827541] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.827563] kthread+0x337/0x6f0 [ 11.827581] ? trace_preempt_on+0x20/0xc0 [ 11.827604] ? __pfx_kthread+0x10/0x10 [ 11.827623] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.827642] ? calculate_sigpending+0x7b/0xa0 [ 11.827665] ? __pfx_kthread+0x10/0x10 [ 11.827685] ret_from_fork+0x116/0x1d0 [ 11.827702] ? __pfx_kthread+0x10/0x10 [ 11.827721] ret_from_fork_asm+0x1a/0x30 [ 11.827749] </TASK> [ 11.827760] [ 11.839972] Allocated by task 235: [ 11.840288] kasan_save_stack+0x45/0x70 [ 11.840679] kasan_save_track+0x18/0x40 [ 11.841064] kasan_save_alloc_info+0x3b/0x50 [ 11.841678] __kasan_slab_alloc+0x91/0xa0 [ 11.842073] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.842291] kmem_cache_double_free+0x14f/0x480 [ 11.842499] kunit_try_run_case+0x1a5/0x480 [ 11.842867] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.843379] kthread+0x337/0x6f0 [ 11.843737] ret_from_fork+0x116/0x1d0 [ 11.843933] ret_from_fork_asm+0x1a/0x30 [ 11.844065] [ 11.844129] Freed by task 235: [ 11.844262] kasan_save_stack+0x45/0x70 [ 11.844390] kasan_save_track+0x18/0x40 [ 11.844545] kasan_save_free_info+0x3f/0x60 [ 11.844685] __kasan_slab_free+0x56/0x70 [ 11.845146] kmem_cache_free+0x249/0x420 [ 11.845367] kmem_cache_double_free+0x16a/0x480 [ 11.845516] kunit_try_run_case+0x1a5/0x480 [ 11.845714] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.845950] kthread+0x337/0x6f0 [ 11.846077] ret_from_fork+0x116/0x1d0 [ 11.846262] ret_from_fork_asm+0x1a/0x30 [ 11.846415] [ 11.846480] The buggy address belongs to the object at ffff888102624000 [ 11.846480] which belongs to the cache test_cache of size 200 [ 11.846999] The buggy address is located 0 bytes inside of [ 11.846999] 200-byte region [ffff888102624000, ffff8881026240c8) [ 11.847534] [ 11.847602] The buggy address belongs to the physical page: [ 11.848015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102624 [ 11.848526] flags: 0x200000000000000(node=0|zone=2) [ 11.848700] page_type: f5(slab) [ 11.849598] raw: 0200000000000000 ffff88810167fc80 dead000000000122 0000000000000000 [ 11.849985] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.850223] page dumped because: kasan: bad access detected [ 11.851704] [ 11.851983] Memory state around the buggy address: [ 11.852153] ffff888102623f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.852386] ffff888102623f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.852596] >ffff888102624000: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.852813] ^ [ 11.852923] ffff888102624080: fb fb fb fb fb fb fb fb fb fc fc fc fc fc fc fc [ 11.853131] ffff888102624100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.854831] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmem_cache_oob
[ 11.791065] ================================================================== [ 11.791684] BUG: KASAN: slab-out-of-bounds in kmem_cache_oob+0x402/0x530 [ 11.792063] Read of size 1 at addr ffff888102ca10c8 by task kunit_try_catch/233 [ 11.792401] [ 11.792522] CPU: 1 UID: 0 PID: 233 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.792631] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.792643] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.792669] Call Trace: [ 11.792681] <TASK> [ 11.792697] dump_stack_lvl+0x73/0xb0 [ 11.792725] print_report+0xd1/0x650 [ 11.792745] ? __virt_addr_valid+0x1db/0x2d0 [ 11.792767] ? kmem_cache_oob+0x402/0x530 [ 11.792788] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.792812] ? kmem_cache_oob+0x402/0x530 [ 11.792858] kasan_report+0x141/0x180 [ 11.792880] ? kmem_cache_oob+0x402/0x530 [ 11.792905] __asan_report_load1_noabort+0x18/0x20 [ 11.792927] kmem_cache_oob+0x402/0x530 [ 11.792947] ? trace_hardirqs_on+0x37/0xe0 [ 11.792970] ? __pfx_kmem_cache_oob+0x10/0x10 [ 11.792990] ? finish_task_switch.isra.0+0x153/0x700 [ 11.793012] ? __switch_to+0x47/0xf50 [ 11.793039] ? __pfx_read_tsc+0x10/0x10 [ 11.793060] ? ktime_get_ts64+0x86/0x230 [ 11.793084] kunit_try_run_case+0x1a5/0x480 [ 11.793106] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.793127] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.793149] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.793170] ? __kthread_parkme+0x82/0x180 [ 11.793189] ? preempt_count_sub+0x50/0x80 [ 11.793221] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.793243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.793264] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.793285] kthread+0x337/0x6f0 [ 11.793303] ? trace_preempt_on+0x20/0xc0 [ 11.793324] ? __pfx_kthread+0x10/0x10 [ 11.793343] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.793362] ? calculate_sigpending+0x7b/0xa0 [ 11.793384] ? __pfx_kthread+0x10/0x10 [ 11.793404] ret_from_fork+0x116/0x1d0 [ 11.793422] ? __pfx_kthread+0x10/0x10 [ 11.793442] ret_from_fork_asm+0x1a/0x30 [ 11.793471] </TASK> [ 11.793481] [ 11.803375] Allocated by task 233: [ 11.803554] kasan_save_stack+0x45/0x70 [ 11.803781] kasan_save_track+0x18/0x40 [ 11.803957] kasan_save_alloc_info+0x3b/0x50 [ 11.804134] __kasan_slab_alloc+0x91/0xa0 [ 11.804967] kmem_cache_alloc_noprof+0x123/0x3f0 [ 11.805179] kmem_cache_oob+0x157/0x530 [ 11.805525] kunit_try_run_case+0x1a5/0x480 [ 11.805719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.805937] kthread+0x337/0x6f0 [ 11.806050] ret_from_fork+0x116/0x1d0 [ 11.806385] ret_from_fork_asm+0x1a/0x30 [ 11.806672] [ 11.807007] The buggy address belongs to the object at ffff888102ca1000 [ 11.807007] which belongs to the cache test_cache of size 200 [ 11.807589] The buggy address is located 0 bytes to the right of [ 11.807589] allocated 200-byte region [ffff888102ca1000, ffff888102ca10c8) [ 11.808277] [ 11.808564] The buggy address belongs to the physical page: [ 11.808854] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102ca1 [ 11.809280] flags: 0x200000000000000(node=0|zone=2) [ 11.809491] page_type: f5(slab) [ 11.809884] raw: 0200000000000000 ffff88810108ea00 dead000000000122 0000000000000000 [ 11.810339] raw: 0000000000000000 00000000800f000f 00000000f5000000 0000000000000000 [ 11.810796] page dumped because: kasan: bad access detected [ 11.811028] [ 11.811101] Memory state around the buggy address: [ 11.811441] ffff888102ca0f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.811700] ffff888102ca1000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.812010] >ffff888102ca1080: 00 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc [ 11.812676] ^ [ 11.812874] ffff888102ca1100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.813362] ffff888102ca1180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.813804] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-workqueue_uaf
[ 11.752067] ================================================================== [ 11.752785] BUG: KASAN: slab-use-after-free in workqueue_uaf+0x4d6/0x560 [ 11.753328] Read of size 8 at addr ffff88810387ab40 by task kunit_try_catch/226 [ 11.753581] [ 11.753881] CPU: 1 UID: 0 PID: 226 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.753933] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.753945] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.753966] Call Trace: [ 11.753978] <TASK> [ 11.754152] dump_stack_lvl+0x73/0xb0 [ 11.754186] print_report+0xd1/0x650 [ 11.754220] ? __virt_addr_valid+0x1db/0x2d0 [ 11.754241] ? workqueue_uaf+0x4d6/0x560 [ 11.754261] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.754285] ? workqueue_uaf+0x4d6/0x560 [ 11.754304] kasan_report+0x141/0x180 [ 11.754324] ? workqueue_uaf+0x4d6/0x560 [ 11.754348] __asan_report_load8_noabort+0x18/0x20 [ 11.754370] workqueue_uaf+0x4d6/0x560 [ 11.754391] ? __pfx_workqueue_uaf+0x10/0x10 [ 11.754412] ? __schedule+0x10cc/0x2b60 [ 11.754433] ? __pfx_read_tsc+0x10/0x10 [ 11.754453] ? ktime_get_ts64+0x86/0x230 [ 11.754477] kunit_try_run_case+0x1a5/0x480 [ 11.754499] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.754520] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.754542] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.754562] ? __kthread_parkme+0x82/0x180 [ 11.754582] ? preempt_count_sub+0x50/0x80 [ 11.754606] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.754628] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.754649] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.754670] kthread+0x337/0x6f0 [ 11.754688] ? trace_preempt_on+0x20/0xc0 [ 11.754711] ? __pfx_kthread+0x10/0x10 [ 11.754730] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.754749] ? calculate_sigpending+0x7b/0xa0 [ 11.754771] ? __pfx_kthread+0x10/0x10 [ 11.754791] ret_from_fork+0x116/0x1d0 [ 11.754809] ? __pfx_kthread+0x10/0x10 [ 11.754828] ret_from_fork_asm+0x1a/0x30 [ 11.754856] </TASK> [ 11.754866] [ 11.765515] Allocated by task 226: [ 11.765842] kasan_save_stack+0x45/0x70 [ 11.766133] kasan_save_track+0x18/0x40 [ 11.766326] kasan_save_alloc_info+0x3b/0x50 [ 11.766527] __kasan_kmalloc+0xb7/0xc0 [ 11.766694] __kmalloc_cache_noprof+0x189/0x420 [ 11.766896] workqueue_uaf+0x152/0x560 [ 11.767075] kunit_try_run_case+0x1a5/0x480 [ 11.767274] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.767505] kthread+0x337/0x6f0 [ 11.767654] ret_from_fork+0x116/0x1d0 [ 11.767822] ret_from_fork_asm+0x1a/0x30 [ 11.768001] [ 11.768075] Freed by task 41: [ 11.768875] kasan_save_stack+0x45/0x70 [ 11.769115] kasan_save_track+0x18/0x40 [ 11.769413] kasan_save_free_info+0x3f/0x60 [ 11.769641] __kasan_slab_free+0x56/0x70 [ 11.769820] kfree+0x222/0x3f0 [ 11.770150] workqueue_uaf_work+0x12/0x20 [ 11.770536] process_one_work+0x5ee/0xf60 [ 11.770730] worker_thread+0x758/0x1220 [ 11.770938] kthread+0x337/0x6f0 [ 11.771051] ret_from_fork+0x116/0x1d0 [ 11.771306] ret_from_fork_asm+0x1a/0x30 [ 11.771787] [ 11.771898] Last potentially related work creation: [ 11.772246] kasan_save_stack+0x45/0x70 [ 11.772590] kasan_record_aux_stack+0xb2/0xc0 [ 11.772815] __queue_work+0x61a/0xe70 [ 11.772995] queue_work_on+0xb6/0xc0 [ 11.773340] workqueue_uaf+0x26d/0x560 [ 11.773613] kunit_try_run_case+0x1a5/0x480 [ 11.773910] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.774245] kthread+0x337/0x6f0 [ 11.774421] ret_from_fork+0x116/0x1d0 [ 11.774834] ret_from_fork_asm+0x1a/0x30 [ 11.775023] [ 11.775111] The buggy address belongs to the object at ffff88810387ab40 [ 11.775111] which belongs to the cache kmalloc-32 of size 32 [ 11.775937] The buggy address is located 0 bytes inside of [ 11.775937] freed 32-byte region [ffff88810387ab40, ffff88810387ab60) [ 11.776763] [ 11.776864] The buggy address belongs to the physical page: [ 11.777079] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10387a [ 11.777851] flags: 0x200000000000000(node=0|zone=2) [ 11.778109] page_type: f5(slab) [ 11.778471] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 11.778925] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 11.779482] page dumped because: kasan: bad access detected [ 11.779742] [ 11.779954] Memory state around the buggy address: [ 11.780140] ffff88810387aa00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 11.780570] ffff88810387aa80: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 11.781047] >ffff88810387ab00: 00 00 00 fc fc fc fc fc fa fb fb fb fc fc fc fc [ 11.781572] ^ [ 11.781990] ffff88810387ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.782673] ffff88810387ac00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.783080] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-rcu_uaf_reclaim
[ 11.709547] ================================================================== [ 11.709962] BUG: KASAN: slab-use-after-free in rcu_uaf_reclaim+0x50/0x60 [ 11.710313] Read of size 4 at addr ffff88810387aa80 by task swapper/1/0 [ 11.710641] [ 11.710840] CPU: 1 UID: 0 PID: 0 Comm: swapper/1 Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.710888] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.710900] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.710920] Call Trace: [ 11.710946] <IRQ> [ 11.710962] dump_stack_lvl+0x73/0xb0 [ 11.710992] print_report+0xd1/0x650 [ 11.711013] ? __virt_addr_valid+0x1db/0x2d0 [ 11.711034] ? rcu_uaf_reclaim+0x50/0x60 [ 11.711066] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.711092] ? rcu_uaf_reclaim+0x50/0x60 [ 11.711112] kasan_report+0x141/0x180 [ 11.711144] ? rcu_uaf_reclaim+0x50/0x60 [ 11.711168] __asan_report_load4_noabort+0x18/0x20 [ 11.711192] rcu_uaf_reclaim+0x50/0x60 [ 11.711220] rcu_core+0x66f/0x1c40 [ 11.711248] ? __pfx_rcu_core+0x10/0x10 [ 11.711268] ? ktime_get+0x6b/0x150 [ 11.711289] ? handle_softirqs+0x18e/0x730 [ 11.711322] rcu_core_si+0x12/0x20 [ 11.711341] handle_softirqs+0x209/0x730 [ 11.711360] ? hrtimer_interrupt+0x2fe/0x780 [ 11.711392] ? __pfx_handle_softirqs+0x10/0x10 [ 11.711416] __irq_exit_rcu+0xc9/0x110 [ 11.711472] irq_exit_rcu+0x12/0x20 [ 11.711505] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.711529] </IRQ> [ 11.711556] <TASK> [ 11.711566] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.711666] RIP: 0010:pv_native_safe_halt+0xf/0x20 [ 11.711878] Code: 1f 84 00 00 00 00 00 0f 1f 40 00 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 90 f3 0f 1e fa eb 07 0f 00 2d 63 38 1f 00 fb f4 <c3> cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 90 90 90 90 90 [ 11.711966] RSP: 0000:ffff888100877dc8 EFLAGS: 00010216 [ 11.712051] RAX: ffff8881cc367000 RBX: ffff888100853000 RCX: ffffffff85e98285 [ 11.712096] RDX: ffffed102a8e6193 RSI: 0000000000000004 RDI: 000000000001a57c [ 11.712137] RBP: ffff888100877dd0 R08: 0000000000000001 R09: ffffed102a8e6192 [ 11.712183] R10: ffff888154730c93 R11: 0000000000010000 R12: 0000000000000001 [ 11.712236] R13: ffffed102010a600 R14: ffffffff87bb8990 R15: 0000000000000000 [ 11.712294] ? ct_kernel_exit.constprop.0+0xa5/0xd0 [ 11.712345] ? default_idle+0xd/0x20 [ 11.712365] arch_cpu_idle+0xd/0x20 [ 11.712385] default_idle_call+0x48/0x80 [ 11.712406] do_idle+0x379/0x4f0 [ 11.712431] ? __pfx_do_idle+0x10/0x10 [ 11.712451] ? _raw_spin_unlock_irqrestore+0x49/0x90 [ 11.712472] ? complete+0x15b/0x1d0 [ 11.712493] cpu_startup_entry+0x5c/0x70 [ 11.712516] start_secondary+0x211/0x290 [ 11.712537] ? __pfx_start_secondary+0x10/0x10 [ 11.712561] common_startup_64+0x13e/0x148 [ 11.712591] </TASK> [ 11.712601] [ 11.726334] Allocated by task 224: [ 11.726801] kasan_save_stack+0x45/0x70 [ 11.727013] kasan_save_track+0x18/0x40 [ 11.727180] kasan_save_alloc_info+0x3b/0x50 [ 11.727380] __kasan_kmalloc+0xb7/0xc0 [ 11.727816] __kmalloc_cache_noprof+0x189/0x420 [ 11.727979] rcu_uaf+0xb0/0x330 [ 11.728415] kunit_try_run_case+0x1a5/0x480 [ 11.728776] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.728999] kthread+0x337/0x6f0 [ 11.729176] ret_from_fork+0x116/0x1d0 [ 11.729350] ret_from_fork_asm+0x1a/0x30 [ 11.729560] [ 11.729738] Freed by task 0: [ 11.729840] kasan_save_stack+0x45/0x70 [ 11.730019] kasan_save_track+0x18/0x40 [ 11.730199] kasan_save_free_info+0x3f/0x60 [ 11.730883] __kasan_slab_free+0x56/0x70 [ 11.731051] kfree+0x222/0x3f0 [ 11.731413] rcu_uaf_reclaim+0x1f/0x60 [ 11.731891] rcu_core+0x66f/0x1c40 [ 11.732064] rcu_core_si+0x12/0x20 [ 11.732261] handle_softirqs+0x209/0x730 [ 11.732481] __irq_exit_rcu+0xc9/0x110 [ 11.732671] irq_exit_rcu+0x12/0x20 [ 11.733202] sysvec_apic_timer_interrupt+0x81/0x90 [ 11.733621] asm_sysvec_apic_timer_interrupt+0x1f/0x30 [ 11.733808] [ 11.733917] Last potentially related work creation: [ 11.734153] kasan_save_stack+0x45/0x70 [ 11.734355] kasan_record_aux_stack+0xb2/0xc0 [ 11.734961] __call_rcu_common.constprop.0+0x7b/0x9e0 [ 11.735151] call_rcu+0x12/0x20 [ 11.735487] rcu_uaf+0x168/0x330 [ 11.735903] kunit_try_run_case+0x1a5/0x480 [ 11.736080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.736491] kthread+0x337/0x6f0 [ 11.736667] ret_from_fork+0x116/0x1d0 [ 11.737047] ret_from_fork_asm+0x1a/0x30 [ 11.737455] [ 11.737564] The buggy address belongs to the object at ffff88810387aa80 [ 11.737564] which belongs to the cache kmalloc-32 of size 32 [ 11.738415] The buggy address is located 0 bytes inside of [ 11.738415] freed 32-byte region [ffff88810387aa80, ffff88810387aaa0) [ 11.739066] [ 11.739163] The buggy address belongs to the physical page: [ 11.739723] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10387a [ 11.740184] flags: 0x200000000000000(node=0|zone=2) [ 11.740549] page_type: f5(slab) [ 11.740756] raw: 0200000000000000 ffff888100041780 dead000000000122 0000000000000000 [ 11.741399] raw: 0000000000000000 0000000080400040 00000000f5000000 0000000000000000 [ 11.742096] page dumped because: kasan: bad access detected [ 11.742377] [ 11.742706] Memory state around the buggy address: [ 11.743311] ffff88810387a980: fa fb fb fb fc fc fc fc 00 00 00 fc fc fc fc fc [ 11.743633] ffff88810387aa00: fa fb fb fb fc fc fc fc fa fb fb fb fc fc fc fc [ 11.744070] >ffff88810387aa80: fa fb fb fb fc fc fc fc fc fc fc fc fc fc fc fc [ 11.744780] ^ [ 11.744906] ffff88810387ab00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.745387] ffff88810387ab80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.745848] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-ksize_uaf
[ 11.641538] ================================================================== [ 11.641844] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5fe/0x6c0 [ 11.642274] Read of size 1 at addr ffff888102c54b00 by task kunit_try_catch/222 [ 11.642816] [ 11.643169] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.643231] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.643243] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.643264] Call Trace: [ 11.643276] <TASK> [ 11.643290] dump_stack_lvl+0x73/0xb0 [ 11.643320] print_report+0xd1/0x650 [ 11.643340] ? __virt_addr_valid+0x1db/0x2d0 [ 11.643363] ? ksize_uaf+0x5fe/0x6c0 [ 11.643381] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.643405] ? ksize_uaf+0x5fe/0x6c0 [ 11.643424] kasan_report+0x141/0x180 [ 11.643444] ? ksize_uaf+0x5fe/0x6c0 [ 11.643467] __asan_report_load1_noabort+0x18/0x20 [ 11.643490] ksize_uaf+0x5fe/0x6c0 [ 11.643508] ? __pfx_ksize_uaf+0x10/0x10 [ 11.643528] ? __schedule+0x10cc/0x2b60 [ 11.643549] ? __pfx_read_tsc+0x10/0x10 [ 11.643570] ? ktime_get_ts64+0x86/0x230 [ 11.643594] kunit_try_run_case+0x1a5/0x480 [ 11.643617] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.643637] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.643659] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.643680] ? __kthread_parkme+0x82/0x180 [ 11.643699] ? preempt_count_sub+0x50/0x80 [ 11.643721] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.643743] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.643764] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.643785] kthread+0x337/0x6f0 [ 11.643803] ? trace_preempt_on+0x20/0xc0 [ 11.643826] ? __pfx_kthread+0x10/0x10 [ 11.643845] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.643864] ? calculate_sigpending+0x7b/0xa0 [ 11.643887] ? __pfx_kthread+0x10/0x10 [ 11.643907] ret_from_fork+0x116/0x1d0 [ 11.643924] ? __pfx_kthread+0x10/0x10 [ 11.643943] ret_from_fork_asm+0x1a/0x30 [ 11.643972] </TASK> [ 11.643981] [ 11.653337] Allocated by task 222: [ 11.653974] kasan_save_stack+0x45/0x70 [ 11.654172] kasan_save_track+0x18/0x40 [ 11.654315] kasan_save_alloc_info+0x3b/0x50 [ 11.654534] __kasan_kmalloc+0xb7/0xc0 [ 11.654879] __kmalloc_cache_noprof+0x189/0x420 [ 11.655390] ksize_uaf+0xaa/0x6c0 [ 11.655900] kunit_try_run_case+0x1a5/0x480 [ 11.656319] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.656855] kthread+0x337/0x6f0 [ 11.656976] ret_from_fork+0x116/0x1d0 [ 11.657100] ret_from_fork_asm+0x1a/0x30 [ 11.657344] [ 11.657840] Freed by task 222: [ 11.658134] kasan_save_stack+0x45/0x70 [ 11.658647] kasan_save_track+0x18/0x40 [ 11.659076] kasan_save_free_info+0x3f/0x60 [ 11.659888] __kasan_slab_free+0x56/0x70 [ 11.660308] kfree+0x222/0x3f0 [ 11.660424] ksize_uaf+0x12c/0x6c0 [ 11.660854] kunit_try_run_case+0x1a5/0x480 [ 11.661355] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.661880] kthread+0x337/0x6f0 [ 11.662119] ret_from_fork+0x116/0x1d0 [ 11.662458] ret_from_fork_asm+0x1a/0x30 [ 11.662802] [ 11.662943] The buggy address belongs to the object at ffff888102c54b00 [ 11.662943] which belongs to the cache kmalloc-128 of size 128 [ 11.663986] The buggy address is located 0 bytes inside of [ 11.663986] freed 128-byte region [ffff888102c54b00, ffff888102c54b80) [ 11.664936] [ 11.665007] The buggy address belongs to the physical page: [ 11.665166] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.665401] flags: 0x200000000000000(node=0|zone=2) [ 11.665576] page_type: f5(slab) [ 11.665738] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.665993] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.666304] page dumped because: kasan: bad access detected [ 11.666474] [ 11.666591] Memory state around the buggy address: [ 11.666788] ffff888102c54a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.667002] ffff888102c54a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.667665] >ffff888102c54b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.668104] ^ [ 11.668359] ffff888102c54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.668617] ffff888102c54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.668927] ================================================================== [ 11.616725] ================================================================== [ 11.617098] BUG: KASAN: slab-use-after-free in ksize_uaf+0x19d/0x6c0 [ 11.617666] Read of size 1 at addr ffff888102c54b00 by task kunit_try_catch/222 [ 11.618757] [ 11.618852] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.618902] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.618913] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.618934] Call Trace: [ 11.618945] <TASK> [ 11.618961] dump_stack_lvl+0x73/0xb0 [ 11.618989] print_report+0xd1/0x650 [ 11.619010] ? __virt_addr_valid+0x1db/0x2d0 [ 11.619030] ? ksize_uaf+0x19d/0x6c0 [ 11.619049] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.619073] ? ksize_uaf+0x19d/0x6c0 [ 11.619092] kasan_report+0x141/0x180 [ 11.619112] ? ksize_uaf+0x19d/0x6c0 [ 11.619134] ? ksize_uaf+0x19d/0x6c0 [ 11.619152] __kasan_check_byte+0x3d/0x50 [ 11.619172] ksize+0x20/0x60 [ 11.619190] ksize_uaf+0x19d/0x6c0 [ 11.619221] ? __pfx_ksize_uaf+0x10/0x10 [ 11.619242] ? __schedule+0x10cc/0x2b60 [ 11.619262] ? __pfx_read_tsc+0x10/0x10 [ 11.619418] ? ktime_get_ts64+0x86/0x230 [ 11.619447] kunit_try_run_case+0x1a5/0x480 [ 11.619471] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.619492] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.619513] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.619534] ? __kthread_parkme+0x82/0x180 [ 11.619553] ? preempt_count_sub+0x50/0x80 [ 11.619576] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.619598] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.619620] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.619641] kthread+0x337/0x6f0 [ 11.619659] ? trace_preempt_on+0x20/0xc0 [ 11.619681] ? __pfx_kthread+0x10/0x10 [ 11.619700] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.619719] ? calculate_sigpending+0x7b/0xa0 [ 11.619742] ? __pfx_kthread+0x10/0x10 [ 11.619761] ret_from_fork+0x116/0x1d0 [ 11.619779] ? __pfx_kthread+0x10/0x10 [ 11.619798] ret_from_fork_asm+0x1a/0x30 [ 11.619826] </TASK> [ 11.619837] [ 11.627500] Allocated by task 222: [ 11.627765] kasan_save_stack+0x45/0x70 [ 11.627966] kasan_save_track+0x18/0x40 [ 11.628133] kasan_save_alloc_info+0x3b/0x50 [ 11.628384] __kasan_kmalloc+0xb7/0xc0 [ 11.628531] __kmalloc_cache_noprof+0x189/0x420 [ 11.628810] ksize_uaf+0xaa/0x6c0 [ 11.628940] kunit_try_run_case+0x1a5/0x480 [ 11.629078] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.629254] kthread+0x337/0x6f0 [ 11.629366] ret_from_fork+0x116/0x1d0 [ 11.629536] ret_from_fork_asm+0x1a/0x30 [ 11.629723] [ 11.629813] Freed by task 222: [ 11.630000] kasan_save_stack+0x45/0x70 [ 11.630185] kasan_save_track+0x18/0x40 [ 11.630447] kasan_save_free_info+0x3f/0x60 [ 11.630595] __kasan_slab_free+0x56/0x70 [ 11.630722] kfree+0x222/0x3f0 [ 11.630830] ksize_uaf+0x12c/0x6c0 [ 11.631176] kunit_try_run_case+0x1a5/0x480 [ 11.631386] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.631625] kthread+0x337/0x6f0 [ 11.631756] ret_from_fork+0x116/0x1d0 [ 11.632123] ret_from_fork_asm+0x1a/0x30 [ 11.632397] [ 11.632623] The buggy address belongs to the object at ffff888102c54b00 [ 11.632623] which belongs to the cache kmalloc-128 of size 128 [ 11.633072] The buggy address is located 0 bytes inside of [ 11.633072] freed 128-byte region [ffff888102c54b00, ffff888102c54b80) [ 11.633911] [ 11.634016] The buggy address belongs to the physical page: [ 11.634557] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.634915] flags: 0x200000000000000(node=0|zone=2) [ 11.635085] page_type: f5(slab) [ 11.635230] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.635974] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.636802] page dumped because: kasan: bad access detected [ 11.637233] [ 11.637320] Memory state around the buggy address: [ 11.637876] ffff888102c54a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.638378] ffff888102c54a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.639160] >ffff888102c54b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.639875] ^ [ 11.640034] ffff888102c54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.640551] ffff888102c54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.640898] ================================================================== [ 11.671238] ================================================================== [ 11.671601] BUG: KASAN: slab-use-after-free in ksize_uaf+0x5e4/0x6c0 [ 11.672199] Read of size 1 at addr ffff888102c54b78 by task kunit_try_catch/222 [ 11.672451] [ 11.672824] CPU: 1 UID: 0 PID: 222 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.672873] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.672884] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.672904] Call Trace: [ 11.672915] <TASK> [ 11.672930] dump_stack_lvl+0x73/0xb0 [ 11.672959] print_report+0xd1/0x650 [ 11.672978] ? __virt_addr_valid+0x1db/0x2d0 [ 11.672999] ? ksize_uaf+0x5e4/0x6c0 [ 11.673017] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.673042] ? ksize_uaf+0x5e4/0x6c0 [ 11.673062] kasan_report+0x141/0x180 [ 11.673082] ? ksize_uaf+0x5e4/0x6c0 [ 11.673105] __asan_report_load1_noabort+0x18/0x20 [ 11.673127] ksize_uaf+0x5e4/0x6c0 [ 11.673146] ? __pfx_ksize_uaf+0x10/0x10 [ 11.673165] ? __schedule+0x10cc/0x2b60 [ 11.673196] ? __pfx_read_tsc+0x10/0x10 [ 11.673233] ? ktime_get_ts64+0x86/0x230 [ 11.673257] kunit_try_run_case+0x1a5/0x480 [ 11.673279] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.673299] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.673321] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.673342] ? __kthread_parkme+0x82/0x180 [ 11.673361] ? preempt_count_sub+0x50/0x80 [ 11.673385] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.673407] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.673427] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.673449] kthread+0x337/0x6f0 [ 11.673467] ? trace_preempt_on+0x20/0xc0 [ 11.673488] ? __pfx_kthread+0x10/0x10 [ 11.673507] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.673526] ? calculate_sigpending+0x7b/0xa0 [ 11.673550] ? __pfx_kthread+0x10/0x10 [ 11.673570] ret_from_fork+0x116/0x1d0 [ 11.673587] ? __pfx_kthread+0x10/0x10 [ 11.673608] ret_from_fork_asm+0x1a/0x30 [ 11.673638] </TASK> [ 11.673648] [ 11.686174] Allocated by task 222: [ 11.686312] kasan_save_stack+0x45/0x70 [ 11.686563] kasan_save_track+0x18/0x40 [ 11.687366] kasan_save_alloc_info+0x3b/0x50 [ 11.687765] __kasan_kmalloc+0xb7/0xc0 [ 11.688098] __kmalloc_cache_noprof+0x189/0x420 [ 11.688544] ksize_uaf+0xaa/0x6c0 [ 11.688846] kunit_try_run_case+0x1a5/0x480 [ 11.689261] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.689727] kthread+0x337/0x6f0 [ 11.690048] ret_from_fork+0x116/0x1d0 [ 11.690256] ret_from_fork_asm+0x1a/0x30 [ 11.690641] [ 11.690816] Freed by task 222: [ 11.691115] kasan_save_stack+0x45/0x70 [ 11.691398] kasan_save_track+0x18/0x40 [ 11.691574] kasan_save_free_info+0x3f/0x60 [ 11.691963] __kasan_slab_free+0x56/0x70 [ 11.692197] kfree+0x222/0x3f0 [ 11.692413] ksize_uaf+0x12c/0x6c0 [ 11.692733] kunit_try_run_case+0x1a5/0x480 [ 11.692873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.693037] kthread+0x337/0x6f0 [ 11.693148] ret_from_fork+0x116/0x1d0 [ 11.693300] ret_from_fork_asm+0x1a/0x30 [ 11.693429] [ 11.693538] The buggy address belongs to the object at ffff888102c54b00 [ 11.693538] which belongs to the cache kmalloc-128 of size 128 [ 11.694013] The buggy address is located 120 bytes inside of [ 11.694013] freed 128-byte region [ffff888102c54b00, ffff888102c54b80) [ 11.694491] [ 11.694557] The buggy address belongs to the physical page: [ 11.694859] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.695222] flags: 0x200000000000000(node=0|zone=2) [ 11.695411] page_type: f5(slab) [ 11.695542] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.695891] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.696181] page dumped because: kasan: bad access detected [ 11.696354] [ 11.696440] Memory state around the buggy address: [ 11.696682] ffff888102c54a00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.696995] ffff888102c54a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.697330] >ffff888102c54b00: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.697616] ^ [ 11.697921] ffff888102c54b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.698223] ffff888102c54c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.698604] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-ksize_unpoisons_memory
[ 11.560305] ================================================================== [ 11.560763] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.561016] Read of size 1 at addr ffff888102c54a78 by task kunit_try_catch/220 [ 11.561339] [ 11.561510] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.561554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.561565] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.561585] Call Trace: [ 11.561597] <TASK> [ 11.561611] dump_stack_lvl+0x73/0xb0 [ 11.561636] print_report+0xd1/0x650 [ 11.561656] ? __virt_addr_valid+0x1db/0x2d0 [ 11.561677] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.561698] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.561722] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.561743] kasan_report+0x141/0x180 [ 11.561762] ? ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.561788] __asan_report_load1_noabort+0x18/0x20 [ 11.561810] ksize_unpoisons_memory+0x7e9/0x9b0 [ 11.561832] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.561852] ? finish_task_switch.isra.0+0x153/0x700 [ 11.561872] ? __switch_to+0x47/0xf50 [ 11.561896] ? __schedule+0x10cc/0x2b60 [ 11.561917] ? __pfx_read_tsc+0x10/0x10 [ 11.561936] ? ktime_get_ts64+0x86/0x230 [ 11.561961] kunit_try_run_case+0x1a5/0x480 [ 11.561983] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.562003] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.562024] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.562045] ? __kthread_parkme+0x82/0x180 [ 11.562064] ? preempt_count_sub+0x50/0x80 [ 11.562086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.562107] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.562128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.562150] kthread+0x337/0x6f0 [ 11.562168] ? trace_preempt_on+0x20/0xc0 [ 11.562191] ? __pfx_kthread+0x10/0x10 [ 11.562222] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.562240] ? calculate_sigpending+0x7b/0xa0 [ 11.562263] ? __pfx_kthread+0x10/0x10 [ 11.562283] ret_from_fork+0x116/0x1d0 [ 11.562300] ? __pfx_kthread+0x10/0x10 [ 11.562319] ret_from_fork_asm+0x1a/0x30 [ 11.562348] </TASK> [ 11.562357] [ 11.574821] Allocated by task 220: [ 11.574951] kasan_save_stack+0x45/0x70 [ 11.575156] kasan_save_track+0x18/0x40 [ 11.575718] kasan_save_alloc_info+0x3b/0x50 [ 11.576094] __kasan_kmalloc+0xb7/0xc0 [ 11.576466] __kmalloc_cache_noprof+0x189/0x420 [ 11.576979] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.577179] kunit_try_run_case+0x1a5/0x480 [ 11.577482] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.577990] kthread+0x337/0x6f0 [ 11.578309] ret_from_fork+0x116/0x1d0 [ 11.578659] ret_from_fork_asm+0x1a/0x30 [ 11.579157] [ 11.579333] The buggy address belongs to the object at ffff888102c54a00 [ 11.579333] which belongs to the cache kmalloc-128 of size 128 [ 11.580173] The buggy address is located 5 bytes to the right of [ 11.580173] allocated 115-byte region [ffff888102c54a00, ffff888102c54a73) [ 11.580670] [ 11.580822] The buggy address belongs to the physical page: [ 11.581332] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.582060] flags: 0x200000000000000(node=0|zone=2) [ 11.582697] page_type: f5(slab) [ 11.582986] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.583575] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.583801] page dumped because: kasan: bad access detected [ 11.583963] [ 11.584024] Memory state around the buggy address: [ 11.584170] ffff888102c54900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.584459] ffff888102c54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.584754] >ffff888102c54a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.584964] ^ [ 11.585337] ffff888102c54a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.585592] ffff888102c54b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.586035] ================================================================== [ 11.587244] ================================================================== [ 11.587557] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.587869] Read of size 1 at addr ffff888102c54a7f by task kunit_try_catch/220 [ 11.588091] [ 11.588166] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.588221] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.588232] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.588253] Call Trace: [ 11.588269] <TASK> [ 11.588284] dump_stack_lvl+0x73/0xb0 [ 11.588310] print_report+0xd1/0x650 [ 11.588329] ? __virt_addr_valid+0x1db/0x2d0 [ 11.588350] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.588371] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.588396] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.588417] kasan_report+0x141/0x180 [ 11.588437] ? ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.588463] __asan_report_load1_noabort+0x18/0x20 [ 11.588485] ksize_unpoisons_memory+0x7b6/0x9b0 [ 11.588507] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.588528] ? finish_task_switch.isra.0+0x153/0x700 [ 11.588548] ? __switch_to+0x47/0xf50 [ 11.588572] ? __schedule+0x10cc/0x2b60 [ 11.588592] ? __pfx_read_tsc+0x10/0x10 [ 11.588612] ? ktime_get_ts64+0x86/0x230 [ 11.588635] kunit_try_run_case+0x1a5/0x480 [ 11.588661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.588681] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.588703] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.588724] ? __kthread_parkme+0x82/0x180 [ 11.588742] ? preempt_count_sub+0x50/0x80 [ 11.588764] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.588785] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.588806] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.588828] kthread+0x337/0x6f0 [ 11.588846] ? trace_preempt_on+0x20/0xc0 [ 11.588868] ? __pfx_kthread+0x10/0x10 [ 11.588887] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.588906] ? calculate_sigpending+0x7b/0xa0 [ 11.588929] ? __pfx_kthread+0x10/0x10 [ 11.588950] ret_from_fork+0x116/0x1d0 [ 11.588967] ? __pfx_kthread+0x10/0x10 [ 11.588986] ret_from_fork_asm+0x1a/0x30 [ 11.589014] </TASK> [ 11.589024] [ 11.603728] Allocated by task 220: [ 11.603935] kasan_save_stack+0x45/0x70 [ 11.604167] kasan_save_track+0x18/0x40 [ 11.604411] kasan_save_alloc_info+0x3b/0x50 [ 11.604721] __kasan_kmalloc+0xb7/0xc0 [ 11.604918] __kmalloc_cache_noprof+0x189/0x420 [ 11.605153] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.605386] kunit_try_run_case+0x1a5/0x480 [ 11.605583] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.606304] kthread+0x337/0x6f0 [ 11.606670] ret_from_fork+0x116/0x1d0 [ 11.606868] ret_from_fork_asm+0x1a/0x30 [ 11.607075] [ 11.607150] The buggy address belongs to the object at ffff888102c54a00 [ 11.607150] which belongs to the cache kmalloc-128 of size 128 [ 11.607762] The buggy address is located 12 bytes to the right of [ 11.607762] allocated 115-byte region [ffff888102c54a00, ffff888102c54a73) [ 11.608290] [ 11.608399] The buggy address belongs to the physical page: [ 11.608685] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.608998] flags: 0x200000000000000(node=0|zone=2) [ 11.609156] page_type: f5(slab) [ 11.609376] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.609872] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.610221] page dumped because: kasan: bad access detected [ 11.610440] [ 11.610624] Memory state around the buggy address: [ 11.610932] ffff888102c54900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.611246] ffff888102c54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.611667] >ffff888102c54a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.611959] ^ [ 11.612249] ffff888102c54a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.612627] ffff888102c54b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.612889] ================================================================== [ 11.528956] ================================================================== [ 11.530191] BUG: KASAN: slab-out-of-bounds in ksize_unpoisons_memory+0x81c/0x9b0 [ 11.530447] Read of size 1 at addr ffff888102c54a73 by task kunit_try_catch/220 [ 11.531402] [ 11.531692] CPU: 1 UID: 0 PID: 220 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.531753] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.531765] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.531785] Call Trace: [ 11.531797] <TASK> [ 11.531813] dump_stack_lvl+0x73/0xb0 [ 11.531842] print_report+0xd1/0x650 [ 11.531862] ? __virt_addr_valid+0x1db/0x2d0 [ 11.531884] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.531906] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.531931] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.531952] kasan_report+0x141/0x180 [ 11.531972] ? ksize_unpoisons_memory+0x81c/0x9b0 [ 11.531998] __asan_report_load1_noabort+0x18/0x20 [ 11.532020] ksize_unpoisons_memory+0x81c/0x9b0 [ 11.532042] ? __pfx_ksize_unpoisons_memory+0x10/0x10 [ 11.532063] ? finish_task_switch.isra.0+0x153/0x700 [ 11.532083] ? __switch_to+0x47/0xf50 [ 11.532108] ? __schedule+0x10cc/0x2b60 [ 11.532128] ? __pfx_read_tsc+0x10/0x10 [ 11.532148] ? ktime_get_ts64+0x86/0x230 [ 11.532172] kunit_try_run_case+0x1a5/0x480 [ 11.532194] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.532225] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.532246] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.532266] ? __kthread_parkme+0x82/0x180 [ 11.532285] ? preempt_count_sub+0x50/0x80 [ 11.532306] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.532327] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.532348] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.532369] kthread+0x337/0x6f0 [ 11.532387] ? trace_preempt_on+0x20/0xc0 [ 11.532409] ? __pfx_kthread+0x10/0x10 [ 11.532428] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.532447] ? calculate_sigpending+0x7b/0xa0 [ 11.532470] ? __pfx_kthread+0x10/0x10 [ 11.532490] ret_from_fork+0x116/0x1d0 [ 11.532507] ? __pfx_kthread+0x10/0x10 [ 11.532526] ret_from_fork_asm+0x1a/0x30 [ 11.532554] </TASK> [ 11.532564] [ 11.545426] Allocated by task 220: [ 11.545725] kasan_save_stack+0x45/0x70 [ 11.546130] kasan_save_track+0x18/0x40 [ 11.546538] kasan_save_alloc_info+0x3b/0x50 [ 11.546976] __kasan_kmalloc+0xb7/0xc0 [ 11.547375] __kmalloc_cache_noprof+0x189/0x420 [ 11.547801] ksize_unpoisons_memory+0xc7/0x9b0 [ 11.548294] kunit_try_run_case+0x1a5/0x480 [ 11.548758] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.549317] kthread+0x337/0x6f0 [ 11.549713] ret_from_fork+0x116/0x1d0 [ 11.550089] ret_from_fork_asm+0x1a/0x30 [ 11.550468] [ 11.550613] The buggy address belongs to the object at ffff888102c54a00 [ 11.550613] which belongs to the cache kmalloc-128 of size 128 [ 11.551396] The buggy address is located 0 bytes to the right of [ 11.551396] allocated 115-byte region [ffff888102c54a00, ffff888102c54a73) [ 11.551755] [ 11.551821] The buggy address belongs to the physical page: [ 11.552203] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.552884] flags: 0x200000000000000(node=0|zone=2) [ 11.553354] page_type: f5(slab) [ 11.553702] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.554434] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.555051] page dumped because: kasan: bad access detected [ 11.555577] [ 11.555760] Memory state around the buggy address: [ 11.556260] ffff888102c54900: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.556911] ffff888102c54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.557360] >ffff888102c54a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc [ 11.557784] ^ [ 11.558422] ffff888102c54a80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.559099] ffff888102c54b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.559810] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-double-free-in-kfree_sensitive
[ 11.495306] ================================================================== [ 11.496124] BUG: KASAN: double-free in kfree_sensitive+0x2e/0x90 [ 11.496665] Free of addr ffff8881028596a0 by task kunit_try_catch/218 [ 11.497254] [ 11.497374] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.497585] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.497602] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.497624] Call Trace: [ 11.497641] <TASK> [ 11.497657] dump_stack_lvl+0x73/0xb0 [ 11.497686] print_report+0xd1/0x650 [ 11.497706] ? __virt_addr_valid+0x1db/0x2d0 [ 11.497730] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.497757] ? kfree_sensitive+0x2e/0x90 [ 11.497777] kasan_report_invalid_free+0x10a/0x130 [ 11.497800] ? kfree_sensitive+0x2e/0x90 [ 11.497820] ? kfree_sensitive+0x2e/0x90 [ 11.497838] check_slab_allocation+0x101/0x130 [ 11.497859] __kasan_slab_pre_free+0x28/0x40 [ 11.497878] kfree+0xf0/0x3f0 [ 11.497898] ? kfree_sensitive+0x2e/0x90 [ 11.497919] kfree_sensitive+0x2e/0x90 [ 11.497937] kmalloc_double_kzfree+0x19c/0x350 [ 11.497958] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.497981] ? __schedule+0x10cc/0x2b60 [ 11.498002] ? __pfx_read_tsc+0x10/0x10 [ 11.498022] ? ktime_get_ts64+0x86/0x230 [ 11.498047] kunit_try_run_case+0x1a5/0x480 [ 11.498070] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.498090] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.498111] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.498132] ? __kthread_parkme+0x82/0x180 [ 11.498151] ? preempt_count_sub+0x50/0x80 [ 11.498174] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.498196] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.498228] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.498250] kthread+0x337/0x6f0 [ 11.498268] ? trace_preempt_on+0x20/0xc0 [ 11.498290] ? __pfx_kthread+0x10/0x10 [ 11.498309] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.498328] ? calculate_sigpending+0x7b/0xa0 [ 11.498351] ? __pfx_kthread+0x10/0x10 [ 11.498371] ret_from_fork+0x116/0x1d0 [ 11.498388] ? __pfx_kthread+0x10/0x10 [ 11.498407] ret_from_fork_asm+0x1a/0x30 [ 11.498484] </TASK> [ 11.498496] [ 11.510560] Allocated by task 218: [ 11.510833] kasan_save_stack+0x45/0x70 [ 11.511123] kasan_save_track+0x18/0x40 [ 11.511655] kasan_save_alloc_info+0x3b/0x50 [ 11.511874] __kasan_kmalloc+0xb7/0xc0 [ 11.512348] __kmalloc_cache_noprof+0x189/0x420 [ 11.512750] kmalloc_double_kzfree+0xa9/0x350 [ 11.513042] kunit_try_run_case+0x1a5/0x480 [ 11.513405] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.513810] kthread+0x337/0x6f0 [ 11.514085] ret_from_fork+0x116/0x1d0 [ 11.514613] ret_from_fork_asm+0x1a/0x30 [ 11.514805] [ 11.514883] Freed by task 218: [ 11.515166] kasan_save_stack+0x45/0x70 [ 11.515381] kasan_save_track+0x18/0x40 [ 11.515892] kasan_save_free_info+0x3f/0x60 [ 11.516104] __kasan_slab_free+0x56/0x70 [ 11.516438] kfree+0x222/0x3f0 [ 11.516916] kfree_sensitive+0x67/0x90 [ 11.517478] kmalloc_double_kzfree+0x12b/0x350 [ 11.518015] kunit_try_run_case+0x1a5/0x480 [ 11.518243] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.518488] kthread+0x337/0x6f0 [ 11.518639] ret_from_fork+0x116/0x1d0 [ 11.518807] ret_from_fork_asm+0x1a/0x30 [ 11.518978] [ 11.519050] The buggy address belongs to the object at ffff8881028596a0 [ 11.519050] which belongs to the cache kmalloc-16 of size 16 [ 11.519512] The buggy address is located 0 bytes inside of [ 11.519512] 16-byte region [ffff8881028596a0, ffff8881028596b0) [ 11.519971] [ 11.520044] The buggy address belongs to the physical page: [ 11.520583] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 11.520941] flags: 0x200000000000000(node=0|zone=2) [ 11.521101] page_type: f5(slab) [ 11.521245] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.521544] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.521768] page dumped because: kasan: bad access detected [ 11.522095] [ 11.522249] Memory state around the buggy address: [ 11.522415] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.522810] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.523116] >ffff888102859680: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.523524] ^ [ 11.523667] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.523914] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.524282] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_double_kzfree
[ 11.464128] ================================================================== [ 11.464969] BUG: KASAN: slab-use-after-free in kmalloc_double_kzfree+0x19c/0x350 [ 11.465691] Read of size 1 at addr ffff8881028596a0 by task kunit_try_catch/218 [ 11.466043] [ 11.466151] CPU: 1 UID: 0 PID: 218 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.466199] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.466250] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.466271] Call Trace: [ 11.466283] <TASK> [ 11.466298] dump_stack_lvl+0x73/0xb0 [ 11.466341] print_report+0xd1/0x650 [ 11.466361] ? __virt_addr_valid+0x1db/0x2d0 [ 11.466383] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.466434] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.466458] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.466490] kasan_report+0x141/0x180 [ 11.466511] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.466534] ? kmalloc_double_kzfree+0x19c/0x350 [ 11.466555] __kasan_check_byte+0x3d/0x50 [ 11.466650] kfree_sensitive+0x22/0x90 [ 11.466689] kmalloc_double_kzfree+0x19c/0x350 [ 11.466710] ? __pfx_kmalloc_double_kzfree+0x10/0x10 [ 11.466761] ? __schedule+0x10cc/0x2b60 [ 11.466783] ? __pfx_read_tsc+0x10/0x10 [ 11.466804] ? ktime_get_ts64+0x86/0x230 [ 11.466839] kunit_try_run_case+0x1a5/0x480 [ 11.466863] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.466884] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.466905] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.466925] ? __kthread_parkme+0x82/0x180 [ 11.466945] ? preempt_count_sub+0x50/0x80 [ 11.466967] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.466989] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.467009] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.467031] kthread+0x337/0x6f0 [ 11.467049] ? trace_preempt_on+0x20/0xc0 [ 11.467072] ? __pfx_kthread+0x10/0x10 [ 11.467092] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.467111] ? calculate_sigpending+0x7b/0xa0 [ 11.467135] ? __pfx_kthread+0x10/0x10 [ 11.467155] ret_from_fork+0x116/0x1d0 [ 11.467172] ? __pfx_kthread+0x10/0x10 [ 11.467191] ret_from_fork_asm+0x1a/0x30 [ 11.467230] </TASK> [ 11.467241] [ 11.478156] Allocated by task 218: [ 11.478810] kasan_save_stack+0x45/0x70 [ 11.479138] kasan_save_track+0x18/0x40 [ 11.479687] kasan_save_alloc_info+0x3b/0x50 [ 11.479889] __kasan_kmalloc+0xb7/0xc0 [ 11.480141] __kmalloc_cache_noprof+0x189/0x420 [ 11.480493] kmalloc_double_kzfree+0xa9/0x350 [ 11.480713] kunit_try_run_case+0x1a5/0x480 [ 11.481160] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.481417] kthread+0x337/0x6f0 [ 11.481737] ret_from_fork+0x116/0x1d0 [ 11.482041] ret_from_fork_asm+0x1a/0x30 [ 11.482403] [ 11.482581] Freed by task 218: [ 11.482842] kasan_save_stack+0x45/0x70 [ 11.483190] kasan_save_track+0x18/0x40 [ 11.483405] kasan_save_free_info+0x3f/0x60 [ 11.483922] __kasan_slab_free+0x56/0x70 [ 11.484246] kfree+0x222/0x3f0 [ 11.484415] kfree_sensitive+0x67/0x90 [ 11.484567] kmalloc_double_kzfree+0x12b/0x350 [ 11.484776] kunit_try_run_case+0x1a5/0x480 [ 11.484963] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.485217] kthread+0x337/0x6f0 [ 11.485365] ret_from_fork+0x116/0x1d0 [ 11.485534] ret_from_fork_asm+0x1a/0x30 [ 11.485708] [ 11.486319] The buggy address belongs to the object at ffff8881028596a0 [ 11.486319] which belongs to the cache kmalloc-16 of size 16 [ 11.487024] The buggy address is located 0 bytes inside of [ 11.487024] freed 16-byte region [ffff8881028596a0, ffff8881028596b0) [ 11.487958] [ 11.488057] The buggy address belongs to the physical page: [ 11.488551] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 11.489058] flags: 0x200000000000000(node=0|zone=2) [ 11.489439] page_type: f5(slab) [ 11.489848] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.490376] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.490839] page dumped because: kasan: bad access detected [ 11.491261] [ 11.491360] Memory state around the buggy address: [ 11.491944] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.492407] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.492858] >ffff888102859680: fa fb fc fc fa fb fc fc fc fc fc fc fc fc fc fc [ 11.493347] ^ [ 11.493720] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.494185] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.494654] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf2
[ 11.436890] ================================================================== [ 11.437703] BUG: KASAN: slab-use-after-free in kmalloc_uaf2+0x4a8/0x520 [ 11.437971] Read of size 1 at addr ffff88810387b4a8 by task kunit_try_catch/214 [ 11.438283] [ 11.438393] CPU: 1 UID: 0 PID: 214 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.438450] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.438462] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.438481] Call Trace: [ 11.438493] <TASK> [ 11.438507] dump_stack_lvl+0x73/0xb0 [ 11.438535] print_report+0xd1/0x650 [ 11.438565] ? __virt_addr_valid+0x1db/0x2d0 [ 11.438587] ? kmalloc_uaf2+0x4a8/0x520 [ 11.438605] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.438700] ? kmalloc_uaf2+0x4a8/0x520 [ 11.438736] kasan_report+0x141/0x180 [ 11.438765] ? kmalloc_uaf2+0x4a8/0x520 [ 11.438788] __asan_report_load1_noabort+0x18/0x20 [ 11.438810] kmalloc_uaf2+0x4a8/0x520 [ 11.438839] ? __pfx_kmalloc_uaf2+0x10/0x10 [ 11.438857] ? finish_task_switch.isra.0+0x153/0x700 [ 11.438878] ? __switch_to+0x47/0xf50 [ 11.438903] ? __schedule+0x10cc/0x2b60 [ 11.438924] ? __pfx_read_tsc+0x10/0x10 [ 11.438944] ? ktime_get_ts64+0x86/0x230 [ 11.438968] kunit_try_run_case+0x1a5/0x480 [ 11.438990] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.439011] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.439033] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.439053] ? __kthread_parkme+0x82/0x180 [ 11.439072] ? preempt_count_sub+0x50/0x80 [ 11.439093] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.439124] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.439145] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.439166] kthread+0x337/0x6f0 [ 11.439194] ? trace_preempt_on+0x20/0xc0 [ 11.439232] ? __pfx_kthread+0x10/0x10 [ 11.439252] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.439271] ? calculate_sigpending+0x7b/0xa0 [ 11.439304] ? __pfx_kthread+0x10/0x10 [ 11.439324] ret_from_fork+0x116/0x1d0 [ 11.439341] ? __pfx_kthread+0x10/0x10 [ 11.439368] ret_from_fork_asm+0x1a/0x30 [ 11.439396] </TASK> [ 11.439407] [ 11.447199] Allocated by task 214: [ 11.447382] kasan_save_stack+0x45/0x70 [ 11.447730] kasan_save_track+0x18/0x40 [ 11.447942] kasan_save_alloc_info+0x3b/0x50 [ 11.448111] __kasan_kmalloc+0xb7/0xc0 [ 11.448245] __kmalloc_cache_noprof+0x189/0x420 [ 11.448409] kmalloc_uaf2+0xc6/0x520 [ 11.448579] kunit_try_run_case+0x1a5/0x480 [ 11.448991] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.449300] kthread+0x337/0x6f0 [ 11.449463] ret_from_fork+0x116/0x1d0 [ 11.449696] ret_from_fork_asm+0x1a/0x30 [ 11.449898] [ 11.449962] Freed by task 214: [ 11.450063] kasan_save_stack+0x45/0x70 [ 11.450292] kasan_save_track+0x18/0x40 [ 11.450666] kasan_save_free_info+0x3f/0x60 [ 11.450873] __kasan_slab_free+0x56/0x70 [ 11.451086] kfree+0x222/0x3f0 [ 11.451243] kmalloc_uaf2+0x14c/0x520 [ 11.451414] kunit_try_run_case+0x1a5/0x480 [ 11.451677] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.451945] kthread+0x337/0x6f0 [ 11.452104] ret_from_fork+0x116/0x1d0 [ 11.452285] ret_from_fork_asm+0x1a/0x30 [ 11.452697] [ 11.452795] The buggy address belongs to the object at ffff88810387b480 [ 11.452795] which belongs to the cache kmalloc-64 of size 64 [ 11.453335] The buggy address is located 40 bytes inside of [ 11.453335] freed 64-byte region [ffff88810387b480, ffff88810387b4c0) [ 11.453923] [ 11.453994] The buggy address belongs to the physical page: [ 11.454161] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10387b [ 11.454406] flags: 0x200000000000000(node=0|zone=2) [ 11.454584] page_type: f5(slab) [ 11.454818] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.455146] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.455597] page dumped because: kasan: bad access detected [ 11.455758] [ 11.455818] Memory state around the buggy address: [ 11.455963] ffff88810387b380: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.456350] ffff88810387b400: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.456669] >ffff88810387b480: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.457143] ^ [ 11.457464] ffff88810387b500: 00 00 00 00 00 03 fc fc fc fc fc fc fc fc fc fc [ 11.457915] ffff88810387b580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.458237] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_memset
[ 11.412617] ================================================================== [ 11.413527] BUG: KASAN: slab-use-after-free in kmalloc_uaf_memset+0x1a3/0x360 [ 11.413901] Write of size 33 at addr ffff888102620180 by task kunit_try_catch/212 [ 11.414251] [ 11.414363] CPU: 0 UID: 0 PID: 212 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.414422] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.414487] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.414512] Call Trace: [ 11.414525] <TASK> [ 11.414554] dump_stack_lvl+0x73/0xb0 [ 11.414586] print_report+0xd1/0x650 [ 11.414606] ? __virt_addr_valid+0x1db/0x2d0 [ 11.414641] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.414660] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.414684] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.414704] kasan_report+0x141/0x180 [ 11.414724] ? kmalloc_uaf_memset+0x1a3/0x360 [ 11.414748] kasan_check_range+0x10c/0x1c0 [ 11.414769] __asan_memset+0x27/0x50 [ 11.414800] kmalloc_uaf_memset+0x1a3/0x360 [ 11.414819] ? __pfx_kmalloc_uaf_memset+0x10/0x10 [ 11.414839] ? __schedule+0x10cc/0x2b60 [ 11.414871] ? __pfx_read_tsc+0x10/0x10 [ 11.414892] ? ktime_get_ts64+0x86/0x230 [ 11.414917] kunit_try_run_case+0x1a5/0x480 [ 11.414940] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.414961] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.414992] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.415013] ? __kthread_parkme+0x82/0x180 [ 11.415033] ? preempt_count_sub+0x50/0x80 [ 11.415066] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.415087] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.415108] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.415130] kthread+0x337/0x6f0 [ 11.415148] ? trace_preempt_on+0x20/0xc0 [ 11.415171] ? __pfx_kthread+0x10/0x10 [ 11.415190] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.415217] ? calculate_sigpending+0x7b/0xa0 [ 11.415240] ? __pfx_kthread+0x10/0x10 [ 11.415260] ret_from_fork+0x116/0x1d0 [ 11.415277] ? __pfx_kthread+0x10/0x10 [ 11.415297] ret_from_fork_asm+0x1a/0x30 [ 11.415326] </TASK> [ 11.415337] [ 11.422828] Allocated by task 212: [ 11.422988] kasan_save_stack+0x45/0x70 [ 11.423202] kasan_save_track+0x18/0x40 [ 11.423411] kasan_save_alloc_info+0x3b/0x50 [ 11.423693] __kasan_kmalloc+0xb7/0xc0 [ 11.423878] __kmalloc_cache_noprof+0x189/0x420 [ 11.424095] kmalloc_uaf_memset+0xa9/0x360 [ 11.424290] kunit_try_run_case+0x1a5/0x480 [ 11.424582] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.424827] kthread+0x337/0x6f0 [ 11.424987] ret_from_fork+0x116/0x1d0 [ 11.425154] ret_from_fork_asm+0x1a/0x30 [ 11.425403] [ 11.425539] Freed by task 212: [ 11.425685] kasan_save_stack+0x45/0x70 [ 11.425819] kasan_save_track+0x18/0x40 [ 11.425997] kasan_save_free_info+0x3f/0x60 [ 11.426161] __kasan_slab_free+0x56/0x70 [ 11.426449] kfree+0x222/0x3f0 [ 11.426560] kmalloc_uaf_memset+0x12b/0x360 [ 11.426693] kunit_try_run_case+0x1a5/0x480 [ 11.426830] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.426993] kthread+0x337/0x6f0 [ 11.427102] ret_from_fork+0x116/0x1d0 [ 11.427286] ret_from_fork_asm+0x1a/0x30 [ 11.427728] [ 11.427851] The buggy address belongs to the object at ffff888102620180 [ 11.427851] which belongs to the cache kmalloc-64 of size 64 [ 11.428338] The buggy address is located 0 bytes inside of [ 11.428338] freed 64-byte region [ffff888102620180, ffff8881026201c0) [ 11.428678] [ 11.428743] The buggy address belongs to the physical page: [ 11.428910] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102620 [ 11.429142] flags: 0x200000000000000(node=0|zone=2) [ 11.429668] page_type: f5(slab) [ 11.429838] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.430192] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.430536] page dumped because: kasan: bad access detected [ 11.430782] [ 11.430996] Memory state around the buggy address: [ 11.431272] ffff888102620080: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.431691] ffff888102620100: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.431955] >ffff888102620180: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.432361] ^ [ 11.432578] ffff888102620200: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.432797] ffff888102620280: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.433003] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf
[ 11.376668] ================================================================== [ 11.377581] BUG: KASAN: slab-use-after-free in kmalloc_uaf+0x320/0x380 [ 11.378140] Read of size 1 at addr ffff888102859688 by task kunit_try_catch/210 [ 11.378410] [ 11.378599] CPU: 1 UID: 0 PID: 210 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.378825] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.378842] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.378865] Call Trace: [ 11.378879] <TASK> [ 11.378910] dump_stack_lvl+0x73/0xb0 [ 11.378943] print_report+0xd1/0x650 [ 11.378975] ? __virt_addr_valid+0x1db/0x2d0 [ 11.378999] ? kmalloc_uaf+0x320/0x380 [ 11.379017] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.379041] ? kmalloc_uaf+0x320/0x380 [ 11.379059] kasan_report+0x141/0x180 [ 11.379079] ? kmalloc_uaf+0x320/0x380 [ 11.379102] __asan_report_load1_noabort+0x18/0x20 [ 11.379124] kmalloc_uaf+0x320/0x380 [ 11.379142] ? __pfx_kmalloc_uaf+0x10/0x10 [ 11.379161] ? __schedule+0x10cc/0x2b60 [ 11.379182] ? __pfx_read_tsc+0x10/0x10 [ 11.379215] ? ktime_get_ts64+0x86/0x230 [ 11.379240] kunit_try_run_case+0x1a5/0x480 [ 11.379264] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.379284] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.379306] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.379327] ? __kthread_parkme+0x82/0x180 [ 11.379347] ? preempt_count_sub+0x50/0x80 [ 11.379368] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.379390] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.379411] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.379432] kthread+0x337/0x6f0 [ 11.379450] ? trace_preempt_on+0x20/0xc0 [ 11.379473] ? __pfx_kthread+0x10/0x10 [ 11.379492] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.379511] ? calculate_sigpending+0x7b/0xa0 [ 11.379535] ? __pfx_kthread+0x10/0x10 [ 11.379555] ret_from_fork+0x116/0x1d0 [ 11.379573] ? __pfx_kthread+0x10/0x10 [ 11.379593] ret_from_fork_asm+0x1a/0x30 [ 11.379623] </TASK> [ 11.379634] [ 11.391972] Allocated by task 210: [ 11.392101] kasan_save_stack+0x45/0x70 [ 11.392352] kasan_save_track+0x18/0x40 [ 11.392895] kasan_save_alloc_info+0x3b/0x50 [ 11.393485] __kasan_kmalloc+0xb7/0xc0 [ 11.393873] __kmalloc_cache_noprof+0x189/0x420 [ 11.394029] kmalloc_uaf+0xaa/0x380 [ 11.394148] kunit_try_run_case+0x1a5/0x480 [ 11.394565] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.395102] kthread+0x337/0x6f0 [ 11.395342] ret_from_fork+0x116/0x1d0 [ 11.395603] ret_from_fork_asm+0x1a/0x30 [ 11.396025] [ 11.396193] Freed by task 210: [ 11.396545] kasan_save_stack+0x45/0x70 [ 11.397088] kasan_save_track+0x18/0x40 [ 11.397540] kasan_save_free_info+0x3f/0x60 [ 11.397950] __kasan_slab_free+0x56/0x70 [ 11.398407] kfree+0x222/0x3f0 [ 11.398736] kmalloc_uaf+0x12c/0x380 [ 11.399080] kunit_try_run_case+0x1a5/0x480 [ 11.399249] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.399793] kthread+0x337/0x6f0 [ 11.400105] ret_from_fork+0x116/0x1d0 [ 11.400403] ret_from_fork_asm+0x1a/0x30 [ 11.400885] [ 11.400960] The buggy address belongs to the object at ffff888102859680 [ 11.400960] which belongs to the cache kmalloc-16 of size 16 [ 11.401581] The buggy address is located 8 bytes inside of [ 11.401581] freed 16-byte region [ffff888102859680, ffff888102859690) [ 11.402700] [ 11.402859] The buggy address belongs to the physical page: [ 11.403355] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 11.403958] flags: 0x200000000000000(node=0|zone=2) [ 11.404429] page_type: f5(slab) [ 11.404844] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.405078] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.405635] page dumped because: kasan: bad access detected [ 11.406311] [ 11.406563] Memory state around the buggy address: [ 11.407014] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.407580] ffff888102859600: fa fb fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.407795] >ffff888102859680: fa fb fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.408003] ^ [ 11.408119] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.408349] ffff888102859780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.408825] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_memmove_invalid_size
[ 11.342884] ================================================================== [ 11.343833] BUG: KASAN: slab-out-of-bounds in kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.344085] Read of size 64 at addr ffff888102620084 by task kunit_try_catch/208 [ 11.344570] [ 11.344745] CPU: 0 UID: 0 PID: 208 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.344795] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.344806] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.344826] Call Trace: [ 11.344838] <TASK> [ 11.344854] dump_stack_lvl+0x73/0xb0 [ 11.344883] print_report+0xd1/0x650 [ 11.344903] ? __virt_addr_valid+0x1db/0x2d0 [ 11.344924] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.344946] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.344970] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.344993] kasan_report+0x141/0x180 [ 11.345013] ? kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.345039] kasan_check_range+0x10c/0x1c0 [ 11.345061] __asan_memmove+0x27/0x70 [ 11.345082] kmalloc_memmove_invalid_size+0x16f/0x330 [ 11.345105] ? __pfx_kmalloc_memmove_invalid_size+0x10/0x10 [ 11.345128] ? __schedule+0x10cc/0x2b60 [ 11.345149] ? __pfx_read_tsc+0x10/0x10 [ 11.345169] ? ktime_get_ts64+0x86/0x230 [ 11.345194] kunit_try_run_case+0x1a5/0x480 [ 11.345244] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.345265] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.345288] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.345309] ? __kthread_parkme+0x82/0x180 [ 11.345329] ? preempt_count_sub+0x50/0x80 [ 11.345351] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.345373] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.345394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.345415] kthread+0x337/0x6f0 [ 11.345433] ? trace_preempt_on+0x20/0xc0 [ 11.345456] ? __pfx_kthread+0x10/0x10 [ 11.345475] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.345494] ? calculate_sigpending+0x7b/0xa0 [ 11.345517] ? __pfx_kthread+0x10/0x10 [ 11.345537] ret_from_fork+0x116/0x1d0 [ 11.345554] ? __pfx_kthread+0x10/0x10 [ 11.345573] ret_from_fork_asm+0x1a/0x30 [ 11.345602] </TASK> [ 11.345613] [ 11.358083] Allocated by task 208: [ 11.358713] kasan_save_stack+0x45/0x70 [ 11.359344] kasan_save_track+0x18/0x40 [ 11.359861] kasan_save_alloc_info+0x3b/0x50 [ 11.360521] __kasan_kmalloc+0xb7/0xc0 [ 11.361083] __kmalloc_cache_noprof+0x189/0x420 [ 11.361637] kmalloc_memmove_invalid_size+0xac/0x330 [ 11.361815] kunit_try_run_case+0x1a5/0x480 [ 11.361955] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.362121] kthread+0x337/0x6f0 [ 11.362681] ret_from_fork+0x116/0x1d0 [ 11.363214] ret_from_fork_asm+0x1a/0x30 [ 11.363678] [ 11.363754] The buggy address belongs to the object at ffff888102620080 [ 11.363754] which belongs to the cache kmalloc-64 of size 64 [ 11.364102] The buggy address is located 4 bytes inside of [ 11.364102] allocated 64-byte region [ffff888102620080, ffff8881026200c0) [ 11.365701] [ 11.365887] The buggy address belongs to the physical page: [ 11.366595] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102620 [ 11.367172] flags: 0x200000000000000(node=0|zone=2) [ 11.367351] page_type: f5(slab) [ 11.367470] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.367694] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.367912] page dumped because: kasan: bad access detected [ 11.368076] [ 11.368137] Memory state around the buggy address: [ 11.368501] ffff88810261ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.369147] ffff888102620000: fa fb fb fb fb fb fb fb fc fc fc fc fc fc fc fc [ 11.369786] >ffff888102620080: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.370412] ^ [ 11.370863] ffff888102620100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.371531] ffff888102620180: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.372136] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-out-of-bounds-in-kmalloc_memmove_negative_size
[ 11.313713] ================================================================== [ 11.314155] BUG: KASAN: out-of-bounds in kmalloc_memmove_negative_size+0x171/0x330 [ 11.314737] Read of size 18446744073709551614 at addr ffff888102620004 by task kunit_try_catch/206 [ 11.315152] [ 11.315523] CPU: 0 UID: 0 PID: 206 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.315577] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.315620] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.315663] Call Trace: [ 11.315677] <TASK> [ 11.315693] dump_stack_lvl+0x73/0xb0 [ 11.315722] print_report+0xd1/0x650 [ 11.315743] ? __virt_addr_valid+0x1db/0x2d0 [ 11.315765] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.315864] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.315889] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.315935] kasan_report+0x141/0x180 [ 11.315956] ? kmalloc_memmove_negative_size+0x171/0x330 [ 11.315983] kasan_check_range+0x10c/0x1c0 [ 11.316005] __asan_memmove+0x27/0x70 [ 11.316027] kmalloc_memmove_negative_size+0x171/0x330 [ 11.316090] ? __kasan_check_write+0x18/0x20 [ 11.316112] ? __pfx_kmalloc_memmove_negative_size+0x10/0x10 [ 11.316135] ? sysvec_apic_timer_interrupt+0x50/0x90 [ 11.316159] ? trace_hardirqs_on+0x37/0xe0 [ 11.316182] ? __pfx_read_tsc+0x10/0x10 [ 11.316214] ? ktime_get_ts64+0x86/0x230 [ 11.316238] kunit_try_run_case+0x1a5/0x480 [ 11.316262] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.316284] ? queued_spin_lock_slowpath+0x116/0xb40 [ 11.316307] ? __kthread_parkme+0x82/0x180 [ 11.316327] ? preempt_count_sub+0x50/0x80 [ 11.316350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.316372] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.316394] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.316415] kthread+0x337/0x6f0 [ 11.316474] ? trace_preempt_on+0x20/0xc0 [ 11.316498] ? __pfx_kthread+0x10/0x10 [ 11.316517] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.316537] ? calculate_sigpending+0x7b/0xa0 [ 11.316560] ? __pfx_kthread+0x10/0x10 [ 11.316580] ret_from_fork+0x116/0x1d0 [ 11.316598] ? __pfx_kthread+0x10/0x10 [ 11.316617] ret_from_fork_asm+0x1a/0x30 [ 11.316646] </TASK> [ 11.316661] [ 11.325265] Allocated by task 206: [ 11.325435] kasan_save_stack+0x45/0x70 [ 11.325629] kasan_save_track+0x18/0x40 [ 11.325816] kasan_save_alloc_info+0x3b/0x50 [ 11.325977] __kasan_kmalloc+0xb7/0xc0 [ 11.326122] __kmalloc_cache_noprof+0x189/0x420 [ 11.326578] kmalloc_memmove_negative_size+0xac/0x330 [ 11.326824] kunit_try_run_case+0x1a5/0x480 [ 11.327010] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.327213] kthread+0x337/0x6f0 [ 11.327328] ret_from_fork+0x116/0x1d0 [ 11.327513] ret_from_fork_asm+0x1a/0x30 [ 11.327712] [ 11.327801] The buggy address belongs to the object at ffff888102620000 [ 11.327801] which belongs to the cache kmalloc-64 of size 64 [ 11.328610] The buggy address is located 4 bytes inside of [ 11.328610] 64-byte region [ffff888102620000, ffff888102620040) [ 11.329105] [ 11.329189] The buggy address belongs to the physical page: [ 11.329360] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102620 [ 11.329938] flags: 0x200000000000000(node=0|zone=2) [ 11.330215] page_type: f5(slab) [ 11.330406] raw: 0200000000000000 ffff8881000418c0 dead000000000122 0000000000000000 [ 11.330700] raw: 0000000000000000 0000000080200020 00000000f5000000 0000000000000000 [ 11.332340] page dumped because: kasan: bad access detected [ 11.334056] [ 11.334150] Memory state around the buggy address: [ 11.334347] ffff88810261ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.334648] ffff88810261ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.334934] >ffff888102620000: 00 00 00 00 00 00 00 00 fc fc fc fc fc fc fc fc [ 11.336017] ^ [ 11.336491] ffff888102620080: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.337080] ffff888102620100: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.337661] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_16
[ 11.283539] ================================================================== [ 11.285131] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_16+0x166/0x330 [ 11.286362] Write of size 16 at addr ffff888102c54969 by task kunit_try_catch/204 [ 11.287335] [ 11.287705] CPU: 1 UID: 0 PID: 204 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.287864] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.287878] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.287899] Call Trace: [ 11.287910] <TASK> [ 11.287938] dump_stack_lvl+0x73/0xb0 [ 11.287967] print_report+0xd1/0x650 [ 11.288019] ? __virt_addr_valid+0x1db/0x2d0 [ 11.288041] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.288061] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.288085] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.288106] kasan_report+0x141/0x180 [ 11.288126] ? kmalloc_oob_memset_16+0x166/0x330 [ 11.288150] kasan_check_range+0x10c/0x1c0 [ 11.288190] __asan_memset+0x27/0x50 [ 11.288220] kmalloc_oob_memset_16+0x166/0x330 [ 11.288240] ? __pfx_kmalloc_oob_memset_16+0x10/0x10 [ 11.288261] ? __schedule+0x10cc/0x2b60 [ 11.288283] ? __pfx_read_tsc+0x10/0x10 [ 11.288302] ? ktime_get_ts64+0x86/0x230 [ 11.288328] kunit_try_run_case+0x1a5/0x480 [ 11.288350] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.288371] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.288392] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.288413] ? __kthread_parkme+0x82/0x180 [ 11.288450] ? preempt_count_sub+0x50/0x80 [ 11.288473] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.288495] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.288516] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.288538] kthread+0x337/0x6f0 [ 11.288556] ? trace_preempt_on+0x20/0xc0 [ 11.288577] ? __pfx_kthread+0x10/0x10 [ 11.288597] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.288616] ? calculate_sigpending+0x7b/0xa0 [ 11.288638] ? __pfx_kthread+0x10/0x10 [ 11.288663] ret_from_fork+0x116/0x1d0 [ 11.288680] ? __pfx_kthread+0x10/0x10 [ 11.288699] ret_from_fork_asm+0x1a/0x30 [ 11.288727] </TASK> [ 11.288738] [ 11.299503] Allocated by task 204: [ 11.299850] kasan_save_stack+0x45/0x70 [ 11.300087] kasan_save_track+0x18/0x40 [ 11.300315] kasan_save_alloc_info+0x3b/0x50 [ 11.300521] __kasan_kmalloc+0xb7/0xc0 [ 11.300813] __kmalloc_cache_noprof+0x189/0x420 [ 11.301342] kmalloc_oob_memset_16+0xac/0x330 [ 11.301500] kunit_try_run_case+0x1a5/0x480 [ 11.301692] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.302010] kthread+0x337/0x6f0 [ 11.302130] ret_from_fork+0x116/0x1d0 [ 11.302506] ret_from_fork_asm+0x1a/0x30 [ 11.302746] [ 11.302838] The buggy address belongs to the object at ffff888102c54900 [ 11.302838] which belongs to the cache kmalloc-128 of size 128 [ 11.303408] The buggy address is located 105 bytes inside of [ 11.303408] allocated 120-byte region [ffff888102c54900, ffff888102c54978) [ 11.303806] [ 11.303886] The buggy address belongs to the physical page: [ 11.304134] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.304824] flags: 0x200000000000000(node=0|zone=2) [ 11.305069] page_type: f5(slab) [ 11.305188] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.305439] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.305799] page dumped because: kasan: bad access detected [ 11.306300] [ 11.306372] Memory state around the buggy address: [ 11.306676] ffff888102c54800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.306910] ffff888102c54880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.307355] >ffff888102c54900: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.307813] ^ [ 11.308197] ffff888102c54980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.308539] ffff888102c54a00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.308991] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_8
[ 11.261698] ================================================================== [ 11.262351] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_8+0x166/0x330 [ 11.262660] Write of size 8 at addr ffff888102c54871 by task kunit_try_catch/202 [ 11.262951] [ 11.263050] CPU: 1 UID: 0 PID: 202 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.263097] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.263108] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.263127] Call Trace: [ 11.263139] <TASK> [ 11.263154] dump_stack_lvl+0x73/0xb0 [ 11.263181] print_report+0xd1/0x650 [ 11.263201] ? __virt_addr_valid+0x1db/0x2d0 [ 11.263258] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.263279] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.263303] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.263323] kasan_report+0x141/0x180 [ 11.263364] ? kmalloc_oob_memset_8+0x166/0x330 [ 11.263402] kasan_check_range+0x10c/0x1c0 [ 11.263437] __asan_memset+0x27/0x50 [ 11.263459] kmalloc_oob_memset_8+0x166/0x330 [ 11.263492] ? __pfx_kmalloc_oob_memset_8+0x10/0x10 [ 11.263513] ? __schedule+0x10cc/0x2b60 [ 11.263533] ? __pfx_read_tsc+0x10/0x10 [ 11.263554] ? ktime_get_ts64+0x86/0x230 [ 11.263578] kunit_try_run_case+0x1a5/0x480 [ 11.263600] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.263620] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.263642] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.263663] ? __kthread_parkme+0x82/0x180 [ 11.263682] ? preempt_count_sub+0x50/0x80 [ 11.263704] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.263726] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.263747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.263768] kthread+0x337/0x6f0 [ 11.263787] ? trace_preempt_on+0x20/0xc0 [ 11.263809] ? __pfx_kthread+0x10/0x10 [ 11.263828] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.263847] ? calculate_sigpending+0x7b/0xa0 [ 11.263869] ? __pfx_kthread+0x10/0x10 [ 11.263889] ret_from_fork+0x116/0x1d0 [ 11.263906] ? __pfx_kthread+0x10/0x10 [ 11.263925] ret_from_fork_asm+0x1a/0x30 [ 11.263953] </TASK> [ 11.263963] [ 11.271810] Allocated by task 202: [ 11.272012] kasan_save_stack+0x45/0x70 [ 11.272264] kasan_save_track+0x18/0x40 [ 11.272540] kasan_save_alloc_info+0x3b/0x50 [ 11.272764] __kasan_kmalloc+0xb7/0xc0 [ 11.272953] __kmalloc_cache_noprof+0x189/0x420 [ 11.273162] kmalloc_oob_memset_8+0xac/0x330 [ 11.273373] kunit_try_run_case+0x1a5/0x480 [ 11.273734] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.274035] kthread+0x337/0x6f0 [ 11.274224] ret_from_fork+0x116/0x1d0 [ 11.274521] ret_from_fork_asm+0x1a/0x30 [ 11.274742] [ 11.274819] The buggy address belongs to the object at ffff888102c54800 [ 11.274819] which belongs to the cache kmalloc-128 of size 128 [ 11.275286] The buggy address is located 113 bytes inside of [ 11.275286] allocated 120-byte region [ffff888102c54800, ffff888102c54878) [ 11.275785] [ 11.275849] The buggy address belongs to the physical page: [ 11.276015] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.276360] flags: 0x200000000000000(node=0|zone=2) [ 11.276587] page_type: f5(slab) [ 11.276752] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.277078] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.277653] page dumped because: kasan: bad access detected [ 11.277912] [ 11.277999] Memory state around the buggy address: [ 11.278245] ffff888102c54700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.278603] ffff888102c54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.278954] >ffff888102c54800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.279164] ^ [ 11.279399] ffff888102c54880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.279687] ffff888102c54900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.280022] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_4
[ 11.232082] ================================================================== [ 11.232703] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_4+0x166/0x330 [ 11.233016] Write of size 4 at addr ffff888101add875 by task kunit_try_catch/200 [ 11.233350] [ 11.233434] CPU: 0 UID: 0 PID: 200 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.233501] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.233515] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.233536] Call Trace: [ 11.233548] <TASK> [ 11.233564] dump_stack_lvl+0x73/0xb0 [ 11.233593] print_report+0xd1/0x650 [ 11.233614] ? __virt_addr_valid+0x1db/0x2d0 [ 11.233636] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.233656] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.233739] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.233763] kasan_report+0x141/0x180 [ 11.233803] ? kmalloc_oob_memset_4+0x166/0x330 [ 11.233827] kasan_check_range+0x10c/0x1c0 [ 11.233850] __asan_memset+0x27/0x50 [ 11.233871] kmalloc_oob_memset_4+0x166/0x330 [ 11.233892] ? __pfx_kmalloc_oob_memset_4+0x10/0x10 [ 11.233913] ? __schedule+0x10cc/0x2b60 [ 11.233935] ? __pfx_read_tsc+0x10/0x10 [ 11.233956] ? ktime_get_ts64+0x86/0x230 [ 11.233981] kunit_try_run_case+0x1a5/0x480 [ 11.234004] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.234024] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.234046] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.234067] ? __kthread_parkme+0x82/0x180 [ 11.234087] ? preempt_count_sub+0x50/0x80 [ 11.234110] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.234131] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.234153] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.234192] kthread+0x337/0x6f0 [ 11.234222] ? trace_preempt_on+0x20/0xc0 [ 11.234245] ? __pfx_kthread+0x10/0x10 [ 11.234264] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.234300] ? calculate_sigpending+0x7b/0xa0 [ 11.234323] ? __pfx_kthread+0x10/0x10 [ 11.234343] ret_from_fork+0x116/0x1d0 [ 11.234360] ? __pfx_kthread+0x10/0x10 [ 11.234380] ret_from_fork_asm+0x1a/0x30 [ 11.234410] </TASK> [ 11.234420] [ 11.243880] Allocated by task 200: [ 11.244043] kasan_save_stack+0x45/0x70 [ 11.244600] kasan_save_track+0x18/0x40 [ 11.244903] kasan_save_alloc_info+0x3b/0x50 [ 11.245096] __kasan_kmalloc+0xb7/0xc0 [ 11.245430] __kmalloc_cache_noprof+0x189/0x420 [ 11.246098] kmalloc_oob_memset_4+0xac/0x330 [ 11.246295] kunit_try_run_case+0x1a5/0x480 [ 11.246892] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.247616] kthread+0x337/0x6f0 [ 11.247892] ret_from_fork+0x116/0x1d0 [ 11.248023] ret_from_fork_asm+0x1a/0x30 [ 11.248157] [ 11.248258] The buggy address belongs to the object at ffff888101add800 [ 11.248258] which belongs to the cache kmalloc-128 of size 128 [ 11.249635] The buggy address is located 117 bytes inside of [ 11.249635] allocated 120-byte region [ffff888101add800, ffff888101add878) [ 11.250887] [ 11.251002] The buggy address belongs to the physical page: [ 11.251451] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 11.251690] flags: 0x200000000000000(node=0|zone=2) [ 11.251844] page_type: f5(slab) [ 11.251958] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.252434] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.253276] page dumped because: kasan: bad access detected [ 11.253843] [ 11.254043] Memory state around the buggy address: [ 11.254505] ffff888101add700: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.255234] ffff888101add780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.255967] >ffff888101add800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.256795] ^ [ 11.257146] ffff888101add880: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.257872] ffff888101add900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.258599] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_memset_2
[ 11.208260] ================================================================== [ 11.208743] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_memset_2+0x166/0x330 [ 11.209082] Write of size 2 at addr ffff888102c54777 by task kunit_try_catch/198 [ 11.209400] [ 11.209508] CPU: 1 UID: 0 PID: 198 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.209554] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.209566] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.209587] Call Trace: [ 11.209599] <TASK> [ 11.209615] dump_stack_lvl+0x73/0xb0 [ 11.209642] print_report+0xd1/0x650 [ 11.209663] ? __virt_addr_valid+0x1db/0x2d0 [ 11.209686] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.209706] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.209738] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.209758] kasan_report+0x141/0x180 [ 11.209778] ? kmalloc_oob_memset_2+0x166/0x330 [ 11.209803] kasan_check_range+0x10c/0x1c0 [ 11.209825] __asan_memset+0x27/0x50 [ 11.209846] kmalloc_oob_memset_2+0x166/0x330 [ 11.209867] ? __pfx_kmalloc_oob_memset_2+0x10/0x10 [ 11.209888] ? __schedule+0x10cc/0x2b60 [ 11.209909] ? __pfx_read_tsc+0x10/0x10 [ 11.209930] ? ktime_get_ts64+0x86/0x230 [ 11.209955] kunit_try_run_case+0x1a5/0x480 [ 11.209979] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.210000] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.210022] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.210043] ? __kthread_parkme+0x82/0x180 [ 11.210062] ? preempt_count_sub+0x50/0x80 [ 11.210085] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.210106] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.210128] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.210149] kthread+0x337/0x6f0 [ 11.210167] ? trace_preempt_on+0x20/0xc0 [ 11.210190] ? __pfx_kthread+0x10/0x10 [ 11.210219] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.210239] ? calculate_sigpending+0x7b/0xa0 [ 11.210263] ? __pfx_kthread+0x10/0x10 [ 11.210283] ret_from_fork+0x116/0x1d0 [ 11.210300] ? __pfx_kthread+0x10/0x10 [ 11.210320] ret_from_fork_asm+0x1a/0x30 [ 11.210349] </TASK> [ 11.210360] [ 11.219250] Allocated by task 198: [ 11.219430] kasan_save_stack+0x45/0x70 [ 11.219623] kasan_save_track+0x18/0x40 [ 11.219866] kasan_save_alloc_info+0x3b/0x50 [ 11.220010] __kasan_kmalloc+0xb7/0xc0 [ 11.220181] __kmalloc_cache_noprof+0x189/0x420 [ 11.220426] kmalloc_oob_memset_2+0xac/0x330 [ 11.220701] kunit_try_run_case+0x1a5/0x480 [ 11.220986] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.221266] kthread+0x337/0x6f0 [ 11.221431] ret_from_fork+0x116/0x1d0 [ 11.221640] ret_from_fork_asm+0x1a/0x30 [ 11.221770] [ 11.221833] The buggy address belongs to the object at ffff888102c54700 [ 11.221833] which belongs to the cache kmalloc-128 of size 128 [ 11.222743] The buggy address is located 119 bytes inside of [ 11.222743] allocated 120-byte region [ffff888102c54700, ffff888102c54778) [ 11.223151] [ 11.223326] The buggy address belongs to the physical page: [ 11.223592] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c54 [ 11.224075] flags: 0x200000000000000(node=0|zone=2) [ 11.224800] page_type: f5(slab) [ 11.224948] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.225299] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.225706] page dumped because: kasan: bad access detected [ 11.225949] [ 11.226018] Memory state around the buggy address: [ 11.226252] ffff888102c54600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.227146] ffff888102c54680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.227458] >ffff888102c54700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.228031] ^ [ 11.228351] ffff888102c54780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.229052] ffff888102c54800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.229398] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_in_memset
[ 11.181492] ================================================================== [ 11.182010] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_in_memset+0x15f/0x320 [ 11.182403] Write of size 128 at addr ffff888101add700 by task kunit_try_catch/196 [ 11.182859] [ 11.183055] CPU: 0 UID: 0 PID: 196 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.183105] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.183117] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.183137] Call Trace: [ 11.183149] <TASK> [ 11.183164] dump_stack_lvl+0x73/0xb0 [ 11.183191] print_report+0xd1/0x650 [ 11.183224] ? __virt_addr_valid+0x1db/0x2d0 [ 11.183246] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.183266] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.183290] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.183311] kasan_report+0x141/0x180 [ 11.183331] ? kmalloc_oob_in_memset+0x15f/0x320 [ 11.183355] kasan_check_range+0x10c/0x1c0 [ 11.183377] __asan_memset+0x27/0x50 [ 11.183398] kmalloc_oob_in_memset+0x15f/0x320 [ 11.183419] ? __pfx_kmalloc_oob_in_memset+0x10/0x10 [ 11.183440] ? __schedule+0x10cc/0x2b60 [ 11.183461] ? __pfx_read_tsc+0x10/0x10 [ 11.183481] ? ktime_get_ts64+0x86/0x230 [ 11.183505] kunit_try_run_case+0x1a5/0x480 [ 11.183528] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.183549] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.183571] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.183592] ? __kthread_parkme+0x82/0x180 [ 11.183611] ? preempt_count_sub+0x50/0x80 [ 11.183634] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.183656] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.183677] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.183699] kthread+0x337/0x6f0 [ 11.183717] ? trace_preempt_on+0x20/0xc0 [ 11.183740] ? __pfx_kthread+0x10/0x10 [ 11.183760] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.183778] ? calculate_sigpending+0x7b/0xa0 [ 11.183801] ? __pfx_kthread+0x10/0x10 [ 11.183822] ret_from_fork+0x116/0x1d0 [ 11.183839] ? __pfx_kthread+0x10/0x10 [ 11.183858] ret_from_fork_asm+0x1a/0x30 [ 11.183887] </TASK> [ 11.183897] [ 11.191044] Allocated by task 196: [ 11.191172] kasan_save_stack+0x45/0x70 [ 11.191320] kasan_save_track+0x18/0x40 [ 11.191448] kasan_save_alloc_info+0x3b/0x50 [ 11.191723] __kasan_kmalloc+0xb7/0xc0 [ 11.191909] __kmalloc_cache_noprof+0x189/0x420 [ 11.192118] kmalloc_oob_in_memset+0xac/0x320 [ 11.192354] kunit_try_run_case+0x1a5/0x480 [ 11.192555] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.192855] kthread+0x337/0x6f0 [ 11.193052] ret_from_fork+0x116/0x1d0 [ 11.193176] ret_from_fork_asm+0x1a/0x30 [ 11.193316] [ 11.193379] The buggy address belongs to the object at ffff888101add700 [ 11.193379] which belongs to the cache kmalloc-128 of size 128 [ 11.193844] The buggy address is located 0 bytes inside of [ 11.193844] allocated 120-byte region [ffff888101add700, ffff888101add778) [ 11.194392] [ 11.194477] The buggy address belongs to the physical page: [ 11.194759] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 11.194994] flags: 0x200000000000000(node=0|zone=2) [ 11.195148] page_type: f5(slab) [ 11.195466] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 11.195796] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.196120] page dumped because: kasan: bad access detected [ 11.196445] [ 11.196709] Memory state around the buggy address: [ 11.196898] ffff888101add600: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.197110] ffff888101add680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.197381] >ffff888101add700: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 11.197975] ^ [ 11.198295] ffff888101add780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.198528] ffff888101add800: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.198730] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-kmalloc_uaf_16
[ 11.155619] ================================================================== [ 11.156092] BUG: KASAN: slab-use-after-free in kmalloc_uaf_16+0x47b/0x4c0 [ 11.156593] Read of size 16 at addr ffff888101677be0 by task kunit_try_catch/194 [ 11.156899] [ 11.156997] CPU: 0 UID: 0 PID: 194 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.157044] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.157056] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.157078] Call Trace: [ 11.157090] <TASK> [ 11.157106] dump_stack_lvl+0x73/0xb0 [ 11.157136] print_report+0xd1/0x650 [ 11.157156] ? __virt_addr_valid+0x1db/0x2d0 [ 11.157179] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.157198] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.157240] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.157260] kasan_report+0x141/0x180 [ 11.157280] ? kmalloc_uaf_16+0x47b/0x4c0 [ 11.157303] __asan_report_load16_noabort+0x18/0x20 [ 11.157326] kmalloc_uaf_16+0x47b/0x4c0 [ 11.157345] ? __pfx_kmalloc_uaf_16+0x10/0x10 [ 11.157365] ? __schedule+0x10cc/0x2b60 [ 11.157387] ? __pfx_read_tsc+0x10/0x10 [ 11.157407] ? ktime_get_ts64+0x86/0x230 [ 11.157433] kunit_try_run_case+0x1a5/0x480 [ 11.158081] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.158105] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.158130] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.158153] ? __kthread_parkme+0x82/0x180 [ 11.158198] ? preempt_count_sub+0x50/0x80 [ 11.158232] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.158255] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.158277] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.158298] kthread+0x337/0x6f0 [ 11.158316] ? trace_preempt_on+0x20/0xc0 [ 11.158340] ? __pfx_kthread+0x10/0x10 [ 11.158359] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.158378] ? calculate_sigpending+0x7b/0xa0 [ 11.158402] ? __pfx_kthread+0x10/0x10 [ 11.158427] ret_from_fork+0x116/0x1d0 [ 11.158445] ? __pfx_kthread+0x10/0x10 [ 11.158464] ret_from_fork_asm+0x1a/0x30 [ 11.158493] </TASK> [ 11.158504] [ 11.166886] Allocated by task 194: [ 11.167062] kasan_save_stack+0x45/0x70 [ 11.167397] kasan_save_track+0x18/0x40 [ 11.167697] kasan_save_alloc_info+0x3b/0x50 [ 11.167851] __kasan_kmalloc+0xb7/0xc0 [ 11.168014] __kmalloc_cache_noprof+0x189/0x420 [ 11.168295] kmalloc_uaf_16+0x15b/0x4c0 [ 11.168571] kunit_try_run_case+0x1a5/0x480 [ 11.168780] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.169018] kthread+0x337/0x6f0 [ 11.169144] ret_from_fork+0x116/0x1d0 [ 11.169428] ret_from_fork_asm+0x1a/0x30 [ 11.169621] [ 11.169706] Freed by task 194: [ 11.169836] kasan_save_stack+0x45/0x70 [ 11.170011] kasan_save_track+0x18/0x40 [ 11.170190] kasan_save_free_info+0x3f/0x60 [ 11.170384] __kasan_slab_free+0x56/0x70 [ 11.170571] kfree+0x222/0x3f0 [ 11.170739] kmalloc_uaf_16+0x1d6/0x4c0 [ 11.170882] kunit_try_run_case+0x1a5/0x480 [ 11.171080] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.171288] kthread+0x337/0x6f0 [ 11.171493] ret_from_fork+0x116/0x1d0 [ 11.171630] ret_from_fork_asm+0x1a/0x30 [ 11.171794] [ 11.171887] The buggy address belongs to the object at ffff888101677be0 [ 11.171887] which belongs to the cache kmalloc-16 of size 16 [ 11.172303] The buggy address is located 0 bytes inside of [ 11.172303] freed 16-byte region [ffff888101677be0, ffff888101677bf0) [ 11.172945] [ 11.173054] The buggy address belongs to the physical page: [ 11.173525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101677 [ 11.173815] flags: 0x200000000000000(node=0|zone=2) [ 11.174037] page_type: f5(slab) [ 11.174191] raw: 0200000000000000 ffff888100041640 dead000000000122 0000000000000000 [ 11.174430] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.174651] page dumped because: kasan: bad access detected [ 11.174813] [ 11.174874] Memory state around the buggy address: [ 11.175128] ffff888101677a80: 00 00 fc fc 00 04 fc fc 00 04 fc fc fa fb fc fc [ 11.175408] ffff888101677b00: fa fb fc fc 00 05 fc fc fa fb fc fc fa fb fc fc [ 11.175981] >ffff888101677b80: fa fb fc fc fa fb fc fc 00 00 fc fc fa fb fc fc [ 11.176198] ^ [ 11.176395] ffff888101677c00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.176602] ffff888101677c80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.176811] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_oob_16
[ 11.128015] ================================================================== [ 11.129415] BUG: KASAN: slab-out-of-bounds in kmalloc_oob_16+0x452/0x4a0 [ 11.130116] Write of size 16 at addr ffff888102859640 by task kunit_try_catch/192 [ 11.130853] [ 11.131041] CPU: 1 UID: 0 PID: 192 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.131089] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.131102] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.131123] Call Trace: [ 11.131135] <TASK> [ 11.131151] dump_stack_lvl+0x73/0xb0 [ 11.131179] print_report+0xd1/0x650 [ 11.131200] ? __virt_addr_valid+0x1db/0x2d0 [ 11.131235] ? kmalloc_oob_16+0x452/0x4a0 [ 11.131254] ? kasan_complete_mode_report_info+0x2a/0x200 [ 11.131278] ? kmalloc_oob_16+0x452/0x4a0 [ 11.131297] kasan_report+0x141/0x180 [ 11.131317] ? kmalloc_oob_16+0x452/0x4a0 [ 11.131341] __asan_report_store16_noabort+0x1b/0x30 [ 11.131364] kmalloc_oob_16+0x452/0x4a0 [ 11.131383] ? __pfx_kmalloc_oob_16+0x10/0x10 [ 11.131403] ? __schedule+0x10cc/0x2b60 [ 11.131424] ? __pfx_read_tsc+0x10/0x10 [ 11.131444] ? ktime_get_ts64+0x86/0x230 [ 11.131468] kunit_try_run_case+0x1a5/0x480 [ 11.131490] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.131511] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.131533] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.131554] ? __kthread_parkme+0x82/0x180 [ 11.131573] ? preempt_count_sub+0x50/0x80 [ 11.131595] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.131617] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.131638] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.131660] kthread+0x337/0x6f0 [ 11.131678] ? trace_preempt_on+0x20/0xc0 [ 11.131700] ? __pfx_kthread+0x10/0x10 [ 11.131720] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.131739] ? calculate_sigpending+0x7b/0xa0 [ 11.131761] ? __pfx_kthread+0x10/0x10 [ 11.131781] ret_from_fork+0x116/0x1d0 [ 11.131799] ? __pfx_kthread+0x10/0x10 [ 11.131818] ret_from_fork_asm+0x1a/0x30 [ 11.131847] </TASK> [ 11.131857] [ 11.144002] Allocated by task 192: [ 11.144326] kasan_save_stack+0x45/0x70 [ 11.144610] kasan_save_track+0x18/0x40 [ 11.144751] kasan_save_alloc_info+0x3b/0x50 [ 11.144892] __kasan_kmalloc+0xb7/0xc0 [ 11.145015] __kmalloc_cache_noprof+0x189/0x420 [ 11.145163] kmalloc_oob_16+0xa8/0x4a0 [ 11.145303] kunit_try_run_case+0x1a5/0x480 [ 11.145509] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.145765] kthread+0x337/0x6f0 [ 11.145935] ret_from_fork+0x116/0x1d0 [ 11.146089] ret_from_fork_asm+0x1a/0x30 [ 11.146296] [ 11.146361] The buggy address belongs to the object at ffff888102859640 [ 11.146361] which belongs to the cache kmalloc-16 of size 16 [ 11.146800] The buggy address is located 0 bytes inside of [ 11.146800] allocated 13-byte region [ffff888102859640, ffff88810285964d) [ 11.147177] [ 11.147278] The buggy address belongs to the physical page: [ 11.147525] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102859 [ 11.147869] flags: 0x200000000000000(node=0|zone=2) [ 11.148061] page_type: f5(slab) [ 11.148399] raw: 0200000000000000 ffff888100041640 dead000000000100 dead000000000122 [ 11.148730] raw: 0000000000000000 0000000080800080 00000000f5000000 0000000000000000 [ 11.149039] page dumped because: kasan: bad access detected [ 11.149227] [ 11.149318] Memory state around the buggy address: [ 11.149653] ffff888102859500: 00 06 fc fc 00 06 fc fc fa fb fc fc fa fb fc fc [ 11.149972] ffff888102859580: 00 00 fc fc fa fb fc fc fa fb fc fc fa fb fc fc [ 11.150322] >ffff888102859600: fa fb fc fc fa fb fc fc 00 05 fc fc 00 00 fc fc [ 11.150645] ^ [ 11.150894] ffff888102859680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.151169] ffff888102859700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.151457] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-use-after-free-in-krealloc_uaf
[ 11.088360] ================================================================== [ 11.088747] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x53c/0x5e0 [ 11.089163] Read of size 1 at addr ffff888100a22800 by task kunit_try_catch/190 [ 11.089737] [ 11.089850] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.090257] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.090272] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.090293] Call Trace: [ 11.090310] <TASK> [ 11.090326] dump_stack_lvl+0x73/0xb0 [ 11.090355] print_report+0xd1/0x650 [ 11.090375] ? __virt_addr_valid+0x1db/0x2d0 [ 11.090397] ? krealloc_uaf+0x53c/0x5e0 [ 11.090416] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.090441] ? krealloc_uaf+0x53c/0x5e0 [ 11.090461] kasan_report+0x141/0x180 [ 11.090481] ? krealloc_uaf+0x53c/0x5e0 [ 11.090505] __asan_report_load1_noabort+0x18/0x20 [ 11.090528] krealloc_uaf+0x53c/0x5e0 [ 11.090547] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.090567] ? finish_task_switch.isra.0+0x153/0x700 [ 11.090587] ? __switch_to+0x47/0xf50 [ 11.090611] ? __schedule+0x10cc/0x2b60 [ 11.090631] ? __pfx_read_tsc+0x10/0x10 [ 11.090651] ? ktime_get_ts64+0x86/0x230 [ 11.090676] kunit_try_run_case+0x1a5/0x480 [ 11.090699] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.090721] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.090742] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.090763] ? __kthread_parkme+0x82/0x180 [ 11.090782] ? preempt_count_sub+0x50/0x80 [ 11.090803] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.090825] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.090846] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.090867] kthread+0x337/0x6f0 [ 11.090885] ? trace_preempt_on+0x20/0xc0 [ 11.090907] ? __pfx_kthread+0x10/0x10 [ 11.090926] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.090946] ? calculate_sigpending+0x7b/0xa0 [ 11.090968] ? __pfx_kthread+0x10/0x10 [ 11.090988] ret_from_fork+0x116/0x1d0 [ 11.091005] ? __pfx_kthread+0x10/0x10 [ 11.091024] ret_from_fork_asm+0x1a/0x30 [ 11.091053] </TASK> [ 11.091063] [ 11.102552] Allocated by task 190: [ 11.102714] kasan_save_stack+0x45/0x70 [ 11.102894] kasan_save_track+0x18/0x40 [ 11.103045] kasan_save_alloc_info+0x3b/0x50 [ 11.103773] __kasan_kmalloc+0xb7/0xc0 [ 11.104056] __kmalloc_cache_noprof+0x189/0x420 [ 11.104368] krealloc_uaf+0xbb/0x5e0 [ 11.104683] kunit_try_run_case+0x1a5/0x480 [ 11.105049] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.105414] kthread+0x337/0x6f0 [ 11.105753] ret_from_fork+0x116/0x1d0 [ 11.105944] ret_from_fork_asm+0x1a/0x30 [ 11.106125] [ 11.106220] Freed by task 190: [ 11.106843] kasan_save_stack+0x45/0x70 [ 11.107001] kasan_save_track+0x18/0x40 [ 11.107359] kasan_save_free_info+0x3f/0x60 [ 11.107735] __kasan_slab_free+0x56/0x70 [ 11.107899] kfree+0x222/0x3f0 [ 11.108060] krealloc_uaf+0x13d/0x5e0 [ 11.108244] kunit_try_run_case+0x1a5/0x480 [ 11.108753] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.109077] kthread+0x337/0x6f0 [ 11.109201] ret_from_fork+0x116/0x1d0 [ 11.109932] ret_from_fork_asm+0x1a/0x30 [ 11.110133] [ 11.110218] The buggy address belongs to the object at ffff888100a22800 [ 11.110218] which belongs to the cache kmalloc-256 of size 256 [ 11.111235] The buggy address is located 0 bytes inside of [ 11.111235] freed 256-byte region [ffff888100a22800, ffff888100a22900) [ 11.111956] [ 11.112034] The buggy address belongs to the physical page: [ 11.112335] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 11.113023] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.113663] anon flags: 0x200000000000040(head|node=0|zone=2) [ 11.114259] page_type: f5(slab) [ 11.114378] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 11.114710] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.115851] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 11.116805] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.117373] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 11.118119] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.118726] page dumped because: kasan: bad access detected [ 11.119097] [ 11.119265] Memory state around the buggy address: [ 11.119800] ffff888100a22700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.120012] ffff888100a22780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.120307] >ffff888100a22800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.121187] ^ [ 11.121671] ffff888100a22880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.122723] ffff888100a22900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.123089] ================================================================== [ 11.057181] ================================================================== [ 11.057701] BUG: KASAN: slab-use-after-free in krealloc_uaf+0x1b8/0x5e0 [ 11.058031] Read of size 1 at addr ffff888100a22800 by task kunit_try_catch/190 [ 11.058331] [ 11.058433] CPU: 1 UID: 0 PID: 190 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.058479] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.058490] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.058510] Call Trace: [ 11.058521] <TASK> [ 11.058534] dump_stack_lvl+0x73/0xb0 [ 11.058559] print_report+0xd1/0x650 [ 11.058579] ? __virt_addr_valid+0x1db/0x2d0 [ 11.058601] ? krealloc_uaf+0x1b8/0x5e0 [ 11.058620] ? kasan_complete_mode_report_info+0x64/0x200 [ 11.058645] ? krealloc_uaf+0x1b8/0x5e0 [ 11.058665] kasan_report+0x141/0x180 [ 11.058685] ? krealloc_uaf+0x1b8/0x5e0 [ 11.058707] ? krealloc_uaf+0x1b8/0x5e0 [ 11.058727] __kasan_check_byte+0x3d/0x50 [ 11.058747] krealloc_noprof+0x3f/0x340 [ 11.058772] krealloc_uaf+0x1b8/0x5e0 [ 11.058792] ? __pfx_krealloc_uaf+0x10/0x10 [ 11.058811] ? finish_task_switch.isra.0+0x153/0x700 [ 11.058832] ? __switch_to+0x47/0xf50 [ 11.058856] ? __schedule+0x10cc/0x2b60 [ 11.058878] ? __pfx_read_tsc+0x10/0x10 [ 11.058899] ? ktime_get_ts64+0x86/0x230 [ 11.058923] kunit_try_run_case+0x1a5/0x480 [ 11.058945] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.058966] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.058987] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.059008] ? __kthread_parkme+0x82/0x180 [ 11.059028] ? preempt_count_sub+0x50/0x80 [ 11.059049] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.059071] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.059092] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.059113] kthread+0x337/0x6f0 [ 11.059131] ? trace_preempt_on+0x20/0xc0 [ 11.059153] ? __pfx_kthread+0x10/0x10 [ 11.059172] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.059191] ? calculate_sigpending+0x7b/0xa0 [ 11.059223] ? __pfx_kthread+0x10/0x10 [ 11.059244] ret_from_fork+0x116/0x1d0 [ 11.059261] ? __pfx_kthread+0x10/0x10 [ 11.059280] ret_from_fork_asm+0x1a/0x30 [ 11.059308] </TASK> [ 11.059318] [ 11.066928] Allocated by task 190: [ 11.067104] kasan_save_stack+0x45/0x70 [ 11.067384] kasan_save_track+0x18/0x40 [ 11.067585] kasan_save_alloc_info+0x3b/0x50 [ 11.067853] __kasan_kmalloc+0xb7/0xc0 [ 11.067977] __kmalloc_cache_noprof+0x189/0x420 [ 11.068381] krealloc_uaf+0xbb/0x5e0 [ 11.068780] kunit_try_run_case+0x1a5/0x480 [ 11.068973] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.069248] kthread+0x337/0x6f0 [ 11.069376] ret_from_fork+0x116/0x1d0 [ 11.069635] ret_from_fork_asm+0x1a/0x30 [ 11.069772] [ 11.069836] Freed by task 190: [ 11.069938] kasan_save_stack+0x45/0x70 [ 11.070122] kasan_save_track+0x18/0x40 [ 11.070514] kasan_save_free_info+0x3f/0x60 [ 11.070711] __kasan_slab_free+0x56/0x70 [ 11.070842] kfree+0x222/0x3f0 [ 11.071395] krealloc_uaf+0x13d/0x5e0 [ 11.071578] kunit_try_run_case+0x1a5/0x480 [ 11.071771] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.072009] kthread+0x337/0x6f0 [ 11.072162] ret_from_fork+0x116/0x1d0 [ 11.074119] ret_from_fork_asm+0x1a/0x30 [ 11.074622] [ 11.074695] The buggy address belongs to the object at ffff888100a22800 [ 11.074695] which belongs to the cache kmalloc-256 of size 256 [ 11.075104] The buggy address is located 0 bytes inside of [ 11.075104] freed 256-byte region [ffff888100a22800, ffff888100a22900) [ 11.075468] [ 11.075536] The buggy address belongs to the physical page: [ 11.075704] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 11.075940] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.076159] anon flags: 0x200000000000040(head|node=0|zone=2) [ 11.078184] page_type: f5(slab) [ 11.079026] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 11.080344] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.080787] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 11.081920] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 11.082353] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 11.082854] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 11.083378] page dumped because: kasan: bad access detected [ 11.083841] [ 11.084142] Memory state around the buggy address: [ 11.084344] ffff888100a22700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.084868] ffff888100a22780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.085363] >ffff888100a22800: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.085993] ^ [ 11.086332] ffff888100a22880: fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 11.086860] ffff888100a22900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 11.087203] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_less_oob_helper
[ 10.884019] ================================================================== [ 10.884561] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 10.885112] Write of size 1 at addr ffff88810037e8ea by task kunit_try_catch/184 [ 10.885436] [ 10.885516] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.885559] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.885570] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.885590] Call Trace: [ 10.885603] <TASK> [ 10.885617] dump_stack_lvl+0x73/0xb0 [ 10.885642] print_report+0xd1/0x650 [ 10.885662] ? __virt_addr_valid+0x1db/0x2d0 [ 10.885683] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.885704] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.885728] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.885810] kasan_report+0x141/0x180 [ 10.885831] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 10.885876] __asan_report_store1_noabort+0x1b/0x30 [ 10.885899] krealloc_less_oob_helper+0xe90/0x11d0 [ 10.885933] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.885955] ? finish_task_switch.isra.0+0x153/0x700 [ 10.885976] ? __switch_to+0x47/0xf50 [ 10.886001] ? __schedule+0x10cc/0x2b60 [ 10.886021] ? __pfx_read_tsc+0x10/0x10 [ 10.886044] krealloc_less_oob+0x1c/0x30 [ 10.886064] kunit_try_run_case+0x1a5/0x480 [ 10.886086] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.886106] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.886127] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.886148] ? __kthread_parkme+0x82/0x180 [ 10.886167] ? preempt_count_sub+0x50/0x80 [ 10.886188] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.886220] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.886241] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.886263] kthread+0x337/0x6f0 [ 10.886281] ? trace_preempt_on+0x20/0xc0 [ 10.886323] ? __pfx_kthread+0x10/0x10 [ 10.886343] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.886362] ? calculate_sigpending+0x7b/0xa0 [ 10.886384] ? __pfx_kthread+0x10/0x10 [ 10.886404] ret_from_fork+0x116/0x1d0 [ 10.886421] ? __pfx_kthread+0x10/0x10 [ 10.886472] ret_from_fork_asm+0x1a/0x30 [ 10.886501] </TASK> [ 10.886511] [ 10.894173] Allocated by task 184: [ 10.894371] kasan_save_stack+0x45/0x70 [ 10.894537] kasan_save_track+0x18/0x40 [ 10.894912] kasan_save_alloc_info+0x3b/0x50 [ 10.895136] __kasan_krealloc+0x190/0x1f0 [ 10.895339] krealloc_noprof+0xf3/0x340 [ 10.895540] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.895843] krealloc_less_oob+0x1c/0x30 [ 10.895989] kunit_try_run_case+0x1a5/0x480 [ 10.896169] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.896460] kthread+0x337/0x6f0 [ 10.896599] ret_from_fork+0x116/0x1d0 [ 10.896731] ret_from_fork_asm+0x1a/0x30 [ 10.896863] [ 10.896926] The buggy address belongs to the object at ffff88810037e800 [ 10.896926] which belongs to the cache kmalloc-256 of size 256 [ 10.897614] The buggy address is located 33 bytes to the right of [ 10.897614] allocated 201-byte region [ffff88810037e800, ffff88810037e8c9) [ 10.898149] [ 10.898253] The buggy address belongs to the physical page: [ 10.898573] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e [ 10.898811] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.899048] flags: 0x200000000000040(head|node=0|zone=2) [ 10.899461] page_type: f5(slab) [ 10.899649] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.899998] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.900345] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.900571] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.900841] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff [ 10.901233] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.901563] page dumped because: kasan: bad access detected [ 10.901776] [ 10.901837] Memory state around the buggy address: [ 10.901985] ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.902507] ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.902833] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.903150] ^ [ 10.903420] ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.903826] ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.904110] ================================================================== [ 10.808870] ================================================================== [ 10.810012] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 10.810816] Write of size 1 at addr ffff88810037e8c9 by task kunit_try_catch/184 [ 10.811591] [ 10.812154] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.812222] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.812235] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.812257] Call Trace: [ 10.812270] <TASK> [ 10.812287] dump_stack_lvl+0x73/0xb0 [ 10.812318] print_report+0xd1/0x650 [ 10.812338] ? __virt_addr_valid+0x1db/0x2d0 [ 10.812361] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.812382] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.812406] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.812428] kasan_report+0x141/0x180 [ 10.812449] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.812475] __asan_report_store1_noabort+0x1b/0x30 [ 10.812497] krealloc_less_oob_helper+0xd70/0x11d0 [ 10.812521] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.812543] ? finish_task_switch.isra.0+0x153/0x700 [ 10.812564] ? __switch_to+0x47/0xf50 [ 10.812589] ? __schedule+0x10cc/0x2b60 [ 10.812610] ? __pfx_read_tsc+0x10/0x10 [ 10.812633] krealloc_less_oob+0x1c/0x30 [ 10.812660] kunit_try_run_case+0x1a5/0x480 [ 10.812683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.812704] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.812725] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.812746] ? __kthread_parkme+0x82/0x180 [ 10.812765] ? preempt_count_sub+0x50/0x80 [ 10.812787] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.812809] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.812830] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.812852] kthread+0x337/0x6f0 [ 10.812870] ? trace_preempt_on+0x20/0xc0 [ 10.812893] ? __pfx_kthread+0x10/0x10 [ 10.812912] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.812931] ? calculate_sigpending+0x7b/0xa0 [ 10.812954] ? __pfx_kthread+0x10/0x10 [ 10.812974] ret_from_fork+0x116/0x1d0 [ 10.812991] ? __pfx_kthread+0x10/0x10 [ 10.813010] ret_from_fork_asm+0x1a/0x30 [ 10.813039] </TASK> [ 10.813049] [ 10.824950] Allocated by task 184: [ 10.825085] kasan_save_stack+0x45/0x70 [ 10.825321] kasan_save_track+0x18/0x40 [ 10.825578] kasan_save_alloc_info+0x3b/0x50 [ 10.825800] __kasan_krealloc+0x190/0x1f0 [ 10.825951] krealloc_noprof+0xf3/0x340 [ 10.826111] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.826368] krealloc_less_oob+0x1c/0x30 [ 10.826614] kunit_try_run_case+0x1a5/0x480 [ 10.826793] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.827020] kthread+0x337/0x6f0 [ 10.827133] ret_from_fork+0x116/0x1d0 [ 10.827292] ret_from_fork_asm+0x1a/0x30 [ 10.827695] [ 10.827798] The buggy address belongs to the object at ffff88810037e800 [ 10.827798] which belongs to the cache kmalloc-256 of size 256 [ 10.828376] The buggy address is located 0 bytes to the right of [ 10.828376] allocated 201-byte region [ffff88810037e800, ffff88810037e8c9) [ 10.828961] [ 10.829043] The buggy address belongs to the physical page: [ 10.829329] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e [ 10.829708] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.830015] flags: 0x200000000000040(head|node=0|zone=2) [ 10.830241] page_type: f5(slab) [ 10.830401] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.830691] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.830996] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.831342] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.831636] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff [ 10.831888] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.832225] page dumped because: kasan: bad access detected [ 10.832476] [ 10.832558] Memory state around the buggy address: [ 10.832710] ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.832924] ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.833315] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.833808] ^ [ 10.834067] ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.834408] ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.834710] ================================================================== [ 10.904572] ================================================================== [ 10.904914] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 10.905283] Write of size 1 at addr ffff88810037e8eb by task kunit_try_catch/184 [ 10.905580] [ 10.905653] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.905695] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.905705] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.905724] Call Trace: [ 10.905738] <TASK> [ 10.905751] dump_stack_lvl+0x73/0xb0 [ 10.905775] print_report+0xd1/0x650 [ 10.905794] ? __virt_addr_valid+0x1db/0x2d0 [ 10.905816] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.905837] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.906036] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.906059] kasan_report+0x141/0x180 [ 10.906080] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 10.906106] __asan_report_store1_noabort+0x1b/0x30 [ 10.906129] krealloc_less_oob_helper+0xd47/0x11d0 [ 10.906153] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.906194] ? finish_task_switch.isra.0+0x153/0x700 [ 10.906225] ? __switch_to+0x47/0xf50 [ 10.906248] ? __schedule+0x10cc/0x2b60 [ 10.906268] ? __pfx_read_tsc+0x10/0x10 [ 10.906291] krealloc_less_oob+0x1c/0x30 [ 10.906311] kunit_try_run_case+0x1a5/0x480 [ 10.906335] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.906355] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.906376] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.906397] ? __kthread_parkme+0x82/0x180 [ 10.906415] ? preempt_count_sub+0x50/0x80 [ 10.906480] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.906505] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.906526] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.906547] kthread+0x337/0x6f0 [ 10.906566] ? trace_preempt_on+0x20/0xc0 [ 10.906589] ? __pfx_kthread+0x10/0x10 [ 10.906608] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.906627] ? calculate_sigpending+0x7b/0xa0 [ 10.906650] ? __pfx_kthread+0x10/0x10 [ 10.906669] ret_from_fork+0x116/0x1d0 [ 10.906687] ? __pfx_kthread+0x10/0x10 [ 10.906729] ret_from_fork_asm+0x1a/0x30 [ 10.906758] </TASK> [ 10.906768] [ 10.914921] Allocated by task 184: [ 10.915091] kasan_save_stack+0x45/0x70 [ 10.915736] kasan_save_track+0x18/0x40 [ 10.915948] kasan_save_alloc_info+0x3b/0x50 [ 10.916148] __kasan_krealloc+0x190/0x1f0 [ 10.916444] krealloc_noprof+0xf3/0x340 [ 10.917231] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.917693] krealloc_less_oob+0x1c/0x30 [ 10.917944] kunit_try_run_case+0x1a5/0x480 [ 10.918262] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.918738] kthread+0x337/0x6f0 [ 10.919034] ret_from_fork+0x116/0x1d0 [ 10.919335] ret_from_fork_asm+0x1a/0x30 [ 10.919708] [ 10.919808] The buggy address belongs to the object at ffff88810037e800 [ 10.919808] which belongs to the cache kmalloc-256 of size 256 [ 10.920517] The buggy address is located 34 bytes to the right of [ 10.920517] allocated 201-byte region [ffff88810037e800, ffff88810037e8c9) [ 10.921346] [ 10.921804] The buggy address belongs to the physical page: [ 10.922050] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e [ 10.922589] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.923088] flags: 0x200000000000040(head|node=0|zone=2) [ 10.923523] page_type: f5(slab) [ 10.923680] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.923976] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.924587] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.925171] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.925747] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff [ 10.926177] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.926878] page dumped because: kasan: bad access detected [ 10.927120] [ 10.927441] Memory state around the buggy address: [ 10.927774] ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.928063] ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.928773] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.929195] ^ [ 10.929768] ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.930151] ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.930675] ================================================================== [ 10.973391] ================================================================== [ 10.974074] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd70/0x11d0 [ 10.974406] Write of size 1 at addr ffff888102c460c9 by task kunit_try_catch/188 [ 10.974818] [ 10.974928] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.974974] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.974985] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.975004] Call Trace: [ 10.975015] <TASK> [ 10.975030] dump_stack_lvl+0x73/0xb0 [ 10.975056] print_report+0xd1/0x650 [ 10.975076] ? __virt_addr_valid+0x1db/0x2d0 [ 10.975098] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.975120] ? kasan_addr_to_slab+0x11/0xa0 [ 10.975139] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.975161] kasan_report+0x141/0x180 [ 10.975181] ? krealloc_less_oob_helper+0xd70/0x11d0 [ 10.975218] __asan_report_store1_noabort+0x1b/0x30 [ 10.975241] krealloc_less_oob_helper+0xd70/0x11d0 [ 10.975264] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.975288] ? finish_task_switch.isra.0+0x153/0x700 [ 10.975309] ? __switch_to+0x47/0xf50 [ 10.975334] ? __schedule+0x10cc/0x2b60 [ 10.975355] ? __pfx_read_tsc+0x10/0x10 [ 10.975379] krealloc_large_less_oob+0x1c/0x30 [ 10.975400] kunit_try_run_case+0x1a5/0x480 [ 10.975422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.975443] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.975464] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.975485] ? __kthread_parkme+0x82/0x180 [ 10.975505] ? preempt_count_sub+0x50/0x80 [ 10.975526] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.975547] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.975568] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.975590] kthread+0x337/0x6f0 [ 10.975608] ? trace_preempt_on+0x20/0xc0 [ 10.975630] ? __pfx_kthread+0x10/0x10 [ 10.975649] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.975668] ? calculate_sigpending+0x7b/0xa0 [ 10.975691] ? __pfx_kthread+0x10/0x10 [ 10.975711] ret_from_fork+0x116/0x1d0 [ 10.975728] ? __pfx_kthread+0x10/0x10 [ 10.975747] ret_from_fork_asm+0x1a/0x30 [ 10.975775] </TASK> [ 10.975785] [ 10.983130] The buggy address belongs to the physical page: [ 10.983526] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44 [ 10.983898] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.984180] flags: 0x200000000000040(head|node=0|zone=2) [ 10.984413] page_type: f8(unknown) [ 10.984612] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.984926] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.985174] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.985496] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.986019] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff [ 10.986428] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.986960] page dumped because: kasan: bad access detected [ 10.987239] [ 10.987328] Memory state around the buggy address: [ 10.987610] ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.987888] ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.988166] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 10.988488] ^ [ 10.988666] ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.988872] ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.989076] ================================================================== [ 10.836614] ================================================================== [ 10.837330] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 10.838056] Write of size 1 at addr ffff88810037e8d0 by task kunit_try_catch/184 [ 10.838529] [ 10.838670] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.838717] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.838728] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.838748] Call Trace: [ 10.838760] <TASK> [ 10.838775] dump_stack_lvl+0x73/0xb0 [ 10.838802] print_report+0xd1/0x650 [ 10.838822] ? __virt_addr_valid+0x1db/0x2d0 [ 10.838843] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.838865] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.838889] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.838911] kasan_report+0x141/0x180 [ 10.838931] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.838958] __asan_report_store1_noabort+0x1b/0x30 [ 10.838981] krealloc_less_oob_helper+0xe23/0x11d0 [ 10.839005] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.839027] ? finish_task_switch.isra.0+0x153/0x700 [ 10.839048] ? __switch_to+0x47/0xf50 [ 10.839071] ? __schedule+0x10cc/0x2b60 [ 10.839091] ? __pfx_read_tsc+0x10/0x10 [ 10.839114] krealloc_less_oob+0x1c/0x30 [ 10.839134] kunit_try_run_case+0x1a5/0x480 [ 10.839156] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.839177] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.839198] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.839231] ? __kthread_parkme+0x82/0x180 [ 10.839251] ? preempt_count_sub+0x50/0x80 [ 10.839272] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.839294] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.839315] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.839336] kthread+0x337/0x6f0 [ 10.839353] ? trace_preempt_on+0x20/0xc0 [ 10.839376] ? __pfx_kthread+0x10/0x10 [ 10.839395] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.839414] ? calculate_sigpending+0x7b/0xa0 [ 10.839437] ? __pfx_kthread+0x10/0x10 [ 10.839458] ret_from_fork+0x116/0x1d0 [ 10.839475] ? __pfx_kthread+0x10/0x10 [ 10.839494] ret_from_fork_asm+0x1a/0x30 [ 10.839522] </TASK> [ 10.839532] [ 10.848393] Allocated by task 184: [ 10.849012] kasan_save_stack+0x45/0x70 [ 10.849246] kasan_save_track+0x18/0x40 [ 10.849406] kasan_save_alloc_info+0x3b/0x50 [ 10.849685] __kasan_krealloc+0x190/0x1f0 [ 10.849944] krealloc_noprof+0xf3/0x340 [ 10.850091] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.850345] krealloc_less_oob+0x1c/0x30 [ 10.850751] kunit_try_run_case+0x1a5/0x480 [ 10.850934] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.851278] kthread+0x337/0x6f0 [ 10.851435] ret_from_fork+0x116/0x1d0 [ 10.851669] ret_from_fork_asm+0x1a/0x30 [ 10.851914] [ 10.851987] The buggy address belongs to the object at ffff88810037e800 [ 10.851987] which belongs to the cache kmalloc-256 of size 256 [ 10.852477] The buggy address is located 7 bytes to the right of [ 10.852477] allocated 201-byte region [ffff88810037e800, ffff88810037e8c9) [ 10.852984] [ 10.853067] The buggy address belongs to the physical page: [ 10.853691] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e [ 10.853983] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.854451] flags: 0x200000000000040(head|node=0|zone=2) [ 10.854801] page_type: f5(slab) [ 10.854917] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.855334] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.855899] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.856286] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.856832] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff [ 10.857260] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.857689] page dumped because: kasan: bad access detected [ 10.857870] [ 10.857959] Memory state around the buggy address: [ 10.858385] ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.858722] ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.859153] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.859632] ^ [ 10.859860] ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.860140] ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.860644] ================================================================== [ 10.861317] ================================================================== [ 10.861633] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 10.862298] Write of size 1 at addr ffff88810037e8da by task kunit_try_catch/184 [ 10.862790] [ 10.862960] CPU: 0 UID: 0 PID: 184 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.863008] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.863019] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.863137] Call Trace: [ 10.863152] <TASK> [ 10.863168] dump_stack_lvl+0x73/0xb0 [ 10.863196] print_report+0xd1/0x650 [ 10.863230] ? __virt_addr_valid+0x1db/0x2d0 [ 10.863251] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.863273] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.863297] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.863319] kasan_report+0x141/0x180 [ 10.863338] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 10.863364] __asan_report_store1_noabort+0x1b/0x30 [ 10.863386] krealloc_less_oob_helper+0xec6/0x11d0 [ 10.863410] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.863432] ? finish_task_switch.isra.0+0x153/0x700 [ 10.863452] ? __switch_to+0x47/0xf50 [ 10.863476] ? __schedule+0x10cc/0x2b60 [ 10.863496] ? __pfx_read_tsc+0x10/0x10 [ 10.863518] krealloc_less_oob+0x1c/0x30 [ 10.863538] kunit_try_run_case+0x1a5/0x480 [ 10.863559] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.863580] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.863600] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.863621] ? __kthread_parkme+0x82/0x180 [ 10.863640] ? preempt_count_sub+0x50/0x80 [ 10.863661] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.863682] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.863703] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.863724] kthread+0x337/0x6f0 [ 10.863742] ? trace_preempt_on+0x20/0xc0 [ 10.863765] ? __pfx_kthread+0x10/0x10 [ 10.863784] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.863803] ? calculate_sigpending+0x7b/0xa0 [ 10.863825] ? __pfx_kthread+0x10/0x10 [ 10.863844] ret_from_fork+0x116/0x1d0 [ 10.863862] ? __pfx_kthread+0x10/0x10 [ 10.863881] ret_from_fork_asm+0x1a/0x30 [ 10.863908] </TASK> [ 10.863918] [ 10.874301] Allocated by task 184: [ 10.874428] kasan_save_stack+0x45/0x70 [ 10.874564] kasan_save_track+0x18/0x40 [ 10.874690] kasan_save_alloc_info+0x3b/0x50 [ 10.874867] __kasan_krealloc+0x190/0x1f0 [ 10.875108] krealloc_noprof+0xf3/0x340 [ 10.875310] krealloc_less_oob_helper+0x1aa/0x11d0 [ 10.875610] krealloc_less_oob+0x1c/0x30 [ 10.875739] kunit_try_run_case+0x1a5/0x480 [ 10.875873] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.876252] kthread+0x337/0x6f0 [ 10.876419] ret_from_fork+0x116/0x1d0 [ 10.876600] ret_from_fork_asm+0x1a/0x30 [ 10.876790] [ 10.876877] The buggy address belongs to the object at ffff88810037e800 [ 10.876877] which belongs to the cache kmalloc-256 of size 256 [ 10.877441] The buggy address is located 17 bytes to the right of [ 10.877441] allocated 201-byte region [ffff88810037e800, ffff88810037e8c9) [ 10.877941] [ 10.878005] The buggy address belongs to the physical page: [ 10.878219] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x10037e [ 10.878550] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.878781] flags: 0x200000000000040(head|node=0|zone=2) [ 10.878947] page_type: f5(slab) [ 10.879085] raw: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.879508] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.879826] head: 0200000000000040 ffff888100041b40 dead000000000122 0000000000000000 [ 10.880047] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.880348] head: 0200000000000001 ffffea000400df81 00000000ffffffff 00000000ffffffff [ 10.880686] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.881009] page dumped because: kasan: bad access detected [ 10.881333] [ 10.881403] Memory state around the buggy address: [ 10.881907] ffff88810037e780: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.882231] ffff88810037e800: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.882462] >ffff88810037e880: 00 00 00 00 00 00 00 00 00 01 fc fc fc fc fc fc [ 10.882667] ^ [ 10.882910] ffff88810037e900: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.883228] ffff88810037e980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.883525] ================================================================== [ 11.020948] ================================================================== [ 11.021311] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe90/0x11d0 [ 11.021674] Write of size 1 at addr ffff888102c460ea by task kunit_try_catch/188 [ 11.021894] [ 11.021971] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.022014] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.022024] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.022044] Call Trace: [ 11.022058] <TASK> [ 11.022072] dump_stack_lvl+0x73/0xb0 [ 11.022098] print_report+0xd1/0x650 [ 11.022119] ? __virt_addr_valid+0x1db/0x2d0 [ 11.022141] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.022163] ? kasan_addr_to_slab+0x11/0xa0 [ 11.022182] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.022217] kasan_report+0x141/0x180 [ 11.022237] ? krealloc_less_oob_helper+0xe90/0x11d0 [ 11.022264] __asan_report_store1_noabort+0x1b/0x30 [ 11.022287] krealloc_less_oob_helper+0xe90/0x11d0 [ 11.022311] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.022333] ? finish_task_switch.isra.0+0x153/0x700 [ 11.022354] ? __switch_to+0x47/0xf50 [ 11.022378] ? __schedule+0x10cc/0x2b60 [ 11.022398] ? __pfx_read_tsc+0x10/0x10 [ 11.022421] krealloc_large_less_oob+0x1c/0x30 [ 11.022443] kunit_try_run_case+0x1a5/0x480 [ 11.022466] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.022487] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.022508] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.022529] ? __kthread_parkme+0x82/0x180 [ 11.022548] ? preempt_count_sub+0x50/0x80 [ 11.022569] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.022592] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.022613] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.022635] kthread+0x337/0x6f0 [ 11.022654] ? trace_preempt_on+0x20/0xc0 [ 11.022675] ? __pfx_kthread+0x10/0x10 [ 11.022695] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.022714] ? calculate_sigpending+0x7b/0xa0 [ 11.022736] ? __pfx_kthread+0x10/0x10 [ 11.022757] ret_from_fork+0x116/0x1d0 [ 11.022774] ? __pfx_kthread+0x10/0x10 [ 11.022793] ret_from_fork_asm+0x1a/0x30 [ 11.022821] </TASK> [ 11.022831] [ 11.030451] The buggy address belongs to the physical page: [ 11.030712] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44 [ 11.031055] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.031503] flags: 0x200000000000040(head|node=0|zone=2) [ 11.031714] page_type: f8(unknown) [ 11.031846] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.032105] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.032732] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.033038] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.033280] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff [ 11.033505] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.033725] page dumped because: kasan: bad access detected [ 11.033927] [ 11.034010] Memory state around the buggy address: [ 11.034345] ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.035010] ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.035236] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.035444] ^ [ 11.035637] ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.035845] ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.036353] ================================================================== [ 11.005505] ================================================================== [ 11.005801] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xec6/0x11d0 [ 11.006101] Write of size 1 at addr ffff888102c460da by task kunit_try_catch/188 [ 11.006473] [ 11.006582] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.006626] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.006638] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.006658] Call Trace: [ 11.006672] <TASK> [ 11.006686] dump_stack_lvl+0x73/0xb0 [ 11.006712] print_report+0xd1/0x650 [ 11.006732] ? __virt_addr_valid+0x1db/0x2d0 [ 11.006753] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.006775] ? kasan_addr_to_slab+0x11/0xa0 [ 11.006794] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.006816] kasan_report+0x141/0x180 [ 11.006836] ? krealloc_less_oob_helper+0xec6/0x11d0 [ 11.006862] __asan_report_store1_noabort+0x1b/0x30 [ 11.006885] krealloc_less_oob_helper+0xec6/0x11d0 [ 11.006909] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.006932] ? finish_task_switch.isra.0+0x153/0x700 [ 11.006954] ? __switch_to+0x47/0xf50 [ 11.006978] ? __schedule+0x10cc/0x2b60 [ 11.006998] ? __pfx_read_tsc+0x10/0x10 [ 11.007021] krealloc_large_less_oob+0x1c/0x30 [ 11.007043] kunit_try_run_case+0x1a5/0x480 [ 11.007065] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.007086] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.007108] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.007128] ? __kthread_parkme+0x82/0x180 [ 11.007147] ? preempt_count_sub+0x50/0x80 [ 11.007192] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.007223] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.007245] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.007267] kthread+0x337/0x6f0 [ 11.007285] ? trace_preempt_on+0x20/0xc0 [ 11.007307] ? __pfx_kthread+0x10/0x10 [ 11.007326] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.007346] ? calculate_sigpending+0x7b/0xa0 [ 11.007368] ? __pfx_kthread+0x10/0x10 [ 11.007388] ret_from_fork+0x116/0x1d0 [ 11.007405] ? __pfx_kthread+0x10/0x10 [ 11.007476] ret_from_fork_asm+0x1a/0x30 [ 11.007507] </TASK> [ 11.007518] [ 11.014688] The buggy address belongs to the physical page: [ 11.014940] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44 [ 11.015313] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.015640] flags: 0x200000000000040(head|node=0|zone=2) [ 11.015881] page_type: f8(unknown) [ 11.016048] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.016346] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.016611] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.017046] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.017406] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff [ 11.017893] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.018175] page dumped because: kasan: bad access detected [ 11.018419] [ 11.018492] Memory state around the buggy address: [ 11.018820] ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.019090] ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.019322] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.019529] ^ [ 11.019709] ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.019916] ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.020565] ================================================================== [ 10.989762] ================================================================== [ 10.990107] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xe23/0x11d0 [ 10.990562] Write of size 1 at addr ffff888102c460d0 by task kunit_try_catch/188 [ 10.990849] [ 10.990935] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.990979] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.990990] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.991010] Call Trace: [ 10.991023] <TASK> [ 10.991037] dump_stack_lvl+0x73/0xb0 [ 10.991066] print_report+0xd1/0x650 [ 10.991087] ? __virt_addr_valid+0x1db/0x2d0 [ 10.991110] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.991132] ? kasan_addr_to_slab+0x11/0xa0 [ 10.991151] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.991173] kasan_report+0x141/0x180 [ 10.991193] ? krealloc_less_oob_helper+0xe23/0x11d0 [ 10.991232] __asan_report_store1_noabort+0x1b/0x30 [ 10.991255] krealloc_less_oob_helper+0xe23/0x11d0 [ 10.991279] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 10.991301] ? finish_task_switch.isra.0+0x153/0x700 [ 10.991323] ? __switch_to+0x47/0xf50 [ 10.991348] ? __schedule+0x10cc/0x2b60 [ 10.991368] ? __pfx_read_tsc+0x10/0x10 [ 10.991392] krealloc_large_less_oob+0x1c/0x30 [ 10.991413] kunit_try_run_case+0x1a5/0x480 [ 10.991437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.991457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.991479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.991500] ? __kthread_parkme+0x82/0x180 [ 10.991520] ? preempt_count_sub+0x50/0x80 [ 10.991541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.991563] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.991584] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.991605] kthread+0x337/0x6f0 [ 10.991624] ? trace_preempt_on+0x20/0xc0 [ 10.991646] ? __pfx_kthread+0x10/0x10 [ 10.991666] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.991685] ? calculate_sigpending+0x7b/0xa0 [ 10.991708] ? __pfx_kthread+0x10/0x10 [ 10.991728] ret_from_fork+0x116/0x1d0 [ 10.991745] ? __pfx_kthread+0x10/0x10 [ 10.991765] ret_from_fork_asm+0x1a/0x30 [ 10.991794] </TASK> [ 10.991804] [ 10.999329] The buggy address belongs to the physical page: [ 10.999567] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44 [ 10.999948] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.000229] flags: 0x200000000000040(head|node=0|zone=2) [ 11.000463] page_type: f8(unknown) [ 11.000852] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.001180] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.001557] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.001874] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.002165] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff [ 11.002457] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.002735] page dumped because: kasan: bad access detected [ 11.002926] [ 11.003014] Memory state around the buggy address: [ 11.003283] ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.003634] ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.003843] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.004053] ^ [ 11.004255] ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.004556] ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.004856] ================================================================== [ 11.037056] ================================================================== [ 11.037709] BUG: KASAN: slab-out-of-bounds in krealloc_less_oob_helper+0xd47/0x11d0 [ 11.038059] Write of size 1 at addr ffff888102c460eb by task kunit_try_catch/188 [ 11.038602] [ 11.038687] CPU: 0 UID: 0 PID: 188 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 11.038732] Tainted: [B]=BAD_PAGE, [N]=TEST [ 11.038744] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 11.038763] Call Trace: [ 11.038775] <TASK> [ 11.038789] dump_stack_lvl+0x73/0xb0 [ 11.038815] print_report+0xd1/0x650 [ 11.038835] ? __virt_addr_valid+0x1db/0x2d0 [ 11.038856] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.038878] ? kasan_addr_to_slab+0x11/0xa0 [ 11.038897] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.038919] kasan_report+0x141/0x180 [ 11.038939] ? krealloc_less_oob_helper+0xd47/0x11d0 [ 11.038965] __asan_report_store1_noabort+0x1b/0x30 [ 11.038988] krealloc_less_oob_helper+0xd47/0x11d0 [ 11.039012] ? __pfx_krealloc_less_oob_helper+0x10/0x10 [ 11.039034] ? finish_task_switch.isra.0+0x153/0x700 [ 11.039056] ? __switch_to+0x47/0xf50 [ 11.039079] ? __schedule+0x10cc/0x2b60 [ 11.039099] ? __pfx_read_tsc+0x10/0x10 [ 11.039122] krealloc_large_less_oob+0x1c/0x30 [ 11.039143] kunit_try_run_case+0x1a5/0x480 [ 11.039166] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.039187] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 11.039220] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 11.039241] ? __kthread_parkme+0x82/0x180 [ 11.039260] ? preempt_count_sub+0x50/0x80 [ 11.039281] ? __pfx_kunit_try_run_case+0x10/0x10 [ 11.039303] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 11.039324] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 11.039346] kthread+0x337/0x6f0 [ 11.039364] ? trace_preempt_on+0x20/0xc0 [ 11.039386] ? __pfx_kthread+0x10/0x10 [ 11.039406] ? _raw_spin_unlock_irq+0x47/0x80 [ 11.039425] ? calculate_sigpending+0x7b/0xa0 [ 11.039448] ? __pfx_kthread+0x10/0x10 [ 11.039468] ret_from_fork+0x116/0x1d0 [ 11.039486] ? __pfx_kthread+0x10/0x10 [ 11.039506] ret_from_fork_asm+0x1a/0x30 [ 11.039534] </TASK> [ 11.039544] [ 11.047052] The buggy address belongs to the physical page: [ 11.047394] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c44 [ 11.047771] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 11.048106] flags: 0x200000000000040(head|node=0|zone=2) [ 11.048347] page_type: f8(unknown) [ 11.048469] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.048695] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.048922] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 11.049154] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 11.049689] head: 0200000000000002 ffffea00040b1101 00000000ffffffff 00000000ffffffff [ 11.050193] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 11.050530] page dumped because: kasan: bad access detected [ 11.050733] [ 11.050795] Memory state around the buggy address: [ 11.050941] ffff888102c45f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.051151] ffff888102c46000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 11.051368] >ffff888102c46080: 00 00 00 00 00 00 00 00 00 01 fe fe fe fe fe fe [ 11.051793] ^ [ 11.052089] ffff888102c46100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.052408] ffff888102c46180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 11.052768] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-krealloc_more_oob_helper
[ 10.774425] ================================================================== [ 10.774792] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 10.775095] Write of size 1 at addr ffff888100a22af0 by task kunit_try_catch/182 [ 10.775562] [ 10.775706] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.775751] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.775763] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.775782] Call Trace: [ 10.775794] <TASK> [ 10.775808] dump_stack_lvl+0x73/0xb0 [ 10.775834] print_report+0xd1/0x650 [ 10.775854] ? __virt_addr_valid+0x1db/0x2d0 [ 10.775875] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.775896] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.775920] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.775942] kasan_report+0x141/0x180 [ 10.775963] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.775990] __asan_report_store1_noabort+0x1b/0x30 [ 10.776012] krealloc_more_oob_helper+0x7eb/0x930 [ 10.776032] ? __schedule+0x10cc/0x2b60 [ 10.776106] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.776143] ? finish_task_switch.isra.0+0x153/0x700 [ 10.776164] ? __switch_to+0x47/0xf50 [ 10.776187] ? __schedule+0x10cc/0x2b60 [ 10.776222] ? __pfx_read_tsc+0x10/0x10 [ 10.776245] krealloc_more_oob+0x1c/0x30 [ 10.776266] kunit_try_run_case+0x1a5/0x480 [ 10.776299] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.776319] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.776339] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.776360] ? __kthread_parkme+0x82/0x180 [ 10.776378] ? preempt_count_sub+0x50/0x80 [ 10.776399] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.776421] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.776442] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.776463] kthread+0x337/0x6f0 [ 10.776480] ? trace_preempt_on+0x20/0xc0 [ 10.776502] ? __pfx_kthread+0x10/0x10 [ 10.776521] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.776548] ? calculate_sigpending+0x7b/0xa0 [ 10.776640] ? __pfx_kthread+0x10/0x10 [ 10.776665] ret_from_fork+0x116/0x1d0 [ 10.776684] ? __pfx_kthread+0x10/0x10 [ 10.776703] ret_from_fork_asm+0x1a/0x30 [ 10.776731] </TASK> [ 10.776741] [ 10.789246] Allocated by task 182: [ 10.790014] kasan_save_stack+0x45/0x70 [ 10.790367] kasan_save_track+0x18/0x40 [ 10.790981] kasan_save_alloc_info+0x3b/0x50 [ 10.791390] __kasan_krealloc+0x190/0x1f0 [ 10.791811] krealloc_noprof+0xf3/0x340 [ 10.791994] krealloc_more_oob_helper+0x1a9/0x930 [ 10.792180] krealloc_more_oob+0x1c/0x30 [ 10.792347] kunit_try_run_case+0x1a5/0x480 [ 10.792985] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.793353] kthread+0x337/0x6f0 [ 10.793740] ret_from_fork+0x116/0x1d0 [ 10.794196] ret_from_fork_asm+0x1a/0x30 [ 10.794905] [ 10.795189] The buggy address belongs to the object at ffff888100a22a00 [ 10.795189] which belongs to the cache kmalloc-256 of size 256 [ 10.796074] The buggy address is located 5 bytes to the right of [ 10.796074] allocated 235-byte region [ffff888100a22a00, ffff888100a22aeb) [ 10.797008] [ 10.797102] The buggy address belongs to the physical page: [ 10.797659] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 10.798054] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.798626] anon flags: 0x200000000000040(head|node=0|zone=2) [ 10.799096] page_type: f5(slab) [ 10.799512] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 10.799960] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.800501] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 10.801120] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.801770] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 10.802179] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.802440] page dumped because: kasan: bad access detected [ 10.802900] [ 10.803053] Memory state around the buggy address: [ 10.803574] ffff888100a22980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.803831] ffff888100a22a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.804041] >ffff888100a22a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 10.804269] ^ [ 10.804585] ffff888100a22b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.804838] ffff888100a22b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.805356] ================================================================== [ 10.741756] ================================================================== [ 10.743265] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.743714] Write of size 1 at addr ffff888100a22aeb by task kunit_try_catch/182 [ 10.745263] [ 10.745357] CPU: 1 UID: 0 PID: 182 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.745629] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.745644] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.745702] Call Trace: [ 10.745715] <TASK> [ 10.745731] dump_stack_lvl+0x73/0xb0 [ 10.745760] print_report+0xd1/0x650 [ 10.745780] ? __virt_addr_valid+0x1db/0x2d0 [ 10.745801] ? krealloc_more_oob_helper+0x821/0x930 [ 10.745823] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.745847] ? krealloc_more_oob_helper+0x821/0x930 [ 10.745869] kasan_report+0x141/0x180 [ 10.745889] ? krealloc_more_oob_helper+0x821/0x930 [ 10.745915] __asan_report_store1_noabort+0x1b/0x30 [ 10.745938] krealloc_more_oob_helper+0x821/0x930 [ 10.745958] ? __schedule+0x10cc/0x2b60 [ 10.745978] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.746000] ? finish_task_switch.isra.0+0x153/0x700 [ 10.746021] ? __switch_to+0x47/0xf50 [ 10.746047] ? __schedule+0x10cc/0x2b60 [ 10.746066] ? __pfx_read_tsc+0x10/0x10 [ 10.746089] krealloc_more_oob+0x1c/0x30 [ 10.746109] kunit_try_run_case+0x1a5/0x480 [ 10.746131] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.746151] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.746192] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.746222] ? __kthread_parkme+0x82/0x180 [ 10.746242] ? preempt_count_sub+0x50/0x80 [ 10.746263] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.746285] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.746305] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.746327] kthread+0x337/0x6f0 [ 10.746345] ? trace_preempt_on+0x20/0xc0 [ 10.746367] ? __pfx_kthread+0x10/0x10 [ 10.746386] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.746405] ? calculate_sigpending+0x7b/0xa0 [ 10.746446] ? __pfx_kthread+0x10/0x10 [ 10.746465] ret_from_fork+0x116/0x1d0 [ 10.746482] ? __pfx_kthread+0x10/0x10 [ 10.746501] ret_from_fork_asm+0x1a/0x30 [ 10.746530] </TASK> [ 10.746541] [ 10.761085] Allocated by task 182: [ 10.761238] kasan_save_stack+0x45/0x70 [ 10.761373] kasan_save_track+0x18/0x40 [ 10.761510] kasan_save_alloc_info+0x3b/0x50 [ 10.761643] __kasan_krealloc+0x190/0x1f0 [ 10.761913] krealloc_noprof+0xf3/0x340 [ 10.762087] krealloc_more_oob_helper+0x1a9/0x930 [ 10.762408] krealloc_more_oob+0x1c/0x30 [ 10.762550] kunit_try_run_case+0x1a5/0x480 [ 10.762688] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.763134] kthread+0x337/0x6f0 [ 10.763355] ret_from_fork+0x116/0x1d0 [ 10.763534] ret_from_fork_asm+0x1a/0x30 [ 10.763708] [ 10.763770] The buggy address belongs to the object at ffff888100a22a00 [ 10.763770] which belongs to the cache kmalloc-256 of size 256 [ 10.764588] The buggy address is located 0 bytes to the right of [ 10.764588] allocated 235-byte region [ffff888100a22a00, ffff888100a22aeb) [ 10.765223] [ 10.765296] The buggy address belongs to the physical page: [ 10.765562] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x100a22 [ 10.765976] head: order:1 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.766361] anon flags: 0x200000000000040(head|node=0|zone=2) [ 10.766540] page_type: f5(slab) [ 10.766731] raw: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 10.767084] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.767541] head: 0200000000000040 ffff888100041b40 0000000000000000 dead000000000001 [ 10.767935] head: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.768331] head: 0200000000000001 ffffea0004028881 00000000ffffffff 00000000ffffffff [ 10.769115] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000002 [ 10.769879] page dumped because: kasan: bad access detected [ 10.770345] [ 10.770511] Memory state around the buggy address: [ 10.770859] ffff888100a22980: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.771064] ffff888100a22a00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.771612] >ffff888100a22a80: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fc fc [ 10.772250] ^ [ 10.772985] ffff888100a22b00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.773495] ffff888100a22b80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.773835] ================================================================== [ 10.955907] ================================================================== [ 10.956221] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x7eb/0x930 [ 10.956590] Write of size 1 at addr ffff888103ab60f0 by task kunit_try_catch/186 [ 10.956990] [ 10.957073] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.957117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.957129] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.957149] Call Trace: [ 10.957161] <TASK> [ 10.957174] dump_stack_lvl+0x73/0xb0 [ 10.957200] print_report+0xd1/0x650 [ 10.957233] ? __virt_addr_valid+0x1db/0x2d0 [ 10.957254] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.957276] ? kasan_addr_to_slab+0x11/0xa0 [ 10.957295] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.957316] kasan_report+0x141/0x180 [ 10.957337] ? krealloc_more_oob_helper+0x7eb/0x930 [ 10.957364] __asan_report_store1_noabort+0x1b/0x30 [ 10.957387] krealloc_more_oob_helper+0x7eb/0x930 [ 10.957407] ? __schedule+0x10cc/0x2b60 [ 10.957428] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.957450] ? finish_task_switch.isra.0+0x153/0x700 [ 10.957470] ? __switch_to+0x47/0xf50 [ 10.957494] ? __schedule+0x10cc/0x2b60 [ 10.957513] ? __pfx_read_tsc+0x10/0x10 [ 10.957536] krealloc_large_more_oob+0x1c/0x30 [ 10.957557] kunit_try_run_case+0x1a5/0x480 [ 10.957580] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957601] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.957622] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.957643] ? __kthread_parkme+0x82/0x180 [ 10.957662] ? preempt_count_sub+0x50/0x80 [ 10.957683] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.957706] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.957727] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.957748] kthread+0x337/0x6f0 [ 10.957766] ? trace_preempt_on+0x20/0xc0 [ 10.957788] ? __pfx_kthread+0x10/0x10 [ 10.957807] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.957826] ? calculate_sigpending+0x7b/0xa0 [ 10.957849] ? __pfx_kthread+0x10/0x10 [ 10.957869] ret_from_fork+0x116/0x1d0 [ 10.957887] ? __pfx_kthread+0x10/0x10 [ 10.957906] ret_from_fork_asm+0x1a/0x30 [ 10.957934] </TASK> [ 10.957944] [ 10.965823] The buggy address belongs to the physical page: [ 10.966054] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab4 [ 10.966423] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.966696] flags: 0x200000000000040(head|node=0|zone=2) [ 10.966940] page_type: f8(unknown) [ 10.967108] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.967481] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.967790] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.968078] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.968391] head: 0200000000000002 ffffea00040ead01 00000000ffffffff 00000000ffffffff [ 10.968864] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.969180] page dumped because: kasan: bad access detected [ 10.969368] [ 10.969430] Memory state around the buggy address: [ 10.969575] ffff888103ab5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.969782] ffff888103ab6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.970323] >ffff888103ab6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 10.970548] ^ [ 10.970745] ffff888103ab6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.970952] ffff888103ab6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.971159] ================================================================== [ 10.934618] ================================================================== [ 10.935054] BUG: KASAN: slab-out-of-bounds in krealloc_more_oob_helper+0x821/0x930 [ 10.935658] Write of size 1 at addr ffff888103ab60eb by task kunit_try_catch/186 [ 10.935963] [ 10.936070] CPU: 1 UID: 0 PID: 186 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.936117] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.936130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.936149] Call Trace: [ 10.936163] <TASK> [ 10.936179] dump_stack_lvl+0x73/0xb0 [ 10.936217] print_report+0xd1/0x650 [ 10.936238] ? __virt_addr_valid+0x1db/0x2d0 [ 10.936260] ? krealloc_more_oob_helper+0x821/0x930 [ 10.936283] ? kasan_addr_to_slab+0x11/0xa0 [ 10.936302] ? krealloc_more_oob_helper+0x821/0x930 [ 10.936324] kasan_report+0x141/0x180 [ 10.936344] ? krealloc_more_oob_helper+0x821/0x930 [ 10.936370] __asan_report_store1_noabort+0x1b/0x30 [ 10.936393] krealloc_more_oob_helper+0x821/0x930 [ 10.936414] ? __schedule+0x10cc/0x2b60 [ 10.936435] ? __pfx_krealloc_more_oob_helper+0x10/0x10 [ 10.936458] ? finish_task_switch.isra.0+0x153/0x700 [ 10.936479] ? __switch_to+0x47/0xf50 [ 10.936504] ? __schedule+0x10cc/0x2b60 [ 10.936523] ? __pfx_read_tsc+0x10/0x10 [ 10.936546] krealloc_large_more_oob+0x1c/0x30 [ 10.936567] kunit_try_run_case+0x1a5/0x480 [ 10.936589] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.936610] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.936631] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.936659] ? __kthread_parkme+0x82/0x180 [ 10.936678] ? preempt_count_sub+0x50/0x80 [ 10.936700] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.936723] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.936747] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.936769] kthread+0x337/0x6f0 [ 10.936789] ? trace_preempt_on+0x20/0xc0 [ 10.936811] ? __pfx_kthread+0x10/0x10 [ 10.936830] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.936849] ? calculate_sigpending+0x7b/0xa0 [ 10.936873] ? __pfx_kthread+0x10/0x10 [ 10.936893] ret_from_fork+0x116/0x1d0 [ 10.936910] ? __pfx_kthread+0x10/0x10 [ 10.936929] ret_from_fork_asm+0x1a/0x30 [ 10.936957] </TASK> [ 10.936968] [ 10.947171] The buggy address belongs to the physical page: [ 10.947550] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab4 [ 10.947878] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.948382] flags: 0x200000000000040(head|node=0|zone=2) [ 10.948747] page_type: f8(unknown) [ 10.949158] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.949660] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.950115] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.950742] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.951056] head: 0200000000000002 ffffea00040ead01 00000000ffffffff 00000000ffffffff [ 10.951550] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.951892] page dumped because: kasan: bad access detected [ 10.952266] [ 10.952360] Memory state around the buggy address: [ 10.952914] ffff888103ab5f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.953380] ffff888103ab6000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.954051] >ffff888103ab6080: 00 00 00 00 00 00 00 00 00 00 00 00 00 03 fe fe [ 10.954355] ^ [ 10.954750] ffff888103ab6100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.955047] ffff888103ab6180: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.955361] ==================================================================
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value
<8>[ 240.318044] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_12_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value
<8>[ 240.222617] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_10_value RESULT=fail>
Failure - kunit - drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value
<8>[ 240.126275] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_atomic_helper_connector_hdmi_reset_drm_test_check_bpc_8_value RESULT=fail>
Failure - kunit - drm_test_framebuffer_create_X0L2Normalsizes
<8>[ 234.446754] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_framebuffer_create_X0L2Normalsizes RESULT=fail>
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-page_alloc_uaf
[ 10.722722] ================================================================== [ 10.723339] BUG: KASAN: use-after-free in page_alloc_uaf+0x356/0x3d0 [ 10.723681] Read of size 1 at addr ffff888103ad0000 by task kunit_try_catch/180 [ 10.723977] [ 10.724072] CPU: 1 UID: 0 PID: 180 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.724118] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.724130] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.724150] Call Trace: [ 10.724161] <TASK> [ 10.724176] dump_stack_lvl+0x73/0xb0 [ 10.724203] print_report+0xd1/0x650 [ 10.724235] ? __virt_addr_valid+0x1db/0x2d0 [ 10.724257] ? page_alloc_uaf+0x356/0x3d0 [ 10.724277] ? kasan_addr_to_slab+0x11/0xa0 [ 10.724296] ? page_alloc_uaf+0x356/0x3d0 [ 10.724316] kasan_report+0x141/0x180 [ 10.724336] ? page_alloc_uaf+0x356/0x3d0 [ 10.724360] __asan_report_load1_noabort+0x18/0x20 [ 10.724383] page_alloc_uaf+0x356/0x3d0 [ 10.724403] ? __pfx_page_alloc_uaf+0x10/0x10 [ 10.724423] ? __schedule+0x10cc/0x2b60 [ 10.724443] ? __pfx_read_tsc+0x10/0x10 [ 10.724464] ? ktime_get_ts64+0x86/0x230 [ 10.724488] kunit_try_run_case+0x1a5/0x480 [ 10.724510] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.724531] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.724552] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.724573] ? __kthread_parkme+0x82/0x180 [ 10.724592] ? preempt_count_sub+0x50/0x80 [ 10.724614] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.724636] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.724660] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.724682] kthread+0x337/0x6f0 [ 10.724700] ? trace_preempt_on+0x20/0xc0 [ 10.724722] ? __pfx_kthread+0x10/0x10 [ 10.724741] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.724760] ? calculate_sigpending+0x7b/0xa0 [ 10.724782] ? __pfx_kthread+0x10/0x10 [ 10.724802] ret_from_fork+0x116/0x1d0 [ 10.724819] ? __pfx_kthread+0x10/0x10 [ 10.724838] ret_from_fork_asm+0x1a/0x30 [ 10.724867] </TASK> [ 10.724877] [ 10.731424] The buggy address belongs to the physical page: [ 10.731872] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ad0 [ 10.732171] flags: 0x200000000000000(node=0|zone=2) [ 10.732364] page_type: f0(buddy) [ 10.732526] raw: 0200000000000000 ffff88817fffd460 ffff88817fffd460 0000000000000000 [ 10.732864] raw: 0000000000000000 0000000000000004 00000000f0000000 0000000000000000 [ 10.733150] page dumped because: kasan: bad access detected [ 10.733357] [ 10.733443] Memory state around the buggy address: [ 10.733629] ffff888103acff00: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.734079] ffff888103acff80: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.734316] >ffff888103ad0000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.735005] ^ [ 10.735164] ffff888103ad0080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.735386] ffff888103ad0100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.735616] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-invalid-free-in-kfree
[ 10.691384] ================================================================== [ 10.692116] BUG: KASAN: invalid-free in kfree+0x274/0x3f0 [ 10.693055] Free of addr ffff888103ab0001 by task kunit_try_catch/176 [ 10.693749] [ 10.694079] CPU: 1 UID: 0 PID: 176 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.694131] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.694143] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.694163] Call Trace: [ 10.694295] <TASK> [ 10.694312] dump_stack_lvl+0x73/0xb0 [ 10.694343] print_report+0xd1/0x650 [ 10.694364] ? __virt_addr_valid+0x1db/0x2d0 [ 10.694386] ? kasan_addr_to_slab+0x11/0xa0 [ 10.694404] ? kfree+0x274/0x3f0 [ 10.694433] kasan_report_invalid_free+0x10a/0x130 [ 10.694455] ? kfree+0x274/0x3f0 [ 10.694476] ? kfree+0x274/0x3f0 [ 10.694495] __kasan_kfree_large+0x86/0xd0 [ 10.694515] free_large_kmalloc+0x52/0x110 [ 10.694536] kfree+0x274/0x3f0 [ 10.694559] kmalloc_large_invalid_free+0x120/0x2b0 [ 10.694580] ? __pfx_kmalloc_large_invalid_free+0x10/0x10 [ 10.694602] ? __schedule+0x10cc/0x2b60 [ 10.694622] ? __pfx_read_tsc+0x10/0x10 [ 10.694642] ? ktime_get_ts64+0x86/0x230 [ 10.694714] kunit_try_run_case+0x1a5/0x480 [ 10.694739] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.694759] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.694781] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.694801] ? __kthread_parkme+0x82/0x180 [ 10.694821] ? preempt_count_sub+0x50/0x80 [ 10.694843] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.694864] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.694885] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.694907] kthread+0x337/0x6f0 [ 10.694925] ? trace_preempt_on+0x20/0xc0 [ 10.694947] ? __pfx_kthread+0x10/0x10 [ 10.694966] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.694984] ? calculate_sigpending+0x7b/0xa0 [ 10.695007] ? __pfx_kthread+0x10/0x10 [ 10.695027] ret_from_fork+0x116/0x1d0 [ 10.695044] ? __pfx_kthread+0x10/0x10 [ 10.695063] ret_from_fork_asm+0x1a/0x30 [ 10.695092] </TASK> [ 10.695102] [ 10.707119] The buggy address belongs to the physical page: [ 10.707653] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab0 [ 10.708098] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.708628] flags: 0x200000000000040(head|node=0|zone=2) [ 10.709152] page_type: f8(unknown) [ 10.709536] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.709917] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.710142] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.710851] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.711659] head: 0200000000000002 ffffea00040eac01 00000000ffffffff 00000000ffffffff [ 10.712395] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.712922] page dumped because: kasan: bad access detected [ 10.713094] [ 10.713157] Memory state around the buggy address: [ 10.713365] ffff888103aaff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.713722] ffff888103aaff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.713986] >ffff888103ab0000: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.714383] ^ [ 10.714498] ffff888103ab0080: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.714738] ffff888103ab0100: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.715068] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-use-after-free-in-kmalloc_large_uaf
[ 10.668232] ================================================================== [ 10.668635] BUG: KASAN: use-after-free in kmalloc_large_uaf+0x2f1/0x340 [ 10.668861] Read of size 1 at addr ffff888102c40000 by task kunit_try_catch/174 [ 10.669081] [ 10.669160] CPU: 0 UID: 0 PID: 174 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.669217] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.669229] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.669249] Call Trace: [ 10.669262] <TASK> [ 10.669278] dump_stack_lvl+0x73/0xb0 [ 10.669303] print_report+0xd1/0x650 [ 10.669323] ? __virt_addr_valid+0x1db/0x2d0 [ 10.669344] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.669362] ? kasan_addr_to_slab+0x11/0xa0 [ 10.669382] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.669401] kasan_report+0x141/0x180 [ 10.669422] ? kmalloc_large_uaf+0x2f1/0x340 [ 10.669445] __asan_report_load1_noabort+0x18/0x20 [ 10.669467] kmalloc_large_uaf+0x2f1/0x340 [ 10.669486] ? __pfx_kmalloc_large_uaf+0x10/0x10 [ 10.669506] ? __schedule+0x10cc/0x2b60 [ 10.669526] ? __pfx_read_tsc+0x10/0x10 [ 10.669546] ? ktime_get_ts64+0x86/0x230 [ 10.669570] kunit_try_run_case+0x1a5/0x480 [ 10.669592] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.669613] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.669633] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.669654] ? __kthread_parkme+0x82/0x180 [ 10.669673] ? preempt_count_sub+0x50/0x80 [ 10.669697] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.669719] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.669739] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.669760] kthread+0x337/0x6f0 [ 10.669778] ? trace_preempt_on+0x20/0xc0 [ 10.669801] ? __pfx_kthread+0x10/0x10 [ 10.669819] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.669838] ? calculate_sigpending+0x7b/0xa0 [ 10.669861] ? __pfx_kthread+0x10/0x10 [ 10.669880] ret_from_fork+0x116/0x1d0 [ 10.669897] ? __pfx_kthread+0x10/0x10 [ 10.669916] ret_from_fork_asm+0x1a/0x30 [ 10.669945] </TASK> [ 10.669955] [ 10.680237] The buggy address belongs to the physical page: [ 10.680978] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x102c40 [ 10.681817] flags: 0x200000000000000(node=0|zone=2) [ 10.682335] raw: 0200000000000000 ffffea00040b1108 ffff888154639fc0 0000000000000000 [ 10.683106] raw: 0000000000000000 0000000000000000 00000000ffffffff 0000000000000000 [ 10.683901] page dumped because: kasan: bad access detected [ 10.684538] [ 10.684703] Memory state around the buggy address: [ 10.685163] ffff888102c3ff00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.685921] ffff888102c3ff80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.686606] >ffff888102c40000: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.687151] ^ [ 10.687447] ffff888102c40080: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.688058] ffff888102c40100: ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff ff [ 10.688548] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_large_oob_right
[ 10.638220] ================================================================== [ 10.639298] BUG: KASAN: slab-out-of-bounds in kmalloc_large_oob_right+0x2e9/0x330 [ 10.639982] Write of size 1 at addr ffff888103ab200a by task kunit_try_catch/172 [ 10.640837] [ 10.641148] CPU: 1 UID: 0 PID: 172 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.641223] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.641236] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.641258] Call Trace: [ 10.641270] <TASK> [ 10.641287] dump_stack_lvl+0x73/0xb0 [ 10.641319] print_report+0xd1/0x650 [ 10.641340] ? __virt_addr_valid+0x1db/0x2d0 [ 10.641363] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.641383] ? kasan_addr_to_slab+0x11/0xa0 [ 10.641402] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.641422] kasan_report+0x141/0x180 [ 10.641442] ? kmalloc_large_oob_right+0x2e9/0x330 [ 10.641467] __asan_report_store1_noabort+0x1b/0x30 [ 10.641490] kmalloc_large_oob_right+0x2e9/0x330 [ 10.641510] ? __pfx_kmalloc_large_oob_right+0x10/0x10 [ 10.641531] ? __schedule+0x10cc/0x2b60 [ 10.641552] ? __pfx_read_tsc+0x10/0x10 [ 10.641573] ? ktime_get_ts64+0x86/0x230 [ 10.641598] kunit_try_run_case+0x1a5/0x480 [ 10.641622] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.641642] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.641664] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.641685] ? __kthread_parkme+0x82/0x180 [ 10.641705] ? preempt_count_sub+0x50/0x80 [ 10.641728] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.641750] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.641772] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.641793] kthread+0x337/0x6f0 [ 10.641811] ? trace_preempt_on+0x20/0xc0 [ 10.641835] ? __pfx_kthread+0x10/0x10 [ 10.641855] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.641884] ? calculate_sigpending+0x7b/0xa0 [ 10.641908] ? __pfx_kthread+0x10/0x10 [ 10.641928] ret_from_fork+0x116/0x1d0 [ 10.641956] ? __pfx_kthread+0x10/0x10 [ 10.641975] ret_from_fork_asm+0x1a/0x30 [ 10.642005] </TASK> [ 10.642015] [ 10.655728] The buggy address belongs to the physical page: [ 10.656295] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x103ab0 [ 10.656710] head: order:2 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.657368] flags: 0x200000000000040(head|node=0|zone=2) [ 10.657942] page_type: f8(unknown) [ 10.658172] raw: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.658743] raw: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.658996] head: 0200000000000040 0000000000000000 dead000000000122 0000000000000000 [ 10.659264] head: 0000000000000000 0000000000000000 00000000f8000000 0000000000000000 [ 10.659556] head: 0200000000000002 ffffea00040eac01 00000000ffffffff 00000000ffffffff [ 10.660264] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000004 [ 10.661066] page dumped because: kasan: bad access detected [ 10.661630] [ 10.661789] Memory state around the buggy address: [ 10.662121] ffff888103ab1f00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.662689] ffff888103ab1f80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.663330] >ffff888103ab2000: 00 02 fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.663747] ^ [ 10.663869] ffff888103ab2080: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.664078] ffff888103ab2100: fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe fe [ 10.664340] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_big_oob_right
[ 10.614110] ================================================================== [ 10.614851] BUG: KASAN: slab-out-of-bounds in kmalloc_big_oob_right+0x316/0x370 [ 10.615168] Write of size 1 at addr ffff8881038e9f00 by task kunit_try_catch/170 [ 10.615879] [ 10.615989] CPU: 0 UID: 0 PID: 170 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.616037] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.616049] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.616070] Call Trace: [ 10.616082] <TASK> [ 10.616098] dump_stack_lvl+0x73/0xb0 [ 10.616124] print_report+0xd1/0x650 [ 10.616145] ? __virt_addr_valid+0x1db/0x2d0 [ 10.616166] ? kmalloc_big_oob_right+0x316/0x370 [ 10.616186] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.616221] ? kmalloc_big_oob_right+0x316/0x370 [ 10.616242] kasan_report+0x141/0x180 [ 10.616261] ? kmalloc_big_oob_right+0x316/0x370 [ 10.616286] __asan_report_store1_noabort+0x1b/0x30 [ 10.616308] kmalloc_big_oob_right+0x316/0x370 [ 10.616328] ? __pfx_kmalloc_big_oob_right+0x10/0x10 [ 10.616349] ? __schedule+0x10cc/0x2b60 [ 10.616370] ? __pfx_read_tsc+0x10/0x10 [ 10.616390] ? ktime_get_ts64+0x86/0x230 [ 10.616414] kunit_try_run_case+0x1a5/0x480 [ 10.616437] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.616457] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.616479] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.616499] ? __kthread_parkme+0x82/0x180 [ 10.616519] ? preempt_count_sub+0x50/0x80 [ 10.616541] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.616562] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.616583] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.616604] kthread+0x337/0x6f0 [ 10.616622] ? trace_preempt_on+0x20/0xc0 [ 10.616644] ? __pfx_kthread+0x10/0x10 [ 10.616668] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.616687] ? calculate_sigpending+0x7b/0xa0 [ 10.616710] ? __pfx_kthread+0x10/0x10 [ 10.616730] ret_from_fork+0x116/0x1d0 [ 10.616747] ? __pfx_kthread+0x10/0x10 [ 10.616766] ret_from_fork_asm+0x1a/0x30 [ 10.616794] </TASK> [ 10.616804] [ 10.623996] Allocated by task 170: [ 10.624163] kasan_save_stack+0x45/0x70 [ 10.624382] kasan_save_track+0x18/0x40 [ 10.624506] kasan_save_alloc_info+0x3b/0x50 [ 10.624639] __kasan_kmalloc+0xb7/0xc0 [ 10.624760] __kmalloc_cache_noprof+0x189/0x420 [ 10.624962] kmalloc_big_oob_right+0xa9/0x370 [ 10.625165] kunit_try_run_case+0x1a5/0x480 [ 10.625440] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.625809] kthread+0x337/0x6f0 [ 10.625983] ret_from_fork+0x116/0x1d0 [ 10.626157] ret_from_fork_asm+0x1a/0x30 [ 10.626361] [ 10.626446] The buggy address belongs to the object at ffff8881038e8000 [ 10.626446] which belongs to the cache kmalloc-8k of size 8192 [ 10.626872] The buggy address is located 0 bytes to the right of [ 10.626872] allocated 7936-byte region [ffff8881038e8000, ffff8881038e9f00) [ 10.627469] [ 10.627555] The buggy address belongs to the physical page: [ 10.627794] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x1038e8 [ 10.628167] head: order:3 mapcount:0 entire_mapcount:0 nr_pages_mapped:0 pincount:0 [ 10.628518] flags: 0x200000000000040(head|node=0|zone=2) [ 10.628825] page_type: f5(slab) [ 10.628969] raw: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.629343] raw: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.629709] head: 0200000000000040 ffff888100042280 dead000000000122 0000000000000000 [ 10.630018] head: 0000000000000000 0000000080020002 00000000f5000000 0000000000000000 [ 10.630397] head: 0200000000000003 ffffea00040e3a01 00000000ffffffff 00000000ffffffff [ 10.630726] head: ffffffffffffffff 0000000000000000 00000000ffffffff 0000000000000008 [ 10.631045] page dumped because: kasan: bad access detected [ 10.631345] [ 10.631430] Memory state around the buggy address: [ 10.631652] ffff8881038e9e00: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.631955] ffff8881038e9e80: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 [ 10.633041] >ffff8881038e9f00: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.633775] ^ [ 10.633900] ffff8881038e9f80: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.634423] ffff8881038ea000: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.634810] ==================================================================
Failure - log-parser-boot - kasan-bug-kasan-slab-out-of-bounds-in-kmalloc_track_caller_oob_right
[ 10.586329] ================================================================== [ 10.586768] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.587110] Write of size 1 at addr ffff888101add678 by task kunit_try_catch/168 [ 10.587570] [ 10.587672] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.587718] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.587729] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.587750] Call Trace: [ 10.587762] <TASK> [ 10.587778] dump_stack_lvl+0x73/0xb0 [ 10.587805] print_report+0xd1/0x650 [ 10.587826] ? __virt_addr_valid+0x1db/0x2d0 [ 10.587848] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.587870] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.587894] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.587917] kasan_report+0x141/0x180 [ 10.587937] ? kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.588150] __asan_report_store1_noabort+0x1b/0x30 [ 10.588173] kmalloc_track_caller_oob_right+0x4b1/0x520 [ 10.588196] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.588231] ? __schedule+0x10cc/0x2b60 [ 10.588252] ? __pfx_read_tsc+0x10/0x10 [ 10.588272] ? ktime_get_ts64+0x86/0x230 [ 10.588296] kunit_try_run_case+0x1a5/0x480 [ 10.588318] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.588339] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.588360] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.588381] ? __kthread_parkme+0x82/0x180 [ 10.588400] ? preempt_count_sub+0x50/0x80 [ 10.588422] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.588444] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.588465] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.588486] kthread+0x337/0x6f0 [ 10.588504] ? trace_preempt_on+0x20/0xc0 [ 10.588526] ? __pfx_kthread+0x10/0x10 [ 10.588546] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.588565] ? calculate_sigpending+0x7b/0xa0 [ 10.588588] ? __pfx_kthread+0x10/0x10 [ 10.588607] ret_from_fork+0x116/0x1d0 [ 10.588625] ? __pfx_kthread+0x10/0x10 [ 10.588644] ret_from_fork_asm+0x1a/0x30 [ 10.588676] </TASK> [ 10.588686] [ 10.598650] Allocated by task 168: [ 10.598796] kasan_save_stack+0x45/0x70 [ 10.599147] kasan_save_track+0x18/0x40 [ 10.599432] kasan_save_alloc_info+0x3b/0x50 [ 10.599887] __kasan_kmalloc+0xb7/0xc0 [ 10.600128] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.600513] kmalloc_track_caller_oob_right+0x19a/0x520 [ 10.600717] kunit_try_run_case+0x1a5/0x480 [ 10.600920] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.601140] kthread+0x337/0x6f0 [ 10.601323] ret_from_fork+0x116/0x1d0 [ 10.601483] ret_from_fork_asm+0x1a/0x30 [ 10.601679] [ 10.601754] The buggy address belongs to the object at ffff888101add600 [ 10.601754] which belongs to the cache kmalloc-128 of size 128 [ 10.602867] The buggy address is located 0 bytes to the right of [ 10.602867] allocated 120-byte region [ffff888101add600, ffff888101add678) [ 10.603481] [ 10.603749] The buggy address belongs to the physical page: [ 10.603990] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 10.604582] flags: 0x200000000000000(node=0|zone=2) [ 10.604766] page_type: f5(slab) [ 10.605058] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.605418] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.605952] page dumped because: kasan: bad access detected [ 10.606177] [ 10.606281] Memory state around the buggy address: [ 10.606904] ffff888101add500: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.607170] ffff888101add580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.607645] >ffff888101add600: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.607956] ^ [ 10.608259] ffff888101add680: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.608547] ffff888101add700: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.608839] ================================================================== [ 10.562310] ================================================================== [ 10.562852] BUG: KASAN: slab-out-of-bounds in kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.563186] Write of size 1 at addr ffff888101add578 by task kunit_try_catch/168 [ 10.563496] [ 10.563685] CPU: 0 UID: 0 PID: 168 Comm: kunit_try_catch Tainted: G B N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 10.563733] Tainted: [B]=BAD_PAGE, [N]=TEST [ 10.563745] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 10.563766] Call Trace: [ 10.563778] <TASK> [ 10.563794] dump_stack_lvl+0x73/0xb0 [ 10.563823] print_report+0xd1/0x650 [ 10.563843] ? __virt_addr_valid+0x1db/0x2d0 [ 10.563866] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.563888] ? kasan_complete_mode_report_info+0x2a/0x200 [ 10.563912] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.563935] kasan_report+0x141/0x180 [ 10.563954] ? kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.563982] __asan_report_store1_noabort+0x1b/0x30 [ 10.564004] kmalloc_track_caller_oob_right+0x4c8/0x520 [ 10.564027] ? __pfx_kmalloc_track_caller_oob_right+0x10/0x10 [ 10.564051] ? __schedule+0x10cc/0x2b60 [ 10.564072] ? __pfx_read_tsc+0x10/0x10 [ 10.564093] ? ktime_get_ts64+0x86/0x230 [ 10.564117] kunit_try_run_case+0x1a5/0x480 [ 10.564141] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.564161] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 10.564183] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 10.564216] ? __kthread_parkme+0x82/0x180 [ 10.564237] ? preempt_count_sub+0x50/0x80 [ 10.564259] ? __pfx_kunit_try_run_case+0x10/0x10 [ 10.564280] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.564301] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 10.564322] kthread+0x337/0x6f0 [ 10.564340] ? trace_preempt_on+0x20/0xc0 [ 10.564363] ? __pfx_kthread+0x10/0x10 [ 10.564383] ? _raw_spin_unlock_irq+0x47/0x80 [ 10.564402] ? calculate_sigpending+0x7b/0xa0 [ 10.564425] ? __pfx_kthread+0x10/0x10 [ 10.564445] ret_from_fork+0x116/0x1d0 [ 10.564462] ? __pfx_kthread+0x10/0x10 [ 10.564481] ret_from_fork_asm+0x1a/0x30 [ 10.564510] </TASK> [ 10.564520] [ 10.574236] Allocated by task 168: [ 10.574375] kasan_save_stack+0x45/0x70 [ 10.574557] kasan_save_track+0x18/0x40 [ 10.574739] kasan_save_alloc_info+0x3b/0x50 [ 10.574925] __kasan_kmalloc+0xb7/0xc0 [ 10.575096] __kmalloc_node_track_caller_noprof+0x1cb/0x500 [ 10.575911] kmalloc_track_caller_oob_right+0x99/0x520 [ 10.576101] kunit_try_run_case+0x1a5/0x480 [ 10.576427] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 10.576951] kthread+0x337/0x6f0 [ 10.577094] ret_from_fork+0x116/0x1d0 [ 10.577322] ret_from_fork_asm+0x1a/0x30 [ 10.577749] [ 10.577961] The buggy address belongs to the object at ffff888101add500 [ 10.577961] which belongs to the cache kmalloc-128 of size 128 [ 10.578683] The buggy address is located 0 bytes to the right of [ 10.578683] allocated 120-byte region [ffff888101add500, ffff888101add578) [ 10.579586] [ 10.579769] The buggy address belongs to the physical page: [ 10.580016] page: refcount:0 mapcount:0 mapping:0000000000000000 index:0x0 pfn:0x101add [ 10.580498] flags: 0x200000000000000(node=0|zone=2) [ 10.580830] page_type: f5(slab) [ 10.580966] raw: 0200000000000000 ffff888100041a00 dead000000000122 0000000000000000 [ 10.581502] raw: 0000000000000000 0000000080100010 00000000f5000000 0000000000000000 [ 10.581935] page dumped because: kasan: bad access detected [ 10.582183] [ 10.582409] Memory state around the buggy address: [ 10.582659] ffff888101add400: fa fb fb fb fb fb fb fb fb fb fb fb fb fb fb fb [ 10.583068] ffff888101add480: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.583725] >ffff888101add500: 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 fc [ 10.584022] ^ [ 10.584565] ffff888101add580: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.584938] ffff888101add600: fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc fc [ 10.585253] ==================================================================
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog10
------------[ cut here ]------------ [ 106.729244] WARNING: lib/math/int_log.c:120 at intlog10+0x2a/0x40, CPU#1: kunit_try_catch/682 [ 106.729989] Modules linked in: [ 106.730230] CPU: 1 UID: 0 PID: 682 Comm: kunit_try_catch Tainted: G B D W N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 106.730809] Tainted: [B]=BAD_PAGE, [D]=DIE, [W]=WARN, [N]=TEST [ 106.731152] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.731682] RIP: 0010:intlog10+0x2a/0x40 [ 106.731918] Code: f3 0f 1e fa 0f 1f 44 00 00 85 ff 74 1c 55 48 89 e5 e8 ca fe ff ff 5d 89 c0 48 69 c0 a1 26 88 26 48 c1 e8 1f c3 cc cc cc cc 90 <0f> 0b 90 31 c0 c3 cc cc cc cc 66 2e 0f 1f 84 00 00 00 00 00 66 90 [ 106.732788] RSP: 0000:ffff88810bc3fcb0 EFLAGS: 00010246 [ 106.733041] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021787fb4 [ 106.733333] RDX: 1ffffffff0c52ef0 RSI: 1ffff11021787fb3 RDI: 0000000000000000 [ 106.733658] RBP: ffff88810bc3fd60 R08: 0000000000000000 R09: ffffed10204c5ac0 [ 106.734034] R10: ffff88810262d607 R11: 0000000000000000 R12: 1ffff11021787f97 [ 106.734351] R13: ffffffff86297780 R14: 0000000000000000 R15: ffff88810bc3fd38 [ 106.734790] FS: 0000000000000000(0000) GS:ffff8881cc367000(0000) knlGS:0000000000000000 [ 106.735110] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.735362] CR2: ffff888153efcfe0 CR3: 00000001660bc000 CR4: 00000000000006f0 [ 106.736079] DR0: ffffffff8845d440 DR1: ffffffff8845d441 DR2: ffffffff8845d443 [ 106.736425] DR3: ffffffff8845d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 106.736760] Call Trace: [ 106.736879] <TASK> [ 106.736984] ? intlog10_test+0xf2/0x220 [ 106.737255] ? __pfx_intlog10_test+0x10/0x10 [ 106.737433] ? __schedule+0x10cc/0x2b60 [ 106.737692] ? __pfx_read_tsc+0x10/0x10 [ 106.737828] ? ktime_get_ts64+0x86/0x230 [ 106.737993] kunit_try_run_case+0x1a5/0x480 [ 106.738307] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.738991] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 106.739302] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 106.740239] ? __kthread_parkme+0x82/0x180 [ 106.740532] ? preempt_count_sub+0x50/0x80 [ 106.740725] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.740941] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 106.741150] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 106.741457] kthread+0x337/0x6f0 [ 106.741704] ? trace_preempt_on+0x20/0xc0 [ 106.741906] ? __pfx_kthread+0x10/0x10 [ 106.742071] ? _raw_spin_unlock_irq+0x47/0x80 [ 106.742273] ? calculate_sigpending+0x7b/0xa0 [ 106.742564] ? __pfx_kthread+0x10/0x10 [ 106.742725] ret_from_fork+0x116/0x1d0 [ 106.742910] ? __pfx_kthread+0x10/0x10 [ 106.743087] ret_from_fork_asm+0x1a/0x30 [ 106.743354] </TASK> [ 106.743440] ---[ end trace 0000000000000000 ]---
Failure - log-parser-boot - exception-warning-libmathint_log-at-intlog2
------------[ cut here ]------------ [ 106.686774] WARNING: lib/math/int_log.c:63 at intlog2+0xdf/0x110, CPU#1: kunit_try_catch/664 [ 106.688227] Modules linked in: [ 106.688782] CPU: 1 UID: 0 PID: 664 Comm: kunit_try_catch Tainted: G B D N 6.16.0-rc2-next-20250618 #1 PREEMPT(voluntary) [ 106.689951] Tainted: [B]=BAD_PAGE, [D]=DIE, [N]=TEST [ 106.690373] Hardware name: QEMU Standard PC (Q35 + ICH9, 2009), BIOS 1.16.3-debian-1.16.3-2 04/01/2014 [ 106.691317] RIP: 0010:intlog2+0xdf/0x110 [ 106.691714] Code: 29 86 c1 e0 18 48 83 c4 08 89 d1 c1 e2 08 29 cb 01 d0 0f b7 db 41 0f af dc c1 eb 0f 01 d8 5b 41 5c 41 5d 5d e9 d2 c5 88 02 90 <0f> 0b 90 31 c0 e9 c7 c5 88 02 89 45 e4 e8 df 06 56 ff 8b 45 e4 eb [ 106.692547] RSP: 0000:ffff88810bb47cb0 EFLAGS: 00010246 [ 106.693116] RAX: 0000000000000000 RBX: ffff88810039fae8 RCX: 1ffff11021768fb4 [ 106.694070] RDX: 1ffffffff0c52f44 RSI: 1ffff11021768fb3 RDI: 0000000000000000 [ 106.694886] RBP: ffff88810bb47d60 R08: 0000000000000000 R09: ffffed1020582fa0 [ 106.695544] R10: ffff888102c17d07 R11: 0000000000000000 R12: 1ffff11021768f97 [ 106.695927] R13: ffffffff86297a20 R14: 0000000000000000 R15: ffff88810bb47d38 [ 106.696135] FS: 0000000000000000(0000) GS:ffff8881cc367000(0000) knlGS:0000000000000000 [ 106.696373] CS: 0010 DS: 0000 ES: 0000 CR0: 0000000080050033 [ 106.697106] CR2: ffff888153efcfe0 CR3: 00000001660bc000 CR4: 00000000000006f0 [ 106.697757] DR0: ffffffff8845d440 DR1: ffffffff8845d441 DR2: ffffffff8845d443 [ 106.698484] DR3: ffffffff8845d445 DR6: 00000000ffff0ff0 DR7: 0000000000000600 [ 106.699050] Call Trace: [ 106.699293] <TASK> [ 106.699685] ? intlog2_test+0xf2/0x220 [ 106.700189] ? __pfx_intlog2_test+0x10/0x10 [ 106.700675] ? __schedule+0x10cc/0x2b60 [ 106.701103] ? __pfx_read_tsc+0x10/0x10 [ 106.701265] ? ktime_get_ts64+0x86/0x230 [ 106.701408] kunit_try_run_case+0x1a5/0x480 [ 106.701599] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.701752] ? _raw_spin_lock_irqsave+0xa1/0x100 [ 106.701902] ? _raw_spin_unlock_irqrestore+0x5f/0x90 [ 106.702063] ? __kthread_parkme+0x82/0x180 [ 106.702243] ? preempt_count_sub+0x50/0x80 [ 106.702435] ? __pfx_kunit_try_run_case+0x10/0x10 [ 106.702605] kunit_generic_run_threadfn_adapter+0x85/0xf0 [ 106.702907] ? __pfx_kunit_generic_run_threadfn_adapter+0x10/0x10 [ 106.703093] kthread+0x337/0x6f0 [ 106.703220] ? trace_preempt_on+0x20/0xc0 [ 106.703436] ? __pfx_kthread+0x10/0x10 [ 106.703614] ? _raw_spin_unlock_irq+0x47/0x80 [ 106.703835] ? calculate_sigpending+0x7b/0xa0 [ 106.703976] ? __pfx_kthread+0x10/0x10 [ 106.704207] ret_from_fork+0x116/0x1d0 [ 106.704401] ? __pfx_kthread+0x10/0x10 [ 106.704626] ret_from_fork_asm+0x1a/0x30 [ 106.704840] </TASK> [ 106.705003] ---[ end trace 0000000000000000 ]---
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_drm_connector_helper_tv_get_modes
<8>[ 244.895801] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_drm_connector_helper_tv_get_modes RESULT=fail>
Failure - kunit - drm_test_connector_helper_tv_get_modes_check_drm_test_connector_helper_tv_get_modes_check
<8>[ 244.799749] <LAVA_SIGNAL_TESTCASE TEST_CASE_ID=drm_test_connector_helper_tv_get_modes_check_drm_test_connector_helper_tv_get_modes_check RESULT=fail>